Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library GRI GRI 403 GRI 403-1
GRI 403: Occupational Health and Safety · 2018
Disclosure GRI 403-1

Occupational health and safety management system

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to explain whether it has a formal approach for managing occupational health and safety across its activities, and how far that approach reaches. In practice, the report should make clear if the system applies to all operations, selected business units, specific sites, or only part of the workforce, and should describe the main features of that approach in a way that shows how health and safety is managed rather than just stated as a policy.

The practical focus is on coverage and consistency: readers should be able to see where the management system applies, where it does not, and whether it is embedded across the organisation or concentrated in a few flagship locations. The disclosure is therefore less about describing isolated initiatives and more about showing the scope, structure, and operational reach of the organisation’s health and safety management arrangements.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
System coverage statement State whether the organisation has put an occupational health and safety management system in place for employees and for non-employee workers whose work or workplace it controls. Policy or system scope note; H&S management system documentation; governance approval showing the covered worker groups. Health and Safety
Legal basis for system Confirm whether the system was put in place because a law or regulation requires it. Legal register; compliance assessment; internal memo or policy note linking the system to a statutory driver. Legal/Compliance
Legal requirements list List the specific legal obligations that drove the system being put in place. Legal register extracts; compliance obligations matrix; counsel or compliance review notes identifying the applicable rules. Legal/Compliance
Standards basis for system Confirm whether the system was put in place using recognised risk-management or management-system standards or guidance. Management system framework documents; certification or gap-assessment records; internal implementation papers naming the chosen framework. Health and Safety
Frameworks used List the standards or guidance documents the organisation used when designing or running the system. Implementation plan; certification scope; procedure references; training materials naming the framework documents. Health and Safety
System coverage scope Describe which worker groups, activities and workplaces are included in the system, using the organisation's actual operational scope. Scope statement; site list; workforce mapping; process inventory; contractor or labour-supply coverage notes. Health and Safety
Exclusions and reasons Explain whether any workers, activities or workplaces are outside the system, and if so give the reason for each exclusion. Scope exceptions log; risk assessment; site or workforce exclusion approvals; remediation plan for gaps. Health and Safety
+ Show GRI 403-1 sub-elements (LRA working checklist)

How to prepare it

1Set the boundary first: decide which employees and which non-employee workers fall within the system because their work, their workplace, or both are under the organisation’s control.
2Confirm the basis for the system: note whether it exists because a law or regulation requires it, or because you have used a recognised risk or management framework to put it in place.
3Gather the supporting records: keep the legal provisions relied on, or the named standards or guidance used, so the basis for implementation can be shown clearly.
4Describe the coverage in plain terms: state which worker groups, activities, and sites are included in the health and safety system.
5Record any gaps openly: explain whether any workers, activities, or locations are left out, and give the reason for each exclusion.
6Check the final wording against the source material and your evidence pack, so the reported scope, basis, and exclusions match the underlying records and no item has been missed.
Request the data

Request the OHS system evidence from EHS / Operations

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

What parts of our workforce and sites are covered by the current health and safety management approach, and what sits outside it?

Use your organisation’s own labels first, then map them to the reporting disclosure. For example, talk about your safety programme, site controls, incident process, or local H&S arrangements if that is how the business describes them internally.

Weak request

Please provide the GRI 403-1 information for the OHS management system, including whether it is implemented, the basis for implementation, and the scope and exclusions.

Why it fails: This uses reporting jargon and leaves the owner guessing which internal records to pull. It does not say what people, sites, activities, or source systems to use, so the response may be incomplete or inconsistent.

Better request

Please send the current safety programme details for [period]: which workers, activities, and sites are covered; which are not covered; why any gaps exist; and whether the programme sits in place because of a legal duty, a recognised framework, or both. Include the internal record name, owner, and latest review date.

Formal email template
Subject: Request for health and safety system coverage details

Hi [Name],

I’m preparing the sustainability reporting pack and need your help with the current health and safety system evidence for [reporting period].

Please could you send me:
- a short description of which people, activities, and sites are covered by the current safety management approach;
- whether that approach is in place because of a legal duty, a recognised framework, or both;
- the list of the relevant legal duties and/or the framework names used internally;
- any people, activities, or sites that are not covered; and
- the reason for each gap in coverage.

Please also include the source document or system reference, the latest review date, and who owns the record.

Use the organisation’s own wording where possible, and I will map it to the reporting disclosure. Please send this by [date].

Thanks,
[Your name]
Short Teams / Slack version
Hi [Name] — could you share the current health and safety system details for [period]? I need: what’s covered, what isn’t, why any gaps exist, and whether the setup is driven by law, a recognised framework, or both. Please include the source reference and latest review date. I’ll map your wording to the reporting pack. Thanks.
Industry examples
Manufacturing

Context. A plant with employees, agency labour, maintenance contractors, and multiple production areas.

Adapted request. Please share the plant safety management summary for [period]: which teams, lines, maintenance tasks, and buildings are covered; which are outside the current setup; why any exclusions exist; and whether the arrangement is driven by legal duties, a recognised framework, or both. Include the policy or register reference and last review date.

Example response. Covered: employees, agency labour on the production lines, and maintenance contractors in the main plant. Not covered: third-party logistics yard staff because that area is managed by the landlord. Basis: legal duties plus the company safety framework. Source: Plant H&S register v4, reviewed 15 Nov 2025.

Professional services

Context. An office-based business with employees, contractors, and hybrid workers across leased offices.

Adapted request. Please provide the office safety management summary for [period]: which people, activities, and workplaces are included; which are not included; why any exclusions apply; and whether the arrangement exists because of legal duties, a recognised framework, or both. Please include the internal policy name, owner, and review date.

Example response. Covered: employees, regular contractors, and office-based activities in leased premises. Not covered: homeworking arrangements under a separate remote-working process. Basis: legal duties and the company workplace safety standard. Source: Workplace Safety Policy, reviewed 02 Oct 2025.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

State how the organisation defines the people, activities and sites included in the health and safety system, and note whether the system exists because of a legal duty or because it follows recognised risk or management guidance.

Context note

Explain what the figures mean in practice by describing the parts of the workforce, work and locations that are covered, and whether any exclusions are limited or material.

Fluctuation statement

If coverage changed from the prior period, explain whether that was due to a new legal requirement, adoption of a recognised framework, or a change in the scope of people, activities or sites included.

Content index entry
GRI 403-1 Occupational health and safety management system — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for GRI 403-1 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
I have stated whether the organisation had put a health and safety management arrangement in place for the people and sites we included in the figure.The assurer may test whether the statement is clear, complete, and consistent with the scope used elsewhere in the report, and whether it avoids implying coverage beyond the disclosed population.Draft disclosure text; scope memo showing which people and sites were included; internal sign-off confirming the yes/no statement matches the underlying records.
I have based the statement on a legal obligation where that was the reason for putting the arrangement in place.The assurer may probe whether the legal basis is real, current, and relevant to the disclosed arrangement, rather than a general reference to compliance.Legal register or compliance note; cited law or regulation summary; internal review showing the legal trigger was checked before publication.
I have listed the specific legal requirements that were used as the basis for the arrangement.The assurer may check that the list is complete, accurate, and tied to the actual arrangement, with no missing or outdated items.Extract from the legal register; cross-reference to the arrangement document; evidence of review by legal, compliance, or H&S leads.
I have based the arrangement on recognised external guidance or a management framework where that was the basis used.The assurer may test whether the named guidance or framework is genuinely recognised, actually used, and not added after the fact to strengthen the narrative.Documented reference list; policy or procedure showing adoption of the framework; approval record confirming the basis used.
I have named the external guidance or framework that informed the arrangement.The assurer may check that the named sources are correctly identified and that the wording does not overstate the level of alignment or certification.Source documents; internal mapping between the arrangement and the named guidance; publication review notes confirming the names are correct.
I have described which people, activities, and sites were included in the arrangement.The assurer may probe whether the coverage description matches operational reality and whether the boundaries were applied consistently across the report.Coverage schedule; organisational chart or site list; workforce records showing which groups and locations were included.

Evidence pack to prepare

Common reporting gaps

The information is presented without a date or as-at point.The scope or boundary of the statement is left undefined.Key terms are used inconsistently across the report.Material changes since the previous period are not disclosed.Assertions are made without supporting detail or a source record.Boilerplate is used that does not actually answer what is asked.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner
Chasing the health and safety team alone can miss the person who holds the system decision, the legal basis, or the scope note in the business.
Framework language only
Asking people in disclosure terms instead of the organisation’s own labels can produce answers that do not match how the system is actually described internally.
No boundary set
Collecting a yes/no answer without first fixing which staff, contractors, activities, and sites are in scope leads to a statement that cannot be tied to a clear coverage boundary.
Wrong period basis
Pulling the answer from a different reporting cut-off or a later policy version can make the data reflect the wrong time point for the reporting year.
Mixed counting basis
Combining employee records with non-employee worker records, or mixing site-level and group-level counts, can blur populations that should stay separate in the source data.
Source labels lost
Copying figures or notes into a new file without keeping the original document names, version marks, or system tags makes it hard to trace where each answer came from.
Coverage gaps hidden
Rolling covered and not-covered workers or sites into one total can hide the parts of the operation that need a separate explanation for exclusion.
No evidence trail
Saving the final answer without the supporting file, date, owner, and approval record leaves no clear path for review before sign-off.

Where judgement is often needed

Newly bought or sold sites during the reporting period
Decide whether to include sites and teams from acquisitions or disposals from the date control starts or ends, and explain the cut-off used so readers can see why the covered group changed.
Different local safety rules across countries
Where country rules differ, map each location to the local rule set used and say whether you applied the strictest local approach, a country-by-country approach, or another consistent basis.
Contractors, agency staff, and other non-employees at controlled workplaces
Set out which non-employees are treated as in scope when their work or workplace is under your control, and explain any groups left out because control is not clear or is shared.
Shared sites and mixed-control operations
For joint ventures, leased premises, and multi-occupier sites, explain how you decided whether the workplace is controlled enough to sit inside the system and note any partial coverage.
Head office policy versus site-level practice
If the system exists on paper but is only partly rolled out in practice, describe the parts that are live, the parts still being implemented, and the basis for saying the system is in place.
Using recognised frameworks versus internal arrangements
If you rely on a legal duty, an external framework, or your own internal process, state which basis applies at each location and list the laws, standards, or guidance you used.
Estimating coverage where records are incomplete
When headcount, site lists, or worker categories are not fully measured, use a transparent estimate, say how it was built, and identify the period and source data behind it.
Rounding and aggregation for privacy or practicality
If you combine small groups or round figures to avoid identifying individuals or to keep the disclosure readable, explain the aggregation rule and make sure the totals still reconcile.
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — Food manufacturing

We have put in place a workplace health and safety system for our own staff and for agency workers whose day-to-day tasks and sites we control. It is in place because local law requires it, and it is also aligned with recognised management approaches used in our sector. - The legal basis we rely on is the UK Health and Safety at Work etc. Act 1974, the Management of Health and Safety at Work Regulations 1999, and the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013. - The framework we use is built around ISO 45001 and our internal risk-control procedures. - It covers 1,240 employees and 310 non-employee workers across 6 production sites and 2 distribution depots; that is 100% of employees and 100% of controlled non-employees in scope. - We exclude 18 remote sales contractors because their work is not directed by us and their workplaces are not under our control.

Synthetic illustration only. Shows how to state whether a health and safety system exists, why it exists, what it is based on, who and what it covers, and any exclusions, using plain language and internally consistent figures.

Illustrative (synthetic) example — Logistics and warehousing

Our company runs a health and safety system for employees and for labour-hire staff working under our direction at our depots and transport hubs. We use it because the law expects it, and we also follow recognised risk-management practice. - The legal requirements we meet include the Health and Safety at Work etc. Act 1974, the Workplace (Health, Safety and Welfare) Regulations 1992, and the Control of Substances Hazardous to Health Regulations 2002. - The guidance and standards we work to include ISO 45001 and HSE’s HSG65 approach. - The system applies to 860 employees and 140 agency workers at 4 warehouses, 1 cross-dock site, and 1 vehicle-maintenance yard; that is 100% of employees and 100% of controlled agency workers. - We do not include 22 self-employed delivery drivers because their routes and work locations are set by their own businesses rather than by us.

Synthetic illustration only. Shows a second plausible reporter with different wording, different legal references, and a different coverage pattern, while keeping the disclosure complete and numerically consistent.

Company reports

How companies report GRI 403-1

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

ASE Technology Holding Co., Ltd.
Semiconductors · Taiwan · 2024
Open report →
ASE Technology Holding Co., Ltd.'s 2024 CSR Report includes some coverage of occupational health and safety, with a specific reference to this topic on page 254 and related social data in an appendix (p.254, p.262). The report also mentions legal compliance and internal audits in the context of risk management on page 68, and discusses information security management systems on page 48. However, there is no clear or comprehensive narrative specifically detailing occupational health and safety measures or outcomes, and some expected narrative elements are either missing or unclear.
Mega Financial Holding Co., Ltd.
Banks / Diverse Financials / Insurance · Taiwan · 2024
Open report →
Mega Financial Holding Co., Ltd.’s 2024 Sustainability Report provides coverage on occupational health and safety, including data on workers covered by occupational health and safety measures linked to business relationships (p.193) and references to an occupational health and safety management system and committee (pp.156, 158). The report also mentions a 100% legal compliance training rate in 2024 (p.56) and outlines risk management implementation (p.48). However, there is no clear or quotable evidence regarding certain narrative items or methodology, leaving some aspects unclear or not found in the report.
London Luton Airport Operations Ltd.
Air Transportation — Airport Services · United Kingdom · 2024
Open report →
London Luton Airport Operations Ltd.'s Sustainability Report 2024 covers several aspects of occupational health and safety, including management systems and hazard identification, with relevant information found on pages 71 to 74. The report also addresses economic performance and material topics management on pages 14 and 70, and provides some details on activities and workforce on pages 66 and 67. However, there is no clear evidence regarding freedom of association, collective bargaining agreements, or child labour disclosures, as indicated by missing or unclear datapoints and the absence of relevant information in the report.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
TryHow do I prepare GRI 403-1?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
1 free answer
Check your understanding

Scenarios to work through

A manufacturer has one safety framework for its own staff, but contractors on the warehouse site follow a separate site rulebook. The reporting team is unsure whether to describe this as one system or two, and whether both groups sit inside the scope.

QHow should the preparer decide what to say about whether a safety management system is in place for the people and workplaces the business controls?
Reveal model answer →

A logistics group says its safety approach was built to meet local law in three countries. The draft report names the countries but does not say which legal duties shaped the system or whether those duties were the reason it was set up.

QWhat should the preparer check before describing the legal basis for the system?
Reveal model answer →

A services company uses a health and safety framework adapted from a well-known risk standard, but only for office staff. Field technicians and temporary workers are managed through separate local procedures, and the team is unsure whether to mention the standard and the exclusions together.

QHow should the preparer handle a system that is based on recognised guidance but does not cover everyone or every site?
Reveal model answer →

A retailer has one safety system for stores and distribution centres, but head office staff are not included because they work remotely and are covered by a separate wellbeing process. The draft wording says only that the system covers “operational sites” and gives no reason for the omission.

QWhat should the preparer do about workers or workplaces that are left out of the described system?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

GRI
GRI 403-1
within GRI 403: Occupational Health and Safety
Open official source →
Primary
Related & explore
FAQ

Questions this page answers

What do I need to gather before drafting GRI 403-1 Occupational Health and Safety on this page?+
How do I decide the scope for GRI 403-1 Occupational Health and Safety using this page?+
What evidence should I keep for GRI 403-1 Occupational Health and Safety in case of assurance?+
What are the common mistakes to avoid when preparing GRI 403-1 Occupational Health and Safety?+
How can I use the Prep & Assurance workbook for GRI 403-1 Occupational Health and Safety?+
What should the draft output for GRI 403-1 Occupational Health and Safety include?+
Can I use the synthetic example on the GRI 403-1 Occupational Health and Safety page as a template?+
How do I link GRI 403-1 Occupational Health and Safety to ESRS S1 without double work?+
Who should own the data for GRI 403-1 Occupational Health and Safety in my organisation?+
Where can I find real company examples for GRI 403-1 Occupational Health and Safety?+
More questions this page can help with
GRI 403-1 Occupational Health and Safety workbook download and how to use itGRI 403-1 Occupational Health and Safety evidence pack what to includeGRI 403-1 Occupational Health and Safety common mistakes and reporting gapsGRI 403-1 Occupational Health and Safety system coverage statement exampleGRI 403-1 Occupational Health and Safety legal basis and legal requirements listGRI 403-1 Occupational Health and Safety standards basis for systemGRI 403-1 Occupational Health and Safety exclusions and reasons how to writeGRI 403-1 Occupational Health and Safety draft narrative startersGRI 403-1 Occupational Health and Safety content index line exampleGRI 403-1 Occupational Health and Safety assurance claims to verifyGRI 403-1 Occupational Health and Safety from company reports tableGRI 403-1 Occupational Health and Safety ESRS S1 data reuse