Producing Superior Quality Food To Protect Customers

Share on facebook
Share on email
Share on twitter
Share on linkedin

The last couple of years have provided ample evidence that control of food safety is critical. Recent media reports have clearly shown severe shortcomings in the food industry that have threatened consumers’ health and safety.

Unsafe food is a risk for all of us – consumers can become seriously ill and the food industry can face costly corrective actions. These ongoing problems cry out for additional tools to reduce or eliminate risks. Communication and raising awareness of potential hazards throughout the entire food chain are crucial as food safety is a joint responsibility for all participating parties.

The ISO 22000:2018 Food Safety Management System aims to ensure that there are no weak links in the food supply chain.

Since ISO 22000 was first published in 2005, the standard has been well received by the food industry but new food safety risks prompted the need for a revision. The latest edition was published on 19th June 2018 and maintains a strong link to the Codex Alimentarius standards. It also addresses emerging food safety challenges and aligns the strategic direction of an organisation with its Food Safety Management objectives.


The ISO Food Safety Management System is flexible and can be used by all organisations in the food chain. By using the standard the food industry shares a common food safety language, thus reducing the risk of critical errors and maximising the use of resources. Enterprises that can apply the standard include:

  • Growers
  • Transporters
  • Packagers
  • Processors
  • Retailers
  • Bottlers, and
  • Restaurants


Food companies applying the ISO Food Safety Management System will be able to:

  • Embed and improve internal processes and provide consistently safe food.
  • Provide confidence that their organisation’s practices and procedures are effective and robust.
  • Assure customers and other parties through the certification process that food safety hazards are controlled and that their enterprise can provide safe products.
  • Continually improve their Food Safety Management System by reviewing and updating the system at planned intervals so that all activities related to food safety are always optimised and effective.
  • Ensure adequate control at all stages of the food supply chain to stop the introduction of food safety hazards.


To increase the acceptance of the ISO 22000:2018 Food Safety Management System and ensure that accredited certification programmes are implemented in a professional and trustworthy manner, the technical specification: ISO/TS 22003:2013 Food safety management systems – Requirements for bodies providing audit and certification of food safety management systems was published in 2007 and reviewed in 2016.


The British Retail Consortium (BRC) and the International Featured Standard (IFS) are standards that are recognised by many European retailers and are now required from suppliers of private-label goods.

BRC and IFS include provisions to prevent malicious acts (food defence) and to manage the authenticity of raw materials (food fraud). This is not the case with ISO 22000:2018 but the 2018 version allows for these provisions to be incorporated into the Food Safety Management System.


FSSC 22000 or Food Safety System Certification 22000 is a certification system, which incorporates ISO 22000 and other requirements, in particular food fraud and food defence. FSSC 22000 is recognised by the Global Food Safety Initiative (GFSI) and can be used by many agri-food businesses.
All of the GFSI-benchmarked Food Safety Management Systems are based on the following three components which must function as a system to minimise the risks for creating a food safety incident:

  • PRPs
  • Other requirements needed for a management system


Risk-based thinking plays a central role in the ISO 22000:2018 Food Safety standard. Organisations are given the tools to assess, identify and evaluate food safety hazards and address how to reduce their impact on consumers. ISO 22000:2018 follows the risk management principles outlined in the ISO 31000:2018 Risk Management standard but there are differences between the two standards.

Download our FREE Guide to learn about the importance of Risk-based Thinking in Food Safety Management.


Better processes
Dynamic control of food safety hazards through HACCP and PRPs is a cost-effective way of controlling food safety, from ingredients to production, storage and distribution.

  • HACCP (Hazard Analysis and Critical Control Points) requires that potential hazards are identified and controlled at specific points in the process.
  • PRPs (Prerequisite Programmes) stipulate the prerequisites for producing safe food in various food sectors.

Better competence
Workers learn good hygiene practices through training programmes.

Better infrastructure
Sites, production flows and factory layouts are arranged for satisfactory sanitary conditions.

Better planning
A clear project plan defines how, when and by whom risks and objectives should be managed.

Better teamwork
Effective communication helps employees work towards the same goal of food safety.

Better leadership
Management shows commitment to food safety through policies, resources and actions.

Better performance
Management reviews performance and objectives regularly to drive continual improvement

Better documentation
Food safety policies, procedures, work instructions and records are carefully documented for reference.

Click here to read about ISO Document and Control procedures and Software Solutions.

The ultimate goal of the ISO 22000:2018 Food Safety Management System is to put good quality, safe food on the tables of consumers. Now that’s something to celebrate! Bon appétit!


Are you ready to update your Food Safety Management System?

Risk ZA offers a wide range of ISO 22000:2018 Food Safety Management Training courses. Grow your skills by attending our courses which are presented by leading industry experts. Click here to check the training course schedule and find the one that suits you best.

For more information and assistance, please contact our friendly team on
+27 (0) 31 569 5900, email

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Risk Management: Improving Business Performance with Proactive Risk Reduction

Share on facebook
Share on email
Share on twitter
Share on linkedin

Business leaders navigate a complex environment in which the pace of change is rapidly accelerating and this has put pressure on companies to focus on risk management. The risk environment is equally challenging. Organisations are juggling a multitude of risks and it is becoming extremely difficult for enterprises to identify and reduce the impact of risk on their organisations. While managing the failure of critical assets is the top pressure, executives should not forget the risks associated with non-compliance, environmental, financial, logistical and supplier issues.

As such, Enterprise Risk Management (ERM) and Enterprise Resilience have become hot topics. But what are they and are they the same concept?

Enterprise resilience and ERM are related concepts that are associated with risk, but they are different. Enterprise Risk Management is a process that organisations use to rigorously identify, assess, manage and monitor risks that may affect their operations and objectives.

Enterprise resilience, on the other hand, is a capability. It describes an organisation’s capacity to anticipate and react to change that could represent opportunities and threats. Resilience includes two important components: organisational capacity and the ability to adapt and grow from a disruptive experience.


There are four stages to achieving enterprise which include:

  • Stage 1 – prepare and plan for the risk event
  • Stage 2 – absorb the consequences of the risk event
  • Stage 3 – recover from the risk event
  • Stage 4 – successfully adapt to the risk event

ERM is the mainstay of Stage 1 and assists with the other three stages as it cuts across organisational silos and considers internal and external risks, such as cyber-attacks and natural disasters. In this way, ERM allows management to identify risks and absorb the negative impact and assists with recovery by allowing organisations to assess and mitigate risks and plan for adverse events.


A healthy corporate culture promotes long-term resilience. The opposite may also be true. If the board and senior leadership are too focused on containing incidents and minimising bad press to preserve reputation and share value, this may lead to inappropriate responses in crises, and to inappropriate strategies to prepare the company to bounce back better.

Your governance, your values and your stakeholder relationships all determine your resilience. So do your processes.


Good governance comprises four essential elements:

Transparency – being clear and unambiguous about the company’s structure, operations and performance, both externally and internally; and, maintaining a genuine dialogue with and providing insights to stakeholders and the market.

Accountability – ensuring that there is clarity of decision-making within the company; with processes in place to ensure that the right people have the right authority to make effective and efficient decisions; with appropriate consequences delivered for failures to follow those processes.

Stewardship – developing and maintaining a company-wide recognition that the organisation is managed for the benefit of its shareholders, taking into account the interests of other stakeholders.

Integrity – developing and maintaining a corporate culture committed to ethical behaviour and compliance with the law.


Almost all organisations have faced adversity at some point in their history. Those that prosper over long periods of time display a remarkable ability to bounce back from adversity time and time again and to create value in changing circumstances.

Business turbulence and disruptions need to be addressed in the same manner as any other material business risk. Directors have a duty to ensure that the organisations which they govern are sustainable through disruptive events and create a culture in which business opportunities are chosen wisely.

A sustainable organisation is able to quickly adapt and align its strategy, operations, management systems, governance structure, and supply chain to meet the challenges of significantly changing environments. It is also able to create competitive advantage by maximising opportunities in an informed manner.

Sustainability is not only about being able to respond to a single crisis or setback but about continuously anticipating and adjusting to trends that can permanently alter the viability of a business. Traits of sustainable organisations include:

A culture of sustainability – a clear purpose and a core set of values which are more than just platitudes. Leaders of sustainable organisations strive to make the purpose and value a compelling reality at all levels of the organisations. The measure of success of a culture of sustainability is the degree to which the organisation’s people, from the board down, are active participants in understanding and addressing the opportunities and risks associated with the achievement of the organisation’s objectives.

A strong understanding of risks aligned to business strategy – all strategies and all opportunities worth pursuing involve risks that must be monitored and managed. Risk management is about both protecting value and creating value.

Accurate monitoring and detection with relevant reporting to management and the board – reporting mechanisms to raise alerts about risks may also be used to identify opportunities.

Reliable and sustainable processes and infrastructure which balance efficiency with flexibility – contingency and recovery planning and competitive advantage are founded on risk-based analysis and are embedded in operational plans encompassing people, processes, systems and data.


The ISO 31000:2018 Risk Management standard provides principles and generic guidelines on risk management. The framework seeks to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters, and regions. It assists organisations to gain better control and visibility into the risks within their operations.

Cross-functional involvement and collaboration are the keys to a successful risk management and risk mitigation program and these are focus areas in the latest version of the ISO 31000:2018 Risk Management standard.

In a risk environment that is growing more perilous and costly, boards and business owners need to help steer their enterprises toward resilience and value by embedding strategic risk capabilities throughout the organisation. But how do you achieve this? Learn more! Download our FREE guide on How to Achieve A Best-In-Class Risk Management System.


Risks ZA works with organisations in numerous ways to help you understand and manage your risks.

Don’t miss our ISO 31000:2018 Introduction to Risk Management Public Training Event which aims to deliver better solutions for managing complex risks and identifying competitive advantages in an ever-changing business environment.

Gain invaluable insights into Risk Management principles and be in a position to establish best-in-class Risk Management practices. Visit our Training Schedule page to view when the next course is running in your area!

To book your seat, call our team on +27 (0) 31 569 5900, email or complete our Online Booking Form.

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Thinking Differently about Workplace Safety Risks

Share on facebook
Share on email
Share on twitter
Share on linkedin

I’m A Celebrity… Get Me Out Of Here! is classic reality TV show. What could be better than putting a bunch of famous people in a jungle, surrounding them with creepy crawlies and putting them through gruelling challenges in return for food tokens?

To put you in the picture – if you’re not yet a fan – the first season of the Australian smash-hit TV series was filmed in the Kruger National Park. The series’ Risk Adviser described this experience as being “on another level”.

“We had a cast and crew of 400-plus people with hippos, lions and snakes everywhere – basically everything that can kill you,” he says. “Then we pushed celebrities downhill and had them swinging from hot-air balloons 50 metres above the ground. It was a monstrous undertaking and while I loved the challenge, it really tested my ability to manage risk.”

Clearly few workplaces face the same challenges. But the point of this anecdote is to illustrate that Risk Management shouldn’t be about preventing risk-taking; rather it should be about using it for opportunity and success!

Download our FREE Guide ‘The Key to a Winning Health & Safety Program: Behaviour Change’ to learn how to foster a safety culture and measure it.


According to the CEO of Wynleigh International Certification Services, Tony Cunningham:

“There’s been a shift in Risk Management thinking. In the past, Risk Management was often an exercise in avoidance and focused mainly on completing compliance-driven activities. Now many organisations are reviewing risk in terms of its potential to drive performance and value.”

Tony points out that the approach to risk in workplaces is going through a similar shift. “The safety profession is now looking at both leading and lagging indicators to examine safety and health risks present within an organisation,” he says.

As part of an effective Occupational Safety and Health (OS&H) program, you should track both lagging and leading indicators. Lagging indicators measure what has already happened and allow you to track the changes in incident rates over a specific time period in the past but are a poor gauge of prevention.

Leading indicators, on the other hand, help you to evaluate whether safety and health performance is improving and whether it will continue to improve in the future. They are proactive, preventative and predictive measures and focus on future safety performance and continuous improvement.

This evolution of the safety profession towards risk-based prevention analysis and continuous improvement culminated in the ISO 45001:2018 Occupational Health and Safety Management System standard.


ISO 45001:2018 helps to identify OH&S hazards, risks and opportunities and proactively manage workers’ wellness and safety. In addition, the standard calls on management and leadership to:

  • Integrate responsibility for health and safety issues into the organisation’s overall strategic plan
  • Demonstrate engagement with employees (and where they exist employees’ representatives) to create a safety culture that encourages active participation in the OH&S management system. This encourages workers to take ownership and adopt a risk-based thinking approach to health and safety risks and opportunities.
  • Ensure the OH&S management system is integrated into business processes.


Clause 6 of ISO 45001:2018 addresses the Assessment of Risks and Opportunities, which is a significant departure from OHSAS 18001:2007 as it requires proactive management of risks and opportunities.

Below are 4 important tips for managing risks and opportunities to meet the standard’s requirements:

  1. Plan a thorough induction training process for new staff.
  2. Invest in ongoing training.
  3. Peer reviews. Use Document Control Software to manage workflows and send risk assessment results to the wider business to get a complete view.
  4. Click to read our blog – Do Revised Standards Mean New Documents & Control Procedures?


ISO 45001:2018 stresses that all employees must actively participate in developing and improving the health and safety system. Culture is a major contributor to workplace safety. But culture is intangible, presenting a real challenge for organisations working towards ISO 45001:2018.

So how do you go about fostering a safety culture and measuring it?

Download our FREE Guide ‘The Key to a Winning Health & Safety Program: Behaviour Change’ to find out how.


Here at Risk ZA we have a collective experience of over 30 years in training, consulting and implementing ISO related management solutions, for organisations of all types and sizes in the Southern African region. We can assist you in assessing your Health and Safety risks and we offer a variety of ISO 45001:2018 training courses and consulting services to meet your needs.

For assistance and more information about our training and consulting services, call our friendly team on +27 (0) 31 569 5900 or email


Call us TODAY and SAVE! Use promo code WINTERSPECIAL when booking on any upcoming Online or Public Training Course to claim your exclusive discount. T’s & C’s apply. Offer valid until 30 August 2019.

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

ISO 31000:2018 Risk Management – Accelerate Business Performance

Share on facebook
Share on email
Share on twitter
Share on linkedin

The World Economic Forum describes the current competitive business landscape in a word: disruptive. How well an organisation approaches risk management in a climate of volatility can affect its ability to make robust and informed strategic decisions and achieve its objectives.

Download our FREE GUIDE ISO 31000:2018 How do I get started? where we investigate the 8 Principles that set out the requirements for a risk management initiative.

Traditionally, risk management played a supporting role at board level. However, over the past decade, organisations have adopted the view that risk management must be embedded in the general management of an organisation, and fully integrated across an enterprise with functions such as finance, strategy, internal control, procurement, continuity planning, human resources, and compliance.

Voices of stakeholders have become louder in their demand for transparency and accountability in managing the impact of risk, and evaluating the ability of leadership to embrace opportunities. The use of technology and economic globalisation have made risks increasingly entwined, placing even more emphasis on sound risk management within any organisation.

To keep pace with a rapidly evolving world and future threats, the International Organization for Standardization published a revised version of its Risk Management Standard in February 2018. Essentially, ISO 31000:2018 reflects the evolution of risk management thinking from a separate ‘siloed’ activity to an integrated management function. The overarching strategy of the standard is to embed risk management best practices on a micro-level within organisations so as to manage threats that stand in the way of enterprises achieving their objectives, and create value by finding and exploiting opportunity. This should grab the attention of anyone looking to gain competitive advantage, improve operations, or reduce costs within their organisation.

ISO 31000:2018 - Five Things to Know

1. It is clear and concise

The standard delivers a clear and concise guide to help all organisations manage risks. Risk management concepts are simply explained, giving diverse organisations and people the ability to access the tools that can drive change in order to protect and create value. ISO 31000:2018 is supplemented by ISO Guide 73:2009, a vocabulary index used to support ISO 31000:2018, and ISO 31010:2009 that focuses on risk assessment concepts, processes and the selection of risk assessment techniques.  ISO 31000:2018 has been trimmed down to just 15 pages, and risk management principles reduced from 11 to 8, which streamlines the process for implementation.

2. It is easy to implement

All organisations make decisions that shape their future every day. ISO 31000:2018 provides guidance on how to manage uncertainty to meet objectives, and how to implement risk management to support strategic decision making. This promotes intelligent risk taking at all levels of a business. Risk management best practices promote critical thinking about the role of uncertainty in decision making, and encourage the identification, assessment, and treatment of uncertainty that can impact daily business activities. Small organisations with limited room for exposure to adverse internal and external risks now have the ability to access invaluable tools to create a tolerable risk environment and protect value.

3. It creates and protects value

Creating and protecting value is the central tenant of ISO 31000:2018. If processes are not adding value, they are simply adding costs. The standard helps enterprises improve performance by embedding risk management into all business decision-making processes and making risk-based thinking a daily activity.

4. It reinforces integration

Integration is mentioned throughout the standard. Here are a few examples:

  • Risk management should be part of the organisational purpose, governance, leadership and commitment, strategy, objectives and operations.
  • Properly designed and implemented, the risk management framework ensures that the risk management process is a part of all activities throughout the organisation.
  • The organisation should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated.
  • The risk management process should be an integral part of management and decision-making and should be integrated into the structure, operations and processes of the organisation.

5. It focuses on leadership

Support from top management is essential for successful implementation of the risk management framework and processes. Leadership support for risk management becoming a strategic planning and decision-making tool creates a risk aware culture at all levels of the organisation.


ISO 31000:2018 can help create and protect value for any organisation by providing a flexible framework. If individuals are given the tools to promote critical thinking on how uncertainty can impact meeting objectives then the organisation should see an increase in value from an integrated risk management framework.

Ready to get started?

Risk ZA is a leading provider of enterprise risk management training programmes, which aim to improve your business performance. Contact us on +27 (0) 31 569 5900, email or visit

PLUS! Download our FREE GUIDE ISO 31000:2018 How do I get started? where we investigate the 8 Principles that set out the requirements for a risk management initiative.

For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.

You can share this blog on your preferred social media platform:

Share on facebook
Share on twitter
Share on linkedin
Share on email

ISO 14001:2015 – Internal Audits Drive Real Improvements

Confronted with dramatic environmental challenges, plus a slew of regulatory requirements, many organisations have implemented environmental management systems (EMSs). An ISO 14001:2015 based EMS is the most popular, used to meet compliance obligations, monitor environmental policies and procedures, manage resources and control environmental harms.

ISO 14001:2015 is a systems-based management tool centering around the Plan-Do-Check-Act method, which drives continual improvement. The standard outlines in Clause 9.2 that internal audits at set intervals are necessary to support the theme of continual improvement underpinning the management system.

The purpose of internal audits is to ensure that the organisation’s environmental policies, objectives, compliance obligations and performance requirements are met and recorded, and that any corrective action is taken where necessary.


Our FREE Downloadable Guide How To Conduct An Environmental Management Systems Audit explores more about the ISO 14001 Environmental Audit process. You can get hold of it by clicking the button below.

What to expect from an ISO 14001:2015 audit

A key point to emphasise is that the intended outcomes of ISO 14001:2015 have not changed. The EMS must:

  • Protect the environment.
  • Meet compliance obligations.
  • Enhance environmental performance.

ISO 14001:2015 does, however, have a number of new requirements that will change the focus of an audit, which include:

  • Context of the organisation
  • Leadership
  • Planning
  • Support
  • Documentation
  • Operations
  • Performance evaluation
  • Improvement

ISO 14001:2015 - Clause 9: Performance evaluation

Performance evaluation is about measuring and evaluating an EMS to establish whether it meets the organisation’s planned outcomes. Evaluation provides valuable information for continual improvement by:

  • Evaluating the EMS’s effectiveness.
  • Establishing whether requirements of the standard are being met.
  • Verifying whether compliance obligations have been met.
  • Reviewing the EMs’s suitability, adequacy, effectiveness and efficiency.
  • Demonstrating that planning has been properly implemented.
  • Assessing the performance of processes against outcomes.
  • Determining the need or opportunities for improvement.

Monitoring, measurement, analysis and evaluation

Monitoring in the sense of ISO 14001 means checking, reviewing, inspecting and observing  planned activities to ensure that they are occurring as intended. So, for example, if an operational control states that water quality will be inspected twice weekly, then this is a monitoring process. Monitoring and measurement :

  • Evaluates environmental performance;
  • Analyses root causes of problems;
  • Assesses compliance with compliance obligations;
  • Identifies areas for corrective action;
  • Improves performance and efficiency.

The Internal audit programme

Unlike an audit schedule or audit plan, an audit programme includes the full life-cycle of auditing. From the very decision to use audit as a tool through planning and initiating the audit, performing, reporting and follow-up, to improvement of the entire programme and its constituent parts.

All parts of the EMS should be audited at minimum yearly, this is typically dealt with in an annual audit schedule. The entire EMS can be audited at once or in parts for more frequent audits. To establish the frequency of EMS audits, consider:

  • The nature of your operations;
  • Risks and opportunities;
  • Statutory and regulatory requirements and compliance obligations;
  • Significant environmental aspects / impacts;
  • Results of your monitoring programme;
  • Results of previous audits.

There are two principle considerations when auditing:

Compliance/conformance audits – ensure that management arrangements, like procedures, are being followed in order to comply with the requirements of ISO 14001.

Performance Audits –  ensure that the outputs of the management arrangements are achieving their intended outcomes. For example, the results of engineering controls applied to mitigate air pollution are achieving the legal limits.

ISO 14001 demands an approach that combines both a compliance/conformance and a performance approach to auditing.

Who should perform an environmental audit?

ISO 19011:2018 – Guidelines for auditing management systems – contains information on how to choose an Environmental Auditor. Environmental Auditors should have personal attributes, such as ethics, open-mindedness, perceptiveness and tact. They should understand audit principles, procedures and techniques, and have gained experience by conducting audits. They should know the subject matter they are auditing against and how this applies to different organisations.

Audit Team Leaders should be able to plan and resource effectively, have good communication and leadership skills. Environmental Auditors should complete training and have attained an appropriate level of education. When seeking an External Auditor consider the skills outlined here.

Auditor qualifications

All auditors need to receive initial and ongoing training. EMS auditors should be trained in auditing techniques and management system concepts, environmental regulations, and facility operations. For performance audits, an auditor needs to have a good understanding of the standard and the EMS, and a broad understanding of environmental issues. Auditors should be reasonably independent of the area or activity that is being audited and can definitely not audit their own work.

An effective audit programme should:

  • Develop audit procedures and protocols.
  • Establish an appropriate audit frequency.
  • Train auditors.  
  • Maintain audit records.
  • Link audit results to the corrective action system.

NEW! ISO 19011:2018: Guidelines for auditing management systems

Auditors are the ears and eyes of top management because they can provide an independent appraisal of an organisation’s operations and activities. In addition, a skillful auditor will add value to a management system by finding opportunities for improvement. It’s important to note that ISO 19011:2018 has significantly raises the bar on what constitutes essential competencies that management-systems auditors need to possess or acquire.

Revisions to ISO 9001:2015 (QMS), ISO 14001:2015 (EMS), and ISO 45001:2018 (OH&S) are all based on Annex SL of ISO Directive 1, the ISO High Level Structure. Consequently, ISO 19011 includes an annex to deal with how to audit organisational context, leadership and commitment, compliance and the supply chain, amongst others. The new standard will help with the effective audit of these management systems and facilitate a uniform approach to the auditing process where multiple systems are in place.


Our FREE Downloadable Guide How To Conduct An Environmental Management Systems Audit explores more about the ISO 14001 Environmental Audit process. You can get hold of it by clicking the button below.

For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.

You can share this blog on your preferred social media platform:

Share on facebook
Share on twitter
Share on linkedin
Share on email

ISO 45001:2018 – How to become an OHS Auditor

Share on facebook
Share on twitter
Share on linkedin
Share on email

ISO 45001:2018 has been heralded as a ‘game changer’ in the world of voluntary safety management standards. Earlier this year, ISO 45001 was approved by voters of countries from around the world, and has been praised by the American Society of Safety Professionals as a ‘watershed moment’. It is one of the most significant developments in workplace safety over the past 50 years, presenting an opportunity to move the needle on reducing occupational health and safety risks.

The addition of ISO 45001 to the suite of ISO management system standards reinforces that Occupational Health & Safety is a key area of business performance for organisations, and that OH&S is about a lot more than legal compliance. When it is well integrated into the management of an organisation, good OH&S management is an enabler and an asset for a business rather than a cost.

To assist you in understanding the requirements for an ISO 45001:2018 OHS Management System Auditor, we have created a free guide with points from ISO 19011:2018: 10 STEPS TO AUDITING AN ISO 45001:2018 OHS MANAGEMENT SYSTEM.

Key considerations in the new standard

  • Setting the organisational context. Organisations will have to look beyond their own health and safety issues and consider what society expects from them, in regard to health and safety issues.
  • Increased top management accountability in a number of areas.  
  • Worker engagement. Siloed management systems have hampered effective OH&S management, and in respect of ISO 45001 workers need the opportunity to contribute and participate in all aspects of the Health & Safety Management System.  
  • Communication and risk management. ISO 45001 requires that risks and opportunities be established with all workers as part of the planning and implementation process of an OHSMS and that consultation be ongoing.

Auditing of Occupational Health & Safety management systems forms an important part of the process to demonstrate continual improvement. Continual improvement is a core component of every ISO management system. ISO 45001 further refines this, and ‘preventive action’ now becomes a distinct concept of the system as a whole. This means organisations will need to adopt a systemic approach for measuring and monitoring OH&S performance and compliance on a regular basis, as an integral part of the management system function.

Auditors needed for ISO 45001 OHS Management systems

As more organisations move towards seeking validation of their management system against ISO 45001, the demand for auditors will continue to rise. Whether you are new to safety management systems or transitioning from OHSAS 18001, the journey towards becoming a competent ISO 45001 auditor begins by becoming familiar with:

  • The high level structure for management systems based on Annex SL and how this affects auditing.
  • The new requirements for understanding the organisation and its context and how they may be audited.
  • The new and enhanced requirements for leadership and worker participation and how this affects auditing.
  • Risk-based thinking in an OHSMS and how this extends to requirements for risks and opportunities and how these may be audited.
  • The changes from a procedural approach to a process approach and how they may be audited.
  • How to adapt your auditing technique to accommodate the new and amended requirements in ISO 45001:2018.
  • Migration time frames for ISO 45001 and their impact on existing OHSAS 18001 certified organisations.

How can Risk ZA assist you?

To encourage the internal and supplier auditing functions, Risk ZA has developed a practical 2 Day ISO 45001:2018 Auditing course. The course provides the theoretical and practical knowledge of OHS auditing required to determine the conformance of the management system arrangements and its performance; based on outcomes. Delegates complete practical exercises and other assessments which relate to the requirements of ISO 45001:2018, hazards and other significant factors which influence the organisations OHS performance.

Persons attending this course will be able to facilitate internal Occupational Health & Safety management system audits based on the ISO 45001:2018 Standard and the ISO 19011 Standard for management system auditing. Plan and facilitate audits, set and recommend corrective actions, follow up and close out audit findings.

This course is recommended for Occupational Health and Safety Practitioners, Line Managers, Supervisors, and Management.

Download our free guide

Uncover the tools necessary for an ISO 45001:2018 Auditor by downloading our FREE downloadable guide: 10 STEPS TO AUDITING AN ISO 45001:2018 OHS MANAGEMENT SYSTEM

For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.

You can share this blog on your preferred social media platform:

Share on facebook
Share on twitter
Share on linkedin
Share on email