The Five Steps in Health and Safety: A Complete International Guide to Complianc

A systematic approach to achieving and maintaining OHS compliance across UK and international operations

Health and safety compliance is not simply a legal obligation. It is foundational to protecting workers, sustaining business operations, and building organisational reputation. The International Labour Organization reports over 2.78 million annual fatalities from work-related incidents and diseases globally, alongside hundreds of millions of non-fatal injuries and illnesses. Behind these statistics are real people, real families, and real businesses facing preventable harm.

For organisations operating across multiple jurisdictions, compliance becomes increasingly complex. Different countries have different legal frameworks, enforcement approaches, and cultural expectations around workplace safety. What constitutes compliance in the UK may not fully address requirements in Germany, Australia, or the United States. Yet the fundamental goal remains the same everywhere: preventing workplace injuries, illnesses, and fatalities through systematic management of health and safety risks.

This guide provides a comprehensive framework for improving health and safety compliance that works across jurisdictions. Built on internationally recognised principles and aligned with ISO 45001, it offers practical steps that international health and safety consultants recommend for organisations seeking to strengthen their compliance position. Whether you are establishing a compliance programme for the first time or seeking to enhance existing arrangements, this systematic approach will help you achieve and maintain the standards your workers deserve.

The Five Steps to Improved Compliance

Effective health and safety compliance follows a logical sequence that applies regardless of jurisdiction, industry, or organisational size. This five-step framework provides the structure for systematic improvement:

1. Identify hazards and assess risks
2. Implement controls
3. Communicate and train
4. Monitor and review
5. Establish a health and safety management system

These steps align with the Plan-Do-Check-Act (PDCA) cycle that underpins ISO 45001 and most modern health and safety management approaches. They represent not a one-time project but an ongoing cycle of continuous improvement. Let us examine each step in detail.

Step 1: Identify Hazards and Assess Risks

The foundation of compliance is understanding what can go wrong. Hazard identification and risk assessment form the 'Plan' phase of the PDCA cycle and are legal requirements in virtually every jurisdiction. Without knowing your hazards and risks, you cannot effectively protect your workforce.

Conducting Thorough Hazard Identification

Effective hazard identification requires multiple approaches used together. No single method will capture everything. A comprehensive approach includes workplace inspections (systematic walkthrough of all work areas), task analysis (examining each work activity for associated hazards), incident review (learning from past accidents, near misses, and ill health), worker consultation (those doing the work often know the hazards best), and external information (industry guidance, manufacturer instructions, regulatory requirements).

Consider the full range of hazard categories:

• Physical hazards: machinery, vehicles, working at height, electricity, noise, vibration, temperature extremes
• Chemical hazards: hazardous substances, dusts, fumes, gases
• Biological hazards: bacteria, viruses, fungi, bloodborne pathogens
• Ergonomic hazards: manual handling, repetitive movements, workstation design
• Psychosocial hazards: workload, workplace relationships, job design, organisational change

Assessing Risk: Likelihood and Consequence

Once hazards are identified, assess the associated risks. Risk assessment evaluates how likely it is that someone will be harmed by the hazard and how serious that harm could be. This enables prioritisation of effort and resources towards the most significant risks.

For each hazard, consider:

• Who might be harmed? Employees, contractors, visitors, members of the public, vulnerable individuals
• How might they be harmed? The mechanism of injury or ill health
• How likely is it? Considering frequency of exposure, existing controls, human factors
• How severe could it be? From minor injury to fatality, from temporary discomfort to permanent disability

Document your assessments. Written risk assessments are a legal requirement in the UK for employers with five or more employees and are required or recommended in most jurisdictions. Even where not legally mandated, documented assessments provide evidence of due diligence, a basis for communication and training, and a benchmark for review.

Step 2: Implement Controls

Identifying risks is only valuable if you act on the findings. Implementing controls moves from the 'Plan' phase into 'Do'. The goal is to eliminate risks where possible, or reduce them to an acceptable level where elimination is not reasonably practicable.

The Hierarchy of Controls

The hierarchy of controls is a universally recognised principle for selecting risk control measures. It prioritises more effective controls over less effective ones. International health and safety consultants consistently recommend working through the hierarchy in order:

1. Elimination: Remove the hazard entirely. Can the hazardous substance be removed from the process? Can the task be eliminated through redesign? This is the most effective control.
2. Substitution: Replace with something less hazardous. Can a safer chemical be used? Can a safer process achieve the same outcome?
3. Engineering controls: Physical measures that reduce risk. Guards on machinery, local exhaust ventilation, isolation of hazardous areas, ergonomic equipment design.
4. Administrative controls: Procedures and practices that reduce exposure. Safe systems of work, job rotation, permit-to-work systems, scheduling to limit exposure time.
5. Personal protective equipment (PPE): Equipment worn by the individual. Helmets, gloves, respiratory protection, hearing protection. The least effective control and last resort.

In practice, most situations require a combination of controls. PPE should never be the primary control measure where other options are available, but it often supplements higher-level controls.

Practical Implementation

Effective control implementation requires clear ownership and accountability (who is responsible for each control?), adequate resources (budget, equipment, time), realistic timescales (prioritising by risk level), and verification that controls are working (testing, inspection, observation). Track implementation systematically. Use action plans that specify what needs to be done, by whom, by when, and how completion will be verified.

Step 3: Communicate and Train

The best risk assessments and control measures are worthless if workers do not know about them or do not know how to work safely. Communication and training are essential for translating compliance systems into actual safe behaviour in the workplace.

Effective Communication

Health and safety communication works in multiple directions. Top-down communication conveys policies, procedures, and expectations from management to workers. Bottom-up communication enables workers to report hazards, suggest improvements, and raise concerns. Horizontal communication shares knowledge between teams, shifts, and locations.

Use multiple channels to ensure messages reach everyone:

• Written information: policies, procedures, signage, safety data sheets, toolbox talk materials
• Verbal communication: team briefings, toolbox talks, one-to-one conversations, safety meetings
• Visual communication: posters, warning signs, floor markings, demonstration videos
• Digital communication: intranet, apps, electronic displays, online portals

For international operations, consider language requirements. Materials may need translation, and training may need delivery in multiple languages. Cultural factors also influence how safety messages are received and acted upon.

Training Requirements

Training needs vary by role, but all workers need some level of health and safety training. This typically includes induction training (for new starters, covering general site hazards and emergency procedures), job-specific training (safe systems of work for their particular tasks), equipment training (safe use of machinery, tools, and PPE), and refresher training (maintaining competence over time).

Certain roles require specialist training. Supervisors need skills in supervising safe work. Safety representatives need training in their duties. Those conducting risk assessments, investigating incidents, or conducting health and safety audits need appropriate competencies. Keep records of all training delivered, demonstrating that workers have the knowledge and skills to work safely.

Step 4: Monitor and Review

Implementation is not the end of the compliance journey. The 'Check' phase of the PDCA cycle requires ongoing monitoring to verify that controls are working, that compliance is being maintained, and that new hazards are identified as they emerge.

Active Monitoring

Active monitoring checks that the system is working before things go wrong. This includes regular workplace inspections (checking physical conditions, housekeeping, equipment condition), behavioural observations (watching how work is actually done), compliance audits (systematic examination against standards and procedures), and health surveillance (monitoring workers for early signs of work-related ill health).

Reactive Monitoring

Reactive monitoring learns from things that have gone wrong. This includes incident investigation (determining root causes of accidents, near misses, and ill health), trend analysis (identifying patterns in incident data), absence monitoring (tracking sickness absence, particularly work-related conditions), and complaints and concerns (feedback from workers, customers, regulators).

Health and Safety Audits

Health and safety audits provide a systematic, independent examination of compliance status. Internal audits conducted by trained staff provide regular assurance. External audits by third parties (consultants, certification bodies, regulators) provide independent verification. Audit programmes should cover all aspects of the management system over time, with frequency based on risk and previous performance.

Review and Update

Risk assessments and control measures need regular review. As a minimum, review when there is reason to believe they may no longer be valid, after incidents or near misses, when there are significant changes (new equipment, processes, substances, or work organisation), and at planned intervals (commonly annually). Monitoring data, audit findings, and incident learnings should all feed into the review process, driving continuous improvement.

Step 5: Establish a Health and Safety Management System

While the previous four steps can be implemented incrementally, sustainable compliance requires a formal health and safety management system that coordinates all activities into a coherent whole. A management system provides the structure for the 'Act' phase: taking corrective actions and continually improving.

ISO 45001: The International Standard

ISO 45001:2018 is the internationally recognised standard for occupational health and safety management systems. Published by the International Organization for Standardization in March 2018, it replaced OHSAS 18001 and provides a framework applicable to organisations of any size, in any industry, anywhere in the world.

ISO 45001 is structured around the PDCA cycle and covers:

• Context of the organisation: Understanding internal and external factors affecting OHS performance
• Leadership and worker participation: Top management commitment and worker involvement at all levels
• Planning: Risk and opportunity identification, OHS objectives, action planning
• Support: Resources, competence, awareness, communication, documented information
• Operation: Operational planning and control, emergency preparedness, management of change
• Performance evaluation: Monitoring, measurement, analysis, evaluation, internal audit, management review
• Improvement: Incident management, nonconformity, corrective action, continual improvement

Key Elements of an Effective Management System

Whether or not you pursue formal ISO 45001 certification, an effective management system includes clear policy (setting out the organisation's commitment and direction), defined roles and responsibilities (who does what, with what authority and accountability), objectives and targets (specific, measurable goals for improvement), documented procedures (consistent approaches to key activities), competent people (training and qualification requirements), and management review (leadership oversight and decision-making).

Benefits of a Formal Management System

Implementing a formal health and safety management system delivers multiple benefits:

• Risk reduction: Systematic identification and mitigation of hazards reduces the likelihood of incidents
• Legal compliance: Structured approach helps ensure all legal requirements are met
• Consistency: Standardised processes across locations and over time
• Efficiency: Optimised resource allocation and reduced duplication
• Stakeholder confidence: Demonstrated commitment to safety for workers, customers, regulators, and investors
• Continuous improvement: Built-in mechanisms for ongoing enhancement of performance

Health and Safety Consultants and Software: Enabling Compliance at Scale

For organisations with multiple sites, large workforces, or complex operations, managing compliance manually becomes increasingly difficult. Health and safety consultants and software solutions work together to provide the expertise and tools needed for effective compliance management at scale.

Software capabilities that support compliance include:

• Risk assessment management: Templates, workflows, approval processes, and revision control
• Action tracking: Assigning, monitoring, escalating, and closing corrective actions
• Incident reporting: Online reporting, investigation workflows, root cause analysis
• Audit management: Scheduling, conducting, reporting, and tracking health and safety audits
• Training records: Tracking competency requirements, training delivery, certification expiry
• Document control: Version control, approval, distribution, and access management
• Reporting and analytics: Dashboards, KPIs, trend analysis, regulatory reporting
• Multi-site consolidation: Aggregating data across locations for enterprise visibility

For global health and safety consultants supporting international operations, software enables consistent approaches across jurisdictions while accommodating local requirements. Multi-language capabilities and configurable workflows adapt to different regulatory contexts.

International Compliance Considerations

While the five-step framework applies universally, organisations operating internationally must navigate different regulatory requirements, enforcement approaches, and cultural factors in each jurisdiction.

Key considerations for international compliance include:

• Legal requirements: Understand the specific legal obligations in each country. What is mandatory versus recommended? What are the penalties for non-compliance? How active is enforcement?
• Cultural factors: Safety culture varies between countries. Attitudes to hierarchy, individual versus collective responsibility, and willingness to report concerns all influence how safety systems work in practice.
• Language: Policies, procedures, training, and communication need to be accessible in local languages. Translation is not enough; materials should be culturally adapted.
• Standards alignment: ISO 45001 provides a common framework, but local standards (such as US OSHA regulations, German BG rules, or Australian WHS codes) may have specific additional requirements.
• Worker participation: Requirements for consultation, safety committees, and worker representation vary significantly between countries.

The most effective approach is often to establish global minimum standards based on best practice (typically meeting or exceeding the most stringent requirements encountered) while ensuring compliance with local legal requirements in each jurisdiction. This provides consistency and simplifies management while avoiding legal non-compliance.

How Arinite Can Help

At Arinite, we are experienced international health and safety consultants who help organisations achieve and maintain compliance across their operations. Our team of Chartered (CMIOSH) consultants provides comprehensive support for compliance improvement in the UK and internationally.

Our compliance services include:

• Gap analysis and compliance assessments against UK and international requirements
• Risk assessment development and review
• Health and safety management system development aligned with ISO 45001
• Health and safety audits (internal and independent)
• Training needs analysis and programme development
• Policy and procedure development
• Software selection and implementation support
• ISO 45001 implementation and certification preparation
• International guidance on compliance requirements across jurisdictions

With experience supporting over 1,500 UK businesses and operations in more than 50 countries, we understand that compliance is not a destination but a journey of continuous improvement. Whether you are starting from scratch or seeking to enhance mature systems, our approach is practical, proportionate, and focused on what actually protects workers. We call it "Keeping It Simple."

Ready to Improve Your Compliance? Whether you need gap analysis, risk assessments, management system development, health and safety audits, or international compliance guidance, our Chartered consultants can help. Book a free 30-minute Gap Analysis Call to discuss your needs.