Do I need to complete Foundation training before starting the Internal Auditor course?

Not necessarily. Foundation training is useful if you have no prior exposure to ISO management systems, but it is not a formal prerequisite for Internal Auditor training at most providers. If you already work in WHS and understand how a safety management system operates, you can generally go straight to Internal Auditor level. Check the course prerequisites with your chosen provider before enrolling.

Can I conduct external certification audits after completing the Internal Auditor course?

No. The Internal Auditor course qualifies you to conduct internal audits within your own organisation. External certification audits are conducted by third-party certification bodies, and the auditors who conduct them hold Lead Auditor credentials along with verified audit experience logged through a personnel certification scheme such as Exemplar Global or IRCA. If external auditing is your goal, Lead Auditor training is the level you need.

How long does it take to complete ISO 45001 Lead Auditor training?

A live Lead Auditor course typically runs for five days. Self-paced online versions allow you to work through the content over a longer period, often two to four weeks, with a scheduled assessment at the end. The total time commitment is similar regardless of format, but self-paced delivery gives you more flexibility around your existing work commitments.

Is ISO 45001 auditor training recognised in Australia?

Yes, particularly when the course is delivered by an Exemplar Global recognised training provider. Exemplar Global is the primary personnel certification scheme for ISO auditors in Australia, and their recognition is well understood by certification bodies, employers, and procurement teams. IRCA recognition is also valued, particularly for organisations with international operations or clients.

Do I need ISO 45001 specific training if I already hold ISO 9001 Lead Auditor credentials?

Your existing Lead Auditor training gives you transferable auditing skills, but ISO 45001 has technical requirements that are specific to occupational health and safety. Hazard identification, the hierarchy of controls, worker participation, and compliance evaluation all require standard-specific knowledge. Most personnel certification schemes require you to demonstrate competence in each standard you audit against, which typically means completing standard-specific training or demonstrating equivalent knowledge through experience and continuing professional development.

What is the difference between an ISO 45001 auditor and a WHS inspector?

A WHS inspector is a government regulator with statutory powers to enter workplaces, issue improvement notices, and enforce WHS legislation. An ISO 45001 auditor assesses whether an organisation's management system conforms to the requirements of the standard. The two roles are distinct. ISO 45001 auditing is not a regulatory function, and conformity with ISO 45001 does not guarantee compliance with WHS legislation, though a well-implemented system should support both.

ISO 45001 Auditor Training Levels Explained

Why ISO 45001 Auditor Training Has Three Distinct Levels

If you are looking into ISO 45001 auditor training for the first time, the range of course titles can be genuinely confusing. Foundation, Internal Auditor, Lead Auditor. Some providers also throw in terms like Practitioner or Implementer. It is not always obvious what each level actually prepares you to do, or which one makes sense for where you are in your career right now.

On this page

ISO 45001 is the international standard for occupational health and safety management systems. It replaced OHSAS 18001 and, in Australia, largely superseded AS/NZS 4801. The standard is used by organisations across construction, mining, manufacturing, healthcare, logistics, and almost every other sector where workplace safety is a serious concern. That breadth means the people who need to understand it come from very different starting points, and the training system reflects that.

This article walks through each level of ISO 45001 auditor training, what you actually learn, who each level is designed for, and how the levels connect into a career path. If you are deciding where to start, or whether to step up from internal auditor to lead auditor, this should give you a clear picture.

The Three Levels of ISO 45001 Auditor Training

Most recognised training providers structure ISO 45001 auditor training across three levels. Each builds on the one before it, and each has a different purpose in terms of what you are qualified to do once you complete it.

Level 1: Foundation

The Foundation course is an introduction to ISO 45001 as a standard. It is not an auditor training course in the strict sense. You will not come out of a Foundation course ready to plan or conduct an audit. What you will come out with is a solid understanding of what ISO 45001 requires, how the standard is structured, and what an occupational health and safety management system is supposed to achieve.

Foundation training typically runs for one day, either in a live virtual session or as a self-paced online module. The content covers the context of the organisation, leadership and worker participation, hazard identification and risk assessment, operational controls, performance evaluation, and the improvement cycle. You will also learn how ISO 45001 connects to the High Level Structure shared by other ISO management system standards, which matters if your organisation runs an integrated system.

Who is Foundation training for? It suits people who need to understand ISO 45001 without being responsible for auditing it. That includes managers who oversee a certified safety system, WHS coordinators who support the system without running audits, and staff who sit in on audits as guides or observers. It also works well as preparation before stepping into Internal Auditor training, particularly if you have no prior exposure to ISO standards.

One practical point: some Internal Auditor courses include Foundation content as part of their curriculum. If that is the case with the course you are considering, you may not need to complete Foundation separately. Check the course outline before enrolling in both.

Level 2: Internal Auditor

The Internal Auditor course is where you learn to actually conduct audits. This is the level that qualifies you to plan and carry out internal audits of an ISO 45001 occupational health and safety management system within your own organisation.

A good Internal Auditor course covers the full audit process: planning an audit against defined criteria, preparing an audit checklist, conducting opening and closing meetings, interviewing auditees, gathering and evaluating evidence, classifying findings as nonconformities or observations, and writing an audit report that is clear and actionable. You will also cover auditor competence requirements under ISO 19011, which is the standard that guides how audits should be conducted regardless of which management system standard you are auditing against.

For ISO 45001 specifically, the Internal Auditor course should give you practical grounding in auditing the parts of the standard that are most technically demanding. That means hazard identification and risk assessment processes under Clause 6.1.2, operational controls and the hierarchy of controls under Clause 8.1.2, worker participation and consultation under Clause 5.4, and performance monitoring and compliance evaluation under Clause 9.1. These are the areas where auditors most commonly find nonconformities, and they require more than a surface reading of the standard to audit well.

Internal Auditor training typically runs for two to three days. Recognised courses through schemes like Exemplar Global include an assessment component, which may be a written exam, a practical exercise, or both. Successful completion gives you a certificate that demonstrates you have been assessed against a recognised competency standard, not just attended a training session.

Who is Internal Auditor training for? It is the right level for WHS managers and coordinators who are responsible for running internal audits as part of their organisation's ISO 45001 system. It also suits quality and environmental managers who are expanding their audit scope to include safety, HSE advisors who want formal auditing credentials, and anyone whose job description includes maintaining or verifying the effectiveness of a safety management system.

If you want a more detailed comparison of Foundation and Internal Auditor training to work out which level to start with, this article on choosing your starting level covers the decision in depth.

Level 3: Lead Auditor

The Lead Auditor course is the most comprehensive level of ISO 45001 auditor training. It prepares you to plan, lead, and manage complete audit programmes, including certification audits conducted by third-party certification bodies. It is also the qualification required if you want to work as an external auditor, whether for a certification body, as a contract auditor, or as a consultant conducting second-party supplier audits on behalf of clients.

The scope of a Lead Auditor course goes well beyond what is covered at Internal Auditor level. You will learn how to manage an audit team, allocate audit responsibilities across team members, handle situations where findings are disputed, make overall audit conclusions, and communicate results to senior stakeholders. The course also covers audit programme management, which means planning and overseeing a series of audits across time rather than conducting a single audit event.

For ISO 45001, a Lead Auditor course needs to develop your technical depth across the entire standard. That includes the more complex clauses that internal auditors sometimes skim over: the requirements for worker consultation that go beyond a suggestion box, the distinction between hazard identification and risk assessment, the legal and other requirements register and how to audit compliance evaluation, and the interaction between operational planning controls and the hierarchy of controls. You will also be expected to understand how ISO 45001 audits differ from ISO 9001 and ISO 14001 audits in terms of focus and evidence.

Lead Auditor courses are typically five days for live delivery, though some providers offer equivalent content in a self-paced format with a live assessment component. The assessment is more rigorous than at Internal Auditor level, usually involving a written exam and a practical audit simulation or role play exercise. Recognised courses through Exemplar Global or IRCA carry weight with certification bodies and employers because they signal that you have been assessed, not just trained.

Who is Lead Auditor training for? It suits experienced WHS professionals who want to move into external auditing, quality and HSE managers who want to lead audit programmes rather than just participate in them, consultants who conduct second-party audits for clients, and anyone building a career as a professional auditor. It is also the right level for people who already hold Internal Auditor credentials and are ready to take on greater audit responsibility.

For a candid look at whether the investment is justified, this honest assessment of the Lead Auditor course is worth reading before you commit.

Become a certified ISO auditor

Globally recognised auditor training — Foundation, Internal Auditor and Lead Auditor — self-paced online with a shareable certificate.

ISO 9001 ISO 14001 ISO 45001 ISO 27001 ISO 42001

Explore Courses

Recognised Training ProviderRTP No. 310970

How the Levels Connect: Building a Career Path

The three training levels are designed to build on each other, but they do not have to be completed in strict sequence in every case. Here is how most people move through them in practice.

Starting from scratch

If you have no prior experience with ISO standards or auditing, starting at Foundation level makes sense. It gives you the conceptual framework before you try to learn auditing technique. From there, Internal Auditor training builds the practical skills. Once you have completed some actual internal audits and built up your audit log, Lead Auditor training becomes a realistic next step.

Starting with existing WHS experience

If you already work in WHS and have a solid understanding of how safety management systems operate, you may be able to go straight to Internal Auditor training without completing Foundation first. Most Internal Auditor courses assume no prior auditing knowledge but do assume some familiarity with management systems. Your existing WHS experience fills that gap comfortably.

Moving from Internal to Lead Auditor

This is the most common progression for people building an auditing career. The key requirement is audit experience. Lead Auditor courses expect you to bring some practical auditing background to the training, because the course builds on that experience rather than starting from first principles. If you have been running internal audits for six to twelve months after completing your Internal Auditor course, you are in a good position to step up.

The ISO auditor career path from internal to lead auditor is covered in detail in a dedicated article if you want to map out the full progression.

What Makes ISO 45001 Auditing Different From Other ISO Audits

If you have already trained as an ISO 9001 or ISO 14001 auditor, you will find that ISO 45001 shares the same High Level Structure and many of the same audit techniques. But there are real differences in emphasis that matter when you are on the floor conducting an audit.

ISO 45001 places far greater weight on worker participation than either of the other two standards. Clause 5.4 requires genuine consultation and participation, not just communication. When you audit this clause, you need to go beyond checking whether a toolbox talk was held. You need to verify that workers have actually been involved in hazard identification, that their input has been considered, and that they understand their right to withdraw from unsafe work. This requires different interview techniques and a different mindset than auditing a quality or environmental system.

The hazard identification and risk assessment requirements under Clause 6.1.2 are also more operationally specific than the risk and opportunity planning clauses in ISO 9001 or ISO 14001. You are looking at physical workplaces, equipment, tasks, and human factors, not just organisational risks. Auditing this well requires you to spend time on the floor, observe work as it actually happens, and ask workers directly about the hazards they face. Document review alone will not tell you whether the hazard identification process is working.

The hierarchy of controls under Clause 8.1.2 is another area that distinguishes ISO 45001 audits. Auditing this clause means checking whether the organisation has genuinely worked through elimination, substitution, and engineering controls before defaulting to administrative controls and personal protective equipment. Many organisations get this wrong, and a good auditor will find the evidence that reveals it.

Choosing the Right Level for Your Situation

The honest answer is that the right level depends on what you need to do with the credential. Here is a straightforward way to think about it.

Foundation: You need to understand ISO 45001 but are not responsible for auditing it. You support the system, attend audits as a guide, or are preparing to step into Internal Auditor training.
Internal Auditor: You are responsible for conducting internal audits of your organisation's ISO 45001 system, or you want to be. This is the core credential for WHS managers and coordinators in certified organisations.
Lead Auditor: You want to lead audit teams, work as an external auditor, conduct second-party supplier audits, or build a professional auditing career. This is the credential that opens doors outside your own organisation.

One thing worth being clear about: completing a Lead Auditor course does not automatically make you a certified lead auditor in the personnel certification sense. Exemplar Global and IRCA both operate personnel certification schemes that require you to demonstrate audit experience in addition to completing the training. The course gives you the training credential. The experience gives you the full certification. If that distinction matters for your goals, it is worth understanding how the schemes work before you invest in the training.

Recognised Training Providers and What to Look For

Not all ISO 45001 auditor training is created equal. The key marker of quality is whether the course is recognised by a credible scheme. Exemplar Global is the most widely recognised scheme in Australia for ISO auditor training. Courses that are Exemplar Global recognised have been assessed against defined competency standards, which means the certificate you receive carries weight with employers and certification bodies.

Beyond recognition, look for courses that include practical exercises rather than just content delivery. Auditing is a skill, and skills require practice. A course that puts you through a real audit scenario, even a simulated one, will prepare you far better than one that only covers theory. Look also for trainers who have actual field experience conducting certification audits, not just people who know the standard academically.

At Audit Workshop, ISO 45001 auditor training is delivered at Foundation, Internal Auditor, and Lead Auditor levels. Courses are available both live and self-paced, and are built around real audit practice developed through hundreds of certification audits across Australia and internationally. If you are working out which level to start with, the course pages include detailed outlines of what each level covers and what you will be able to do once you complete it.