If it isn't recorded, you can't prove you did it
Good records are how you prove you met your health and safety duties. Some retention periods are set by law — records of a notifiable event must be kept for at least 5 years — and some health-monitoring records must be kept much longer. Keep the right records, control versions, and make them easy to find.
If it isn't recorded, you can't prove it happened — and proving it is much of the game.
Your duty is to do what is reasonably practicable, but a regulator, a client or a court can only see what you can show them. Records are the evidence that you identified your risks, controlled them, trained your people and acted on incidents. They also underpin officer due diligence: leaders demonstrate oversight through the reporting and records they received and acted on. Good records protect the business and the people in it.
Keep the records that show your system working — from your policy through to the actions you took.
Some retention periods are fixed by law; for the rest, keep records long enough to show your system over time.
The clearest legal rule is for notifiable events: you must keep a record of each notifiable event for at least five years from the date it is notified to the regulator. Some records must be kept far longer — health-monitoring records for certain hazardous work, for example, can require retention for many years, in some cases decades, because the health effects may appear long after the exposure. When a specific period is not set, the safe approach is to keep records long enough to demonstrate your ongoing management, and when in doubt, keep them longer rather than shorter.
Retention rules vary by record type and by the regulations that apply to your work. Check the specific requirement for specialised records such as health monitoring, asbestos and hazardous substances.
Document control means everyone is always working from the one current, correct version — not an old copy.
The essentials are simple: give each document a date and a version number, keep only one current version in circulation, archive superseded versions rather than deleting them, and control who can edit the masters. The failure mode to avoid is a worker following last year's procedure because three versions are floating around in different folders and inboxes. Good version control quietly prevents a whole category of mistakes.
Either is fine — but digital makes retention, search, version control and access far easier.
There is no requirement that records be on paper. A digital system makes it simple to find a record on demand, keep a single current version, apply retention rules and show an auditor exactly what they ask for. Whichever you use, make sure records are secure, backed up, and accessible to the people who need them.
Keep current documents, version control and retention sorted in one place. Book a demo and we'll show you how it works — free 30-day trial included.
It depends on the record. A record of a notifiable event must be kept for at least five years from when it is notified. Some health-monitoring records must be kept much longer, in some cases for decades. Where no specific period applies, keep records long enough to demonstrate your ongoing management.
Your policy and procedures, hazard register and risk assessments, incident and notifiable-event records, training, competency and induction records, contractor and visitor records, plant maintenance, safety data sheets and hazardous substance inventories, and emergency plan and drill records.
No. Records can be digital. In fact a digital system usually makes it easier to keep a single current version, find records on demand, apply retention rules and produce evidence for an auditor or regulator. Whichever format you use, keep records secure and backed up.
Document control means everyone works from one current, correct version of each document. You date and version documents, keep a single current copy in circulation, archive superseded versions, and control who can edit the masters — which prevents people following out-of-date procedures.
Make records available to the people who need them to do their job safely — while protecting personal and health information appropriately. Workers and their representatives are generally entitled to health and safety information relevant to them; sensitive personal information should be handled in line with privacy obligations.
