About Environmental, Health & Safety (EHS) Software
(including EHS Software on Microsoft SharePoint)
Learn all about EHS software systems with our 10-part guide. This resource is for Environmental, Health & Safety (EHS) or IT professionals seeking to understand the make-up of EHS management software, and for those looking to know more about the marketplace.
Navigate this guide by selecting from the table of contents.
- What is Environmental, Health and Safety software?
- IT integration of EHS software systems
- EHS software processes
- Available hosting options
- User roles in EHS software
- Costs associated with EHS software
- Personal Data management and storage
- Regulatory and law enforcement bodies
- Pro-Sapien EHSQ software systems
- Common Environmental, Health and Safety abbreviations
Download the PDF version to view offline
1. What is Environmental, Health and Safety (EHS) software?
EHS stands for Environmental, Health and Safety. Environmental, Health and Safety (EHS) software is a management application that helps companies collect, analyze, report on and store a wide range of data. This is usually regarding occupational health and safety and the environmental impact of operations. EHS software also helps companies ensure compliance with local and federal EHS regulations.
EHS software is often controlled by a combination of personnel from the EHS department and from the IT department. Budget for this software usually comes from these two departments and sometimes also from Operations.
An integrated software system simplifies the entire management process by bringing together key components such as forms, workflows, notifications, dashboards, libraries and a data warehouse. Automating EHS management provides organizations with a full audit trail to improve transparency and thus drive performance improvement across the board.
Uses of EHS software
A company may be managing EHS data with spreadsheets, manually producing reports on a monthly basis in a time-consuming process. Furthermore, they may also be using paper forms to record incidents, near misses and other EHS indicators, as over half of companies surveyed by BLR (Business & Legal Resources) were in 2015. These outdated methods have proven to be inefficient, although many organizations are still using them today.
EHS software brings automation to much of the process of EHS management, encouraging workers to report, improving visibility across the business, and freeing up managers’ time to implement data-driven changes.
With standardized forms that are easily accessed, organizations can maximize data collection and minimize the time spent collating it. One centralized data warehouse makes it easy to view all related information at once on dashboards and in reports, and to implement further actions.
The type of data captured by EHS system forms can relate to (but is not limited to);
- other safety incidents,
- near misses,
- environmental impact tracking,
- environmental incidents,
- equipment changes,
- work permits,
- chemicals inventory, and more.
This varies per company and per system.
Usually there will be a mix of mandatory and optional fields on a form. The data gathered influences which workflow the form is sent through, where notifications are sent, and in the case of a dynamic form, can also trigger areas of the form to become available or unavailable for the user.
Once a form is submitted, notifications are automatically sent via email to the appropriate persons. In some cases, communications programs such as Skype for Business can be used for instant messaging with other users without leaving the EHS software system. The form may require review and sign off before it can be forwarded for investigation and follow up.
In order to facilitate transparency and accuracy, a full audit trail of all communication within the system is available to those with the appropriate security permissions.
EHS software helps to ensure company compliance with local and federal EHS regulations. Large fines can be levied when a company is found to be noncompliant with EHS regulations. Regulatory bodies such as the HSE in the UK and OSHA in the US set legally binding standards to protect employees and the environment that organizations must adhere to.
For example, OSHA may perform an audit on an organization at any time. The organization is often not warned of the audit intention prior to an OSHA inspector arriving onsite. An organization must provide an OSHA inspector access to their health and safety information for audit, so that the inspector may discern compliance or noncompliance. If noncompliance is suspected, a formal investigation may be launched.
Investigation & Follow up
Once the data has been collected, follow up tasks such as root cause analysis and corrective actions can be carried out. This allows organizations to understand the ‘why’ behind an incident, a near miss or a Risk Assessment, for example. Understanding the circumstances that led to an incident means corrective measures can be put in place to prevent future recurrences.
These tasks are managed through what many EHS software systems refer to as the Action Manager. In the Action Manager, progress and status can be tracked to ensure tasks are not running overdue.
Reporting of performance is paramount in fulfilling the EHS management aim of preventing incidents and injuries. The information used in reports is sometimes referred to as Management Information or Business Intelligence (BI).
EHS software should provide EHS Managers with dashboards and reports that display sometimes copious amounts of data in understandable visualizations such as charts and graphs. Dashboards are for quick viewing of key metrics. Reports are for more detail on key metrics displayed within a dashboard – EHS software users may wish to create their own reports on an ad-hoc or scheduled basis.
Trending is extremely important in EHS Management Information, as are Key Performance Indicators (KPIs) for benchmarking. It is with these reports and dashboards that managers can make decisions on EHS improvement initiatives, and go to the board with important performance information.
EHS Key Performance Indicators
Key Performance Indicators (KPIs) are metrics that measure progress toward specific Environmental, Health and Safety goals or to monitor and identify trends. KPIs that show what has already happened are called “lagging indicators,” whereas those which are used in predictive analytics are referred to as “leading indicators.” KPIs are always quantifiable, but differ from business to business and require planning to put in place effectively.
Lagging indicators may include:
- Injury frequency and severity
- OSHA recordable injuries
- Lost workdays
Leading indicators may include:
- Near misses
- Hazard observations
- Training participation rates
In 2017, developing and tracking KPIs remained a top goal for EHS professionals.
Software systems help EHS professionals to stay informed about the issues and activities in the organization, generating data into KPI dashboards to assist in measuring and controlling workplace hazards. Safeopedia, an EHS news website, discusses examples of safety KPIs in this short video:
Using EHS software saves time, reduces risk, and improves productivity and communication across the organization. Knowing the data and being equipped with the means to act on it, organizations can make strategic decisions for the future.
EHS software marketplace
Statistics show that companies using EHS software have reduced injuries and near misses at a much more impressive rate than their peers operating without one.
EHS software is most often used by mid to large companies that operate in high risk industries, such as oil and gas, marine, construction and aviation. In 2017, the global EHS software market was valued at $1.1 billion US dollars (USD).
A growing industry
The market, originally dubbed “EMIS” for Environmental Management Information Systems, has been about since the early 1990s. Since then it has grown to merge Health and Safety with Environmental to support the needs of organizations combining the complementary functions. EHS software is now in the phase of majority adoption following 25 years of innovation and early adoption.
Around 200 EHS software vendors are recognized by independent analyst firm Verdantix. According to Verdantix research, North America accounted for 52% of the EHS software market in 2017 with a spend $572 million, followed by Europe with 26% of the market share and a spend of $279 million.
There are different areas of specialty among vendors of EHS software. For example, Enablon has made a name for itself as the go-to for Environmental Sustainability, and Pro-Sapien is the only vendor offering EHS software that sits on leading collaboration platform Microsoft SharePoint. The wide range of vendors has given way for EHS consultancies, such as Trinity Consultants and JSA Services, to successfully offer services in EHS software selection and implementation.
The market has seen significant investment in recent years as regulations tighten, public scrutiny mounts, technology advances, and demand for EHS software grows. Acquisitions in the industry are a common occurrence. It is forecast that by 2022, the industry will be worth $1.7 billion which is a growth rate of 54% within a five year period.
EHS software selection
Determining business value drivers
An important thing to consider when selecting an EHS software system is the value that it brings for the organization. In other words, what the software will mainly be used for and whether the aim is to reduce incidents or carbon emissions, for example.
Measuring Return on Investment (ROI) of EHS software can be a challenging task as many of the returns are intangible, such as employee wellbeing and morale. To make the case for EHS software to the board, tangible benefits such as productivity, decreased absenteeism and reduced costs are often concentrated on, but the value extends much further than what easily meets the eye.
Determining the ROI of EHS software
Overall productivity savings of a typical mid-sized Environmental Management Information System (EMIS) software deployment can be significant. JSA Services has created an ROI model that allows clients to estimate savings related to various tactical activities. This tool is an activity-based model that allows clients to estimate savings by activity for each module, with summary results.
The following points are general examples of key operational benefits clients can expect as a result of using a centralized EMIS system:
- 15-20% higher productivity (efficient use of existing resources and avoid new hires).
- Greater data accountability at the site level eliminates time wasted by corporate environmental staff following up on missing data or incomplete tasks, which can lead to violations and fines.
- Efficient data archiving and retrieval eliminates time wasted searching for records.
- Lower consulting costs as manual data collection and reporting processes are replaced.
- Lower travel costs as staff is able to review site-level reports and records online.
- Higher production output due to more accurate environmental data
Integration with existing IT programs
Deploying an EHS system that integrates with the company’s existing other IT programs, such as Microsoft Office or SAP, is often the logical way to go. This does not only save time and money in implementation, but can facilitate better user adoption and can minimize training if the new system operates similarly to the IT programs users already know how to use. It can also maintain a higher level of data integrity as interfacing between programs is automatic rather than subject to manual efforts.
Depending on the size of the company, finding the most cost-efficient product can be challenging. Factors that can influence price include the number of modules, number of users, number of languages, the level of support required for implementation and training, and the extent of the customization required. Further information on EHS software budgets can be found here.
Out of the box vs. tailored systems
There are pros and cons of both an ‘out-of-the-box’ system, where a client implements a ready system without configuration, and a ‘tailored’ system where a client works with the vendor to fit the software to their specific needs. The ability to tailor a system is often referred to as to "configure".
Here are the main arguments for out of the box vs. tailored.
Out of the box pros and cons
|Out of the box pros||Out of the box cons|
|Timely and low-risk implementation||Lack flexibility for changes going forward|
|Can be cheaper than complex tailored systems||Paying for functionality that may not be required|
|Easier for the vendor to support and upgrade||User adoption hindrance if it deviates from common practice|
|Align with industry templates for best practice in the vendor's experience||May have to change internal processes to match the system's abilities|
Tailored pros and cons
|Tailored pros||Tailored cons|
|Performs the way you want it to||Must have internal policies and processes already enshrined|
|Develop a close relationship with the vendor in a partnership||Implementation can take longer|
|Improved user adoption levels||Price rises if configuration is complex|
|Flexible for changes going forward||More effort for the vendor to support and upgrade|
|Existing internal processes need not be changed|
Every business operates differently and what may work for some will not work for others. The EHS software marketplace caters for companies interested in out-of-the-box as well as those looking for something more flexible.
A lot of time and energy goes into assess requirements and select the right Environmental Management Information System (EMIS). Then, there is the effort required to design the system, configure, test, and train users. These project phases are relatively well known and can result in the development of a successful system. So why do some systems fail after the GoLive?
One common reason is adoption of the system by the end users. The best designed and implemented system loses its value, if it is not adopted and used throughout the organization.
To drive the adoption of a new system, the procedures for change must be understood and promoted. This means clearly defining and aggressively following a change management process during all stages of the implementation. Utilizing change management can provide thoughtful planning, a sensitive implementation, as well as consultation with, and involvement of, the people most affected by the change. These people are the ones who will use the system on a daily basis.
2. IT integration of EHS software systems
Poor integration with existing IT systems has been cited by NAEM, a professional association for EHS management, as the top reason for organizations going to market for new EHS software – 49% of survey respondents in 2017 were seeking a solution that offers “better integration with other IT systems.” Small, mid and large companies alike are increasingly looking to bring IT programs together in order to make user experience smoother and more efficient.
A company may already be invested in enterprise IT programs, such as Microsoft Office 365 and SharePoint. Microsoft collaboration platforms are used by millions or organizations, small and large, worldwide. Integrating a new EHS system with Office 365 saves time, effort and money by utilizing IT infrastructure that is already in place.
Microsoft SharePoint was launched in 2001 as a collaborative platform. The platform is traditionally used for storing and sharing of files, data, news and resources. It is one of the most popular collaboration tools worldwide, and its ability to integrate with other Microsoft Office programs makes it ideal for organizations that are already utilizing other Microsoft products. In 2010, 78% of the Fortune companies were using SharePoint and since then the number has been growing.
SharePoint allows the entire company to be connected and informed via a single platform. It facilitates the organization of resources and files with libraries and folders. Collaboration is further facilitated by other Microsoft programs such as OneDrive, Yammer and OneNote, which are deeply integrated with SharePoint. News, tasks, and deadlines can be easily shared and teams can build customized Team Sites where it is easy to edit, organize and collaborate on content. The platform can be securely accessed from PCs, Macs and mobile devices at any location, thus enabling remote work.
SharePoint is available both on-premise and on the Microsoft Cloud, Azure.
The latest version of on-premise SharePoint is SharePoint 2016, proceeded by SharePoint 2013, 2010 and 2007. Microsoft now only supports SharePoint 2013+ and is largely investing in Office 365. SharePoint Online is available within Office 365.
Buy vs. build debate
SharePoint is a popular base for custom built systems. However, sometimes these do not work out in the long term. In the case of EHS, such in-house built systems often run over budget and are not delivered on time. The deliverable may be unfit for purpose as IT has a number of pressures and deadlines that the EHS department must join the end of queue of. Following that, the system must be maintained and supported, which time-strapped IT departments can struggle with.
Many mid to large sized organizations now purchase EHS software from a specialist vendor in order to avoid the well-documented challenges of developing and supporting something in-house. For example, Pro-Sapien's systems have been developed specifically for SharePoint and Office 365 integration, providing the benefits of integration without the effort required for in-house development.
Integrating EHS software with Microsoft SharePoint
An organization’s existing SharePoint portal can be leveraged even further by deploying EHS software that integrates with SharePoint, and with other Microsoft programs accordingly. EHS software on SharePoint can be accessed and managed via the existing portal (single sign on), and it can be deployed on both the On-Premise and Cloud versions.
Integrating EHS software into SharePoint allows the software to leverage SharePoint’s existing features and familiar interface. Users benefit from its built-in tools such as calendar, tasks and lists functions, document management with version control, and communication/collaboration tools. Other great benefits of a SharePoint integrated system are managing permissions with the existing Active Directory, submitting web-based forms with automated follow up workflows, and visualizing data in graphs and charts on SharePoint dashboards.
Active Directory together with the EHS software's Action Manager is a good example of an automated process facilitated by SharePoint integration. The workflow will decide who should be notified in certain situations; for example, if a member of staff has not undertaken online safety training before the due date, the respective regional manager or supervisor will be notified to take action. Being able to use Active Directory means the manual management of user profiles is not duplicated by the EHS system.
Once a task has been allocated to a person, it will show on their SharePoint calendar. Any notification related to the task, such as a delay, will be automatically escalated and sent to more senior personnel. Automating the process makes allocation and follow up of actions more streamlined and manageable.
Reduce system silos
Integrating your EHS software system with SharePoint has several benefits to it on top of the centralization of data. One central system means less time spent moving data between disparate and perhaps siloed systems, increased accuracy, and making the lives of users that bit easier. As an integrated program, data can be tracked and is reportable in real time.
3. EHS software processes
EHS software processes help organizations to manage both structured and unstructured information in an effective manner. In place of a paper based system, EHS software provides the EHS team with tools that create repeatable processes, such as managing the handling of permits and reporting incidents, much easier. There are different modules within an EHS software system that support these processes.
Audits and Inspections
A big part of the EHS manager’s job is to ensure organizational compliance. With an increasing amount of data at hand, spreadsheets and manual systems can complicate data tracking and possibly allow an organization to fall into noncompliance.
The two terms Audits and Inspections are often used interchangeably; however, their meanings are different.
An EHS Inspection is performed to check for hazards and unsafe practices in a workplace. Inspections evaluate the physical conditions of a workplace, i.e. the equipment and safeguards, and the practices used to identify unsafe actions. Inspections are performed regularly to see if the workplace meets the standards it has set for Environmental, Health and Safety. Inspections can bring forward problems that can be solved in order to prevent incident or injury.
An EHS Audit covers a broader scope than an Inspection. It evaluates the effectiveness of an organization’s safety practices and inspection processes. Audits are performed less often and are sometimes done by a third-party or regulators such as OSHA. They assess whether the company is meeting all safety standards and whether it complies with Health and Safety laws, with the completed Inspections as part of the performance reports that are evaluated.
It is important to have the right tools and processes in place so that Audits and Inspections can be performed effectively. Integration with SharePoint offers the control over Audit features so that every version, every approval, when and whom submitted and approved can be logged, thus providing an audit trail for the life cycle of all forms.
The ‘E’ in ‘EHS’ stands for Environmental. Increasingly, organizations must capture and report on information relating to everything from Co2 emissions, energy consumption and waste sent to landfill, in order to remain compliant with ever-more stringent regulations. Environmental Management is the process of gathering this such data and using it to reduce emissions, consumption and overall negative impact on the environment. Environmental Management often also covers the use of site inspections.
Organizations set targets based on local regulations, but may also have internal goals in order to contribute to Corporate Social Responsibilities (CSR).
In 2016, US energy consumption totalled 97.4 quadrillion British Thermal Units (BTU), accounting for around 18% of world total primary energy consumption. To help organizations manage and decrease their energy consumption, an Energy Management System can be used to support and reach these goals.
Energy Management is the practice of tracking energy consumption, such as water, gas and electricity, comparing these numbers against organizational targets, and making changes to processes accordingly. The benefits of an energy management system lie in cost reduction and decreased environmental impact.
A major part of Environmental Management is to measure and reduce carbon dioxide emissions, as carbon (Co2) has been billed as the biggest contributor to global warming. With the help of Environmental software, organizations can track, manage and decrease their carbon footprint. The system also helps in meeting regulatory requirements. An automated system will provide notifications in the event of uncommonly high emission levels, and when integrated with a wider EHS system that includes, for example, Management of Change, can be useful for identifying inefficient processes.
Green House Gases (GHG)
With a multitude of federal, state, and even voluntary greenhouse gas (GHG) reporting programs facing companies, ranging from small businesses to the most environmentally-savvy multinational corporations, organizations can struggle to find a reporting solution that meets these varying and sometimes contrasting needs. Excel spreadsheets and homegrown solutions simply don’t meet the needs of today’s complex GHG reporting environment.
Once considered a pesky environmental byproduct of doing business, GHG has become a hot button issue for everyone from legislators, media, and the investment community to the consuming public. With the development of the Dow Jones Sustainability Index and, later, the Carbon Disclosure Project, shareholders and institutional investors have become increasingly focused on the GHG emissions and overall environmental impact of organizations. Voluntary participation in programs such as The Climate Registry has become more important for businesses committed to environmental stewardship and leadership.
The prominence of greenhouse gas emissions as a business concern was significantly elevated when the Environmental Protection Agency (EPA) issued its Greenhouse Gas (GHG) Mandatory Reporting Rule in October 2009, which requires collection and reporting of GHG data beginning January 1, 2010. With complicated rules regarding Mandatory Reporting Rule applicability, in addition to what should be reported and which records kept, companies can’t escape complex GHG emissions reporting requirements at the federal, state and voluntary levels.
Meeting Air Emissions Inventory Demands with EMIS
Electronic reporting of air emissions inventory can also be complicated. In addition, requirements and reporting systems can differ drastically on a state by state basis, preventing best practices and standards from emerging.
One utility company met the challenge of environmental reporting by automating air emissions inventory. One of the largest competitive electric generators, in one of the largest consuming states, the Utility started with an overall project goal: Implement a new software solution to manage the Air Emissions Inventory (EI), and Toxic Release Inventory (TRI). The company’s current inventory was tracked using a series of spreadsheets and linked worksheets. They needed to streamline the process, while minimizing human error.
The Utility selected an Environmental Information Management System (EMIS), for data processing, electronic file creation, and submittal to the appropriate agencies. The EMIS also provided task management, to manage the collection of data and management of inventory collection milestones. The client had a responsibility to submit six EI electronic reporting files to state electronic reporting systems. With multiple plant sites and units with different configurations, the client needed to combine 126 workbooks worth of information, emissions factors and calculations into a standardized solution for calculating and reporting emissions inventory. They also needed bring consistency to calculation methods.
Hence, proper planning and best practices can lead to a successful design and implementation of EMIS, even for the most complex companies and set of state reporting requirements.
Another part of Environmental Management is Waste Management. This process considers the tracking of both hazardous and non-hazardous waste through the entire production cycle in an organization. The main aim of Waste Management is to reduce the common metric of ‘waste sent to landfill.’ By tracking exactly what waste is produced, where and by what process, organizations can make decisions to increase efficiency by, for example, directing metal by-product from Plant A to be reused in a different processes at Plant B rather than shipping it overseas to a specialist landfill site. Onsite reuse also reduces transportation costs.
Companies that invest in Waste Management can track waste collection points and waste shipments to generate reports that help assess the effectiveness of the system.
Hazard Observations and Near Misses
Reporting Hazard Observations and Near Misses is a staple of a proactive safety culture. EHS software provides the tools to record, manage, analyze and act on hazards that have been witnessed in the workplace. Acting on this information helps to prevent a similar or worse situation from materializing in the future. Hazard Observations data contributes to leading indicator KPIs.
With an integrated system, where all modules talk to each other, EHS managers can track trends in hazard/near miss reports against incidents data to identify common situations that lead to injury. This practice is known as predictive trending.
Forms for reporting hazards and near misses are often lightweight to only capture the necessary information and to encourage employees to use them. With Pro-Sapien's Hazard Observation forms, employees, contractors and even members of the public can report a hazard through their mobile, which removes the common barrier of ‘difficulty’. Hazard Observations forms are created to maximize and speed up the process of sending essential information to the management so that corrective actions can be raised accordingly.
Incident Management covers everything from an employee reporting an incident, to management implementing corrective actions, to the Director evaluating and sharing performance reviews with shareholders. A competent EHS software system provides tools that support the process from the beginning until the end. With this sort of system, a user can log incidents, approvers can contact those involved, and management can investigate root causes, analyze results and generate reports.
Incident Management is the most popular module within EHS software systems as it is key for knowing where safe work processes have failed. In many countries it is mandated that organizations of a certain criteria must report incident data relating to illnesses and injuries to regulatory bodies, such as OSHA.
In May 2016, the Occupational Safety and Health Administration (OSHA) published its new rule, officially named “Improve Tracking of Workplace Injuries and Illnesses.” Among many revisions, the OSHA rule dictates that employers must submit their work-related injury and illness records to a new OSHA website. This data is then published into the public domain. The electronic submission deadline for the OSHA Form 300A information was December 31, 2017.
Mobile Forms allow workers to capture information there and then out in the field. By using Mobile Forms, companies save time and respond to hazards or near misses as soon as possible. Mobile Forms are usually used for lightweight forms, such as Hazard Observations forms, that can be quickly accessed either by a native mobile app or by web-based forms.
With Pro-Sapien, web-based forms can be accessed by scanning a QR-code on-site. Using QR-codes allows anyone, even a contractor who does not have a system login, to report a hazard. It is not necessary to download an app prior to reporting, meaning that nobody is restricted from contributing to safety. This short video contains more information on these Mobile Forms for EHS:
In many industries such as Forestry or Oil & Gas, the ability to save Mobile Forms in offline mode is important since proper connection cannot always be guaranteed in remote locations. The form should then be automatically uploaded to the EHS system upon reestablishment of a connection. Demand for this feature of EHS software is growing as EHS professionals look to tap into new technology to gather helpful information in a timely manner.
EHS often comes bundled with a ‘Q’, which stands for Quality (such as in EHSQ).
Whether in Construction or Retail, Maritime or Pharmaceuticals, keeping on top of your organization's performance is crucial in delivering optimal results. For large companies with thousands of employees, Quality Management processes need to be able to cope with ever-growing amounts of data and provide visibility, consistency and accessibility across numerous continents.
A Quality Management System (QMS) helps organizations coordinate and direct their activities to meet customer and regulatory requirements. Also, a QMS allows organizations to reach quality objectives and improve their effectiveness and efficiency on a continuous basis.
The ISO 9001 standard sets the criteria for quality management, helping organizations to maintain and continuously improve the quality of their products and services. Audits and Inspections help to upkeep quality objectives and achieve compliance.
Customer needs and customer service are at the core of Quality Management. A customer/client contact function within a QMS allows client complaints to be accurately logged and shared with the appropriate employees for review and follow up. Client Contact forms can be viewed via one central system that allows both full monitoring and an effective response.
Significant Adverse Event Review
Significant Adverse Event Review (SAER), which is often associated with the medical industry, is an important tool for QMSs. SAER allows the escalation, scrutiny, review and closure of adverse events based on a standardized process and supporting monitoring and management of performance of adverse event learning and review process.
Pro-Sapien's Quality Management System (QMS) users benefit from the ability to report on all information and the management of all aspects of quality through the centralized company SharePoint portal. Pro-Sapien’s SAER drives improvement by providing a single electronic repository and tracking system for SAER recording and management.
Risk Assessment aims to manage and reduce risks by recognizing what might cause harm to people and whether reasonable steps have been taken to prevent these factors doing so. Employees must complete a Risk Assessment before carrying out work that presents a risk of injury or ill health, often using a risk matrix to compare severity and likelihood. The assessment must cover all people who could be harmed.
With the help of an EHS software system that includes a module for Risk Assessment, it is easy to document risks related to particular tasks and categorize them according to their potential risk levels. The central Action Manager then provides tools to assign, track and manage follow up actions and set up automated workflows. By automating the process, it becomes easier to control and monitor the steps that should be taken for minimizing the risks and maximizing the process.
The Pro-Sapien Risk Assessment tool provides a number of electronic risk assessment forms that can be implemented as stand-alone or as part of a wider Pro-Sapien EHS software suite. Additionally, all forms can be accessed via SharePoint, and can be searched for in various ways including data held within the form and the metadata, such as the person who completed the form and who approved it.
Toolbox talks could be seen as a form of small risk assessment. A toolbox talk is held prior to the start of a job or a work shift to go through safety related topics related to the job being carried out. Common topics include workplace hazards and safe work practices, which are often documented in Safe Systems of Work (SSOW) searchable libraries within EHS software.
Permit to Work/Work Permits
Work permits are needed for work that involves significant risks. Work Permits are required when normal safeguards cannot be used, or when the work includes new hazards. Permits are often required for maintenance work.
The Permit to Work (PTW) or Work Permits process aims to make sure that all risks have been acknowledged and that necessary precautions have been taken so that work can be carried out in a safe way. The permit does not exclude all risks, but it encourages and makes sure that best practices are in use and that compliance is achieved.
Some of the problems with very manual Work Permit processes include inaccurately filled forms, poor control over authorizations, no active control over enforced rules and no visibility of work in progress on site. When forms are written by hand and when the successful completion lies in the memory of the personnel, tendency to forget and skip required safety measures increases.
Deploying a Work Permits system allows all steps to be monitored within a singular system, making the entire process more efficient and streamlined. System features such as digital signature, inspections, reminders and allocation of permits allow organizations to manage the process and stay up to date on the status of the permits.
Management of Change
Every organization goes through change at numerous points in their lifecycle. No matter the scope of the change, it should be managed efficiently. Change can bring risks, which can be foreseen and eliminated when managed efficiently. Common risks that are associated with organizational change include non-compliance, operational disruptions, equipment failures and unsafe working conditions, among others.
To minimize these risks, Management of Change (MoC) software provides tools that help organizations manage the transition smoothly and detect hazards associated with it. An MoC system enables the organization to manage the change process by tracking each step within a centralized system.
For example, when a piece of equipment fails a change request will be logged and submitted for review. Management of Change forms will typically ask about the impact scope, the motivation for the change, whether it is an emergency, whether it is permanent or temporary, and by what date the change should be implemented by. The submitted request is then evaluated and the appropriate checks can be scheduled to begin the change process.
A Training Management System (TMS) is a piece of software that helps organizations manage track, schedule and report on employee training. TMS allows all training-related information to be held within the same location making it easy to store and find relevant data. This kind of system enables organizations to assign training for groups and individual employees, and send automated messages about an upcoming or overdue training. TMS will also help to improve employees’ skillset and maintain compliance.
Safety Data Sheets
Safety Data Sheets (SDS) provide information on the hazardous substances in use at a workplace. Originally referred to as Material Safety Data Sheets (MSDS), SDSs are used to ensure safety when working with chemicals.
An SDS contains information such as hazards identification, handling, storage, supplier and regulatory information, which allows employers to do a risk assessment as required by the Control of Substances Hazardous to Health (COSHH) regulations, or similar. Safety Data Sheets software will help companies stay compliant, organize their data and manage the procedures for working with particular substances.
Regulatory Content is a vital source of information when managing EHS regulatory compliance. Many regulations have tightened in the recent years requiring more efforts from companies to understand and meet them. An EHS Regulatory Content (ERC) solution can help organizations keep track of compliance and report to both local and federal agencies. This kind of solution is particularly useful for organizations with numerous locations worldwide.
Popular vendors of ERC systems include RegScan and Enhesa, both of which are able to integrate with many EHS software systems. RegScan and Enhesa provide up-to-date libraries of EHS regulations in a wide range of judiciaries at both local and federal level. Subject matter experts maintain the libraries to publish regulatory changes to allow users to be alerted about and have access to detailed compliance information.
Regulatory agencies in the US include the Occupational Safety and Health Administration (OSHA), Environmental Protection Agency (EPA), Nuclear Regulatory Commission (NRC) and the Mining Safety & Health Administration (MSHA), among others.
An Organized Approach to EH&S Applicability and Regulatory Content
When organizations acquire and use chemicals, dozens of environmental, health, and safety (EH&S) provisions are triggered. The regulations are intended to ensure that those chemicals are managed safely. Since there is no unified chemical-handling law, the only place that compliance requirements come together is at regulated organizations. Identifying, understanding and complying with the associated regulations are the responsibilities of EH&S.
The provisions that apply to an organization’s activities depend on which chemicals are used, how much, and how they are used. The range of EH&S requirements cover chemical acquisition, chemical use, and post-use management of chemical waste. They are best described in content publications; including applicability tables, score sheets, checklists, case studies, and question-and-answer formats. In fact, the number and range of tools and information sources is extensive, and expert help is needed to assess requirements and implement the most useful information into EH&S compliance processes.
4. Available hosting options
On-premise is considered the traditional method of deploying enterprise software. On-premise software is installed on the servers of and runs on the computers of the organization using the software, rather than at a remote facility (Cloud). The Information Technology (IT) staff of an organization have physical access to the servers on which the software is installed; they can directly control the management and security of the computing infrastructure and data. For example, the IT team is responsible for system upgrades and changes, with the added benefit of knowing exactly how the organization currently operates its IT processes.
Cloud computing, often referred to as “the Cloud,” is a more modern alternative to on-premise installations. It is the delivery of computing services over the internet, without the need for an on-site (on-premise) server. Cloud providers typically offer a “pay as you go” model, where an organization would pay a subscription fee to use a provider’s services, such as Microsoft’s Azure (which hosts Office 365 programs such as SharePoint Online, Flow and Power BI). This is typically referred to as the Software-as-a-Service model (SaaS).
The Cloud aims to cut costs and improve organizational agility, making it easier to scale up when usage needs increase or scale down if resources are not being used. Most EHS software providers now only offer a Cloud platform.
On-premise vs. Cloud
There has been a huge uptake in cloud computing since it became popularized by Amazon in 2006. Microsoft began offering its Azure cloud platform in 2008, which is now used by 90% of Fortune 500 companies. However, many companies have held back from migrating in favor of remaining on-premise. There are a number of reasons for this and many national security organizations still mandate the use of on-premise systems.
This preference for the Cloud stems from being able to deploy Cloud systems quickly and often more cheaply, with less customization possibilities – meaning it is easier for vendors to support and upgrade their clients. As it stands, around 10% of the world’s data is stored in the cloud.
On-premise pros and cons
|On-premise pros||On-premise cons|
|Control over sensitive business data||Less secure than most data centers|
|Control over upgrade schedule||Solutions can become version locked|
|Hardware can be shared with other internal systems||There can be heavy initial costs|
|Ability to depreciate costs||Requires IT resources to manage|
Cloud computing pros and cons
|Cloud pros||Cloud cons|
|Reduced upfront investment||Limited customizations|
|Reduced need for hardware||Reduced control of systems|
|Less IT staff required to maintain||Internet connection required|
|Geographically redundant||Updates controlled by vendor|
Both on-premise and Cloud has its benefits. More companies will move to the Cloud over time as trust in its abilities and security strengthens, although for many this will be a challenging process.
SharePoint On-premise vs. Cloud
SharePoint is available both on-premise and on the Microsoft Cloud, Azure. The Cloud version is SharePoint Online, which comes with Office 365 E3 licenses (enterprise). The on-premise versions of SharePoint Online are:
- SharePoint 2016,
- SharePoint 2013,
- SharePoint 2010 and
- SharePoint 2007.
Microsoft now only supports SharePoint 2013 or newer, so many organizations are faced with choosing to move to the Cloud with Office 365, or to remain on-premise with SharePoint 2016.
Both types of SharePoint – online (cloud) and on-premise – come with slightly different functionality. For example, Office 365 E3 users will be able to use Microsoft Power BI to build dashboards and reports, whereas on-premise users are able to do this using Excel with PowerPivot and Excel Services.
When deploying EHS software based on your SharePoint portal, some functionality will also be dictated by the type of SharePoint that you have.
Which type of SharePoint do you have?
Your company may be using wholly on-premise systems, may be in the process of migrating to Cloud, or may be entirely on Cloud computing. This is something your IT team will be able to help you discern. However, you can follow some easy steps to find out yourself which version of SharePoint you are using.
- Click on “Office 365” in the ribbon
- Go to “Settings” on the right-hand top corner of your screen
- Go to “Your app settings” > “Office 365”
- Go to “Subscriptions.” Scroll down and you should see what version of Office 365 you are using.
Follow these questions and logic to find out what SharePoint on-premise version you are using.
5. User roles in EHS software
There are varying levels of user permission within EHS software systems. In a standalone system, user permissions are set within that system and may well be controlled by the EHS software vendor. In a SharePoint-integrated system, it is often the case that user permissions are set by Active Directory which is Microsoft’s directory service.
User management through Active Directory
Active Directory (AD) manages all users in a Windows domain type network – for example, if your email address that you log in to Microsoft Office with ends in @opsiquela.com, Active Directory checks the username and password with the Opsiquela.com network’s security policies to determine whether the user is a system administrator or a normal user. This then drives the content that the user is able to access within the program that is being logged into, such as SharePoint.
The user is now logged into all sites within SharePoint and has the appropriate permissions based on their Active Directory profile – this is called Single Sign On (SSO).
System administrators are able to set security groups and their associated permissions through Active Directory, which will affect all connected programs in the Microsoft Office suite, and all add-ins to those programs.
Single Sign On
An EHS system is accessed through Single Sign On if it can be accessed by a user that has logged into a related system, without the need to re-enter their password. EHS software on SharePoint, in Pro-Sapien’s case, supports Single Sign On.
System permission levels
Most EHS software systems are the intellectual property (IP) of the vendor and will remain so post-implementation. EHS software vendors, such as Pro-Sapien, license their systems to clients and provide support to System Administrators or Managers throughout the license period.
The System Administrator is someone or a team within the client organization. The administrator of an EHS software system has access to all areas of the system, including being able to edit security permissions of other users. It is the highest level of authority within an EHS system, and most other types of software, too.
The System Manager is most likely to be a member(s) of the EHS team. An organization might have multiple system managers depending on its size, business areas and the complexity of the EHS software system. There may also be numerous levels of system manager to grant the EHS Director superior permissions to a Regional EHS Manager, if required.
This role may have access to restricted areas of the system such as witness statements and health records, which are not available to normal users for data protection purposes.
A System User may cover job roles from Supervisor and downwards in the organisational hierarchy. Some system users, such as Supervisors, may have more security permissions than the most basic System User – a ‘normal user’ – but markedly less so than a System Manager. For example, a Supervisor may be able to view performance reports for their site or region, but may not be able to sign off on incident investigations. Permissions are driven by the requirements of the specific EHS software client organization.
All System Administrators, Managers and Users have a login for the EHS software system. In the case of Pro-Sapien, this is managed by Active Directory. However, in some systems, those without a login can access and submit forms for Hazard Observations, Near Misses or other data-light instances.
SharePoint site security elements
6. Costs associated with EHS software
The cost of EHS software is contingent on a number of variables. These variables can include;
- Complexity of processes (configuration)
- The different processes required (modules)
- The size of the system e.g. numerous divisions/the entire global company (enterprise)
- Whether it is on-premise or on the Cloud
- Number of users
- License agreement e.g. subscription within a contract
Each EHS software vendor has its own pricing model which tends to be made up of two blocks: the implementation cost (a one-time fee) and the license fee (fee to have continued access to the system).
The cost of implementation is driven by the complexity of processes; the different processes required; the size of the system; and whether it is on-premise or on Cloud. Depending on the vendor, this can range from around $30K to in excess of $500K.
License subscription cost
The license subscription cost is, again, dictated by different drivers per vendor. Many charge on a per user basis; however, this can quickly become costly for the client and may hinder a client’s will to allow as many people as possible access to the EHS system. Other vendors charge a flat rate annual license fee, allowing clients to use as many aspects (modules) of the system as they require with all employees and contractors able to submit forms. Furthermore, others offer a monthly subscription based on the features a client needs access to, such as comprehensive dashboarding abilities. This could be in a bronze/silver/gold model.
System support is usually included as part of the ongoing license fee whether that be monthly or annually. This may be limited or unlimited based on a client’s agreement with the vendor.
The cost of implementing an enterprise EHS software system can range massively, from around $50,000 to in excess of $500,000. The National Association for Environmental Management (NAEM) reports that, on average, new buyers are budgeting just under $195K to implement EHS software whereas past purchasers have ended up spending on average $245K. It is also recorded that the average actual initial spend on a comprehensive EHS system is three times over budget.
The average annual maintenance budget (license fees) for EHS software is $220K; however, past purchasers report only paying an average of $79.5K per year.
7. Personal data in EHS software systems
The EHS department processes and holds a range of personal data, including data deemed ‘sensitive’ by regulators, such as employee health records.
EHS software systems are used to first of all capture personal information with forms – for example, an incident form will require the user’s name and contact details. During incident investigation, employee health records may be held within a library in the EHS system. Under Data Protection law, which varies country to country but follows the common principle of protecting data subjects (people) from having their information shared without permission, this type of data must be:
- securely held;
- retained only for a required period;
- and deleted upon data subject request.
Organizations must also have a comprehensive data protection policy that adheres to local standards, such as the new General Data Protection Regulation (GDPR) in the European Union. GDPR will directly affect the health and safety department.
What is personal data?
The ICO in the UK defines personal data as:
“Personal data means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”
European Union legislation defines personal data as:
'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What is personal data law?
What is classed as personal data is different from country to country. Here we look at the three geographical areas that spend the most on Environmental, Health & Safety systems.
European Union member states are bound by the General Data Protection Regulation 2018, which the United Kingdom will retain after exiting the Union.
In the United States, there is no federal law regulating the collection and use of personal data. Instead, the privacy and protection of data is insured through the United States Privacy Act, the Safe Harbor Act and the Health Insurance Portability and Accountability Act.
Canada has two federal privacy laws: the Privacy Act for government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA) for private-sector privacy law.
What should EHS professionals know?
Given that EHS systems process personal data, such as employee, contractor or members of the public names, contact details, address, and potentially health records or other, EHS professionals must know the organization’s data protection policy and must ensure EHS processes adhere to it. As privacy regulations tighten around the world, all responsible EHS professionals should:
- Understand and document the current data processes and demonstrate they meet compliance requirements.
- Document what personal data the department holds.
- Assess the security of personal data stored, sensitive personal data in particular.
- Document where personal data is shared with 3rd party organisations.
- Review and define justifications for holding personal data.
- Categorise the risk level associated with personal data held.
- Commit to personal data retention policies.
For more information on how the General Data Protection Regulation affects EHS professionals, within and out with the EU, read this industry-specific and easy to understand guide.
8. Regulatory and law enforcement bodies
A regulatory body is a public authority or government agency that is set up to exercise a regulatory function. These functions include improving requirements, setting standards and enforcing the law.
The legislation and regulations around Environmental, Health and Safety have tightened in the recent years, and there are high penalties to pay when compliance is not achieved. Having an EHS system in place can help with staying compliant and is considered by sentencing councils when assessing the effort of an employer to avoid noncompliance.
For more information on health and safety standards, organizations can refer to their local authority.
OSHA - United States
The Occupational Safety and Health Administration (OSHA) is part of the United States Department of Labor. It was created by the Congress in 1970 to improve the health and safety conditions of the US workforce. OSHA provides training, assistance and education on health and safety related issues, and holds the right to levy penalties for noncompliance. The largest issued penalty by OSHA was in October 2009 to BP Products North America, which totalled at $81,340,000 USD.
The OSH Act (the Occupational Safety and Health Act) covers most private sector employers and their workers, some public sector employers and workers in the 50 states and specific territories and jurisdictions under federal authority. Since OSHA’s foundation, injury rates, illnesses and deaths in the U.S. workplaces have fallen significantly.
HSE - United Kingdom
The Health and Safety Executive (HSE) is an independent regulator in the United Kingdom. The HSE provides advice, information and guidance on health and safety in a workplace and helps duty holders comply with health and safety law. The HSE also carries out inspections and takes enforcement action when required, with the largest fine levied by the executive issued to Transco in 1999, totalling £15,000,000 GBP in penalties.
CCOHS - Canada
The Canadian Centre for Occupational Health and Safety (CCOHS) is a federal department corporation, established in 1978, that provides information, education, training, management systems and solutions to support health, safety and wellness programs in Canada. CCOHS website provides access to and information on health and safety legislation, industry news and help for workplace health and safety issues.
9. Pro-Sapien EHSQ software systems
Pro-Sapien provides enterprise-class EHS software solutions on Microsoft SharePoint and Office 365, with a suite called HSEQ Innovate. In use since 2007, HSEQ Innovate has grown to disrupt the saturated EHS software marketplace by offering unprecedented integration with SharePoint, a program so many organizations rely on, and by simplifying the pricing models traditionally associated with an enterprise EHS system.
How does the integration with SharePoint work?
A client has SharePoint, either on-premise or in the Microsoft Cloud with Office 365 (SharePoint Online). This is often implemented throughout the entire global business and is a requirement of using Pro-Sapien’s software. We support both SharePoint on-premise and SharePoint Online (Cloud).
Pro-Sapien’s EHS software is deployed as another part of a client’s SharePoint system, taking on the same look and feel that users are already familiar with. The software is accessed through SharePoint with Single Sign On, and makes use of underlying SharePoint features whilst also providing powerful additional functionality itself. It is effectively an ‘add-in’ to SharePoint that uses its own data warehouse to store data and calculate metrics.
Processes and software modules
Pro-Sapien’s EHS software is modular, meaning that clients choose only the modules that they require. The modules on offer are:
- The Action Manager (all implementations, cross-module)
- Dashboards and Reports (all implementations, cross-module)
- Audits and Inspections
- Environmental Management
- Hazard Observations
- Incident Management
- Management of Change
- Mobile Forms (with QR code functionality)
- Risk Assessments
- Work Permits
Where a client requires a process that is not currently available out-of-the-box, Pro-Sapien can develop something specific.
Configurations and flexibility
Pro-Sapien’s EHS software on SharePoint is highly flexible. The type of clients that we work with are mid to large sized organizations operating in medium to very high risk industries, and will often already have well-established EHS procedures in place. Although there are out-of-the-box forms and dashboards available (workflows will always need tailored), Pro-Sapien clients usually opt for a configured system that works the way they do.
Configurations are discussed prior to implementation, giving way to a detailed specification document that becomes the success criteria for the project. Pro-Sapien has a 100% implementation success rate to date.
Pro-Sapien’s HSEQ Innovate is currently in use around the world by international clients headquartered in North America and Europe. These companies are typically:
- Operating in medium risk industries such as Manufacturing, to very high risk industries such as Construction and Defense;
- Employing around 500 – 20,000 staff at multiple locations;
- Generating around $10 Million – $2 Billion in annual turnover; and, crucially,
- Invested in the Microsoft platform of programs.
Client companies of HSEQ Innovate pay a flat-rate annual license fee to use the software and have access to support. This rate does not increase per user, and does not increase per module deployed. It is the same for all systems, which we have found is a very different approach to other vendors in the marketplace.
There is also the cost of implementing the software. This varies from project to project and is dependent on the modules you deploy, and the configurations required.
10. Common Environmental, Health and Safety abbreviations
AD – Active Directory
CCOHS – Canadian Centre for Occupational Health and Safety (organization)
CSR – Corporate Social Responsibility
EHS – Environmental, Health and Safety
EHSQ – Environmental, Health, Safety and Quality
EMIS – Environmental, Health & Safety Information Management System
EMS – Energy Management System
GDPR – General Data Protection Regulation
HSE –  Health and Safety Executive (organization),  Health, Safety and Environmental
HSEQ – Health, Safety, Environmental and Quality
ICO – Information Commissioner’s Office (organization)
IP – Intellectual Property
ISO – International Standards Organization (organization)
KPI – Key Performance Indicator
MoC – Management of Change
MSDS – Material Safety Data Sheets
NAEM – National Association for Environmental Management (organization)
OSHA – Occupational Safety and Health Administration (organization)
PIPEDA – Personal Information Protection and Electronic Documents Act
PTW – Permit to Work
QMS – Quality Management System
ROI – Return on Investment
SAER – Significant Adverse Event Review
SAP – Systems, Applications and Products (organization)
SDS – Safety Data Sheets
SP – SharePoint
SSO – Single sign on
TMS – Training Management System
Download this page as a PDF.
We've put all this information into a document so that you can read it offline, too →