ISO 45001 hazard identification and risk assessment sit at the heart of the standard — you cannot control risks you haven’t identified. ISO 45001 hazard identification means systematically spotting anything with the potential to cause harm, then assessing and controlling the resulting risks using the hierarchy of controls. This guide explains the process, the crucial hazard-versus-risk distinction, and what auditors expect.

Hazard vs. risk — the crucial distinction
- A hazard is anything with the potential to cause harm — a moving machine part, a chemical, a slippery floor, fatigue.
- A risk is the combination of how likely that hazard is to cause harm and how severe the harm would be.
You identify hazards first, then assess the risk each one presents.
The ISO 45001 hazard identification process
- Identify hazards across all routine and non-routine activities, including human factors and how work is actually done.
- Assess the risk — evaluate likelihood and severity using a consistent methodology.
- Decide controls using the hierarchy of controls (below).
- Implement and verify the controls work.
- Review continually — after incidents, changes, or new activities.
The hierarchy of controls
ISO 45001 expects you to control risks in order of effectiveness, not convenience:
- Eliminate the hazard entirely.
- Substitute it with something less hazardous.
- Engineering controls — guards, ventilation, isolation.
- Administrative controls — procedures, training, signage.
- Personal protective equipment (PPE) — the last line of defence, not the first.
Reaching for PPE first is one of the most common findings in a safety audit. The standard wants you to try to design the hazard out before relying on the worker to protect themselves.
Ready-made risk assessment templates.
The ISO 45001 Toolkit includes hazard identification and risk assessment templates built around the hierarchy of controls — auditor-written and ready to tailor to your workplace.
It has to be proactive and ongoing
Risk assessment isn’t a one-time document you file away. ISO 45001 expects a living process — revisited when you introduce new equipment, change a process, or learn from an incident or near-miss.
Involve the people who do the work
The workers exposed to a hazard usually understand it best. That’s why ISO 45001 ties risk assessment closely to worker participation and consultation — their input makes your assessments far more accurate.
Getting ISO 45001 hazard identification right
Effective ISO 45001 hazard identification is proactive and continuous, not a one-off exercise. Look across routine and non-routine activities, emergencies, human factors, and changes to equipment or processes. Involve the people who do the work — they see hazards managers miss. Once identified, assess each risk and apply the hierarchy of controls in order: eliminate the hazard, substitute something safer, add engineering controls, then administrative controls, and only lastly rely on personal protective equipment. The standard is published by ISO, and evidence that your ISO 45001 hazard identification is genuinely ongoing is exactly what auditors look for.
Frequently asked questions
Does ISO 45001 mandate a specific risk-scoring method?
No — you choose a methodology, but it must be systematic, consistent, and applied proactively.
What about opportunities, not just risks?
ISO 45001 also asks you to identify OH&S opportunities — ways to improve safety performance, not only hazards to control.
New to the standard? Start with our complete guide to ISO 45001.
Bottom line: make hazard identification a habit, not a document. Involve workers, favour higher-order controls, and review continually, and both your safety performance and your audit outcomes improve.
A common mistake is stopping at a generic hazard list copied from another site. Auditors expect hazards specific to your actual tasks, equipment, and workplace, with controls that match. Walk the floor, watch the work, and let the people doing it tell you where the real risks are; that is where credible ISO 45001 hazard identification comes from.
