Run your full Occupational Health and Safety Management System in PICMS — hazard register, RIDDOR-aware incident command centre, legal register, training matrix, internal audits, management review. UK-built around HSE expectations.
ISO 45001:2018 sits at the centre of UK construction, manufacturing, and service-sector tender packs. Auditors expect to see workers consulted, hazards identified and controlled, UK statutory law mapped, incidents handled with RIDDOR awareness, and a programme of continual improvement.
The audit conversation is fundamentally about three things: do you understand the OH&S risks workers face (hazard ID + assessment), do you know what UK law requires of you (Health and Safety at Work etc Act 1974, Management Regulations 1999, sector-specific regs), and can you prove you're actually controlling risks day-to-day (operational controls, incidents, drills, training records)?
Most UK SMEs come to 45001 with a hazard register from their first cert that hasn't been refreshed since the lockdown years, an incident book that lives in reception, RAMS produced for tenders but never reviewed in service, and a training matrix in someone's HR spreadsheet. The standard isn't asking for perfection — it's asking for a living system. PICMS makes that practical.
The 45001-specific addition: you must consult workers (not just managers) on the OH&S system. Auditors check the consultation mechanisms, the records, and what changed because of worker input.
Ongoing identification — not a one-time exercise. Routine and non-routine activities, contractor work, emergencies, human factors, organisational change. Auditors test whether your hazard register reflects current operations or last year's snapshot.
Risk evaluation methodology applied consistently. UK practice uses the 5×5 matrix (Likelihood × Severity); 45001 doesn't mandate it but auditors expect a defensible methodology with decision criteria.
UK statutory law (HSWA 1974, Management Regs 1999, COSHH 2002, CDM 2015 if applicable, Manual Handling Operations Regs, etc.), permit conditions, contractual H&S clauses, voluntary commitments. Must be current.
Identified emergency situations. Response procedures. Drill records. Lessons learned feeding back into procedures. Periodic review.
The incident-handling clause auditors care most about. Reporting, investigation (including root cause), corrective action, effectiveness verification. RIDDOR-reportable incidents must be flagged and notified to HSE within statutory deadlines.
Hazard ID with 5×5 inherent + residual scoring, control linkage, owner assignment. AI-assisted hazard suggestion based on activity descriptions.
Risk Assessments + Method Statements drafted with project context, refined via supervisor textarea, sent to clients with PDF + audit log. Version-controlled.
Voice-enabled on-site incident logging, 5-Whys investigation, automatic CAPA, RIDDOR-reportable flagging, evidence chain-of-custody.
UK H&S legal register pre-loaded (HSWA, Management Regs, COSHH, CDM, etc.). Auto-bridges new HSE updates with severity scoring.
Per-person competency matrix with expiry tracking. Inductions, toolbox talks, refresher courses. Matrix import from spreadsheet on day one.
Consultation events logged, attendees recorded, outcomes tracked. Evidence of clause 5.4 worker participation, audit-ready.
Audit programme, finding tracker, CAPA generation. Management review with the H&S-specific clause 9.3.2 inputs (incident statistics, audit findings, programme effectiveness, worker concerns).
Hazard → control → RAMS → training → incident → CAPA → audit finding → management review. The traceability auditors look for.
Auditor-credible vendors don't pretend software replaces safety culture. PICMS does not:
What PICMS does is give you, your team and your auditor a single source of truth for everything else — so the certification visit is a verification exercise, not a documentation hunt.
45001 is rarely deployed alone in the UK; the typical pattern is the 9001+14001+45001 EHSQ triad, often with 27001 added for B2B supply-chain qualification:
14 days free, full feature access, no credit card surprise. Built by an IRCA Registered Principal Auditor who's stood in front of your auditor more times than they can count.