Glocal Insight

ISO 45001 — Occupational Health & Safety Management Systems

ISO 45001 consulting that satisfies auditors — and helps reduce workplace incidents.

We build occupational health and safety management systems for US manufacturers, contractors, and industrial operators that satisfy ISO 45001, operationalize OSHA compliance, and deliver real reductions in injury rates. Integrated with ISO 9001 and 14001 where you need them.
Start a conversation Explore all services

Why this matters

ISO 45001 is increasingly required by enterprise customers, large construction owners, and insurance carriers — and increasingly worth pursuing on operational merits alone. Companies with mature OH&S management systems consistently outperform their peers on incident rates, workers' compensation costs, and operational continuity. The certification is the externally-visible artifact; the management discipline is the actual value.

Done well, ISO 45001 is the management framework that holds your OSHA compliance, worker participation programs, incident response, and continuous improvement together as one coherent system. Done poorly, it becomes another binder of compliance documentation that exists in parallel to how your operations actually run — and incident rates show no improvement.

Our engagements are designed around real operations. Hazard identification by walking your facilities, not by checking boxes. Worker participation through structured engagement, not signed acknowledgments. Incident investigation that finds systemic causes, not just immediate ones. CAPA that closes effectively, not just on paper. The certification body sees a real management system. Your OSHA inspector sees defensible compliance. Your team sees decisions actually getting made.

What's included

A full ISO 45001 engagement covers hazard identification, legal register, documentation, training, audits, and certification body liaison through your ISO 45001 certificate. Components are available standalone — OSHA-compliance gap analysis, internal audit, training program design — when that fits better.

  • Hazard identification & risk assessment

    Comprehensive identification of OH&S hazards across operations, workplaces, and activities. Risk assessment methodology calibrated to your operations — JSA, HAZOP, FMEA, or task-based risk frameworks. Hierarchy-of-controls applied: elimination, substitution, engineering, administrative, PPE.

  • Legal & compliance obligations register

    Federal OSHA standards (29 CFR 1910 general industry, 29 CFR 1926 construction, plus industry-specific standards), state OSHA plan equivalents, and applicable consensus standards (ANSI Z10, NFPA, ASTM). Maintained on a defined review cadence.

  • OH&S management system documentation

    Policy, scope, procedures, work instructions, and forms designed around how your operations actually run. Worker participation requirements (Section 5.4) addressed substantively, not just procedurally — auditors and OSHA inspectors both look for evidence of real worker involvement.

  • Emergency preparedness & response procedures

    Identification of foreseeable emergency scenarios. Response procedures with assigned responsibilities. Drills and tabletop exercises. Coordination with environmental emergency procedures (if ISO 14001 is in scope) and with local emergency services.

  • Incident investigation & corrective action

    Investigation framework that goes beyond surface cause to identify systemic and management-system root causes. CAPA workflow connected to risk assessment and operational controls. Required OSHA recordkeeping (OSHA 300, 300A, 301) integrated rather than parallel.

  • OH&S training & competence program

    Training needs analysis by role. Competence verification for high-hazard tasks. OSHA-required training (HazCom, lockout/tagout, confined space, fall protection, PPE) integrated into the management-system training program. Worker awareness training that satisfies both ISO 45001 and OSHA expectations.

  • Certification audit support & ongoing maintenance

    Stage 1 and Stage 2 audits prepared and attended. Findings addressed. Surveillance audits and recertification supported. Incident-rate trending, leading-indicator KPIs (near misses, observations, training completion), and the ongoing measurement discipline that makes the certification worth holding.

How we work

Engagement length scales with site count, hazard complexity, and starting baseline. Single-site general industry operations move fastest. Multi-site construction firms or operations with Process Safety Management (PSM) requirements take longer.

  1. 01

    Scope & gap analysis (2–4 weeks)

    Define OH&S management system scope, conduct hazard identification across operations, map current state against ISO 45001:2018, confirm applicable federal and state OSHA obligations. Output: prioritized roadmap with effort estimate and regulatory baseline.

  2. 02

    Build & implement (3–5 months)

    Hazard and risk register, legal register, OH&S documentation, operational controls (including OSHA-required programs), emergency procedures, training rollout, worker participation program. Internal audit and management review close out implementation.

  3. 03

    Certify (1–2 months)

    Stage 1 audit (documentation review). Address findings. Stage 2 audit (operational evidence — workplace walk-throughs, worker interviews, document trace). Address any non-conformities. Receive ISO 45001:2018 certificate.

  4. 04

    Sustain (ongoing)

    Annual internal audits, incident-rate trending and review, surveillance audit preparation, training refreshers, legal register updates as OSHA standards evolve, recertification at year three. Leading-indicator metrics matter more than lagging — we help you build the discipline.

Where this fits in the US compliance landscape

ISO 45001 lives in a dense US safety-regulation landscape. The standard itself is the management framework; OSHA federal standards and state plans set the specific compliance obligations the management system has to satisfy. Adjacent standards layer naturally on top.

OSHA 29 CFR 1910 (general industry)

Federal OSHA standards for general industry workplaces. ISO 45001 doesn't replace OSHA compliance — it operationalizes it. The OH&S legal register tracks applicable 1910 subparts: HazCom, machine guarding, lockout/tagout, confined space, fall protection, PPE, electrical safety, and more.

OSHA 29 CFR 1926 (construction)

Federal OSHA standards for construction. For construction firms and contractors, 1926 is the governing federal regulation. ISO 45001 + 1926 integration is the right framework — single management system, dual compliance.

State OSHA plans

Twenty-two states operate their own OSHA-approved plans with rules that meet or exceed federal standards (California, Washington, Oregon, Michigan, North Carolina, and others). The legal register reflects whichever state OSHA plan governs each operating location.

ANSI Z10 — OH&S Management Systems

The US national consensus standard for OH&S management systems, structurally similar to ISO 45001. Some US organizations pursue ANSI Z10 instead of or in parallel with ISO 45001 — we work with both. The systems are deeply compatible.

ISO 9001 + 14001 integrated systems

ISO 45001 is most often pursued alongside ISO 9001 (quality) and ISO 14001 (environmental) as part of an integrated management system. The three share ~70% of management-system requirements. Integrated implementation is faster and cheaper than serial — we routinely scope joint engagements.

OSHA Voluntary Protection Programs (VPP)

For US organizations pursuing OSHA's VPP recognition (Star, Merit, or Demonstration status), an ISO 45001-aligned OH&S management system is strongly complementary. VPP and ISO 45001 share core elements; the documentation effort serves both purposes.

Industry-specific frameworks

Process Safety Management (29 CFR 1910.119) for chemical operations. MSHA for mining. NFPA standards for fire protection and hazardous materials. We integrate industry-specific safety regulations into the OH&S management system rather than running them as parallel programs.

Who we serve

ISO 45001 applies broadest to operations with physical workplace hazards, but is increasingly pursued by service businesses too. Our active engagements span:

  • Manufacturers — metal fabrication, plastics, chemicals, electronics, food, automotive
  • Construction firms and engineering contractors
  • Oil, gas, refining, and energy operations
  • Warehousing, logistics, and 3PL operators
  • Pharmaceutical and life sciences manufacturing
  • Mining and extraction (paired with MSHA-specific requirements)
  • Utilities and energy infrastructure
  • Service businesses pursuing certification for customer or insurance requirements

Frequently asked

Common questions about ISO 45001

Does ISO 45001 replace OSHA compliance? Are we double-regulated?

ISO 45001 is a voluntary management system standard, not a regulation. It doesn't replace OSHA, state plans, or industry-specific federal safety regulations — it operationalizes them. The OH&S management system tracks which regulations apply (legal register), assigns responsibility, trains the workforce, monitors performance, and responds when something goes wrong. Done well, ISO 45001 actually strengthens your OSHA compliance posture during inspections. You're not double-regulated; you have a single management system designed to satisfy multiple sets of requirements.

Will ISO 45001 actually reduce our injury rates, or is this just a paperwork exercise?

When the system is designed around how your operations actually work — and management review actually engages with leading-indicator KPIs — incident rates tend to decline over time. Industry research consistently links mature OH&S management systems to lower OSHA recordable rates and workers' compensation costs. The mechanism is straightforward: real hazard identification (not theater), real worker participation (not signed forms), real corrective action (not closed tickets). When the system is built only to pass the audit, none of this happens — and that's the case with most poorly-implemented OH&S systems.

We're a construction company. Is ISO 45001 even practical for us given the project-by-project nature of the work?

Yes, and many construction firms are pursuing it. The standard scales to project-based operations: the management system is at the firm level, while site-specific safety plans (familiar to construction firms operating under 29 CFR 1926) become the operational expression of the management system at each project. Worker participation, contractor safety management, and incident investigation requirements integrate naturally with how construction firms already operate. We've designed multiple construction-firm engagements.

How long does ISO 45001 certification take?

Four to seven months from kickoff to Stage 2 is typical for a US operation. Single-site general industry moves fastest. Multi-site construction firms, manufacturers with PSM-covered processes, or operations with high-hazard activities (confined space, fall hazards, hot work) take longer because hazard identification and operational controls have more depth. We give you a calibrated timeline after the gap analysis.

How does ISO 45001 integrate with ISO 9001 and ISO 14001?

Very cleanly. ISO 45001, 9001, and 14001 share Annex SL — the high-level structure ISO uses for management system standards. About 70 percent of management-system requirements (context, leadership, document control, audit, management review, corrective action) are common across the three. Integrated implementation typically takes 30 to 40 percent less effort than three separate projects, and the resulting integrated management system is what auditors prefer to see anyway. We routinely scope ISO 9001 + 14001 + 45001 engagements as a single integrated build.

Are there specific OSHA programs we have to have before pursuing ISO 45001?

Yes — ISO 45001 assumes you're already operating in compliance with applicable OSHA standards. Programs like Hazard Communication (1910.1200), Lockout/Tagout (1910.147), Confined Space (1910.146), Fall Protection (1926.501), PPE (1910.132), and similar are required under OSHA regardless of ISO certification. If your OSHA compliance has gaps, we'll identify them during the gap analysis and design the OH&S management system to close them as part of implementation. ISO 45001 is built on a compliant baseline, not in lieu of one.

What about the previous OHSAS 18001 standard? Are we automatically grandfathered?

No — OHSAS 18001 was retired in 2021 and replaced by ISO 45001. Any company that held OHSAS 18001 certification has either transitioned to ISO 45001 by now or lost certification. If your previous OHSAS-based management system is still in use, the structural framework is similar enough that transition is faster than starting from scratch, but the differences (worker participation, leadership engagement, risk-based thinking, opportunities) are substantive and require real implementation work — not just relabeling documents.

What does ISO 45001 consulting typically cost?

Engagement scope dominates: standalone gap analysis for a small single-site operation runs in the low five figures; full implementation through certification ranges considerably higher depending on site count, hazard complexity, and starting baseline. Certification body fees add roughly $5,000 to $20,000 per audit cycle. We don't publish rate cards; reach out and we'll walk through honest scope.

Other standards we cover

ISO 9001

Quality management

Learn more ISO 14001

Environmental management

Learn more ISO 13485

Medical devices QMS

Learn more

Ready to scope your ISO 45001 engagement?

Send a short note describing your current state, your target, and your timeline. We respond within one business day with clarifying questions and a path to a no-pressure scope call.

Start a conversation Explore all services

Last reviewed May 2026