What Is the Hierarchy of Controls in ISO 45001?

Understanding the Hierarchy of Controls in ISO 45001

If you are working through an ISO 45001 implementation or preparing for certification, one concept will come up again and again: the hierarchy of controls. It sits at the heart of the standard's approach to managing occupational health and safety risks, and auditors will want to see evidence that you understand it and apply it in practice.

The hierarchy of controls is not a new idea invented by ISO. It has been used in occupational health and safety practice for decades, and it appears in legislation across Australia, including the model Work Health and Safety laws published by Safe Work Australia. What ISO 45001 does is formalise this hierarchy into a management system framework so that organisations apply it consistently, document their decisions, and continually improve their approach over time.

This article breaks down what the hierarchy of controls is, how each level works in practice, what ISO 45001 specifically requires, and the common mistakes businesses make when implementing it.

What Is the Hierarchy of Controls?

The hierarchy of controls is a structured approach to managing workplace hazards. It ranks control measures from most effective to least effective, and the principle is straightforward: you should always try to use the most effective control available before defaulting to less effective ones.

ISO 45001 addresses the hierarchy of controls in Clause 8.1.2, which sits within the operational planning and control section of the standard. The standard lists five levels of control, which must be considered in order. They are elimination, substitution, engineering controls, administrative controls, and personal protective equipment.

Think of it as a priority list. The controls at the top remove or reduce the hazard at the source. The controls at the bottom protect the worker from the hazard but do nothing to reduce the hazard itself. A business that jumps straight to handing out safety vests and hard hats without first asking whether the hazard can be removed entirely is not applying the hierarchy correctly, and an auditor will pick this up.

The Five Levels Explained

Level 1: Elimination

Elimination is the most effective control because it completely removes the hazard from the workplace. If the hazard does not exist, no one can be harmed by it. This is the gold standard, and ISO 45001 requires you to consider it first before moving down the hierarchy.

In practice, elimination is not always possible, but it is more achievable than many businesses assume. A construction company that redesigns a task so that work is done at ground level rather than at height has eliminated the fall hazard entirely. A manufacturer that removes a chemical from its process has eliminated the exposure risk. A logistics business that automates a manual lifting task has eliminated the manual handling hazard.

The key question to ask at this level is: can we design out this hazard completely? If the answer is yes, that is where your effort should go. If the answer is genuinely no, you move to the next level and document why elimination was not practicable.

Level 2: Substitution

Substitution means replacing something hazardous with something less hazardous. The hazard is not removed entirely, but the risk is significantly reduced by using a safer alternative.

Common examples include replacing a toxic solvent with a water-based alternative, swapping heavy equipment for lighter tools to reduce manual handling injuries, or using a less dangerous chemical compound that achieves the same result. In construction, substituting a noisier piece of equipment with a quieter model reduces noise-induced hearing loss risk without eliminating the task altogether.

Substitution requires careful evaluation. The replacement must genuinely reduce the risk rather than simply shifting it. Replacing one chemical with another that carries different but equally serious hazards is not effective substitution. Your risk assessment process needs to confirm that the substituted item or method is measurably safer.

Level 3: Engineering Controls

Engineering controls are physical changes to the workplace, equipment, or process that reduce exposure to a hazard. They do not remove the hazard, but they put a physical barrier or mechanism between the worker and the source of harm.

Examples include machine guarding, local exhaust ventilation systems, noise enclosures, interlocks that prevent machinery from operating when guards are removed, and ergonomic workstation designs that reduce strain. In an office environment, engineering controls might include standing desk options or monitor risers to reduce musculoskeletal risk.

Engineering controls are generally reliable because they do not depend on worker behaviour. Once a guard is installed correctly, it works regardless of whether the worker remembers to use it. This is why they sit above administrative controls and PPE in the hierarchy.

Level 4: Administrative Controls

Administrative controls are policies, procedures, training, and work practices designed to reduce exposure to hazards. They do not change the physical environment but instead change how people work within it.

Examples include job rotation to limit exposure time, permit-to-work systems, safe work procedures, training programs, warning signs, and supervision arrangements. Limiting the number of hours a worker spends in a noisy environment is an administrative control. So is requiring two people to perform a task that would be unsafe for one person alone.

The limitation of administrative controls is that they rely on people doing the right thing consistently. Procedures get ignored, training gets forgotten, and supervision has gaps. This does not mean administrative controls are worthless, but it does mean they should not be your primary line of defence for high-severity hazards. ISO 45001 expects you to understand this distinction.

Level 5: Personal Protective Equipment

Personal protective equipment, commonly known as PPE, sits at the bottom of the hierarchy because it is the least effective control measure. PPE does not reduce the hazard at all. It simply provides a barrier between the worker and the hazard, and its effectiveness depends entirely on the worker wearing it correctly every time.

PPE includes items such as hard hats, safety glasses, hearing protection, gloves, respirators, high-visibility clothing, and safety footwear. It has an important role in the overall control framework, particularly as a supplementary measure alongside higher-level controls, but it should never be the primary or only control for a serious hazard.

One of the most common findings in ISO 45001 audits is organisations relying on PPE as their main control when higher-level controls were practicable but not implemented. If an auditor asks why workers are wearing respirators for a chemical exposure and the answer is simply “we provide respirators,” without evidence that elimination, substitution, or engineering controls were genuinely considered and ruled out, that is a problem.

How ISO 45001 Requires You to Apply the Hierarchy

ISO 45001 does not just mention the hierarchy of controls in passing. It integrates it into several key requirements across the standard.

Hazard Identification and Risk Assessment

Under Clause 6.1, the standard requires you to identify hazards, assess the associated risks, and determine appropriate controls. The hierarchy is the framework you use to determine those controls. Your risk assessment process should document not just what control you selected, but why you selected it at that level of the hierarchy and what higher-level controls were considered.

This is important for audit evidence. An auditor reviewing your risk register should be able to see the thinking behind each control decision. If every hazard in your register has PPE as the only control, that will raise questions.

Operational Planning and Control

Clause 8.1.2 is where the hierarchy is explicitly referenced. The standard requires that when you plan and implement controls for your OH&S risks, you do so by following the hierarchy in order. You must also consider how different control measures interact with each other, and you must review controls when changes occur in the workplace.

This clause also connects to the management of change process. When your business introduces new equipment, processes, or materials, you need to re-evaluate hazards and apply the hierarchy to any new risks that emerge.

Worker Participation

One aspect of ISO 45001 that sets it apart from earlier approaches is its strong emphasis on worker participation. Clause 5.4 requires that workers are actively involved in hazard identification, risk assessment, and the selection of controls. Workers on the floor often have the best insight into what controls are practical and effective. Involving them in the process also increases buy-in and compliance.

If you want practical guidance on getting your workforce involved in this process, the article on how to get worker participation in ISO 45001 implementation covers this in detail.

Common Mistakes Businesses Make With the Hierarchy of Controls

Treating PPE as the Default Answer

This is by far the most common mistake. PPE is visible, tangible, and easy to implement. It feels like doing something. But if you are issuing respirators instead of fixing ventilation, or handing out ear plugs instead of addressing the noise source, you are not applying the hierarchy. You are managing symptoms rather than causes.

Failing to Document the Reasoning

Even when businesses apply the hierarchy correctly, they often fail to document why they chose a particular level of control. If an auditor asks why elimination was not applied to a particular hazard, “it was not practical” is not sufficient on its own. You need to show what was considered, what alternatives were evaluated, and why the chosen control was the highest practicable option.

Applying Controls in Isolation

The hierarchy does not mean you can only use one level of control. In most situations, you will use a combination. The point is that you should always implement the highest practicable control first, and then add lower-level controls as supplementary measures. A noisy machine might have an enclosure as an engineering control, a restricted access procedure as an administrative control, and hearing protection as a supplementary PPE measure. All three together are appropriate. Hearing protection alone is not.

Not Reviewing Controls After Changes

Controls that were appropriate when a process was first designed may become inadequate as the workplace changes. New equipment, different chemicals, changed work patterns, or increased production volumes can all alter the risk profile. ISO 45001 requires you to review and update controls as part of your management of change process, and this is an area where many businesses fall short at surveillance audits.

Connecting the Hierarchy to Your Broader ISO 45001 System

The hierarchy of controls does not operate in isolation. It connects directly to your hazard register, your risk assessment methodology, your operational procedures, your training program, and your internal audit schedule. If any of these elements are weak, the hierarchy will not be applied effectively in practice.

For businesses that are new to ISO 45001, it helps to understand the broader structure of the standard before focusing on individual requirements. The beginner's guide to implementing ISO 45001 provides a solid foundation for understanding how the standard fits together as a whole.

It is also worth noting that the hierarchy of controls aligns closely with risk management principles that appear across other ISO standards. If your business already holds ISO 9001 or ISO 14001, you will find that the risk-based thinking approach carries across, even though the specific application in ISO 45001 is more detailed and operationally focused.

Practical Tips for Implementing the Hierarchy Effectively

Here are some practical steps that will help you embed the hierarchy of controls into your day-to-day safety management rather than treating it as a compliance exercise.

• Build the hierarchy into your hazard identification template. When workers or managers identify a hazard, the form they complete should walk them through each level of the hierarchy in order. This makes the thinking process systematic rather than ad hoc.
• Train your supervisors, not just your workers. Supervisors are the ones making day-to-day decisions about how work is done. If they understand the hierarchy and know how to apply it, the quality of control decisions improves significantly.
• Review your existing risk register with fresh eyes. Go through your current controls and ask honestly whether higher-level controls were genuinely considered for each hazard. You may find opportunities to improve controls that were set up years ago without proper evaluation.
• Use incident investigations to test your controls. When a near miss or injury occurs, the hierarchy is a useful diagnostic tool. Work backwards from the event to identify which level of control failed or was absent, and what higher-level control might have prevented the outcome.
• Include the hierarchy in management reviews. Your periodic management review should include a discussion of whether current controls are at the highest practicable level, not just whether incidents have occurred.

For businesses preparing for their first ISO 45001 audit, understanding what auditors specifically look for when reviewing your safety documentation is also important. The article on the top benefits of ISO 45001 gives useful context on why this investment in proper control selection pays off beyond just passing an audit.

The Hierarchy of Controls and Australian Work Health and Safety Law

For Australian businesses, the hierarchy of controls is not just an ISO requirement. It is embedded in the model Work Health and Safety Regulations, which have been adopted in most Australian states and territories. This means that applying the hierarchy correctly under ISO 45001 also supports your legal compliance obligations, which is a significant practical benefit.

Regulators such as SafeWork NSW, WorkSafe Victoria, and their counterparts in other states use the hierarchy as a benchmark when investigating incidents and issuing improvement notices. A business that can demonstrate a systematic, documented approach to working through the hierarchy will generally be in a much stronger position during a regulatory investigation than one that relied primarily on PPE and training.

This alignment between ISO 45001 and Australian WHS law is one of the reasons the standard has been widely adopted across industries including construction, mining, manufacturing, healthcare, and logistics. If you are wondering whether ISO 45001 certification is mandatory for your industry, the article on whether ISO 45001 certification is mandatory in Australia covers this question in depth.

Getting Help With ISO 45001 Implementation

Implementing the hierarchy of controls properly takes time and expertise. Getting the risk assessment methodology right, building it into your operational procedures, training your team, and preparing the documentation that auditors expect is a significant undertaking, particularly for businesses doing this for the first time.

Many businesses find it valuable to work with an experienced ISO 45001 consultant who can guide them through the process, review their existing controls against the hierarchy, and help them avoid the common gaps that lead to nonconformances at audit. The challenge is finding a consultant who genuinely understands occupational health and safety in practice, not just the paperwork requirements of the standard.

If you are at the stage of looking for qualified help, CertBetter makes this straightforward. You submit one form describing your business and what you need, and you receive up to three competing quotes from verified ISO 45001 consultants and accredited certification bodies. The service is free for businesses, and it saves a significant amount of time compared to searching for and vetting providers individually. It is a practical starting point if you want to move forward without the guesswork.