OHSAS 18001

Occupational Health and Safety Management System

Health and Safety


  1. Introduction
  2. Overview
  3. Global adoption
  4. Benefits
  5. Auditing
  6. Choosing a registrar
  7. Route to registration
  8. Costs
  9. Contributing editor


OHSAS 18001 is a requirement standard that is finding wide application throughout the world (about 55,000 organizations were certified in 2009). The drafting Committee on the OHSAS Project Group represented national standards bodies, regulators, safety practitioners and certification bodies from around the world including the USA, South America, Europe, Malaysia, Japan, Indonesia and China. A number of countries have formally adopted it, such as the UK, as a national standard (BSOHSAS 18001) because it reflects the management principles used in the country for occupational health and safety and is consistent with the way organizations manage their risks.

The BS Committee consisting of HSE, CIEH, TUC, IOSH, BSC, RoSPA, ABI and many industrial Trade Associations including the Federation of Small Businesses were consistent with HSG65 and advanced the management approach to occupational health and safety.

All the documents follow the Plan Do Check Approach (PDCA) as used in ISO 14001 on environmental management which is in line with the EU requirement given in the Framework Directive of 1989 – hazard identification, risk assessment and control of risks that are unacceptable without some preventive measure being applied. The risk based approach has been adopted in many countries throughout the world.


OHSAS 18001 represents an international consensus on what organizations should manage with respect to occupational health and safety, no matter where they are in the world or what sector they operate in. It focuses equally on occupational ill-health as much as safety as it recognises that increasingly, occupational ill-health is becoming an equally significant cause of human misery and cost to organizations, society and the economy of the country.

It recognises that most countries in the world have laws and regulations in place that must be complied with and the standard must take this into account and not conflict with these requirements. It adopts the risk based approach of identifying what harm could occur and the likelihood of such an event or events happening. The organization is required to control all those that are of concern by establishing a management system to continually improved performance. The suite of standards is:

  • OHSAS 18001:2007 Occupational health and safety management systems – Requirements
  • OHSAS 18002: 2008 Occupational health and safety management systems - Guidelines for the implementation of OHSAS 18001:2007
  • BS 18004: 2008 Guide to achieving effective occupational health and safety performance
  • PAS1010: 2011 Guidance on the management of psychosocial risks in the workplace

Requirement standards such as OHSAS 18001 are fairly short and identify what must be in place – the clauses of the document use the term “shall” whereas the international support document OHSAS18002, talks in terms of “should” giving guidance on how the requirement in OHSAS 18001 might be met.

In the UK, BS 18004 (which replaced BS8800) offers good practice guidance for organizations that wish to do more than the minimum and be more in line with good UK organizations. It provides additional guidance on occupational health, worker involvement, emergency preparedness etc. The recently issued PAS 1010 reflects the growing concern of stress in the workplace.

The UK government agency (HSE) document HSG65 is widely used around the world is currently being refreshed with a PDCA approach that has much similarity with OHSAS 18001.

Is OHSAS 18001 relevant to your organization?

OHSAS18001 is suitable for all organizations looking to improve the way  occupational health and safety is operated and managed, regardless of what sector. In general, it is not permitted to limit the scope of application or to limit which areas should be left out. It is not possible to exclude contractors or visitors. It has been adopted in 116 countries and over 40 sectors.

In addition, OHSAS 18001 is closely aligned to other management system standards such as ISO 14001 (Environmental) and the quality management system standard ISO 9001, following the Plan Do Check Act approach. The framework is very closely aligned to ISO 14001 allowing integration or alignment with common parts of the arrangements (see IMS and PAS 99).

Global adoption

The OHSAS Project Group Survey of Certifications in 2009, showed there were about 55,000 organizations registered which reflects a 70% increase over the figures recorded in 2007.


  • Implementing an Occupational Health and Safety Management System can motivate staff as it shows commitment to their welfare – employees then can feel greater commitment to the organization.
  • The reduction in injury to workers is of benefit to both employees and employers.
  • Cost savings can be made through reduced business interruptions and absenteeism and greater motivation,
  • Customers take confidence when seeing organizations managing occupational health and safety as they are more confident that there will be no business interruptions and regulatory action against their supplier.
  • Reduction in insurance premiums can be obtained by improved risk management and improved performance


OHSAS 18001 requires the organization to carry out internal audits in order to determine whether the system is working in the manner required to deliver the policy and objectives. It is an opportunity to test the system and identify opportunities for both improving the system and OHS performance.  External auditing by and accredited certification body offers the benefit of external experts assessing the system and independently verifying the system is operating effectively.

Choosing a registrar

There are over 1000 certification bodies globally. It is important to select an approved certification body and to ensure they comply with the following criteria:

  • Ensure the company is accredited to ISO/IEC 17021:2006, and the certification body accreditation is issued by a recognised competent body.
  • Receive quotations from several certification bodies.
  • Do not select the cheapest as their auditing or service may be below standard.
  • Ensure the certification body is recognised by your customers and they relevant sector experience for your industry sector.

It is important to only use reputable certification bodies and that the Accreditation Body is recognized by the International Accreditation Forum, IAF.

Route to registration

There are various phases to registration:

  1. Pre-audit Assessment
    • Check documentation with Lead Assessor
      Together, you and your Lead Assessor will review your documentation. This will ensure that all documented procedures cover the requirements of OHSAS 18001:2007.
    • Determine date of assessment
      Together with your Lead Assessor you will determine the best timetable for your registration and agree on a date for initial assessment. Many organizations benefit from our pre-assessment "dry run" of the formal assessment.
  2. Initial Assessment conducted
    • An initial assessment will be conducted by your auditor. You will be informed of his recommendation at the closing meeting.
  3. Registration Confirmation
    Following your auditors recommendation, your registration will be confirmed by the technical reviewers.
    • Certificate Issued
      Your certificate of registration will arrive soon after your registration has been confirmed.
  4. Continued Assessment
    After registration your nominated auditor will visit your organization every 6 months or annually to ensure that your management system continues to meet the requirements of OHSAS 18001:2007.
  5. Reassessment
    Your registrar is required to perform a reassessment of your management system every 3 years. This is normally 2/3 of the initial assessment duration at the end of the closing meeting your auditor will confirm the outcome of the reassessment.


The answer depends on a number of factors. There are costs to both implement and to maintain your certification.

Implementation Costs

In terms of costs to implement, if you choose a full do-it-yourself approach, the only real costs will be the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 9000, or have limited internal resources, you might choose to get some outside professional help through a management system consultant. There are advantages by recruiting a consultant as you are able to guarantee your registration within a given period.

Certification Costs

Costs of registration are dependent on the size of your organization. Most registrars charge a certain rate per day to be on-site at your facility. This day rate will vary depending on your country, the typical day rate in the United Kingdom will vary between £300 and £800 per auditor day depending on the registrar. Small companies with less than 20 staff could expect one auditor on site for 1-3 days; Large companies can expect several auditors on site for up to up to 10-15 days.

Other fees include application fees, certificate fees or annual licence fees. To maintain your certification, the Registrar must return annually to audit a portion of your system. These costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system.

Contributing editor

David A Smith

David A Smith, co-author of BSI publication “Managing Safety the Systems Way”.  Chair of BSI Committee on occupational health and safety management systems and UK representative at CEN Strategic Advisory Board on OHS. David is a Director of IMS Risk Solutions Limited which provides lead and internal auditor training and consultancy to organizations in many countries throughout the world on risk management, governance, integrated management, OHSAS 18001, 14001 and 9001. Has jointly developed with ACT an e-distance learning course for internal auditors on OHSAS 18001.

Find a Standard

Find a Consultant