
ISO 45001 Requirements & Audit Checklist

By proceeding, you agree to Be Certified’s Terms of Service and Privacy Policy. You may unsubscribe at any time.
In Great Britain, around 680,000 people suffered an injury at work in 2024/25. It’s a clear reminder of why strong Health & Safety systems matter.
ISO 45001 gives organisations a structured, internationally recognised way to manage workplace risks, improve Health & Safety performance, and show that safe working is built into everyday operations.
But when an audit is on the horizon, knowing what to prepare can feel like a job in itself.
That’s where a clear ISO 45001 audit checklist helps. From leadership commitment and risk assessments to training records, internal audits, and corrective actions, it gives you a practical way to check what’s in place, spot gaps early, and approach certification with more confidence.
In this blog:
- What are the core ISO 45001 Standard requirements?
- Why is an ISO 45001 requirements checklist important?
- Occupational Health & Safety Management System (OHSMS) requirements
- ISO 45001 audit document checklist
- Mandatory evidence for ISO 45001 certification
- How to use your ISO 45001 compliance checklist
What are the core ISO 45001 Standard requirements?
To understand how ISO 45001 works, it helps to look at the bigger picture. At a top level, the Standard asks your business to identify workplace hazards, who could be affected (your staff, visitors, or contractors), and put structured controls in place to reduce Health & Safety risks.
The main auditable requirements sit across seven core clauses:
- Context of the organisation (Clause 4) — This is where you define what your Health & Safety Management System covers. You’ll need to understand the internal and external issues that affect your business, identify interested parties such as workers, customers, contractors, regulators, and suppliers, and set the scope of your system clearly.
- Leadership & worker participation (Clause 5) — Health & Safety can’t sit in a folder or be left to one person. Senior leaders need to take responsibility, set direction, provide support, and make sure workers are consulted and involved in decisions that affect their safety.
- Planning (Clause 6) — This clause is about spotting hazards before they become incidents. You’ll need to assess risks and opportunities, understand your legal and other requirements, and set clear Health & Safety objectives that can be measured and reviewed.
- Support (Clause 7) — Your team needs the right resources, competence, awareness, communication, and documented information to keep the system working. In practice, this could include training records, toolbox talks, safety procedures, role responsibilities, and controlled documents.
- Operation (Clause 8) — This is where your plans become day-to-day practice. You’ll need to control operational risks, manage change, oversee contractors and outsourced processes, and prepare for emergency situations such as accidents, fires, spillages, or equipment failures.
- Performance evaluation (Clause 9) — Once your system is running, you need to check whether it’s working. This includes monitoring Health & Safety performance, completing internal audits, checking compliance, and holding management reviews to identify what’s effective and what needs attention.
- Improvement (Clause 10) — When incidents, near misses, nonconformities, or audit findings happen, you’ll need to investigate them, deal with the root cause, and take corrective action. The aim is continual improvement — making your workplace safer and your system stronger over time.
If you want to understand the framework on a deeper level, check out our ultimate guide to ISO 45001.
Why is an ISO 45001 requirements checklist important?
Becoming ISO-certified is a fantastic way to grow your business. But when you’re busy running your everyday operations, working through the Standard clause by clause can feel like a lot. A practical ISO 45001 requirements checklist gives you a clearer way to prepare, helping you turn the Standard into manageable actions and evidence.
It can also support continual improvement by showing where your Health & Safety management system is working well, where gaps remain, and what needs attention before your audit.
Using a checklist offers a wide range of benefits, including:
- No missed steps — Break complex ISO 45001 requirements into clear actions, so important areas like risk assessments, worker consultation, training records, internal audits, and corrective actions are not overlooked.
- Less audit stress — Knowing exactly what the auditor is looking for takes the guesswork out of preparation.
- Better team collaboration — Assign checklist actions to different people across the business, from senior leaders to supervisors and Health & Safety representatives, so responsibility doesn’t sit with one person.
- Clear progress tracking — You can see exactly how close you are to being audit-ready, which helps keep momentum high.
Occupational Health & Safety Management System (OHSMS) requirements
Before you start gathering audit evidence, it helps to be clear on what your OHSMS actually is.
Think of your Occupational Health & Safety Management System requirements as the framework for managing Health & Safety across your business. It brings together your policies, processes, responsibilities, records, and controls, so you can reduce workplace risks and keep improving how Health & Safety is managed day to day.
To meet the core requirements of an OHSMS, your system needs to include:
- Written Health & Safety policy — A formal policy approved by senior leadership, showing your commitment to preventing work-related injury and ill health, meeting legal requirements, and improving Health & Safety performance.
- Worker consultation — Clear channels that make it easy for employees to voice concerns, report hazards, and suggest safety improvements.
- Hazard identification and risk assessment — A robust, ongoing process for spotting hazards and assessing workplace risks on a day-to-day basis.
- Legal and other requirements register — A central, up-to-date record of the Health & Safety laws, regulations, client requirements, and other obligations that apply to your business.
- Measurable targets — Clear, realistic targets supported by action plans, responsibilities, timescales, and progress reviews.
- Competence & training — Verified proof that your team has received the correct training and instructions to do their jobs safely.
- Operational controls — Practical measures to manage day-to-day Health & Safety risks, including safe systems of work, contractor management, purchasing controls, maintenance, and outsourced processes.
- Emergency preparedness — A tested response plan to handle any potential emergencies, like workplace fires or accidents.
- Documented information and record control — A clear way to create, update, store, and control key documents and records, so your team can access the right information when they need it.
- Performance monitoring — A routine schedule for reviewing your safety systems to make sure they’re still working effectively.
- Incident, nonconformity, and corrective action process — A structured way to investigate incidents, near misses, audit findings, and process failures, then fix the root cause and prevent the same issue from happening again.
Investing time in these requirements isn’t just about passing an audit. There are massive advantages to keeping your team safe, and we’ve mapped these out in detail in our guide to the business benefits of good Health & Safety.
SO 45001 audit document checklist
When it comes to the official audit, your auditor isn’t just going to take your word for it. They’ll want to see clear evidence that your Health & Safety management system is documented, implemented, and working in practice.
That evidence doesn’t need to be complicated. The key is knowing what documents and records may be reviewed, keeping them organised, and making sure they reflect what actually happens in your business.
Use this ISO 45001 audit document checklist to prepare the core evidence your auditor is likely to ask for.
Scope of the OHSMS (Clause 4.3)
The auditor will start by looking at your “Scope”. This document defines the boundaries of your safety management system. It sets out exactly which parts of your business, physical locations, and activities are covered by your OHSMS.
Your auditor will check that the scope is clear, realistic, and relevant to the risks your business manages. For example, it may cover all UK sites, a specific operating location, or particular activities such as manufacturing, installation, warehousing, or office-based services.
If anything is excluded from the scope, you’ll need a clear and valid reason. This could apply where a separate legal entity, site, or outsourced process genuinely sits outside your control. The important point is that your scope must not avoid areas where your business still has Health & Safety responsibility.
Occupational Health & Safety Policy (Clause 5.2)
Your Health & Safety policy is the foundation of your system. It should be a written document approved by senior leadership and communicated to relevant workers and interested parties.
This policy has to clearly state your business’s commitment to providing safe and healthy working conditions, preventing work-related injuries, complying with all legal requirements, and actively working to eliminate hazards.
Your auditor may ask to see the policy itself, evidence that it has been shared with workers, and proof that it is reviewed when needed.
Organisational roles & authorities (Clause 5.3)
Health & Safety works best when everyone understands their role. Your auditor will want to see that responsibilities and authorities are clearly defined across the business.
Useful evidence could include organisation charts, job descriptions, responsibility matrices, induction materials, committee structures, or named Health & Safety representatives.
You should also be able to show that workers know who to speak to if they spot a hazard, need support, or want to raise a Health & Safety concern. This helps prove that responsibilities are not just written down, but understood in practice.
Risk assessments (Clause 6.1.2)
This is one of the most important parts of the audit. You need to show a clear, documented process for identifying hazards and managing risks.
Depending on your industry, your risk assessments might cover areas such as slips and trips, manual handling, machinery, vehicles, chemical handling, working at height, display screen equipment, lone working, or workplace stress.
The auditor will want to see your completed risk assessment forms, along with proof that you’ve put measures in place to control and reduce the risks you identified. This could include updated procedures, training records, inspection reports, maintenance records, signage, PPE checks, contractor controls, or corrective actions.
The strongest evidence shows a clear link between the hazard, the risk, the control, and the action taken.
OHSMS objectives (Clause 6.2)
ISO 45001 expects your business to set Health & Safety objectives that support your policy and help improve performance.
These objectives should be clear, measurable where possible, assigned to responsible people, and reviewed over time. They don’t need to be complicated, but they do need to be meaningful.
Examples could include:
- Complete Health & Safety induction training for 100% of new starters within their first week.
- Reduce unresolved corrective actions by 20% over the next 12 months.
- Complete monthly workplace inspections across all operational sites.
- Increase near-miss reporting to improve visibility of potential risks.
- Close out all high-risk audit findings within agreed timescales.
Your auditor will want to see your objectives, action plans, ownership, progress updates, and evidence that the objectives are reviewed during management meetings or formal management reviews.
Key evidence for ISO 45001 certification
To meet ISO 45001 certification requirements , you’ll need to demonstrate that your Health & Safety system is fully operational. Your auditor will look for objective evidence that your processes are being followed, reviewed, and improved. This evidence can take different forms depending on your business, but it should be clear, current, and easy to access.
When building your ISO 45001 requirements checklist, make sure you have the following evidence ready to share:
- Occupational Health & Safety management system evidence (Clause 4.4) — Written evidence showing that your safety processes are fully integrated into daily operations rather than treated as a separate admin task. This includes day-to-day work logs, system sign-offs, and operational safety notes.
- Feedback from interested parties (Clause 4.2) — Documented records of safety-related communications, concerns, or requirements raised by clients, visitors, neighbours, or regulatory bodies like the Health and Safety Executive (HSE).
- Risk assessments (Clause 6.1.2) — Your complete, up-to-date hazard logs and risk assessment sheets, showing a clear history of how risks have been evaluated and controlled over time.
- Legal requirements & regulations (Clause 6.1.3) — A legal register showing that you track, understand, and comply with UK safety legislation and any relevant industry regulations.
- Health & Safety objectives and plans (Clause 6.2) — Documented objectives that support your policy and improve Health & Safety performance. Include the target, responsible person, timescale, action plan, and evidence of progress.
- Employee competence & awareness (Clause 7.2 & Clause 7.3) — Staff training logs, safety induction records for new starters, and professional training certificates that prove your team has the skills to work safely.
- Documentation process (Clause 7.5) — Records showing that your safety documents, policies, and procedures are regularly reviewed, approved by the right people, and updated as circumstances change.This may include document registers, version control, review dates, approval records, and access controls.
- Operational control evidence (Clause 8.1) — Records showing how you manage day-to-day Health & Safety risks. This could include maintenance logs, contractor assessments, safe working procedures, inspection checklists, permits to work, PPE records, purchasing controls, or change management records.
- Emergency response (Clause 8.2) — Documented emergency plans, evacuation maps, safety personnel lists, and records of regular fire drills, including feedback on what went well and what needs adjusting.
- Performance monitoring records (Clause 9.1) — Evidence that you measure and review Health & Safety performance. This could include incident statistics, near-miss reports, workplace inspections, compliance checks, audit results, KPI dashboards, and action logs.
- Internal audit results (Clause 9.2) — Detailed reports from your own internal safety checks, showing that you’re proactively looking for weaknesses and areas to improve before an external auditor arrives.
- Management review outputs (Clause 9.3) — Meeting minutes or review records showing that senior leaders assess Health & Safety performance, audit findings, objectives, incidents, legal compliance, resources, risks, opportunities, and improvement actions.
- Corrective actions (Clause 10.2) — Proof that when an incident, accident, or near-miss took place, you fully investigated it, found the root cause, and updated your systems or procedures to stop it from happening again.
If you want to know more about how these audits and certifications work in practice, take a look at our guide on how ISO works.
How to use your ISO 45001 compliance checklist
A checklist is only useful if you know how to make it work for you. Here’s how to use your ISO 45001 compliance checklist to get your business in top shape for your audit:
- Structure internal audits — Use the checklist as a template to run your own internal audits. It’s the best way to find any weak spots before the external auditor arrives.
- Assign ownership of different tasks — Don’t try to do everything yourself. Use the checklist to divide tasks among your team leads, making Health & Safety a shared responsibility across your business.
- Track your progress — Keep a version of the checklist where you can clearly mark tasks as not started, in progress, or complete. This gives you a visual of your audit readiness and flags any areas that have flown under the radar.
- Educate your team — Use the checklist to run quick safety briefings with your staff. When everyone understands what’s required of them, keeping your workplace compliant becomes second nature.
- Keep documentation in order — Use the checklist to organise your files. If you structure your folders to match the checklist sections, you’ll be able to find and present documents to your auditor in seconds.
Prepare for your ISO 45001 audit with Be Certified
Ready to take the headache out of your workplace Health & Safety? Our clever, self-serve platform makes getting your ISO 45001 system up and running quick and easy.
When you partner with Be Certified, you’re getting:
- Guidance through the ISO 45001 Standard.
- An easy-to-use platform built by ISO consultants.
- Immediate access with no waiting.
- Transparent pricing that works for your budget.
Take your first step toward a safer working environment and get audit-ready with our ISO 45001 certification software today.
Sign up to receive weekly Certification news

Specialising in ISO compliance and quality management systems, Kevin Johnstone brings a wealth of experience and insight built up over many years in the field.