Loading...
compliance

ISO 45001 Risk Register Review

Review your ISO 45001 risk register in one pass, with clear checks for hazards, controls, residual risk, and action tracking. Use it to catch gaps before they become audit findings or unmanaged workplace risk.

Fill it now — Free Get Started
Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Manufacturing · Construction · Warehousing And Logistics · Utilities · Food Processing

Overview

This ISO 45001 Risk Register Review template is for checking whether your occupational health and safety risk register is complete, current, and usable. It walks through scope and document control, hazard identification, controls and risk reduction, residual risk rating, and action tracking so you can verify the register reflects real work and real risk.

Use it when you need to review an existing register before an internal audit, management review, site visit, or after a change such as new equipment, a revised task, an incident, or a new work area. It is especially useful when multiple people contribute to the register and you need a consistent way to confirm that hazards are described clearly, controls are specific, and open actions are owned and dated.

Do not use it as a substitute for a task-specific risk assessment, JSA, or pre-job briefing. If the work is highly dynamic, the register review should support those tools, not replace them. It is also not the right tool for purely administrative issues unless they create a genuine occupational health and safety exposure. The value of this template is that it forces a practical review of what is actually in the register, what has changed, what remains unresolved, and whether residual risk has been accepted or escalated appropriately.

Standards & compliance context

  • The template supports ISO 45001 risk-based planning by documenting hazards, controls, residual risk, and corrective action follow-up in a traceable format.
  • It aligns with general OSHA and ANSI/ASSP expectations for hazard identification, control verification, and management of change by making the register a living record rather than a static list.
  • For construction, agriculture, or general industry programs, the review can be used alongside applicable OSHA standards to confirm that task hazards and controls are reflected in the register.
  • Where chemical, fire, or life-safety exposures are present, the review can be cross-checked against NFPA, CDC, or EPA-related requirements and site procedures as applicable.
  • If your organization uses a formal risk acceptance threshold, the template helps document escalation and approval for residual risks that remain above tolerance.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Register Scope and Document Control

This section matters because a risk register that is out of date or out of scope cannot be trusted as evidence of control.

  • Risk register has a current revision date and document owner (critical · weight 3.0)
    Verify the register shows the latest revision, approval status, and accountable owner.
  • Scope covers all relevant sites, tasks, and non-routine activities (critical · weight 3.0)
    Check that the register includes routine operations, maintenance, shutdowns, cleaning, and other non-routine work.
  • Changes since last review are captured and dated (critical · weight 3.0)
    Confirm new equipment, processes, incidents, or organizational changes have been reflected in the register.
  • Review frequency meets internal procedure and ISO 45001 expectations (weight 3.0)
    Verify the review cadence is defined and being followed.

Hazard Identification

This section matters because vague hazard statements hide exposure and make it impossible to verify whether the right controls are in place.

  • Hazards are described in observable, specific terms (critical · weight 4.0)
    Hazards should be stated in a way that supports control selection, such as pinch points, energized conductors, or vehicle-pedestrian interaction.
  • Hazards include routine, non-routine, and emergency scenarios (critical · weight 4.0)
    Check for normal operations, maintenance, startup/shutdown, cleaning, spill response, and emergency conditions.
  • Affected persons and exposure groups are identified (weight 4.0)
    Confirm the register identifies who may be exposed to each hazard.
  • Hazards consider human factors, ergonomics, and psychosocial risks where applicable (weight 4.0)
    Review whether repetitive motion, manual handling, fatigue, stress, or workload-related risks are captured when relevant.
  • Legal and other requirements are reflected for identified hazards (weight 4.0)
    Confirm the hazard list references applicable legal or other requirements tied to the risk.

Controls and Risk Reduction

This section matters because the register should show how risk is reduced in practice, not just list generic safety rules.

  • Controls follow the hierarchy of controls (critical · weight 5.0)
    Assess whether higher-order controls are used before relying on PPE or procedures.
  • Existing controls are specific and measurable (critical · weight 5.0)
    Controls should be written clearly enough to verify implementation, such as guarding, interlocks, permits, or LOTO.
  • Controls are implemented and verified in practice (critical · weight 5.0)
    Confirm controls are not just documented but actually in place and used by workers and supervisors.
  • PPE requirements are defined where residual risk remains (weight 5.0)
    Check that PPE is specified only as part of the control set and matches the hazard.
  • Critical controls have monitoring or verification methods (critical · weight 5.0)
    Verify that high-risk controls are checked by inspection, testing, permit review, or supervision.

Residual Risk and Risk Rating

This section matters because the difference between initial and residual risk shows whether the controls actually reduce exposure to an acceptable level.

  • Initial and residual risk ratings are both recorded (critical · weight 5.0)
    Check that the register shows risk before controls and after controls.
  • Risk rating methodology is defined and used consistently (critical · weight 5.0)
    Verify severity, likelihood, and any matrix rules are applied consistently across entries.
  • Residual risk remains within acceptable tolerance or is escalated (critical · weight 5.0)
    Determine whether the remaining risk is acceptable to management or requires further action.
  • High residual risks have documented approval or escalation (critical · weight 5.0)
    Confirm that any high or extreme residual risk is formally accepted by the appropriate authority.

Action Tracking and Closure

This section matters because unresolved actions are where known risk stays open, so ownership and closure evidence must be clear.

  • Each open action has an assigned owner and due date (critical · weight 4.0)
    Confirm every action item is assigned to a responsible person with a target completion date.
  • Overdue actions are identified and escalated (critical · weight 4.0)
    Check whether overdue items are tracked and escalated according to procedure.
  • Action closure has objective evidence (weight 4.0)
    Verify closure is supported by inspection records, photos, training logs, test results, or updated procedures.
  • Open actions are prioritized by risk level (weight 3.0)
    Assess whether the action plan focuses first on the highest-risk items.

How to use this template

  1. 1. Confirm the register scope, owner, revision date, and review cadence, then verify that all relevant sites, tasks, and non-routine activities are included.
  2. 2. Walk through each hazard entry and rewrite any vague descriptions into observable terms that identify the task, exposure, and affected persons.
  3. 3. Check each control against the hierarchy of controls and confirm that engineering, administrative, and PPE measures are specific, implemented, and verified in practice.
  4. 4. Compare initial and residual risk ratings to the documented methodology and escalate any high residual risks that exceed your tolerance threshold.
  5. 5. Review every open action for an owner, due date, priority, and objective closure evidence, then escalate overdue items based on risk level.
  6. 6. Record changes, approvals, and follow-up actions so the register can be used as audit evidence and as the basis for the next review cycle.

Best practices

  • Use observable hazard language, such as the task, energy source, or exposure pathway, instead of broad labels like "manual handling" or "general housekeeping."
  • Verify controls in the field, not just on paper, and note whether the safeguard is present, maintained, and used as intended.
  • Treat critical controls separately and define how each one is monitored, tested, or inspected so failures are visible before an incident occurs.
  • Document both initial and residual risk ratings using the same method every time, or the comparison will not be meaningful.
  • Escalate high residual risks with a named approver and a clear interim control plan rather than leaving them open without decision.
  • Close actions only with objective evidence such as photos, inspection records, training logs, or updated procedures, not verbal confirmation.
  • Include non-routine work, maintenance, cleaning, startup, shutdown, and emergency response scenarios because those are often where the register is weakest.

What this template typically catches

Issues teams running this template most often surface in practice:

Hazards are written too broadly, such as "slips and trips," without identifying the specific surface, task, or exposure condition.
Controls are listed as policies or training only, with no physical safeguard, inspection, or verification method documented.
Residual risk is recorded, but the risk matrix or rating logic is missing or applied inconsistently across similar hazards.
Open actions have no assigned owner, no due date, or no escalation path when they become overdue.
Critical controls are present in the register but are not checked in the field or monitored on a defined schedule.
Non-routine activities such as maintenance, cleaning, changeovers, or emergency response are missing from the scope.
High residual risks remain open without documented approval, interim controls, or management escalation.
Closure evidence is incomplete, such as a note that an action is done without photos, records, or updated documents.

Common use cases

Plant EHS Manager Reviewing a Production Line Register
Use the template to verify that machine guarding, LOTO, forklift traffic, and maintenance-related hazards are captured for a specific line. It helps confirm that controls are real, residual risk is acceptable, and open actions are assigned before the next audit.
Construction Safety Lead Checking a Site Risk Register
Apply the review to confirm that work-at-height, lifting, excavation, and temporary power hazards are documented for the current phase of work. It is useful when the site changes quickly and the register must stay aligned with the active scope.
Warehouse Supervisor Reviewing Material Handling Risks
Use the template to check pedestrian-vehicle separation, pallet stability, racking damage, and manual handling controls. It helps the supervisor spot missing follow-up on recurring near misses and overdue corrective actions.
Food Processing EHS Coordinator Preparing for an ISO Audit
Review sanitation, chemical handling, slip hazards, and maintenance shutdown risks before the audit team arrives. The template helps show that the register reflects actual plant conditions and that actions are tracked to closure.

Frequently asked questions

What is included in this ISO 45001 risk register review template?

It covers the core elements an auditor or safety lead expects to see in a risk register review: scope and document control, hazard identification, controls and risk reduction, residual risk rating, and action tracking. The template is designed to verify that the register is current, complete, and tied to real work activities. It also helps you spot missing owners, overdue actions, and weak control verification.

How often should this risk register review be completed?

Use it on the cadence defined by your internal OHS procedure, and repeat it after significant changes such as new equipment, process changes, incidents, or new work locations. ISO 45001 expects risk information to stay current, so the review should not be treated as a once-a-year paperwork exercise. Many organizations also use it before management review or external audits.

Who should run the review?

A competent person with knowledge of the work, hazards, and controls should lead it, usually with input from supervisors, workers, EHS staff, and process owners. The best reviews include people who actually perform the tasks, because they can confirm whether controls work in practice. For higher-risk areas, involve the person responsible for critical controls or escalation.

Does this template align with ISO 45001 requirements?

Yes, it is structured to support ISO 45001-style risk-based thinking, documented hazard identification, control evaluation, and action follow-up. It is not a certification document by itself, but it helps you maintain the evidence auditors look for. You can also adapt it to fit your organization’s risk methodology and document control process.

What are the most common mistakes this review catches?

Common issues include vague hazard descriptions, controls listed as policies instead of actual safeguards, missing residual risk ratings, and open actions with no owner or due date. Another frequent problem is failing to update the register after non-routine work, incidents, or changes in equipment. The template helps surface these gaps before they show up as non-conformances.

Can I customize the risk rating method in this template?

Yes, the template should be adapted to your organization’s risk matrix, tolerance thresholds, and escalation rules. Some teams use a simple likelihood-severity matrix, while others add exposure frequency or detectability. The important part is consistency: the same method should be used across similar hazards and reviewed by the same decision rules.

How does this differ from an ad-hoc safety walk or incident review?

An ad-hoc walk may identify hazards, but it often does not verify document control, residual risk logic, or action closure discipline. This template is built to review the register as a managed system record, not just a list of hazards. That makes it better for audit readiness, trend tracking, and making sure corrective actions are actually closed.

Can this template be used across multiple sites or departments?

Yes, as long as the scope clearly covers each site, task group, and non-routine activity that applies. Multi-site organizations often use one master format with site-specific entries or tabs so local hazards and controls are not lost. The key is to avoid a generic register that misses location-specific exposures.

Related templates

Inspections

Field Service Pre-Job Site Survey

Field Service Pre-Job Site Survey template helps you confirm site hazards, access, permits, and c...
Inspections

Lathe Daily Pre-Op Inspection

Daily pre-op inspection for a manual lathe that checks the chuck, tool post, tailstock, guards, a...
Forms

Hazard / Near-Miss Report

Capture hazards and near-misses before they become incidents, with fields for location, timing, e...
Sop

Lockout/Tagout (LOTO) Energy Isolation

Lockout/Tagout (LOTO) Energy Isolation is a six-step SOP for shutting down equipment, isolating e...
Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...
Workspace

Customer Onboarding

Customer Onboarding workspace template for guiding a new customer from kickoff through launch and...

Ready to use this template?

Get started with MangoApps and use ISO 45001 Risk Register Review with your team — pricing built for small business.

Get Started Customize with AI
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate