INSERT COMPANY NAME/LOGO HERE

ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

This gap analysis checklist is prepared for use in evaluating an Occupational Health and Safety Management System (OHSMS) against the
requirements of the new international standard ISO 45001:2018. Each requirement is expressed as a question that the user (auditor / assessor)
can use to evaluate your OH&S capabilities. You will need to have a copy of the new standard to use along with this checklist so that you can
refer to the requirements and the guidance sections of Annex A. The intent of the main clauses of the new standard is shown in blue font.
After you have prepared an audit schedule, and assigned responsibility to your auditors for different areas or processes to audit, copy each
section of the checklist for the auditors working with that section. As you work through the checklist take notes on what is in place, and what
needs to be developed.
In the space for ‘currently in place’, list or reference the procedures or other documents, or evidence that you have reviewed and that will provide
information for the new OHSMS. Take notes on the status of the documents, that is, will they need to be revised for the new system, or can they
be used as is? Also, note where processes are in place, but documentation is needed. Focus on what is in place, and what needs to be
developed.
While you do want to know if documented information is in place and if procedures and processes are being complied with, compliance is not
your focus for this audit. Remember that the outcome of this audit should be a list of things that your company needs to do to comply with the
ISO 45001:2018 standard.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

--- OCCUPATIONAL HEALTH & SAFETY Currently Compliant If No - % Items

MANAGEMENT SYSTEMS REQUIREMENTS YES / NO? Completed
in Place Needed

4 CONTEXT OF THE ORGANIZATION

Intent of This first clause introduces two sub-clauses relating to the context of the organization, 1st of all is understanding the organization
clause and its context and 2nd is understanding the needs and expectations of workers and other interested parties. Together they require
that you determine the issues and requirements that can impact on the planning of the OH&S Management System. In addition, the
scope of the OH&S and the OH&S processes along with their applicability and interactions need to be determined.

4.1 Understanding the organization and its context

As an organization, does your company determine

external and internal issues that are relevant to your
purpose?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 1 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Do you consider the relevant issues that affect your

ability to achieve the intended outcomes of the OH&S
Management System (OHSMS)?

4.2 Understanding the needs and expectations of workers and other interested parties

Has your company determined:

 The other interested parties that are in addition to

your workers, and that are relevant to the OHSMS?

 The relevant requirements (needs and expectations)

of workers and the other interested parties?

 Which of the needs and expectations become

applicable legal requirements & other requirements?

4.3 Determining the scope of the OH&S management system

To establish the scope of the OHSMS, does your

company determine its boundaries and applicability?

When determining the scope of the OH&S, do you

consider the:

 The external and internal issues per above

4.1?

 The relevant interested parties per above 4.2?

 The work-related activities performed at your

company?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 2 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Does the OHSMS include activities, products and

services that are within your control or your influence
and that can impact OH&S performance?

Is the scope of the OHSMS available and maintained

as documented information?

4.4 OH&S management system

Do you have the latest document for ISO 45001:2018?

As required by the ISO 45001 standard, do you

establish, document, implement, maintain, and
continually improve the OHSMS?

Does your company determine the processes needed

for the OHSMS, their interactions and applications?

5 LEADERSHIP AND WORKER PARTICIPATION

Intent of This clause requires that your top management demonstrates leadership and commitment with respect to the OH&S management
clause system. This section also asks top management to establish, implement and maintain an OH&S policy that is appropriate to your
company and to ensure that the organizational roles, responsibilities, and authorities for relevant roles are assigned, communicated,
and understood. In addition, your company is required to establish, implement and maintain systems for participation by and
consultation with both non-managerial and managerial workers in dealing with the OHSMS.

5.1 Leadership and commitment

Does the top management demonstrate leadership

and commitment with respect to the OHSMS by:

 Taking overall responsibility and accountability for

the prevention of work-related injury and ill-health
and the provision of safe and healthy workplaces
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 3 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

and activities?

 Ensuring that the OH&S policy and related OH&S

objectives are established and are compatible with
the strategic direction of the company?

 Ensuring the integration of the OHSMS processes

and requirements into the company’s business
processes?

 Ensuring that the resources needed to establish,

implement, maintain and improve the OHSMS are
available?

 Ensuring that a process for consultation and

participation of workers is established and
implemented?

 Communicating the importance of effective OH&S

management and of conforming to the OHSMS
requirements?

 Ensuring that the OHSMS achieves its intended

outcome(s)?

 Directing and supporting persons to contribute to

the effectiveness of the OHSMS?

 Ensuring and promoting continual improvement of

the OHSMS?

 Are improvement initiatives performed by

systematically identifying and taking actions to
address nonconformities, opportunities, and work-
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 4 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

related hazards and risks, including deficiencies in

the system?

 Supporting other relevant management roles to

demonstrate their leadership as it applies to their
areas of responsibility?

 Developing, leading and promoting a culture in the

company that supports the intended outcomes of the
OHSMS?

 Protecting workers from reprisals when reporting

hazards, risks and opportunities?

 Supporting the establishment and functioning of

health and safety committees?

With reference to the note in 5.1.1

 In the ISO 45001 standard, do you broadly

interpret references to business as meaning those
activities that are core to the purposes of your
company’s existence?

5.2 OH&S policy

Has the top management established, implemented

and maintained an OH&S policy that:

 Includes a commitment to provide safe and healthy

working conditions for the prevention of work-related
injury and ill health and is appropriate to the
purpose, the size and context of the organization
and to the specific nature of the OH&S risks and
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 5 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

opportunities?

 Provides a framework for setting the OH&S

objectives?

 Includes a commitment to fulfil legal requirements

and other requirements?

 Includes a commitment to eliminate hazards and

reduce OH&S risks, using the control hierarchy of
8.1.2?

 Includes a commitment to continually improve the

OHSMS?

 Includes a commitment to participation and the

involvement of workers’, and where they exist,
workers’ representatives, in the decision-making
processes in the OHSMS?

Is the OH&S policy:

 Available as documented information?

 Communicated within the company?

 Available to interested parties?

 Relevant and appropriate?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 6 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

5.3 Organizational roles, responsibilities, and authorities

Has the top management ensured that the

responsibilities and authorities for relevant roles within
the OHSMS are assigned and communicated at all
levels in the company and maintained as documented
information?

Have the workers at each level of the company

assumed responsibility for those aspects of OHSMS
over which they have control?

Has the top management assigned the responsibility

and authority for:

 Ensuring that the OHSMS conforms to the

requirements of the ISO 45001 standard?

 Reporting on the performance of the OHSMS

to top management?

With reference to the note in 5.3

Is top management accountable for the functioning of

the OHSMS?

5.4 Consultation and participation of workers

Has the company established, implemented and

maintained a participation and consultation process?

 Does the process include participation by and

consultation of the workers at all applicable levels
and functions, and where they exist, workers’
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 7 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

representatives in the development, planning,

implementation, evaluation and actions for
improvement of the OHSMS?

Has your company provided the mechanisms, time,

training and resources necessary for participation?

With reference to the note 1 in 5.4

Is worker representation used as a mechanism for

consultation and participation?

Have you provided timely access to clear,

understandable and relevant information about the
OHSMS?

Have you determined and removed obstacles or

barriers to participation and minimize those that cannot
be removed?

With reference to the note 2 in 5.4

 Do obstacles and barriers include failure to respond

to worker inputs or suggestions, language or literacy
barriers, reprisals or threats of reprisals and policies
or practices that discourage or penalize worker
participation?

Has your company emphasized the participation of

non-managerial workers in the following areas:

 Determination of the mechanisms for their

participation and consultation?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 8 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Hazard identification and assessment of risks and

opportunities (see also 6.1.1, and 6.1.2)?

 Actions to control hazards and risks (see also 6.1.4)?

 Determination of competence and training needs,

training and evaluation of training (see also 7.2)?

 Determination of the information that needs to be

communicated and how this should be done (see
also 7.4)?

 Determination of control measures and their effective

implementation and use (see also 8.1, 8.1.3, & 8.2)?

 Investigation of incidents and nonconformities and

determining corrective actions (see also 10.2)?

Has your company emphasized the inclusion of non-

managerial workers in consultation related to the
following areas:

 Determination of the needs and expectations of

interested parties (see also 4.2)?

 Establishment of the policy (see also 5.2)?

 Assignment of organizational roles, responsibilities,

accountabilities and authorities as applicable (see
also 5.3)?

 Determination of how to apply legal requirements

and other requirements (see also 6.1.3)?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 9 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Establishment of the OH&S objectives and planning

to achieve them (see 6.2)?

 Determination of the applicable controls for

outsourcing, procurement and contractors (see
8.1.4)?

 Determination of what needs to be monitored,

measured and evaluated (see also 9.1)?

 Planning, establishing, implementing and

maintaining an audit program (see also 9.2.2)?

 Ensuring a continual improvement process (see

also 10.3)?

With reference to note 3 in 5.4:

 Do you emphasize that the consultation and

participation of non-managerial workers is intended
to apply to persons carrying out the work activities,
but is not intended to exclude, for example,
managers who are impacted by work activities or
other company factors?

With reference to note 4 in 5.4:

 Do you recognize that training at no cost to workers

during working hours can remove significant barriers
to worker participation?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 10 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

6 PLANNING

Intent of This clause talks about the planning for the OH&S management system, where your company needs to consider the issues referred
clause to in previous clause 4.1, the requirements of clause 4.2, the scope of the OH&S system per clause 4.3, and determine the actions
to address the OH&S risks and opportunities. The planning of actions includes systems for the identification of workplace hazards
and the assessment of OH&S and other system risks, along with the identification of OH&S opportunities and other system
opportunities. In addition, legal requirements and other requirements that apply to the hazards and OH&S risks need to be
determined, up to date and accessible. This section also talks about establishing the OH&S objectives for the relevant functions and
plans to achieve them.

6.1 Actions to address risks and opportunities

6.1.1 General

When planning for the OH&S management system,

does your company consider the issues referred to in
4.1 (context), the requirements referred to in 4.2
(interested parties) and 4.3 (the scope of its OHSMS)
and determine the risks and opportunities that need to
be addressed to:

 Assure that the OHSMS can achieve its intended

outcome(s)?

 Prevent, or reduce, undesired effects?

 Achieve continual improvement?

When determining the risks and opportunities to the

OHSMS and its outcomes that need to be addressed,
have you considered:

OH&S hazards (see [Link]) and their associated

OH&S risks (see [Link]) and OH&S opportunities (see
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 11 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

[Link])?

 Applicable legal requirements and other

requirements (see also 6.1.3)?

As part of the planning process, does your company

assess the risks and identify the opportunities that are
relevant to the intended outcome of the OHSMS
associated with changes in the company, its
processes, or the OHSMS?

 In the case of planned permanent or temporary

changes, is this assessment undertaken before the
change is implemented (see also 8.2)?

Is documented information maintained for:

 The OH&S risks and OH&S opportunities that

need to be addressed?

 The processes needed to determine and

address risks and opportunities (see 6.1.2 to 6.1.4)
to the extent needed to provide the confidence they
are carried out as planned?

6.1.2 Hazard identification and assessment of risks and opportunities

[Link] Hazard identification

Has your company established, implemented and

maintained a process for the on-going proactive
identification of arising hazards?

Does your hazard identification process consider how

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 12 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

work is organized and social factors, including

workload, work hours, victimization, harassment,
bullying leadership and the culture in the company?

Does your process consider routine and non-routine

activities & situations?

For such activities & situation is consideration given to:

 Infrastructure, equipment, materials, substances and

the physical conditions of the workplace?

 Hazards that arise as a result of product design

including during research, development, testing,
production, assembly, construction, service delivery,
maintenance or disposal?

 Human factors?

 How the work is done?

Does your process consider potential emergency

situations?

Does your process consider people?

Is consideration given to:

 People with access to the workplace and their

activities, including workers, contractors, visitors and
other persons?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 13 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

affected by the activities of your company?

 Workers at a location not under the direct control of

your company?

Does your process consider other issues such as:

 Design of work areas, processes, installations,

machinery/equipment, operating procedures and
work organization, including their adaptation to the
needs and capabilities of the workers involved?

 Situations occurring in the vicinity of the workplace

caused by work-related activities under your control?

 Situations not under your control and occurring in the

vicinity of the workplace that can cause work-related
injury and ill health to persons in the workplace?

Does your hazard identification process consider

actual or proposed changes in the company, its
operations, processes, activities and the OHSMS (see
also 8.1.3)?

Does your hazard identification process consider

changes in knowledge of, and information about,
hazards?

Does your hazard identification process consider past

incidents, internal or external to the company,
including emergencies, and their causes?

[Link] Assessment of OH&S risks and other risks to the OH&S management system

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 14 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Has your company established, implemented and

maintained a process to:

 Assess OH&S risks from the identified hazards

taking into consideration the effectiveness of existing
controls?

 Determine and assess the other risks related to the

establishment, implementation, operation and
maintenance of the OHSMS?

Have you defined the methodology and criteria for

assessment of OH&S risks with respect to scope,
nature and timing, to ensure it is proactive rather than
reactive and used in a systematic way?

Are the methodologies and criteria maintained and

retained as documented information?

[Link] Assessment of OH&S opportunities and other opportunities to the OH&S management system

Does your company establish, implement and maintain

processes to identify opportunities that enhance OH&S
performance?

Does the process consider:

 Planned changes to the company, the processes or

activities?

 Opportunities to eliminate or reduce OH&S risks?

 Opportunities to adapt work, work organization, and

work environment to workers?
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 15 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Opportunities for improving the OHSMS?

With reference to the note in [Link]:

 Do OH&S risks and opportunities result in other risks

and other opportunities?

6.1.3 Determination of legal requirements and other requirements

Has your company established, implemented and

maintained a process to:

 Determine and have access to up-to-date legal

requirements and other requirements to which your
company subscribes that are applicable to the
hazards, the OH&S risks, and the OHSMS?

 Determine how these legal requirements and other

requirements apply to the company and what needs
to be communicated (see also 7.4)?

 Consider the legal requirements and other

requirements when establishing, implementing,
maintaining and continually improving its OHSMS?

Do you maintain and retain documented information

on your legal requirements and other requirements
and ensure that it is updated to reflect any changes?

With reference to the note in 6.1.3:

Can your legal requirements and other requirements

result in risks and opportunities for your company?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 16 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

6.1.4 Planning to take action

Have you planned the actions to address the risks and

opportunities (see also [Link] and [Link])?

Have you planned the actions to address applicable

legal requirements and other requirements (see also
6.1.3)?

Have you planned the actions to prepare for, and

respond to, emergency situations (see also 8.2)?

Have you planned the actions on how to integrate and

implement the actions into its OHSMS processes or
other business processes?

Have you planned the actions on how to evaluate the

effectiveness of these actions?

Has your company taken into account the hierarchy of

controls listed in 8.1.2 and outputs from the OHSMS
when planning to take action?

When planning the actions, have you considered best

practices, technological options, financial, operational
and business requirements and constraints?

6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives

Has the company established OH&S objectives at

relevant functions and levels to maintain and improve
the OHSMS and to achieve continual improvement in

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 17 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

OH&S performance (see also Clause 10.3)?

In establishing the OH&S objectives:

 Are they consistent with the OH&S policy?

 Do they take into account applicable requirements?

 Do they take into account the results of the

assessment of OH&S risks and OH&S opportunities?

 Do they take into account the results of consultation

with workers, and where they exist, workers’
representatives?

 Are the objectives measurable or capable of

performance evaluation?

 Are they monitored, clearly communicated, and

updated as appropriate?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 18 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

6.2.2 Planning to achieve OH&S objectives

When planning how to achieve its OH&S objectives,

have you determined:

 What will be done?

 What resources will be required?

 Who will be responsible?

 When it will be completed?

 How it will be measured through indicators (if

practicable) and monitored, including frequency?

 How the results will be evaluated, including

monitoring indicators?

 How the actions to achieve OH&S objectives will be

integrated into the business processes?

Do you maintain and retain documented information

on the OH&S objectives and plans to achieve them?

7 SUPPORT

Intent of This clause requires that your company determine and provide the resources needed to establish, implement, maintain and
clause continually improve the OH&S management system. This section covers the resources that support the system and include
competence and awareness of the workers, methods for the communication of OH&S internal and external information along with
the requirements for documented information.

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 19 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

7.1 Resources

Has the company determined and provided the

resources needed to establish, implement, maintain,
and continually improve the OHSMS?

7.2 Competence

Has your company:

 Determined the necessary competence of workers

that affects or can affect its OH&S performance?

 Ensured that workers are competent on the basis of

appropriate education, training, or experience?

 Taken actions to acquire the necessary competence,

and evaluate the effectiveness of the actions taken?

 Retained relevant documented information as

evidence of competence?

With reference to the note in 7.2:

Do your actions include, for example, the provision of

training to, the mentoring of, or the re- assignment of
currently employed workers, or the hiring or
contracting of competent ones?

7.3 Awareness

Are the workers made aware of the following:

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 20 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 The OH&S policy and OH&S objectives?

 Their contribution to the effectiveness of the

OHSMS, including the benefits of improved OH&S
performance?

 The implications and potential consequences of not

conforming with the OHSMS requirements?

 Incidents and outcome of the investigations relevant

to them?

 Hazards, OH&S risks and actions relevant for them?

 Their ability to remove themselves from work

situations that they consider having an imminent and
serious danger to their life or health, along with the
arrangements for protection from undue
consequences for doing so?

7.4 Communication

7.4.1 General

Have you determined the need for internal and

external communications relevant to the OHSMS?

Do they include:

 On what you will communicate?

 When to communicate?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 21 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 With whom to communicate, such as:

o Internally with various company levels & functions?

o With contractors and visitors to the workplace?

o With other external or interested parties?

 How to communicate?

Have you taken into account diversity aspects, such as

gender, language, culture, literacy, and disability,
when considering the communication needs?

Has your company ensured that the views of external

interested parties are considered in the communication
process?

When establishing the communication process, do you

consider the legal requirements and other
requirements?

How do you ensure that OH&S information to be

communicated is consistent with information
generated within the OH&S management system, and
is reliable?

Does the company respond to relevant

communications on the OH&SMS?

Is documented information retained as evidence of

communications?

7.4.2 Internal communication

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 22 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Does your company communicate internally the

information relevant to the OHSMS among the various
levels and functions, including changes to the system?

Do you ensure that communication processes enable

workers to contribute to continual improvement?

7.4.3 External communication

Does your company communicate externally the

information relevant to the OHSMS as established by
the communication processes and taking into account
the legal requirements?

7.5 Documented information

7..5.1 General

Have you included the following in your OHSMS:

 The documented information required by the

international ISO 45001 document?

 The documented information determined by your

company as being necessary for the effectiveness of
the OHSMS?

With reference to the note in 7.5.1:

With the extent of documented information for the

OHSMS differing from one company to another, have
you considered the:

 Size of your company and the type of activities,

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 23 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

processes, products and services?

 Complexity of your processes and their interactions?

 Competence of your workers?

7.5.2 Creating and updating

When creating and updating documented information,

do you ensure the appropriate:

 Identification and description, such as a title, date,

author, or reference number?

 Format, such as language, software version,

graphics, and paper or electronic media?

 Review and approval for suitability and adequacy?

7.5.3 Control of documented information

Is your documented information required by the

OHSMS and by the ISO 45001 international standard
controlled to ensure that:

 It is available and suitable for use, where and when it

is needed?

 It is adequately protected, such as from loss of

confidentiality, improper use, or loss of integrity?

For the control of documented information, has your

company addressed the following activities:

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 24 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Distribution, access, retrieval and use?

 Storage and preservation, including preservation of

legibility?

 Control of changes, such as version

control?

 Retention and disposition?

Is the documented information of external origin

determined by your company to be necessary for the
planning and operation of the OHSMS identified and
controlled?

With reference to note 1 in 7.5.3:

Do you recognize that access can imply a decision

regarding the permission to view the documented
information only, or the permission and authority to
view and change the documented information?

With reference to the note 2 in 7.5.3:

Do you recognize that access to relevant documented

information include access by workers, and any
relevant worker representatives?

8 OPERATION

Intent of This clause requires that your company plan, implement and control the processes required for the OH&S management system and
clause to implement the actions to address risks and opportunities as determined in previous planning clause 6. Operational planning and
control include processes to eliminate or reduce OH&S risks, to manage change, and systems for procurement, contractors,
outsourcing, and emergency preparedness and response.
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 25 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

8.1 Operational planning and control

8.1.1 General

Has the company planned, implemented and

controlled the processes needed to meet requirements
of the OHSMS?

Have you implemented the actions determined in

previous clause 6, by:

 Establishing criteria for the processes?

 Implementing controls for the processes in

accordance with the criteria?

 Maintaining and retaining documented information to

provide confidence that the processes have been
carried out as planned?

 Adapting work to workers?

At multi-employer workplaces, have you implemented

a process for coordinating the relevant parts of the
OHSMS with other organizations?

8.1.2 Eliminating hazards and reducing OH&S risks

Has your company established a process and

determined the controls for achieving reduction in
OH&S risks using the following hierarchy of control:

 Eliminate the hazard?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 26 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Substitute with less hazardous materials, processes,

operations or equipment?

 Use of engineering controls and reorganization of

work?

 Use of administrative controls, including training?

 Use of adequate personal protective equipment?

With reference to the note in 8.1.2:

As required in many countries, do legal requirements

require that you provide personal protective equipment
to workers at no cost to them?

8.1.3 Management of change

Is a process established for the implementation and

control of planned temporary and permanent changes
that impact OH&S performance, such as for:

 New products, processes or services or changes to

existing ones as related to workplace locations and
surroundings, work organization, working conditions,
equipment, and work force?

 Changes to work processes, procedures, equipment,

or organizational structure?

 Changes to legal requirements and other

requirements?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 27 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Changes in knowledge or information about hazards

and related OH&S risks?

 Developments in knowledge and technology?

Do you review the consequences of unintended

changes, taking action to mitigate any adverse effects,
including addressing potential opportunities?

With reference to the note in 8.1.3:

Do you consider change as resulting in risks and

opportunities?

8.1.4 Procurement

[Link] General

Have you implemented a process to control the

procurement of products and services that ensures
that they conform to requirements of your OHSM?

[Link] Contractors

Do you coordinate the procurement process with

contractors to identify hazards and to assess and
control the OH&S risks, resulting from:

 Contractors’ activities and operations that impact

your company?

 Contractors’ activities and operations that impact the

contractor’s workers?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 28 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Contractors’ activities and operations that impact

other interested parties in the workplace?

Are processes established and maintained to ensure

that the requirements of your OHSMS are met by
contractors and their workers?

Does the procurement process include the OH&S

criteria for selection of contractors?

With reference to the note in [Link]:

Do you include the OH&S criteria for selecting

contractors in the contract documents?

[Link] Outsourcing

Does the company ensure that outsourced processes

and functions affecting the OHSMS are controlled?

Are the outsourcing arrangements consistent with legal

requirements and with achieving the intended
outcomes of the OHSMS?

Is the type and degree of control to be applied to these

processes and functions defined within your OHSMS?

With reference to the note in [Link]:

Is the coordination with external providers used to

address any impact outsourcing has on OH&S
performance?

8.2 Emergency preparedness and response

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 29 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Has your company established, implemented and

maintained a process to prepare for and respond to
potential emergency situations as identified in clause
6.1.2, dealing with hazard identification and the
assessment of risks and opportunities?

Does your process include the:

 Establishment of a planned response to emergency

situations and including the provision of first aid?

 Provision of training for the planned response?

 Periodic testing and exercising the planned response

capability?

 Evaluation of performance, and as needed, revision

to the planned response, after testing and in
particular after the occurrence of emergency
situations?

 Communication and provision of relevant information

to all workers on their duties and responsibilities?

 Communication of relevant information to

contractors, visitors, emergency response services,
government authorities, and the local community, if
appropriate?

 Take into account the needs and capabilities of all

relevant interested parties and ensure their
involvement in developing the response plan?

Do you maintain and retain documented information

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 30 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

on the process and on the plans for responding to

potential emergency situations?

9 PERFORMANCE EVALUATION

Intent of This clause requires that your company plan, implement and control the monitoring, measurement, analysis, and performance
clause evaluation processes. Performance evaluation includes systems for the calibration and maintenance of monitoring and measuring
equipment, evaluation of compliance with legal requirements, internal audits, and management review, all aimed at improving
OH&S performance and an effective OH&S management system.

9.1 Monitoring, measurement, analysis and performance evaluation

9.1.1 General

Has your company established, implemented and

maintained a process for monitoring, measurement
and evaluation?

Have you determined the following:

 What needs to be monitored and measured, such as:

o The extent to which legal requirements and other

requirements are fulfilled?

o The activities and operations related to identified

hazards, risks and opportunities?

o Effectiveness of operational controls?

o Progress toward achieving your OH&S objectives?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 31 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

performance?

 The methods for monitoring, measurement, analysis

and evaluation, to ensure valid results?

 When the monitoring and measuring will be

performed?

 When the results from monitoring and measurement

will be analyzed, and evaluated and communicated?

Does your company ensure that monitoring and

measurement equipment is calibrated or verified and is
used and maintained as needed?

With reference to the note in 9.1.1:

Are legal requirements or other requirements, such as

national or international standards, concerning the
calibration or verification of monitoring and measuring
equipment considered?

Do you evaluate the OH&S performance, and

determine the effectiveness of the OHSMS?

Is documented information retained as evidence of the

monitoring, measurement, analysis and evaluation
results?

Is documented information retained on the

maintenance, calibration or verification of measuring
equipment?

9.1.2 Evaluation of compliance

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 32 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Does your company plan, establish, implement and

maintain a process for evaluating compliance with
applicable legal requirements and other requirements
(see also 6.1.3)?

Do you perform the following:

 Determine the frequency and method(s) for the

evaluation of compliance?

 Evaluate compliance?

 Take action if needed in accordance with 10.3?

 Maintain knowledge and understanding of your

status of compliance with legal requirements and
other requirements?

 Retain documented information of the compliance

evaluation results?

9.2 Internal audit

9.2.1 General

Does your company conduct internal audits at planned

intervals to determine whether the OHSMS:

 Conforms to your OHSMS requirements, including

the OH&S policy and OH&S objectives, and the
requirements of the ISO 45001 standard?

 Is effectively implemented and maintained?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 33 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

9.2.2 Internal audit program

Does your company plan, establish, implement and

maintain an audit program that includes the frequency,
methods, responsibilities, consultation, planning
requirements and reporting?

Do you take into consideration the importance of the

processes concerned and the results of previous
audits?

As part of your internal audit program, do you:

 Define the audit criteria and scope for each audit?

 Select auditors and conduct audits to ensure

objectivity and the impartiality of the audit process?

 Ensure that the results of the audits are reported to

relevant responsible management?

 Ensure that relevant audit findings are reported to

relevant workers, and where they exist, workers’
representatives, and relevant interested parties?

 Act to address nonconformities and continually

improve OH&S performance (see clause 10)?

 Retain documented information as evidence of the

implementation of the audit program and the audit
results?

With reference to the note in 9.2.2:

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 34 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

For more information on auditing, do you refer to ISO

19011 Guidelines for auditing management systems?

9.3 Management review

Does the top management review the OHSMS at

planned intervals, to ensure that it continues to be
suitable, adequate and effective?

As inputs for the planning and conducting

management reviews, do you consider:

 The status of actions from previous management

reviews?

 Changes in external and internal issues that are

relevant to the OHSMS and including the needs and
expectations of interested parties, legal requirements
and other requirements, and risks and opportunities?

 Extent to which the OH&S policy and the OH&S

objectives have been met?

 Information on the OH&S performance including

trends in:

o Incidents, nonconformities, corrective actions and

continual improvement?

o Monitoring and measurement results?

o Results of evaluation of compliance with legal

requirements and other requirements?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 35 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

o Audit results?

o Consultation and worker participation

o Risks and opportunities?

 Relevant communication with interested parties?

 Opportunities for continual improvement?

 Adequacy of the resources for maintaining an

effective OHSMS?

Do the outputs of the management review include

decisions related to:

 The continuing suitability, adequacy and

effectiveness of the OHSMS and the intended
outcomes?

 Continual improvement opportunities and any need

for changes to the OHSMS, including resources
needed?

 Actions needed?

 Opportunities to integrate the OHSMS with other

business processes?

 Implications for the strategic direction of the

company?

Does the top management communicate the relevant

outputs of the management review to relevant
______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 36 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

workers, and where they exist, workers’

representatives?

Is documented information retained as evidence of the

results of management reviews?

10 IMPROVEMENT

Intent of This last clause requires that your company determine the opportunities for improvement as identified with the performance
clause evaluation processes of previous clause 9, and manage OH&S incidents, nonconformities, and corrective actions. The improvement
process includes the objectives for continual improvement and the implementation of the actions needed to continually improve the
suitability, adequacy and effectiveness of the OH&S management system.

10.1 General

Has your company determined the opportunities for

improvement (per clause 9) and implemented the
actions needed to meet the intended outcomes of the
OHSMS?

10.2 Incident, nonconformity and corrective action

Has your company planned, established, implemented

and maintained a process to manage incidents and
nonconformities including reporting, investigating and
taking action?

When an incident or a nonconformity occurs, does

your company react in a timely manner to the incident
or nonconformity, and, as applicable:

 Take action to control and correct it?

 Deal with the consequences?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 37 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

When an incident or a nonconformity occurs, does

your company evaluate, with the participation of
workers and the involvement of other relevant
interested parties, the need for corrective action to
eliminate the root cause of the incident or
nonconformity, in order that it does not recur or occur
elsewhere, by:

 Investigating the incident or reviewing the

nonconformity?

 Determining causes of the incident or

nonconformity?

 Determining if similar incidents, nonconformities,

exist, or could potentially occur?

When an incident or a nonconformity occurs, do you:

 Review the assessment of OH&S risks and other

risks (see also 6.1)?

 Determine and implement any action needed,

including corrective action, in accordance with the
hierarchy of controls (see also 8.1.2) and the
management of change (see 8.1.3)?

 Assess OH&S risks related to new or changed

hazards, prior to taking action?

 Review the effectiveness of action and corrective

action taken?

 Make changes to the OHSMS, if necessary?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 38 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

Are your corrective actions appropriate to the effects

or potential effects of the incidents or nonconformities
encountered?

Do you retain documented information as evidence of:

 The nature of the incidents or nonconformities and

any subsequent actions taken?

 The results of any corrective action, including the

effectiveness of the actions taken?

Does your company communicate this documented

information to relevant workers, and where they exist,
workers’ representatives, and relevant interested
parties?

With reference to the note in 10.2:

Is the reporting and investigation of incidents promptly

done to assist in the removal of hazards and in
minimizing associated OH&S risks?

10.3 Continual improvement

As an organization, have you planned, established,

implemented and maintained a continual improvement
process which takes into account the outputs of the
activities described in the ISO 45001 standard?

Does your company continually improve the suitability,

adequacy and effectiveness of the OHSMS by:

 Enhancing OH&S performance?

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 39 of 40
 INSERT COMPANY NAME/LOGO HERE
ISO 45001:2018 Occupational Health and Safety Management Systems – The Gap Analysis Checklist
___________________________________________________________________________________________________________________

 Promoting a culture that supports the OHSMS

culture?

 Promoting the participation of workers in the

implementation of actions for the continual
improvement of the OHSMS?

 Communicating the results of continual improvement

to workers and relevant worker representative?

 Maintaining and retaining documented information as

evidence of continual improvement?

Additional Notes:

______________________________________________________________________________________________________________________________

ISO / FDIS - Audit conducted by: ________________________ Date: _____________ to ______________ Copyright © ISO45000Store Page 40 of 40