3 Types Of ISO 45001 Audits – Which One Should You Choose?

Home / 3 Types Of ISO 45001 Audits – Which One Should You Choose?

3 Types Of ISO 45001 Audits – Which One Should You Choose?

The objective of the ISO 45001 audit is to evaluate the scope of your OHSMS system, its policies and objectives, and other supporting documents, and determine if it has been implemented well. The audit aims to investigate all the incidents related to occupational health and safety and to find nonconformities and opportunities for improvement. Audits help to identify plans for corrective actions to optimize your outcomes.

There are two main categories of audit, internal and external. To get recognized worldwide as compliant to ISO 45001, a company needs to go through a certification audit that verifies the documentation, actions and records against the clauses of the occupational health and safety management system standard. The certification audit is part of the external audit, which is conducted in two phases, simply called stage 1 and stage 2.

Companies can be audited in three ways – remote audit, on-site audit, and self-audits. The self-audit is not categorically an internal audit as it is performed by your company when they are requested by a customer. The on-site audit is seen as more advantageous than the remote audit because of face-to-face value. Remote audits have many advantages over on-site audits, especially reduced cost and greater flexibility. Audits are performed by trained and competent individuals as per various audit standards provided by the International Organization for Standardization (ISO) and the International Accreditation Forum (IAF).

Remote audits are by auditors using videoconference software.

The following post discusses 3 categories of OHSMS audits and when to apply them.

The Types Of ISO 45001 Audits

The Internal Audits

An OHS internal audit is an audit of your organization that is performed to examine occupational health and safety policies, systems, and performance. It is kind of a self-examination audit that prepares a company for an external audit, and yet it is a requirement of ISO 45001, in other words you cannot get ISO certified without performing an internal audit. The audit is performed by trained and competent auditors, or under the supervision of a competent auditor. Companies can hire multiple auditors from within their organization or from an external source. Having multiple auditors can help with mentoring and can provide a more diverse point of view. The objective of this type of audit is to check compliance with the standards and your organization’s Occupational Health & Safety management system and determine any opportunities for improvement where able. To achieve this, internal auditors question personnel and interested parties and view required documents and records.  Information sighted or discussed will be recorded as objective evidence. Internal auditors will provide an audit report which is reviewed by senior management, usually as part of the Management Review meeting. The requirements for an internal audit are documented in ISO 45001 in section 9.2.

The external audit

When the internal audit has been performed properly and all the non-conformities are corrected, companies are ready for external audits.  These audits can be performed via web meetings and / or on-site evaluations. External audits can be performed as a 2nd party audit or third-party audit. Normally a 2nd party audit is performed by a customer or other interested party. Customers will choose 2nd party audits if your organization is not ISO certified by a third-party auditor, or where your customer wants to perform their own validation of compliance. 2nd party audits usually have no cost to your organization. Where possible, organizations should be audited by a third party auditor which usually negates the need for a 2nd party auditor. Another term for a third-party audit is a certification audit. For certification audits, a certification body hires lead auditors, who are trained and competent/experienced to perform a third-party audit. Lead auditors can be trained through a 5 day course that is accredited by one of the various training certification bodies such as Exemplar Global or PECB. Certification bodies are accredited by an accreditation body. Although various regions worldwide have a regional accreditation body, all certification bodies that are accredited by a member of the International Accreditation Forum (IAF) have equal status worldwide, in other words it doesn’t matter who accredits your certification body as long as they are IAF members. You can check accreditation status on the IAF website. The third-party audit is normally paid for by your organization. External audits are performed after your organization has performed their internal audit, and when your organization feels ready.

Certification audit

To perform a certification audit on your OHSMS, a two-stage audit is done prior to issuing certification. For the stage 1 audit, the organizational policies and objectives for OHSMS are reviewed. The fundamental organizational documents and records are reviewed, and necessary information is shared by management. An audit report for stage 1 is prepared and issued for review and approval. Any areas of noncompliance or improvement are implemented by your organization if needed before you can move on to the stage 2 audit. In stage 2, certified auditors visit your organization and likewise conduct interviews with management and employees, and documentation / records are reviewed. All the necessary information sighted and discussed is documented on an audit report. Only after performing a complete audit of the documented data against ISO 45001 will the certification auditor be able to recommend your organization for certification.  Once the audit report is completed and accepted by your organization, and any major or minor nonconformities have been addressed (major nonconformances must be corrected prior to issuance of certification), the external certification body will issue your organization’s certification for compliance to ISO 45001. Depending on the certification body’s policy, your organization and certification information will be recorded in the public domain including on their website, the accreditation body website, and / or the IAF website.  Furthermore, the certification body may issue certification marks or logos to your organization for use in marketing.

If you have already completed the internal audit, you can directly register your system for an external audit, including the certification audit if you choose.

Final words

Not all certification auditors are equal. There are over a thousand certification bodies in the world you can choose. Your choice of certification body is likely to significantly impact your experience for better or for worse. Blue Wolf Certifications is a business partner to various accredited certification bodies. To put it another way, we are one of their auditors, a regional office.

Our auditors have been described as transparent, open, fair and supportive. And even easy to talk to and helpful.

Our audits have been described as nonthreatening, relaxing, straightforward, orderly, professional and painless.

Take the advice of our clients, we will make your ISO certification journey easier and less stressful. Contact us here now!

We can audit and provide accredited certifications for ISO 9001, ISO 14001, ISO 27001, ISO 37001, ISO 45001 and other certifications.