Join us for a FREE training session on “Risk-based-Thinking in ISO 9001” on Oct 28, 2020 | 5:30 PM – 8:00 PM EST. Visit our News & Events page to Register!




An Overview of ISO 45001:2018

ISO 45001 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.

ISO 45001 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.

What is Documented Information?

The “documented information” is defined as the information required to be controlled and maintained by an organization and the medium on which it is contained. The example of documented information can be a record, specification, procedure, drawing, report, standard, etc.

The term “document” is defined as information created in order for the organization to operate e.g. procedures, instructions, specifications, guidelines, and criteria, etc. The term “record” is defined as a document that provides evidence of results achieved or activities performed e.g. evidence of training, operational control, corrective action, internal audit, and management review activities, etc. A set of documented information, for example, specifications and records, is frequently called “documentation”.

ISO 45001:2018 uses a standardized term “documented information” to refer to both documents and records. ISO 45001 uses the term “retain documented information” to describe a record (e.g. retain the results of corrective actions) and “maintain documented information” to describe a document (e.g. maintain the scope of OH&S Management System). The document is live information and needs to be updated as required while a record is a history of an event, activity, or action.

Clause 7.5 of ISO 45001:2018 describes the requirements of the documented information. Documented information can be in any format and media and from any source. The medium can be paper, magnetic, electronic or optical computer disc, photograph or master sample, or combination thereof.

What is the minimum documented information required by the ISO 45001:2018?

Every organization has to produce the minimum documented information required by ISO 45001 standard to demonstrate the conformance to the standard requirements. All the requirements of minimum documented information listed below might not be applicable to every organization depending on its operations and activities and shall be listed as an exclusion in the scope statement of the OH&S management system.



How to determine the requirement for ISO 45001 Documentation?

Clause 7.5 of ISO 45001 describes the requirements for documented information. To demonstrate the conformance to the requirements of ISO 45001, an organization may need to produce more documents and records than the minimum required by the standard because according to the Clause 7.5, the organization’s OH&S Management System (OHSMS) shall include:

  1. documented information required by ISO 45001 (as listed above)
  2. documented information determined by the organization as being necessary for the effectiveness of OH&S Management System e.g. policies, procedures, instructions, guidelines, and relevant records other than the minimum required. It is quite common that for an effective OH&S management system, organizations establish procedures for hazard identification, risk assessment, compliance obligations, corrective actions, control of documented information and operational control, etc.

The extent of documented information for ISO 45001 may differ from one organization to another due to:

  • the size of the organization and its type of activities, processes, products, and services
  • the complexity of processes and their interactions
  • the competence of persons

The rule of thumb for an organization is to use a risk-based approach to determine the requirement for documented information other than the minimum documented information e.g. an organization may decide that due to lack of documented procedures and work instructions, there might be a risk of workplace accidents. The organizations also establish procedures and other documented information to establish controls as a result of a risk assessment or to address a nonconformity. provides ISO registration/certification services in Canada and 50 other countries for the number of ISO Standards including but limited to ISO 9001, ISO 14001, ISO 45001, ISO 27001 and ISO 22301, etc. The auditors of G-Certi ensure that your organization is conforming to the requirements of ISO 45001. Please feel free to visit and contact one of our representatives for a complimentary pre-assessment to ensure that your organization is ready for ISO 45001 registration/certification.