The hierarchy of controls is one of the most practical frameworks in occupational health and safety management. If you work with ISO 45001, conduct internal audits, or manage safety in any Australian workplace, you need to understand not just what the hierarchy is, but how it works in practice. This article walks through each level of the hierarchy with real workplace examples, explains how ISO 45001 requires you to apply it, and gives you the tools to assess whether your organisation is genuinely working through the hierarchy or just defaulting to PPE because it is easier.
On this page
What Is the Hierarchy of Controls?
The hierarchy of controls is a structured approach to managing workplace hazards. It ranks control measures from most effective to least effective, with the goal of eliminating or reducing the risk of harm to workers. The idea is straightforward: the higher up the hierarchy you go, the more reliably the control removes or reduces the hazard, regardless of human behaviour.
The five levels, from top to bottom, are:
- Elimination
- Substitution
- Engineering controls
- Administrative controls
- Personal protective equipment (PPE)
This is not a pick and choose list. The expectation under ISO 45001, and under Australian WHS legislation, is that organisations work through the hierarchy systematically. You start at elimination and move down only when higher controls are not reasonably practicable. PPE is not a starting point. It is a last resort, or a supplement to other controls.
Where the Hierarchy Sits in ISO 45001
ISO 45001 addresses the hierarchy of controls in Clause 8.1.2. The standard requires organisations to establish, implement, and maintain a process for eliminating hazards and reducing OH&S risks using the hierarchy. It is not optional. It is a shall requirement.
The standard also expects that the hierarchy is applied during the hazard identification and risk assessment process covered under Clause 6.1.2. So by the time you are selecting controls, you should already have a clear picture of the hazard, its likelihood, and its potential consequences. The hierarchy then guides what you do about it.
When auditing against ISO 45001, one of the key questions is whether the organisation has genuinely worked through the hierarchy or simply reached for PPE and administrative procedures as the default. This is one of the most common gaps found during both internal and external audits.
For a deeper look at how auditors assess this, see our article on auditing the hierarchy of controls under ISO 45001.
Level 1: Elimination
Elimination means physically removing the hazard from the workplace altogether. It is the most effective control because if the hazard does not exist, it cannot cause harm. No behaviour, no lapse in concentration, and no equipment failure can create a risk from something that is simply not there.
Workplace Examples of Elimination
- A construction company stops using a particular chemical solvent entirely by redesigning the process so the solvent is not needed. The hazard is gone.
- A warehouse removes a manual handling task by purchasing pre-cut materials that arrive ready to use, eliminating the need for workers to cut stock on site.
- A manufacturing plant decommissions an old machine that requires workers to reach into a pinch point zone during operation. The task is automated and the old machine is scrapped.
- An office-based organisation eliminates the need for staff to travel to a high-risk location by conducting meetings remotely instead.
Elimination is not always possible. Some hazards are inherent to the work itself. You cannot eliminate the hazard of working at height if the job requires work at height. But the question should always be asked first: can we remove this hazard entirely? If the answer is no, you move to the next level.
Level 2: Substitution
Substitution means replacing something hazardous with something less hazardous. The hazard still exists in some form, but its potential to cause harm is reduced. Substitution is most commonly applied to materials, chemicals, and equipment.
Workplace Examples of Substitution
- A painting contractor replaces a solvent-based paint with a water-based alternative that has a lower toxicity profile. The task still involves paint, but the chemical risk is significantly reduced.
- A mining services company replaces a manual jackhammer with a remote-controlled hydraulic breaker, reducing vibration exposure and removing the operator from the immediate hazard zone.
- A cleaning company substitutes a highly caustic floor cleaner with a less corrosive product that achieves the same cleaning outcome.
- A fabrication workshop replaces heavy steel components with lighter aluminium equivalents where structural requirements allow, reducing manual handling risk.
Substitution requires careful assessment. The replacement must genuinely be less hazardous. There are documented cases where organisations substituted one chemical for another without properly assessing the new product, only to find it introduced a different hazard. The substitution control only works if the replacement is actually safer.
Level 3: Engineering Controls
Engineering controls are physical changes to the workplace, equipment, or process that reduce or eliminate exposure to a hazard. They do not rely on workers remembering to do something. The control is built into the environment or the equipment itself.
This is where a significant amount of practical safety investment happens. Engineering controls tend to be more reliable than administrative controls or PPE because they are not dependent on human behaviour in the moment of risk.
Workplace Examples of Engineering Controls
- A machine guard fitted to a press prevents workers from accessing the danger zone while the machine is in operation. The guard is the control, not the instruction not to reach in.
- A local exhaust ventilation system installed above a welding bay captures fumes at the source before they enter the worker's breathing zone.
- Interlocking devices on electrical switchboards that prevent access to live components unless power has been isolated.
- A traffic management system on a construction site that uses physical barriers and one-way routes to separate pedestrians from plant and vehicles.
- Anti-fatigue matting and ergonomic workstation design that reduces the physical strain of standing tasks in a production environment.
- Noise enclosures around loud machinery that reduce the decibel level in the surrounding work area.
Engineering controls often require upfront investment, which is why organisations sometimes skip past them to administrative controls or PPE. This is a risk management decision that should be documented and justified, not simply assumed.
Level 4: Administrative Controls
Administrative controls change the way work is done. They include procedures, training, job rotation, permits to work, supervision, and scheduling. These controls rely on people following the system consistently. That makes them less reliable than the controls above them, because human behaviour is variable.
Administrative controls are not ineffective. They are essential. But they work best when they sit on top of engineering controls, not instead of them.
Workplace Examples of Administrative Controls
- A safe work method statement (SWMS) for working at height that specifies the sequence of tasks, the equipment to be used, and the checks to be completed before work begins.
- A permit to work system for confined space entry that requires sign-off from a competent person, atmospheric testing, and a rescue plan before anyone enters.
- Job rotation schedules that limit the amount of time any individual worker spends on a repetitive task, reducing cumulative strain injury risk.
- Induction training for new workers that covers the specific hazards of their work area and the controls in place.
- Scheduled maintenance programmes that ensure equipment is inspected and serviced before faults develop into hazards.
- Exclusion zones and signage that direct workers away from areas where overhead work is taking place.
The key weakness of administrative controls is that they can degrade over time. Procedures get ignored, training becomes outdated, supervision lapses. Auditors checking administrative controls should look for evidence that the controls are being followed in practice, not just documented on paper. Observation on the floor is essential.
Level 5: Personal Protective Equipment
PPE is the last line of defence. It does not remove or reduce the hazard. It simply creates a barrier between the worker and the hazard. If the PPE fails, or if the worker does not wear it correctly, there is no other protection in place.
PPE is necessary in many workplaces and for many tasks. But it should always be used in conjunction with higher-level controls where those controls are reasonably practicable, not as a substitute for them.
Workplace Examples of PPE
- Hard hats on a construction site where falling objects remain a residual risk despite engineering and administrative controls.
- Hearing protection in a workshop where noise levels remain above acceptable limits after engineering controls have been applied.
- Respirators for workers handling hazardous substances where ventilation controls reduce but do not eliminate airborne exposure.
- High-visibility vests for workers in areas where vehicle and pedestrian interaction cannot be fully separated by engineering means.
- Cut-resistant gloves for workers handling sharp materials where guarding is not practicable for the specific task.
PPE programmes require ongoing management. The equipment must be appropriate for the hazard, correctly fitted, properly maintained, and actually worn. Auditors frequently find that PPE is specified in procedures but not consistently used on the floor, or that the PPE provided is not suitable for the actual risk.
Combining Controls: The Concept of Multiple Layers
In practice, most hazards are managed using a combination of controls from different levels of the hierarchy. This is sometimes called a Swiss cheese model approach, where multiple layers of protection are stacked so that the gaps in one layer are covered by the next.
Consider a chemical handling task in a laboratory. The organisation might:
- Substitute the most hazardous chemical with a less hazardous alternative (substitution)
- Install a fume cupboard that captures vapours at the source (engineering control)
- Develop a standard operating procedure for handling the chemical safely (administrative control)
- Require workers to wear appropriate gloves and eye protection (PPE)
No single control is relied upon exclusively. If one layer fails, others remain. This layered approach is what robust risk management looks like in practice.
Common Failures Auditors Find
When auditing the application of the hierarchy of controls, there are several recurring problems worth knowing about.
Defaulting Straight to PPE
This is the most common failure. An organisation identifies a hazard, writes a procedure, and issues PPE without ever asking whether an engineering control or substitution was possible. The risk register shows PPE as the primary control for hazards that could have been addressed higher up the hierarchy. This is a nonconformity against Clause 8.1.2 of ISO 45001.
Controls That Exist on Paper Only
Administrative controls are documented but not followed. The SWMS exists but workers on the floor are not aware of it, or they are following a different practice entirely. Observation during an audit will reveal this quickly.
No Evidence of Hierarchy Thinking in the Risk Assessment
The risk assessment identifies hazards and lists controls, but there is no evidence that the organisation worked through the hierarchy to arrive at those controls. The selection of controls appears arbitrary. A well-structured risk assessment should show that higher-level controls were considered and either implemented or ruled out with a documented reason.
PPE That Does Not Match the Hazard
The wrong type of PPE is specified, or it is not rated for the level of risk. This is a competence and procurement issue, but it shows up in audits regularly.
For more on how ISO 45001 handles hazard identification upstream of control selection, the article on understanding the ISO 45001 hazard identification audit trail is worth reading alongside this one.
Applying the Hierarchy in High-Risk Industries
The hierarchy of controls is relevant across all industries, but its application looks different depending on the work environment.
Construction
Working at height is a persistent hazard in construction. The hierarchy asks: can we eliminate the need to work at height? Sometimes yes, through prefabrication at ground level. Where that is not possible, can we substitute the method? Perhaps a scissor lift instead of a ladder. Engineering controls might include edge protection, scaffolding, and anchor points. Administrative controls include SWMS, supervision, and competency checks. PPE includes harnesses and hard hats as the final layer.
Manufacturing
Machine guarding is a classic engineering control in manufacturing. The guard eliminates access to the danger zone. Interlocks prevent the machine from operating unless the guard is in place. Where residual risks remain, administrative controls and PPE supplement the engineering solution.
Healthcare
Needle stick injuries in healthcare settings are addressed through a combination of substitution (retractable needles), engineering controls (sharps containers at point of use), administrative controls (safe handling procedures and training), and PPE (gloves). No single control is sufficient on its own.
Warehousing and Logistics
Forklift and pedestrian interaction is a significant hazard. Engineering controls include physical barriers, designated pedestrian walkways, and proximity warning systems. Administrative controls include traffic management plans and induction. PPE includes high-visibility clothing. Elimination would mean removing pedestrians from the forklift operating area entirely, which is the gold standard where the layout allows it.
What Good Looks Like in an ISO 45001 Audit
When you are auditing a workplace against ISO 45001 and you want to assess how well the hierarchy of controls has been applied, look for the following:
- Evidence in the hazard identification and risk assessment records that higher-level controls were considered before lower-level ones were selected
- Documented rationale where engineering or substitution controls were ruled out as not reasonably practicable
- Controls that are implemented in practice, not just described in documents
- Monitoring and review mechanisms to check that controls remain effective over time
- Worker involvement in the development and review of control measures
- PPE that is appropriate, maintained, and actually used
The hierarchy of controls is not just a compliance requirement. It is a thinking tool. Organisations that use it well tend to have fewer incidents, more engaged workers, and more defensible safety decisions. Those that treat it as a box-ticking exercise tend to have the same incidents repeatedly and struggle to explain why during an investigation.
If you are building or auditing an OH&S management system and want to develop a solid grounding in how ISO 45001 works in practice, the ISO 45001 internal auditor and lead auditor courses at Audit Workshop are designed by practitioners who have conducted hundreds of real-world safety audits. You will learn how to apply standards like the hierarchy of controls to actual workplace situations, not just pass an exam.
