ISO 45001 Certification Management: Track Occupational Health and Safety Compliance

ISO 45001 replaced OHSAS 18001 as the global standard for occupational health and safety management systems, and the transition deadline has long passed. Over 400,000 organizations worldwide are now certified to ISO 45001, spanning every industry from manufacturing and construction to healthcare and logistics. The standard requires organizations to ensure that workers are competent, trained, and qualified for the tasks they perform — which means tracking training certifications, auditor qualifications, and competency records is not optional but a core requirement of maintaining your certification.

For companies that have invested significant time and money in achieving ISO 45001 certification, losing it due to poor training record management would be an expensive and embarrassing failure. Yet this is exactly what happens when organizations rely on spreadsheets, paper files, or informal tracking methods. This guide covers the training certifications required under ISO 45001, how to maintain audit readiness, and practical strategies for building a training matrix that keeps your certification secure.

Training Certifications Required Under ISO 45001

ISO 45001 clause 7.2 (Competence) requires organizations to determine the necessary competence of workers who affect OH&S performance, ensure workers are competent based on education, training, or experience, take actions to acquire the necessary competence, and retain documented information as evidence of competence. This translates into a substantial list of training certifications that must be tracked and kept current.

Internal auditor training is fundamental — your organization needs qualified internal auditors to conduct the regular audits required by the standard. ISO 45001:2018 Lead Auditor certification (typically a 5-day course) qualifies individuals to lead audit teams, while Internal Auditor certification (typically 2-3 days) qualifies individuals to participate in audits. These certifications are typically valid for 3 years, after which refresher training or re-certification is required. Without qualified internal auditors, you cannot conduct valid internal audits, which is a major non-conformity.

Beyond auditor qualifications, ISO 45001 requires role-specific safety training: risk assessment training for managers and supervisors, emergency response training (first aid, fire warden, evacuation coordinator) for designated responders, job-specific safety training (confined spaces, working at heights, manual handling, electrical safety) for workers exposed to these hazards, and management representative training for the person overseeing the OH&S management system. Each of these has different validity periods — typically 1-3 years for safety training and 3 years for auditor certifications.

Audit Readiness: Why Certification Tracking Matters

Your ISO 45001 certification is subject to surveillance audits annually and a full recertification audit every three years. During these audits, the certification body auditor will review training records as a standard part of their assessment. They will sample employee files, check that training is current, verify that competency assessments have been completed, and confirm that records of toolbox talks, safety briefings, and induction training are maintained. A gap in any of these areas can result in a non-conformity finding.

Common non-conformities related to training records include: expired training certificates that haven't been renewed, missing competency evidence for workers performing high-risk tasks, no records of toolbox talks or safety briefings, incomplete induction records for new starters, and auditor qualifications that have lapsed without refresher training. A single major non-conformity can result in suspension of your ISO 45001 certification until the issue is resolved, which can take weeks or months and may affect your ability to bid on contracts.

The cost of losing ISO 45001 certification extends far beyond the recertification fees. Many clients — particularly in oil and gas, mining, and government contracting — require ISO 45001 as a pre-qualification criterion. Losing your certification means losing eligibility for these contracts. The reputational damage of having a certification suspended is also significant, as it signals to clients, regulators, and employees that your safety management system has fundamental gaps.

Building Your ISO 45001 Training Matrix

A training matrix maps every role in your organization to the specific training certifications required for that role. Start by listing all roles that have OH&S responsibilities or are exposed to OH&S risks. For each role, identify the mandatory training requirements from ISO 45001, your national regulations, and your own risk assessments. Then determine the validity period and renewal requirements for each certification. This matrix becomes your master reference for what needs to be tracked.

CertTracker templates can be customized for ISO 45001 compliance. Create certification types for each training requirement — ISO 45001 Internal Auditor, First Aid Certificate, Working at Heights, Confined Space Entry, Manual Handling, Fire Warden, and so on. Assign appropriate validity periods to each cert type. Then assign the relevant cert types to each employee based on their role. CertTracker automatically calculates expiry dates and sends reminders before recertification is due, eliminating the manual tracking burden.

Review your training matrix quarterly to ensure it reflects current roles, current risk assessments, and any changes to regulatory requirements. When a new hazard is identified through your risk assessment process, update the matrix to include any additional training required. When an employee changes roles, update their certification assignments to reflect their new responsibilities. This living document approach ensures your training matrix stays current between audits rather than being updated in a panic before the auditor arrives.

Global Compliance: ISO 45001 Across Multiple Sites

For organizations with operations in multiple countries, ISO 45001 training requirements may vary significantly by location. The ISO 45001 standard itself is universal, but local regulations layer additional requirements on top of the standard. In the UK, managers are typically expected to hold IOSH Managing Safely certification. In Australia, SafeWork certification and state-specific WHS requirements apply. In the US, OSHA training requirements (OSHA 10-Hour, OSHA 30-Hour) run alongside ISO 45001. In the Middle East, NEBOSH certifications are frequently required in addition to ISO 45001 internal training.

Multi-site organizations also face the challenge of maintaining consistency across locations while respecting local requirements. Your ISO 45001 certification may cover multiple sites under a single certificate (a multi-site certification) or each site may have its own certificate. Either way, the certification body will audit training records at each site, and a non-conformity at any site can affect the entire organization's certification status.

CertTracker handles multi-site tracking with location-based filtering and custom certification types per country. Create location tags for each site (e.g., "UK - London Office," "UAE - Abu Dhabi Site," "Australia - Melbourne Warehouse") and assign employees to their primary location. Set up country-specific cert types with the appropriate validity periods and renewal requirements. Managers can then filter by location to see compliance status for their specific site, while the head office can view a consolidated dashboard across all locations to identify gaps before the auditor does.