What is the difference between an incident and a nonconformity in ISO 45001?

An incident is an occurrence arising out of or in the course of work that could or does result in injury or ill health. A nonconformity is a non-fulfillment of a requirement. Incidents are events (including near misses), while nonconformities are gaps in compliance with the standard or the organization's own requirements. ISO 45001 requires similar corrective action processes for both.

Does ISO 45001 require near-miss reporting?

Yes. ISO 45001 defines incidents broadly to include near misses (events that could have resulted in injury or ill health but did not). The standard requires organizations to investigate incidents, determine root causes, and take corrective action to prevent recurrence, which includes near misses.

What root cause analysis methods are recommended for ISO 45001?

ISO 45001 does not prescribe specific methods. Common approaches include the 5 Why technique, fishbone (Ishikawa) diagrams, fault tree analysis, and barrier analysis. The key requirement is that the investigation determines root causes, not just immediate causes.

ISO 45001
Incident and
Corrective Action

Clause 10.2 of ISO 45001:2018 is one of the most operationally important elements of the standard. It governs how organizations investigate incidents (including near misses), manage nonconformities identified through audits and inspections, and implement corrective actions to prevent recurrence. This clause treats every incident and nonconformity as an opportunity for improvement.

What the Standard Requires

When an incident or nonconformity occurs, the organization must react in a timely manner to control and correct it and deal with consequences, evaluate the need for corrective action to eliminate root cause(s) so it does not recur or occur elsewhere, review existing assessments of OH&S risks and other risks as appropriate, determine and implement needed action (including corrective action) using the hierarchy of controls, review effectiveness of corrective action taken, and make changes to the OHSMS if necessary.

Incident Investigation

Best Practices for Investigation

Investigate all incidents including near misses — near misses are free lessons
Use incident management software for consistent reporting, investigation, and tracking
Apply root cause analysis methodologies (5 Why, fishbone diagrams, fault tree analysis)
Involve workers in investigations — those closest to the work understand the contributing factors
Focus on systemic causes, not individual blame
Complete investigations promptly while evidence and memories are fresh

Corrective Action

Best Practices for Corrective Action

Address root causes, not just symptoms or immediate causes
Set deadlines for corrective actions and track completion
Verify effectiveness of corrective actions after implementation (not just completion)
Share lessons learned across the organization to prevent similar incidents elsewhere
Consider whether changes to the OHSMS (procedures, training, controls) are needed
Create a culture where reporting near misses is encouraged and recognized

Common Pitfall: Many organizations focus only on incident investigations and neglect nonconformities found through audits, inspections, and management reviews. ISO 45001 requires the same corrective action rigor for all nonconformities, not just incidents that cause injury.

Common Pitfalls

Stopping at the immediate cause rather than digging to root causes
Not following up to verify corrective action effectiveness
Failing to share lessons learned beyond the immediate work area
Creating a punitive culture that discourages incident and near-miss reporting

How Ecesis ISO 45001 Software Helps: Ecesis Incident Management Software provides standardized reporting, root cause investigation tools, corrective action tracking with verification, and organization-wide lessons learned distribution. Learn more about our ISO 45001 software →

What Is Ecesis?

Ecesis is a leading EHS Software Solution that has been helping companies around the world reach their EHS goals since 1993.

About Us

Why Ecesis Join Our Team Pricing Resources EHS Blog

Get in Touch

1499 West 120^th Avenue
Suite 110
Westminster, CO 80234
(720) 547-5102 (866) 733-6912 Click To Email Us

ISO 45001Incident andCorrective Action