05. Mar 2019

Our experience so far

One year ISO 45001:2018

Written by 

Eckehard Bauer, MSc
Executive Vice President Business Development Risk and Safety, Security, Business Continuity, Transport
auditor, trainer

About one year ago, ISO 45001:2018 was published and Quality Austria was the first certification body in Austria who obtained the corresponding accreditation. During this first year, Quality Austria has certified more than 200 companies according to ISO 45001.

As it turned out, the greatest challenge was not found in ISO 45001, which is strongly aligned with ISO 9001 and ISO 14001, but rather in meeting the stringent requirements of IAF MD 22:2018 (a mandatory document, published by the international accreditation forum, which must be implemented by certification bodies).

The following three issues arose in the framework of ISO 45001 audits or specific ISO 45001 trainings and were particularly challenging for our clients:

ISO 45001:2018

Especially the term „WORKER” is often equated with the term employee. However, in ISO 45001, a „worker” is defined as any “person performing work or work-related activities that are under the control of the organization“. This also includes workers employed by the organization, workers of external providers, contractors, individuals, agency workers etc.

It is not required that certified organizations modify their established terms, which are aligned with the respective national law. It is sufficient to note in a documented information, that the term „worker“ not only refers to own employees but also to workers of external providers, contractors etc. performing work or work-related activities on behalf of the organization.
Leadership and „WORKER PARTICIPATION”, Clause 5 in the Standard, refers to the various elements of consultation and participation of workers. It can be distinguished between workers employed by the organization, workers of external providers or contractors.

A key element of worker participation in organizations with more than 100 workers is, for example, an employee protection committee (in Austria: ASA). The Standard does not require that the management now has to decide together with workers on the company strategy, but to „consult” their workers when taking a decision on relevant OH&S topics.
The definition of the term „INCIDENT” is broader than the one of an accident, as it refers to an „occurrence arising out of, or in the course of, work that could or does result in injury or ill health”. Occurrences that could or do result in ill health must be taken into account! (These include, for example, the exposure to chemicals or working conditions that result in occupational illness etc. and must be considered!).

IAF MD 22:2018

IAF MD 22:2018 applies for certification acc. to BS OHSAS 18001, AUVA SGM and ISO 45001.

In the following, the key requirements for implementing IAF MD 22 are summarized:

Prior to making an offer, Quality Austria is obliged to review the facts on basis of a corresponding document, in addition to the qualityaustria General Terms and Conditions, specific OH&S Terms and Conditions have to be agreed with the customer, containing information about legal enforceability of the requirements placed by IAF MD 22 (for example, reporting obligation in case of incidents / legal infringements).

The organization shall inform the certification body, without delay, of the occurrence of serious incidents or breach of regulation necessitating the involvement of the competent regulatory authority. Note to the vague formulation of MD 22:
All these topics may only refer to „Occupational Health and Safety” (for example, a serious incident with reporting obligation acc. to Railway law is not relevant – but there must be „information on incidents such as a serious accident, or a serious breach of regulation related to occupational health and safety” for which the certified organization is responsible.

The Labor Inspectorate is a relevant „competent regulatory authority“.

Our current definition for serious incident that requires notification to the regulatory authority is „Accident > 24 days or fatal accident“ or equivalent serious breach of regulations „more than 5.000 Euro in fine” Attention: only in relation to Occupational Health and Safety.


Notification by the certified organization

The certified organization shall inform the certification body without delay, as soon as it has clarity on the extent of the incident or breach of regulation.
This information must be entered in the respective qualityaustria document or in an internal document showing „what has happened” and whether „the management system has seriously failed”.
The information must be sent to office(at)qualityaustria.com.

Quality Austria then decides together with the auditor and the auditee and in accordance with the requirements of MD 22 on the further procedure. However, this decision is based on facts valid for legal purposes; (assessing whether the breach of regulation has an impact on the occupational health and safety management system can only be taken after a recognized judgment)
In the course of the next audit, the auditor will review and discuss the “incident / breach” and record it accordingly in the audit documentation.

The topic of occupational health and safety must be discussed during the opening meeting.

Audit partner – audit interview

Planning interviews (if relevant) outside of regular office hours (e.g. shift work).

Note: It is not necessary to audit night shifts. If regular working time is, for example, from 9:00 am to 2:30 pm, the company inspection tour should be planned so that auditing of production can be done before 9:00 am or after 2:30 pm.

  • Contact persons obliged to participate in the audit and in the closing meeting (*)
  • Management with legal responsibility for Occupational Health and Safety (e.g. manager in terms of commercial law, responsible representatives such as fire prevention officers etc.)*
  • employee’s representatives with responsibility for Occupational Health and Safety (e.g. safety representative, safety expert, member of the works council etc.)*
  • personnel responsible for monitoring employees‘ health (for example occupational physician, emergency response officers, first aiders etc.)*
  • managers and permanent and temporary employees;

Note: The persons marked with an asterisk (*) must also participate in the closing meeting.



Mr. Eckehard Bauer, MSc

Executive Vice President Business Development Safety Management, Business Continuity, Risk, Security, Compliance and Transport

News & Events

The basis for long-term success!

19. Feb 2021

Emergency – Emergency preparedness and response – Emergency response capability → protects human lives!

Preparation in theory and practice is essential!

Learn more
09. Feb 2021

New EU database for pollutants: Experts expect positive effects on the Circular Economy

Tips on Circular Economy

Learn more
29. Jan 2021

Health Expert Dr. Günther Schreiber suggests: Eight steps to manage mental stress in the Workplace

Business continuity

Learn more
14. Jan 2021

The Top 5 insights from 2020 – from a different perspective

Lessons Learned

Learn more
13. Jan 2021

Revision PEFC CoC

New Year’s News

Learn more
21. Dec 2020

Occupational health and safety of workers – more important than ever?

Business continuity

Learn more
15. Dec 2020

IATF 16949 audits in times of the COVID-19 pandemic

When may an IATF 16949 audit take place remotely?

Learn more
11. Dec 2020

Remote Audits

Fundamentals, potentials and risks

Learn more
19. Oct 2020

The right training makes the difference

Train for your success

Learn more
15. Oct 2020

VCK Quality Day 2020

International & digital conference

Learn more
14. Oct 2020

IFS FOOD VERSION 7 is published!

What is new, what can we expect?

Learn more
09. Oct 2020

Digitalization – Quality in the age of Industry 4.0

Quality 4.0

Learn more
+43 732 34 23 22