Why Combine ISO 45001 and OSHA in One Checklist?
Most organisations run two separate safety audits: one against ISO 45001 for certification, and one against OSHA for regulatory compliance. That is duplicated effort auditing the same shop floor, the same hazards, the same controls — twice.
The overlap is enormous. ISO 45001’s requirements for hazard identification, operational controls, emergency preparedness, and incident investigation map directly onto OSHA’s regulatory obligations. A guard missing from a machine is both an ISO 45001 §8.1 operational-control gap and an OSHA machine-guarding violation. Auditing it once, against a checklist that references both, is simply more efficient.
This free checklist is built around that overlap. Each line item is tagged to its ISO 45001 clause and, where relevant, its OSHA reference — so a single walkthrough produces evidence for your certification audit and your compliance position at the same time.
📋 The idea: One floor walk, two frameworks. Every check is mapped to its ISO 45001:2018 clause and its OSHA reference — so you stop auditing the same workplace twice and start closing gaps once.
What’s Inside the EHS Audit Checklist
The checklist is a printable PDF structured for real use on the floor, not a wall of regulation text.
- Clause-mapped line items — each check references its ISO 45001:2018 clause and, where applicable, the OSHA standard it satisfies
- Yes / No / N/A columns — fast to mark during a walkthrough
- Evidence & findings space — room to note what you saw and where the gap is
- Organised by management-system area — leadership, hazard ID, legal, operations, emergency, incident, improvement
- Gap-analysis ready — usable for pre-certification readiness or a routine internal audit
- Findings handoff — designed so each gap flows straight into a corrective-action tracker
How to Run the Audit
- Plan the scope — Decide which areas, lines or departments you’re auditing and over what period. Print one checklist per area if helpful.
- Walk the floor — Observe, ask, and verify. Mark each item Yes / No / N/A and note evidence — a photo reference, a document number, what you actually saw.
- Talk to workers — ISO 45001 puts heavy weight on worker participation. Ask operators whether they were consulted on risk assessments and whether they know how to report a hazard.
- Log every gap as a finding — Any “No” is a finding. Record it clearly enough to act on.
- Route findings to corrective action — Transfer each finding into a CAPA tracker so it gets an owner, a due date, and verified closure — not a note that gets forgotten.
✅ Tip: An audit finding with no owner and no due date is a wish, not a corrective action. Move every “No” into the CAPA Tracker the same day — that’s where findings become fixes.
The Audit Sections
The checklist follows the ISO 45001 management-system structure, with OSHA references woven into the relevant operational areas.
| Section | ISO 45001 clause | What it checks |
|---|---|---|
| Leadership & worker participation | §5 | Management commitment, policy, roles, worker consultation |
| Hazard ID & risk assessment | §6.1 | Hazards identified, risks assessed, controls assigned by hierarchy |
| Legal & other requirements | §6.1.3 | Applicable OSHA standards identified and compliance evaluated |
| Operational controls | §8.1 | Machine guarding, PPE, LOTO, permits, contractor control |
| Emergency preparedness | §8.2 | Emergency plans, drills, equipment, response readiness |
| Incident investigation | §10.2 | Reporting, investigation, root cause, corrective action |
| Performance & improvement | §9 & §10 | Monitoring, internal audit, management review, continual improvement |
OSHA 2026 Focus Areas
The checklist weaves in the OSHA standards most cited in inspections, so your ISO walk doubles as compliance verification.
| OSHA area | Standard | Why it matters in 2026 |
|---|---|---|
| Hazard communication | 29 CFR 1910.1200 | Perennially among the most-cited; SDS and labelling gaps are common |
| Lockout/tagout | 29 CFR 1910.147 | Energy-control procedures, periodic inspection, training |
| Machine guarding | 29 CFR 1910.212 | Point-of-operation guarding, frequently observed during walkthroughs |
| Respiratory protection | 29 CFR 1910.134 | Fit testing, medical evaluation, programme administration |
| Fall protection | 29 CFR 1910 Subpart D / 1926 | One of the most-cited standards year after year |
| Recordkeeping | 29 CFR 1904 | OSHA 300/300A logs accurate and posted — links to your HSE KPIs |
⚡ Always verify current OSHA requirements
OSHA standards and emphasis programmes are updated periodically. This checklist reflects commonly-cited 2026 focus areas, but always confirm the current text of any standard on osha.gov and check for state-plan variations before relying on it for a compliance decision.
What to Do With Your Findings
An audit is only as good as what happens after it. A checklist full of “No” marks that sits in a drawer changes nothing. The value is in the closure loop.
Every finding should become a tracked corrective action with an owner, a due date, a root cause, and — critically — a verification step that confirms the fix actually worked. This is exactly what ISO 45001 §10.2 requires, and exactly where most audit programmes fail: the finding is recorded, a fix is attempted, and nobody ever checks whether it held.
Route every finding from this checklist into the CAPA Tracker, which auto-prioritises by risk, tracks due dates, and forces verified closure. The audit finds the gaps; the CAPA tracker closes them. Together they form the complete ISO 45001 corrective-action loop.
Five Common EHS Audit Mistakes
- Auditing documents, not the floor. A perfect binder doesn’t mean a safe workplace. Verify that what’s written is what’s actually happening at the point of work.
- Skipping worker interviews. ISO 45001 weights worker participation heavily. If operators weren’t consulted on their own risk assessments, that’s a finding — even if the paperwork is complete.
- Findings with no owner or date. An unowned finding never gets fixed. Every gap needs a name and a deadline attached the same day.
- Never verifying the fix. Closing a finding because someone said they’d handle it isn’t closure. ISO requires effectiveness verification — confirm the gap is actually gone.
- Auditing ISO and OSHA separately. Two walks for the same hazards wastes time. One mapped checklist covers both.
💡 The bottom line: An audit doesn’t make a workplace safer — closing the findings does. Use this checklist to find the gaps in one efficient walk, then drive every one to verified closure. Finding without fixing is just paperwork.
Related Resources & Tools
- CAPA Tracker Excel — turn every audit finding into a prioritised, tracked, verified corrective action
- HSE KPI Dashboard — “inspections completed on time” is a leading indicator this audit feeds
- SafetyCulture — run this checklist digitally from a phone or tablet on the floor
- Intelex — enterprise audit management with ISO multi-standard support
- VelocityEHS — OSHA compliance depth: SDS, PSM, industrial hygiene
- ISO 45001 Implementation Guide — where auditing fits in the management system
Provided free by AiGreenTools for educational and operational use. It references ISO 45001:2018 and OSHA standards but does not constitute legal advice, certification, or a guarantee of compliance — always confirm current regulatory requirements and validate against your own management system. Created by AiGreenTools.

