Management system guidance

10.0 Improvement

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

10.2 Accident and incident investigation

ISO 45001 Clause 10.2 requires your organization to establish, implement and maintain a process(es), including reporting, investigating and taking action, to determine and manage incidents (e.g. injury, ill health, or near-miss, damage to buildings or vehicles) and nonconformities (e.g. non-fulfilment of legal or other requirements, procedures not being followed). Separate processes often exist for incident investigations and nonconformity management. We recommend maintaining separate processes for each.

The definitions given in ISO 45001 are helpful in understanding the differences in terms, but put simply, this clause addresses the need to manage things that either could have gone wrong or actually have gone wrong. Your organisation needs to put in place systems which enable the capture and evaluation of non-harm events, so that appropriate corrective and preventive actions can be implemented, which either aim to prevent occurrence, or the recurrence of the incident.

Your procedures need to ensure that proper control is exercised over the reporting and investigation of incidents and nonconformances, that any immediate actions are put in place, and that any longer-term corrective actions are initiated and completed. The procedures need to define responsibilities for those involved at all stages of the process.

First response

When an incident (e.g. injury, ill health, or near-miss, damage to buildings or vehicles) occurs, immediate action is taken in order to make the situation safe and prevent further injury and to help, treat and if necessary, rescue injured persons. The first person aware of an incident must act, where safe to do so, to prevent further harm to people, product quality or supply, the environment, property, reputation or a combination of these and complete the following actions:

  1. Assess the situation and provide assistance and resources where necessary;
  2. Confirm that appropriate action has been taken to the extent practicable to prevent further harm;
  3. Determine the actual and potential severity of the incident and notify the incident hotline and other relevant stakeholders;
  4. Follow the relevant incident and emergency response plan when it is an emergency situation;
  5. Where a notifiable or high potential incident has occurred, preserve the incident scene to obtain any relevant evidence;
  6. Document any initial response taken to control the incident.

When summoning emergency assistance via telephone, the caller must keep calm, avoid panic and clearly state the following information:

  1. Location of the incident;
  2. Nature of the incident, how many persons are injured, any fire or hazardous chemical spillage;
  3. Nature of the incident, the seriousness of the injured e.g. bleeding or bone fracture;
  4. Name, department, telephone number of the caller.

The injured person should not be moved unless his location exposes him to further risk of injury. The general approach to a seriously injured person is to render comfort, and only treatment that is necessary to preserve life until trained medical help arrives. After the incident, details should be given to the attending emergency services personnel in order to assist them for follow-up action.

Preserve the incident scene

Preserving the incident scene enables the collection of evidence to ensure the outcomes of the investigation are factual and enable the identification of causes. In the case of a notifiable or high potential incident, the first person aware or any other worker involved must facilitate events at the incident scene so that equipment, plant, process, machinery or other associated plant connected with the incident are not disturbed

Inspect the incident scene

Data needs to be gathered and records maintained of all stages in the investigation process. It is vital that relevant corrective action be put in place to address problem that have arisen. This action should be reviewed through the risk assessment process prior to implementation; after all, the intention is not to make an unsafe situation worse!

But it is vital that unsafe situations are made safe as soon as practicable, which means that corrective action may take place in a number of phases with immediate action to prevent further harm, and medium or longer-term action, dependent on the programme needed, to prevent recurrence of the issue.

Collate clear and accurate information to begin the investigation process. It is important when investigating incidents not to allocate blame. If attempts are made to apportion blame, people who might otherwise provide useful information and guidance on remedial action needed, will simply become defensive. The results could affect:

  1. Witnesses not revealing all of the circumstances and events surrounding the incident;
  2. Deliberate obstruction or provision of false information and;
  3. The removal of relevant information, documents or evidence.

The investigation must remain impartial and objective if all of the causes are to be established. For the incident investigation to be successful in identifying all of the causes of the incident, it will be necessary to establish the events and circumstances leading up to the incident. The types of events and circumstances leading up to the incidents, which are relevant for the investigation, may include:

  1. The system of work currently in place;
  2. The instructions given for the work;
  3. Variations from instructions or safe work systems.

Workplace conditions such as lighting, floor surfaces, stair treads and handrails, warning signs, and temperature and weather, if the incident occurred outside the exact location of the incident, with sufficient detail for the area to be readily identified by somebody else reading the report.

Find the root-cause

Corrective actions and root-cause analysis can be triggered through injury, ill health, or near-miss, damage to buildings or vehicles, worker complaints, internal or external audits, management reviews, and observations by staff. As the first step in the incident management process, the root-cause of the incident and its contributing factors should be determined and the effectiveness of the subsequent corrective action should be monitored and evaluated.

Collect all information and facts which surround the incident. Immediate causes are obvious and easy to find. They are brought about by unsafe acts and conditions and are the active failures. Unsafe acts show poor safety attitudes and indicate a lack of proper training. These unsafe acts and conditions are brought about by the so called ‘root-causes’ and are the latent failures and are brought about by failures in the organisation and its safety management system.

Following the collation of all facts related to the incident the factors that contributed to the incident must be identified. Investigation outcomes are considered around non-contributing factors, absent/failed defences, individual/team actions, team/environmental conditions and organisational factors. Upon identification of the findings, recommendations for corrective actions are developed.

After analyzing the causes, review the incident, step-by-step, from the moment of the occurrence, listing the causes as they happened in each step and ensure that any conclusions are supported by direct evidence (physical or documented) or based on eyewitness accounts, or if it is based on assumptions.

Analysis of accident reports suggests that many accidents are related to breakdowns in areas such as training, competence, planning and implementation of tasks, maintenance of equipment etc. The analysis should include such things as accidents, injuries, lost time, ill-health absence, absenteeism, types of damage etc. The results of the analysis need to be communicated to all relevant interested parties.

Implement corrective action

Corrective actions to address the root-cause(s) of an incident are taken from the hierarchy of controls and may include the following remedial actions; eliminating hazards; substituting with less hazardous materials; redesigning or modifying equipment or tools; developing procedures; improving the competence of affected workers; changing the frequency of use; using personal protective equipment.

The timing and priority of any corrective action should be based on the risk of reoccurrence involved. Workers must be consulted in determining the recommended actions and solutions where required.

Monitor and review

Incidents should be reviewed during health and safety meetings in order to identify any trends that might reveal areas for improvements. The Health and Safety Manager is usually responsible for the collection, examination and analysis of all incident data in order to establish incident trends and near miss situations in order to direct incident correction or prevention activities to areas of concern.

Your organization should use the information gained from incident statistics to measure trends over a period of time so that the organization has an indication of whether it is improving, stable or deteriorating with regards to health and safety performance. The incident investigation process itself should be examined from time to time to check that it consistently delivers information in accordance with the stated objectives and standards.

When reviewing the effectiveness of the incident investigation process, consider the results of investigations and their analysis, and the operation of the investigation system in terms of quality and effectiveness. This is achieved by checking samples of investigation forms to verify the standard of investigation and the judgements made about causation and prioritisation of corrective actions.

Regulatory reporting

Your organization legally obligated to comply with all the statutory reporting requirements. These arrangements oblige your organization to report the details of certain incidents to the relevant enforcing authority. Any RIDDOR-reportable injury, disease or dangerous occurrence, or any incident where the environment outside the works boundary has been affected, or Local Authority Emergency Service(s) have been involved, or neighbour or media interest has been attracted, and:

  1. Incidents resulting in loss of life which are reported immediately;
  2. Incidents resulting in a worker taking a number of days off work due to injury;
  3. Incidents involving damage or potential damage to dangerous items of plant.

Where an incident is classified as a RIDDOR incident e.g. Major incidents/illnesses (work related) involving 7 days’ or more absence from work must be reported in writing to the HSE within 15 days of the incident occurring. Regulatory reporting of incidents must be undertaken in context of the guidance provided on the Health & Safety Executive’s website.

Insurance and claims reporting

Your organization’s insurer must also be notified of any RIDDOR or significant incident which could give rise to a claim. Any such incidents are also reported to your insurers and any subsequent investigation and relevant documentation is submitted to them on request.

More information on PDCA



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities
    5.4 Consultation & Participation


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
6.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
7.1 Resources 7.1 Resources 7.1 Resources
7.2 Competence 7.2 Competence 7.2 Competence
7.3 Awareness 7.3 Awareness 7.3 Awareness
7.4 Communcation 7.4.1 Communcation - General 7.4.1 Communcation - General
7.5 Documented Information 7.4.2 Internal Communcation 7.4.2 Internal Communcation
  7.4.3 External Communcation 7.4.3 External Communcation
  7.5 Documented Information 7.5 Documented Information


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
8.1 Operational Planning & Control 8.1 Operational Planning & Control 8.1.1 General
8.2 Customer Requirements 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.3 Design & Development   8.1.3 Management of Change
8.4 Purchasing   8.1.4 Outsourcing
8.5 Product & Service Provision   8.2 Emergency Preparedness
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    


Monitoring, measurement, analysis and evaluation

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
9.1 Monitoring & Measurement 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.2 Internal Audit 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.3 Management Review 9.2 Internal Audit 9.2 Internal Audit
  9.3 Management Review 9.3 Management Review



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.