• Phil Potter

ISO 45001: 2018 Clause 7.5 Documented Information

This clause addresses what is still widely known as Document Control and Records Control.


Remember it is your system, so describe how you manage your documentation - whether this be electronic, paper-based or inscribed stone tablets.

7.5.1 General

Your organization’s OH&S management system will include:

  1. Documented information required by ISO 45001:2018; so wherever the standard states documented information is required.

  2. Documented information determined by the organization as being necessary for the effectiveness of the OH&S management system.


The extent of documented information for an OH&S management system can differ from one organization to another due to:

  • The size of organization and its type of activities, processes, products and services;

  • The need to demonstrate fulfillment of legal requirements and other requirements;

  • The complexity of processes and their interactions;

  • The competence of workers. (As discussed in my previous blog on communication you can not assume that all your staff can read and write, use diagrams, pictures video etc to convey your message).



7.5.2 Creating and updating

When creating and updating documented information, your organization will ensure appropriate:

  1. Identification and description (e.g. a title, date, author or reference number); how do you identify your documentation.

  2. Format (e.g. language, software version, graphics) and media (e.g. paper, electronic);

  3. Review and approval for suitability and adequacy. Which positions in your organization can approve and review your documentation.



7.5.3 Control of documented information

Documented information required by the OH&S management system and by this document will be controlled to ensure:

  1. It is available and suitable for use, where and when it is needed;

  2. It is adequately protected (e.g. from loss of confidentiality, improper use or loss of integrity). For the control of documented information, your organization will need to address the following activities, as applicable:

— distribution, access, retrieval and use;

— storage and preservation, including preservation of legibility;

— control of changes (e.g. version control);

— retention and disposition.


Documented information of external origin determined by your organization to be necessary for the planning and operation of the OH&S management system will be identified, as appropriate, and controlled.

* Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information. Some software systems have restrictions that can be set up to ensure employees have read access only and others have access to allow for change of the documentation.


** Access to relevant documented information includes access by workers, and, where they exist, workers representatives.

Please refer to the attached examples of a Documents Master-list and a Records Control Matrix.

I have uploaded a free resource to accompany this blog, which you can download here. It provides examples of documents and record controls.


If you have any questions about this blog, feel free to contact me through the website.

Until next time,

Phil.