Planning action
Plain-language summary
Turning your identified risks, opportunities and obligations into concrete actions and building them into your processes.
What the clause is really asking
Identifying risks is pointless if nothing is done about them, so this clause forces the bridge from analysis to action. You plan actions to address your OH&S risks, opportunities and legal requirements, decide how to integrate them into your processes, and consider the hierarchy of controls and best practice. The intent is that risks get owners, deadlines and follow-through, not just a place on a register.
What auditors look for
Auditors take items from your risk register and trace them to planned actions with owners and timelines, then check the actions were done and were effective. They look for the hierarchy of controls being applied rather than defaulting to PPE. They check actions are built into normal operations, not run as a side project.
Typical evidence
Action plans linked to the risk register; assigned owners and due dates; evidence actions were completed and verified; integration into operational procedures; effectiveness checks.
How to comply — recommendations
For each significant risk and obligation, plan an action with an owner and a date, and record it. Apply the hierarchy of controls so you try to eliminate or engineer out the hazard before falling back on PPE. Fold the actions into your everyday processes so they stick. Check afterwards that the action actually reduced the risk rather than just ticking a box.
Common nonconformities
Risks on the register with no corresponding action; actions without owners or deadlines, left open indefinitely; PPE chosen by default instead of higher controls; no check that the action actually worked; actions run separately and never embedded into operations.
Related clauses
ISO 9001 6.1.2; ISO 14001 6.1.4
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of the relevant standard for the authoritative text.