Accredited ISO 45001:2018 Occupational Health & Safety Management System (OHSMS) Certification

ISO 45001 certification is third-party confirmation that an organization’s occupational health and safety management system conforms to ISO 45001:2018 requirements. A certification body issues the certificate after audits conducted under ISO/IEC 17021-1 requirements for competence, impartiality, and consistency. ISO publishes the standard but does not certify organizations certification bodies perform audits and issue certificates, and ISO does not permit use of the ISO logo in connection with certification.

Accredited certification validates the certification body through an accreditation body within the IAF MLA recognition framework, with scheme consistency governed by IAF MD 22 for OH&SMS certification. Certificate status verification uses IAF CertSearch, the global database for validating accredited management system certifications. AGS provides accredited ISO 45001:2018 OHSMS certification services through scheduled audit delivery in Iraq and UAE. Organizations seeking occupational health and safety management system certification access Stage 1 audits, Stage 2 audits, surveillance audits, and recertification audits delivered by competent audit teams operating under documented impartiality controls.

What Is ISO 45001 Certification?

ISO 45001 certification is third-party conformity assessment verifying that an organization’s occupational health and safety management system conforms to ISO 45001:2018 requirements. The certification decision follows successful completion of a two-stage initial audit and results in certificate issuance by an accredited certification body.

ISO 45001 as the OHSMS Requirements Standard:

ISO 45001:2018 specifies requirements for an occupational health and safety management system (OH&S MS). The standard provides a framework for organizations to:

Prevent work-related injury and ill health
Provide safe and healthy workplaces
Proactively improve OH&S performance
Fulfill legal requirements and other obligations
Achieve OH&S policy objectives

ISO 45001 requirements define what an OHSMS must achieve. Requirements use “shall” statements that auditors evaluate during certification audits. The standard addresses organizational context, leadership, planning, support, operation, performance evaluation, and improvement across Clauses 4 through 10 using the Annex SL high-level structure.

Get Free Consultation

Certification Body Role vs ISO Role

ISO develops and publishes ISO 45001 but explicitly states it does not certify organizations or issue certificates. ISO also restricts the use of the ISO logo in connection with certification activities. Certification bodies (CBs) perform audits and issue certificates. Certification bodies operate under ISO/IEC 17021-1 requirements, which define competence, impartiality, and consistency obligations for bodies providing audit and certification of management systems. This distinction clarifies procurement and compliance contexts: an “ISO 45001 certified” organization holds a certificate issued by a certification body not by ISO itself.

Accreditation vs Certification: AB Accredits CB; CB Certifies Organizations:

Accreditation evaluates the certification body’s competence and impartiality against ISO/IEC 17021-1 requirements. An accreditation body (AB) performs this evaluation and grants accreditation to certification bodies meeting the requirements. Certification evaluates the client organization’s occupational health and safety management system against ISO 45001:2018 requirements. The certification body performs this evaluation and issues the certificate upon positive audit findings and certification decision. The trust chain operates as:

ISO publishes ISO 45001 standard requirements
Accreditation body accredits certification bodies under ISO/IEC 17021-1
Certification body audits organizations and issues certificates
IAF MLA provides mutual recognition among accreditation bodies globally
IAF MD 22 ensures OH&SMS scheme consistency across accredited certification

IAF CertSearch validates certificate status and accreditation chain

Hazards and OH&S Risks as the Managed Objects of the System

The OHSMS exists to identify hazards, assess OH&S risks, and implement controls that prevent work-related injury and ill health. Understanding these core concepts clarifies what ISO 45001 certification audits evaluate.

Hazard Identification and Risk Assessment:

Hazard identification is the systematic process of recognizing sources or situations with potential for harm. Organizations identify hazards across:

Routine and non-routine activities
Activities of all persons with access to the workplace
Human factors (behavior, capabilities, limitations)
External factors (environmental conditions, third parties)
Design of work areas, processes, installations, equipment
Past incidents and emergency situations

OH&S risk assessment evaluates the likelihood and severity of harm from identified hazards. Risk assessment considers:

Effectiveness of existing controls
Potential for escalation or multiple exposures
Vulnerable workers and specific risk factors
Legal requirements and other obligations

Risk assessment outputs prioritize hazards requiring additional controls.

Hierarchy of Controls:

ISO 45001 requires organizations to apply the hierarchy of controls when determining risk treatment:

Elimination — Remove the hazard entirely
Substitution — Replace hazardous materials, processes, or equipment with less hazardous alternatives
Engineering controls — Isolate people from hazards through physical barriers, ventilation, guarding
Administrative controls — Change work procedures, training, signage, job rotation
Personal protective equipment (PPE) — Provide protection when other controls are insufficient

Auditors evaluate whether organizations apply the hierarchy systematically rather than defaulting to lower-level controls.

Worker Consultation and Participation:

ISO 45001 requires consultation and participation of workers in OHSMS planning and operation. This includes:

Determining needs and expectations of workers
Establishing OH&S policy
Identifying hazards and assessing risks
Determining controls and actions
Investigating incidents and nonconformities
Establishing OH&S objectives

Worker participation represents a fundamental shift from OHSAS 18001, emphasizing worker involvement as essential to effective OH&S management.

Legal and Other Requirements:

Legal and other requirements (compliance obligations) include:

OH&S laws, regulations, and codes
Collective agreements
Organizational policies and commitments
Industry standards and guidelines
Contractual requirements

Organizations determine applicable requirements, establish processes to access current information, and maintain evidence of compliance evaluation.

Emergency Preparedness and Response:

Organizations establish processes for emergency preparedness and response including:

Identifying potential emergency situations
Planning response procedures
Providing training and testing response capability
Evaluating and revising procedures after incidents or tests
Communicating emergency procedures to workers and contractors

Emergency response capability is sampled during certification audits.

Start Your ISO 45001 Certification Journey Today

300+

Satisfied Clients

10+

Years of Experience

1700+

ISO certifications

How ISO 45001 Certification Works?

ISO 45001 certification follows a structured ISO certification process from OHSMS implementation through ongoing certification maintenance. The pathway includes implementation activities, two-stage initial audits, and a three-year certification cycle.

Define OHSMS Scope, Sites, and Activities:

The certification scope statement defines boundaries: activities, products, services, and locations covered by the OHSMS. Scope definition considers:

Organizational context and boundaries
OH&S risks and activities to be managed
Sites, facilities, and geographic coverage
Workers, contractors, and other persons under organizational control

Accurate scope definition affects audit time, audit team composition, and certification cost.

Identify Hazards and Assess OH&S Risks:

Organizations apply documented methodology to:

Identify hazards across all activities and situations
Assess OH&S risks considering existing controls
Determine significance based on likelihood and severity
Prioritize risks requiring additional treatment
Document and maintain hazard and risk registers

Hazard identification and risk assessment evidence is core audit material.

Apply Hierarchy of Controls and Implement Operational Controls:

Organizations implement controls following the hierarchy of controls. Operational controls address:

Contractor management and procurement
Activities associated with identified hazards
Outsourced processes affecting OHSMS
Work procedures and safe work instructions
Equipment, materials, and substance controls

Controls must be implemented, maintained, and evaluated for effectiveness.

Establish Compliance Obligations and Evaluate Compliance:

Organizations:

Determine applicable legal requirements and other obligations
Establish access to current requirement information
Evaluate compliance at planned intervals
Maintain compliance status knowledge
Address any compliance deviations through corrective action

Compliance evaluation records demonstrate ongoing legal conformity.

Train and Verify Competence, Awareness, and Participation:

Organizations ensure workers and other persons under organizational control have:

Competence — Knowledge, skills, and ability to perform OH&S-relevant activities
Awareness — Understanding of OH&S policy, objectives, hazards, risks, and their contribution to OHSMS effectiveness
Participation mechanisms — Opportunity to participate in OHSMS development, planning, implementation, and improvement

Competence evidence includes training records, qualifications, and demonstrated capability.

Conduct Internal Audit and Perform Management Review:

Internal audit is mandatory under ISO 45001. Organizations conduct first-party audits covering all OHSMS processes at planned intervals to evaluate conformity to ISO 45001 requirements and the organization’s own OHSMS requirements. Management review evaluates OHSMS suitability, adequacy, and effectiveness. Top management reviews:

Status of actions from previous reviews
Changes in internal/external issues and compliance obligations
Extent to which OH&S policy and objectives are met
OH&S performance trends (incidents, nonconformities, monitoring data)
Audit results and compliance evaluation outcomes
Worker consultation and participation inputs
Risks and opportunities requiring action
Resource adequacy and improvement opportunities

Internal audit and management review records demonstrate the organization operates its own compliance mechanisms.

Complete Stage 1 Audit and Confirm Readiness:

Stage 1 audit evaluates readiness for Stage 2. The audit team reviews OHSMS documentation, confirms certification scope, assesses site conditions, and determines preparedness for the implementation audit. Stage 1 inputs include:

OH&S policy and objectives
Hazard identification and risk assessment documentation
Legal and other requirements register
Operational control procedures
Emergency preparedness procedures
Internal audit and management review records

Findings from Stage 1 require resolution before Stage 2 proceeds. Stage 1 and Stage 2 audits follow structured methodologies guided by ISO 19011 audit principles.

Complete Stage 2 Audit and Close Nonconformities:

Stage 2 audit evaluates OHSMS implementation and effectiveness. The audit team collects evidence through interviews, observation, and records review across all processes within certification scope. Audit findings classify conformity status:

Conformity: Evidence demonstrates requirements are met
Minor nonconformity: Single observed lapse not impacting system effectiveness
Major nonconformity: Requirement not met or significant doubt about achieving intended outcomes

Organizations submit corrective action evidence demonstrating root cause analysis and implemented corrections. Nonconformity closure requires verified effectiveness before certification decision.

Maintain Certification via Surveillance and Renew via Recertification:

A positive certification decision results in certificate issuance. Certification maintenance requires:

Surveillance audits in years 1 and 2 of each cycle (first surveillance within 12 months of certification decision)
Recertification audit before certificate expiry
Ongoing OHSMS operation, internal audits, and management reviews
Corrective action for any identified nonconformities

Other ISO Certifications We Provide in Iraq

As an accredited body, we issue certificates for the most sought-after management system standards:

ISO 14001 Certification Environmental Management System (EMS)

ISO 22000 Certification Food Safety Management System (FSMS)

ISO 27001 Certification Information Security Management System

ISO 50001 Certification Energy Management Systems (EnMS)

ISO 29001 Certification Quality Management System (QMS)

ISO 18788 Certification Security Operations Management System

ISO 37001 Certification Anti-Bribery Management System (ABMS)

ISO 22301 Certification Business Continuity

ISO 13485 Certification Medical Devices QMS

ISO 10002 Certification Customer Satisfaction

ISO 21500 Certification Project Management

ISO 17025 Certification Testing & Calibration Labs

ISO 15189 Certification Medical Laboratories

HACCP Certification Proactive Food Safety System

Halal Certification Food, Cosmetics, Pharma

GlobalG.A.P Certification Good Agricultural Practices

UL & CE Certification Crucial Safety Marks

ANSI/ASIS PSC.1-2022 Private Security Company Operations

ISM Certification Supply Chain and Procurement

Stage 1 → Stage 2 → Surveillance → Recertification

The certification audit lifecycle follows a structured audit programme and certification cycle spanning three years.

Initial certification audit: Two-stage audit (Stage 1 + Stage 2) evaluating OHSMS documentation, implementation, and effectiveness. Certification decision follows successful completion.
Surveillance audits: Conducted at least annually in years 1 and 2 to verify continued conformity. Coverage includes sampled processes, internal audit and management review evidence, incident investigation, corrective action status, compliance evaluation, and changes to the OHSMS.
Recertification audit: Conducted in year 3 before certificate expiry. Evaluates full OHSMS conformity similar to initial Stage 2 scope. Successful recertification begins the next three-year cycle.
Certification outcomes: Surveillance and recertification may result in maintained certification, suspension (temporary invalidity), withdrawal (certificate cancelled), or scope reduction (certification boundary narrowed).

What Determines Audit Time and Certification Timeline for ISO 45001?

ISO 45001 certification cost follows audit time and scope variables. Certification bodies determine audit duration based on defined factors and apply daily rates to calculate fees.

Audit Time Determination Uses IAF MD5 Methodology:

IAF MD5 provides mandatory provisions and guidance for audit time determination in OH&SMS certifications. Certification bodies use this framework to calculate baseline audit duration and document justifications for any adjustments. The methodology applies to initial certification audits, surveillance audits, and recertification audits. Certification scope and audit time determination follows structured methodology rather than arbitrary pricing.

OH&SMS Scheme Consistency Uses IAF MD 22:

IAF MD 22 is the mandatory document for OH&SMS certification scheme consistency. IAF MD 22 applies to ISO 45001 certification conducted under accreditation and ensures consistent application of ISO/IEC 17021-1 requirements specific to occupational health and safety management systems. Accreditation bodies use IAF MD 22 when evaluating certification bodies’ OH&SMS certification programs.

Audit Time Variables:

Effective personnel: Total workers within certification scope, including employees, contractors, and other persons under organizational control. Higher personnel numbers increase audit time requirements.
Number of sites: Each site requires audit coverage. Multi-site certifications use sampling methodology where appropriate based on site similarity and risk profiles.
OH&S risk level: Industry sector, hazard types, and complexity of risk controls affect audit duration. High-hazard industries require extended audit time.
Complexity factors: Process technical complexity, regulatory intensity, shift patterns, and contractor management scope affect audit duration.

ISO certification cost and timeline variables depend on organization-specific factors. Request quotation after defining certification scope for accurate audit time calculation.

Our Happy Client's

How to Validate an Accredited ISO 45001 Certificate?

Certificate verification confirms that ISO 45001 certification is valid, issued by an accredited certification body, and within the stated scope. IAF CertSearch provides global validation for accredited management system certifications:

Access IAF CertSearch database
Search using organization name or certificate number
Verify certificate status (valid, suspended, withdrawn)
Confirm certification body and accreditation body
Check accreditation body’s IAF MLA signatory status

This verification supports procurement qualification, tender submissions, contractor prequalification, and stakeholder due diligence.

ISO Name and Logo Restriction:

ISO restricts use of its name and logo. ISO explicitly states it does not permit use of the ISO logo in connection with certification. Valid ISO 45001 certificates display:

Certification body identity and logo
Accreditation body mark (where applicable)
Organization name and certified scope
Applicable standard (ISO 45001:2018)
Certificate number and validity dates

Certificates should not display the ISO logo. Phrases such as “certified by ISO” or “ISO approved” are incorrect and disallowed.

ISO 45001 with ISO 9001 and ISO 14001 in an Integrated Management System

Organizations combine ISO 45001 with ISO 9001 certification and ISO 14001 certification to create an Integrated Management System (IMS). All three standards use the Annex SL high-level structure, enabling integration within a single management system framework.

Integration benefits include:

Single management system documentation
Combined internal audit programmes
Unified management review
Reduced audit time through integration factors
Consistent process approach across quality, environmental, and safety management

OHSAS 18001 → ISO 45001 Migration Context:

OHSAS 18001:2007 was the predecessor standard for occupational health and safety management systems. ISO 45001:2018 replaced OHSAS 18001, with the formal transition period concluded. Organizations previously certified to OHSAS 18001 have migrated to ISO 45001. Key differences between the standards include:

ISO 45001 emphasizes worker consultation and participation
ISO 45001 requires consideration of organizational context
ISO 45001 applies Annex SL high-level structure
ISO 45001 strengthens leadership and top management accountability
ISO 45001 explicitly addresses contractor and outsourced process controls

New certifications are issued to ISO 45001:2018. OHSAS 18001 certificates are no longer valid.

What AGS Provides for ISO 45001 Certification?

AGS delivers ISO 45001:2018 OHSMS certification through a structured audit delivery model. As an independent, third-party certification body, AGS provides:

Stage 1 and Stage 2 audits: Certification audits conducted by competent audit teams evaluating OHSMS documentation, implementation, and effectiveness against ISO 45001:2018 requirements.
Surveillance audits: Annual audits verifying continued conformity throughout the three-year certification cycle.
Recertification audits: Comprehensive audits before certificate expiry enabling certification renewal for subsequent cycles.
Certificate issuance and validation path: Certificates issued following positive certification decisions, with validation through established certificate verification mechanisms.

AGS operates under documented impartiality policy controls and auditor competence model requirements. Organizations seeking ISO certification services in Iraq or ISO certification services in UAE access consistent audit delivery under these governance controls.

ISO 45001 Certification FAQ

What Is ISO 45001 Certification?

ISO 45001 certification is third-party confirmation that an organization's occupational health and safety management system conforms to ISO 45001:2018 requirements. A certification body issues the certificate after audits, and accredited certification status is validated through IAF CertSearch.

Does ISO Certify Organizations to ISO 45001?

No. ISO publishes ISO 45001 but does not certify organizations or issue certificates. Certification bodies perform audits and issue certificates. ISO does not permit use of the ISO logo in connection with certification.

What Are the Stages of ISO 45001 Certification?

ISO 45001 certification uses an initial audit that includes Stage 1 and Stage 2, followed by surveillance audits during the certification cycle and a recertification audit before certificate expiry. The process evaluates evidence against ISO 45001 requirements and closes nonconformities through corrective action.

What Determines ISO 45001 Audit Time?

Audit time for ISO 45001 certification follows IAF MD5. MD5 provides the audit-time framework for OH&SMS audits and records the justification for time allocated to cover the full scope, including Stage 1 and Stage 2. Variables include effective personnel, sites, complexity, and OH&S risk levels.

How Do I Verify an ISO 45001 Certificate?

IAF CertSearch is the global database that validates accredited management system certifications. A search confirms certificate validity, certification body identity, and accreditation body's IAF MLA participation.

What Is the Hierarchy of Controls?

The hierarchy of controls prioritizes risk treatment methods: elimination, substitution, engineering controls, administrative controls, and personal protective equipment (PPE). ISO 45001 requires organizations to apply the hierarchy systematically when determining controls for OH&S risks.

What Is Worker Consultation and Participation?

ISO 45001 requires organizations to consult workers and enable their participation in OHSMS planning, implementation, and improvement. This includes involving workers in hazard identification, risk assessment, control determination, incident investigation, and OH&S objective setting.

What Records Do Auditors Review for ISO 45001?

Auditors review OH&S policy, objectives, hazard identification and risk assessment documentation, legal requirements register, operational control procedures, emergency response plans, training and competence records, incident investigation records, internal audit records, management review minutes, and corrective action records.