4Context of the organisation
Identify internal and external issues, interested parties (workers, regulators, contractors, communities), and the scope and boundaries of your OH&S management system. Auditors expect a documented context analysis and a defined scope statement.
5Leadership & worker participation
Top management must demonstrate leadership, publish an OH&S policy, assign roles and authorities, and — uniquely to ISO 45001 — provide mechanisms for consultation and participation of non-managerial workers. This is the clause new implementers most often underestimate.
6Planning: risks, opportunities & objectives
Assess OH&S risks and opportunities, identify legal and other requirements, and set measurable OH&S objectives with plans to achieve them. Hazard identification must be ongoing, proactive, and cover routine and non-routine activities, human factors, and change.
7Support: resources, competence, awareness, communication
Provide the people, infrastructure, and information the system needs. Evidence competence (training records, qualifications), awareness (workers understand the policy and their contribution), and internal + external communication (what, when, to whom, how).
8Operation: controls, MoC, procurement, emergency
Plan, implement, and control the operational processes needed to meet requirements. Includes the hierarchy of controls, management of change, procurement (including contractors and outsourcing), and emergency preparedness and response with periodic drills.
Monitor, measure, analyse, and evaluate OH&S performance. Includes evaluation of compliance, internal audit programme, and management review. Certification bodies scrutinise this clause heavily — 'we don't measure it' is a fast route to a major nonconformity.
Manage incidents and nonconformities, take corrective action, and continually improve the suitability, adequacy, and effectiveness of the OH&S management system. Root cause analysis and effectiveness verification of corrective actions are explicit requirements.