Occupational health and safety management system
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to explain whether it has a formal approach for managing occupational health and safety across its activities, and how far that approach reaches. In practice, the report should make clear if the system applies to all operations, selected business units, specific sites, or only part of the workforce, and should describe the main features of that approach in a way that shows how health and safety is managed rather than just stated as a policy.
The practical focus is on coverage and consistency: readers should be able to see where the management system applies, where it does not, and whether it is embedded across the organisation or concentrated in a few flagship locations. The disclosure is therefore less about describing isolated initiatives and more about showing the scope, structure, and operational reach of the organisation’s health and safety management arrangements.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| System coverage statement | State whether the organisation has put an occupational health and safety management system in place for employees and for non-employee workers whose work or workplace it controls. | Policy or system scope note; H&S management system documentation; governance approval showing the covered worker groups. | Health and Safety |
| Legal basis for system | Confirm whether the system was put in place because a law or regulation requires it. | Legal register; compliance assessment; internal memo or policy note linking the system to a statutory driver. | Legal/Compliance |
| Legal requirements list | List the specific legal obligations that drove the system being put in place. | Legal register extracts; compliance obligations matrix; counsel or compliance review notes identifying the applicable rules. | Legal/Compliance |
| Standards basis for system | Confirm whether the system was put in place using recognised risk-management or management-system standards or guidance. | Management system framework documents; certification or gap-assessment records; internal implementation papers naming the chosen framework. | Health and Safety |
| Frameworks used | List the standards or guidance documents the organisation used when designing or running the system. | Implementation plan; certification scope; procedure references; training materials naming the framework documents. | Health and Safety |
| System coverage scope | Describe which worker groups, activities and workplaces are included in the system, using the organisation's actual operational scope. | Scope statement; site list; workforce mapping; process inventory; contractor or labour-supply coverage notes. | Health and Safety |
| Exclusions and reasons | Explain whether any workers, activities or workplaces are outside the system, and if so give the reason for each exclusion. | Scope exceptions log; risk assessment; site or workforce exclusion approvals; remediation plan for gaps. | Health and Safety |
Show GRI 403-1 sub-elements (LRA working checklist)
- Set out which workers, tasks and sites fall within the health and safety system.
- If any workers, tasks or sites are left out, explain whether that is the case and why.
- For staff and any other workers whose work or workplace the organisation controls, state whether a health and safety system is in place.
- Say whether the system follows recognised risk-management or management-system guidance.
- Say whether the system exists because the law requires it.
- List the legal requirements relied on.
- List the guidance or standards relied on.
LRA working checklist - paraphrased; see official source
- Set the boundary first: decide which employees and which non-employee workers fall within the system because their work, their workplace, or both are under the organisation’s control.
- Confirm the basis for the system: note whether it exists because a law or regulation requires it, or because you have used a recognised risk or management framework to put it in place.
- Gather the supporting records: keep the legal provisions relied on, or the named standards or guidance used, so the basis for implementation can be shown clearly.
- Describe the coverage in plain terms: state which worker groups, activities, and sites are included in the health and safety system.
- Record any gaps openly: explain whether any workers, activities, or locations are left out, and give the reason for each exclusion.
- Check the final wording against the source material and your evidence pack, so the reported scope, basis, and exclusions match the underlying records and no item has been missed.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own labels first, then map them to the reporting disclosure. For example, talk about your safety programme, site controls, incident process, or local H&S arrangements if that is how the business describes them internally.
Please provide the GRI 403-1 information for the OHS management system, including whether it is implemented, the basis for implementation, and the scope and exclusions.
Please send the current safety programme details for [period]: which workers, activities, and sites are covered; which are not covered; why any gaps exist; and whether the programme sits in place because of a legal duty, a recognised framework, or both. Include the internal record name, owner, and latest review date.
Formal email template
Subject: Request for health and safety system coverage details Hi [Name], I’m preparing the sustainability reporting pack and need your help with the current health and safety system evidence for [reporting period]. Please could you send me: - a short description of which people, activities, and sites are covered by the current safety management approach; - whether that approach is in place because of a legal duty, a recognised framework, or both; - the list of the relevant legal duties and/or the framework names used internally; - any people, activities, or sites that are not covered; and - the reason for each gap in coverage. Please also include the source document or system reference, the latest review date, and who owns the record. Use the organisation’s own wording where possible, and I will map it to the reporting disclosure. Please send this by [date]. Thanks, [Your name]
Short Teams / Slack version
Hi [Name] — could you share the current health and safety system details for [period]? I need: what’s covered, what isn’t, why any gaps exist, and whether the setup is driven by law, a recognised framework, or both. Please include the source reference and latest review date. I’ll map your wording to the reporting pack. Thanks.
Manufacturing
Context. A plant with employees, agency labour, maintenance contractors, and multiple production areas.
Adapted request. Please share the plant safety management summary for [period]: which teams, lines, maintenance tasks, and buildings are covered; which are outside the current setup; why any exclusions exist; and whether the arrangement is driven by legal duties, a recognised framework, or both. Include the policy or register reference and last review date.
Example response. Covered: employees, agency labour on the production lines, and maintenance contractors in the main plant. Not covered: third-party logistics yard staff because that area is managed by the landlord. Basis: legal duties plus the company safety framework. Source: Plant H&S register v4, reviewed 15 Nov 2025.
Professional services
Context. An office-based business with employees, contractors, and hybrid workers across leased offices.
Adapted request. Please provide the office safety management summary for [period]: which people, activities, and workplaces are included; which are not included; why any exclusions apply; and whether the arrangement exists because of legal duties, a recognised framework, or both. Please include the internal policy name, owner, and review date.
Example response. Covered: employees, regular contractors, and office-based activities in leased premises. Not covered: homeworking arrangements under a separate remote-working process. Basis: legal duties and the company workplace safety standard. Source: Workplace Safety Policy, reviewed 02 Oct 2025.
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
State how the organisation defines the people, activities and sites included in the health and safety system, and note whether the system exists because of a legal duty or because it follows recognised risk or management guidance.
Explain what the figures mean in practice by describing the parts of the workforce, work and locations that are covered, and whether any exclusions are limited or material.
If coverage changed from the prior period, explain whether that was due to a new legal requirement, adoption of a recognised framework, or a change in the scope of people, activities or sites included.
GRI 403-1 Occupational health and safety management system — [location / page] / [notes]
Professional preparation tools and forms for GRI 403-1. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| I have stated whether the organisation had put a health and safety management arrangement in place for the people and sites we included in the figure. | The assurer may test whether the statement is clear, complete, and consistent with the scope used elsewhere in the report, and whether it avoids implying coverage beyond the disclosed population. | Draft disclosure text; scope memo showing which people and sites were included; internal sign-off confirming the yes/no statement matches the underlying records. |
| I have based the statement on a legal obligation where that was the reason for putting the arrangement in place. | The assurer may probe whether the legal basis is real, current, and relevant to the disclosed arrangement, rather than a general reference to compliance. | Legal register or compliance note; cited law or regulation summary; internal review showing the legal trigger was checked before publication. |
| I have listed the specific legal requirements that were used as the basis for the arrangement. | The assurer may check that the list is complete, accurate, and tied to the actual arrangement, with no missing or outdated items. | Extract from the legal register; cross-reference to the arrangement document; evidence of review by legal, compliance, or H&S leads. |
| I have based the arrangement on recognised external guidance or a management framework where that was the basis used. | The assurer may test whether the named guidance or framework is genuinely recognised, actually used, and not added after the fact to strengthen the narrative. | Documented reference list; policy or procedure showing adoption of the framework; approval record confirming the basis used. |
| I have named the external guidance or framework that informed the arrangement. | The assurer may check that the named sources are correctly identified and that the wording does not overstate the level of alignment or certification. | Source documents; internal mapping between the arrangement and the named guidance; publication review notes confirming the names are correct. |
| I have described which people, activities, and sites were included in the arrangement. | The assurer may probe whether the coverage description matches operational reality and whether the boundaries were applied consistently across the report. | Coverage schedule; organisational chart or site list; workforce records showing which groups and locations were included. |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- The information is presented without a date or as-at point.
- The scope or boundary of the statement is left undefined.
- Key terms are used inconsistently across the report.
- Material changes since the previous period are not disclosed.
- Assertions are made without supporting detail or a source record.
- Boilerplate is used that does not actually answer what is asked.
- Wrong owner
Chasing the health and safety team alone can miss the person who holds the system decision, the legal basis, or the scope note in the business.
- Framework language only
Asking people in disclosure terms instead of the organisation’s own labels can produce answers that do not match how the system is actually described internally.
- No boundary set
Collecting a yes/no answer without first fixing which staff, contractors, activities, and sites are in scope leads to a statement that cannot be tied to a clear coverage boundary.
- Wrong period basis
Pulling the answer from a different reporting cut-off or a later policy version can make the data reflect the wrong time point for the reporting year.
- Mixed counting basis
Combining employee records with non-employee worker records, or mixing site-level and group-level counts, can blur populations that should stay separate in the source data.
- Source labels lost
Copying figures or notes into a new file without keeping the original document names, version marks, or system tags makes it hard to trace where each answer came from.
- Coverage gaps hidden
Rolling covered and not-covered workers or sites into one total can hide the parts of the operation that need a separate explanation for exclusion.
- No evidence trail
Saving the final answer without the supporting file, date, owner, and approval record leaves no clear path for review before sign-off.
- Newly bought or sold sites during the reporting period
Decide whether to include sites and teams from acquisitions or disposals from the date control starts or ends, and explain the cut-off used so readers can see why the covered group changed.
- Different local safety rules across countries
Where country rules differ, map each location to the local rule set used and say whether you applied the strictest local approach, a country-by-country approach, or another consistent basis.
- Contractors, agency staff, and other non-employees at controlled workplaces
Set out which non-employees are treated as in scope when their work or workplace is under your control, and explain any groups left out because control is not clear or is shared.
- Shared sites and mixed-control operations
For joint ventures, leased premises, and multi-occupier sites, explain how you decided whether the workplace is controlled enough to sit inside the system and note any partial coverage.
- Head office policy versus site-level practice
If the system exists on paper but is only partly rolled out in practice, describe the parts that are live, the parts still being implemented, and the basis for saying the system is in place.
- Using recognised frameworks versus internal arrangements
If you rely on a legal duty, an external framework, or your own internal process, state which basis applies at each location and list the laws, standards, or guidance you used.
- Estimating coverage where records are incomplete
When headcount, site lists, or worker categories are not fully measured, use a transparent estimate, say how it was built, and identify the period and source data behind it.
- Rounding and aggregation for privacy or practicality
If you combine small groups or round figures to avoid identifying individuals or to keep the disclosure readable, explain the aggregation rule and make sure the totals still reconcile.
Synthetic, written by LRA — not from a company report, not text from any standard.
We have put in place a workplace health and safety system for our own staff and for agency workers whose day-to-day tasks and sites we control. It is in place because local law requires it, and it is also aligned with recognised management approaches used in our sector.
- The legal basis we rely on is the UK Health and Safety at Work etc. Act 1974, the Management of Health and Safety at Work Regulations 1999, and the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013.
- The framework we use is built around ISO 45001 and our internal risk-control procedures.
- It covers 1,240 employees and 310 non-employee workers across 6 production sites and 2 distribution depots; that is 100% of employees and 100% of controlled non-employees in scope.
- We exclude 18 remote sales contractors because their work is not directed by us and their workplaces are not under our control.
Our company runs a health and safety system for employees and for labour-hire staff working under our direction at our depots and transport hubs. We use it because the law expects it, and we also follow recognised risk-management practice.
- The legal requirements we meet include the Health and Safety at Work etc. Act 1974, the Workplace (Health, Safety and Welfare) Regulations 1992, and the Control of Substances Hazardous to Health Regulations 2002.
- The guidance and standards we work to include ISO 45001 and HSE’s HSG65 approach.
- The system applies to 860 employees and 140 agency workers at 4 warehouses, 1 cross-dock site, and 1 vehicle-maintenance yard; that is 100% of employees and 100% of controlled agency workers.
- We do not include 22 self-employed delivery drivers because their routes and work locations are set by their own businesses rather than by us.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- Coverage of the health and safety system — table: Whether a system is in place for staff and for other people working under the organisation’s control, with a simple yes/no view by worker group.
- Why the system was put in place — bar: A split between systems introduced because the law requires them and those introduced for other reasons.
- Standards or guidance used — table: Which recognised risk or management frameworks were used as the basis for the system, if any.
- Workforce and site coverage — stacked bar: How the system coverage is divided across worker groups, activities and workplaces included in the arrangement.
- Areas left outside the system — bar: Which worker groups, activities or workplaces are not covered, and the stated reason for each exclusion.
What separates a figure from a disclosure.
We have put a workplace health and safety system in place for our staff and other people working under our control.
We have put a workplace health and safety system in place for 1,250 staff and 320 other controlled workers across our offices and sites, and it is based on legal duties and recognised management guidance.
We have put a workplace health and safety system in place for 1,250 staff and 320 other controlled workers across all offices and sites this year, using legal duties and recognised management guidance, and the only area left out is one leased storage unit because it is run by a third party.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 403-1 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASE Technology Holding Co., Ltd. | Semiconductors · Taiwan | 2024 | Partial | p. 262 →p. 185 →p. 79 → | 2024 CSR Report → | Deloitte | |||||||||||||||||||||||||
Evidence in ASE Technology Holding Co., Ltd.’s reportWhat the report shows ASE Technology Holding Co., Ltd.'s 2024 CSR Report includes some coverage of occupational health and safety, with a specific reference to this topic on page 254 and related social data in an appendix (p.254, p.262). The report also mentions legal compliance and internal audits in the context of risk management on page 68, and discusses information security management systems on page 48. However, there is no clear or comprehensive narrative specifically detailing occupational health and safety measures or outcomes, and some expected narrative elements are either missing or unclear.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||
| Mega Financial Holding Co., Ltd. | Banks / Diverse Financials / Insurance · Taiwan | 2024 | Exact | p. 35 →p. 138 →p. 193 → | 2024 Sustainability Report → | PwC | |||||||||||||||||||||||||
Evidence in Mega Financial Holding Co., Ltd.’s reportWhat the report shows Mega Financial Holding Co., Ltd.’s 2024 Sustainability Report provides coverage on occupational health and safety, including data on workers covered by occupational health and safety measures linked to business relationships (p.193) and references to an occupational health and safety management system and committee (pp.156, 158). The report also mentions a 100% legal compliance training rate in 2024 (p.56) and outlines risk management implementation (p.48). However, there is no clear or quotable evidence regarding certain narrative items or methodology, leaving some aspects unclear or not found in the report.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||
| London Luton Airport Operations Ltd. | Air Transportation — Airport Services · United Kingdom | 2024 | Exact | p. 71 →p. 38 →p. 36 → | Sustainability Report 2024 → | BSI | |||||||||||||||||||||||||
Evidence in London Luton Airport Operations Ltd.’s reportWhat the report shows London Luton Airport Operations Ltd.'s Sustainability Report 2024 covers several aspects of occupational health and safety, including management systems and hazard identification, with relevant information found on pages 71 to 74. The report also addresses economic performance and material topics management on pages 14 and 70, and provides some details on activities and workforce on pages 66 and 67. However, there is no clear evidence regarding freedom of association, collective bargaining agreements, or child labour disclosures, as indicated by missing or unclear datapoints and the absence of relevant information in the report.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||
A manufacturer has one safety framework for its own staff, but contractors on the warehouse site follow a separate site rulebook. The reporting team is unsure whether to describe this as one system or two, and whether both groups sit inside the scope.How should the preparer decide what to say about whether a safety management system is in place for the people and workplaces the business controls?
A logistics group says its safety approach was built to meet local law in three countries. The draft report names the countries but does not say which legal duties shaped the system or whether those duties were the reason it was set up.What should the preparer check before describing the legal basis for the system?
A services company uses a health and safety framework adapted from a well-known risk standard, but only for office staff. Field technicians and temporary workers are managed through separate local procedures, and the team is unsure whether to mention the standard and the exclusions together.How should the preparer handle a system that is based on recognised guidance but does not cover everyone or every site?
A retailer has one safety system for stores and distribution centres, but head office staff are not included because they work remotely and are covered by a separate wellbeing process. The draft wording says only that the system covers “operational sites” and gives no reason for the omission.What should the preparer do about workers or workplaces that are left out of the described system?
See how companies actually report GRI 403-1 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
What do I need to gather before drafting GRI 403-1 Occupational Health and Safety on this page?
Start with the datapoints listed on the page: system coverage statement, legal basis, legal requirements list, standards basis, frameworks used, system coverage scope, and any exclusions with reasons. The page also has a step-by-step preparation section to help you turn those inputs into a draft. ↑ section
How do I decide the scope for GRI 403-1 Occupational Health and Safety using this page?
Use the page’s system coverage scope and exclusions fields to define what is in and out of scope, and record the reasons for any exclusions. The page is set up to help you explain the coverage clearly rather than assume a one-size-fits-all approach. ↑ section
What evidence should I keep for GRI 403-1 Occupational Health and Safety in case of assurance?
The page includes an evidence pack with five items and six assurance claims to verify, each framed around claim, risk and evidence. Use those to build a file that shows how the disclosure was prepared and what supports each statement. ↑ section
What are the common mistakes to avoid when preparing GRI 403-1 Occupational Health and Safety?
The page lists common reporting gaps and mistakes so you can check for missing scope detail, weak explanations, or unsupported statements before you finalise the disclosure. It is designed as a practical review aid rather than a compliance checklist. ↑ section
How can I use the Prep & Assurance workbook for GRI 403-1 Occupational Health and Safety?
The Download Centre includes a Prep & Assurance workbook in .xlsx format that you can use to capture the required datapoints and organise assurance evidence. The page also offers a printable Library Card in PDF if you want a lighter reference copy. ↑ section
What should the draft output for GRI 403-1 Occupational Health and Safety include?
The page gives draft-output support through visualisation ideas, narrative starters, and a GRI content-index line. That helps you turn the prepared data into a report-ready draft without starting from a blank page. ↑ section
Can I use the synthetic example on the GRI 403-1 Occupational Health and Safety page as a template?
Yes, the page includes synthetic illustrative example disclosures, including a quantitative table, to show how the disclosure can be presented. Treat it as a worked example only and make sure your own figures and wording match your actual data. ↑ section
How do I link GRI 403-1 Occupational Health and Safety to ESRS S1 without double work?
The page notes ESRS S1 (Own Workforce) as the closest correspondence, so you can reuse the same underlying data where it is relevant. It does not say the requirements are identical, so you still need to check the disclosure wording and presentation separately. ↑ section
Who should own the data for GRI 403-1 Occupational Health and Safety in my organisation?
The page is written for sustainability and ESG managers, HR or data owners, and assurance reviewers, so ownership should sit with whoever can explain the system coverage, legal basis, and evidence behind the disclosure. Use the preparation section and workbook to make responsibilities clear internally. ↑ section
Where can I find real company examples for GRI 403-1 Occupational Health and Safety?
The page has a 'From company reports' table that links to real published reports where the topic is disclosed. That can help you see how others have handled the topic, while still building your own disclosure from your own data. ↑ section
- GRI 403-1 Occupational Health and Safety workbook download and how to use it
- GRI 403-1 Occupational Health and Safety evidence pack what to include
- GRI 403-1 Occupational Health and Safety common mistakes and reporting gaps
- GRI 403-1 Occupational Health and Safety system coverage statement example
- GRI 403-1 Occupational Health and Safety legal basis and legal requirements list
- GRI 403-1 Occupational Health and Safety standards basis for system
- GRI 403-1 Occupational Health and Safety exclusions and reasons how to write
- GRI 403-1 Occupational Health and Safety draft narrative starters
- GRI 403-1 Occupational Health and Safety content index line example
- GRI 403-1 Occupational Health and Safety assurance claims to verify
- GRI 403-1 Occupational Health and Safety from company reports table
- GRI 403-1 Occupational Health and Safety ESRS S1 data reuse
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.