Everything You Need to Know About EHS Incident Reporting

What is an incident report?

At every workplace, there will be unplanned and undesirable occurrences. The facts and details of these events should be, and in some cases must be, documented in incident reports. For EHS professionals, incident reports usually cover workplace injuries and health and safety issues but they can also include damage to property and equipment, security lapses, environmental spills and releases, as well as near misses, which have the potential to cause, but do not actually result in, an interruption to operations.

The reporting process begins with fact finding and ends with recommendations for preventing future incidents. You should complete a report for any incident involving worker safety, even incidents that don’t result in an injury or illness, as soon as possible after the incident occurs. Not only do incident reports provide a record of everything that happened, they can also help get to the root cause of risks, failures, and other hazards that may have led to the incident so Corrective and Preventive Actions can be put in place.

Why is it worth your time to capture incident details?

A good incident management program can help to prevent future issues, lead to improved safety practices, protect organizations from financial and reputational damage, and provide employees with confidence that the company is looking out for their wellbeing. This is especially important with the changing expectations for Environmental, Social, and Governance (ESG) disclosures, since EHS leaders are accountable for compliance assurance, safety performance, and environmental impacts, some of the key elements of ESG performance.

When viewed over time and across locations, incident reports can be used to identify holistic problems within an organization’s safety processes and procedures. The data within the reports can be useful for trending and analysis and can help safety leaders and their teams collaborate and put effective controls into place. Keeping accurate incident reports can also simplify your internal and external reporting and streamline the sharing of information with insurance providers and Human Resources (HR) platforms.

Another reason to capture the details of all incidents is to meet compliance obligations based on the severity of incidents and injuries. Reporting incidents accurately not only keeps you in compliance but the data you collect and share helps the agencies get a sense of the hazards that are common to work environments so they can help all employers and employees avoid them.

Understanding what incidents you should record vs. what you must record

While there are many benefits to documenting incidents, there are also cases where you must record and report them in order to comply with the various regulatory agency requirements. Not understanding these requirements and responding accordingly could result in fines and penalties and expose your organization to legal risk.

  • Injuries and illnesses: The Occupational Safety and Health Administration (OSHA) requires many employers with more than 10 employees to keep a record of serious work-related injuries and illnesses; certain low-risk industries are exempted. Minor injuries requiring first aid only do not need to be recorded. All employers must notify OSHA when an employee suffers a work-related hospitalization, amputation, loss of an eye, or is killed on the job. Fatalities must be reported within eight hours, while an inpatient hospitalization, amputation, or loss of an eye must be reported within 24 hours.
  • Environmental Incidents: There are varying federal, state, and local rules about reporting spills and releases, depending on the chemicals that were spilled or released, how much was spilled or released, and whether the spill or release took place on land, into water, or into the air. You should record all relevant data about the chemicals involved, whether the spill or release was reportable, and if so, the agency to which the spill/release was reported. The Environmental Protection Agency (EPA) provides reporting requirements for oil spills and hazardous substance releases and recommends that any hazardous substance release or oil spill should be reported to the National Response Center.
  • Property Damage: There usually aren’t regulatory reporting requirements for property damage incidents, but if the damage is severe enough to a regulated source (even if there is no spill or release), the regulating agency could consider the repairs to be a major modification, which would then require a permit review. The insurance company may also have reporting requirements. In addition, there are management system standards, the American Petroleum Institute’s Recommended Practice 754 for example, that require reporting property damage when it exceeds various monetary thresholds.
  • Motor Vehicle Accidents: Injuries sustained in motor vehicle accidents would be covered by the reporting rules of injury/illness, but damage to the vehicle or other real/personal property usually doesn’t have regulatory reporting requirements. The incident itself will have Department of Transportation (DOT) reporting requirements if a commercial vehicle or driver was involved, and could also have reporting requirements under state/local motor vehicle rules such as failure to report an accident or leaving an accident scene. The insurance company may also have reporting requirements; capturing vehicle, driver, injury, and damage information can simplify sharing this data.
  • Near Misses: There are no regulatory reporting requirements for near-miss events, but some management system standards may require reporting them as evidence of the organization’s commitment to preventing incidents.

How to encourage incident reporting

It’s crucial to get employees involved in safety by reporting incidents and near misses. There are many schools of thought as to the best way to accomplish this, some favoring incentive programs or putting punitive measures into place for non-reporting, others allow for anonymous reporting or embedding reporting expectations into their corporate mission and vision. One thing that is universally agreed upon is the need for employee training. As part of any incident reporting program, employees must understand how to submit reports via the various methods so they can confidently do so when an incident does occur.

An obvious way to encourage incident reporting is to make the process simple. While paper-based reporting processes are still in use by some, leading organizations view them as inefficient and have shifted to the use of software tools, such as Dakota Scout, for capturing the facts of incidents. Providing a public portal that allows any employee, even those without a user account, to report incidents can also encourage incident reporting. Many safety managers and site leaders provide this via kiosks on the shop floor or by posting QR codes throughout the facility that can be scanned with mobile devices to initiate a report. The use of software also provides instant feedback to the reporter, usually with an incident ID number or email record, and keeps EHS leaders informed of new incidents in real time so they can act promptly.

What details should you capture in the initial report?

An incident report needs to include all the essential information about the event. Every organization must assess their need for sufficient details in the initial reports and weigh it against the potential reporting reluctance that requiring a high level of detail may cause. Finding a balance is important to success so it’s beneficial to discuss what is truly essential with site leadership and staff before implementing a program. Some details that you will likely want to capture as part of the initial report are:

  • Incident type
  • Date, time, and specific location
  • Names, job titles, and department of employees involved and their supervisor(s)
  • Event description – What events led up to the incident? What was the primary cause, secondary cause, and any supporting conditions? (e.g. slippery floor, inadequate lighting, noise, etc.)
  • What immediate actions were taken?
  • Witness comments
  • For Injuries and Illnesses: Type of injury, body parts involved, and extent of injuries
  • For Environmental Incidents: What chemicals/materials were involved, in what quantity and for what duration?
  • For Property Damage or motor vehicle accidents: What equipment, materials, etc. were involved?
  • For Near Misses: What was the hazard and potential severity?

The incident should be described in sufficient detail that anyone reading it can clearly picture what happened. Reporters should also consider including photos of the scene or diagrams that help to clarify the physical characteristics and timeline of the incident. Based on these details, site and safety leaders should be able to determine the sequence of events and start their investigation.

What happens after an incident is reported?

After the initial incident details are documented, the next step is to find out what happened so that preventive measures that will reduce the likelihood of it happening again can be put in place. In its guide Incident (Accident) Investigations, a Guide for Employers, OSHA provides a four-step approach to root cause investigations.

  • Preserve and Document the Scene
  • Collect Information
  • Determine Root Causes
  • Implement Corrective Actions

Both OSHA and EPA recommend that employers use an investigative technique called “Root Cause Analysis” or RCA. This type of investigation follows a systems approach, working from the principle that the root causes of an incident can be traced back to failures of the programs that manage safety and health in the workplace.

OSHA and EPA also encourage this approach for employers subject to incident investigation requirements under the process safety management (PSM) or risk management program (RMP) standards. Both the PSM and RMP standards require that employers initiate an incident investigation within 48 hours.

In their Fact Sheet “The Importance of Root Cause Analysis During Incident Investigation”, OSHA outlines the benefits of RCA for identifying all root causes, as there are often more than one, and tools for conducting RCAs, including:

  • Brainstorming
  • Checklists
  • Logic/Event Trees
  • Timelines
  • Sequence Diagrams
  • Causal Factor Determination

Regardless of the tools used, employers should be able to answer the important questions of what happened, how did it happen, why it happened, and what needs to be corrected.

Corrective Actions, which could include engineering controls, process changes, or personal protective equipment (PPE), can be initiated once the root causes are identified. The CDC’s National Institute for Occupational Safety and Health (NIOSH) lists a hierarchy of controls that you can use to determine how to implement feasible and effective control solutions. The most effective controls are elimination (i.e., physically removing the hazard) and substitution (i.e., replacing the hazard). Less effective are engineering controls (i.e., isolating people from the hazard), administrative controls (i.e., changing the way people work), and protecting the worker with PPE.

Recommendations for corrective actions might include immediate actions as well as long-term actions such as:

  • Employee training on safe work practices
  • Preventive maintenance activities that keep equipment in good operating condition
  • Evaluation of job procedures with a recommendation for changes
  • Conducting a job hazard analysis to evaluate the task for any other hazards and then train employees on these hazards
  • Engineering changes that make the task safer or administrative changes that might include changing the way the task is performed

Documenting the investigation process and Corrective Actions is important for business continuity and demonstrating compliance. Organizations that utilize software for these processes benefit from inherent functionality of user and time-stamped audit logs that show who did what and when, automated email alerts and notifications that ensure accountability for closing out Corrective Actions, and the ability to analyze and explore trends in the incident data.

Unlock hidden insights in your incident data

As mentioned earlier, most organizations have moved away from paper-based systems for incident reporting. As they migrated to digital processes for managing this data the benefits of software for analysis and trending were quickly realized. Even with simple tools like spreadsheets, EHS and business leaders could now look at incident data for all their locations in one place and begin to extract Business Intelligence (BI) that helped to inform decision making by corporate and site leadership. Such insights quickly led to increased visibility into EHS issues and have become the cornerstone of leading EHS programs.

Commercial software, like Dakota Scout, typically includes dashboards for common safety metrics such as Total Recordable Incident Rate (TRIR), which tracks all illnesses or injuries resulting from an incident or exposure while an employee was on the job, and Days Away, Restricted, or Transfers (DART), which measures the total average of cases in which employees were unable to perform their job duties because of a workplace injury or incident. Commercial software’s capabilities usually go far beyond those of spreadsheets for visualizing data, such as the ability to correlate injuries on body map diagrams to other data points in order to better understand the trends leading to such injuries.

Dakota Scout, for instance, includes a patented feature called Parametric Filtering℠ that allows safety leaders to explore data using interactive dashboards and filters. Such analysis is not only useful for identifying trends, it also helps to identify subtle correlations between data points that might go unnoticed with typical reporting tools. This type of data exploration allows EHS leaders to leverage their knowledge of the site, processes, and personnel, to identify areas of risk and proactively put controls in place.

Internal and external incident reporting

Gathering, organizing, and reporting information is a major component of any EHS program. Organizations that employ 250 or more workers and are currently required to maintain injury and illness records must electronically submit OSHA Form 300A data; the same is true for smaller businesses employing 20-249 workers in certain industries listed at 29 CFR 1904.41 Appendix A. Businesses in states with State Plans may also be required to submit data electronically; check with your State Plan office.

Once incident details have been digitized, generating reports and exporting data for your reporting to OSHA and other agencies is usually a matter of clicks. OSHA 300 (log of work-related injuries and illnesses), 301 (injury and illness incident report), 300A (summary of work-related injuries and illnesses), can also quickly be generated. Once exported, your organization’s injury and illness data (i.e., OSHA’s Form 300A) can be submitted electronically via OSHA’s Injury Tracking Application (ITA). Software is not required to submit this data, but it makes the process much easier.


Incident management is a major part of any EHS Manager’s job. Understanding the requirements for reporting and submitting to the various agencies is important, but the benefits go beyond compliance. Successful programs begin by establishing processes for submitting incidents, defining what facts are needed as part of the initial report, and training staff on those processes. Socializing these programs as part of the organization’s mission statement can help to get buy-in from workers on the shop floor and the executives in the boardroom.

Finally, organizations that utilize software tools to capture incident details, collaborate on investigations, document root causes, and track related Corrective Actions help and create visibility and accountability throughout the incident process. These organizations also benefit from the inherent tracking and analysis capabilities of such systems helping them gain a holistic understanding of their incident programs, proactively identify areas of risk, and promote a cycle of continuous improvement.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.