ISO 45001 - how do you track regulatory compliance
Hey y'all, we have our internal ISO 45001 audit coming up for my company, and we're trying to prepare as well as possible for it.
When it comes to showing to the auditor that we comply with regulatory requirements (ie: OSHA), we have a gigantic spreadsheet with all the OSHA standards and line-by-line what they require and whether we meet them or not.
This is helpful in a way, but it's also really TOO in-depth for an audit and I feel like it'll open us up to more questions than we want to deal with.
What do other companies use to track/prove to ISO auditors that they meet regulatory requirements?
Comments (2)
oming from someone who's been through this - having a massive line-by-line OSHA spreadsheet can actually hurt more than help during an audit. Here's why:
Risk Register = forward-looking, site-specific, identifies actual hazards and controls
Compliance Spreadsheet = backward-looking, every possible requirement, way too detailed
Most successful companies I've seen use:
Good risk register as main document
Simple compliance tracker that focuses on:
Major applicable regs
Grouped by category
High-risk areas
Overall compliance status
Links to key docs
Suggested headings for the simplified tracker:
Category (e.g., Working at Height, Life Safety, etc.)
Key Regulations (main reg numbers only)
Requirements Summary (brief description)
Compliance Status
Last Review Date
Next Review Date
Owner
Supporting Documents
Key categories to include:
Life Safety
Fire Protection
Occupational Health
Environmental
Equipment Safety
Chemical Safety
Emergency Response
Your auditor wants to see you have systems to:
a) Know what regs apply
b) Track compliance
c) Control actual risks
They don't need (or want) to see compliance status for every single line of OSHA. Better to show them you're focusing on what matters for your site.