Aligning Incident Management With ISO 45001 Requirements

Quality Digest


While ISO 45001 is largely aimed at incident prevention, several requirements apply to how organizations respond to and manage incidents. These include requirements around:
• Incident reporting: Manufacturers must document their process for reporting incidents, including near misses, injuries, and occupational illnesses.
• Incident investigation: Companies must investigate incidents to identify their root causes, contributing factors, and related hazards.
• Incident response: Organizations must establish a process for incident response that mitigates the effect of incidents to prevent further harm.
• Documentation and record-keeping: The standard requires documentation of the incident management process as well as records of incidents, investigations, and corrective actions.
• Communication: Companies must keep workers informed about the results of incident investigations. The standard emphasizes sharing lessons learned, as well as seeking employee input on appropriate prevention and control measures.
• Corrective and preventive action: The standard requires companies to implement corrective actions to address the root cause of incidents and prevent recurrence.
• Continuous improvement: Like all ISO standards, there is a strong focus on continuous improvement. ISO 45001 requires companies to use incident management data to drive improvements in EHS performance as a whole.

The biggest gap in manufacturing-incident management

Incident reporting
Capturing data on the time, location, and circumstances surrounding the incident will be helpful both for tracking trends and for OSHA reporting purposes.

Below, we examine key clauses of the standard related to incident management and best practices for building your process. We also explore one big gap in EHS incident management today, and the role of technology in managing incidents.

The number of ISO 45001 certificates is growing fast, jumping 54% from 2020 to 2021, according to the ISO Survey.

Preventive action
Some incidents are straightforward in terms of identifying preventive actions. However, if you’re having trouble coming up with an effective preventive action, consider using an impact assessment and FMEA. This helps determine how substantial of a preventive action is necessary based on risk and the effect on the process.

Using the QMS to build an ISO 45001-compliant incident management process

Published Aug. 17, 2023, on the AssurX blog.

However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads.

The problem is that not reporting near misses means lost opportunities to prevent future injuries. It’s natural to feel relief after a near miss, and it’s not hard to see why people would be nervous about reporting a mistake. Because of this, it’s critical to communicate to your team:
• What counts as a near miss
• Why it should be reported
• That nobody will be blamed for reporting near misses or other incidents

Quality management system (QMS) automation is becoming increasingly prevalent for manufacturers looking to standardize incident management. A configurable QMS helps companies create an ISO 45001-compliant process that aligns with internal processes, allowing these companies to:
• Capture, store, and share incident details within one centralized, permissions-based system
• Facilitate collaboration among different team members to accelerate the resolution of problems
• Launch a 5 Why, 8D, or FMEA from the EHS incident management solution
• Create customized workflows for incident investigations and reporting aligned with internal processes and reporting structures
• Automatically populate incident reports and OSHA 300 forms for regulatory reporting
• Analyze trends in EHS incident data to develop more effective preventive actions and drive continuous improvement


Download a free case study to learn how one leading manufacturer created a customized process for root cause analysis and corrective action.

Incident management requirements in ISO 45001

It’s worth noting that ISO 45001 includes near misses in its definition of workplace safety incidents. Unfortunately, it’s also one of the biggest gaps in manufacturing plants today.

Manufacturers should also consider the following incident management best practices:

That means incorporating risk into decision-making throughout the process. One example would be using a risk matrix and scoring to prioritize corrective actions. Another would be using failure mode and effects analysis (FMEA) to determine prevention measures for addressing an identified root cause.

This occupational health and safety standard is especially prevalent in manufacturing, where managing safety incidents is a core concern from the perspective of protecting workers, reducing costs, and avoiding compliance problems.

Corrective action
This step includes root cause analysis using tools such as a 5 Whys analysis, 8D problem solving, or failure mode and effects analysis (FMEA). Don’t assume you know the root cause, but rather follow the process to completion to avoid missing anything.


Aligning Incident Management With ISO 45001 Requirements

Incorporate risk-based thinking in your approach

So please consider turning off your ad blocker for our site.

Clause 10.2 of ISO 45001 requires companies to establish processes for incident investigation, reporting, and corrective action. The standard also includes requirements for documentation and communication, as well as the stipulation to use incident data to promote continuous improvement.

It’s vital that your team understands how reporting helps the organization keep everyone safer, and that they won’t be punished for reporting.

Incident management best practices for ISO 45001 compliance

Similar to other ISO standards, ISO 45001 doesn’t provide specific instructions on how to manage incidents. However, it does require that manufacturers incorporate risk-based thinking into their approach.