If you have spent any time in occupational safety and health management, you have encountered the acronyms: ISO 45001, OHSAS 18001, ILO-OSH 2001. They are often referenced together, occasionally confused, and sometimes treated as interchangeable. They are not.
Understanding the differences between these three frameworks — what they require, how they relate to each other, and which matters most for Malaysian organisations today — is practical knowledge for any safety professional. This guide gives you a clear, plain-language answer.
The Short Answer: Which Standard Should You Be On?
If you are a Malaysian organisation seeking certification or implementing a formal Occupational Health and Safety Management System (OHSMS), the answer is straightforward: ISO 45001:2018. OHSAS 18001 was formally withdrawn in 2021 and is no longer certifiable. ILO-OSH 2001 is a guideline framework, not a certifiable standard. ISO 45001 is the current internationally recognised benchmark.
With that said, understanding all three — where they came from, what they emphasised, and how they differ — gives you a far stronger foundation for implementing ISO 45001 effectively.
OHSAS 18001: Where It Started
OHSAS 18001 (Occupational Health and Safety Assessment Series) was first published in 1999 and revised in 2007. It was not an ISO standard — it was developed by a consortium of national standards bodies and certification organisations as a response to demand from industry for a certifiable OHSMS framework.
For nearly two decades, OHSAS 18001 was the dominant global standard for occupational safety management. Hundreds of thousands of organisations worldwide — including many in Malaysia — achieved certification to it. It gave organisations a structured way to demonstrate their commitment to safety management and provided a common framework for auditing and certification.
Key characteristics of OHSAS 18001:
- Focused primarily on hazard identification and risk control
- Took a largely reactive approach — managing known hazards rather than proactively seeking out risks and opportunities
- Had a standalone structure that did not align well with other ISO management standards (ISO 9001 quality, ISO 14001 environment)
- Limited emphasis on worker participation beyond basic consultation
- Safety management was seen primarily as the safety department’s responsibility — limited top management leadership requirements
OHSAS 18001 served organisations well for its time. But the safety profession evolved, and by the 2010s there was broad consensus that a more comprehensive, proactive, and integrated standard was needed. The result was ISO 45001.
ILO-OSH 2001: The International Labour Organisation’s Framework
The ILO Guidelines on Occupational Safety and Health Management Systems (ILO-OSH 2001) were published by the International Labour Organisation in 2001. Unlike OHSAS 18001 and ISO 45001, the ILO-OSH 2001 framework is not a certifiable standard — it is a voluntary guideline document designed to help governments, employers, and workers establish, implement, and improve occupational safety and health management systems.
ILO-OSH 2001 is significant because:
- It reflects an international tripartite consensus — governments, employers, and workers all contributed to its development
- It emphasises worker participation as a core element, more explicitly than OHSAS 18001 did at the time
- It has influenced national OSH legislation in many countries, including elements of Malaysian OSHA
- Many of its principles — particularly on worker involvement, hazard identification, and continual improvement — are reflected in ISO 45001
For Malaysian organisations, ILO-OSH 2001 is most useful as a reference framework and a foundation for understanding OSH management principles, rather than as a direct implementation target.
ISO 45001:2018 — The Current Standard
ISO 45001 was published in March 2018 after several years of development involving over 70 countries. It replaced OHSAS 18001 and introduced a fundamentally different approach to occupational safety and health management.
The most important structural change: Annex SL (High Level Structure)
ISO 45001 follows the same High Level Structure (HLS, formerly Annex SL) used by ISO 9001 (Quality) and ISO 14001 (Environment). This means that organisations already certified to these standards will find significant structural compatibility — the same Plan-Do-Check-Act framework, the same clause numbering, the same core requirements for context, leadership, planning, support, operation, performance evaluation, and improvement. Integrating your OHSMS with your Quality or Environmental management systems is now far more practical.
“ISO 45001 moves safety management from a reactive, hazard-focused discipline to a proactive, risk-and-opportunity discipline embedded at the leadership level of the organisation.”
Key differences from OHSAS 18001:
1. Context of the Organisation (Clause 4)
ISO 45001 requires organisations to understand their internal and external context — the factors that affect their ability to achieve their OHSMS objectives. This includes understanding the needs and expectations of workers and other interested parties. OHSAS 18001 had no equivalent requirement.
2. Leadership and Worker Participation (Clauses 5.1 and 5.4)
ISO 45001 places explicit requirements on top management to lead and be visibly committed to the OHSMS — not just delegate it to the safety team. Senior leaders are required to take accountability, demonstrate leadership, and actively promote a safety culture. Separately, worker participation (not just consultation) is a core requirement. Workers must have meaningful involvement in hazard identification, risk assessment, and decision-making on safety matters.
3. Risks and Opportunities (Clause 6.1)
Where OHSAS 18001 focused exclusively on hazards and risks, ISO 45001 requires organisations to identify and address both risks and opportunities — including opportunities to improve OHS performance, achieve OHS objectives, and drive continual improvement. This is a more complete picture of strategic safety management.
4. Proactive vs Reactive Management
The overall philosophy of ISO 45001 is more proactive. Organisations must anticipate and address risks before incidents occur, rather than primarily responding to incidents that have already happened.
Side-by-Side Comparison
- Certifiable? — OHSAS 18001: Previously yes, now withdrawn. ISO 45001: Yes. ILO-OSH 2001: No.
- Structure: — OHSAS 18001: Standalone. ISO 45001: Annex SL / HLS (integrates with ISO 9001, 14001). ILO-OSH 2001: Guideline framework.
- Focus: — OHSAS 18001: Hazard control. ISO 45001: Risks, opportunities, and context. ILO-OSH 2001: Principles and guidelines.
- Worker Participation: — OHSAS 18001: Basic. ISO 45001: Mandatory and substantive. ILO-OSH 2001: Strongly emphasised.
- Top Management: — OHSAS 18001: Limited. ISO 45001: Active leadership required. ILO-OSH 2001: Emphasised.
- Current Status: — OHSAS 18001: Withdrawn (September 2021). ISO 45001: Current global standard. ILO-OSH 2001: Active guideline.
What This Means for Malaysian Organisations
If your organisation was certified to OHSAS 18001, that certification is no longer valid as of September 2021. If you have not yet transitioned to ISO 45001, your OHSMS certification has lapsed and you will need to go through the full ISO 45001 certification process with an accredited certification body.
If you are implementing an OHSMS for the first time, ISO 45001:2018 is the standard to implement. It aligns with Malaysian OSHA 1994’s requirements, reflects international best practice, and is recognised by clients, regulators, and insurers.
For organisations operating in sectors regulated by DOSH in Malaysia, ISO 45001 certification is increasingly expected by clients in oil and gas, petrochemicals, construction, and manufacturing. It is not just good practice — in many procurement contexts, it is a commercial requirement.
Cikgu Barrier’s Take
I want to be direct about something I see regularly in Malaysian organisations: a lot of effort goes into achieving ISO 45001 certification, and not nearly enough goes into implementing it meaningfully. A certificate on the wall and a thick folder of procedures is not the same as a functioning OHSMS.
The most valuable parts of ISO 45001 are the requirements that are hardest to fake: genuine top management leadership, substantive worker participation, and a proactive approach to identifying risks before they become incidents. These are the elements that separate organisations with real safety culture from those with impressive-looking documentation and poor safety outcomes.
If you are implementing or transitioning to ISO 45001, or if you want to understand whether your current OHSMS is delivering real value beyond certification, get in touch. Visit cikgubarrier.com and explore our HSE training programs — including practical OHSMS implementation and internal auditor training designed for the Malaysian context.