ISO 39001: how to reduce road accident rates in your company

·

Every year, work-related traffic accidents cost Spanish companies millions of euros in sick leave, replacements and civil liability. According to data from the Directorate General of Traffic (DGT), commuting and on-duty accidents represent a significant proportion of total occupational accidents. ISO 39001Road Traffic Safety Management Systems — is the international standard that makes it possible to address that risk in a systematic, auditable and certifiable way. In this article we explain what it is, who it applies to, what it requires and how we guide companies on the road to certification.

What is the ISO 39001 standard?

ISO 39001:2012 (Road Traffic Safety Management Systems) is a standard published by the International Organization for Standardization (ISO) in October 2012. Its structure follows the High Level Structure (Annex SL) shared by ISO 9001, ISO 14001 and ISO 45001, which makes it easy to integrate with other management systems already in place. It defines the requirements for an organisation to establish, implement, maintain and improve a Road Traffic Safety Management System (RTSMS) aimed at eliminating or reducing deaths and serious injuries arising from the use of public roads by its employees, vehicles or activities.

The standard is not limited to company-owned vehicles. It covers all work-related journeys: sales visits, distribution routes, inter-site travel, travel to construction sites, use of private vehicles on company business (commuting on duty) and management of owned or subcontracted fleets. In other words, if your company generates traffic, it has responsibility for that traffic.

Who does ISO 39001 apply to?

The standard is voluntary in most contexts, but its implementation is especially relevant for:

In public tenders with social responsibility criteria and in contracts with large industrial groups, ISO 39001 certification is beginning to appear as a supplier approval requirement in sectors such as automotive, food or retail.

Structure and main requirements

The standard is structured around ten clauses following the High Level Structure. The most demanding blocks in practice are:

Context and interested parties

The organisation must identify the external and internal factors that affect its road risk exposure: types of routes, night shifts, average driver age, fleet condition, operating geographic areas. It must also map which interested parties (customers, insurers, traffic authorities, trade unions) have legitimate expectations regarding its road performance.

Leadership and road safety policy

Top management must approve and communicate a road safety policy with explicit commitments: internal maximum speed, prohibition of phone use while driving, preventive maintenance criteria, protocol for at-risk drivers. Management commitment is not optional: the standard requires it as auditable evidence.

Critical performance factors and objectives

Unlike other ISO standards, ISO 39001 incorporates the concept of Road Safety Performance Factors (RSPFs): speed, seat-belt use, following distance, driving under the influence of alcohol or drugs, mobile phone use. The organisation must measure these factors, set improvement targets and carry out regular monitoring with final outcome indicators (accidents, injuries) and intermediate outcome indicators (traffic offences, fines, penalty points).

Road risk assessment and treatment

Through risk analysis (frequency × severity × exposure), the organisation prioritises relevant road risks and designs controls: training in efficient and defensive driving, speed limiters in the fleet, no-phone policies, early technical inspections, protocols for night travel or adverse conditions.

Performance evaluation and internal audit

The continuous improvement cycle requires periodic internal audits, at least an annual management review and corrective actions on deviations. Certification is issued by an accredited third-party body (AENOR, Bureau Veritas, SGS, Lloyd's Register…), not by the consultancy that supported implementation.

Differences between commuting accidents and on-duty accidents: why does it matter for ISO 39001?

This is one of the most frequent questions among HR directors and health and safety managers when approaching the standard. Here is a clarification:

Accident type Definition Company liability ISO 39001 coverage
Commuting (in itinere) On the usual home-to-work route and back, without significant detours Limited (the company does not control the route or the private vehicle) Yes, to the extent the company can influence: training, scheduling, incentives for safe commuting
On duty (en misión) During working hours, travelling on company business (client visit, delivery, inter-site travel) High: the company is responsible for the risk generated Yes, this is the core of the standard: fleet, routes, authorised drivers, travel protocols
Company fleet Vehicles owned or leased by the company, driven by employees or subcontractors Very high: civil liability of the vehicle owner Yes, full control: maintenance, telematics, training, speed policy
Private vehicle on company business The employee uses their own car for a sales visit or similar purpose Medium: the company must verify insurance, roadworthiness and driver fitness Yes, through a policy for the use of private vehicles on official business

ISO 39001 does not formally distinguish between the two types but requires the organisation to analyse all journeys related to its activities and adopt proportionate controls. In practice, on-duty accidents generate greater legal liability for the company and should be the main focus of the management system.

Real benefits of ISO 39001 certification

Beyond the certificate, companies that have implemented the standard report concrete and measurable improvements:

Step-by-step implementation plan

At Summum Calidad we have supported ISO 39001 implementations in transport, distribution and fleet-based services companies. The typical process follows these phases:

Phase 1 — Gap analysis

We analyse the current state of road management: existing (or absent) policy, accident rate indicators, fleet condition, driver training, current protocols. We identify the gaps against the standard's requirements and quantify the implementation effort.

Phase 2 — System design

We draft the road safety policy, the RTSMS manual, the key procedures (driver management, preventive maintenance, road incident management, travel protocol) and the road risk assessment methodology tailored to the client's routes and fleet type.

Phase 3 — Implementation and training

We support the roll-out of operational controls: driver training, implementation of telematics tools (where appropriate), review of contracts with transport subcontractors and communication of the policy throughout the organisation.

Phase 4 — Internal audit and management review

We conduct a full internal audit, identify minor and major non-conformities, and prepare the corrective action plan. We present the results to management in the form of a documented management review.

Phase 5 — Certification support

We coordinate with the chosen certification body (AENOR, Bureau Veritas, SGS or another ENAC-accredited body) for the certification audit. We resolve any deviations identified until the certificate is obtained. Certification is always issued by the accredited third party, not by Summum.

ISO 39001 and ISO 45001: do they overlap?

This is the most common question in early meetings. The answer is: they complement each other, they do not overlap. ISO 45001 covers all occupational risks; ISO 39001 focuses specifically on road risk, which ISO 45001 addresses only in general terms. If you already have ISO 45001, adding ISO 39001 mainly means incorporating specific mobility controls (fleet policy, road safety training, road accident rate indicators) without duplicating the management system.

At Summum we carry out integrated implementations that produce a single management system with occupational safety (45001) and road safety (39001) modules, with shared documentation and coordinated audits. This reduces the overall cost and simplifies the administrative burden for the client.

The role of technology: fleet telematics and telemetry

The standard does not require specific technology, but fleet telematics is the most effective accelerator for meeting the road safety performance factor measurement requirements. Current systems (Webfleet, Geotab, Verizon Connect, TomTom Telematics…) make it possible to:

For companies with small fleets (fewer than 15 vehicles), a simple GPS tracking solution with speed alerts already covers a large proportion of the measurement requirements at an accessible cost.

How long does an ISO 39001 certification project take?

The timeline depends on the starting point, but in general terms:

The timeline also depends on the client's internal availability to participate in system design and on the certification body's schedule, which in peak periods (first and third quarters) may have waiting times of 6–8 weeks to schedule the certification audit.

Frequently asked questions

Is ISO 39001 certification mandatory in Spain?

There is no Spanish law that requires ISO 39001 certification as a general rule. However, some public procurement calls in the transport sector and some supplier approval processes in industry already include it as an evaluation criterion or minimum requirement. Voluntary implementation is the best way to anticipate that requirement and reduce the company's legal exposure to work-related traffic accidents.

What is the difference between a road safety plan and ISO 39001?

A road safety plan is a statement of intent, usually without external audit. ISO 39001 goes further: it is a management system with requirements for leadership, risk assessment, measurable objectives, internal audit and third-party certification. A road safety plan can be the starting point for building the RTSMS, but it is not equivalent to the standard.

Can I integrate ISO 39001 with my existing ISO 45001?

Yes, and it is the recommended option. Both standards share the High Level Structure (policy, context, risks, objectives, support, operation, performance evaluation and improvement). An integrated system avoids documentary duplication, reduces the internal audit burden and allows the management review for both systems to take place in a single meeting. At Summum Calidad we design integrated 45001+39001 systems from the very first day of the project.

Which bodies certify ISO 39001 in Spain?

The main bodies accredited by ENAC (National Accreditation Entity) to certify ISO 39001 in Spain are AENOR, Bureau Veritas, SGS, Lloyd's Register, DNV and TÜV Rheinland. Summum is not a certification body; our role is to support implementation until the system is ready to pass the audit of any of these organisations.