Site Rules and Orientation
Contractors and subcontractors shall complete site orientation prior to mobilization. Orientation covers life-saving rules, restricted zones, access control, signage, traffic flow, housekeeping, waste management, smoking policy, and disciplinary actions. Attendance is recorded; badges are issued only after successful completion.
PPE minimums are defined by area classification. Hard hat, safety footwear, eye protection, and high-visibility garments are baseline; task-specific PPE is mandated by permit conditions. Tool and equipment compliance is verified at gate checks.
Supervisors brief teams daily using a standard toolbox talk. Topics include work scope, concurrent activities, SIMOPS conflicts, energy sources, weather, and change points. Language and literacy barriers are mitigated with visuals and bilingual materials.
Orientation validity has a defined period. Refresher training is triggered by incidents, procedure changes, or poor audit outcomes. Non-attendance or policy breaches result in access suspension per contract.
Risk Assessment Sharing
Prior to work authorization, the Principal Contractor shall disclose the site Risk Register and task-level risk assessments relevant to the contracted scope. Each Contractor shall submit a Job Hazard Analysis (JHA) or Task Risk Assessment (TRA) aligned to the site methodology and hierarchy of controls. Bidirectional exchange is mandatory to ensure risk symmetry and prevent unmanaged interfaces.
Combined risk review addresses SIMOPS, co-activities, and energy sources (electrical, mechanical, pneumatic, hydraulic, chemical). Residual risk acceptance requires documented sign-off by the Authorizing Authority. Where assessments conflict, the most conservative control applies by default.
Triggers for reassessment include scope change, variance requests, abnormal conditions, incident/near-miss, or regulatory updates. Time-bound validity and version control are enforced. Latest approved versions must be available at point of work and referenced in the permit-to-work package.
PPE and Permit-to-Work Procedures
Contractor safety performance hinges on disciplined PPE compliance and a robust permit-to-work (PTW) regime. The objective is operational control at the point of risk. Requirements apply to all contractor and subcontractor personnel, including temporary labor and visiting specialists.
PPE Governance and Minimum Standards
Baseline PPE is mandatory in all operational areas: hard hat, safety footwear, safety glasses with side shields, and high-visibility outerwear. Task-specific PPE is prescribed by the hazard profile and shall include, as applicable, cut-resistant gloves, hearing protection, chemical-resistant garments, face shields, respiratory protection, arc-rated clothing, and fall arrest systems. PPE selection follows the hierarchy of controls and is validated by the Job Hazard Analysis (JHA) or Task Risk Assessment (TRA).
Contractors must supply certified PPE that meets relevant standards (e.g., EN/ANSI). Gate control verifies PPE availability and condition. Supervisors enforce wear discipline with spot checks. Damaged or expired PPE is removed from service immediately. Reusable PPE undergoes documented inspection at specified intervals.
Fit, Training, and Verification
Where respiratory protection is required, fit testing is completed prior to mobilization and repeated per standard or after facial changes. Harnesses are individually assigned and logged. Training covers donning, doffing, limitations, maintenance, and storage. Competence is evidenced by records accessible at the point of work. Non-conformance triggers removal from task and corrective coaching.
Permit-to-Work Scope and Triggers
PTW is mandatory for high-risk tasks including but not limited to: hot work, confined space entry, working at height, electrical work, excavation, lifting operations, energy isolation, pressure testing, and live plant interventions. SIMOPS and interface risks require concurrent permit coordination and a single Authorizing Authority.
Authorization Workflow
Permits are issued only after verification of prerequisites: approved JHA/TRA, toolbox briefing, isolation status, gas testing where applicable, barricading, rescue plan for confined spaces, and emergency equipment availability. Roles are segregated: Requester (Contractor Supervisor), Issuer (Area Owner), Authorizing Authority (OHS/Operations as defined), and Permit Holder (On-site Lead). Validity periods are time-bound, weather and shift changes trigger revalidation.
Energy Isolation and LOTO
Lockout/Tagout (LOTO) is applied to all hazardous energy sources. Isolation plans identify each source, isolation point, device type, and verification method. Personal locks are unique and non-transferable. Group lock boxes are used for multi-trade activities. Zero-energy verification is documented. Removal of locks follows a controlled sign-off process.
Gas Testing and Atmospheric Controls
Confined space and hot work require initial and continuous atmospheric testing. Acceptable ranges are defined by site standards. Gas testers are certified and instruments are calibrated to schedule. Ventilation, purging, and standby attendant requirements are documented on the permit. Any out-of-range reading triggers immediate cessation of work and escalation.
Controls at the Point of Work
Before work starts, the Permit Holder conducts a point-of-work risk review with the crew to confirm site conditions match the permit assumptions. Barricades, signage, drops prevention, housekeeping, and emergency egress are verified. Changes in scope or conditions require permit suspension and re-authorization.
Documentation and Record Integrity
Permits, gas test logs, isolation lists, and hand-back confirmations are retained per record control requirements. Digital systems use time stamps and version control. Handwritten permits are legible, complete, and photo-archived at shift end. Deviations and overrides are explicitly justified and approved.
Control Principle
No permit, no work. No PPE, no entry. Authorization is a living control, not a formality. Any variance requires immediate stop, risk reassessment, and formal reissue.
Incident and Near-Miss Reporting
Objective: create a low-friction, high-fidelity reporting pipeline that captures all harm and hazard signals from contractors and subcontractors. Scope covers injuries, illnesses, property damage, environmental releases, process safety events, unsafe acts/conditions, and near-misses. Reporting is mandatory, non-punitive, and time-bound under contract.
Governance and SLAs
Notification: verbal to Supervisor immediately; digital entry within 2 hours. Containment: make safe and cordon area. Preliminary report: within 24 hours. Root cause analysis (RCA): initiate in 48 hours, complete in 7–14 days per severity. Corrective/Preventive Action (CAPA): implement to target dates with verification evidence. Breach of SLAs triggers contractual remedies.
Taxonomy and Severity Matrix
Use a standardized event taxonomy: Injury/Illness, Damage, Process Safety, Environmental, Security, Quality Deviation, Near-Miss. Classify severity by actual and potential consequence. Potential high-severity near-misses receive full RCA and leadership review.
Reporting Channels
Mobile form, web portal, QR posters, and hotline. Anonymous option enabled. Gate staff and supervisors can file on behalf of workers. Language support provided. All inputs time-stamped and geo-tagged where feasible.
Evidence and Data Integrity
Capture photos, sketches, samples, instrument readouts, witness statements, and permit pack extracts. Preserve isolation logs, gas test sheets, and toolbox briefs. Chain of custody applies for serious events. Edits are version-controlled; deletions prohibited.
Investigation and RCA
Lead Investigator is independent of the work crew. Methods: 5-Why, Fishbone, Barrier Analysis, Task Analysis. Focus on system failures: competence, procedures, supervision, engineering controls, interfaces, and change management. Assign causes using a controlled code set to enable trend analysis.
CAPA Management
Actions are Specific, Measurable, Achievable, Relevant, Time-bound. Each action has an owner, due date, and verification method. Effectiveness checks include re-inspection, observation programs, and KPI movement. Overdue actions escalate to senior management and impact contractor scorecards.
Learning and Feedback Loops
Issue Safety Alerts for high-learning events within 72 hours. Integrate lessons into orientation, JHA libraries, and permit prerequisites. Update risk registers and procedures. Track recurrence rate. Recognize high-quality near-miss submissions to reinforce reporting culture.
Control Principle
If it is not reported, it cannot be controlled. Treat near-misses as free audits of the system. Measure quality, timeliness, and closure—not only counts.
Performance Metrics and Scorecarding (TRIR, LTIR, Leading Indicators)
Contractor HSE performance requires a balanced scorecard that blends lagging rates with leading activity measures. Metrics must be standardized across all vendors, auditable, time-bound, and tied to contractual remedies. Targets are risk-based and reviewed during Management Review.
Definitions and Boundaries
TRIR: Total Recordable Incident Rate. LTIR: Lost Time Incident Rate. DART: Days Away, Restricted, or Transferred. Near-Miss Rate: quality-weighted reports per 100 workers. Exposure hours include all contractor and subcontractor work hours, including standby and supervised testing.
Formulas and Cadence
Use a common denominator for comparability. Where regulation prescribes an alternative base, convert to the corporate standard and retain native values for regulatory filings.
| Metric | Formula | Scope | Frequency | Typical Target |
|---|---|---|---|---|
| TRIR | (Recordables × 200,000) / Exposure Hours | All contractor hours | Monthly, YTD | ≤ 0.50 |
| LTIR | (Lost-Time Cases × 200,000) / Exposure Hours | All contractor hours | Monthly, YTD | ≤ 0.20 |
| DART | (DART Cases × 200,000) / Exposure Hours | All contractor hours | Monthly | ≤ 0.30 |
| Near-Miss Rate | (Validated Near-Misses / Avg. Headcount) × 100 | All contractor staff | Monthly | ≥ 25 |
| CAPA SLA | On-Time Closures / Total CAPA | All findings | Monthly | ≥ 90% |
| Training Completion | Completed / Required | Mandatory modules | Monthly | 100% |
Leading Indicators and Quality Gates
Track proactive controls: toolbox quality, point-of-work risk reviews, permit re-validations, LOTO verifications, observation closeouts, and emergency drill participation. Weight indicators by criticality and verify with random audits to prevent gaming.
Data Integrity and Assurance
Hours and headcount are reconciled with gate logs and timesheets. Metrics are independently assured by the Client HSE function each quarter. Outliers trigger data quality reviews. All changes are version-controlled.
Scorecard Integration and Incentives
Each contractor receives a quarterly score with traffic-light thresholds. Green sustains status; Amber requires an improvement plan; Red triggers commercial remedies up to suspension. High performers are eligible for preferred supplier status and longer terms.
Control Principle
Measure what drives risk down, not just what goes wrong. Balance rates with leading behaviors and enforce data integrity.
Audits and Nonconformance Closure
Contractor oversight is executed through a layered assurance model: routine inspections, focused task observations, program audits, and system audits. Scope covers compliance with site rules, permit-to-work integrity, PPE discipline, competency evidence, equipment certification, housekeeping, barricading, and interface controls during SIMOPS. Sampling is risk-weighted and adjusts dynamically to incident trends and performance signals.
Planning and Risk-Based Sampling
An annual audit plan defines frequency, populations, and depth per contractor risk tier. High-risk trades receive increased cadence and unannounced checks. Checklists are standardized to enable benchmarking across vendors while allowing task-specific addenda for unique hazards.
Finding Classification and Ownership
Nonconformances are graded by consequence and likelihood into Critical, Major, or Minor. Each finding has a single accountable owner at the contractor, a due date, and an effectiveness verification method. Critical findings trigger immediate containment and may pause work until controls are restored.
CAPA Workflow and SLA
Corrective and preventive actions follow a gated lifecycle: containment, root cause, action design, implementation, verification, and effectiveness review. SLA targets are set by class: Critical 72 hours to contain and 14 days to complete; Major 21 days; Minor 30 days. Extensions require written justification and client approval.
Verification and Effectiveness Checks
Closure requires objective evidence: photos, training records, permit excerpts, calibration slips, isolation logs, and revised procedures. Effectiveness is tested via re-inspection, performance monitoring, or controlled trials. Repeat findings within 90 days indicate ineffective CAPA and escalate to commercial remedies.
Trend Analysis and Feedback
Findings are coded to a causal taxonomy to enable trend analytics. Monthly dashboards show hotspots by location, activity, trade, and shift. Insights feed the risk register, JHA libraries, and orientation content. Contractors receive comparative benchmarking to drive targeted improvements.
Control Principle
Closure is not a signature; it is proven risk reduction. Evidence and effectiveness checks are mandatory before status changes to “closed”.
Contract Terms and Remedies
Contractor HSE obligations are embedded in the master services agreement and purchase orders as enforceable requirements. HSE compliance is a condition precedent for mobilization, ongoing access, and invoice approval. Obligations span orientation completion, PPE provisioning, competent supervision, permit-to-work adherence, incident reporting, CAPA execution, health surveillance, and data integrity.
Documents referenced in the contract include the HSE Specification, Site Rules, PTW Standard, Emergency Response Plan, and Contractor Handbook. In the event of conflict, the contract and client standards prevail. Contractors shall cascade obligations to all subcontractors and remain fully liable for their performance.
Commercial Levers
Payment levers align safety with performance. Examples include retainage release upon KPI achievement, milestone gating by CAPA closure, and penalty-free termination rights for material HSE breach. Rework due to HSE nonconformance is not billable. Cost recovery applies for client-incurred controls, standby, or remediation caused by the contractor.
Sanctions and Escalation
Sanctions are tiered and proportionate: verbal warning, written nonconformance, access suspension of individuals, partial workstop for affected areas, full workstop, removal from site, and contract termination. Critical life-safety breaches (e.g., bypassing LOTO, confined space entry without permit, working at height without fall protection) trigger immediate stop-work and formal investigation.
Performance Linkage
Quarterly scorecards determine commercial status. Green sustains preferred supplier eligibility. Amber requires an improvement plan with executive sign-off. Red initiates commercial remedies and disqualification from new awards until recovery is demonstrated for two consecutive quarters.
Change and Claims Control
Scope changes require reassessment of risks and permits prior to execution. Claims related to HSE delays are only considered if the contractor complied with all controls and notified within the contractual timeframe. Force majeure does not waive HSE obligations.
Control Principle
Safety obligations are contractual deliverables. Noncompliance carries commercial consequence. Work proceeds only under verified controls.
Emergency Response and Communication Tree
Contractors and subcontractors operate under the Client’s Emergency Response Plan (ERP). The objective is fast hazard containment, life preservation, and orderly recovery. Roles, call-down logic, muster procedures, and interoperability with public services are defined and drilled. Compliance is a mobilization prerequisite and a standing condition for site access.
Command Structure and Roles
Incident Command System (ICS) applies. The Client appoints the Incident Commander; the Contractor designates an On-Scene Lead per workfront. Functional cells cover Operations, Safety, Medical, Communications, and Logistics. Role cards detail authority limits, handover rules, and relief arrangements for extended events.
Communication Tree and Redundancy
Primary channel is site radio with assigned talkgroups; secondary is voice/SMS; tertiary is a mass notification platform. Call-down lists are role-based and time-bound. Shift updates occur at handover. Drills verify message latency, receipt confirmation, and bilingual comprehension where required.
Muster, Accounting, and Access Control
Muster points are signed, lit, and sized for peak headcount. Badge scans or headcount sheets produce roll-call within target time. Turnstiles lock in alarm; emergency gates unlock under fire panel logic. Visitors and short-term techs are included in the muster accounting scope.
Scenario Playbooks
Minimum playbooks: fire/explosion, medical emergency, chemical release, confined space rescue, working-at-height rescue, electrical shock, severe weather, security breach, and evacuation. Each playbook defines triggers, first-response actions, isolation/LOTO interfaces, rescue resources, and hand-back criteria to operations.
Rescue and Equipment Readiness
Rescue kits are staged at point of risk: tripod, SRL/Winch, stretchers, trauma kits, spill kits, fire extinguishers, eye wash, AEDs. Ownership, inspection cadence, and seal tags are documented. Contractors verify pre-task availability and expiry dates during toolbox briefings.
External Interface and Reporting
Coordination with local emergency services is pre-planned. Site maps, hydrant plans, chemical inventories, and access routes are shared and reviewed annually. Statutory reporting thresholds and timelines are embedded in the incident workflow to protect legal compliance.
Training, Drills, and Performance
Induction covers alarm tones, routes, and assembly behavior. Tabletop drills run quarterly; full evacuations occur at least annually per site risk. Post-drill gap logs generate CAPA with time-bound owners. KPIs include muster completion time, message delivery rate, and rescue readiness audit scores.
Control Principle
Plan for failure of the first control. Build redundant communications, pre-staged rescue, and clear command to compress time-to-safe-state.
Health Surveillance Records
Contractors shall implement risk-based medical surveillance aligned to exposure profiles and legal requirements. Scope includes pre-placement exams, periodic health checks, and task-specific assessments for noise, respiratory hazards, hand–arm vibration, biohazards, ionizing radiation, thermal stress, and chemical agents.
Program Design
Surveillance matrices map roles to hazards, tests, and frequencies. Examples: audiometry for high-noise tasks, spirometry for solvent exposure, fitness-to-work for confined space and SCBA use, vision testing for driving and lifting operations. Triggers include incident involvement, exposure excursions, and role change.
Fitness-to-Work and Restrictions
Medical providers issue fitness determinations with work restrictions where required. Contractors must integrate restrictions into scheduling and permit planning. The Client verifies fitness status before site access and retains only the determination, not medical details.
Privacy and Records Control
Medical data is confidential. Contractors store full medical files. The Client holds minimal records: fitness status, test validity dates, and provider accreditation. Data retention and transfer follow contract and applicable law. Audits verify program existence and validity, not personal health content.
Exposure Monitoring Interface
Industrial hygiene sampling plans define methods, equipment calibration, and action levels. Exceedances generate CAPA, enhanced PPE, engineering controls, and retraining. Trends inform risk registers and JHA libraries.
Control Principle
Prove fitness without exposing medical detail. Separate privacy from control by using status-based verification and risk-driven testing.
Annual Review and Scoring
Annual contractor performance reviews consolidate metrics, audit outcomes, incident learnings, and commercial behavior into a single score that governs sourcing eligibility and contract renewal. Reviews are evidence-based and chaired by senior management.
Scoring Framework
Weights are predefined. Typical split: Safety KPIs 40%, Audit/CAPA 25%, Competence and Training 15%, Compliance and Data Integrity 10%, Collaboration and Communication 10%. Thresholds trigger actions: Green—preferred status; Amber—improvement plan; Red—suspension from new awards until recovery.
Inputs and Evidence
Inputs include TRIR/LTIR/DART, near-miss quality, permit integrity audits, LOTO verifications, toolbox quality scores, emergency drill performance, CAPA SLA adherence, medical surveillance validity, and documentation controls. Evidence must be auditable and time-stamped.
Decision and Follow-Through
Outcomes define vendor tiering, future bid invitations, and targeted development programs. Action plans contain owners, milestones, and quarterly checkpoints. Persistent underperformance escalates to contract remedies per the master agreement.
Continuous Improvement Loop
Findings feed policy updates, revised standards, and orientation content. Benchmarking across vendors highlights best practices. Lessons learned are shared through safety alerts and quarterly forums.
Control Principle
Tie commercial status to proven risk reduction. Incentivize leading behaviors and enforce recovery plans with clear gates.