All About Safety Management Software
(including Safety Software on Microsoft SharePoint)
Learn all about safety management software (SMS) with our 10-part guide. This resource is for Health & Safety or IT professionals seeking to understand the make-up of safety management software, and for those looking to know more about the marketplace.
Navigate this guide by selecting from the table of contents.
- What is Safety Management Software (SMS)?
- IT integration of SMS systems
- Safety management software processes
- Available hosting options
- User roles in safety management software
- Costs associated with safety software
- Personal Data management and storage
- Regulatory and law enforcement bodies
- Pro-Sapien's Safety Software on SharePoint
- Common Health and Safety abbreviations
Download the PDF version to view offline
1. What is Safety Management Software (SMS)?
Safety Management Software (SMS) is a management application that helps companies collect, analyze, report on and store a wide range of data. This is usually regarding occupational health and safety. Safety management software, sometimes called safety software, also helps companies ensure compliance with local and federal health and safety regulations.
Safety software is often controlled by a combination of personnel from the Health & Safety department and from the IT department. Budget for this software usually comes from these two departments and sometimes also from Operations.
An integrated software system simplifies the entire management process by bringing together key components such as forms, workflows, notifications, dashboards, libraries and a data warehouse. Automating safety management provides organizations with a full audit trail to improve transparency and thus drive performance improvement across the board.
Uses of Safety software
A company may be managing health and safety data with spreadsheets, manually producing reports on a monthly basis in a time-consuming process. Furthermore, they may also be using paper forms to record incidents, near misses and other performance indicators, as over half of companies surveyed by BLR (Business & Legal Resources) were in 2015. These outdated methods have proven to be inefficient, although many organizations are still using them today.
Safety software brings automation to much of the process of safety management, encouraging workers to report, improving visibility across the business, and freeing up managers’ time to implement data-driven changes.
With standardized forms that are easily accessed, organizations can maximize data collection and minimize the time spent collating it. One centralized data warehouse makes it easy to view all related information at once on dashboards and in reports, and to implement further actions.
The type of data captured by SMS system forms can relate to (but is not limited to);
- other safety incidents,
- near misses,
- equipment changes,
- work permits,
- chemicals inventory, and more.
This varies per company and per system.
Usually there will be a mix of mandatory and optional fields on a form. The data gathered influences which workflow the form is sent through, where notifications are sent, and in the case of a dynamic form, can also trigger areas of the form to become available or unavailable for the user.
Once a form is submitted, notifications are automatically sent via email to the appropriate persons. In some cases, communications programs such as Skype for Business can be used for instant messaging with other users without leaving the safety software system. The form may require review and sign off before it can be forwarded for investigation and follow up.
In order to facilitate transparency and accuracy, a full audit trail of all communication within the system is available to those with the appropriate security permissions.
Safety management software helps to ensure company compliance with local and federal health and safety regulations. Large fines can be levied when a company is found to be noncompliant. Regulatory bodies such as the HSE in the UK and OSHA in the US set legally binding standards to protect employees and the environment that organizations must adhere to.
For example, OSHA may perform an audit on an organization at any time. The organization is often not warned of the audit intention prior to an OSHA inspector arriving onsite. An organization must provide an OSHA inspector access to their health and safety information for audit, so that the inspector may discern compliance or noncompliance. If noncompliance is suspected, a formal investigation may be launched.
Investigation & Follow up
Once the data has been collected, follow up tasks such as root cause analysis and corrective actions can be carried out. This allows organizations to understand the ‘why’ behind an incident, a near miss or a Risk Assessment, for example. Understanding the circumstances that led to an incident means corrective measures can be put in place to prevent future recurrences.
These tasks are managed through what many SMS systems refer to as the Action Manager. In the Action Manager, progress and status can be tracked to ensure tasks are not running overdue.
Reporting of performance is paramount in fulfilling the safety management aim of preventing incidents and injuries. The information used in reports is sometimes referred to as Management Information (MI) or Business Intelligence (BI).
Safety software should provide Health & Safety Managers with dashboards and reports that display sometimes copious amounts of data in understandable visuals such as charts and graphs. Dashboards are for quick viewing of key metrics. Reports are for more detail on key metrics displayed within a dashboard – SMS users may wish to create their own reports on an ad-hoc or scheduled basis.
Trending is extremely important in Safety Management Information, as are Key Performance Indicators (KPIs) for benchmarking. It is with these reports and dashboards that managers can make decisions on safety improvement initiatives, and go to the board with important performance information.
Safety Key Performance Indicators
Key Performance Indicators (KPIs) are metrics that measure progress toward specific Health and Safety goals or to monitor and identify trends. KPIs that show what has already happened are called “lagging indicators,” whereas those which are used in predictive analytics are referred to as “leading indicators.” KPIs are always quantifiable, but differ from business to business and require planning to put in place effectively.
Lagging indicators may include:
- Injury frequency and severity
- OSHA recordable injuries
- Lost workdays
Leading indicators may include:
- Near misses
- Hazard observations
- Training participation rates
In 2017, developing and tracking KPIs remained a top goal for safety professionals.
Software systems help safety professionals to stay informed about the issues and activities in the organization, generating data into KPI dashboards to assist in measuring and controlling workplace hazards. Safeopedia, an Environmental, Health & Safety (EHS) news website, discusses examples of safety KPIs in this short video:
Using safety management software saves time, reduces risk, and improves productivity and communication across the organization. Knowing the data and being equipped with the means to act on it, organizations can make strategic decisions for the future.
Safety software marketplace
Statistics show that companies using an SMS system have reduced injuries and near misses at a much more impressive rate than their peers operating without one.
Safety management software is most often used by mid to large companies that operate in high risk industries, such as oil and gas, marine, construction and aviation. In 2019, the global EHS software market, encompassing SMS, was valued at $1.2 billion US dollars (USD), set for growth to $2 billion by 2024.
A growing industry
The demand for safety management software is likely to have started in the 1990s, alongside the early growth of the market for Environmental Management Software. Since then, the SMS market has moved into majority adoption phase following 25 years of innovation and early adoption.
Around 200 Environmental, Health & Safety software vendors are recognized by independent analyst firm Verdantix. According to Verdantix research, North America accounted for 52% of the EHS software market in 2017 with a spend $572 million, followed by Europe with 26% of the market share and a spend of $279 million.
There are different areas of specialty among vendors of SMS. For example, Pro-Sapien is the only vendor offering safety software that sits on leading collaboration platform Microsoft SharePoint. The wide range of vendors has given way for safety management consultancies, such as Trinity Consultants, to successfully offer services in SMS selection and implementation.
The market has seen significant investment in recent years as regulations tighten, public scrutiny mounts, technology advances, and demand for safety management software grows. Acquisitions in the industry are a common occurrence.
Safety software selection
Determining business value drivers
An important thing to consider when selecting a safety software system is the value that it brings for the organization. In other words, what the software will mainly be used for and whether the aim is to reduce incidents or carbon emissions, for example.
Measuring the Return on Investment (ROI) of an SMS can be a challenging task as many of the returns are intangible, such as employee wellbeing and morale. To make the case for SMS to the board, tangible benefits such as productivity, decreased absenteeism and reduced costs are often concentrated on, but the value extends much further than what easily meets the eye.
Integration with existing IT programs
Deploying a safety management software system that integrates with the company’s existing other IT programs, such as Microsoft Office or SAP, is often the logical way to go. This does not only save time and money in implementation, but can facilitate better user adoption and can minimize training if the new system operates similarly to the IT programs users already know how to use. It can also maintain a higher level of data integrity as interfacing between programs is automatic rather than subject to manual efforts.
Depending on the size of the company, finding the most cost-efficient product can be challenging. Factors that can influence price include the number of modules, number of users, number of languages, the level of support required for implementation and training, and the extent of the customization required. Further information on safety software budgets can be found here.
Out of the box vs. tailored systems
There are pros and cons of both an ‘out-of-the-box’ system, where a client implements a ready system without configuration, and a ‘tailored’ system where a client works with the vendor to fit the software to their specific needs. The ability to tailor a system is often referred to as to "configure".
Here are the main arguments for out of the box vs. tailored.
Out of the box pros and cons
|Out of the box pros||Out of the box cons|
|Timely and low-risk implementation||Lack flexibility for changes going forward|
|Can be cheaper than complex tailored systems||Paying for functionality that may not be required|
|Easier for the vendor to support and upgrade||User adoption hindrance if it deviates from common practice|
|Align with industry templates for best practice in the vendor's experience||May have to change internal processes to match the system's abilities|
Tailored pros and cons
|Tailored pros||Tailored cons|
|Performs the way you want it to||Must have internal policies and processes already enshrined|
|Develop a close relationship with the vendor in a partnership||Implementation can take longer|
|Improved user adoption levels||Price rises if configuration is complex|
|Flexible for changes going forward||More effort for the vendor to support and upgrade|
|Existing internal processes need not be changed|
Every business operates differently and what may work for some will not work for others. The safety software marketplace caters for companies interested in out-of-the-box as well as those looking for something more flexible.
A lot of time and energy goes into assess requirements and select the right SMS. Then, there is the effort required to design the system, configure, test, and train users. These project phases are relatively well known and can result in the development of a successful system. So why do some systems fail after the Go-Live?
One common reason is adoption of the system by the end users. The best designed and implemented system loses its value, if it is not adopted and used throughout the organization.
To drive the adoption of a new system, the procedures for change must be understood and promoted. This means clearly defining and aggressively following a change management process during all stages of the implementation. Utilizing change management can provide thoughtful planning, a sensitive implementation, as well as consultation with, and involvement of, the people most affected by the change. These people are the ones who will use the system on a daily basis.
2. IT integration of SMS systems
Poor integration with existing IT systems has been cited by NAEM, a professional association for EHS management, as the top reason for organizations going to market for new EHS software – 49% of survey respondents in 2017 were seeking a solution that offers “better integration with other IT systems.” Small, mid and large companies alike are increasingly looking to bring IT programs together in order to make user experience smoother and more efficient.
A company may already be invested in enterprise IT programs, such as Microsoft Office 365 and SharePoint. Microsoft collaboration platforms are used by millions or organizations, small and large, worldwide. Integrating a new safety management software system with Office 365 saves time, effort and money by utilizing IT infrastructure that is already in place.
Microsoft SharePoint was launched in 2001 as a collaborative platform. The platform is traditionally used for storing and sharing of files, data, news and resources. It is one of the most popular collaboration tools worldwide, and its ability to integrate with other Microsoft Office programs makes it ideal for organizations that are already utilizing other Microsoft products. In 2010, 78% of the Fortune companies were using SharePoint and since then the number has been growing.
SharePoint allows the entire company to be connected and informed via a single platform. It facilitates the organization of resources and files with libraries and folders. Collaboration is further facilitated by other Microsoft programs such as OneDrive, Yammer and OneNote, which are deeply integrated with SharePoint. News, tasks, and deadlines can be easily shared and teams can build customized Team Sites where it is easy to edit, organize and collaborate on content. The platform can be securely accessed from PCs, Macs and mobile devices at any location, thus enabling remote work.
SharePoint is available both on-premise and on the Microsoft Cloud, Azure.
The latest version of on-premise SharePoint is SharePoint 2016, proceeded by SharePoint 2013, 2010 and 2007. Microsoft now only supports SharePoint 2013+ and is largely investing in Office 365. SharePoint Online is available within Office 365.
Buy vs. build debate
SharePoint is a popular base for custom built systems. However, sometimes these do not work out in the long term. In the case of SMS, such in-house built systems often run over budget and are not delivered on time. The deliverable may be unfit for purpose as IT has a number of pressures and deadlines that the EHS department must join the end of queue of. Following that, the system must be maintained and supported, which time-strapped IT departments can struggle with.
Many mid to large sized organizations now purchase safety software from a specialist vendor in order to avoid the well-documented challenges of developing and supporting something in-house. For example, Pro-Sapien's systems have been developed specifically for SharePoint and Office 365 integration, providing the benefits of integration without the effort required for in-house development.
Integrating safety software with Microsoft SharePoint
An organization’s existing SharePoint portal can be leveraged even further by deploying safety management software that integrates with SharePoint, and with other Microsoft programs accordingly. SMS on SharePoint can be accessed and managed via the existing portal (single sign on), and it can be deployed on both the On-Premise and Cloud versions.
Integrating safety software into SharePoint allows the software to leverage SharePoint’s existing features and familiar interface. Users benefit from its built-in tools such as calendar, tasks and lists functions, document management with version control, and communication/collaboration tools. Other great benefits of a SharePoint integrated system are managing permissions with the existing Active Directory, submitting web-based forms with automated follow up workflows, and visualizing data in graphs and charts on SharePoint dashboards.
Active Directory together with the SMS's Action Manager is a good example of an automated process facilitated by SharePoint integration. The workflow will decide who should be notified in certain situations; for example, if a member of staff has not undertaken online safety training before the due date, the respective regional manager or supervisor will be notified to take action. Being able to use Active Directory means the manual management of user profiles is not duplicated by the SMS system.
Once a task has been allocated to a person, it will show on their SharePoint calendar. Any notification related to the task, such as a delay, will be automatically escalated and sent to more senior personnel. Automating the process makes allocation and follow up of actions more streamlined and manageable.
Reduce system silos
Integrating your safety management software with SharePoint has several benefits to it on top of the centralization of data. One central system means less time spent moving data between disparate and perhaps siloed systems, increased accuracy, and making the lives of users that bit easier. As an integrated program, data can be tracked and is reportable in real time.
3. Safety management software processes
Safety software processes help organizations to manage both structured and unstructured information in an effective manner. In place of a paper based system, SMS provides the Health & Safety team with tools that create repeatable processes, such as managing the handling of permits and reporting incidents, much easier. There are different modules within a safety management software system that support these processes.
Audits and Inspections
A big part of the Health & Safety manager’s job is to ensure organizational compliance. With an increasing amount of data at hand, spreadsheets and manual systems can complicate data tracking and possibly allow an organization to fall into noncompliance.
The two terms Audits and Inspections are often used interchangeably; however, their meanings are different.
A Safety Inspection is performed to check for hazards and unsafe practices in a workplace. Inspections evaluate the physical conditions of a workplace, i.e. the equipment and safeguards, and the practices used to identify unsafe actions. Inspections are performed regularly to see if the workplace meets the standards it has set for Health and Safety. Inspections can bring forward problems that can be solved in order to prevent incident or injury.
A Safety Audit covers a broader scope than an Inspection. It evaluates the effectiveness of an organization’s safety practices and inspection processes. Audits are performed less often and are sometimes done by a third-party or regulators such as OSHA. They assess whether the company is meeting all safety standards and whether it complies with Health and Safety laws, with the completed Inspections as part of the performance reports that are evaluated.
It is important to have the right tools and processes in place so that Audits and Inspections can be performed effectively. Integration with SharePoint offers the control over Audit features so that every version, every approval, when and whom submitted and approved can be logged, thus providing an audit trail for the life cycle of all forms.
Hazard Observations and Near Misses
Reporting Hazard Observations and Near Misses is a staple of a proactive safety culture. Safety software provides the tools to record, manage, analyze and act on hazards that have been witnessed in the workplace. Acting on this information helps to prevent a similar or worse situation from materializing in the future. Hazard Observations data contributes to leading indicator KPIs.
With an integrated system, where all modules talk to each other, Health & Safety managers can track trends in hazard/near miss reports against incidents data to identify common situations that lead to injury. This practice is known as predictive trending.
Forms for reporting hazards and near misses are often lightweight to only capture the necessary information and to encourage employees to use them. With Pro-Sapien's Hazard Observation forms, employees, contractors and even members of the public can report a hazard through their mobile, which removes the common barrier of ‘difficulty’. Hazard Observations forms are created to maximize and speed up the process of sending essential information to the management so that corrective actions can be raised accordingly.
Incident Management covers everything from an employee reporting an incident, to management implementing corrective actions, to the Director evaluating and sharing performance reviews with shareholders. A competent SMS system provides tools that support the process from the beginning until the end. With this sort of system, a user can log incidents, approvers can contact those involved, and management can investigate root causes, analyze results and generate reports.
Incident Management is the most popular module within safety software systems as it is key for knowing where safe work processes have failed. In many countries it is mandated that organizations of a certain criteria must report incident data relating to illnesses and injuries to regulatory bodies, such as OSHA.
In May 2016, the Occupational Safety and Health Administration (OSHA) published its new rule, officially named “Improve Tracking of Workplace Injuries and Illnesses.” Among many revisions, the OSHA rule dictates that employers must submit their work-related injury and illness records to a new OSHA website. This data is then published into the public domain. The electronic submission deadline for the OSHA Form 300A information was December 31, 2017.
Mobile Forms allow workers to capture information there and then out in the field. By using Mobile Forms, companies save time and respond to hazards or near misses as soon as possible. Mobile Forms are usually used for lightweight forms, such as Hazard Observations forms, that can be quickly accessed either by a native mobile app or by web-based forms.
With Pro-Sapien, web-based forms can be accessed by scanning a QR-code on-site. Using QR-codes allows anyone, even a contractor who does not have a system login, to report a hazard. It is not necessary to download an app prior to reporting, meaning that nobody is restricted from contributing to safety. This short video contains more information on these Mobile Forms for EHS:
In many industries such as Forestry or Oil & Gas, the ability to save Mobile Forms in offline mode is important since proper connection cannot always be guaranteed in remote locations. The form should then be automatically uploaded to the SMS system upon reestablishment of a connection. Demand for this feature of safety software is growing as Safety professionals look to tap into new technology to gather helpful information in a timely manner.
Risk Assessment aims to manage and reduce risks by recognizing what might cause harm to people and whether reasonable steps have been taken to prevent these factors doing so. Employees must complete a Risk Assessment before carrying out work that presents a risk of injury or ill health, often using a risk matrix to compare severity and likelihood. The assessment must cover all people who could be harmed.
With the help of safety management software that includes a module for Risk Assessment, it is easy to document risks related to particular tasks and categorize them according to their potential risk levels. The central Action Manager then provides tools to assign, track and manage follow up actions and set up automated workflows. By automating the process, it becomes easier to control and monitor the steps that should be taken for minimizing the risks and maximizing the process.
The Pro-Sapien Risk Assessment tool provides a number of electronic risk assessment forms that can be implemented as stand-alone or as part of a wider Pro-Sapien safety software suite. Additionally, all forms can be accessed via SharePoint, and can be searched for in various ways including data held within the form and the metadata, such as the person who completed the form and who approved it.
Toolbox talks could be seen as a form of small risk assessment. A toolbox talk is held prior to the start of a job or a work shift to go through safety related topics related to the job being carried out. Common topics include workplace hazards and safe work practices, which are often documented in Safe Systems of Work (SSOW) searchable libraries within EHS software.
Permit to Work
Permits to work (PTW) are needed for work that involves significant risks. Work Permits are required when normal safeguards cannot be used, or when the work includes new hazards. Permits are often required for maintenance work.
The Permit to Work (PTW) or Work Permits process aims to make sure that all risks have been acknowledged and that necessary precautions have been taken so that work can be carried out in a safe way. The permit does not exclude all risks, but it encourages and makes sure that best practices are in use and that compliance is achieved.
Some of the problems with very manual Work Permit processes include inaccurately filled forms, poor control over authorizations, no active control over enforced rules and no visibility of work in progress on site. When forms are written by hand and when the successful completion lies in the memory of the personnel, tendency to forget and skip required safety measures increases.
Deploying a Permit to Work system allows all steps to be monitored within a singular system, making the entire process more efficient and streamlined. System features such as digital signature, inspections, reminders and allocation of permits allow organizations to manage the process and stay up to date on the status of the permits.
Management of Change
Every organization goes through change at numerous points in their lifecycle. No matter the scope of the change, it should be managed efficiently. Change can bring risks, which can be foreseen and eliminated when managed efficiently. Common risks that are associated with organizational change include non-compliance, operational disruptions, equipment failures and unsafe working conditions, among others.
To minimize these risks, Management of Change (MoC) software provides tools that help organizations manage the transition smoothly and detect hazards associated with it. An MoC system enables the organization to manage the change process by tracking each step within a centralized system.
For example, when a piece of equipment fails a change request will be logged and submitted for review. Management of Change forms will typically ask about the impact scope, the motivation for the change, whether it is an emergency, whether it is permanent or temporary, and by what date the change should be implemented by. The submitted request is then evaluated and the appropriate checks can be scheduled to begin the change process.
Training Management Software (TMS) or Learning Management Software (LMS) helps organizations manage, track, schedule and report on employee training. An LMS allows all training-related information to be held within the same location making it easy to store and find relevant data. This kind of system enables organizations to assign training for groups and individual employees, and send automated messages about an upcoming or overdue training. LMS systems will also help to improve employees’ skillset and maintain compliance.
Safety Data Sheets
Safety Data Sheets (SDS) provide information on the hazardous substances in use at a workplace. Originally referred to as Material Safety Data Sheets (MSDS), SDSs are used to ensure safety when working with chemicals.
An SDS contains information such as hazards identification, handling, storage, supplier and regulatory information, which allows employers to do a risk assessment as required by the Control of Substances Hazardous to Health (COSHH) regulations, or similar. Safety Data Sheets software will help companies stay compliant, organize their data and manage the procedures for working with particular substances.
Regulatory Content is a vital source of information when managing health and safety regulatory compliance. Many regulations have tightened in the recent years requiring more efforts from companies to understand and meet them. An EHS Regulatory Content (ERC) solution can help organizations keep track of compliance and report to both local and federal agencies. This kind of solution is particularly useful for organizations with numerous locations worldwide.
Popular vendors of ERC systems include RegScan and Enhesa, both of which are able to integrate with many safety software systems. RegScan and Enhesa provide up-to-date libraries of EHS regulations in a wide range of judiciaries at both local and federal level. Subject matter experts maintain the libraries to publish regulatory changes to allow users to be alerted about and have access to detailed compliance information.
Regulatory agencies in the US include the Occupational Safety and Health Administration (OSHA), Environmental Protection Agency (EPA), Nuclear Regulatory Commission (NRC) and the Mining Safety & Health Administration (MSHA), among others.
4. Available hosting options
On-premise is considered the traditional method of deploying enterprise software. On-premise software is installed on the servers of and runs on the computers of the organization using the software, rather than at a remote facility (Cloud). The Information Technology (IT) staff of an organization have physical access to the servers on which the software is installed; they can directly control the management and security of the computing infrastructure and data. For example, the IT team is responsible for system upgrades and changes, with the added benefit of knowing exactly how the organization currently operates its IT processes.
Cloud computing, often referred to as “the Cloud,” is a more modern alternative to on-premise installations. It is the delivery of computing services over the internet, without the need for an on-site (on-premise) server. Cloud providers typically offer a “pay as you go” model, where an organization would pay a subscription fee to use a provider’s services, such as Microsoft’s Azure (which hosts Office 365 programs such as SharePoint Online, Flow and Power BI). This is typically referred to as the Software-as-a-Service model (SaaS).
The Cloud aims to cut costs and improve organizational agility, making it easier to scale up when usage needs increase or scale down if resources are not being used. Most EHS software providers now only offer a Cloud platform.
On-premise vs. Cloud
There has been a huge uptake in cloud computing since it became popularized by Amazon in 2006. Microsoft began offering its Azure cloud platform in 2008, which is now used by 90% of Fortune 500 companies. However, many companies have held back from migrating in favor of remaining on-premise. There are a number of reasons for this and many national security organizations still mandate the use of on-premise systems.
This preference for the Cloud stems from being able to deploy Cloud systems quickly and often more cheaply, with less customization possibilities – meaning it is easier for vendors to support and upgrade their clients. As it stands, around 10% of the world’s data is stored in the cloud.
On-premise pros and cons
|On-premise pros||On-premise cons|
|Control over sensitive business data||Less secure than most data centers|
|Control over upgrade schedule||Solutions can become version locked|
|Hardware can be shared with other internal systems||There can be heavy initial costs|
|Ability to depreciate costs||Requires IT resources to manage|
Cloud computing pros and cons
|Cloud pros||Cloud cons|
|Reduced upfront investment||Limited customizations|
|Reduced need for hardware||Reduced control of systems|
|Less IT staff required to maintain||Internet connection required|
|Geographically redundant||Updates controlled by vendor|
Both on-premise and Cloud has its benefits. More companies will move to the Cloud over time as trust in its abilities and security strengthens, although for many this will be a challenging process.
SharePoint On-premise vs. Cloud
SharePoint is available both on-premise and on the Microsoft Cloud, Azure. The Cloud version is SharePoint Online, which comes with Office 365 E3 licenses (enterprise). The on-premise versions of SharePoint Online are:
- SharePoint 2016,
- SharePoint 2013,
- SharePoint 2010 and
- SharePoint 2007.
Microsoft now only supports SharePoint 2013 or newer, so many organizations are faced with choosing to move to the Cloud with Office 365, or to remain on-premise with SharePoint 2016.
Both types of SharePoint – online (cloud) and on-premise – come with slightly different functionality. For example, Office 365 E3 users will be able to use Microsoft Power BI to build dashboards and reports, whereas on-premise users are able to do this using Excel with PowerPivot and Excel Services.
When deploying safety management software based on your SharePoint portal, some functionality will also be dictated by the type of SharePoint that you have.
Which type of SharePoint do you have?
Your company may be using wholly on-premise systems, may be in the process of migrating to Cloud, or may be entirely on Cloud computing. This is something your IT team will be able to help you discern. However, you can follow some easy steps to find out yourself which version of SharePoint you are using.
- Click on “Office 365” in the ribbon
- Go to “Settings” on the right-hand top corner of your screen
- Go to “Your app settings” > “Office 365”
- Go to “Subscriptions.” Scroll down and you should see what version of Office 365 you are using.
Follow these questions and logic to find out what SharePoint on-premise version you are using.
5. User roles in safety management software
There are varying levels of user permission within safety software systems. In a standalone system, user permissions are set within that system and may well be controlled by the safety software vendor. In a SharePoint-integrated system, it is often the case that user permissions are set by Active Directory which is Microsoft’s directory service.
User management through Active Directory
Active Directory (AD) manages all users in a Windows domain type network – for example, if your email address that you log in to Microsoft Office with ends in @opsiquela.com, Active Directory checks the username and password with the Opsiquela.com network’s security policies to determine whether the user is a system administrator or a normal user. This then drives the content that the user is able to access within the program that is being logged into, such as SharePoint.
The user is now logged into all sites within SharePoint and has the appropriate permissions based on their Active Directory profile – this is called Single Sign On (SSO).
System administrators are able to set security groups and their associated permissions through Active Directory, which will affect all connected programs in the Microsoft Office suite, and all add-ins to those programs.
Single Sign On
An SMS system is accessed through Single Sign On if it can be accessed by a user that has logged into a related system, without the need to re-enter their password. Safety management software on SharePoint, in Pro-Sapien’s case, supports Single Sign On.
System permission levels
Most safety software systems are the intellectual property (IP) of the vendor and will remain so post-implementation. Safety software vendors, such as Pro-Sapien, license their systems to clients and provide support to System Administrators or Managers throughout the license period.
The System Administrator is someone or a team within the client organization. The administrator of an SMS system has access to all areas of the system, including being able to edit security permissions of other users. It is the highest level of authority within an SMS system, and most other types of software, too.
The System Manager is most likely to be a member(s) of the Health & Safety team. An organization might have multiple system managers depending on its size, business areas and the complexity of the EHS software system. There may also be numerous levels of system manager to grant the Safety Director superior permissions to a Regional Safety Manager, if required.
This role may have access to restricted areas of the system such as witness statements and health records, which are not available to normal users for data protection purposes.
A System User may cover job roles from Supervisor and downwards in the organisational hierarchy. Some system users, such as Supervisors, may have more security permissions than the most basic System User – a ‘normal user’ – but markedly less so than a System Manager. For example, a Supervisor may be able to view performance reports for their site or region, but may not be able to sign off on incident investigations. Permissions are driven by the requirements of the specific safety software client organization.
All System Administrators, Managers and Users have a login for the SMS system. In the case of Pro-Sapien, this is managed by Active Directory. However, in some systems, those without a login can access and submit forms for Hazard Observations, Near Misses or other data-light instances.
SharePoint site security elements
6. Costs associated with safety software
The cost of safety management software is contingent on a number of variables. These variables can include;
- Complexity of processes (configuration)
- The different processes required (modules)
- The size of the system e.g. numerous divisions/the entire global company (enterprise)
- Whether it is on-premise or on the Cloud
- Number of users
- License agreement e.g. subscription within a contract
Each safety software vendor has its own pricing model which tends to be made up of two blocks: the implementation cost (a one-time fee) and the license fee (fee to have continued access to the system).
For this section we will look at the numbers available for Environmental, Health & Safety (EHS) software, as the areas are often bundled together.
The cost of implementation is driven by the complexity of processes; the different processes required; the size of the system; and whether it is on-premise or on Cloud. Depending on the vendor, this can range from around $30K to in excess of $500K.
License subscription cost
The license subscription cost is, again, dictated by different drivers per vendor. Many charge on a per user basis; however, this can quickly become costly for the client and may hinder a client’s will to allow as many people as possible access to the EHS system. Other vendors charge a flat rate annual license fee, allowing clients to use as many aspects (modules) of the system as they require with all employees and contractors able to submit forms. Furthermore, others offer a monthly subscription based on the features a client needs access to, such as comprehensive dashboarding abilities. This could be in a bronze/silver/gold model.
System support is usually included as part of the ongoing license fee whether that be monthly or annually. This may be limited or unlimited based on a client’s agreement with the vendor.
The cost of implementing an enterprise EHS software system can range massively, from around $50,000 to in excess of $500,000. The National Association for Environmental Management (NAEM) reports that, on average, new buyers are budgeting just under $195K to implement EHS software whereas past purchasers have ended up spending on average $245K. It is also recorded that the average actual initial spend on a comprehensive EHS system is three times over budget.
The average annual maintenance budget (license fees) for EHS software is $220K; however, past purchasers report only paying an average of $79.5K per year.
7. Personal data in SMS systems
The Health and Safety department processes and holds a range of personal data, including data deemed ‘sensitive’ by regulators, such as employee health records.
Safety software systems are used to first of all capture personal information with forms – for example, an incident form will require the user’s name and contact details. During incident investigation, employee health records may be held within a library in the SMS system. Under Data Protection law, which varies country to country but follows the common principle of protecting data subjects (people) from having their information shared without permission, this type of data must be:
- securely held;
- retained only for a required period;
- and deleted upon data subject request.
Organizations must also have a comprehensive data protection policy that adheres to local standards, such as the new General Data Protection Regulation (GDPR) in the European Union. GDPR will directly affect the health and safety department.
What is personal data?
The ICO in the UK defines personal data as:
“Personal data means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”
European Union legislation defines personal data as:
'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What is personal data law?
What is classed as personal data is different from country to country. Here we look at the three geographical areas that spend the most on Environmental, Health & Safety systems.
European Union member states are bound by the General Data Protection Regulation 2018, which the United Kingdom will retain after exiting the Union.
In the United States, there is no federal law regulating the collection and use of personal data. Instead, the privacy and protection of data is insured through the United States Privacy Act, the Safe Harbor Act and the Health Insurance Portability and Accountability Act.
Canada has two federal privacy laws: the Privacy Act for government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA) for private-sector privacy law.
What should EHS professionals know?
Given that EHS systems process personal data, such as employee, contractor or members of the public names, contact details, address, and potentially health records or other, EHS professionals must know the organization’s data protection policy and must ensure EHS processes adhere to it. As privacy regulations tighten around the world, all responsible EHS professionals should:
- Understand and document the current data processes and demonstrate they meet compliance requirements.
- Document what personal data the department holds.
- Assess the security of personal data stored, sensitive personal data in particular.
- Document where personal data is shared with 3rd party organisations.
- Review and define justifications for holding personal data.
- Categorise the risk level associated with personal data held.
- Commit to personal data retention policies.
For more information on how the General Data Protection Regulation affects Safety professionals, within and out with the EU, read this industry-specific and easy to understand guide.
8. Regulatory and law enforcement bodies
A regulatory body is a public authority or government agency that is set up to exercise a regulatory function. These functions include improving requirements, setting standards and enforcing the law.
The legislation and regulations around Environmental, Health and Safety have tightened in the recent years, and there are high penalties to pay when compliance is not achieved. Having an SMS system in place can help with staying compliant and is considered by sentencing councils when assessing the effort of an employer to avoid noncompliance.
For more information on health and safety standards, organizations can refer to their local authority.
OSHA - United States
The Occupational Safety and Health Administration (OSHA) is part of the United States Department of Labor. It was created by the Congress in 1970 to improve the health and safety conditions of the US workforce. OSHA provides training, assistance and education on health and safety related issues, and holds the right to levy penalties for noncompliance. The largest issued penalty by OSHA was in October 2009 to BP Products North America, which totalled at $81,340,000 USD.
The OSH Act (the Occupational Safety and Health Act) covers most private sector employers and their workers, some public sector employers and workers in the 50 states and specific territories and jurisdictions under federal authority. Since OSHA’s foundation, injury rates, illnesses and deaths in the U.S. workplaces have fallen significantly.
HSE - United Kingdom
The Health and Safety Executive (HSE) is an independent regulator in the United Kingdom. The HSE provides advice, information and guidance on health and safety in a workplace and helps duty holders comply with health and safety law. The HSE also carries out inspections and takes enforcement action when required, with the largest fine levied by the executive issued to Transco in 1999, totalling £15,000,000 GBP in penalties.
CCOHS - Canada
The Canadian Centre for Occupational Health and Safety (CCOHS) is a federal department corporation, established in 1978, that provides information, education, training, management systems and solutions to support health, safety and wellness programs in Canada. CCOHS website provides access to and information on health and safety legislation, industry news and help for workplace health and safety issues.
9. Pro-Sapien's Safety Software on SharePoint
Pro-Sapien provides enterprise-class safety software solutions on Microsoft SharePoint and Office 365. Established in 2012, Pro-Sapien has grown to disrupt the saturated safety software marketplace by offering unprecedented integration with SharePoint, a program so many organizations rely on, and by simplifying the pricing models traditionally associated with an enterprise SMS system.
How does the integration with SharePoint work?
A client has SharePoint, either on-premise or in the Microsoft Cloud with Office 365 (SharePoint Online). This is often implemented throughout the entire global business and is a requirement of using Pro-Sapien’s software. We support both SharePoint on-premise and SharePoint Online (Cloud).
Pro-Sapien’s safety management software is deployed as another part of a client’s SharePoint system, taking on the same look and feel that users are already familiar with. The software is accessed through SharePoint with Single Sign On, and makes use of underlying SharePoint features whilst also providing powerful additional functionality itself. It is effectively an ‘add-in’ to SharePoint that uses its own data warehouse to store data and calculate metrics.
Processes and software modules
Pro-Sapien’s safety software is modular, meaning that clients choose only the modules that they require. Some modules on offer are, but not limited to:
- The Action Manager (all implementations, cross-module)
- Dashboards and Reports (all implementations, cross-module)
- Audits and Inspections
- Hazard Observations
- Incident Management
- Management of Change
- Mobile Forms (with QR code functionality)
- Risk Assessments
- Permit to Work
Where a client requires a process that is not currently available out-of-the-box, Pro-Sapien can develop something specific.
Configurations and flexibility
Pro-Sapien’s safety software on SharePoint is highly flexible. The type of clients that we work with are mid to large sized organizations operating in medium to very high risk industries, and will often already have well-established EHS procedures in place. Although there are out-of-the-box forms and dashboards available (workflows will always need tailored), Pro-Sapien clients usually opt for a configured system that works the way they do.
Configurations are discussed prior to implementation, giving way to a detailed specification document that becomes the success criteria for the project. Pro-Sapien has a 100% implementation success rate to date.
Pro-Sapien is currently in use around the world by international clients headquartered in North America and Europe. These companies are typically:
- Operating in medium risk industries (e.g. Manufacturing) to very high risk industries e.g. (Aerospace & Defense);
- Employing around 500 – 20,000 staff at multiple locations;
- Generating around $10 Million – $2 Billion in annual turnover; and, crucially,
- Invested in the Microsoft platform of programs.
Clients pay an annual license fee to use the software and have access to expert support. This rate is optimized to be cost-effective for enterprises.
There is also the cost of implementing the software. This varies from project to project and is dependent on the modules you deploy, and the configurations required.
10. Common Health and Safety abbreviations
AD – Active Directory
CCOHS – Canadian Centre for Occupational Health and Safety (organization)
CSR – Corporate Social Responsibility
EHS – Environmental, Health and Safety
EHSQ – Environmental, Health, Safety and Quality
EMIS – Environmental, Health & Safety Information Management System
EMS – Energy Management System
GDPR – General Data Protection Regulation
HSE –  Health and Safety Executive (organization),  Health, Safety and Environmental
HSEQ – Health, Safety, Environmental and Quality
ICO – Information Commissioner’s Office (organization)
IP – Intellectual Property
ISO – International Standards Organization (organization)
KPI – Key Performance Indicator
MoC – Management of Change
MSDS – Material Safety Data Sheets
NAEM – National Association for Environmental Management (organization)
OSHA – Occupational Safety and Health Administration (organization)
PIPEDA – Personal Information Protection and Electronic Documents Act
PTW – Permit to Work
QMS – Quality Management System
ROI – Return on Investment
SAER – Significant Adverse Event Review
SAP – Systems, Applications and Products (organization)
SDS – Safety Data Sheets
SP – SharePoint
SSO – Single sign on
TMS – Training Management System
Download this page as a PDF.
We've put all this information into a document so that you can read it offline, too →