ISO 45001:2018 defines a systematic OH&S management framework that explicitly incorporates structured incident investigation and corrective action. Clause 10.2 (“Incident, nonconformity, and corrective action”) requires organizations to establish processes for reporting, investigating, and correcting incidents and nonconformities. This ensures incidents are documented, root causes are identified, and preventive actions are implemented – closing the loop of the PDCA cycle. By embedding these requirements into an OH&S management system, organizations turn incidents into learning opportunities, bolstering compliance and driving continual improvement in safety performance.
Key Requirements of ISO 45001 Clause 10.2
ISO 45001’s Clause 10.2 mandates a comprehensive incident management process. Key elements include:
- Process establishment: Organizations must establish, implement, and maintain processes for incident and nonconformity reporting, investigation, and corrective action.
- Immediate response: When an incident or nonconformity occurs, the organization shall react in a timely manner, taking immediate action to control and correct the situation and deal with consequences.
- Investigation and root-cause analysis: The standard requires evaluating with the participation of workers and other stakeholders the need for corrective action to eliminate the cause(s) so incidents do not recur. Specifically, organizations must investigate the incident or nonconformity, determine the cause(s), and check for similar past events or potential occurrences. Structured root-cause analysis tools such as 5 Whys and fishbone diagrams are widely used in practice.
- Risk review and hierarchy of controls: Clause 10.2 also links investigation to the organization’s risk management processes. Investigators must review existing risk assessments to see if the hazard or scenario was identified. If not, controls must be updated. Corrective actions are to be implemented in line with the hierarchy of controls and proper management-of-change procedures. Any newly discovered hazards or risk factors identified during investigation must be assessed before implementing changes.
- Verification and system update: After implementing fixes, the organization shall review the effectiveness of the corrective actions and adjust as needed. If incidents or control failures reveal deficiencies in the OH&S management system, appropriate changes to policies, processes, or controls must be made. In other words, lessons learned from incidents drive continual system improvement.
- Documentation and communication: Organizations shall retain documented information of all incidents/nonconformities and actions taken. Records must detail the nature of the incident, root causes, corrective measures, and evidence of effectiveness. Findings and lessons learned must also be communicated to relevant workers and other stakeholders.
Structured Incident Investigation and Root Cause Analysis
An effective incident investigation under ISO 45001 follows a logical, stepwise approach:
- Report and Respond: Ensure all incidents, including near-misses, are promptly reported. Activate immediate response actions to safeguard people and assets while preserving evidence.
- Form an Investigation Team: Assign trained individuals with appropriate expertise and impartiality. Ideally, the team includes operational staff, safety specialists, and worker representatives.
- Gather Information: Collect data methodically – including witness accounts, photographs, and relevant documents – to build an accurate picture of events.
- Analyze and Determine Root Causes: Go beyond surface causes using structured tools such as fishbone diagrams or the 5 Whys. This ensures multiple contributors are considered and latent system failures are uncovered.
- Identify and Implement Corrective Actions: Develop targeted solutions based on root causes. Corrective actions can range from engineering fixes and procedure changes to training or improved supervision, applied according to the hierarchy of controls.
- Verify and Follow Up: Confirm that corrective actions are effective through inspections, audits, or trend reviews. If deficiencies remain, take further action.
- Document and Communicate: Record the entire process and communicate results widely to promote organizational learning and transparency.
Integration with OH&S Management Processes
ISO 45001 integrates incident investigation into the wider management system:
- Risk Management: Incident findings directly inform hazard identification and risk assessments, ensuring unrecognized hazards are addressed and controls strengthened.
- Management of Change: Corrective actions that require changes to equipment, processes, or structures must be assessed for new risks before implementation.
- OH&S Objectives and Planning: Incident data feeds into the setting of safety objectives and targets, aligning corrective measures with broader organizational goals.
- Performance Evaluation: Investigation outcomes supply vital input for audits, performance monitoring, and management reviews, enabling evidence-based decisions.
- Continual Improvement: Each investigation becomes a driver of continual improvement, ensuring that the OH&S management system evolves and strengthens over time.
Leadership and Worker Participation
- Leadership Commitment: Top management is responsible for ensuring the investigation process is resourced, aligned with objectives, and visibly supported. Their active involvement reinforces safety as a priority and holds managers accountable for corrective actions.
- Worker Participation: Workers contribute essential insights during investigations. Their involvement improves root-cause analysis, fosters trust, and encourages reporting of incidents and near-misses. A no-blame culture is essential for open communication and learning.
Benefits of ISO 45001-Aligned Incident Management
- Regulatory Compliance and Risk Reduction: Thorough investigations and corrective actions demonstrate due diligence and reduce the likelihood of recurrence.
- Operational Improvement: Investigations uncover systemic issues that, once corrected, enhance both safety and efficiency.
- Cost Savings: Reducing incidents lowers direct costs (medical treatment, damage repair) and indirect costs (downtime, insurance).
- Organizational Learning and Culture: Systematic communication of lessons learned strengthens a safety culture where employees feel valued and engaged.
- Management Insight: Data from investigations provides leaders with clear visibility of safety performance, supporting better resource allocation and decision-making.
Best Practices for Implementation
- Establish clear, documented procedures for incident investigation.
- Train investigators in root-cause analysis methods and ISO 45001 requirements.
- Promote early reporting of incidents and near-misses through a no-blame culture.
- Apply structured tools such as 5 Whys and fishbone diagrams consistently.
- Involve cross-functional teams for diverse perspectives.
- Ensure incident findings are linked back to risk assessments and control measures.
- Track corrective actions through to closure, verifying effectiveness.
- Communicate lessons learned widely across the organization.
- Integrate the investigation process with other management systems (e.g., ISO 9001, ISO 14001).
- Regularly review incident trends to identify systemic issues and update objectives.
Conclusion
ISO 45001 provides a robust, structured framework for incident investigation and root cause analysis. By following Clause 10.2 with leadership support and worker involvement, organizations can transform incident response into a systematic process that drives compliance, operational excellence, and organizational learning. Each incident becomes an opportunity to strengthen the safety management system and embed a culture of continual improvement.
Click HERE to download or any of the following documents: