Men discussing the systems and processes of a solar farm

What is an ISO 45001 audit?

An ISO 45001 audit is an independent assessment of an organisation’s occupational health and safety management system (OHSMS). It’s conducted by an accredited certification body to verify compliance with ISO 45001:2018 – the international standard for workplace health and safety management.

The full ISO 45001 audit process covers an initial two-stage certification audit, annual surveillance audits in years one and two of your certification cycle, and a full recertification audit every three years. Your team also conducts internal audits to maintain your OHSMS, and your external auditor reviews these during the assessment.

An auditor excited about improving local businesses

What does an ISO 14001 auditor look for?

  • Leadership commitment: Does top management set safety objectives, support the OHSMS, and participate in management reviews?
  • Worker participation: Are employees actively engaged in the safety culture and able to raise concerns?
  • Hazard identification: Are workplace risks systematically identified, assessed, and controlled?
  • Legal compliance: Have applicable legal obligations been identified and met, and is your organisation operating within a safe working environment?
  • Operational controls and emergency preparedness: Are day-to-day safety procedures documented and tested?
  • Performance evaluation: Are incident rates, near-miss reports, and corrective actions being monitored and acted on?
  • Continual improvement: Is there genuine evidence that worker safety and safety performance are improving over time?
Construction team surveying their safe work environment

What are the ISO 45001 internal audit requirements?

Internal audits are a mandatory requirement of ISO 45001:2018. Your organisation must conduct internal audits at planned intervals to verify your OHSMS is functioning as intended, and to surface any gaps before your external auditor does. Running a gap analysis beforehand is one of the most effective things you can do to prepare.

Your external auditor will review your internal audit records, findings, and corrective actions. A well-run program includes a scheduled plan covering essential steps across your key occupational health and safety (OHS) processes, clear identification of non conformities, corrective actions tracked to resolution, and documented information demonstrating worker participation and top management involvement.

It’s worth investing in internal auditor training. The people running your audits need a solid understanding of ISO 45001:2018 and the ability to assess processes objectively. Citation Group provides complimentary online training to help.

Customer service representative ready to help

Why Australian businesses choose Citation Group

We’ve helped over 3,500 Australian businesses achieve ISO certification. Here’s what you get when you work with us:

  • Locally based auditors with industry-specific experience.
  • JAS-ANZ accredited. One of Australia’s leading certification bodies, with certifications recognised nationally and internationally for tenders and procurement.
  • A named auditor assigned to your business throughout the ISO 45001 certification audit process.
  • Complimentary online auditor training included to help your team prepare.

ISO 45001 is particularly relevant for businesses in high-risk industries such as construction and manufacturing. It helps reduce workplace risks, demonstrates your commitment to employee safety, supports legal compliance with Australian OHS laws, and strengthens your position for government procurement and enterprise supply chains.

Got burning questions? We’ve got answers.

An ISO 45001 audit is an independent assessment of your occupational health and safety management system (OHSMS) to verify it meets the requirements of ISO 45001:2018. The audit evaluates your ISO 45001 implementation, safety management processes, legal compliance, and whether your OHSMS is genuinely operating in practice. Internal audits are conducted by your own team. External audits are performed by an accredited ISO 45001 certification body like Citation Group and determine your certification status.

An ISO 45001 auditor assesses leadership commitment, worker participation, hazard identification processes, risk assessment documentation, legal compliance, operational controls, emergency preparedness, training records, corrective actions, and evidence of continuous improvement in safety performance. They’re looking for a safety management system that is embedded in how your organisation actually operates.

After initial certification, ISO 45001 requires annual surveillance audits in year one and year two of your three-year certification cycle. Regular audits are mandatory to maintain ISO 45001 compliance requirements and demonstrate continuous improvement in workplace safety. A full recertification audit is then required every three years to renew your certified status.

Yes. Worker participation is a core requirement of ISO 45001. Employees must actively contribute to hazard identification, understand their responsibilities, and feel able to raise concerns. Auditors assess both leadership commitment and the level of genuine worker participation during the assessment. Training records must also be maintained as evidence of competence.

Nonconformities found during an ISO 45001 audit do not mean starting from scratch. They mean there are defined gaps to address. Major nonconformities must be resolved before certification is issued. Minor nonconformities are addressed through agreed corrective actions within a defined timeframe after certification. Your Citation auditor will explain every finding clearly, provide an action plan, and offer practical guidance on what needs to change. A thorough internal audit and gap analysis before your external assessment is the most effective way to reduce the likelihood of major findings.

Stage one and stage two are the two stages of the initial ISO 45001 certification audit. Stage one is a documentation review conducted before the on-site assessment. Your auditor checks that your OHSMS scope, risk assessment, hazard identification processes, and core documented information are complete and ready to proceed. Stage two is the full on-site certification assessment, where your auditor verifies that your safety management system is implemented and functioning effectively across your organisation. Both stages must be completed successfully before ISO 45001 certification is issued.

ISO 45001 certification cost in Australia typically depends on your organisation’s size, number of sites, and the complexity of your OHSMS. Larger organisations with more complex requirements will generally pay more due to longer audit durations. Visit our ISO 45001 certification pricing page or contact us for more information.