On 6 December 2021, Cm3 released an exciting new development to benefit contractors who hold external certifications for Occupational Health and Safety, or a national self-insurer licence. This marked the transition to the practice of maintaining a separate category of assessment for businesses that have significantly invested in their safety compliance.

Cm3 is progressing from the concept of separate Risk Reviews for each item selected in a contractor’s Business Risk Profile, and moving to a systems-based assessment approach. With this, Cm3 recognises both the effort invested in building a certified system, and the findings of the accredited External Auditor.

Where businesses were previously required to complete a Risk Review for each selection of risk or work type and the “General” assessment of safety system structure, this has been replaced by a dedicated Externally Certified Risk Review.


This new Risk Review examines the following:
  • A valid Audit certificate issued by an External Auditor accredited by an IAF-MLA member body, eg. JAS-ANZ
  • A current audit report or audit executive summary from the certifying auditor
  • A national self-insurer licence
  • The WHS manual or manual index
  • Samples of any relevant WHS plans
  • Sample of risk management actions such as implementation of relevant risk assessments or procedures
  • Training and competency records
  • Sample maintenance records or maintenance procedures for owned plant and equipment


Limited specialised Risk Reviews will be generated if they are selected by the contractor, these are:
  • Subcontractors
  • Principal Contractor
  • Heavy Vehicle Transport
  • Environmental Aspects & Impacts
  • Environmental Management System Certification
  • High Voltage work
  • Storage, Handling, Use or Initiation of Explosives
  • Work with Class 3B or 4 Lasers
  • Work with Optical Fibre Cabling
  • Managing Client Owned Warehouse Operations
  • OHS Conviction
  • Quality System Certification
  • Licences and Authorisations


Only Certifications issued by a certifying auditor that is accredited by an IAF-MLA member body will be accepted into this category. Businesses that have a certificate issued by a non-accredited external auditor showing AS480145001, or 18001 can still participate in Cm3 through the regular Risk Review process.

To learn more, contact Cm3 today.