The ISO 45001 standard provides a framework for efficiently managing occupational safety and health objectives, addressing the demands of individuals that manage, use, or benefit from global supply chains. ISO 45001 certification can assist drive solutions for enhancing corporate safety performance, identifying and eliminating risk, and increasing productivity. The ISO 45001 standard provides standards for addressing hazards in the Occupational Health and Safety Management System (OHSMS), also, how does it influence the company? To make matters more complicated, there are two sorts of hazards to consider in the standard; therefore, what is the best risk management methodology to address this? The two forms of risk are discussed below, as well as an approach for dealing with them.

Type 1 – Hazard identification: Clause 6.1.2, risk and opportunity identification and assessment discusses two main forms of risk that must be considered in the OHSMS the first sentence, 6.1.2.1 Hazard identification, asks employees to assess the dangers and risks that exist in the organization's processes. This includes taking into account not only normal situations but also potential emergencies and other factors like changes in the OHSMS.

Type 2 – Assessment of OH&S risks: The assessment of OH&S risks and other risks to the OH&S management system is covered in clause 6.1.2.2, which also discusses other risks connected to the OHSMS in addition to risks from hazards. These other risks are new to the OHSMS and could come from the internal and external issues identified earlier in the standard, from changes in legal requirements, or the needs of interested parties.  It is necessary to identify, apply a proactive rather than a reactive approach, document, and use both forms of risk assessments.

What is the risk management process recommended by ISO 45001?

Once both types of risks have been assessed, the standard requires that actions be planned to address the risk. During the evaluation of each risk listed, a judgment is made on whether or not action is required to decrease or eliminate the risk, and if action is required, there are specific planning requirements for these actions.

Plan actions. If an organization has determined that it needs to do something about the risks to reduce or eliminate them, then it will need to plan the actions. What are organizations going to do? What steps will be taken? Who will do them, and when?

Prepare for emergencies. If an organization could somehow minimize risk by changing what they are doing, then putting contingency plans in place to deal with the situations that may develop is required. What kind of emergency plans does an organization need to make? What training do personnel in the firm require to respond to potential emergencies? Who will notify authorities in the event of an emergency?

Integrate the actions into the processes. When an organization determined which controls are required as part of the plan, they'll need to incorporate them into the processes. Controls are ineffective if they are an afterthought for personnel rather than an inherent part of the activity they are performing; any procedure worth performing safely is worth performing.

These integrated controls should follow the following hierarchy of controls:

• it is best to remove a hazard;
• the next important thing is to substitute less hazardous processes;
• at that point, try to put in engineering controls;
• followed by administrative controls and ISO 45001 awareness training
• and finally, employ the use of personal protective equipment (PPE).

The most critical aspect of risk management is ensuring that organizations are controlling the appropriate risks appropriately. Excessive steps to eliminate a very tiny risk while simply applying personal protective equipment controls to a much larger hazard is not only a poor use of resources, but it will also not lessen the company's total hazard level. We examine hazards to find the best way to utilize resources to improve occupational health and safety inside the firm.

Having a procedure in place to guarantee that the appropriate resources are applied to the highest-risk areas is not only excellent for the organization's health and safety, but it is also good for business. One of the most important improvements organization can do to improve occupational health and safety in the company is to manage risk effectively. After all, enhanced OH&S performance is why an Occupational Health & Safety Management System was implemented in the first place.

Source: https://iso45001procedure.wordpress.com/2022/10/10/what-elements-must-the-iso-45001-risk-management-approach-contain/