ISO 45001 Risk Register Review

Inspection template for reviewing an ISO 45001 occupational health and safety risk register, including hazards, controls, residual risk, and action tracking.

Register Scope and Document Control

• Risk register has a current revision date and document owner
  Verify the register shows the latest revision, approval status, and accountable owner.
• Scope covers all relevant sites, tasks, and non-routine activities
  Check that the register includes routine operations, maintenance, shutdowns, cleaning, and other non-routine work.
• Changes since last review are captured and dated
  Confirm new equipment, processes, incidents, or organizational changes have been reflected in the register.
• Review frequency meets internal procedure and ISO 45001 expectations
  Verify the review cadence is defined and being followed.

Hazard Identification

• Hazards are described in observable, specific terms
  Hazards should be stated in a way that supports control selection, such as pinch points, energized conductors, or vehicle-pedestrian interaction.
• Hazards include routine, non-routine, and emergency scenarios
  Check for normal operations, maintenance, startup/shutdown, cleaning, spill response, and emergency conditions.
• Affected persons and exposure groups are identified
  Confirm the register identifies who may be exposed to each hazard.
• Hazards consider human factors, ergonomics, and psychosocial risks where applicable
  Review whether repetitive motion, manual handling, fatigue, stress, or workload-related risks are captured when relevant.
• Legal and other requirements are reflected for identified hazards
  Confirm the hazard list references applicable legal or other requirements tied to the risk.

Controls and Risk Reduction

• Controls follow the hierarchy of controls
  Assess whether higher-order controls are used before relying on PPE or procedures.
• Existing controls are specific and measurable
  Controls should be written clearly enough to verify implementation, such as guarding, interlocks, permits, or LOTO.
• Controls are implemented and verified in practice
  Confirm controls are not just documented but actually in place and used by workers and supervisors.
• PPE requirements are defined where residual risk remains
  Check that PPE is specified only as part of the control set and matches the hazard.
• Critical controls have monitoring or verification methods
  Verify that high-risk controls are checked by inspection, testing, permit review, or supervision.

Residual Risk and Risk Rating

• Initial and residual risk ratings are both recorded
  Check that the register shows risk before controls and after controls.
• Risk rating methodology is defined and used consistently
  Verify severity, likelihood, and any matrix rules are applied consistently across entries.
• Residual risk remains within acceptable tolerance or is escalated
  Determine whether the remaining risk is acceptable to management or requires further action.
• High residual risks have documented approval or escalation
  Confirm that any high or extreme residual risk is formally accepted by the appropriate authority.

Action Tracking and Closure

• Each open action has an assigned owner and due date
  Confirm every action item is assigned to a responsible person with a target completion date.
• Overdue actions are identified and escalated
  Check whether overdue items are tracked and escalated according to procedure.
• Action closure has objective evidence
  Verify closure is supported by inspection records, photos, training logs, test results, or updated procedures.
• Open actions are prioritized by risk level
  Assess whether the action plan focuses first on the highest-risk items.