Health and Safety Standards in ESG Investing
What Standards Define Good Occupational Health and Safety Management?
Occupational health and safety (OHS) management is one of the most mature areas of corporate social performance, with well-established standards, regulatory frameworks, and quantitative metrics. The practical question for ESG investors is not whether OHS matters — it clearly does — but how to distinguish companies with genuinely excellent safety cultures and systems from those that meet minimum legal requirements while tolerating preventable harm.
Occupational health and safety standards are frameworks that define the policies, procedures, and management system elements required to systematically identify and control workplace hazards, prevent injuries and illnesses, and continuously improve safety performance.
Key Takeaways
- ISO 45001, the international OHS management system standard, provides the most globally recognized framework for assessing health and safety system quality.
- OSHA (US) and equivalent national regulators publish inspection, citation, and penalty records that provide externally verified compliance quality signals.
- The IFC Performance Standard 2 (PS2) sets internationally recognized standards for workers in IFC-financed projects.
- Process safety management (PSM) is a distinct category from personal safety; major process accidents (Texas City, Deepwater Horizon) illustrate the catastrophic potential of PSM failures.
- Zero harm is achievable: companies like DuPont, Alcoa, and several mining majors have demonstrated multi-decade safety improvements using systematic OHS management.
ISO 45001: The Global OHS Management Standard
ISO 45001, published in March 2018, replaced OHSAS 18001 as the primary international OHS management system standard. It follows the High-Level Structure (HLS) used across ISO management system standards (ISO 9001, ISO 14001), enabling integrated management system implementation.
Core Elements
Context of the organization: Understanding internal and external factors that affect OHS performance; needs of workers and other interested parties.
Leadership and worker participation: Top management commitment; consultation and participation of workers, including non-management employees, in hazard identification and risk assessment.
Planning: OHS risk assessment; identification of hazards; legal and other requirements; OHS objectives and planning to achieve them.
Support: Competence, awareness, communication, and documented information.
Operation: Operational planning and control; management of change; procurement; contractors and outsourcing; emergency preparedness and response.
Performance evaluation: Monitoring, measurement, analysis, and evaluation; internal audit; management review.
Improvement: Incident investigation; nonconformity and corrective action; continual improvement.
Certification Significance
ISO 45001 certification requires third-party audit by an accredited certification body. For ESG analysis, the coverage scope of certification matters as much as certification itself: certification covering only office operations while excluding manufacturing or field operations is less meaningful than site-level certification across all significant operational risk.
Approximately 250,000 organizations were ISO 45001 certified as of 2022, concentrated in manufacturing, construction, and industrial sectors.
OSHA and Regulatory Frameworks
US OSHA
The US Occupational Safety and Health Administration enforces the Occupational Safety and Health Act of 1970. Key metrics available from public OSHA records:
Inspection records: OSHA conducts approximately 30,000 inspections annually. Inspection frequency is risk-weighted; companies in high-hazard sectors receive more inspections. High inspection frequency for a given facility may reflect poor performance history.
Citation and penalty data: OSHA citations and penalties are public record and searchable on the OSHA website. Citation frequency, citation severity (serious, willful, repeat, other), and penalty amounts are direct regulatory quality signals. A "willful" citation indicates that the employer knew about the hazard and failed to address it — a particularly serious governance signal.
OSHA 300 Logs: US employers are required to record workplace injuries and illnesses on OSHA Form 300. Large employers (250+ employees) were historically required to submit summary data electronically; OSHA's new Electronic Injury and Illness Tracking requirements (expanded 2024) extend electronic submission to more establishments.
Process Safety Management (PSM): OSHA's PSM standard (29 CFR 1910.119) applies to facilities with highly hazardous chemicals above threshold quantities. PSM inspections have found persistent non-compliance in refinery and chemical facility sectors. The 2005 Texas City refinery explosion (15 deaths, 180 injuries, $1.6 billion in BP settlement costs) was preceded by years of PSM compliance failures that were known to regulators and management.
Process Safety: A Distinct and Critical Dimension
Personal safety metrics (TRIR, LTIR) measure the frequency of individual injuries. Process safety addresses the prevention of major accident events — explosions, toxic releases, catastrophic equipment failures — that can kill multiple workers simultaneously and cause community harm.
Process Safety KPIs
The Process Safety Performance Indicators guidance from CCPS (Center for Chemical Process Safety) and IOGP (International Association of Oil and Gas Producers) distinguishes:
Tier 1 Process Safety Events: The most serious events — losses of primary containment that result in fatalities, major injuries, or significant community impacts. Tier 1 PSER (process safety event rate) is normalized per 200,000 hours worked.
Tier 2 Process Safety Events: Losses of primary containment of lesser severity that meet defined criteria. Tier 2 PSER indicates near-miss events and is a leading indicator of Tier 1 risk.
Leading indicators: Demand on safety systems (safety critical equipment activation frequency), overdue safety critical element inspections, number of process safety near misses, and management of change compliance rates.
Investor Application
For chemical, refinery, petrochemical, and LNG companies, process safety track record is a material investment consideration distinct from personal safety metrics. BP's Deepwater Horizon disaster (2010, $65 billion in total costs) and Chevron Phillips's Houston-area explosion (2019) demonstrate that single process safety events can produce losses exceeding the entire annual profit of the responsible company.
IFC Performance Standard 2 (PS2)
The IFC's Performance Standard 2 (PS2) on Labor and Working Conditions applies to all IFC-financed projects and is adopted by the Equator Principles financial institutions. PS2 requires:
- Working conditions that are safe and healthy, meeting applicable national laws and IFC good practice
- A health and safety management system commensurate with risks
- Occupational injury and illness prevention programs
- Worker insurance or compensation programs
- Emergency preparedness and response plans
- Health and safety training for all workers, including contractors
For project finance transactions, PS2 compliance is contractual. For listed equity investors in resource and infrastructure companies, PS2 provides a reference standard for what best-practice OHS management looks like at new project development.
Contractor Safety Management
A persistent OHS challenge is that contractors — who often perform the most hazardous work (construction, maintenance, drilling) — are frequently excluded from reported OHS metrics or treated inconsistently. Best practice requires:
- Contractor prequalification on safety performance (minimum TRIR threshold for contractor selection)
- Contractor induction and site-specific safety training
- Inclusion of contractors in TRIR/LTIR calculations (denominator: total worker-hours, including contractors)
- Contractor safety audits and performance monitoring
Companies that report OHS metrics for employees only while employing large numbers of contractors in hazardous roles are presenting misleadingly positive safety pictures. ESRS S1 requires disclosure of whether safety metrics include contractors; GRI 403-9 distinguishes employee and contractor injury rates.
The DuPont Safety Culture Model
DuPont Safety Consulting developed one of the most widely adopted safety culture frameworks — the Bradley Curve — which describes organizational safety evolution through four stages:
- Reactive: Safety is compliance-driven; incidents are inevitable
- Dependent: Supervisor-enforced safety rules; behavior changes when observed
- Independent: Personal values drive safety behavior; individuals take responsibility
- Interdependent: Team-based safety culture; colleagues hold each other accountable
Organizations at the interdependent stage achieve the lowest injury rates. The progression requires consistent leadership commitment, active management engagement, worker involvement in hazard identification, and genuine psychological safety to report concerns without fear of punishment.
Common Mistakes
Treating TRIR as sufficient for process-hazard industries. Personal safety metrics are necessary but not sufficient for chemical, refining, and oil and gas sectors. Investors must separately assess process safety indicators.
Accepting company-reported metrics without OSHA cross-referencing. OSHA citation data, where available, provides externally verified compliance quality information that cross-checks corporate self-reporting. Significant discrepancies between reported TRIR and OSHA citation frequency merit investigation.
Ignoring contractor OHS data. Fatal incidents in the oil and gas industry disproportionately affect contractors; a company with zero employee fatalities but multiple contractor fatalities has a safety culture problem that aggregate metrics hide.
Frequently Asked Questions
What is a VPP site and why does it matter? OSHA's Voluntary Protection Programs (VPP) recognize worksites that have achieved exemplary OHS management systems — TRIR consistently below industry average, comprehensive management system, and active worker participation. VPP Star recognition is the highest designation. VPP sites are released from routine OSHA inspections (though not from response to complaints or serious incidents). VPP status is a meaningful OHS quality signal for US industrial sites.
How does ESRS S1 address OHS disclosure? ESRS S1 requires large EU companies to disclose TRIR and lost day rate for own employees and contractors; to describe their occupational health and safety management system, including whether it is certified; and to identify the main types of injuries and occupational diseases by gender.
Related Concepts
Summary
Occupational health and safety management quality is assessed through a combination of quantitative performance metrics (TRIR, LTIR, fatality rate, process safety event rates) and management system quality indicators (ISO 45001 certification scope, OSHA citation history, PSM compliance). For personal safety, ISO 45001 and the OSHA record provide the primary external benchmarks. For process safety, Tier 1 and Tier 2 PSER, combined with leading indicators, address the catastrophic event risk that personal safety metrics cannot capture. Contractor inclusion in reported metrics is a critical quality check. Companies progressing up the Bradley Curve toward interdependent safety cultures achieve the consistently superior performance that makes OHS a genuine competitive differentiator in industrial sectors.