Managing Workplace Incidents, Nonconformities and Corrective Actions Under ISO 45001
ISO 45001 Clause 10.2
Things go wrong. The standard cares about how the organisation responds and what changes as a result.
ISO 45001 Clause 10.2 - Incident, Nonconformity and Corrective Action
ISO 45001 Clause 10.2 sets out what the organisation must do when an incident or nonconformity occurs - react quickly, deal with consequences, investigate root causes, take corrective action, review effectiveness, and feed any changes into the management system.
The clause covers two types of triggers: incidents (an occurrence resulting in or capable of resulting in injury or ill-health) and nonconformities (failures to meet a requirement of the management system or the standard). Both go through the same response process. UK organisations also have parallel statutory duties to investigate accidents under HASAWA Section 2 and to report certain incidents under RIDDOR.
What Clause 10.2 Asks For
When an incident or nonconformity happens, the organisation must:
- React in a timely manner - take action to control and correct it, and deal with the consequences
- Evaluate the need for corrective action to eliminate root causes so it does not happen elsewhere or recur, by investigating the incident or reviewing the nonconformity, determining the cause, looking for similar issues already occurring or that could occur, reviewing existing OH&S risk assessments, determining and implementing the action needed (in line with operational controls and management of change), and assessing OH&S risks linked to new or changed hazards before action is taken
- Review the effectiveness of any action taken, including corrective action
- Make changes to the OH&S management system if necessary
- Involve workers and worker representatives, and other relevant interested parties, in the evaluation
Corrective actions must be appropriate to the effects and potential effects of the incident or nonconformity. Documented information must be kept on the nature of the incidents or nonconformities and the actions taken, and on the results of any action including effectiveness checks. Relevant documented information must be communicated to workers, worker representatives and other relevant interested parties.
Practical Compliance Guidance
| alphaZ document | How to use it |
|---|---|
| ISO 45001 Toolkit | Complete document set for an ISO 45001 management system, including the issues actions register and incident forms listed below. |
| ER1 Issues Actions Register | The central log for all incidents, nonconformities and corrective actions through to closure. Tracks status, owner, due date and effectiveness check. |
| F-HS13 Accident Report Form | Used to capture the immediate facts of an accident - what happened, who was involved, witnesses, injuries, initial actions. Triggers the formal investigation that follows. |
| F-HS6 Near Miss Reporting Form | For events that did not cause harm but could have. Near misses are explicitly within scope of 10.2 and feed the learning that prevents future accidents. |
| F-Q10 Significant Problem Incident Complaint | The wider non-OH&S incident form for nonconformities found through audits, customer complaints, or process failures. Feeds the same actions register. |
For more on these documents see the ISO 45001 Toolkit.
Incidents come from many places - audit findings, inspections, accidents recorded internally, customer or contractor complaints, even worker walkrounds. The accident form captures the facts in the moment, and an investigation follows for anything that needs one. RIDDOR reportable injuries always need investigation - that is a UK legal duty as well as a 10.2 requirement, and gets reported to the HSE within statutory timeframes.
The most efficient way to track incidents and nonconformities is a single actions register or non-conformance register. It can be a structured spreadsheet or an online tool like Jira. Individual forms feed into it - the accident report, the near-miss form, the audit report. The register is the single source of truth.
Pre-prepared templates for accident investigation save time when you actually need them. A blank page in the moment of crisis is no help. Have the form ready, the responsible person known, and the route to the actions register clear.
I look for evidence of a clear process for handling incidents and corrective actions. Then I sample the actions register - are open items being closed? Are root causes being identified, not just symptoms? An actions register full of items closed without effectiveness checks is a finding.
Reacting versus Correcting versus Corrective Action
The standard distinguishes three things. Reacting is the immediate response - stop the activity, isolate the area, get first aid. Correction is dealing with the symptom - clean up the spill, replace the broken guard, retrain the worker. Corrective action is dealing with the root cause - changing the process, the control, or the management system so the issue does not recur. Auditors expect to see all three for significant incidents.
Root Cause Investigation
Clause 10.2 specifically requires the organisation to determine the cause of the nonconformity or incident and consider whether similar issues exist elsewhere. Common methods include 5 Whys, fishbone (Ishikawa) diagrams, and timeline analysis for serious incidents. The depth of investigation should match the actual or potential severity - a near-miss involving a fall from height needs a deeper dive than a paper cut.
Frequently Asked Questions
UK Legislation
UK organisations have specific accident investigation and reporting duties that align with Clause 10.2.
- Health and Safety at Work etc. Act 1974
- Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)
- Management of Health and Safety at Work Regulations 1999
