FAQs ISO 9001 14001 45001 Integrated Management System


FAQs are a quick start guide to creating an integrated management system of ISO 9001, 1400, 45001.  Many ask (FAQs = frequently asked questions) what is an integrated management system for ISOs?  Why integrate, what are the business benefits, are the standards compulsory? Why can small and medium enterprises implement these standards? What is Annex SL?  See what help and solutions we offer you now in our FAQs below.

Our answers to these FAQs have been developed through our experience of developing standards, authoring world renowned guides to ISO 14001 and 45001 and providing solutions to clients around the world.

What is the difference between ISO 9001 14001 and 45001?

ISO 9001 is a Quality Management System (QMS) which gives organisations a systematic approach for meeting customer objectives. ISO 14001 is an Environmental Management System (EMS) which provides a framework for measuring and improving an organisation’s environmental impact.

ISO 45001 is an Occupational Health and Safety Management System (OHSMS) which requires organisations to protect workers from injury and ill-health and provide a safe workplace. ISO 45001 replaces OHSAS 18001 which will be phased out by March 2021.

Together they can be combined into an integrated management system, using the ISO Annex SL high level structure. This provides a common framework, so that each clause of each standard uses the same process.


Why management systems should be integrated

Why should management systems be integrated? Integrated Management Systems allow organisations to conduct integrated audits and assessments, as well as optimise processes and resources. When these systems are integrated it can help reduce the resources it takes to plan, implement, measure and control activities. It eliminates the amount of time interruption and therefore reduce costs.


Nine steps to implementing an integrated management system

Implementing an integrated management system in nine steps using the mandated plan do check act process

Step 1: Plan – Awareness and training: top management included
Step 2: Plan – Policy and objectives: include control of supply chain, procurement
Step 3: Plan – Internal gap analysis: thorough PESTEL analysis
Step 4: Plan – Documentation and process design
Step 5: Do – Documentation and process implementation
Step 6: Check – Internal audit
Step 7: Check – Management review of management system performance: hold regular reviews
Step 8: Check – Identify non-achievements and areas for continual improvement
Step 9: Act – Define new objectives


Annex SL ISO 9001 14001 45001

What is Annex SL in relation to ISO 9001, 14001, 45001. It is the document that defines the high-level structure for all ISO
management systems standards. Annex SL is designed to better facilitate the use of
integrated management systems, providing organisations with the tools they need to
streamline current protocol, encourage standardisation and transform existing
management systems into an integrated model.
The common structure, Annex SL, has been introduced in the latest ISO 9001, 14001 and 45001
standard (the replacement of OHSAS 18001). This will make the standards compatible and
enable more effective integration. Aside from the other benefits of consolidation, adopting
integrated management systems now will ease the transition into this model.


Gap analysis ISO 9001 14001 45001

What is a gap analysis for ISO 9001, 14001, 45001? A gap analysis involves the comparison of actual performance with potential or desired performance. If an organisation does not make the best use of current resources, or forgoes investment in capital or technology, it may produce or perform below an idealised potential. The reason to perform to ISO 9001, 14001 or 45001 is that these are now the benchmark performance expectations that Global good governance expects. So to establish current performance, use the Standards’ requirements to define the expected performance.  Against each clause rate your own organisation either yes or no, or better still use the plan do check act (PDCA) scale so you can better understand how much further improvement is required to reach the compliance level. For these standards that level will be if you have reached the check step.  In other words your performance is being checked and any continual improvement actions identified in the management review. That will provide a gap analysis for ISO 9001 14001 45001 and provide the basis for an action plan for implementation of an integrated management standard.


IMS documented information

What is IMS documented information for an integrated management system? The Standards’ ISO 9001 14001 45001 require evidence of performance for critical elements of the system. You have to show the evidence in the form of documented information. The definition of IMS documented information is that it “can be from any source or in any media”.

In other words digital information is acceptable, for instance cell phone photographs, audio recordings or emails. Also you can provide traditional hard copy documents, records or photographs. There are specific clauses requiring (mandatory) documented information as below:

4.3 Scope of the management system
5.2 Policies
5.3 Organisational roles, responsibilities, accountabilities and authorities
6.1.1 Risks and opportunities and the processes needed to address
6.1.2. Methodologies and criteria for the assessment of environmental aspects & OH&S risks
6.1.3 Applicable legal requirements and other requirements
6.2.2 Objectives and plans to achieve them Monitoring and measuring equipment calibration records
7.2 Evidence of competence, records of training, skills qualifications
7.4 Evidence of relevant communication
7.5.1 Documented information required by this standard and that determined by the organisation
7.5.3 Documented information of external origin determined by the organisation
8.1.1 Processes to meet requirements have been actioned
8.2 Process and plans for responding to potential emergency situations Product/service requirements review record
8.3 Records of design and development
8.4.1 Criteria for evaluation and selection of suppliers
8.5.3 Records about customer property
8.5.6 Production/service provision change control records
8.6 Record of conformity of product/service with acceptance criteria
8.7.2 Record of nonconforming outputs
9.1.1 Evidence of monitoring, measurement, analysis and evaluation results and calibrating equipment
9.1.2 Evidence of compliance with legal and other requirements results
9.2.2 Evidence of the implementation of the audit programme and the audit results
9.3 Evidence of the results of the management reviews
10.1 Results of corrective actions
10.2 Information on incidents or nonconformities and the results of any
corrective action taken including their effectiveness
10.3 Evidence of the results of continual improvement

These are a combination of the mandated documents for ISOs 9001, 14001, 45001


Integrated management system tools

An integrated management system for ISO 9001, 14001, 45001 consists of a manual with policies, processes, report forms, audits, including checklists, management review and continual improvement information.  Our tools provide all the documented information required for verification, certification or registration.  They are a complete tool kit.


What are supply chain procurement risks?

What are supply chain procurement risks for an integrated management system, IMS, for ISO 9001, 14001 and 45001? The client has to ensure the supply chain conform to the requirents of their IMS.  This applies to contractors, suppliers of goods and services, outsourers and outsourcing. The client, procurer has to have processes and control systems to manage procurement for quality, environment and occupational health and safety, OHSMS.


Hierarchy of controls

The hierarchy of controls is intended to provide a systematic approach to enhance occupational health and safety, eliminate hazards, and reduce or control OH&S risks. Each control is considered less effective than the one before it. It is usual to combine several controls in order to succeed in reducing the OH&S risks to a level that is as low as reasonably practicable.

  1. Elimination: Redesign the job or substitute a substance so that the hazard is removed
    or eliminated, e.g. avoid working at height, by pre fabricating at ground level.
  2. Substitution: Replace the material or process with a less hazardous one, e.g. use water based products rather than solvents.
  3. Engineering controls: Use work equipment to prevent falls where you cannot
    avoid working at height. Install or use additional machinery such as local
    exhaust ventilation to control risks from dust or fume. Separate the hazard
    from operators by methods such as enclosing or guarding dangerous items
    of machinery/equipment. Give priority to measures which protect
    collectively over individual measures.
  4. Administrative controls: Identify and implement procedures, e.g. safe systems of work, permits to work. Or, e.g. reducing the time workers are exposed to
    hazards (eg by job rotation); increasing safety signage, and performing risk assessments.
  5. Personal protective equipment: Only rely on PPE after all the previous measures have been tried and found ineffective in
    controlling risks, e.g. where you cannot eliminate the risk of a fall use a harness to minimise the
    distance and consequences of a fall

PRODUCTS TO HELP: Guide to ISO 45001 or our IMS Manual with guidance

Read more Hierarchy of controls on wiki


Internal audits vs Certification audits

Internal Audits

An integrated internal audit can take place when a client has the requirements of three or more management standards in a single system, and is being audited against more than one standard.  Audit objectives will include: determining the extent of conformity of the system, evaluation of the capability of the processes; an assessment of the effectiveness of the system in meeting specified goals and identification of areas for potential improvement.

We provide a comprehensive formatted internal audit system which simplifies the process enabling you to collect and collate audit evidence and present it to top management.
The questions (500+) in the audit checklist tool are aligned to the clauses of the Standards.  This allows internal and third party auditors to evaluate compliance to the three sets of requirements in an efficient manner. A detailed 94 page guide is also included.

Certification Audits

The external certification audits consist of a programme of an initial two-stage audit, surveillance audits in the first and second years, and a recertification audit in the third year prior to expiration of certification. The three year cycle begins with the certification or recertification decision. The determination of the audit programme and any subsequent adjustments will consider the size of the clients organization, the scope and complexity of its management system, products and processes as well as demonstrated level of management system effectiveness and the results of any previous audits.


Go to Top