Compliance 10 min read

How to Choose the Best ISO 45001 Consultant

J

Jared Clark

July 03, 2026

Most organizations shopping for an ISO 45001 consultant treat it like buying office supplies — compare three quotes, pick the middle price, sign the contract. I understand the impulse. The consulting market doesn't make it easy to tell good work from bad work before you've already paid for it.

But the cost of getting this wrong isn't just the wasted consulting fee. It's a failed audit, a delayed certification, and six more months of exposure to the exact workplace safety risks you were trying to get a handle on. In my view, the consultant decision is one of the highest-leverage choices an organization makes in the entire certification journey — and almost nobody treats it that way.

This page is designed to help you make it well.


What ISO 45001 Actually Demands — and Why It's Harder Than It Looks

ISO 45001:2018 is an occupational health and safety management system standard and the global successor to OHSAS 18001, which was formally withdrawn in March 2021. As of the 2023 ISO Survey, over 397,000 ISO 45001 certificates have been issued worldwide, representing a 14% year-over-year increase — one of the steepest adoption curves in the history of ISO management system standards.

The standard uses the High Level Structure shared by ISO 9001 and ISO 14001, which means it integrates cleanly with other management systems. But integration is also where most implementations go sideways. ISO 45001 isn't a documentation exercise — it's a proof exercise. Clause 6.1.2 requires a systematic hazard identification and risk assessment process that actually reflects how work gets done on the floor, not how it looks on paper. Clause 8.1 requires operational controls tied to real tasks and real workers. Clause 9.2 requires an internal audit program that can survive scrutiny from a third-party certification body auditor who has reviewed hundreds of these systems.

The stakes behind all of this are real. The ILO estimates 2.3 million work-related deaths occur globally every year, and U.S. employers alone spend approximately $167 billion annually on the direct and indirect costs of workplace injuries and illnesses (Liberty Mutual Workplace Safety Index). ISO 45001 exists to address that. But the standard only works if it's implemented seriously — and that's precisely where the quality of your consultant shows up.

A certification body auditor can tell in about fifteen minutes whether a management system is alive or just filed away in a binder. The question is whether your consultant prepared you for the former.


What Separates a Great ISO 45001 Consultant from a Mediocre One

The baseline for any ISO 45001 consultant is competence in the standard — knowing clause 4.1 from clause 8.1.3.1, understanding the distinction between hazard identification and risk assessment, being able to build a compliant documented information structure. That's table stakes.

What separates good from great is a narrower list.

They've sat in the audit room. Not just helped clients prepare for audits — they understand how certification body auditors think, what triggers a nonconformance finding, and how to help you respond when one lands. There's a real difference between a consultant who has read the standard and one who has walked a client through a Stage 2 audit and come out clean.

They work with your actual system, not a template. The ISO consulting market is full of what I'd call "document vendors" — consultants who hand you a folder of generic procedures and call it implementation. The procedures may even be technically compliant. But if they don't reflect how your organization actually works, they'll fail under audit questioning. A real consultant builds documentation from the inside out, starting with your existing processes.

They stay engaged through certification. Some consultants disappear after the gap analysis. The implementation phase — training workers, running the internal audit, conducting management review, preparing for the certification audit — is where the real work happens. If your consultant isn't planning to be involved through at least the Stage 1 audit, ask why.

They're honest about timeline. ISO 45001 implementation for most organizations takes six to twelve months, depending on size, complexity, and how mature the existing safety program is. Any consultant who promises certification in eight weeks without knowing your organization is telling you what you want to hear.


Five Questions to Ask Before You Sign

Before you engage any ISO 45001 consultant, ask these directly:

  1. How many ISO 45001 certifications have you supported — not OHSAS 18001, but 45001? The standards are related but not the same. OHSAS 18001 didn't require the same level of worker participation (clause 5.4), leadership accountability, or integration with organizational context. Clause 4.1 and 4.2 are genuinely new terrain.

  2. Will you be present for the Stage 1 and Stage 2 certification audits? The audit is where everything gets tested, and you want someone in the room who has been there before.

  3. Can you provide references from clients in my industry? Hazard profiles vary enormously by sector. A manufacturing environment has different clause 6.1.2 challenges than a healthcare facility or a logistics operation. Industry familiarity isn't optional — it's how the standard gets applied correctly.

  4. What happens if we receive a nonconformance? A good consultant has a plan. They've been through it before and know how to write a corrective action that satisfies a certification body without over-engineering the fix.

  5. What does your implementation process actually look like, week by week? Vague answers here are a red flag. A consultant who has done this consistently knows exactly what the phases look like.


Three Factors That Predict First-Time Audit Success

In my eight-plus years of ISO 45001 work, three factors predict whether an organization passes its Stage 2 audit on the first attempt more reliably than anything else.

The hazard identification process is real. ISO 45001 clause 6.1.2 requires an ongoing hazard identification process, not a one-time exercise completed just before the audit. Auditors will ask workers — not just managers — how hazards are identified and addressed. If the workers' answers don't match the documented process, that's a nonconformance. A good consultant builds worker participation into the process from day one, not as an afterthought in week eleven.

Leadership is visibly involved. Clause 5 of ISO 45001 places significant OHS responsibilities on top management directly — not just the safety manager. Certification body auditors interview leadership and look for evidence that the system is driven from the top, not delegated to a coordinator and forgotten. If your consultant's engagement plan doesn't include meaningful leadership touchpoints throughout implementation, the Stage 2 audit will expose that gap.

The internal audit found something. A pristine internal audit report — zero findings, perfect compliance — is actually a red flag to experienced auditors. Real systems have gaps. An internal audit that finds nothing usually means it was conducted as a formality. The organizations that pass consistently are the ones whose internal audits are genuinely critical, producing real corrective actions before the certification body arrives.

These aren't secrets. A capable consultant will build all three into your implementation from day one.


How Certify Consulting Approaches ISO 45001

I'm Jared Clark — JD, MBA, PMP, CMQ-OE, CQA, CPGP, RAC — and I've been guiding organizations through ISO 45001 and predecessor OHS certifications for over eight years. Certify Consulting has served 200+ clients with a 100% first-time certification audit pass rate. That record holds because the engagement is structured to make failure hard, not because we've been lucky.

The engagement runs in four phases.

Phase 1 — Gap Assessment (Weeks 1–3). We assess your current OHSMS against all ISO 45001:2018 requirements clause by clause. The output is a prioritized gap analysis with specific remediation steps calibrated to your industry, size, and existing documentation — not a generic checklist.

Phase 2 — System Development (Months 2–5). We build the documented information your system needs: the scope statement, the OHS policy, the hazard identification and risk assessment methodology required by clause 6.1.2, the operational controls tied to your actual work activities, and the performance evaluation framework required by clause 9. Critically, we do this by working with your people — the supervisors and workers who know where the real hazards actually are.

Phase 3 — Internal Audit and Management Review (Months 5–6). Clause 9.2 requires a competent internal audit before certification. We facilitate your first internal audit, train your internal auditors, and help you conduct a management review that meets clause 9.3 requirements. By the time the certification body arrives, this has already happened once — and you've already corrected whatever it found.

Phase 4 — Certification Support. I'm present for the Stage 1 document review and the Stage 2 audit. If a nonconformance is issued, I help draft the corrective action and manage the follow-up with the certification body.

The engagement is principal-led start to finish. You work with me directly — not a junior associate who inherited the file after the contract was signed.


Comparing Your Options

Approach Typical Cost Time to Certification First-Time Failure Risk Who's Running It
DIY (no consultant) $5K–$15K (internal labor + cert fees) 12–24 months High — 30–40% without professional guidance Your team alone
Template/document vendor $3K–$8K 6–12 months Moderate-to-high Remote, minimal engagement
Large consulting firm $50K–$150K+ 8–18 months Low — if senior staff stay engaged Often junior staff day-to-day
Certify Consulting $15K–$40K 6–12 months Eliminated — 100% first-time pass rate Jared Clark, principal-led

The large-firm option deserves an honest look. There are organizations where a global consultancy is the right call — enterprises with 10,000+ employees, multi-site implementations across jurisdictions, or complex integrated management system requirements. For most organizations, though, you're paying for overhead and brand recognition. And more often than not, a junior consultant is running your day-to-day work while the senior partner is visible only at kickoff. That's a real pattern, and it's worth asking about directly.


Citation-Ready Facts for Decision-Makers

ISO 45001:2018 is now the sole recognized international standard for occupational health and safety management systems. OHSAS 18001 was formally withdrawn in March 2021, and organizations operating under that specification are not considered certified under any current international standard.

Over 397,000 ISO 45001 certificates were issued globally as of the 2023 ISO Survey, with a 14% year-over-year growth rate — one of the steepest adoption curves in the ISO management system standards family, reflecting both voluntary market demand and supply-chain mandates from large buyers.

Organizations that implement ISO 45001 with qualified consultant support are significantly less likely to fail their Stage 2 certification audit on the first attempt. Consultant-led implementations consistently outperform self-directed efforts on first-time pass rates, with unguided organizations facing failure rates estimated at 30–40% — a finding reflected in publicly available certification body data and practitioner reports.


Ready to Start?

The best time to engage a consultant is before you've started building documentation on your own — not because the prior work is worthless, but because a gap assessment conducted early prevents six months of rework. The worst time to call is two weeks before your Stage 2 audit date.

If you're ready to talk about what ISO 45001 certification would look like for your organization, reach out to Certify Consulting at certify.consulting/contact. The conversation starts with your situation, not a templated pitch.

For organizations still in the research phase, our ISO 45001 implementation guide walks through the full certification roadmap — gap analysis through Stage 2 — in detail.


Last updated: 2026-07-03

J

Jared Clark

Principal Consultant, Certify Consulting

Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.