Prevention and mitigation of occupational health and safety impacts directly linked by business relationships
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to explain how it identifies and manages occupational health and safety risks and impacts that are connected to its business relationships, not just those within its own direct operations. In practice, the focus is on whether the organisation has processes to prevent or reduce harm where its activities, products, services, contractors, suppliers or other linked parties may affect workers’ health and safety.
The practical emphasis is on the breadth and effectiveness of coverage: does the organisation look across the parts of the business where these risks can arise, or only at a few visible sites? The report should make clear how prevention and mitigation are applied in day-to-day operations and through relevant relationships, and whether the approach is limited to flagship locations or extends more widely across the organisation’s footprint.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| OHS risk controls | A plain description of how the organisation prevents or reduces major work-related health and safety harm that is tied to its own activities, products or services through its business relationships, together with the main hazards and risks involved. | Risk assessments, control plans, supplier or contractor safety requirements, incident logs, and internal H&S procedures showing the controls in place and the hazards they address. | Health and safety |
Show GRI 403-7 sub-elements (LRA working checklist)
- Set out how you prevent or reduce material work-safety harms that arise through your business relationships and connect directly to your operations, products or services, together with the hazards and risks involved.
LRA working checklist - paraphrased; see official source
- Set the boundary for the disclosure first: decide which parts of the business, which products or services, and which business partners are in scope for the description.
- Define what you will treat as a significant negative health and safety impact, and identify the related hazards and risks you will use when assessing it.
- Gather the supporting material that shows how the organisation prevents or reduces those impacts, including any internal policies, procedures, assessments, or other records used in practice.
- Draft a clear narrative that explains the approach in plain language, making sure it covers the direct links through operations, products or services, and through business relationships.
- Record any exclusions, scope changes, or assumptions so a reviewer can see what was left out and why the reported description is framed the way it is.
- Check the final wording and evidence against the official source to confirm the disclosure matches the required content and that nothing material has been missed or added.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own terms first, then map them to the disclosure wording. For example, if you talk about contractors, vendors, site partners, or service providers, use those labels in the request and only translate them later for reporting.
Please provide the GRI 403-7 evidence showing how we address occupational health and safety impacts directly linked by business relationships.
Please send the records for [reporting period] that show how [site/business area] manages serious safety risks linked to [contractors/suppliers/service partners]. Include the main risk types, the controls in place, and the supporting audit, review, incident, or action-tracking references, using your team’s own terms.
Formal email template
Subject: Request for contractor and supplier safety control evidence for [reporting period]\n\nHi [name/team],\n\nI’m pulling together the evidence pack for our sustainability reporting and need your help with the records for [business area/site].\n\nPlease send a short summary of the controls we use to manage serious health and safety risks connected with [contractors/suppliers/service partners], together with the supporting evidence for [reporting period].\n\nPlease include:\n- the main risk types you track\n- the controls or checks in place\n- where the evidence is held\n- any relevant audit, review, incident, or action-tracking references\n- the current status of any open actions\n\nA possible LRA training template is attached below; please adapt this to your organisation’s own language and check the source material before sign-off.\n\nThanks,\n[preparer name]
Short Teams / Slack version
Hi [name] — could you share the evidence pack for [reporting period] on how we manage serious safety risks linked to [contractors/suppliers/service partners] in [site/business area]? Please include the controls in place, where the records sit, and any audit/action references. Please use your team’s own terms first, then we’ll map them for reporting. Thanks.
Construction
Context. A principal contractor needs evidence for subcontractor safety management across live sites.
Adapted request. Please share the evidence pack for [reporting period] covering how we manage high-risk work by subcontractors on [project/site]. Include the main hazards, the controls used before and during work, and any inspection, permit, or corrective-action records.
Example response. We use subcontractor pre-qualification, site induction, daily briefings, permit-to-work, and supervisor checks. Evidence is held in the contractor portal and site inspection logs. Open actions are tracked in the action register; closed items are marked with completion dates.
Logistics / Warehousing
Context. A warehouse operator needs evidence for third-party transport and maintenance activities on site.
Adapted request. Please provide the records for [reporting period] showing how we manage safety risks linked to third-party drivers, maintenance firms, and equipment service partners at [warehouse/site]. Include the key risk areas, the controls in place, and the supporting incident, audit, and training records.
Example response. We control vehicle movements through booking slots, yard rules, marshal checks, and induction for visiting drivers. Maintenance work uses permit-to-work and isolation checks. Evidence sits in the HSE tracker, visitor induction system, and audit folder, with actions tracked to closure.
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
Explain how you define the relevant hazards, which business relationships are included, and the basis used to decide whether a negative health and safety impact is significant enough to describe.
Set out what the figures and descriptions show about how the organisation is trying to stop or reduce serious work-related harm connected to its operations, products or services through other parties.
If the approach changed during the period, note whether that was due to new hazards, changes in business relationships, revised assessments, or updated control measures.
GRI 403-7 Prevention and mitigation of occupational health and safety impacts directly linked by business relationships — [location / page] / [notes]
Professional preparation tools and forms for GRI 403-7. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| We explain how we identified the work areas and relationships that could create the most serious health and safety harm, and how we decided which of those were included in the figure. | An assurer will test whether the inclusion and exclusion choices were made consistently, and whether the reported coverage leaves out material parts of the disclosed operations or linked business relationships. | Scoping notes, boundary-setting papers, risk registers, mapping of sites and business relationships, and any sign-off showing why particular areas were included or left out. |
| We describe the controls and actions we say are in place to reduce or avoid those harms, and we keep evidence showing how those controls were selected and applied in practice. | An assurer will probe whether the stated controls are real, relevant to the identified hazards, and supported by implementation evidence rather than being generic policy language. | Policies, procedures, contractor requirements, training records, inspection logs, incident follow-up records, and examples showing the controls operating during the reporting period. |
| We rely on source data that can be traced back to the underlying records, and we check that the data used for the disclosure is complete, current, and internally consistent before publication. | An assurer will look for weak data lineage, missing records, outdated inputs, or unexplained changes between source systems and the published figure or narrative. | Source extracts, data lineage notes, reconciliation files, version control, management review comments, and evidence of checks for completeness, accuracy, and consistency. |
| We keep supporting material that shows the hazards we identified, the decisions we made, and the basis for the final wording in the disclosure. | An assurer will test whether the narrative is backed by contemporaneous evidence and whether the final statement matches the underlying assessment and records. | Hazard assessments, meeting minutes, draft-to-final change logs, approval records, and working papers linking the published text to the underlying analysis. |
| Before publication, we carry out a review to confirm that the disclosure matches the underlying evidence and that any judgement calls are explained clearly. | An assurer will examine whether the final review was robust, whether unresolved issues were cleared, and whether the published wording overstates what the evidence supports. | Pre-publication checklists, review and approval emails, issue logs, sign-off records, and evidence of any corrections made before release. |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- The information is presented without a date or as-at point.
- The scope or boundary of the statement is left undefined.
- Key terms are used inconsistently across the report.
- Material changes since the previous period are not disclosed.
- Assertions are made without supporting detail or a source record.
- Boilerplate is used that does not actually answer what is asked.
- Wrong owner
The team asks the safety lead alone and misses the people who manage contractors, suppliers, or service partners where the controls actually sit.
- Framework language only
The request is sent in disclosure jargon, so the business cannot map it to its own hazard, incident, or contractor-control records.
- Scope left vague
No one states which linked operations, products, services, or partner groups are in scope, so different teams collect different sets of cases.
- Wrong time basis
The data pull uses a different reporting period or cut-off date from the rest of the pack, which makes the figures impossible to align.
- Mixed counting basis
One source counts sites, another counts people, and a third counts events, so the final dataset blends unlike measures.
- Source labels lost
Original file names, system tags, or case IDs are stripped out, making it hard to trace each figure back to the underlying record.
- Populations merged
Contractor, supplier, and other partner records are rolled into one pool even though they need to stay separate for review.
- No evidence trail
The pack has numbers but no note of where they came from, who checked them, or when they were approved.
- Acquisition or disposal during the reporting period
Use the cut-off date you apply for the period, explain whether newly acquired or sold entities are included for the full year or only from the transaction date, and note any resulting gap or overlap in the description.
- Different local safety rules across countries
Describe the approach in the language used by the business, then explain how local legal or site-level practices are reconciled where country rules differ so readers can see the common method behind the variation.
- Contractors, agency staff, and other near-boundary workers
State the rule you use to decide when a worker supplied through another party is treated as part of the operating footprint for this topic, and disclose any exclusions where the link to your activities is too indirect or too remote.
- Suppliers and service partners at different tiers
Clarify how far along the chain you look when the hazard sits with a partner rather than inside your own sites, and explain the practical limit you set for including linked risks and controls.
- Mixed evidence from site checks and estimates
If some locations are measured and others are inferred, say which parts come from inspections, incident records, or other direct checks and which parts rely on estimates, including the basis used for those estimates.
- Timing of controls and follow-up actions
Explain whether you report the position at period end or the average position over the year, and make clear how you treat actions that started, changed, or finished part-way through the period.
- Aggregation for privacy or small-number protection
Combine results where needed to avoid identifying individuals or tiny teams, but disclose the level at which you have grouped the information and any effect this has on how clearly the linked hazards and responses can be seen.
- Rounding and internal consistency
Round figures in a consistent way, state the rounding rule if it affects the presentation, and check that any totals still align with the underlying site or business-unit detail.
Synthetic, written by LRA — not from a company report, not text from any standard.
Synthetic example only. We map the main work-related health and safety risks that arise through our contractors and logistics partners, then set controls to reduce the chance of harm where their activities connect to our sites and products.
- Our review covered 42 business partners; 18 were flagged as higher risk because of manual handling, vehicle movements, cleaning chemicals, or work at height, and all 18 had agreed action plans in place.
- During the year, 14 partner sites were checked against our safety requirements; 11 were found compliant, while 3 needed follow-up on training records, machine guarding, or emergency procedures, and those gaps were closed within 60 days.
Synthetic example only. We use a partner-risk review to identify where outsourced cleaning, maintenance, and security work could create serious injury risks, and we then apply contract terms, site rules, and joint training to lower those risks.
- In the reporting year, 27 suppliers were in scope; 9 were classed as higher risk because of lone working, electrical tasks, work at height, or exposure to hazardous substances, and each received a targeted mitigation plan.
- We carried out 21 site audits across those partners; 16 met our expectations, and 5 required corrective action on permit-to-work controls, PPE use, or incident reporting, all of which were completed before year-end.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- How the organisation manages work-related harm linked through business ties — table: A concise summary of the main prevention or mitigation measures, grouped by the type of business relationship and the related hazard or risk.
- Controls by hazard type — stacked bar: The mix of actions used to address different workplace safety hazards, showing where several measures are applied to the same risk.
- Coverage of linked business relationships — bar: Which parts of the value chain or other business relationships are covered by the approach, and where the response is strongest or weakest.
- Risk-to-action summary — table: A side-by-side view of the key hazards identified and the practical steps taken to reduce or prevent harm.
- Relative emphasis of response measures — donut: The share of the overall approach made up by different types of controls, such as prevention, mitigation, training, oversight or corrective action.
What separates a figure from a disclosure.
We identified 12 significant health and safety risks linked to our business partners and took action on all 12.
We assessed 12 partner-linked health and safety risks, put controls in place for all 12, and focused those controls on the main hazards in our operations, products and services.
We reviewed 12 partner-linked health and safety risks across our operations, products and services this year, applied mitigation measures to all 12, and the main reason the risk profile shifted was that two suppliers changed their work methods after our follow-up review.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 403-7 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chang Hwa Commercial Bank, Ltd. | Banks / Diverse Financials / Insurance · Taiwan | 2024 | Exact | p. 167 →p. 201 →p. 203 → | 2024 ESG Report → | PwC | |||||||
Evidence in Chang Hwa Commercial Bank, Ltd.’s reportWhat the report shows Chang Hwa Commercial Bank's 2024 ESG Report includes a narrative reference to its occupational health and safety management system, specifically mentioning "403-8 165 Responsible Finance Operations with significant actual and potential negative" on page 201. This indicates some coverage of health and safety management related to responsible finance operations. However, the report does not provide further detailed data or metrics on occupational health and safety outcomes or performance, leaving the extent of disclosure unclear.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||
| London Luton Airport Operations Ltd. | Air Transportation — Airport Services · United Kingdom | 2024 | Exact | p. 71 →p. 38 →p. 36 → | Sustainability Report 2024 → | BSI | |||||||
Evidence in London Luton Airport Operations Ltd.’s reportWhat the report shows London Luton Airport Operations Ltd.'s Sustainability Report 2024 includes coverage of occupational health and safety impacts directly linked to business relationships, with relevant information found on page 71. The report specifically addresses workers covered by occupational health and safety measures in this context. However, the evidence map does not provide details on the extent or specifics of these impacts, nor does it clarify other related aspects that might be expected under this disclosure.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||
| Delta Electronics, Inc. | Technology Hardware and Equipment · Taiwan | 2024 | Exact | p. 46 →p. 241 →p. 242 → | 2024 Delta ESG Report → | PwC | |||||||
Evidence in Delta Electronics, Inc.’s reportWhat the report shows Delta Electronics, Inc.'s 2024 ESG Report includes a narrative on occupational health and safety impacts directly linked by business relationships, referenced on page 242. The report points to a detailed section on occupational health and safety covering pages 219 to 228, which aligns with the disclosure requirements. However, the evidence map does not indicate specific quantitative data or further details on the extent of these impacts, leaving some aspects unclear.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||
A logistics provider uses a subcontracted warehouse team to handle your finished goods. A recent site review found repeated manual-handling injuries among that team, and your own staff work alongside them in the same loading area.Should you describe the practical steps you are taking to reduce the injury risk in that shared work area, including how you are addressing the hazards tied to the subcontracted service?
A cleaning contractor works overnight in your offices. One cleaner was injured after using a chemical stored in an unlabelled container, and the contractor has asked whether the issue should be mentioned in your sustainability reporting.Do you need to explain how you are preventing a repeat of this kind of harm when the risk sits with a contractor rather than your own employees?
Your company buys maintenance services from an external firm that sends technicians to your sites. A near-miss involving faulty equipment was recorded, but no one was hurt and the supplier says the problem was isolated.Should you include this in the disclosure if you are only reporting on serious safety impacts, or only if an actual injury occurred?
A transport partner delivers raw materials to your factory. Drivers have reported fatigue and rushed unloading, and you have introduced revised delivery slots, site induction, and checks on waiting times to reduce the risk.Is it enough to say that the issue is being monitored, or should you set out the actual measures being used to lower the risk?
See how companies actually report GRI 403-7 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
How do I use the GRI 403-7 page to prepare an occupational health and safety disclosure draft from scratch?
Start with the plain-language explainer, then follow the step-by-step preparation section to turn the page into a draft. The page also gives narrative starters, visualisation ideas and a GRI content-index line to help you shape the final output. ↑ section
What data do I need to collect for GRI 403-7 on occupational health and safety risk controls?
The page says the key datapoint to prepare is OHS risk controls. Use that as the starting point for collecting the underlying information you will need for the disclosure and for the evidence pack. ↑ section
How should I define the scope and methodology for GRI 403-7 risk controls using this page?
Use the page’s step-by-step preparation guidance to decide what is in scope and how you will describe the controls. Keep the approach aligned to the page’s plain-language explanation and the evidence you can actually show. ↑ section
Who should own the GRI 403-7 data and sign-off in practice?
The page is designed for sustainability/ESG managers, HR or data owners, and assurance reviewers, so ownership should sit with the person who can explain the controls and provide the evidence. Use the workbook and evidence pack to make responsibilities clear before drafting. ↑ section
What evidence should I keep to make a GRI 403-7 occupational health and safety disclosure assurance-ready?
The page includes an evidence pack with five items for assurance readiness, plus five assurance claims to verify. Use both together so each claim is backed by a clear risk and supporting evidence. ↑ section
What are the common mistakes to avoid when reporting GRI 403-7?
The page lists common reporting gaps and mistakes, so use that section as a pre-submission check. It is especially useful for spotting missing detail, weak evidence, or a draft that does not match the data you have collected. ↑ section
How do I use the Prep & Assurance workbook for GRI 403-7?
The Download Centre includes a Prep & Assurance workbook in .xlsx format and a printable Library Card in PDF. Use the workbook to organise the preparation, evidence and assurance checks before turning the information into a draft. ↑ section
What should I put in the draft output for GRI 403-7 occupational health and safety risk controls?
The page gives draft-output support in the form of visualisation ideas, narrative starters and a GRI content-index line. Use those to convert your prepared data into a concise disclosure draft. ↑ section
Can I reuse GRI 403-7 data for ESRS S1 (Own Workforce)?
The page notes ESRS S1 (Own Workforce) as the closest correspondence, so the data may be reusable across both. Treat that as a practical cross-check, but still confirm the wording and reporting approach for each framework separately. ↑ section
Are there example disclosures for GRI 403-7 that I can use as a model?
Yes. The page includes synthetic illustrative example disclosures, including a quantitative table, which you can use to see how the disclosure might be presented without treating it as a real company example. ↑ section
- GRI 403-7 occupational health and safety risk controls: what is the minimum data I should gather before drafting?
- How do I build an evidence pack for GRI 403-7 OHS risk controls?
- What does the step-by-step preparation section on GRI 403-7 actually help me do?
- How do I turn OHS risk control data into a narrative for GRI 403-7?
- What should an assurance reviewer check in a GRI 403-7 draft?
- What are the five assurance claims to verify for GRI 403-7?
- What are the five items in the GRI 403-7 evidence pack?
- How do I use the GRI 403-7 content-index line in a report draft?
- Where can I find downloadable support materials for GRI 403-7?
- What common reporting gaps appear on the GRI 403-7 page?
- How do the synthetic examples on the GRI 403-7 page help with drafting?
- Is ESRS S1 data reusable for a GRI 403-7 occupational health and safety disclosure?
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.