What Is an ISO Audit? Scope, Evidence & Findings
What Is an ISO Audit? Types, Stages, and How to Prepare An ISO audit is…
ISO 45001 certification is a third-party confirmation that an organization’s occupational health and safety management system conforms to ISO 45001:2018. It applies to the organization’s OH&S management system, not to an individual, and organizations use it to show that workplace health and safety risks are being managed through a structured system rather than informal practice. ISO describes ISO 45001 as the international standard for OH&S management systems and says it helps organizations prevent work-related injury and ill health, manage risk, and improve OH&S performance.
ISO publishes the standard, but ISO does not certify organizations or issue certificates. Certification is carried out by independent certification bodies, and accredited certificate status can be checked through IAF CertSearch, which ISO points users to for certification verification. Certification is voluntary, but ISO notes that certification can add credibility and, in some sectors, may also be a contractual or legal requirement.
Here at AGS, we support organizations through a structured ISO 45001 certification pathway, including readiness assessment, audit preparation, and third-party certification support.
ISO 45001 is the standard. ISO 45001 certification is the independent confirmation that an organization’s OH&S management system meets that standard. The certifiable object is the management system the organization uses to identify hazards, assess OH&S risks, control work, involve workers, monitor performance, and improve over time.
ISO says the standard applies to organizations of all sizes and sectors, regardless of geography or risk level. That makes ISO 45001 certification relevant to manufacturers, construction firms, logistics providers, healthcare organizations, utilities, service companies, and multi-site businesses that need stronger control of workplace injury, ill health, and operational safety exposure.
This certification applies only to organizational certification. Individuals are not certified under ISO 45001, although they may undertake related training such as awareness courses, internal auditor training, or lead auditor qualifications, which serve a different purpose from organizational certification.
AGS provides end-to-end ISO 45001 certification support, helping organizations move from initial gap analysis to successful certification through a structured, audit-focused process.
Our support includes:
We evaluate your current health and safety system against ISO 45001 requirements and identify missing controls.
We help you build or improve your OH&S management system, including risk assessment, operational controls, and documentation alignment.
We prepare your organization for Stage 1 and Stage 2 audits through internal audit simulation and readiness checks.
We guide you through the certification process with external certification bodies and help address any nonconformities if raised.
Our focus is simple: make your system audit-ready, practical, and certifiable. Contact us today!
Satisfied Clients
Years of Experience
ISO certifications
Organizations pursue ISO 45001 certification to reduce workplace incidents, strengthen worker protection, and show that OH&S risks are being managed through an audited system. ISO ties the standard to the prevention of work-related injury and ill health, improvement of OH&S performance, and continual improvement. ISO also says certification can add credibility, while the UK HSE notes that implementing ISO 45001 may help an organization demonstrate compliance with health and safety law, though in some respects the standard goes beyond legal requirements.
The commercial value is practical. Stronger OH&S management can affect tender eligibility, client confidence, contractor oversight, workforce morale, and operational resilience. That is why ISO 45001 certification matters beyond the safety department.
ISO 45001 requires a functioning OH&S management system, not a paper-only policy set. At a high level, the organization needs leadership commitment, worker participation and consultation, hazard identification, OH&S risk and opportunity management, legal and other requirement control, operational controls, emergency preparedness, competence, monitoring, and continual improvement. ISO’s explainer and standard overview both frame the system this way.
In practical terms, most organizations need these elements in place:
The point is not to memorize clause numbers. The point is to show that the organization can systematically control OH&S risks and improve performance over time.
Leadership and worker participation are core certification signals, not decorative extras. ISO 45001 places explicit weight on top management commitment, consultation and participation of workers, and active hazard and risk control. The UK HSE also emphasizes that implementation should reflect a real management system rather than a box-ticking exercise.
Weak ISO 45001 readiness typically shows up in the same areas: leadership treats OH&S as a delegated administrative task, worker reporting is passive or ignored, hazards are recorded but not effectively controlled, and documentation exists without influencing day-to-day operations. A credible system demonstrates clear ownership, active worker participation, and evidence that risk controls are consistently applied in practice. Certification bodies assess this through the ISO 45001 requirements and the emphasis placed by HSE guidance on management system effectiveness and worker involvement.
Certification follows implementation and an independent audit of the organization’s OH&S management system. It is a staged process that moves from readiness and system operation to external audit and ongoing surveillance. IAF’s audit-time rules explicitly frame certification around Stage 1, Stage 2, surveillance, and recertification activities.
Good support reduces delay, rework, and confusion, but it does not replace system maturity. The fastest path is usually the one with a clear scope, strong evidence, real leadership ownership, and fewer surprises between audit stages. That is an inference from how certification stages are structured and how audit time is determined based on client specifics.
ISO 45001 certification requires more than documented procedures. It depends on occupational health and safety systems that are actively implemented, monitored, and improved. AGS helps organizations build audit-ready OH&S systems that can meet certification requirements with confidence.
Start with our readiness review to see where you stand and what to do
next.
Stage 1 and Stage 2 are not the same thing. At a decision-maker level, Stage 1 is the readiness and system-review phase. Stage 2 is the main certification audit, where the certification body evaluates implementation and effectiveness. If issues are found, the organization addresses them through corrective action before or as part of the certification decision process.
After initial certification, the system does not just sit there. Surveillance audits are used to maintain confidence that the OH&S management system continues to conform and operate effectively, and recertification is part of the continuing certification cycle. IAF MD 5 explicitly treats surveillance and recertification as planned parts of the certification framework.
This is why certificate validity depends on continued conformity, not on the one-time success of an initial audit. The organization has to keep the system alive through monitoring, corrective action, management review, and ongoing control of OH&S risks. That point follows from the surveillance and recertification model in the accredited certification framework.
These terms are not interchangeable. If a buyer confuses them, they usually misunderstand what is actually being purchased.
ISO says certification is performed by external certification bodies and that ISO itself does not certify organizations. ANAB explains accreditation for ISO 45001 certification bodies in the context of ISO/IEC 17021-1 and ISO/IEC TS 17021-10, which deal with management-system certification bodies and competence requirements for OH&S management-system certification.
That distinction matters commercially. If your organization needs independent confirmation of its OH&S management system, you are buying a certification route. If your staff needs skills, you are buying training. They are related, but they are not the same service.
Accredited certification matters because acceptance and verification matter. ISO points users to IAF CertSearch for certification verification, and IAF states that users can validate whether a certification is valid, whether the certification body is accredited, and whether the accreditation body is an IAF MLA signatory.
Before choosing a certification body or support provider, check these points:
ISO says ISO 45001 aligns with other management-system standards and explains its relationship with ISO 9001 and ISO 14001. That can make integrated management-system planning more efficient for organizations already running quality or environmental management systems.
If your organization is evaluating ISO 45001 certification now, the right next step is a readiness review, not a blind quote request. The practical starting point is to define the scope, clarify the risk profile, check current system maturity, and identify what evidence and preparation work still need to be done before an external audit. That approach matches how accredited certification audit time and effort are determined.
At AGS, we position that next step around certification readiness, audit planning, and a structured route through independent third-party conformity assessment.
AGS helps organizations define:
This helps avoid delays, audit findings, and rework caused by incomplete readiness.
Request an ISO 45001 readiness review.
Usually no. Certification is voluntary, though organizations may pursue it for client, contractual, or regulatory confidence reasons. ISO says certification can add credibility and may be required contractually or legally in some industries.
Yes. ISO says ISO 45001 replaces the previous British standard OHSAS 18001 and is now the globally recognized reference for OH&S management systems.
Yes. ISO explains that ISO 45001 relates closely to ISO 9001 and ISO 14001, and it was developed to align more easily with other management-system standards.
This page is about organizational certification. Individuals can pursue training or auditor qualifications, but that is separate from certifying an organization’s OH&S management system.
The certification cycle is maintained through surveillance and recertification rather than a one-time audit only. IAF MD 5 explicitly includes Stage 1, Stage 2, surveillance, and recertification in the certification framework, and your exact cycle should be confirmed with the certification body handling your certificate.
