ISO 45001-2018 8.1 Planning and control


FREE QHSE Software Click <HERE> to Learn More

FREE QHSE Business Software Solutions

FREE Quality, Health and Safety, and HR Business Software Click <HERE> to Learn More and Download




QHSE Support >(Site Map) Health & Safety Guidance > ISO 45001:2018 Clauses > ISO 45001:2018 clause 8 >  

ISO 45001:2018 Clause 8.1 Operational planning and control








Clause 8.1 Breakdown


The organization needs to plan and control each process within the OH&S management system.  Clause 8 deals with ensuring processes and methods which control activities are designed to ensure workers are protected from harm.  Having established the methodology for hazard identification in clause 6.0, the organization will use the hierarchy of controls determined to eliminate or reduce hazards to the lowest practicable risk level.  Clause 6 also deals with opportunities.  These opportunities will invariably introduce change, possibly introducing new risks if established control measures are no longer wholly suitable.  Therefore operational planning needs to consider both existing and any new processes introduced to achieve the organization’s objectives.


8.1 Operational planning and control


  8.1.1 General

  8.1.2 Eliminating hazards and reducing OH&S risks

  8.1.3 Management of change

  8.1.4 Procurement General Contractors Outsourcing


First thing to note about clause 8 is it includes additional sub-clauses not included in the documents main index!!!


ISO 45001 2018 8 Operation


8.1.1 General


In ISO 45001:2018 clause 6 looks at planning, risks, and objectives. Clause 8 looks at the operational side of how to: plan, implement, control, and maintain; activities and processes. Ensuring the hierarchy of controls measures identified in clause 6 is realised. 


Clause 8.1.1 lists only four requirements to examine:


establishing criteria for the processes;

implementing control of the processes in accordance with the criteria;

maintaining and retaining 'documented information' to the extent necessary to have confidence that the processes have been carried out as planned;

adapting work to workers.


These requirements talk about 'criteria'; however, ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive to the design of an OH&S management system.


By looking at section A8.1.1 a clearer understanding of the type of criteria the standard is not specifying can begin to be developed.


Examples of operational control of the processes include:


procedures and systems of work;

competence of workers;

preventive or predictive maintenance and inspection programmes;

specifications for the procurement of goods and services.


The guidance document ISO 45002 0 2018 will offer some more help.


Controls and criteria relating to those processes can include, for example:


documentation and detailed systems of work;

specifications for the procurement of goods and services;

ensuring compliance with regulations and manufacturers' instructions;

checking and raising the competence of workers;

maintenance and inspection programmes, e.g. routine housekeeping;

health surveillance, work permits; and

adapting work to workers, e.g. reasonable adjustments for workers with specific needs, appropriate design of workplaces, etc


8.1.2 Eliminating hazards and reducing OH&S risks


Cause 8.1.2 list a 5 step hierarchy of controls to eliminate or reduce OH&S risks to the lowest possible level.



ISO 45001 2018 8.1.2 hierarchy of controls



Elimination: This involves removing the hazard from the workplace so that no employee is subjected to the risk. Examples; a production process can be changed so that the requirement to working at height is no longer required.  More prevalent these days could be changing a meeting that involves travelling in busy city, towns and public transport to video conferences.


Substitution: This involves replacing hazards with less hazardous ones. Examples; using a less-flammable liquid instead of a highly flammable one; handling material using handling aids like trolleys instead of manual lifting techniques; replacing lead or solvent-based paint with water-based paint.


Engineering Controls: engineering controls can be highly effective in protecting workers from hazards at their source. Examples; building a physical barrier or guarding between the personnel and the hazard, ventilation systems, noise cancelling systems.


Administrative Control: Developing work procedures that will favour safe work practice, like workers rotation to reduce exposure time, provision of welfare facilities, etc.


Personal Protective Equipment: PPE if often referred to as the last line of defence. It is used when all other control measures fail, it is also often used to support other control measures such as Engineering and Administrative. PPE examples; Hand gloves, coveralls, respirators, hard hats, safety glasses, high-visibility clothing, safety footwear, etc.


8.1.3 Management of change


Introducing change to products, services, processes and resources introduces risk if established control measures are no longer sufficient.  Changes need to be planned and managed to effectively mitigate any hazards.  Changes can not only be related to tangible items such as new equipment, machinery, technology, tools, materials, work-sites, facilities, work conditions etc but also less discernible items such as new working practices, work procedures and instructions, legislation, industry guidance, best practice, employees, workforces, training, shift patterns, etc.  Due diligence needs to be taken to ensure changes do not introduce unintended or unforeseen hazards. 


In many cases for larger changes staff can embrace or resist them, top management needs to regularly reinforce the benefits these changes will bring.  Organizations need to ensure their biggest assets, i.e. their staff are on board, or at least can see the long term benefits of the changes.  Change can also initially bring very positive results, which over time become less prevalent as they become normal practice, the reverse can also be true.


8.1.4 Procurement General


This clause is about ensuring that the procurement of goods or services conforms to the intention of the implemented OH&S standard.  The procurement processes should be used to determine and assess the hazards being introduced into the organization to allow adequate OH&S control measures to be realized.


For larger procurement items such as cranes, hoists, lathes etc organizations may well have a technical engineering acceptance procedure which looks at all areas of OH&S associated with the new equipment, for example:




Staff Safety;

Staff Training / Competence;

Safety Equipment;

Safe Systems of Work;

Risk Assessments;

Technical / Engineering Acceptance (Factory, Design, Safety, Maintenance, Concessions etc);

Occupational Safety Plan;

Maintenance Requirements;


Warranties. Contractors


Procurement of contractors is less about the services provided and more to do with the management of contractors to reduce the risk of potential hazards.


It is more than likely that many contractors that an organization deals with, especially smaller contractors are not going to have accreditation to ISO 45001 2018 or similar standards.  However, this does not prevent the organization from doing trade with them.


It is at the procurement stage that organizations need to assess and determine:


the organizations activities and operations that will impact on the contractors;

the contractors activities and operations that will impact on the organization;

the contractors activities and operations that will impact on others in the workplace or work-site.


It is common practice that organizations will have contractor and supplier procurement procedures that when followed will ensure the requirements of the organizations OH&S management system are taken into account, including safety areas such as:


site access;

site inductions;


safe systems of work;

risk assessments;

accident reporting;

accident management. Outsourcing


Definition: outsourcing - The term “outsourcing” refers to a strategy whereby organizational tasks and structures are given to an external contractor. These can be individual tasks, specific areas, or entire business processes. Basically shifting tasks, operations, jobs, or processes to an external workforce.


Purchasing a product or service to a suppliers own specification is simply buying, to be classed as outsourcing the process needs to be managed by the supplier on behalf of the requesting organization.  The supplier fundamentally needs the freedom to determine how to meet the organizations needs.


It is not uncommon for an organization to obtain specialist 'outsourced' support.  Organizations tend to concentrate on their core activities and outsource activities they do not have the expertise to undertake directly.  Examples could include activities such as:


IT and backup requirements;

Machine, equipment maintenance;


Vehicles maintenance;

Facility maintenance;

Facility cleaning;

Feminine hygiene;

Medical and healthcare support;

Accounting & Bookkeeping;

Payroll processing;



Competency Management;

Event Management;

Waste Management

Website design and management;

Social media marketing;

Time tracking software;


QHSE Inspections.


To name but a few...


Outsourcing can also be (examples shown if you were based in England):


Local - Same country

Near shore - this could be any European county

Offshore - this could Asia, USA, Australia etc


One important question is why do organizations outsource, why not do everything in-house?  A few reasons could be:


Reduced Overhead Cost;

Reduced Cost of Labour;

Save Time, Money and Resources;

Lack of in-house expertise;

Risk Mitigation;

Remain focused on core business;

Improved Quality.


As far as the standard is concerned the requirements are not too specific for what could be considered a major part of many organizations business strategy.  Whilst the standard clause is undetailed in precise steps for outsourcing, this can often be an area that jobsworth / picky auditors will drill into...


The standard requires:


outsourced functions and processes are controlled;

outsourcing arrangements are consistent with legal requirements and other requirements;

outsourcing arrangements are consistent with the intended outcomes of the OH&S management system.


Organizations need to ensure outsourced providers understand what is required of them and that their work shall be undertaken acceptably.

Useful integrated management system cross references


ISO 9001


ISO 9001-2015 8 Operation

ISO 9001-2015 8.1 Planning and control


ISO 14001


ISO 14001-2015 8 Operation

ISO 14001-2015 8.1 Planning and control


Help file v1.175.0542 : Copyright © 2022 Brian G. Welch MSc(QHSE), NVQ4(OH&S), CMIOSH - Supported by Website On Safe Lines