August 17, 2023

The number of ISO 45001 certificates is growing fast, jumping 54% from 2020 to 2021 according to the ISO Survey.

This occupational health and safety standard is especially prevalent in manufacturing, where managing safety incidents is a core concern from the perspective of protecting workers, reducing costs and avoiding compliance problems.

So what does ISO 45001 say about EHS incident management, and how can manufacturers ensure compliance with the standard?

Below we examine key clauses of the standard related to incident management and best practices for building your process. We also explore one big gap in EHS incident management today, and the role of technology in managing incidents.

Download a free case study to learn how one leading manufacturer created a customized process for root cause analysis and corrective action

Incident Management Requirements in ISO 45001

While ISO 45001 is largely aimed at incident prevention, several requirements apply to how organizations respond to and manage incidents. These include requirements around:

  • Incident reporting: Manufacturers must document their process for reporting incidents, including near misses, injuries and occupational illnesses.
  • Incident investigation: Companies must investigate incidents to identify their root causes, contributing factors and related hazards.
  • Incident response: Organizations must establish a process for incident response that mitigates the impact of incidents to prevent further harm.
  • Documentation and recordkeeping: The standard requires documentation of the incident management process as well as records of incidents, investigations and corrective actions.
  • Communication: Companies must keep workers informed about the results of incident investigations. The standard emphasizes sharing lessons learned, as well as seeking employee input on appropriate prevention and control measures.
  • Corrective and preventive action: The standard requires companies to implement corrective actions to address the root cause of incidents and prevent recurrence.
  • Continuous improvement: Like all ISO standards, there is a strong focus on continuous improvement. ISO 45001 requires companies to use incident management data to drive improvements in EHS performance as a whole.

The Biggest Gap in Manufacturing Incident Management

It’s worth noting that ISO 45001 includes near misses in its definition of workplace safety incidents. Unfortunately, it’s also one of the biggest gaps in manufacturing plants today.

The problem is that not reporting near misses means lost opportunities to prevent future injuries. It’s natural to feel relief after a near miss, and it’s not hard to see why people would be nervous to report a mistake. Because of this, it’s critical to communicate to your team:

  • What counts as a near miss
  • Why it should be reported
  • That nobody will be blamed for reporting near misses or other incidents

It’s vital that your team understands how reporting helps the organization keep everyone safer, and that they won’t be punished for reporting.

Incident Management Best Practices for ISO 45001 Compliance

Similar to other ISO standards, ISO 45001 does not provide specific instructions on how to manage incidents. However, it does require that manufacturers incorporate risk-based thinking into their approach.

That means incorporating risk into decision-making throughout the process. One example would be using a risk matrix and scoring to prioritize corrective actions. Another would be using failure mode and effects analysis (FMEA) to determine prevention measures for addressing an identified root cause.

Manufacturers should also consider the following incident management best practices:

  • Immediate response and documentation: Whenever possible, take photos of the incident scene, keeping it closed off until the investigation is complete if feasible.
  • Incident investigation: Here you’ll want to take statements from the injured party and any witnesses. The sooner you can capture the details, the more people will be able to remember. Be sure to take into account what the person was doing before the incident happened, walking through the entire process from start to finish.
  • Incident reporting: Capturing data on the time, location and circumstances surrounding the incident will be helpful both for tracking trends and for OSHA reporting purposes.
  • Corrective action: This step includes root cause analysis, using tools such as a 5 Whys analysis, 8D problem solving or failure mode and effects analysis (FMEA). Don’t assume you know the root cause, but rather follow the process to completion to avoid missing anything.
  • Preventive action: Some incidents are straightforward in terms of identifying preventive actions. However, if you’re having trouble coming up with an effective preventive action, consider using an impact assessment and FMEA. This helps determine how substantial of a preventive action is necessary based on risk and the impact on the process.

Using the QMS to Build an ISO 45001-Compliant Incident Management Process

Leveraging quality management system (QMS) automation is becoming increasingly prevalent for manufacturers looking to standardize incident management. A configurable QMS helps companies create an ISO 45001-compliant process that aligns with internal processes, allowing them to:

  • Capture, store and share incident details within one centralized, permissions-based system
  • Facilitate collaboration among different team members to accelerate the resolution of problems
  • Launch a 5 Why, 8D or FMEA from the EHS Incident Management solution
  • Create customized workflows for incident investigations and reporting aligned with internal processes and reporting structures
  • Automatically populate incident reports and OSHA 300 forms for regulatory reporting
  • Analyze trends in EHS incident data to develop more effective preventive actions and drive continuous improvement


Clause 10.2 of ISO 45001 requires companies to establish processes for incident investigation, reporting and corrective action. The standard also includes requirements around documentation and communication, as well as the need to use incident data to promote continuous improvement.

An automated QMS with EHS incident management tools can help companies meet ISO 45001 requirements, which also helps avoid regulatory compliance issues. Beyond compliance, a standardized approach can help reduce incidence rate, protect workers, and foster a strong culture of safety across the organization.


Download a free brochure to learn about the AssurX EHS Incident Management Solution


About the Author

Stephanie Ojeda is Director of Product Management for the Life Sciences industry at AssurX. Stephanie brings more than 15 years of leading quality assurance functions in a variety of industries, including pharmaceutical, biotech, medical device, food & beverage, and manufacturing.