PECB ISO-45001-Lead-Auditor - PECB Certified OHSMS ISO 45001 Lead Auditor Exam

ISO 45001 Clause 4.2 requires the organization to determine the relevant interested parties , their relevant needs and expectations (requirements) , and which of those become legal or other requirements for the OH and S management system. Workers are explicitly central to ISO 45001, and the standard is aimed at providing safe and healthy workplaces and preventing work-related injury and ill health. Therefore, A. Workers requiring a safe environment in which to work is clearly a relevant requirement of a relevant interested party.

ISO 45001 Annex A.4.2 lists suppliers, contractors and subcontractors among examples of interested parties. Since externally provided products and services can affect OH and S performance, a requirement linked to minimizing the risk of harm in those products and services is relevant to the OH and S management system. That is why B. Subcontractor producing products and services that minimise the risk of harm is also relevant. It aligns with the standard’s treatment of contractors/subcontractors as interested parties and with operational control over externally provided products and services that can affect OH and S.

Why the others are not correct:

C. Competitors requiring information on the organisation ' s work environment is not a relevant OH and S requirement.

D. Top management requiring an annual bonus is a financial/personal issue, not an OH and S interested-party requirement.

E. Investors requiring maximum growth in return for their capital is a business expectation, but not a relevant OH and S requirement in this context.

F. Shareholders requiring guaranteed dividend payments is also financial and not relevant to the OH and S management system, even though shareholders may be interested parties in a broader business sense. ISO 45001 requires only the needs and expectations that are relevant to the OH and SMS to be determined.

The PDCA (Plan-Do-Check-Act) model is a continuous improvement framework used in ISO 45001 and other management systems.

Plan: Establish objectives and processes to deliver results in line with the OH and S policy.

Do: Implement the processes.

Check: Monitor and measure processes against the policy, objectives, and requirements.

Act: Take actions to continually improve the system ' s performance.

Analysis of Options:

A. Plan, Do, Check, Act: Correct. This is the standard PDCA cycle.

B. Plan, Do, Check, Ask: Incorrect. " Ask " is not part of the cycle.

C. Plan, Deliver, Control, Achieve: Incorrect. This is not the PDCA cycle.

D. Prepare, Deliver, Control, Assess: Incorrect. This deviates from the PDCA framework.

ISO Reference:

Clause 0.3: PDCA model.

This statement is True .

ISO 45001:2018 requires the organization to determine, access, and comply with its legal requirements and other requirements related to occupational health and safety. It also requires the organization to evaluate compliance with those legal and other requirements as part of performance evaluation. This is clearly addressed in Clause 6.1.3 Determination of legal requirements and other requirements and Clause 9.1.2 Evaluation of compliance . Therefore, when an audit team conducts a certification renewal assessment, it is part of the audit responsibility to verify that the organization has established, implemented, and maintained processes to meet and evaluate compliance with applicable legal OH and S requirements.

In a renewal audit, the audit team is not limited to checking documents only. It must assess whether the management system continues to be effective and whether the organization fulfills the requirements of ISO 45001, including compliance obligations relevant to worker health and safety. Since legal compliance is a core expected outcome of the OH and S management system, checking this area is an essential audit activity before certification is renewed.

So the correct answer is:

A. True

ISO 45001 requires an organization to determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended results of the OH and S management system. This is established in Clause 4.1 – Understanding the organization and its context . External issues are typically conditions arising outside the organization, such as market conditions, social conditions, legal environment, economic factors, and technological developments. Internal issues are those related to the organization’s people, structure, culture, ownership, competence, and operational arrangements.

D. New technology available on the market is an external issue because it exists in the external business and technological environment. It is not created inside the organization, but it can affect how the organization manages OH and S risks and opportunities, for example by introducing safer equipment, automation, or new control methods. ISO 45001 guidance in Annex A recognizes that technological environment can be part of context analysis.

F. Average salaries in the business sector is also an external issue because it relates to the wider economic and labor-market environment, not the organization’s own internal arrangements. This kind of issue can influence recruitment, retention, competence availability, and worker welfare conditions, all of which may indirectly affect OH and S performance. It is part of the external economic context.

Why the other options are not external:

A. Increased number of outsourced processes is mainly an internal organizational decision about how work is arranged and controlled. Although outsourced providers are external parties, the increase in outsourcing is part of the organization’s internal operating model.

B. New owners of the organisation is an internal issue because ownership and governance are part of the organization’s internal structure and direction.

C. Workers joined a trade union is generally treated as an internal workforce/industrial relations issue , because it directly concerns the organization’s workers and participation arrangements.

E. Recently hired workers with limited command of the local language is an internal issue because it concerns the competence, communication, and workforce characteristics within the organization.

Therefore, the two options related to external issues are:

D, F

A first-party audit is an internal audit . In ISO management system auditing terminology, first-party audits are performed by, or on behalf of, the organization itself to evaluate its own management system. Therefore, E. Internal audit is directly correct.

A first-party audit can also be carried out as a process audit when the organization audits one of its own processes to determine whether it is planned, implemented, maintained, and effective. Since internal audits under ISO 45001 are planned and conducted over processes, functions, and areas within the OH and S management system, D. Process audit also applies.

Why the other options are not correct:

A. Certification audit is a third-party audit , carried out by a certification body, not a first-party audit.

B. Surveillance audit is also a third-party certification body activity conducted after certification.

C. Regulatory audit is performed by a regulator or authority, not by the organization on itself.

F. External audit does not describe a first-party audit, because first-party audits are internal by definition.

Therefore, the two phrases that apply to a first-party audit are:

D, E

The correct answer is C. Planning the Occupational Health and Safety policy .

ISO 45001 explicitly identifies several planning activities across Clauses 4 to 10. For example, Clause 6.1.4 requires the organization to plan actions to address risks and opportunities, legal requirements and other requirements , and to prepare for and respond to emergency situations . This means A and D are both genuine planning activities named in the standard.

ISO 45001 also identifies planning, establishing, implementing and maintaining audit programmes in Clause 9.2.2 , so B. Planning an audit programme is clearly a planning activity within the requirements.

By contrast, the OH and S policy is covered in Clause 5.2 Policy . The standard requires top management to establish the OH and S policy and ensure it is communicated, available, and appropriate. It does not identify this as “planning the OH and S policy.” In ISO 45001 wording, policy is something to be established, maintained, and communicated, not described as a planning activity.

Therefore, the option that is not identified as a planning activity in ISO 45001 Clauses 4–10 is:

C

Clause 5.2 of ISO 45001:2018 outlines requirements for the OH and S policy, emphasizing commitment to continual improvement, compliance with legal requirements, and communication of the policy to interested parties.

Analysis of Options:

A. The management is committed to health and safety improvement: Correct. The policy explicitly states the organization’s commitment to improvement, meeting Clause 5.2 requirements.

C. The organization has a good reputation for safe experiences: Not relevant to ISO 45001 requirements; reputation is not a policy criterion.

D. The organization intends to communicate its policy to external parties: Correct. Clause 5.2 requires the policy to be communicated to interested parties.

E. The organization is committed to continual health and safety improvement: Correct. This directly aligns with Clause 5.2, which mandates continual improvement.

F. The organization meets all statutory requirements: The policy does not explicitly state compliance with legal requirements, even though this is implied.

G. The organization satisfies its customers’ health and safety requirements: The policy does not specifically address customer requirements.

H. The organization uses contractors committed to health and safety: Not stated in the policy.

I. The organization’s processes deliver the intended improvement to health and safety: This is not evident from the policy statement.

ISO References:

Clause 5.2: OH and S policy.