ISO 45001 — The Gold Standard Your Clients Are Starting to Demand
Five years ago, ISO 45001 was a nice-to-have. Something big companies did because their shareholders expected it. Today, it's increasingly appearing in tender documents, supply chain requirements and contractor pre-qualification questionnaires. If you've recently lost out on a contract because you couldn't tick the ISO 45001 box, you're not alone — and it's only going to get more common.
What Is ISO 45001?
ISO 45001:2018 is the international standard for occupational health and safety management systems. It replaced OHSAS 18001 in 2018 and represents the global benchmark for how organisations should manage workplace health and safety risks.
In plain language: it's a structured framework for managing health and safety across your entire business, not just responding to problems as they arise. It covers leadership commitment, worker participation, hazard identification, risk assessment, operational controls, performance evaluation and continual improvement.
If a health and safety policy is a statement of intent, ISO 45001 is the engine that turns that intent into reality.
Why Are Clients Demanding It?
Three reasons, mainly.
Risk transfer. When a large organisation hires contractors or suppliers, it takes on a share of the risk. If your worker gets injured on their site, or your process causes an incident, they face regulatory scrutiny too. ISO 45001 certification gives them confidence that your safety management isn't just paperwork — it's a functioning system.
Supply chain pressure. Large organisations with their own ISO 45001 certification are required to manage risk throughout their supply chain. That means pushing requirements down to their suppliers and contractors. If you're in that supply chain, the requirement eventually reaches you.
Procurement simplification. Tender evaluators need a way to compare safety competence across bidders. ISO 45001 gives them a yes/no filter. It's not the only thing that matters, but without it, you might not even get past the pre-qualification stage.
What ISO 45001 Covers
The standard follows the same high-level structure (Annex SL) as ISO 9001 (quality) and ISO 14001 (environment), which makes it easier to integrate if you already have those systems in place. The main elements include:
Context of the organisation — understanding your business, your stakeholders and the external factors that affect health and safety
Leadership — top management must demonstrate commitment, set policy and assign roles and responsibilities
Planning — identifying hazards, assessing risks and opportunities, setting objectives and planning how to achieve them
Support — competence, awareness, communication and documented information
Operation — operational planning and control, emergency preparedness and response
Performance evaluation — monitoring, measurement, analysis, internal audit and management review
Improvement — incident investigation, nonconformity, corrective action and continual improvement
Do You Need Full Certification?
This is an important distinction. There's a difference between implementing an ISO 45001-aligned safety management system and achieving third-party certification.
Certification means an accredited certification body audits your system and confirms it meets the standard. You get a certificate you can show clients. This costs money (typically several thousand pounds for SMEs) and requires ongoing surveillance audits.
But many businesses — particularly SMEs — can get significant benefit from building a safety management system aligned to ISO 45001 without going through formal certification. This gives you the structure, the processes and the evidence to demonstrate robust safety management, even if you don't have the certificate on the wall.
The right approach depends on your clients' requirements. If the tender says "ISO 45001 certified," you need the certificate. If it says "robust safety management system" or "aligned to ISO 45001," a well-implemented system without formal certification may be sufficient.
Getting Started
The gap between where most SMEs are and where ISO 45001 needs them to be isn't as wide as you might think. Most businesses already have some elements in place — a health and safety policy, risk assessments, training records, incident reports. The challenge is usually pulling these together into a coherent, documented system with proper governance.
A gap analysis is the logical starting point. This maps what you already have against the requirements of the standard and identifies what needs developing. From there, you can build the missing elements, train your people and either operate the system internally or progress toward formal certification.
This isn't something you need to do overnight. A phased approach — building the system over three to six months — is realistic for most SMEs and avoids the chaos of trying to implement everything at once.
The Competitive Advantage
Here's the thing about ISO 45001 that doesn't get discussed enough: it's a genuine competitive advantage, not just a compliance exercise. Businesses with structured safety management systems have fewer incidents, fewer lost working days, lower insurance premiums and better staff retention. They win more contracts because they can evidence their competence. They sleep better because they know their systems work.
The businesses that are implementing ISO 45001 now — before it becomes a universal requirement — are the ones that will be ahead of the curve when every tender document asks for it.
Ready to build your safety management system? Get an SMS Consultation →
York Green Safety Partners helps businesses across the UK build safety management systems aligned to ISO 45001, from gap analysis through to certification support. Based in Cheshire, covering the whole country.