If you want to avoid fines and stay on top of your safety obligations, start with a solid ISO 45001 audit checklist. This checklist gives you a clear structure to follow so you can meet the requirements of the standard without missing key areas. It covers everything from top-level leadership responsibilities to the day-to-day control of risks on site.
An audit shows how well your systems work in practice. Whether you’re running a standalone safety system or working within integrated management systems, your audit will test how clearly your organisation connects its goals, policies, and legal duties with what’s actually happening on the ground.
This guide breaks down the checklist section by section. You will see what auditors look for and how you can prepare. You will also learn how to align your systems with your business direction, avoid non-conformities, and stay audit-ready without scrambling the week before.
1. Context of the Organisation
Before you think about inspections, reports, or controls, you need to understand your business context. The first section of the ISO 45001 audit checklist asks you to get clear on your organisation’s external and internal issues that influence your occupational health and safety (OH&S) outcomes. This means looking at where your business operates, what risks you face, and what strategic goals you’ve set.
Identify OH&S Issues That Influence Strategy
Start by listing what’s happening outside your organisation that could impact health and safety. This includes regulatory changes, supply chain disruptions, industry trends, seasonal hazards, and client expectations. Then look inside your business. Do you have a high turnover of staff? Are you growing quickly? Do you work across multiple sites or industries? These factors affect how you manage safety.
You don’t need to write a full report. A clear summary of the key issues is enough. What matters is that you show you understand the risks and opportunities that shape your OH&S performance.
Know What Interested Parties Expect
You also need to know who has a stake in your OH&S system and what they expect from you. This includes workers, subcontractors, clients, regulators, and insurers. Legal requirements sit at the centre of this. You must identify all safety laws, regulations, and codes that apply to your business. You must also keep track of any changes and adjust your system as needed.
Auditors will want to see how you gather and review these expectations. They’ll check whether you’ve considered your workers’ concerns, client requirements, and your duty to comply with safety legislation.
Align the OH&S System With Strategy and Services
Your OH&S management system must match your business size, structure, and direction. That means your safety policies and procedures should not sit on the shelf. They should reflect what your business actually does and where it is heading. If you plan to expand into new regions or offer new services, your OH&S system needs to scale with it.
If your goal is ISO 45001 certification in Australia, this alignment is essential. The standard requires you to show that your safety practices support your organisation’s overall purpose and future direction.
Define Who Does What
Your audit will include a review of your processes, responsibilities, and planning within the OH&S scope. You must clearly show who is responsible for what. This includes site supervisors, admin staff, contractors, and anyone involved in safety planning, reporting, or response.
You also need to show how you plan projects with OH&S in mind. That includes scheduling risk assessments, pre-starts, and site inductions before work begins. If something goes wrong, auditors will ask who was supposed to be managing that area.
Update Your System When Things Change
Finally, your system must keep pace with change. A restructure, a new worksite, or updated legislation can all affect how your OH&S system works. You must review your context regularly and update your documents, responsibilities, and procedures to reflect the new reality.
This section sets the foundation for your ISO 45001 audit checklist. If you get the context right, everything that follows becomes more practical and grounded.
2. Leadership
The effectiveness of your OH&S management system begins with leadership. It is not optional. Top management must lead the way. The ISO 45001 audit checklist places a clear obligation on those at the top to take ownership of the system and its outcomes.
Take Full Accountability
Executives and directors must accept responsibility for the health and safety performance of the business. They must not delegate this duty to safety officers or site supervisors. Leadership accountability is a legal requirement and, under the Industrial Manslaughter Law in NSW, it could carry serious personal consequences if ignored.
Your leadership team must show evidence of active involvement. That means setting direction, approving objectives, reviewing performance, and providing resources. If auditors ask who owns the OH&S system, you must be able to point directly to top management.
Set a Policy That Supports the Business
You need a written OH&S policy that reflects your actual business goals. It must show a commitment to prevent injury, protect workers, meet compliance duties, and improve performance over time. This policy cannot be generic. It must connect clearly with the nature of your work and the risks your people face.
Auditors will check whether your workers understand the policy. They will also want to know how your leadership team reviews and updates it.
Make Communication Clear and Two-Way
Information must flow up, down, and across the organisation. That includes toolbox talks, safety alerts, management meetings, and digital updates. Everyone must have access to current information about risks, rules, and responsibilities. Just as importantly, your workers must feel safe to speak up.
Leadership must listen. This applies across all roles and departments. Whether someone works in admin or operates heavy equipment, they must feel confident to report hazards, near misses, or system failures without fear.
Keep Procedures Alive in Daily Work
Leadership must make sure procedures are not just documents on a shelf. They must become part of daily activity. This means setting the tone through visible actions. Managers must follow the same safety steps expected of their teams. Supervisors must check compliance during normal site visits. Executives must support systems that track, report, and review compliance.
Auditors will often ask, “How do you know this procedure is followed every day?” Your answer must include more than a sign-off sheet.
Encourage Risk-Based Thinking
Everyone in the business must understand how to think and act with risk in mind. This starts with leaders. They must promote a mindset that sees hazards before they become incidents. You must encourage teams to assess tasks before starting, question assumptions, and use structured tools to identify risks.
You can support this with systems that make it easy to report and review risks in real time. But first, managers must model this behaviour. Auditors will look for signs that risk awareness is embedded, not just discussed during audits.
Assign Clear Roles for Decision-Making
The system must identify who has the authority to make which decisions. This includes approvals, sign-offs, incident responses, and process reviews. People must know what they are responsible for and who they report to. If there is a hazard on-site, your team must know who to call, who investigates, and who signs off the corrective action.
This is where documented responsibilities matter. But documents alone are not enough. Leaders must check that people understand their roles and that the structure works in practice.
Leadership is not a checkbox. It shapes the strength and reliability of the entire system. The ISO 45001 audit checklist reflects that with detailed focus on leadership behaviour, communication, and accountability.
3. Planning
Planning gives your safety management system direction. Without it, your actions become reactive. A strong plan helps you control risks, meet your legal duties, and keep workers safe. The ISO 45001 audit checklist expects clear evidence that you have planned your approach to health and safety, not guessed it.
Identify Risks and Opportunities in Context
Start by understanding the environment your business operates in. Consider legal requirements, customer expectations, industry trends, and internal processes. Then look at who is affected. This includes workers, contractors, regulators, neighbours, and clients.
From there, identify what could go wrong. These are your risks. Also consider what could improve safety outcomes. These are your opportunities. You must document both. You also need to show how you assessed each one and why certain risks or opportunities matter more than others.
Auditors will want to see that you used real-world information, not just a template. If you’ve had incidents in the past, those risks must appear in your assessment.
Set Objectives You Can Measure
Objectives must be clear and measurable. Avoid vague targets like “improve safety culture.” Instead, write goals that you can track. For example, “reduce manual handling injuries by 30% within 12 months” or “complete 100% of pre-start checks before 8 a.m.”
For each objective, set actions. Assign someone to complete them. Set deadlines. Monitor progress. Objectives must match your risks and reflect the actual needs of your business.
Auditors will ask, “Why did you choose these objectives?” Your answer must link back to your risk assessment and the outcomes you want to achieve.
Make Planning Part of Business Decisions
You must be able to show that your OH&S planning is not isolated from the rest of your business. It must be part of how you manage people, projects, assets, and suppliers. When you make changes, such as buying new equipment or expanding into a new location, you need to update your planning to reflect new risks and new opportunities.
This is not a once-a-year activity. Planning must be active and responsive. When the business changes, the plan changes with it.
The ISO 45001 audit checklist includes specific questions about how your system adapts over time. You must show that safety remains part of business planning, not something added on afterwards.
Strong planning creates clarity. It guides decisions. It turns risk awareness into action. And it keeps your workers safer, every day.
4. Support
Support gives structure to your planning and turns your intentions into action. The ISO 45001 audit checklist looks closely at how you support your safety processes—starting with the basics.
Allocate Resources That Match the Risk
You must assign enough people, time, and tools to run your safety system. This means qualified staff, proper equipment, and safe working conditions. Resources must match the risks you’ve already identified. For example, if you work with hazardous substances, you need monitoring equipment and PPE ready to go. Your safety management software can help track what’s been allocated, what’s missing, and where action is overdue.
Maintain Infrastructure That Meets Legal and Safety Standards
Keep your equipment, buildings, and systems in working order. This is more than reactive maintenance. You need to plan inspections, schedule servicing, and respond to alerts. If you skip this step, you risk breakdowns, fines, and harm to your workers.
Show the auditor that you keep records. Document every inspection, repair, and test. If you can’t prove it, it didn’t happen.
Train Everyone to Do the Job Safely
Every employee must be competent to do their work without putting themselves or others at risk. That means training isn’t optional. You must provide it, record it, and review it. Managers need training too, especially if they supervise others or make safety decisions.
Training must match the task. For example, working at heights, handling chemicals, or operating machinery each require specific instruction. Keep it practical. Keep it current.
Make Everyone Aware of Their Role
Your staff must understand their part in achieving your safety goals. This is not just about job descriptions. You must explain why safety matters, what’s expected of them, and how their actions affect others.
You also need to show that people follow procedures. Awareness without action does not meet the standard.
Communicate Clearly—Inside and Out
Communication must flow both ways. Workers need access to procedures, alerts, and updates. They must also be able to report issues or suggest improvements.
You must also think about who outside your business needs information. Contractors, clients, emergency services, and visitors may all require specific instructions or documents.
Keep it clear, consistent, and timely.
Control Your Documents
You must manage your documented information carefully. This includes policies, procedures, forms, checklists, and records. You must know where they are, who can access them, and which version is the most current.
The ISO 45001 audit checklist will require you to show that documents are up to date, easy to retrieve, and securely stored. If documents change, the system must track those changes.
Support is about giving your people the tools, information, and guidance they need to keep each other safe.
Related: How to Handle ISO 9001 Document Control Requirements
5. Operation
Operation is where your system becomes action. This part of the ISO 45001 audit checklist looks closely at how your business controls risks in real time, especially during day-to-day tasks, contractor activities, and emergencies.
Control How Work Gets Done
You must establish clear procedures for work that affects health and safety. This includes routine operations and non-routine activities like maintenance, cleaning, or inspections. You must define what the job involves, what could go wrong, and what controls are in place.
Supervisors must monitor work as it happens. Spot checks, sign-offs, and access to current procedures help maintain control.
Manage Changes Before They Happen
Changes will happen, whether you plan them or not. You could get new equipment, improve your processes, or use new materials.
You need a process that identifies potential hazards before any change takes place. This includes reviewing existing risk controls and updating them if needed. Your team must assess unintended changes too, anything from a last-minute contractor swap to a power outage on site. If the change affects safety, you must document, review, and approve it before work resumes.
Keep Contractors Under Control
Contractors carry risk. You are responsible for ensuring their work meets the same standards as your internal team. You must check their qualifications, review their Safe Work Method Statements, and confirm they understand your site rules.
Your system must show that you have vetted their insurances, licences, and past performance. Before they start work, train them on your emergency procedures and relevant risks. During the job, monitor their activities. Keep records of everything.
Prepare for Emergencies and Practice the Response
Emergencies expose weak systems. Your emergency procedures must match the hazards at your workplace. They could be fire, chemical spill, serious injury, or natural disaster.
Write a procedure for each type of event. Make sure staff know what to do and where to go. Practice the response. Record every drill and update your plan when something doesn’t work.
Your team must respond fast and follow instructions under pressure. You need to give them the tools to do that.
Operation shows how well your safety system works when conditions change or pressure hits. Get it right and you protect both people and your business.
6. Performance Evaluation
Once your safety system is in place, you need to know if it actually works. ISO 45001 requires more than just paperwork. You must track performance, evaluate results, and act on what you find.
Monitor and Measure OH&S System Performance
Set clear criteria for what good performance looks like. This may include incident rates, audit results, training completion, or hazard reports. Make sure the data is accurate and up to date. Assign someone to monitor it regularly. Do not wait for things to go wrong before you pay attention.
If your system includes digital reporting, you can streamline this step. Reliable data makes it easier to make fast, informed decisions.
Analyse the Data and Respond
Collecting data is only the first step. You must review it, look for patterns, and pot warning signs. Are your risks reducing over time? Are certain teams reporting more near misses? Is one site performing below standard?
Turn the data into action, update controls, offer retraining, and change procedures. Every result must lead to a decision. That’s what separates ticking boxes from running a working system.
Schedule and Conduct Internal Audits
Internal audits test the system from the inside. You check whether your people are following procedures and whether those procedures are still fit for purpose. Assign trained auditors who understand both ISO 45001 and your operations.
Plan audits ahead. Use a schedule and spread them out over the year. Make sure the audit covers each section of your system, including high-risk areas.
Do not fix issues in isolation. Look for root causes. Review if the process needs to change. Keep records of what you found and what you did about it.
Identify Weaknesses and Raise Them in Reviews
Management reviews exist to test whether your system supports your business goals. Use them to highlight gaps, errors, or repeated problems. Bring data from audits, inspections, and incident reports.
Invite the right people. Include someone who understands the data and someone who can approve changes. Make decisions and follow through. Record actions and assign deadlines.
This process links your day-to-day operations to strategic decisions. It helps your system grow stronger over time.
Keep Improving
ISO 45001 is built around continuous improvement. That means you need a clear process to review, act, and refine your system over time.
Every part of the performance evaluation should feed into this. Each audit, each management review, each data point helps you make better decisions. This builds a safety system that adapts to change, supports your workers, and protects your business.
The ISO 45001 audit checklist points to performance evaluation as a key area of compliance. If you take it seriously, you don’t just avoid fines. You build a system that keeps getting better.
7. Improvement
You cannot build a safe workplace without committing to ongoing improvement. The ISO 45001 audit checklist expects you to do more than maintain. You must look for ways to strengthen your system every day.
This starts with knowing what needs fixing. Then you need a method to fix it. The goal is to increase the system’s suitability, adequacy, and effectiveness. That means making sure it’s still relevant, strong, and doing the job it was designed to do.
Find the Weak Spots and Fix Them
Weaknesses show up in different ways. You might see a pattern in incident reports. You might find the same issue during multiple audits. Or you might spot gaps during day-to-day work.
Once you identify a weakness, act on it. Do not ignore small problems. They become big ones if left alone. Investigate the cause. Correct the issue. Review the surrounding process to make sure it doesn’t happen again.
Good systems leave no gap unexamined. Great systems close those gaps fast.
Treat Non-Conformities with a Defined Process
When something does not meet your standard, record it. Treat each non-conformity the same way. Use a consistent, documented process. That means logging the issue, investigating it, finding the root cause, and assigning corrective actions.
Make sure someone takes responsibility for follow-up. Track those actions to completion. Confirm the fix works before you close the record. Keep the evidence ready. This process shows auditors that your system is active and accountable.
It also helps protect you from repeat problems and future fines.
Improve Suitability, Adequacy, and Effectiveness
Suitability means your system fits your business. Adequacy means it covers all the required areas. Effectiveness means it delivers results.
To improve in these areas, you need regular reviews, feedback from users, and practical changes. Ask yourself: Does this still work for how we operate now? Are we still meeting legal and company requirements? Are people following the system, or working around it?
Make adjustments where needed. Prioritise changes that reduce risk and improve outcomes. Focus on what works. Keep the system clear and useful.
Get Employees Involved
People doing the work each day know exactly what holds up progress and what helps things run smoothly. Bring them into your reviews. Ask for feedback regularly. Encourage them to report issues, even small ones. Make it clear that their insights matter.
People speak up when they believe their input leads to action. When someone flags a concern or suggests a better way, respond quickly. Fix the issue if needed, and let everyone see the outcome. That simple act builds trust and strengthens the system from the inside.
Continuous improvement depends on a workplace culture where everyone is involved and committed. When your workers see that their contribution shapes how the system grows, they stay engaged. That kind of participation is one of the key drivers of operational excellence.
If your workers believe in the system, they will support it. More than that, they will improve it.
ISO 45001 expects that improvement is not a once-off project. It is part of everyday work. When you build it into your processes, you move closer to real safety and strong IMS certification.
Takeaway Message
Meeting the requirements of the ISO 45001 audit checklist is not just about avoiding penalties. It’s about protecting your people, building trust in your processes, and setting a clear standard for how work gets done safely. Every section of this checklist, from leadership to improvement, exists to help you manage risks before they become incidents.
Your health and safety system should not sit on a shelf. It should work every day in your planning, in your fieldwork, in how you respond to problems and how you learn from them. Whether you’re aiming for IMS certification or simply want to run a safer, more reliable operation, this checklist gives you the structure to do both.
Follow it with discipline. Review it often. Let it guide your actions, not just your paperwork. When safety becomes a habit, compliance follows.
