Introduction
ISO 45001 is the international standard for occupational health and safety (OHS) management systems. It's designed to help organisations manage health and safety risks, protect workers from hazards, and create safer, healthier workplaces. Unlike its predecessor OHSAS 18001, ISO 45001 requires a more systematic, risk-based approach to organisational health and safety.
The standard applies to any organisation, regardless of size or sector, that wants to establish, implement, and maintain an effective OHS management system. For medium-to-large enterprises, especially those in regulated industries like financial services, ISO 45001 certification often becomes a business necessity; it demonstrates due diligence to regulators, reassures stakeholders, and reduces liability exposure.
How Does ISO 45001 Differ From ISO 45003?
It's important to clarify the distinction between ISO 45001 and ISO 45003, as organisations often implement both.
ISO 45001 is a comprehensive occupational health and safety management system standard. It covers all workplace hazards, both physical (machinery, chemicals, ergonomic factors) and psychological (work-related stress, burnout, workplace harassment).
ISO 45003 is a narrower, specialised standard focused exclusively on managing psychosocial risks and promoting mental wellbeing at work. It provides detailed guidance on identifying and controlling psychosocial hazards such as workload, job control, organisational change, and interpersonal conflict.
In practice, ISO 45001 is the broader framework; ISO 45003 is a targeted supplement that organisations use to address the human and psychological dimensions of occupational health and safety. Both standards require evidence collection, but the types of evidence differ. Whilst ISO 45001 demands evidence across all hazard types, ISO 45003 is specifically concerned with psychosocial hazard data.
This article focuses on ISO 45001 and how modern tools like SolasOS can automate evidence collection, particularly for the psychosocial and human aspects that are increasingly critical to compliance and workplace safety.
The Challenge: Evidence Collection for ISO 45001
One of the biggest obstacles to achieving and maintaining ISO 45001 certification is demonstrating compliance through credible, comprehensive evidence. Auditors expect organisations to show that they have:
Identified and assessed all significant hazards
Consulted workers meaningfully on health and safety matters
Implemented and monitored controls
Trained staff appropriately
Measured and evaluated the effectiveness of their OHS management system
Traditionally, this evidence comes from paper records, email trails, survey responses, meeting minutes, and periodic audits. The process is time-consuming, fragmented, and often reactive. As organisations grow to 2,000+ employees, managing this evidence manually becomes nearly impossible.
SolasOS addresses this challenge by automating evidence collection at scale, particularly for the human and psychosocial dimensions of OHS risk that traditional compliance approaches often overlook.
Clause-by-Clause: Meeting ISO 45001 Requirements
Below, we examine the key ISO 45001 clauses where evidence collection differs significantly when adopting SolasOS.
Clause 4.2: Understanding the Needs and Expectations of Workers and Other Interested Parties
What the Requirement Asks For
Organisations must determine who their interested parties are (workers, contractors, customers, regulators, unions, etc.) and understand their needs and expectations relating to health and safety. This understanding must inform the organisation's OHS strategy.
What Auditors Expect
Auditors look for documented evidence that you've identified interested parties, consulted them about their OHS expectations, and used these insights to shape your management system. This might include stakeholder lists, consultation meeting records, or survey findings.
Collecting Evidence Manually
Traditionally, organisations gather this evidence through periodic surveys, focus groups, or consultation sessions. HR might send out a health and safety questionnaire once or twice a year, capturing static snapshots of worker sentiment. The problem: surveys are expensive, suffer from low response rates, and quickly become outdated. They often fail to capture emerging concerns or the nuanced expectations of different employee groups.
Collecting Evidence with SolasOS
SolasOS continuously monitors internal communications—emails, chat messages, team discussions—to identify what workers are actually concerned about regarding safety, wellbeing, and organisational health. By analysing communication patterns and sentiment, SolasOS reveals the real, ongoing expectations of your workforce in real time. You can generate audit-ready reports showing the concerns raised by different departments, roles, and demographics, demonstrating that you understand your workers' needs far more comprehensively than a traditional survey ever could.
Clause 5.4: Consultation and Participation of Workers
What the Requirement Asks For
Workers must be genuinely consulted on health and safety matters, and their participation in developing OHS policies and procedures must be documented. This is not a box-ticking exercise; the standard expects meaningful engagement.
What Auditors Expect
Auditors want evidence that workers were consulted before major safety decisions, that their input was considered, and that mechanisms exist for ongoing worker participation. Meeting minutes, consultation feedback forms, and records of actions taken based on worker input are typical evidence.
Collecting Evidence Manually
Companies typically hold health and safety committee meetings quarterly or annually, with minutes documenting attendees and topics discussed. Participation is limited to a small group of representatives. Many workers never directly contribute to OHS decisions; their voice is filtered through a committee structure that may not represent their true concerns.
Collecting Evidence with SolasOS
SolasOS provides a continuous, organisation-wide channel for worker input. By analysing workplace communications, SolasOS identifies what workers are discussing, worrying about, and suggesting regarding safety and wellbeing. The platform captures genuine, unfiltered worker sentiment and concerns. For audits, you can produce detailed reports showing how worker feedback was gathered, analysed, and acted upon, with far greater scope and authenticity than traditional consultation meetings could ever demonstrate.
Clause 6.1.2: Hazard Identification and Assessment of Risks and Opportunities
What the Requirement Asks For
Organisations must systematically identify hazards, assess the associated risks, and identify opportunities to improve OHS performance. This includes physical, chemical, biological, ergonomic, and psychosocial hazards.
What Auditors Expect
Auditors expect a documented hazard register, risk assessments for significant hazards, and evidence that the identification process was comprehensive and ongoing. For psychosocial hazards specifically, auditors increasingly expect data-driven identification, not guesswork.
Collecting Evidence Manually
Many organisations rely on historical hazard registers, job safety analyses, or annual risk assessment workshops. Psychosocial hazards are often identified through reactive channels: complaints, incident reports, or exit interview feedback. The result is an incomplete picture; you catch only the hazards that workers have complained about, missing the silent risks (burnout, disengagement, interpersonal tension) that don't always surface until they become serious.
Collecting Evidence with SolasOS
SolasOS identifies psychosocial hazards proactively by analysing communication patterns and sentiment across the organisation. It can detect early warning signs of burnout, workplace conflict, excessive workload, and disengagement by examining how people communicate, the language they use, and shifts in sentiment over time. This provides auditors with concrete, data-driven evidence that your organisation identifies hazards comprehensively and continuously, not just reactively. Your hazard register becomes dynamic, updated by real workplace signals rather than static assessments.
Clause 7.2: Competence
What the Requirement Asks For
Organisations must ensure that all persons performing work relevant to OHS are competent, based on appropriate education, training, and experience. Evidence of competence must be maintained and updated.
What Auditors Expect
Training records, qualifications, competency assessments, and evidence that training is effective and regularly refreshed. Auditors want proof that people know what they're supposed to do and are actually doing it.
Collecting Evidence Manually
HR maintains training records: certificates, completion dates, and attendance sheets. But there's a gap between completing a training course and actually being competent in day-to-day work. Many organisations struggle to measure whether training translates into behaviour change and genuine competence.
Collecting Evidence with SolasOS
SolasOS provides retroactive analysis of communications to measure whether trained behaviours are actually being applied. For example, after a mental health awareness training programme, SolasOS can analyse whether employees are discussing mental health more openly, using supportive language, or referring colleagues to support resources. You can generate reports showing the impact of training on actual workplace behaviour and culture, demonstrating true competence and effectiveness. This goes far beyond a training attendance certificate.
Clause 7.3: Awareness
What the Requirement Asks For
Workers must be aware of the OHS policy, their roles and responsibilities, and the potential consequences of non-conformance with OHS requirements. Organisations must create and maintain awareness throughout the workforce.
What Auditors Expect
Evidence that awareness campaigns have been launched, that messages have reached the intended audience, and that understanding has been verified. Auditors want proof that awareness isn't just a one-off email, but sustained, embedded in the culture.
Collecting Evidence Manually
Typically, organisations conduct awareness campaigns through email blasts, posters, or intranet announcements, then maybe administer a quiz to test understanding. But measuring sustained awareness across a large, diverse workforce is difficult. You might know that 80% opened the email, but do employees remember the message a month later? Do they apply it in their daily work?
Collecting Evidence with SolasOS
SolasOS monitors ongoing workplace communications to measure whether OHS messages and awareness topics are being discussed, understood, and embedded in everyday conversations. For instance, if you've launched a campaign about respectful workplace behaviour, SolasOS can track whether employees are using supportive language, discussing the initiative, and applying it in team interactions. You'll have continuous, evidence-based proof that awareness has been created and sustained, not just launched.
Clause 7.4: Communication
What the Requirement Asks For
The OHS management system must include processes for internal and external communication on OHS matters. Internal communication must be timely, relevant, and understood by the workforce.
What Auditors Expect
Evidence that communication channels exist, that messages are transmitted, and that feedback mechanisms allow workers to raise concerns. Auditors want to see that the organisation listens as well as communicates.
Collecting Evidence Manually
Organisations typically document communication through email distribution lists, meeting agendas, and feedback forms. But measuring whether internal comms are truly effective, timely, and understood is subjective. You might send a safety memo, but whether people read, understand, or act on it remains unclear.
Collecting Evidence with SolasOS
SolasOS measures the actual effectiveness of OHS communications by analysing how messages ripple through the organisation, how employees discuss and respond to them, and what feedback emerges. You can see which safety messages resonate, which departments engage, and where communication gaps exist. For auditors, you'll have data-driven evidence showing that communication is not just transmitted, but genuinely effective and responsive to worker needs.
Clause 8.1.2: Eliminating Hazards and Reducing Occupational Health and Safety Risks
What the Requirement Asks For
Organisations must implement control measures to eliminate hazards or reduce risks. Controls should be implemented in a planned manner and their effectiveness monitored.
What Auditors Expect
Evidence that controls are in place, being used, and working. This includes implementation plans, monitoring records, and evidence of effectiveness verification.
Collecting Evidence Manually
Organisations document control implementation through project plans and completion records. Ongoing monitoring is often sporadic: annual audits, spot checks, or incident investigations. This reactive, periodic approach means you may not detect control failures until something goes wrong.
Collecting Evidence with SolasOS
SolasOS enables continuous monitoring of whether controls are being applied and are effective. For example, if you've implemented stress management controls (flexible working, workload reviews, mentoring), SolasOS can monitor whether these initiatives are actually reducing burnout signals and improving wellbeing sentiment in real time. You'll have ongoing evidence that controls are not just implemented, but actively working to reduce risks. This is far superior to periodic audits for demonstrating continuous control effectiveness.
Clause 8.1.3: Management of Change
What the Requirement Asks For
Before implementing significant organisational changes, the impact on OHS must be assessed. Changes to processes, structure, responsibilities, or systems must be evaluated for OHS implications.
What Auditors Expect
Evidence that change impact assessments are conducted, that potential OHS risks are identified and mitigated, and that workers are informed and supported through change.
Collecting Evidence Manually
Change management typically involves a documented change process and impact assessment form. But assessing the OHS impact of organisational change (restructuring, new systems, role changes) is often superficial, and monitoring how change actually affects worker wellbeing is rare.
Collecting Evidence with SolasOS
SolasOS provides before-and-after analysis of how organisational changes affect worker wellbeing and safety. When a significant change is implemented (such as a merger, system migration, or restructure), SolasOS can track shifts in sentiment, stress indicators, engagement, and communication patterns before and after the change. This provides auditors with concrete evidence that you've assessed change impact on OHS and monitored its actual effects on the workforce. You'll quickly identify whether additional support or controls are needed.
Clause 9.1: Monitoring, Measurement, Analysis and Evaluation
What the Requirement Asks For
Organisations must determine what needs to be monitored and measured, how it will be monitored and measured, when results will be analysed and evaluated, and how results will be communicated.
What Auditors Expect
A documented monitoring and measurement plan, regularly collected data, analysis and reporting of results, and evidence that insights drive improvement decisions.
Collecting Evidence Manually
Traditional OHS monitoring relies on incident reporting, inspection checklists, and periodic surveys. Data is collected sporadically and analysed after the fact. Insights take months to surface and are often historical rather than forward-looking.
Collecting Evidence with SolasOS
SolasOS provides continuous, real-time monitoring and measurement of OHS performance, particularly the human and psychosocial dimensions. Rather than waiting for quarterly reports or annual surveys, you have ongoing dashboards tracking wellbeing sentiment, engagement, stress indicators, and cultural shifts. Analysis is automated, and insights emerge immediately. For audits, you'll demonstrate a far more sophisticated, data-driven approach to monitoring and evaluation than most competitors.
Clause 9.1.2: Evaluation of Compliance
What the Requirement Asks For
Organisations must evaluate compliance with legal and other requirements relating to OHS, and take action to address any non-conformities.
What Auditors Expect
Evidence that legal and regulatory requirements are identified, that compliance is regularly checked, and that non-conformities are documented and corrected.
Collecting Evidence Manually
Compliance evaluation typically involves annual or bi-annual internal audits, legal requirement tracking spreadsheets, and corrective action logs. Gaps between non-conformity detection and resolution can be significant.
Collecting Evidence with SolasOS
SolasOS enables early detection of emerging compliance risks by monitoring for patterns that suggest non-compliance (such as communication patterns indicating harassment, discrimination, or unsafe behaviour). Combined with traditional audit data, SolasOS provides a more comprehensive compliance picture and earlier warning of problems. You can demonstrate proactive, data-informed compliance monitoring rather than reactive auditing.
Clause 10.2: Nonconformity and Corrective Action
What the Requirement Asks For
When non-conformities are identified, organisations must determine causes, implement corrections and corrective actions, evaluate their effectiveness, and update OHS risks if necessary.
What Auditors Expect
Records of identified non-conformities, investigation findings, corrective actions taken, evidence of effectiveness, and preventative measures to stop recurrence.
Collecting Evidence Manually
Non-conformities are typically identified through incident reports, audit findings, or complaints. Investigation and corrective action are documented in reports, but proving that corrective actions have worked often relies on follow-up audits months later.
Collecting Evidence with SolasOS
SolasOS enables faster identification of non-conformities through early warning signals in communication and sentiment data, allowing earlier intervention. More importantly, SolasOS can measure the effectiveness of corrective actions by tracking whether targeted interventions actually change behaviour and improve conditions. For example, if you've identified and corrected a communication breakdown in a team, SolasOS can measure whether communication quality has genuinely improved post-intervention. This provides auditors with concrete evidence that your corrective actions are effective, not just documented.
Summary Table: Manual vs SolasOS Approaches
Clause | Requirement Focus | Manual Approach | SolasOS Approach |
4.2 | Worker expectations | Periodic surveys (1-2x yearly) | Continuous sentiment monitoring, real-time insights |
5.4 | Worker consultation | Quarterly meetings, committee minutes | Ongoing communication analysis, broad participation signals |
6.1.2 | Hazard identification | Reactive incident reports, annual assessments | Proactive psychosocial hazard detection, continuous monitoring |
7.2 | Competence | Training certificates, attendance records | Behaviour change measurement, retroactive analysis of application |
7.3 | Awareness | Email campaigns, comprehension quizzes | Sustained awareness tracking through communication patterns |
7.4 | Communication | Email logs, meeting minutes | Effectiveness measurement, two-way feedback analysis |
8.1.2 | Risk control | Annual audits, incident investigations | Real-time control effectiveness monitoring |
8.1.3 | Change management | Change impact forms | Before-and-after wellbeing measurement, risk tracking |
9.1 | Monitoring & measurement | Quarterly or annual reporting | Continuous, automated analysis with real-time dashboards |
9.1.2 | Compliance evaluation | Annual internal audits | Proactive risk detection, early warning signals |
10.2 | Corrective action | Post-incident investigation | Rapid identification, effectiveness measurement post-intervention |
Why This Matters
ISO 45001 certification is increasingly expected by regulators, customers, and investors. But compliance should never be merely about ticking boxes for auditors. The real value lies in building a workplace where hazards are genuinely managed, workers are protected, and wellbeing is sustained.
Traditional evidence collection approaches often focus on what's easy to document: training records, meeting minutes, incident reports. But they leave significant gaps, particularly around the human and psychosocial dimensions of workplace safety. Burnout, disengagement, interpersonal conflict, and cultural issues often go undetected until they escalate into serious incidents, grievances, or resignations.
By automating evidence collection through SolasOS, organisations move from reactive, periodic assessment to proactive, continuous monitoring. You'll not only meet ISO 45001 requirements more effectively; you'll genuinely reduce OHS risks, create a safer culture, and demonstrate your commitment to worker wellbeing in a way that auditors and employees can both recognise.
Getting Started
If your organisation is pursuing ISO 45001 certification or is already certified but struggling with evidence collection and continuous improvement, SolasOS can help. Our platform automates the collection and analysis of evidence across the human and psychosocial dimensions of occupational health and safety, turning workplace communication data into actionable insights for compliance and risk management.
To learn more about how SolasOS can streamline your ISO 45001 compliance and strengthen your OHS management system, get in touch with our team today. We work with medium-to-large enterprises across regulated industries to ensure that health and safety management is not just compliant, but genuinely effective.
Footer/CTA
Ready to simplify ISO 45001 compliance and strengthen your OHS culture?
Contact Solas Technologies to discover how SolasOS automates evidence collection and enables continuous safety management at scale.