How to train ISO 45001 internal auditors
Training ISO 45001 internal auditors requires a program covering the ISO 45001:2018 occupational health and safety management system clause structure, ISO 19011:2018 audit methodology, clause-by-clause audit checklist development, on-site evidence collection through document review and interviews, nonconformity classification, and audit report writing. ISO 45001 Clause 9.2 mandates internal audits at planned intervals. POPProbe provides a free template with 6 modules, assessment, and certificate.
ISO 45001:2018 (Occupational Health and Safety Management Systems) was published on March 12, 2018, replacing OHSAS 18001:2007. The transition period from OHSAS 18001 to ISO 45001 closed in September 2021, after which OHSAS 18001 certificates became invalid. The ISO Survey of Certifications 2022 (published by ISO, available at iso.org) reported approximately 397,000 ISO 45001 certificates across 138 countries, making it one of the fastest-growing ISO management system standards. ISO 45001 Clause 9.2 (Internal Audit) requires that organizations conduct internal audits at planned intervals to determine whether the OH&S management system conforms to the organization's own requirements and ISO 45001 requirements, and is effectively implemented and maintained. Audit methodology is governed by ISO 19011:2018 (Guidelines for Auditing Management Systems), which is applicable to all ISO management system standards including ISO 45001, ISO 14001, and ISO 9001.
Training modules (6)
- Module 1: ISO 45001:2018 Framework and High Level Structure
- Module 2: ISO 45001 Clause-by-Clause Audit Requirements
- Module 3: ISO 45001 Audit Planning and Clause 9.2 Requirements
- Module 4: On-Site ISO 45001 Audit Execution and Evidence Collection
- Module 5: Nonconformity Classification and ISO 45001 Audit Reporting
- Assessment - 15-Question ISO 45001 Internal Auditor Certification Quiz
Why this training matters
ISO 45001 Clause 9.2 mandates internal audits at planned intervals - this is not optional for any organization pursuing or maintaining ISO 45001 certification. Certification bodies verify internal audit program compliance during every surveillance audit, and a missing or inadequate internal audit program is one of the most common causes of suspended or withdrawn ISO 45001 certificates. Beyond certification requirements, the internal audit is the mechanism through which the organization independently verifies that its own OH&S management system is functioning as designed across all clauses and processes. The ISO Survey 2022 reported approximately 397,000 ISO 45001 certificates globally, a number that more than doubled from 2020 to 2022, reflecting widespread adoption of the standard as the successor to OHSAS 18001. Organizations transitioning from OHSAS 18001 frequently discover that their existing internal audit programs are insufficient for ISO 45001 because the new standard requires auditing additional elements including context analysis (Clause 4), worker participation (Clause 5.4), and opportunities for improvement (Clause 10.3).
The organizational value of a trained internal audit function extends beyond maintaining certification. Internal auditors develop a clause-level understanding of the OH&S management system that enables them to identify gaps between documented procedures and actual workplace practices - the category of gap most likely to produce incidents and compliance failures. An effective internal audit program functions as a pre-certification body inspection, allowing the organization to identify and correct nonconformities before they are found by external auditors at significantly higher cost and reputational risk. Certification bodies conducting ISO 45001 surveillance audits universally report that organizations with competent, active internal audit programs consistently maintain conformity with fewer external findings. Training internal auditors is therefore both a Clause 9.2 compliance requirement and one of the highest-value investments in the long-term effectiveness of the OH&S management system.
Frequently asked questions
What does ISO 45001 Clause 9.2 require for internal audits?
ISO 45001 Clause 9.2.1 requires the organization to conduct internal audits at planned intervals to determine whether the OH&S management system conforms to the organization's own requirements, conforms to ISO 45001 requirements, and is effectively implemented and maintained. Clause 9.2.2 requires an audit program that includes the audit frequency, methods, responsibilities, planning, and reporting, taking into account the importance of the processes, prior audit results, and significant changes. Audit results must be reported to relevant management and provide input to the management review.
What is the difference between ISO 45001 and OHSAS 18001?
ISO 45001:2018 differs from OHSAS 18001:2007 in several significant ways. ISO 45001 uses the ISO High Level Structure (Annex SL), aligning clause numbers with ISO 14001 and ISO 9001 to facilitate integrated management systems. ISO 45001 introduces explicit requirements for: context of the organization (Clause 4: understanding internal and external issues and interested party needs), worker participation and consultation (Clause 5.4: stronger requirements beyond simple consultation), and risk and opportunity assessment beyond hazard and risk assessment (Clause 6.1: considering both threats and opportunities). OHSAS 18001 certificates became invalid when the transition period closed in September 2021.
What qualifications are needed for ISO 45001 internal auditors?
ISO 45001 does not specify auditor qualifications directly, but Clause 9.2.2 requires that auditors not audit their own work (independence requirement). ISO 19011:2018, which provides audit guidance applicable to ISO 45001, describes auditor competence in terms of knowledge (of ISO 45001, the organization's processes, and audit methodology), skills (evidence evaluation, interviewing, reporting), and personal attributes (ethical conduct, open-mindedness, perceptiveness). Organizations should document their internal auditor competence requirements and maintain records showing how each auditor meets them - this is a common external audit inquiry point.
How does ISO 45001 internal audit output feed into the management review?
ISO 45001 Clause 9.3.2 explicitly lists results of internal audits as a required input to the management review. The management review must consider audit findings including: the status of identified nonconformities and corrective actions, performance trends, and whether the OH&S management system is achieving its intended outcomes. Internal auditors should structure their reports with management review input in mind: executive-level summaries of conformity status, trend analysis if multiple audit cycles have occurred, and specific recommendations for management decision or resource allocation. The management review output (Clause 9.3.3) must include decisions on continual improvement opportunities and any changes needed to the OH&S management system.