Why Clause 4.1 Matters More Than Most People Think
Clause 4.1 of ISO 45001 sits at the very front of the standard, and that placement is deliberate. Before you can design a meaningful occupational health and safety management system, you need to understand the environment in which it will operate. That is exactly what Clause 4.1 demands.
On this page
The clause is short. It reads simply that the organisation shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its OH&S management system. But that brevity is deceptive. Done properly, this analysis shapes your hazard identification, your risk assessment, your objectives, and your management review. Done poorly, it becomes a one-page document that nobody reads and that adds no value to the system.
In this article we will work through what the clause actually requires, how to approach it in practice, what auditors look for, and the common mistakes that lead to nonconformities. Whether you are implementing ISO 45001 for the first time, maintaining an existing system, or auditing one, this is a clause worth understanding thoroughly.
What Clause 4.1 Actually Requires
The clause requires the organisation to determine external and internal issues relevant to its purpose and that affect its ability to achieve the intended outcomes of the OH&S management system. That is the full normative requirement. There is no prescribed list of issues, no required format, and no mandatory review frequency stated in this clause specifically.
But the standard does not leave you entirely without guidance. The notes attached to Clause 4.1 indicate that issues can include positive and negative factors or conditions, and that consideration of the international, national, regional, or local legal, technological, competitive, market, cultural, social, and economic environment is relevant to external context. For internal context, the notes point to factors such as values, culture, knowledge, and the performance of the organisation.
The intended outcomes of the OH&S management system are defined in the introduction to ISO 45001. They include preventing work-related injury and ill health to workers, providing safe and healthy workplaces, and continually improving OH&S performance. Your context analysis must be relevant to achieving those specific outcomes, not just a generic environmental scan.
External Issues: What to Consider
External issues are the factors outside your organisation that influence how you manage occupational health and safety. Think about what is happening in the world around you that could affect your workers or your ability to keep them safe.
Legal and Regulatory Environment
In Australia, the Work Health and Safety Act and its associated regulations form the primary legal framework. The WHS Act is harmonised across most jurisdictions, but Queensland, Victoria, and Western Australia have their own legislation with meaningful differences. If you operate across multiple states, that variation is an external issue. Regulatory changes, new codes of practice, and Safe Work Australia guidance materials all fall into this category.
An organisation operating in the mining sector will face different regulatory expectations than one in aged care. The specific legal and regulatory context for your industry is not a background consideration. It is a live external issue that shapes what your OH&S system must do.
Industry and Sector Factors
What are the known hazards in your industry? What incidents have occurred across the sector recently? Industry associations, regulators, and Safe Work Australia publish incident data and guidance that reflects the external landscape for your type of work. A construction company should be aware of falls from height as a sector-wide concern. A healthcare provider needs to consider occupational violence as a recognised external issue.
Technology and Innovation
New equipment, new chemicals, new working methods, and new digital tools all introduce changes to the hazard profile of a workplace. If your industry is adopting autonomous plant or new chemical formulations, those developments belong in your external context. They affect the hazards your workers face and therefore affect your ability to achieve the intended outcomes of the system.
Social and Economic Conditions
Labour market conditions affect workforce composition. High turnover, reliance on labour hire, seasonal workforce peaks, and the use of contractors all create external pressures on safety management. Economic downturns can create pressure to cut corners. These are real external issues that experienced auditors will probe.
Climate and Environmental Conditions
Extreme heat, flooding, bushfire risk, and other environmental factors are increasingly relevant external issues for Australian organisations. If your workers operate outdoors or in remote locations, climate conditions are not peripheral. They are central to understanding the context in which your OH&S system must operate.
Internal Issues: What to Consider
Internal issues are the factors within the organisation that affect its ability to manage OH&S effectively. These are often more directly controllable than external issues, but they can be harder to acknowledge honestly.
Organisational Structure and Culture
How decisions are made, how authority flows, and how safety is prioritised in practice are all internal issues. An organisation with a strong safety culture and visible leadership commitment operates in a different internal context than one where safety is seen as a compliance burden. The actual culture, not the stated values, is what matters here.
Workforce Characteristics
The composition of your workforce is an internal issue. Consider the proportion of new workers, the age profile, language and literacy levels, the use of contractors and labour hire, and the presence of workers with particular vulnerabilities. A workforce with high turnover and many new starters faces different risks than a stable, experienced team doing familiar work.
Physical Infrastructure and Technology
The age and condition of plant and equipment, the layout of the workplace, the adequacy of control measures, and the reliability of safety systems are all internal issues. If your infrastructure is ageing or your maintenance backlog is growing, that is relevant context for the OH&S system.
Past Performance and Incident History
Your organisation's own history of incidents, near misses, and injuries is one of the most important sources of internal context. What hazards have caused harm in the past? What control failures have occurred? This information should directly inform the issues identified under Clause 4.1.
Management System Maturity
How long has the OH&S management system been in place? How capable is the team responsible for running it? Is there genuine competence in hazard identification and risk assessment, or are there gaps? The maturity and capability of the system itself is an internal issue that affects its ability to deliver the intended outcomes.
The Link Between Clause 4.1 and the Rest of the Standard
One of the things that distinguishes ISO 45001 from older safety management frameworks is the way Clause 4.1 connects to the rest of the system. The context analysis is not a standalone exercise. It feeds directly into several other clauses.
Clause 6.1.1 requires the organisation to consider the context (including the issues identified in Clause 4.1) when determining the risks and opportunities that need to be addressed. If your context analysis identifies that you operate in a high-risk industry with a young and inexperienced workforce, that should drive a more thorough approach to hazard identification and risk assessment under Clause 6.1.2.
The scope of the OH&S management system under Clause 4.3 must take into account the internal and external issues determined under Clause 4.1. If your context analysis identifies that you operate across multiple sites with different hazard profiles, the scope needs to reflect that.
Management review under Clause 9.3 must consider changes in external and internal issues that are relevant to the OH&S management system. This means the context analysis needs to be a living document, reviewed and updated as conditions change, not a one-time exercise done at implementation and then forgotten.
How to Document Your Context Analysis
ISO 45001 does not require a specific format for the context analysis. There is no requirement to maintain documented information specifically for Clause 4.1, although many organisations choose to do so for practical reasons. A documented analysis makes it easier to demonstrate the link between context and system design, and it provides a baseline for future reviews.
Common approaches include a structured issues register, a PESTLE analysis adapted for OH&S, a SWOT analysis framed around safety management capability, or a simple table listing internal and external issues with their relevance to the intended outcomes. The format matters less than the substance.
Whatever format you use, the analysis should be specific to your organisation and your industry. Generic statements like the organisation operates in a regulated environment or the workforce is diverse are not sufficient. Auditors will push you to be specific. What regulations? What aspects of workforce diversity create what kinds of risk?
What Auditors Look for in Clause 4.1
When auditing Clause 4.1, an experienced auditor is not just checking that a document exists. They are testing whether the context analysis is genuine, specific, and connected to the rest of the system. Here are the questions a competent auditor will be asking.
Is the Analysis Specific to This Organisation?
A context analysis that could apply to any organisation in any industry is a red flag. The issues identified should reflect the specific hazards, legal environment, workforce characteristics, and operational realities of this particular organisation. If the document looks like it was copied from a template without meaningful adaptation, that is worth probing.
Does It Cover Both External and Internal Issues?
Some organisations focus heavily on external issues and give little attention to internal ones. Others do the reverse. Both perspectives are required. An analysis that only lists regulatory requirements without examining internal factors like culture, workforce composition, or infrastructure is incomplete.
Is It Connected to Planning?
The most important question is whether the context analysis has actually influenced the design of the OH&S system. Can you trace a line from the issues identified in Clause 4.1 to the risks and opportunities addressed in Clause 6.1.1? If the context analysis identifies that the organisation uses significant numbers of contractors, does the system have robust controls for contractor management? If not, the analysis may be a paper exercise rather than a genuine input to the system.
Has It Been Reviewed?
Context changes. Regulations change. The workforce changes. The business changes. An analysis that was prepared at implementation five years ago and has not been touched since is unlikely to reflect current reality. Auditors will ask when it was last reviewed and what triggered that review.
Common Nonconformities Against Clause 4.1
Having conducted and reviewed hundreds of ISO 45001 audits, the same patterns of nonconformity appear repeatedly against this clause.
The most common is a context analysis that is too generic. The organisation has identified issues at such a high level that they provide no useful input to the system. This is often a symptom of treating Clause 4.1 as a compliance checkbox rather than a genuine planning tool.
Another frequent finding is a context analysis that has never been updated. The organisation was certified three years ago and the context document still reflects the original implementation. Staff have changed, the business has grown into new markets, new regulations have come into force, and none of that is reflected in the analysis.
A third common finding is the absence of any visible connection between the context analysis and the rest of the system. The issues identified in Clause 4.1 do not appear to have influenced the scope, the risk assessment, the objectives, or the management review. The document exists, but it is not doing any work.
For a deeper look at how these issues manifest across the full clause 4 of the standard, the article on common nonconformities against Clause 4 of ISO 45001 covers the full picture in detail.
Clause 4.1 in the Context of an Integrated Management System
Many Australian organisations implement ISO 45001 alongside ISO 9001 and ISO 14001 as part of an integrated management system. All three standards share the same High Level Structure, and Clause 4.1 appears in identical terms across all three. This creates both an opportunity and a risk.
The opportunity is to conduct a single context analysis that serves all three systems, reducing duplication and ensuring consistency. The risk is that the analysis becomes so broad that it loses specificity for any one standard. An integrated context analysis needs to be specific about which issues are relevant to quality outcomes, which are relevant to environmental outcomes, and which are relevant to OH&S outcomes.
If you are managing an integrated system, the issues relevant to ISO 45001 specifically should include the factors that affect worker safety and health. Environmental issues that do not affect workers are relevant to ISO 14001 but not necessarily to ISO 45001. Quality issues that do not create safety risks are relevant to ISO 9001 but not to ISO 45001. The integration needs to be thoughtful, not just a matter of combining three documents into one.
Practical Steps for Getting Clause 4.1 Right
If you are implementing or reviewing your context analysis, here is a practical approach that works in real organisations.
Start by gathering input from people who actually understand the operational context. Safety officers, supervisors, workers, and managers all have different perspectives on the issues that affect safety in your organisation. A context analysis developed solely by the quality or safety manager behind a desk will miss important ground-level realities.
Use a structured prompt list to ensure you have considered all relevant categories. External issues should cover at minimum the regulatory environment, industry hazard profile, supply chain and contractor factors, technology developments, and environmental and climatic conditions. Internal issues should cover workforce characteristics, organisational culture, infrastructure and equipment, past performance, and management system capability.
For each issue identified, ask explicitly how it affects the organisation's ability to achieve the intended outcomes of the OH&S management system. If you cannot answer that question, the issue may not be relevant, or you may not have thought through the connection carefully enough.
Review the analysis at least annually, and whenever there is a significant change to the organisation or its operating environment. Tie the review to the management review cycle so it is a genuine input to strategic planning rather than a separate administrative task.
If you want to understand how an auditor will approach this clause in practice, the article on how to audit organisational context under ISO 45001 Clause 4.1 walks through the audit approach in detail.
The Relationship Between Clause 4.1 and Worker Participation
ISO 45001 places strong emphasis on worker participation and consultation, particularly under Clause 5.4. The context analysis under Clause 4.1 is one area where worker input is genuinely valuable. Workers often have the clearest view of the internal issues that affect safety. They know which equipment is unreliable, which procedures are routinely bypassed, and where the real hazards are.
Involving workers in the context analysis also supports the broader intent of ISO 45001 to treat workers as active participants in the OH&S system rather than passive recipients of safety rules. This does not require a formal consultation process for every review, but it does mean that the people doing the work should have a voice in identifying the issues that affect their safety.
Connecting Context to Objectives and Continual Improvement
The ultimate test of a good context analysis is whether it drives improvement. If the issues identified in Clause 4.1 are genuinely informing your OH&S objectives under Clause 6.2, your hazard identification under Clause 6.1.2, and your management review under Clause 9.3, then the analysis is doing its job.
Consider an organisation that identifies through its context analysis that it is operating in a period of rapid workforce growth with many new and inexperienced workers. That issue should drive objectives around induction effectiveness, supervision ratios, and competency assessment. It should increase the emphasis on hazard identification for routine tasks that experienced workers take for granted but that new workers may approach incorrectly. It should appear as a standing agenda item in management review until the risk is adequately controlled.
That is what Clause 4.1 is designed to achieve. Not a document, but a genuine understanding of context that shapes every part of how the organisation manages safety.
For those who want to build a solid foundation in auditing ISO 45001 from Clause 4 through to Clause 10, the auditing occupational health and safety under ISO 45001 article provides a comprehensive overview of what auditors examine across the full standard.
Building Your Auditing Skills Around Clause 4.1
For auditors, Clause 4.1 is one of the most revealing clauses in the standard. An organisation that has done this work properly will have a context analysis that is specific, current, and visibly connected to the rest of the system. An organisation that has treated it as a paperwork exercise will have a generic document that sits in a folder and has no influence on anything.
Learning to distinguish between these two situations, and to ask the right questions to surface the difference, is a core auditing skill. It requires an understanding of how the clause connects to the rest of the standard, and the confidence to probe beyond the document itself to test whether the analysis has actually shaped the system.
If you are looking to develop practical auditing skills for ISO 45001, Audit Workshop offers ISO 45001 Internal Auditor and Lead Auditor training delivered by Dilawar Laghari, a certified lead auditor with over 14 years of compliance experience and more than 500 external certification audits. The training is built around real audit scenarios, not just theory, and covers how to audit clauses like 4.1 in a way that adds genuine value. You can explore the available courses at auditworkshop.com.








