Management system guidance

9.1 Monitoring, Measurement, Analysis and Evaluation

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

9.1.1 Monitoring, measurement, analysis and evaluation - OH&S general

Safety performance monitoring is conducted through the collection of safety data and safety information from a variety of sources typically available to your organization. Data availability to support informed decision-making is one of the most important aspects of the OHSMS. Using this data for safety performance monitoring and measurement are essential activities that generate the information necessary for safety risk decision-making.

To verify the safety performance and validate the effectiveness of safety risk controls requires the use of a combination of internal audits and the establishment and monitoring of SPIs. Assessing the effectiveness of the safety risk controls is important as their application does not always achieve the results intended. This will help identify whether the right safety risk control was selected and may result in the application of a different safety risk control strategy.

Monitor and analyze reported accidents/incidents continuously for incident location, time or period, work process involved, type of hazard, direct and root causes, etc., to spot trends and identify root causes of groups of accidents/incidents. Based on the trend analysis, the need to review or reassess any safety measure should be evaluated, documented and acted upon accordingly.

For small organizations, the low volume of data may mean that it is more difficult to identify trends or changes in the safety performance. This may require meetings to raise and discuss safety issues with appropriate expertise. This may be more qualitative than quantitative but will help identify hazards and risks for the organization.

Collaborating with other organizations or industry associations can be helpful, since these may have data that the service provider does not have. For example, smaller service providers can exchange with similar organizations/operations to share safety risk information and identify safety performance trends. Organizations should adequately analyse and process their internal data even though it may be limited.

For businesses with many interactions and interfaces they will need to consider how they gather safety data and safety information from multiple organizations. This may result in large volumes of data being collected to be collated and analysed later. These organizations should utilize an appropriate method of managing such data. Consideration should also be given to the quality of the data collected and the use of taxonomies to help with the analysis of the data.

The organization has to determine what it needs to monitor and measure. This includes the determination of the criteria against which the health and safety performance will be evaluated including appropriate indicators.

Some examples on what to measure your organization’s progress on safety objectives, characteristics of operational activities, products and services related to significant health and safety hazards, and the status of legal and compliance requirements. Performance measurement is an essential part of the safety and health management system. Key purposes of performance measurement are to:

  • Determine whether safety and health policies and plans have been implemented and achieved;
  • Check that risk-control measures have been implemented and are effective;
  • Learn from safety and health management system failures, including hazardous events (accidents, near misses and ill-health cases);
  • Promote better implementation of plans and risk controls by providing feedback to all parties;
  • Provide information that can be used to review and, where necessary, improve aspects of a safety and health management system.

It is often necessary to use both active and reactive and monitoring data to determine whether objectives are achieved. An organisation’s performance management system should incorporate both active and reactive monitoring. Active monitoring should be used to check compliance with the organisation’s safety and health activities, for example to confirm that recently appointed staff have attended an induction course.

Reactive monitoring should be used to investigate, analyse, and record safety and health management system failures, including accidents, near misses, and ill-health cases.

Measurement techniques

The following are examples of methods that can be used to measure safety and health performance:

  • Systematic workplace inspections or safety tours using checklists;
  • Inspections of specific machinery and plant to check that safety-related parts are fitted and in good condition;
  • Safety sampling – examining specific aspects of safety and health;
  • Environmental sampling – measuring exposure to chemical, biological or physical agents (e.g. Noise, chemical fumes, dusts, x-rays) and comparing with recognised standards;
  • Behaviour sampling – assessing employees’ behaviour to identify unsafe work practices that might require correction;
  • Analysis of documentation and records;
  • Benchmarking against good safety and health practices in other organisations.


A system for inspecting workplace precautions is important in any active monitoring programme. It can form part of the arrangements for the preventive maintenance of plant and equipment, which may also be covered by legal requirements. Equipment in this category includes pressure vessels, lifts, cranes, chains, ropes, lifting tackle, scaffolds, trench supports, and local exhaust ventilation. But inspections should include other workplace precautions, such as those covering the use of premises, other places of work, and systems of work.

A suitable programme should take all risks into account but should be properly targeted. For example, low risks might be dealt with by general inspections every month or two, covering a wide range of workplace precautions such as the condition of premises, floors, passages, stairs, lighting, welfare facilities, and first aid. Higher risks need more frequent and detailed inspections, perhaps weekly or even, in extreme cases, daily, or before use.

An example of a pre-use check would be the operation of mobile plant. The inspection programme should satisfy any specific legal requirements and reflect risk priorities. Suitable schedules and performance standards for the frequency and content of inspection can help. The schedules can be supplemented with inspection forms or checklists, both to ensure consistency in approach and to provide records for follow-up action.

Inspections should be carried out by people who have the necessary skills and training to identify the relevant hazards and risks and who can assess the conditions found. A properly thought-out approach to inspection will include:

  • Well-designed inspection forms to help plan and initiate remedial action by requiring those doing the inspection to rank any deficiencies in order of importance;
  • Summary lists of remedial action with names and deadlines to track progress on implementing improvements;
  • Periodic analysis of inspection forms to identify common features or trends that might reveal underlying weaknesses in the system;
  • Information to aid judgements about any changes required in the frequency or nature of the inspection programme.

Two types of monitoring are required:

  • Active systems that monitor the design, development, installation, and operation of management arrangements, safety systems, and workplace precautions;
  • Reactive systems that monitor accidents, ill-health, incidents and other evidence of deficient safety and health performance.

Active monitoring

Every organisation should collect information to investigate the causes of substandard performance or conditions adequately. Documented procedures for carrying out these activities on a regular basis for key operations should be established and maintained. The monitoring system should include:

  • Identification of the appropriate data to be collected and accuracy of the results required;
  • Monitoring of the achievement of specific plans, setting performance criteria and objectives;
  • Installation of the requisite monitoring equipment and assessment of its accuracy and reliability;
  • Calibration and regular maintenance of this equipment together with documented records of both the procedures involved and the results obtained;
  • Analysis and records of the monitoring data collected, and documented actions to be taken when results breach performance criteria;
  • Evaluation of all the data as part of the safety and health management review;
  • Documented procedures for reviewing the monitoring and safety and health implications of forthcoming changes to work systems.

The following techniques, should be used for active measurement of the safety and health management system:

  • Systematic inspections of workplace processes or services to monitor specific objectives, e.g. Weekly, monthly, or quarterly reports;
  • Systematic review of the organisation’s risk assessments to determine whether they are functioning as intended, need to be updated and any necessary improvements are being implemented;
  • Plant or machinery inspections, e.g. Statutory plant inspections and certification;
  • Environmental sampling for dusts, chemical fumes, noise, or biological agents;
  • Analysis of safety and health management system records.

Active monitoring should be proportional to the hazard profile of the organisation and should concentrate on areas likely to produce the greatest benefit and lead to the greatest control of risk. Key risk control systems and related workplace precautions should therefore be monitored in more detail or more often (or both) than low-risk systems or management arrangements.

Reactive monitoring

A system of internal reporting of all accidents (which includes ill-health cases) and incidents of non-compliance with the safety and health management system should be set up so that the experience gained may be used to improve the management system. The organisation should encourage an open and positive approach to reporting and follow-up and should also put in place a system of ensuring that reporting requirements are met.

The organisation should establish procedures for investigating accidents and incidents to identify their causes, including possible deficiencies in the safety and health management system. Those responsible for investigating accidents, and incidents should be identified and the investigation should include plans for corrective action, which incorporate measures for:

  • Restoring compliance as quickly as possible;
  • Preventing recurrence;
  • Evaluating and mitigating any adverse safety and health effects;
  • Reviewing the risk assessments to which the accident relates;
  • Assessing the effects of the proposed remedial measures.

The organisation should implement and record any changes in documented procedures resulting from corrective action.
Demonstrate that there is a process in place. Monitoring, measurement, analysis and evaluation of OHS metrics must take into account business context, relevant third parties, policy risks, opportunities and objectives. Ensure that performance monitoring and measurement results are retained as documented information.

More information on PDCA



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities
    5.4 Consultation & Participation


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
6.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
7.1 Resources 7.1 Resources 7.1 Resources
7.2 Competence 7.2 Competence 7.2 Competence
7.3 Awareness 7.3 Awareness 7.3 Awareness
7.4 Communcation 7.4.1 Communcation - General 7.4.1 Communcation - General
7.5 Documented Information 7.4.2 Internal Communcation 7.4.2 Internal Communcation
  7.4.3 External Communcation 7.4.3 External Communcation
  7.5 Documented Information 7.5 Documented Information


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
8.1 Operational Planning & Control 8.1 Operational Planning & Control 8.1.1 General
8.2 Customer Requirements 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.3 Design & Development   8.1.3 Management of Change
8.4 Purchasing   8.1.4 Outsourcing
8.5 Product & Service Provision   8.2 Emergency Preparedness
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    


Monitoring, measurement, analysis and evaluation

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
9.1 Monitoring & Measurement 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.2 Internal Audit 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.3 Management Review 9.2 Internal Audit 9.2 Internal Audit
  9.3 Management Review 9.3 Management Review



ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.