isofy

← Blog

ISO 45001 for Facility Management Teams: Contractor Control, Permit to Work, and Audit Readiness

ISO 45001 8 min read 2026-04-06

Written by S.M

Reviewed by A. H

Why ISO 45001 Audits Go Deep on Contractor Control

Facility management companies depend heavily on subcontracted maintenance, specialist trades, short duration works, and client controlled premises. That means a large part of the safety risk sits in contractor interfaces, not only in direct employees.

ISO 45001 pushes those interfaces into the center of the system. Auditors want to see whether the business can control who comes on site, what work they are allowed to do, what permits are needed, and how unsafe work is stopped.

Permit to Work Is Not Just Client Paperwork

In many FM environments, permits are treated as documents issued by the client and collected by the contractor. That approach is weak. For ISO 45001, permit to work is also evidence that the company understands high risk work and verifies that the right conditions exist before work begins.

Typical permit controlled activities include:

What Auditors Usually Sample

OH&S topicEvidence they may request
Contractor onboardingCompetence checks, insurance, induction, approval records
High risk workPermit packs, RAMS, isolations, sign off
Site coordinationAccess controls, client communication, escalation rules
LearningIncident reports, permit breaches, corrective action follow up

The best evidence often comes from one live work example rather than ten policy documents.

A Better Control Model

1. Approve contractors by task category

Do not treat all suppliers the same. A reactive plumber, roofing team, electrical contractor, and cleaning supplier require different prequalification depth.

2. Define when permits are mandatory

Teams should not guess. Permit triggers need to be simple, visible, and easy to escalate when work scope changes.

3. Review work at the site interface

A strong OH&S system checks not only whether the contractor is competent, but whether the local site conditions make the task safe that day.

4. Feed permit failures into improvement

Late permits, missing isolations, unapproved scope changes, and weak closeout all belong in corrective action review.

Where FM Safety Systems Usually Break

Those issues matter because they point to systemic OH&S control, not one-off mistakes.

Related Reading

Conclusion

Facility management teams become far more audit ready when contractor control and permit to work are treated as core OH&S processes, not scattered site admin. A clear approval model, live permit discipline, and strong follow up make ISO 45001 far easier to defend. isofy can help teams review permits, inductions, incidents, and actions before the audit team samples complex contracts.