Clause 10.2 of ISO 45001 pertains to Nonconformity and Corrective Action . Organizations are required to evaluate incidents, investigate their causes, and implement effective corrective actions to prevent recurrence.

Issue Identified: The incidents in the five old shops are related to VOC emissions from outdated equipment, leading to staff and customer health concerns. This indicates inadequate risk management and failure to act on known safety issues.

Analysis of Options:

A. Display an emergency phone number. This is a reactive approach and does not address the root cause of the issue, i.e., VOC emissions. It also does not align with ISO 45001’s emphasis on preventive measures.

B. Evaluate and update the PPE requirements. While PPE is important, relying solely on PPE without addressing the root cause (emission of VOCs) is insufficient. PPE is considered the last line of defense under the hierarchy of controls.

C. Reassess the OH and S risks associated with the laundry process in the five old shops. This option aligns with ISO 45001, Clause 8.1.2, and Clause 10.2, as it emphasizes reassessing risks and taking steps to mitigate them. A thorough risk assessment could lead to interim measures such as process improvements or administrative controls until the equipment is replaced.

D. Review the current safety procedures. While reviewing safety procedures is useful, it does not address the specific nonconformity related to the equipment’s inability to operate safely.

Best Action: Reassessing the risks in the five shops (Option C) ensures a comprehensive review of the hazards posed by outdated equipment, leading to appropriate preventive and corrective actions.

ISO References:

Clause 10.2: Requires identifying and addressing nonconformities to prevent recurrence.

Clause 8.1.2: Emphasizes the hierarchy of controls and risk assessment as a foundation for mitigating hazards.

ISO 45001 Clause 5.2 OH and S policy requires top management to establish, implement and maintain an OH and S policy that includes a commitment to provide safe and healthy working conditions, fulfill legal and other requirements, and achieve continual improvement of the OH and S management system. It also requires the policy to be communicated within the organization and to be available to interested parties, as appropriate .

B. The management is committed to health and safety improvement is correct because the policy states: “Continual health and safety improvement is a permanent objective of the organisation.” That clearly demonstrates commitment to improvement, which aligns with Clause 5.2.

C. The organisation intends to communicate its policy to external parties is correct because the policy says: “Where required, the policy shall be communicated to all interested parties.” This matches the ISO 45001 requirement that the OH and S policy be available to interested parties, as appropriate.

G. The organisation is committed to continual health and safety improvement is also correct because the statement explicitly says: “Continual health and safety improvement is a permanent objective of the organisation.” This directly reflects the requirement for continual improvement in the OH and S policy.

Why the other options are not supported by the policy statement:

A is not correct because the policy expresses intent to work in accordance with regulations, but it does not prove the organization meets all statutory requirements in practice.

D is not correct because the policy does not provide evidence of reputation.

E is not correct because the policy does not prove that processes actually deliver improvement; it only states commitment.

F is not correct because the policy mentions contractors, but it does not prove that contractors themselves are committed to health and safety.

H is not correct because the policy mentions safe experiences and customers, but it does not prove that customer health and safety requirements are satisfied.

Therefore, the three options for which the organization is meeting ISO 45001 policy requirements are:

B, C, G

Clause 6.1.2 of ISO 45001:2018 emphasizes the identification of hazards and assessment of risks, and Clause 5.4 highlights the importance of consultation and communication among roles. The auditor ' s role includes verifying conformity to these clauses through evidence gathering and observation.

Analysis of Options:

A. The auditor should advise the organization to get rid of the walled area. This is outside the scope of an auditor’s role, which is to observe and report findings, not to dictate specific actions.

B. The auditor should ask the Maintenance Manager to conduct a safety survey. While safety surveys are useful, asking the Maintenance Manager to conduct one is not the auditor’s responsibility.

C. The auditor should check the lines of communication between the OHS Manager and Maintenance Manager. This aligns with ISO 45001:2018, Clause 5.4, as communication gaps may have contributed to the situation.

D. The auditor should check whether the organization has identified the safety hazards associated with the walled area. Clause 6.1.2 requires hazard identification. The auditor must determine whether this has been done.

E. The auditor should consider surveying more areas of the site for other potentially unsafe situations. Broadening the audit scope to identify additional risks is a good practice in line with Clause 9.2.2.

F. The auditor should demand that the Maintenance Manager deals with the wall. Demanding action is not within the auditor’s authority. The auditor should raise findings instead.

G. The auditor should raise a nonconformity against ISO 45001. While this may be appropriate depending on evidence, raising a nonconformity is not a replacement for good audit practices.

H. The auditor should refer the organization to health and safety authorities. This step is extreme and should only occur if there is an imminent danger and no action is being taken.

ISO References:

Clause 6.1.2: Hazard identification and risk assessment.

Clause 5.4: Worker consultation and participation.

Clause 9.2.2: Internal audit program and execution.

The correct answers are B, E, and G .

G is true because ISO 19011 states that a closing meeting should be held to present the audit findings and conclusions . This applies to audits generally, not only third-party audits. ( Oshisis )

E is true because ISO 19011 guidance says that for some audit situations the closing meeting may be formal, but in other instances, such as internal audits, the closing meeting can be less formal and may simply consist of communicating the findings and conclusions. That means a first-party closing meeting is commonly less formal than a third-party certification closing meeting. ( Synersia Foundation )

B is also true . ISO 19011 and related guidance allow the use of remote methods / ICT in audit activities, and remote audit methods may be combined with on-site methods. From that, it follows that the audit team leader may arrange for audit team members to join activities such as the closing meeting virtually , where appropriate and controlled. This is an inference from the permitted use of ICT in audits. ( ISO )

Why the others are false:

A is false because the closing meeting is for presenting findings and conclusions, not for changing findings simply because the auditee is unhappy. Findings can be clarified, but not changed without objective evidence. ( Oshisis )

C is false because there is no rule that the audit team must meet formally immediately after the closing meeting to consider recommendations.

D is false because ISO 19011 says some closing meetings may be formal and recorded, but internal audits can be less formal, so they do not always have to be documented in that way. ( Synersia Foundation )

F is false because the audit team leader is responsible for managing the audit team and assigning roles.

H is false because the closing meeting should be chaired by the audit team leader , not by the audit client. ( Oshisis )

The correct answers are B. Boundaries of the OHSMS and C. Processes and functions .

In audit terminology, the audit scope describes the extent and boundaries of the audit . This includes matters such as the physical locations, organizational units, activities, processes , and functions being audited. In ISO 45001, the organization is also required to determine the boundaries and applicability of its OH and S management system when establishing its scope under Clause 4.3. Therefore, the boundaries of the OHSMS and the relevant processes and functions are part of audit scope.

Why the other options are not part of the audit scope:

A. Trade union communications may be relevant audit evidence or an issue within worker participation and consultation, but it is not itself a standard way to define the audit scope.

D. Audit checklists are audit preparation tools, not part of the scope.

E. Organisation procedures are usually part of the audit criteria , because auditors compare actual practice against documented procedures.

F. ISO 45001 requirements are also part of the audit criteria , since they are the requirements against which conformity is assessed.

So, the two issues that are part of the audit scope are:

B, C

The PDCA cycle (Plan-Do-Check-Act) is a core framework in ISO 45001 for continual improvement of the OH and S management system. An Environmental Management Program is part of ISO 14001 (Environmental Management System) and not ISO 45001.

Analysis of Options:

A. Treatment of Risks: Correct. Risk treatment is part of the Plan phase.

B. OHSMS Policy: Correct. The policy is developed in the Plan phase.

C. Environment Management Program: Incorrect. This is outside the scope of ISO 45001 and relates to ISO 14001.

D. Analyzing OHSMS Performance: Correct. Performance analysis is part of the Check phase.

ISO References:

Clause 0.3: PDCA framework in ISO 45001.

Corrections address immediate issues, such as errors or omissions, without addressing root causes. Clause 10.2 of ISO 45001:2018 allows for corrections alongside corrective actions.

Analysis of Options:

A. Adding a missing signature to a corrective action record: Correct. This is a correction addressing an administrative oversight.

B. Changing a process to reduce its inherent risk: Incorrect. This is a corrective action aimed at addressing root causes, not a correction.

C. Changing the name of a tutor that did not deliver a course to the name of the tutor that did: Correct. This corrects an error in records without addressing systemic issues.

D. Reviewing workers’ training records: Incorrect. This is part of ongoing monitoring or auditing, not a correction.

E. Updating the emergency preparedness plan as a result of carrying out a practical test: Incorrect. This is a corrective action resulting from performance evaluation, not a correction.

F. Using OHSMS induction training to address an identified lack of OHSMS awareness among workers: Incorrect. This is a preventive or corrective action, not a correction.

ISO References:

Clause 10.2: Nonconformity and corrective action.

Clause 7.5: Control of documented information