ISO 45001 Consulting

Get ISO 45001 Certified — With Expert Support From Gap Analysis to Audit Day

Our ISO 45001 consulting services help organisations across Europe build effective occupational health and safety management systems and achieve certification. We handle the complexity so you can focus on running your business.

Workplace Safety Isn't Just a Legal Obligation — It's an Operational Risk You Can't Afford to Leave Unmanaged

Every year, over 3,200 people die in workplace accidents across the European Union. Nearly three million more suffer non-fatal injuries serious enough to keep them off work for four days or longer. Behind those numbers sit real costs: lost productivity, regulatory enforcement, compensation claims, insurance premiums, reputational damage, and the operational disruption that follows every serious incident.

EU member states enforce occupational health and safety requirements through national legislation transposing the EU Framework Directive on Safety and Health at Work (89/391/EEC). Employers are legally obligated to assess risks, implement preventive measures, and maintain safe working conditions. The specifics vary by jurisdiction, but the obligation is universal — and regulators across Europe are increasing both the frequency and the consequences of non-compliance.

542,527
ISO 45001 certificates issued globally
941,546
Sites certified worldwide

ISO 45001 provides the framework to manage these risks systematically — not through reactive measures after an incident, but by building a documented, auditable safety and health management system that identifies hazards, controls risks, and demonstrates due diligence to regulators, clients, and insurers.

What ISO 45001 Actually Is (And What Changed From OHSAS 18001)

ISO 45001 is the international standard for Occupational Health and Safety Management Systems (OH&S MS). Published by the International Organisation for Standardisation in 2018 — referred to as ISO 45001:2018 — it replaced the previous OHSAS 18001 standard, with a transition deadline of September 2021. The transition is now complete: OHSAS 18001 certificates are no longer valid, and ISO 45001 is the sole internationally recognised OH&S management system standard.

The shift from OHSAS 18001 to ISO 45001 was not cosmetic. OHSAS 18001 focused primarily on hazard control and compliance with OH&S regulations. ISO 45001 takes a broader, risk-based approach that embeds occupational health and safety into the organisation's strategic management. It requires leadership accountability, worker participation at all levels, and explicit consideration of the organisation's context — including supply chain pressures, contractor relationships, and the expectations of interested parties beyond regulators.

ISO 45001 follows the Annex SL High-Level Structure shared by ISO 9001 (Quality), ISO 14001 (Environmental), and other major ISO management system standards. This structural alignment makes integration straightforward — organisations holding or pursuing multiple certifications can operate a single integrated management system rather than maintaining parallel documentation.

The standard is structured around seven interconnected clauses (Clauses 4–10) that define the requirements for an effective OH&S management system:

Context of the organisation (Clause 4) — understanding the internal and external factors that affect OH&S performance, including the needs and expectations of workers, regulators, clients, insurers, and other interested parties.

Leadership and worker participation (Clause 5) — requiring top management to demonstrate active commitment to OH&S, allocate resources, define roles and responsibilities, and ensure that workers at all levels are consulted and participate in hazard identification and risk assessment.

Planning (Clause 6) — a systematic process for identifying hazards, assessing OH&S risks and opportunities, establishing measurable objectives, and developing action plans to achieve them. This is where the standard's risk-based approach is most visible.

Support (Clause 7) — ensuring the organisation provides competent personnel, adequate training and awareness programmes, clear communication channels, and controlled documented information.

Operation (Clause 8) — implementing the controls, procedures, and processes needed to eliminate hazards and reduce OH&S risks, including management of change, procurement, contractor management, and emergency preparedness and response.

Performance evaluation (Clause 9) — monitoring, measuring, and analysing OH&S performance through internal audits, compliance evaluations, and management reviews that assess whether the system is achieving its intended outcomes.

Improvement (Clause 10) — managing incidents, nonconformities, and corrective actions to identify root causes and prevent recurrence, driving continual improvement of the OH&S management system.

An ISO 45001 certificate is issued by an accredited, independent certification body after a two-stage audit. The certificate is valid for three years, subject to annual surveillance audits.

What ISO 45001 Certification Actually Gets You

Demonstrable reduction in workplace incidents and associated costs.

A functioning OH&S management system identifies hazards before they cause harm and embeds controls into daily operations rather than relying on individual vigilance. The result is fewer incidents, fewer lost working days, lower compensation and insurance costs, and less operational disruption. This is not a theoretical benefit — it is the primary reason organisations pursue certification and the metric by which the system's value is measured.

Stronger legal and regulatory defensibility.

EU occupational health and safety law requires employers to assess risks and implement preventive measures. ISO 45001 provides a structured, documented framework for meeting those obligations. In the event of an incident, investigation, or regulatory inspection, a certified OH&S management system demonstrates that your organisation has exercised due diligence — that risks were identified, assessed, controlled, and monitored through a systematic process, not addressed ad hoc.

Qualification for contracts and supply chains that require OH&S certification.

Large organisations — particularly in construction, manufacturing, energy, and logistics — increasingly require ISO 45001 certification from their contractors and suppliers as a condition of doing business. Public procurement frameworks in several EU member states include OH&S management system requirements. Without certification, you may be excluded from tenders and supply chains where safety performance is a qualifying criterion.

Improved employee engagement and retention.

Workers who see a genuine, systematic investment in their safety — not just posters and toolbox talks — respond with higher engagement, lower absenteeism, and greater willingness to report hazards and near-misses. ISO 45001's requirement for worker consultation and participation at all levels reinforces this dynamic. In sectors where skilled labour is scarce, a demonstrable safety culture is a tangible recruitment advantage.

More favourable insurance terms.

Insurers assess risk. A certified OH&S management system provides documented evidence of hazard identification, risk control, incident investigation, and continual improvement — all of which reduce the insurer's exposure. Many organisations find that the insurance premium reductions alone offset a meaningful portion of the certification cost.

A foundation that integrates with ISO 9001, ISO 14001, and other management systems.

ISO 45001, ISO 9001, and ISO 14001 share the same High-Level Structure. If you already hold one or both of those certifications, much of your management system infrastructure — internal audit programme, document control, management review, corrective action procedures — already exists. The gap analysis focuses on the OH&S-specific requirements. HEIC consults on all three standards and can plan and deliver an integrated approach from the outset.

A Practical Path From Your Current Position to a Certified OH&S Management System

Every organisation starts from a different position. Some already have elements of an OH&S system in place — risk assessments, safe work procedures, incident records, or documentation inherited from an OHSAS 18001 programme. Others are building from scratch. We meet you where you are and guide you through a structured certification process that reaches the outcome without unnecessary complexity.

Phase 1 — Scoping and Gap Analysis

We begin by understanding your operations: the sectors you work in, the hazards your workforce is exposed to, the sites and activities in scope, and any existing OH&S documentation you hold. We then conduct a structured gap analysis, mapping your current position against ISO 45001:2018 requirements and identifying what is missing, incomplete, or not yet implemented.

What you get:
A written gap analysis report with a prioritised action planA realistic timeline for the certification processA clear picture of what the certification process involves for your specific organisation and operational scope

Phase 2 — Context Review and OH&S MS Design

ISO 45001 requirements do not exist in isolation from your regulatory and operational environment. We review the applicable legal requirements — national OH&S legislation, sector-specific regulations, and client or supply chain obligations — and map them against the standard's requirements. From this, we design an OH&S management system architecture that satisfies ISO 45001 while remaining coherent with your legal obligations and operational reality.

What you get:
An OH&S MS design blueprintA risk assessment methodology and hazard identification frameworkA legal compliance mapping specific to your organisation and scope

Phase 3 — Implementation and Documentation

With the design confirmed, we work with your team to implement the controls, procedures, and monitoring processes required by the standard. We develop OH&S policies, risk assessment procedures, safe work instructions, incident investigation protocols, emergency preparedness plans, and management review frameworks that reflect how your organisation actually operates — not generic templates that will not survive scrutiny in a real audit.

What you get:
A fully documented OH&S management systemMandatory procedures, hazard registers, and risk assessmentsOperational controls, emergency response plans, worker consultation records, and performance monitoring processes

Phase 4 — Internal Audit and Certification Preparation

Before external auditors arrive, we conduct a full internal audit — reviewing your OH&S MS against ISO 45001:2018 with the same rigour your certification body will apply. We identify any remaining gaps, help you close them, and prepare your team for the Stage 1 documentation review and Stage 2 implementation audit that follow.

What you get:
An internal audit reportA corrective action plan for any findingsA management review confirming the OH&S MS is ready for external certification

25 Years of Management System Experience, With a Record to Show for It

We have supported over 500 organisations across Europe through management system certification. That number reflects a consistent, structured process that gets clients to certification without unnecessary rework or repeat audits.

  • Proven certification track record. We have supported over 500 organisations across Europe through management system certification. That number reflects a consistent, structured process that gets clients to certification without unnecessary rework or repeat audits.
  • Zero major nonconformities. Our clients go into certification audits prepared. When we say a system is ready, we mean it has been reviewed against the standard with the same rigour an external auditor applies — not simply checked against a template. Our track record of zero major nonconformities at certification audits is the result.
  • Practical systems built for your operations, not generic templates. ISO 45001 documentation must reflect your actual hazards, your actual processes, and your actual workforce. The OH&S management system we build for you is designed to be maintainable after we leave, understandable to your safety team, and defensible in front of both a certification auditor and a regulatory inspector.
  • Legal and regulatory context, not just standard requirements. OH&S legislation varies across EU member states. We work with the full regulatory picture — mapping ISO 45001 requirements against applicable national legislation, sector-specific obligations, and client or supply chain requirements — so your management system satisfies both the certification auditor and the regulator.
  • Multi-standard capability. HEIC consults on ISO 45001, ISO 9001, ISO 14001, ISO 27001, ISO 50001, and ISO 13485, among others. If you hold or are pursuing multiple standards, we can plan and deliver that work as a single coordinated engagement, reducing cost, documentation duplication, and the burden on your team.
500+
Certifications Delivered
25+
Years of Experience
0
Major Nonconformities at Audit

Frequently Asked Questions About ISO 45001 Certification

The timeline depends on the size of your organisation, the number of sites in scope, the complexity of your operations, and how much is already documented. For most organisations, the full journey from gap analysis to certification audit runs between four and ten months. We provide a project timeline at the outset of each engagement so you know what to expect.

The total cost has two parts: consulting fees for the gap analysis, OH&S MS design, implementation support, and audit preparation, and the certification audit fee charged by the certification body you choose. Both vary with organisation size, number of sites, and operational complexity. We provide a scoped cost estimate after an initial assessment — there is no single figure that applies to all organisations.

OHSAS 18001 was a British standard focused on hazard control and compliance. ISO 45001 is an international standard that takes a broader approach — it requires leadership accountability, worker participation at all levels, consideration of the organisation's strategic context, and integration of OH&S into core business processes. It also follows the Annex SL High-Level Structure, making integration with ISO 9001 and ISO 14001 significantly easier. OHSAS 18001 certificates expired in September 2021 and are no longer valid.

ISO 45001 certification is not itself a legal requirement in any EU member state. However, EU and national OH&S legislation requires employers to assess risks, implement preventive measures, and maintain safe working conditions. ISO 45001 provides the most widely recognised framework for meeting those obligations systematically. In practice, certification is increasingly required by clients, supply chains, public procurement frameworks, and insurers — making it a de facto requirement in many sectors.

Yes, and for many organisations this is the most efficient approach. ISO 45001, ISO 9001, and ISO 14001 share the same High-Level Structure (Annex SL). If you already hold either certification, a significant portion of your management system infrastructure — internal audit programme, document control, management review, corrective action procedures — already exists. The gap analysis focuses on the OH&S-specific requirements that ISO 9001 and ISO 14001 do not address. We can scope and deliver the ISO 45001 work as an extension of your existing system rather than a parallel build.

Any organisation with employees faces occupational health and safety risks, but the standard is particularly relevant in sectors with higher hazard profiles: construction, manufacturing, energy, mining, logistics, warehousing, and facilities management. That said, ISO 45001 is designed to scale — a professional services firm with office-based workers will implement a leaner, simpler system than a heavy manufacturing operation, and the standard accommodates both.

The certification audit is conducted in two stages by an accredited, independent certification body. Stage 1 is a documentation review — the auditor assesses whether your OH&S MS documentation meets ISO 45001 requirements and is ready for the implementation audit. Stage 2 is the implementation audit — the auditor visits your site(s), interviews staff, reviews records, and verifies that the system is implemented and effective in practice. If no major nonconformities are found, the certificate is issued. If issues are identified, you typically have 90 days to resolve them before a follow-up visit.

Three years. During that period, you will undergo annual surveillance audits — shorter reviews to confirm the OH&S MS is being maintained and improved. At the end of the three years, a full recertification audit is required to renew the certificate.

Ready to Build an OH&S Management System That Protects Your Workforce and Stands Up to Scrutiny?

Whether you are pursuing ISO 45001 certification for the first time, transitioning from a legacy OHSAS 18001 system, or integrating occupational health and safety with an existing ISO 9001 or ISO 14001 programme, we can help you get there. Speak to one of our consultants about your situation. We will tell you honestly where you stand, what the certification journey looks like for your organisation, and how long it will realistically take.

  • A clear project timeline based on your size and starting point
  • Practical, tailored advice — not a one-size-fits-all approach
  • An honest assessment of costs, effort, and what to expect from auditors
  • No obligation — just a conversation about your options
Speak to an Expert

Speak to an Expert

We'll get back to you within one business day.

We respect your privacy. No spam, ever.