EHS regulations

EHS managers have their hands full this spring , but can your EHS software cope with the changing EHS regulations? 1st of March was the first official day of spring, at least if we follow the meteorological calendar according to which the spring season lasts from March 1 till May 31. Many of us don’t really buy it – the UK was practically forced to a standstill last week when a Siberian storm prompted the country’s first ever red weather warning. And for EHS professionals, the slippery conditions won’t be the only out of the ordinary event this ‘spring’.

As we wrote about recently, new data protection laws are coming into force on May 25. Preceding that, the latest ISO 45001 standard is due for publishing on March 12. Hence, it is important for you to know what is changing to start preparing now (and not get caught out like the UK).

New EHS regulations: GDPR and ISO 45001

The two milestones for this spring have been in the calendar for a while now, and for the companies concerned, preparation should have started a while back. Achieving compliance and making changes to processes doesn’t happen overnight; organizations must have relevant processes and systems in place to guarantee appropriate management of data collection, categorization, sharing, output and retention etc. It’s like a farmer planting seeds; he can’t get a good crop if he hasn’t planted the seeds before the growing season begins.

Since GDPR and ISO 45001 have been widely covered topics that you have likely read about, I won’t dwell on the details. Instead, we will look at the expectations and requirements the changing regulatory environment puts on your EHS software. If you, however, want to ensure that your EHS department is on the right track with preparation, here are two helpful resources followed by a brief description:

GDPR and Health and Safety: A Guide For HSE Professionals

EU GDPRGeneral Data Protection Regulation (GDPR) is a European law initiative that harmonises the rules relating to the processing of personal data across all member states of the European Union. HSE departments hold a wide range of personal data which is why they will be directly affected by the law. You can find more information on this complex legislation in the context of Health & Safety processes here.

ISO 45001 – An Overview 

ISO 45001, concerning Occupational Health and Safety Management Systems, is a voluntary standard developed by the International Organization for Standardization (ISO). This new international standard specifies requirements for an occupational health and safety (OH&S) management system and a framework to improve workplace safety, reduce workplace risks and create better and safer working conditions in a proactive way. The standard is expected to be published on March 12, 2018.

Whilst details of the ISO 45001 standard are yet to be released – which we will examine when they are out next week – it is clear that EHS professionals will need an efficient management system to stay on top of this and the extensive GDPR. Here are some basics that you should expect of a system that will support your compliance.

Flexibility of your software

With governmental, local, and international EHS regulations, along with ISO compliance principles, it is important that your EHS software system can deal with the various standards and comply with appropriate EHS regulations. What is required from your EHS software then is flexibility.

Different regulatory bodies have varying reporting and documentation requirements, which is why EHS forms must be able to capture the appropriate information required by the different agencies. For example, OSHA in the US and the HSE in the UK ask for specific documentation on work-related injuries and illnesses.

All employers covered by the OHS Act in the US are required to prepare and maintain records of serious occupational injuries and illnesses, using the OSHA 300 Log. Employers with more than ten employees (and whose establishments are not classified as a partially exempt industry) must record work-related injuries and illnesses using OSHA Forms 300, 300A and 301. It is important then that your EHS software can provide output for these.

In the UK, responsible persons must complete a RIDDOR report (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) if a work-related accident or an accident resulting in a reportable type of injury take place.

Your EHS system must then be capable of helping to maintain accurate records and provide support for both your documentation and reporting needs required by the diverse EHS regulations.

Flexibility is also one of the top criteria for buyers when looking for EHS software.

User experience

Apart from ticking the boxes of compliance, it is also paramount that your EHS software provides a good user experience. It is not sufficient to merely meet the regulatory requirements - the system needs to be easy to use so that people are happy to use it.

By deploying EHS software on SharePoint you benefit from the familiar and easy to understand interface that your users are already used to. Since the system leverages your existing Microsoft Office programs, it wouldn’t be difficult for employees to learn and adapt their already efficient skills.

Single sign on

An EHS system that integrates with existing central IT such as SharePoint facilitates Single Sign On (SSO) eliminating yet another step in the user experience. With SSO, users can access the EHS system without having to re-enter their password every time.

Security permissions

security permissionsSingle Sign On with SharePoint is facilitated by Active Directory. Active Directory (AD) holds all the accounts within your Microsoft IT infrastructure, and is where security permissions are controlled. Assigning appropriate security groups is crucial for GDPR compliance. Furthermore, the relevance of dashboards presented is driven by a user's AD profile. For example, a Supervisor from your Detroit operations may only see local EHS information; but the Regional Manager for North America will have access to data collected across the whole continent.

Managing permissions through Active Directory is a huge advantage when preparing for the new GDPR. Collection and management of personal data are at the very core of the law. With SharePoint you can restrict and allow access to personal information such as health records, which may or may not be relevant to the purpose of processing that data and similarly may or may not be relevant to all personnel.

It is, therefore, wise to invest in technologies that a) your workforce are already familiar with, and b) that already contain user profiles that can be used for security permissions in the new EHS system.


Another vital part of user experience is automation. When there are a variety of standards and laws to meet, automated processes save management’s time, encourage workers to report and improve visibility across the business. Adhering to many deadlines and gathering information in different formats can be time consuming, hence automated processes together with customized forms, reports and dashboards will ease the burden and help you stay compliant with distinct EHS regulations.

Access on multiple devices

Mobile accessAs well as being configurable and having the ability to capture appropriate information, your EHS software should also function on multiple devices so that there are no restrictions to by whom and where the application is being accessed. Anyone should be able to report an injury, hazard or an incident, whether they are part of the staff, a contractor, or just visiting the site. This subsequently means that you should not need a system account to be able to fill in certain forms. We have found this is particularly useful in the Construction industry.

Having remote access will help organizations to better determine hazards and risks, and thereby eliminate them or put in controls to minimize their potential effect, which is also part of the ISO 45001’s objectives to improve organizations’ OH&S performance.

The current trend to hire temporary workers and contractors, although cost effective, has raised questions about safety in the workplace. According to The EHS State Of The Nation survey, “temporary worker safety” is a medium to high impact risk for organizations. Allowing these workers to take part in safety initiatives is a step in the right direction.


Out of the box vs. tailored solutions

The EHS software market can be divided into two types of solutions: ‘Out-of-the-box’ systems, where a client implements a ready system without further configuration, and ‘tailored’ systems where the client works with the vendor to fit the software to their specific needs.

Out of the box solutions tend to be less extendable than tailored solutions which are more flexible and can be personalized according to the organization’s needs. Of course, the applications that fall into the latter category require more input and consideration from the client when it comes to implementation, but can better meet changing regulatory requirements and a growing company’s needs.

Here are the main arguments for out of the box vs. tailored.

Out of the box pros and cons

Out of the box pros Out of the box cons

Faster implementationLack flexibility for changes going forward
Can be cheaper than complex tailored systemsPrice can rise quickly if charged on a per user basis
Easier for the vendor to support and upgradeUser adoption hindrance if it deviates from common practice
Align with what the vendor deems as best practice in their experienceClients may have to change internal processes to match the system's abilities
Tailored pros and cons

Tailored pros Tailored cons

Performs the way you want it toMust have internal policies and processes already enshrined
Develop a close relationship with the vendor in a partnershipImplementation can take longer
Improved user adoption levelsPrice rises if configuration is complex
Flexible for changes going forwardMore effort for the vendor to support and upgrade
Existing internal processes need not be changed

Every business operates differently and what may work for some will not work for others. The EHS software marketplace caters for companies interested in out-of-the-box as well as those looking for something more flexible.

EHS software on SharePoint – both configurable and user-friendly

EHS software on SharePoint from Pro-Sapien is deployed as another part of your SharePoint system, taking on the same look and feel that your users are already used to working with. The user experience is seamless whether filling in a form, assigning actions or creating a report. To the end-user the system is just another part of the SharePoint system.

The flexibility of the system enables it to be tailored to the organization’s needs, providing a long-term platform that can adapt to various EHS regulations. Whether it’s particular forms, reports and/or automation, a flexible system gives you the tools to maintain compliance without having to change the system.

Pro-Sapien’s EHSQ software on SharePoint will enable you to:

  • Have a single central store for all EHS information
  • Reduce time spent navigating numerous systems
  • Standardize processes across the global business
  • Produce output for various standards
  • Control versioning and approval with full audit trails
  • Create your own real-time reports and dashboards

So, even though the complex global regulatory obligations can be challenging to manage, the flexibility of your EHS system allows your organization to use it over an extended period, even when new EHS regulations are published. Whether it is the new GDPR or ISO 45001, the flexibility of your system will help you cope.

Pro-Sapien HSEQ Innovate Brochure

Fill in this short form to download the Pro-Sapien Software brochure now.

Get this resource to your inbox now:

We will fulfil your Content Download via email. Find more information about how we process your data in our Privacy Policy.

Pro-Sapien's flexible EHSQ software on SharePoint

Pro-Sapien EHSQ software has been specifically designed for organizations requiring powerful reporting capabilities within a tailorable, scalable application. Read this brochure today, and learn more!

Get brochure »

A Copenhagen Business School graduate with a MA in International Business Communication, Tytti joined the Pro-Sapien marketing department in 2017 and brings a wide range of experience to the team – not to mention the ability to fluently speak three languages, Finnish (native), English and Spanish. Outside of business Tytti is an avid gymnast having competed at international level in the Aesthetic Group Gymnastics Championships, and has lived in Finland, France, Argentina, Spain, Denmark and now the United Kingdom. As the Graduate Marketing Executive Tytti coordinates Pro-Sapien’s social outreach and blog content, and can be reached at

Take part in the conversation