An OHSAS 18001 audit checklist is a tool for safety officers and top management to validate if the organization’s OH&S management system complies with the OHSAS 18001 standard. Use this checklist to evaluate your organization’s willingness for third-party certification.
The company shall establish, record, implement, maintain, and continually improve an OH&S management system in accordance with the demands of this OHSAS Standard and determine how it will meet these demands.
The company shall define and record the scope of its OH&S management system.
4.2 Occupational Health & Safety policy
Top management shall establish and authorize the organization’s OH&S policy and ensure that within the established scope of its OH&S management system it:
a) is suited to the nature and scale of the organization’s OH&S risks;
b) contains a commitment to the prevention of injury and ill health and persistent improvement in OH&S management and OH&S performance;
c) involves a commitment to at least comply with applicable legal obligations and with other obligations to which the organization subscribes that correlate to its OH&S hazards;
d) implements the framework for setting and reviewing OH&S objectives;
e) is recorded, implemented and maintained;
f) is communicated to all persons working under the control of the company with the intent that they are made informed of their individual OH&S obligations;
g) is accessible to interested parties;
h) is reviewed regularly to assure that it remains relevant and suitable for the organization.
4.3.1 Danger Identification, risk assessment and determining controls
The company shall establish, implement and maintain a procedure(s) for the ongoing hazard identification, risk evaluation, and determination of necessary controls.
The method(s) for hazard identification and risk evaluation shall take into account:
a) routine and non-routine activities;
b) activities of all persons having access to the workplace (including contractors and visitors);
c) human behaviour, abilities and other human factors;
d) identified dangers originating outside the workplace capable of adversely influencing the health and safety of persons under the control of the company within the workplace;
e) dangers created in the vicinity of the workplace by work-related activities under the control of the organization;
NOTE 1: It may be more proper for such hazards to be evaluated as an environmental aspect.
f) infrastructure, tools and materials at the workplace, whether provided by the company or others;
g) changes or proposed changes in the company, its activities, or materials;
h) modifications to the OH&S management system, containing temporary changes, and their consequences on operations, processes, and activities;
i) any applicable legal responsibilities relating to risk evaluation and implementation of necessary controls (see also the NOTE to 3.12);
j) the design of work areas, processes, installations, machinery/equipment, operating methods and work organization, involving their adaptation to human capabilities.
The company's methodology for hazard identification and risk evaluation shall:
a) be defined with respect to its scope, nature and timing to guarantee it is proactive rather than reactive; and
b) provide for the identification, prioritization and documentation of hazards, and the application of controls, as relevant.
For the management of change, the organization shall recognise the OH&S hazards and OH&S risks linked to changes in the organization, the OH&S management system, or its activities, prior to the introduction of such changes.
The company shall guarantee that the results of these evaluations are considered when determining controls.
When determining controls, or considering changes to existing controls, attention shall be given to decreasing the risks according to the following hierarchy:
The company shall document and keep the results of identification of dangers, risk evaluation and determined controls up-to-date.
The company shall ensure that the OH&S risks and determined controls are taken into account when establishing, achieving and maintaining its OH&S management system.
NOTE 2 For additional guidance on hazard identification, risk evaluation and determining controls, see OHSAS 18002.
4.3.2 Legal and other demands
The company shall establish, implement and maintain a method(s) for identifying and accessing the legal and other OH&S terms that are applicable to it.
The company shall keep this information up-to-date.
The company shall communicate relevant information on legal and other necessities to persons working under the control of the company, and other relevant interested parties.
The organization shall assure that these applicable legal requirements and other necessities to which the organization subscribes are taken into account in establishing, achieving and maintaining its OH&S management system.
4.3.3 Objectives & Programme(s)
The company shall build, implement and maintain documented OH&S objectives, at important functions and levels within the organization.
The goals shall be measurable, where practicable, and consistent with the OH&S policy, including the commitments to the prevention of injury and ill health, to compliance with applicable legal requirements and with other demands to which the organization subscribes, and to continual improvement.
When building and reviewing its objectives, an organization shall take into account the legal demands and other necessities to which the organization subscribes and its OH&S risks. It shall also consider its technological possibilities, its financial, operational and business demands, and the views of relevant interested parties.
The company shall establish, implement and maintain a programme(s) for fulfilling its goals. Programme(s) shall include as a minimum:
a) designation of responsibility and authority for achieving objectives at important functions and levels of the organization; and
b) the means and time-frame by which the objectives are to be achieved.
c) The programme(s) shall be reviewed at regular and planned intervals, and adjusted as required, to guarantee that the objectives are achieved.
4.4 Implementation and Operation
4.4.1 Resources, roles, responsibility, accountability and authority
Top management shall take ultimate duty for OH&S and the OH&S management system.
Top management shall confirm its commitment by:
a) assuring the availability of resources essential to establish, implement, maintain and improve the OH&S management system;
NOTE 1: Resources include human resources and specialized professions, organizational infrastructure, technology and financial sources.
b) defining roles, allocating duties and accountabilities, and delegating authorities, to promote effective OH&S management; roles, responsibilities, accountabilities, and authorities shall be reported and communicated.
The organization shall appoint a member(s) of top management with specific duty for OH&S, irrespective of other duties, and with defined roles and authority for:
a) assuring that the OH&S management system is established, implemented and maintained in accordance with this OHSAS Standard;
b) guaranteeing that reports on the performance of the OH&S management system are introduced to top management for review and used as a basis for improvement of the OH&S management system.
NOTE 2: The top management appointee (e.g. in a large organization, a Board or executive committee member) may assign some of their duties to a subordinate management representative(s) while still retaining accountability
The identity of the top management appointee shall be made accessible to all persons working under the control of the organization.
All those with management duty shall show their commitment to the regular improvement of OH&S performance.
The company shall assure that persons in the workplace take responsibility for aspects of OH&S over which they have power, including adherence to the organization’s applicable OH&S demands.
4.4.2 Competence, training and awareness
The organization shall guarantee that any person(s) under its control executing tasks that can impact on OH&S is (are) competent on the basis of appropriate education, training or experience, and shall retain associated documents.
The organization shall identify training needs associated with its OH&S hazards and its OH&S management system. It shall implement training or take other action to meet these needs, evaluate the effectiveness of the training or action is taken, and retain associated records.
The organization shall build, implement and maintain a procedure(s) to make persons working under its control informed of:
a) the OH&S consequences, actual or possible, of their work activities, their habits, and the OH&S benefits of improved personal performance;
b) their roles and duties and importance in achieving conformity to the OH&S policy and procedures and to the demands of the OH&S management system, including emergency preparedness and response demands (see 4.4.7);
c) the potential results of departure from specified procedures.
Training methods shall take into account differing levels of:
a) responsibility, expertise, language skills and literacy; and
4.4.3 Communication, Participation and Consultation
• With regard to its OH&S dangers and OH&S management system, the organization shall establish, implement and maintain a method(s) for:
a) internal communication among the different levels and functions of the organization;
b) communication with contractors and other visitors to the workplace;
c) receiving, reporting and responding to important communications from external interested parties.
220.127.116.11 Participation and Consultation
• The company shall establish, implement, and maintain a method(s) for the participation of workers by their:
• proper involvement in hazard identification, risk estimates and determination of controls;
• appropriate engagement in an incident investigation;
• engagement in the development and review of OH&S policies and objectives;
• a discussion where there are any changes that affect their OH&S;
• representation on OH&S matters. Employees shall be informed about their participation arrangements, including who is their representative(s) on OH&S concerns.
The organization shall assure that, if appropriate, relevant external interested parties are advised about pertinent OH&S matters.
Workers shall be notified about their participation arrangements, including who is their representative(s) on OH&S matters.
b) consultation with contractors where there are changes that influence their OH&S.
The organization shall guarantee that, when appropriate, relevant external engaged parties are consulted about pertinent OH&S matters.
• The OH&S management system documentation shall cover:
a) the OH&S policy and objectives;
b) explanation of the scope of the OH&S management system;
c) explanation of the main elements of the OH&S management system and their interaction, and reference to linked documents;
d) documents, including records, needed by this OHSAS Standard; and
e) documents, determined by the organization to be required to ensure the effective planning, operation and control of methods that relate to the management of its OH&S risks.
NOTE: It is important that documentation is proportional to the level of complexity, hazards and dangers concerned and is kept to the minimum needed for effectiveness and efficiency.
4.4.5 Control of Documents
Documents needed by the OH&S management system and by this OHSAS Standard shall be checked. Records are a special type of document and shall be managed in accordance with the terms given in 4.5.4.
The company shall establish, implement and maintain a procedure(s) to:
a) permit documents for adequacy prior to issue;
b) review and update as required and re-approve documents;
c) assure that changes and the current revision status of records are identified;
d) guarantee that important versions of applicable documents are available at points of use;
e) assure that documents remain legible and readily identifiable;
f) assure that documents of external origin determined by the organization to be required for the planning and operation of the OH&S management system are classified and their distribution controlled;
g) prevent the unintended use of obsolete records and apply fitting identification to them if they are maintained for any purpose.
4.4.6 Operational Control
Workers shall be informed about their participation arrangements, including who is their representative(s) on OH&S matters.
For those operations and activities, the company shall implement and maintain:
a) operational controls, as applicable to the company and its activities; the organization shall integrate those operational controls into its overall OH&S management system;
b) controls related to acquired goods, equipment and services;
c) controls related to contractors and other visitors to the workplace;
d) reported procedures, to cover situations where their nonexistence could lead to deviations from the OH&S policy and the objectives;
e) stipulated operating criteria where their nonexistence could lead to deviations from the OH&S policy and objectives.
4.4.7 Emergency Preparedness and Response
• The company shall establish, implement and maintain a procedure(s):
a) to distinguish the potential for emergency situations;
b) to respond to such emergency situations.
The company shall respond to actual emergency conditions and prevent or mitigate associated adverse OH&S consequences.
In planning its emergency response the organization shall take a report of the needs of relevant interested parties, e.g. emergency assistance and neighbours.
The organization shall also regularly test its procedure(s) to respond to emergency situations, where practicable, including relevant interested parties as appropriate.
The organization shall regularly review and, where required, revise its emergency preparedness and response procedure(s), in particular, after periodical examination and after the occurrence of emergency situations (see 4.5.3).
4.5.1 Performance Measurement and Monitoring
• The company shall establish, implement and maintain a procedure(s) to control and measure OH&S performance on a regular basis. This procedure(s) shall provide for:
a) both qualitative and quantitative measures, proper to the needs of the organization;
b) monitoring of the extent to which the organization’s OH&S objectives are met;
c) controlling the effectiveness of controls (for health as well as for safety);
d) proactive measures of performance that control conformance with the OH&S programme(s), controls and operational criteria;
e) reactive measures of performance that control ill health, incidents (including accidents, near-misses, etc.), and other historical proof of deficient OH&S performance;
f) recording of data and results of monitoring and measurement adequate to facilitate subsequent corrective action and preventive action analysis.
If equipment is needed to watch or measure performance, the company shall establish and maintain methods for the calibration and maintenance of such tools, as appropriate. Records of calibration and maintenance activities and issues shall be retained.
4.5.2 Evaluation of compliance
18.104.22.168 Consistent with its commitment to compliance [see 4.2c)], the organization shall establish, implement and sustain a procedure(s) for periodically assessing compliance with applicable legal demands (see 4.3.2).
- The company shall keep documents of the results of the periodic evaluations.
- NOTE The frequency of periodic evaluation may vary for differing legal requirements.
22.214.171.124 The company shall evaluate compliance with other demands to which it subscribes (see 4.3.2). The organization may wish to fuse this evaluation with the evaluation of legal compliance referred to in 126.96.36.199 or to establish a separate procedure(s).
- The company shall keep records of the results of the periodic assessments.
- NOTE The regularity of periodic evaluation may vary for differing other claims to which the organization subscribes.
4.5.3 Incident Investigation, Non-conformity, Corrective & Preventive Action
188.8.131.52 Incident investigation
• The company shall establish, implement and maintain (a) method(s) to record, investigate and investigate incidents in order to:
a) determine underlying OH&S deficiencies and other determinants that might be causing or contributing to the occurrence of incidents;
b) identify the requirement for corrective action;
c) identify opportunities for preventive action;
d) identify opportunities for regular improvement;
e) communicate the outcomes of such investigations.
The investigations shall be performed in a timely manner.
Any identified requirement for corrective action or opportunities for preventive action shall be dealt with in accordance with the important parts of 184.108.40.206.
The results of incident studies shall be documented and maintained.
220.127.116.11 Nonconformity, corrective action and preventive action
• The organization shall establish, implement and sustain a method(s) for dealing with actual and potential nonconformity(ies) and for using corrective action and preventive action. The method(s) shall define terms for:
a) identifying and correcting nonconformity(ies) and taking action(s) to mitigate their OH&S results;
b) investigating nonconformity(ies), determining their cause(s) and taking actions in order to bypass their recurrence;
c) assessing the need for action(s) to prevent nonconformity(ies) and performing appropriate actions designed to avoid their occurrence;
d) documenting and communicating the results of corrective action(s) and preventive action(s) taken;
e) examining the effectiveness of corrective action(s) and preventive action(s) taken.
Where the improving action and preventive action identifies new or modified hazards or the need for new or changed controls, the procedure shall need that the proposed actions shall be taken through a risk evaluation prior to implementation.
Any corrective action or preventive action is taken to reduce the causes of actual and potential nonconformity(ies) shall be relevant to the magnitude of problems and commensurate with the OH&S risk(s) encountered.
The organization shall assure that any important changes arising from corrective action and preventive action are made to the OH&S management system documentation.
4.5.4 Control of Records
The organization shall establish and maintain records as required to show conformity to the requirements of its OH&S management system and of this OHSAS Standard, and the outcomes achieved.
The organization shall establish, implement and maintain a method(s) for the identification, storage, security, retrieval, retention and disposal of records.
Records shall be and remain legible, identifiable and verifiable.
4.5.5 Internal Audit
• The company shall ensure that internal audits of the OH&S management system are conducted at planned intervals to:
a) determine whether the OH&S management system:
1) conforms to planned arrangements for OH&S management, containing the demands of this OHSAS Standard;
2) has been correctly implemented and is maintained;
3) is effective in meeting the company’s policy and objectives;
b) provide information on the outcomes of audits to management.
Audit programme(s) shall be planned, established, used and maintained by the organization, based on the results of risk assessments of the company's activities, and the results of previous audits.
Audit method(s) shall be established, implemented and affirmed that address:
a) the responsibilities, competencies, and demands for planning and conducting audits, documenting results and retaining associated records;
b) the determination of audit criteria, scope, frequency and techniques. Selection of auditors and control of audits shall guarantee objectivity and the impartiality of the audit manner.
4.6 Management Review
Top management shall review the organization’s OH&S management system, at planned intervals, to guarantee its lasting suitability, adequacy and effectiveness. Reviews shall include evaluating opportunities for positive change and the need for changes to the OH&S management system, including the OH&S policy and OH&S objectives. Reports of the management reviews shall be retained.
Input to management reviews shall contain:
a) consequences of internal audits and evaluations of compliance with appropriate legal demands and with other demands to which the organization subscribes;
b) the results of participation and consultation (see 4.4.3);
c) important communication(s) from external interested parties, involving criticism;
d) the OH&S appearance of the company;
e) the extent to which goals have been achieved;
f) status of incident examinations, improving actions and preventive actions;
g) follow-up actions from past management reviews;
h) changing circumstances, including improvements in legal and other demands related to OH&S;
i) recommendations for development.
The outputs from management reviews should be compatible with the company’s commitment to continual development and shall include any choices and actions related to potential changes to:
a) OH&S performance;
b) OH&S policy and objectives;
d) other parts of the OH&S management system.
Important outputs from management review shall be made accessible for communication and discussion (see 4.4.3).
Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.
Please, finish the registration to access the content of the checklist.