ISO 45001:2018 and the Work Health and Safety Act 2011 are frequently discussed together but serve fundamentally different purposes. ISO 45001 is an international standard for occupational health and safety management systems, published by the International Organization for Standardization. The WHS Act 2011 is Australian legislation that imposes legal duties on PCBUs, officers, and workers. Certification to ISO 45001 does not create a legal presumption of compliance with the WHS Act, and compliance with the WHS Act does not automatically satisfy the requirements of ISO 45001. The two frameworks are complementary, not identical. Understanding where they align and where they diverge is essential for PCBUs that pursue certification while maintaining regulatory compliance.
| Aspect | ISO 45001:2018 | WHS Act 2011 |
|---|---|---|
| Nature | Voluntary international management system standard | Mandatory Australian criminal legislation |
| Enforcement | Certification body audits, no legal penalties for non-compliance | Regulator inspections, improvement notices, prohibition notices, prosecution, fines, imprisonment |
| Scope | Management system framework applicable globally | Australian-specific duties, definitions, and penalty structures |
| Duty Holder | Organisation (no personal liability for individuals) | PCBU, officers (s.27 personal due diligence), and workers |
| Risk Approach | Risk-based thinking with opportunities for improvement | Hierarchy of controls with so far as reasonably practicable test |
| Worker Participation | Clause 5.4 requires worker consultation and participation | Part 5 prescribes specific consultation mechanisms including HSRs and committees |
| Documentation | Documented information proportionate to the management system | Specific documents mandated including SWMS, risk assessments, emergency plans, registers |
| Continuous Improvement | Central requirement of the PDCA cycle | Implied through review obligations but not structured as a formal improvement cycle |
ISO 45001 certification is valuable for PCBUs seeking to demonstrate a mature, systematic approach to occupational health and safety management. Certification provides a competitive advantage in tendering, particularly for government contracts and projects with international clients. The standard's Plan-Do-Check-Act cycle drives continuous improvement beyond minimum legal compliance. ISO 45001 also provides a framework for integrating OH&S management with quality (ISO 9001) and environmental (ISO 14001) management systems. However, PCBUs must understand that certification does not replace the need to comply with the WHS Act 2011 and WHS Regulation 2025. A certified management system that does not address specific regulatory requirements such as SWMS for HRCW, notifiable incident reporting, or workplace exposure monitoring will fail to satisfy legal obligations.
Every PCBU operating in Australia must comply with the WHS Act 2011 (or the OHS Act 2004 in Victoria). There is no exemption based on business size, industry, or certification status. The WHS Regulation 2025 specifies detailed requirements for risk management, SWMS, emergency planning, hazardous chemical management, plant registration, asbestos management, and workplace exposure monitoring. Section 26A binding codes of practice take effect from 1 July 2026, and the workplace exposure limit transition completes on 1 December 2026. Compliance with the WHS Act is mandatory regardless of whether the PCBU also holds ISO 45001 certification.
Most large PCBUs in Australia pursue both ISO 45001 certification and WHS Act compliance. The two frameworks reinforce each other. The ISO 45001 management system provides the structured approach to policy, planning, implementation, and review that supports compliance with the WHS Act. The WHS Act's specific requirements for documents like SWMS, incident notifications, and chemical registers provide the detailed compliance content that operates within the ISO 45001 framework. PCBUs should design their management system to satisfy both frameworks simultaneously, using the ISO 45001 structure as the skeleton and populating it with the specific content required by the WHS Regulation 2025.
The most dangerous misunderstanding is believing that ISO 45001 certification proves WHS Act compliance. Courts have explicitly rejected this argument. In several prosecutions, PCBUs have presented their ISO 45001 certification as evidence of compliance, only to have the court find that the certified management system did not address the specific regulatory requirement that was breached. ISO 45001 auditors assess management system conformity, not legal compliance. A PCBU can hold a current ISO 45001 certificate while simultaneously being non-compliant with the WHS Act because the two assessments measure different things.
EHS Atlas maps ISO 45001 clauses to WHS Regulation 2025 requirements, giving you a single platform that satisfies both your certification auditor and the regulator.
Contact Us