Contractor and Vendor HSE(Q) — Managing the Risk You Do Not Directly Control
April 2026 – Technique Works HSEQ Insights NewsletterBecause Your Barrier Management System Ends at Your Fence Line - the risk does not.Last month, we established that a risk register without verified barriers is not a risk management system. It is a filing system. We found, across engagements in Western Europe and the Gulf region, that the average industrial operation can produce functional test records for fewer than half of its documented critical controls when asked directly. The gap between a documented barrier and a verified one is where major incident sequences develop — not because organizations lack documentation, but because documentation has replaced management. This month, the argument extends to a category of risk that most executive teams have underestimated precisely because it sits outside their direct management hierarchy: the HSE(Q) performance of contractors and vendors operating within their facilities, under their permit conditions, and adjacent to the barriers their programs are supposed to protect. Most major incidents in high-hazard industrial environments involve contractors. The research supporting this is consistent, the case record is extensive, and the underlying reasons have been well understood for decades. What has not improved at the same rate is the management practice. Most organizations have built sophisticated contractor selection processes. Very few have built contractor integration processes. The gap between those two things is where the risk lives and where the incidents happen. This month, we examine three points at which contractor HSE(Q) management fails: the prequalification gap, the barrier bypass, and the supervision problem. 1. The Prequalification Gap — What Contractor Selection Actually TestsThe standard contractor qualification process evaluates documentation. Safety management system certificates. Incident rate records. Training credentials. Method statements. In many industries, an SQAS assessment or equivalent third-party evaluation is included in the pack. The result, when all boxes are checked, is a determination that the contractor company meets minimum HSE(Q) standards as an organization. That determination says nothing about the crew arriving on site tomorrow morning. A permit-to-work review at a pharmaceutical manufacturing facility in Germany. A maintenance contractor was engaged to perform planned shutdown work on a critical solvent-handling system. Qualification pack complete. The ISO 45001 certificate is current. The safety record shows three consecutive years without a lost-time incident. One question was put to the contractor supervisor before the first permit was issued: which isolation points apply to this task, and in what sequence? He could not answer. The isolation points were listed on the site's permit-to-work. They had been referenced in the prequalification criteria. The qualification process could not confirm whether this supervisor and his crew understood the site's specific isolation procedures, rather than just their company's general ones. He was operating according to a procedure that met regulatory requirements in any facility he had previously worked in. It did not meet this one's specific requirements. The permit was suspended. The maintenance window was delayed. An on-site competence assessment was conducted before work was reauthorized. The contractor completed the work safely once the gap was identified and closed. The qualification pack certified that this contracting company had a safety management system. What it had not certified was that the people in the room could operate within the client's parameters. A Pharmaceutical Manufacturer's Response to the Prequalification Gap The facility implemented a two-stage contractor competence verification protocol for all contractors working on safety-critical tasks. The first stage—the existing prequalification documentation review—remains in place. The second stage, added specifically to address the gap exposed by a previously occurred permit-to-work incident, required on-site demonstration of competence prior to permit issuance for any first engagement involving critical process systems. The protocol required contractor supervisors to review the permit-to-work sequence, identify isolation points for specific tasks, and confirm understanding of major hazard scenarios before granting authorization to work. Individual contractor crew members completed a site-specific induction focused on task-relevant hazards, rather than the previous general health and safety induction. A contractor performance register recorded permit-to-work compliance rates, near-miss reports, and safety observation scores per contractor company, creating a performance history that informed future qualifications independently of standard documentation. Results over fourteen months: zero permit-to-work suspensions due to contractor competence gaps in the twelve months following implementation, against four in the preceding twelve months. Contractor near-miss reporting increased by 89% — external teams began engaging with the site's reporting culture rather than operating in isolation from it. The CS3D due diligence documentation for contractor management, required for the group's compliance program under the EU Corporate Sustainability Due Diligence Directive, was assessed as complete and audit-ready by the group's external legal advisors. Lesson: A prequalification certificate confirms that a contractor company has a safety management system. It does not confirm that the crew arriving at your site can operate in your environment. The two are not the same. Treating them as equivalent creates a prequalification gap. Recommended Reading:
2. The Barrier Bypass — Where Verified Controls Meet Unmanaged ContractorsLast month's practical action asked readers to retrieve their top five major hazard scenarios and review the functional test records for each critical barrier on the threat side of the bow-tie. A barrier that has never been tested under demand conditions does not qualify as a verified control; rather, it is a documented assumption. This month’s extension: a functionally verified barrier can become ineffective if a contractor operates within its zone using their own, unidentified standards that differ from yours during the permit-to-work process. A specialty chemicals manufacturer in Rotterdam—handling Class 2 and Class 8 materials, operating under BRZO (Major Hazards Decree) permit conditions, with a barrier management program that had been implemented following an internal HSE(Q) systems review. Barrier verification records were current. The program was working. During a planned maintenance window for replacing the pressure relief valve on a critical reactor line, an external contractor team completed the isolation sequence. The work was performed under a current permit-to-work. The isolation was effective—no energy was released, and no incident occurred. Post-maintenance verification, conducted as part of the facility's barrier management protocol, found that the contractor team had used a group lockout procedure rather than the site's individual energy-isolation lock-and-tag standard. Both methods meet regulatory requirements. Both are recognized in international safety standards. They are not equivalent, as the site's barrier management standard explicitly requires individual locks with personal tags for work on safety-critical process lines. The contractor team had defaulted to their standard because it was the method they were trained in. The site's permit-to-work had specified the isolation points. It had not specified the isolation method in terms that would have surfaced the discrepancy before the work began. The barrier had been verified before the window opened. It had been maintained during the window in a way that did not conform to the verified standard. It had been restored and recorded as active when the window closed. The barrier management record showed continuity. The actual position was more complex. A Chemical Manufacturer's Contractor Permit-to-Work Integration Program The prequalification pack was redesigned to incorporate the facility's site-specific permit-to-work requirements — including the LOTO standard, the isolation methodology, and the restoration and verification requirements — as explicit qualification criteria. Contractors whose own procedures were not aligned were required to demonstrate adoption of the site standard or to present a technical equivalence case to the site safety function prior to qualification approval. A contractor permit-to-work simulation was introduced for first engagements on safety-critical systems: contractor supervisors demonstrated the isolation sequence on a training rig before being authorized to work on live equipment. The simulation took four hours for a typical crew. The cost of the near-miss it had not yet produced would have been significantly higher. A barrier-adjacent contractor monitoring protocol was established: any contractor working on or near a documented critical control required a client-side permit-to-work supervisor to be physically present during the isolation, work, restoration, and verification phases. Unsupervised work in barrier-adjacent zones was no longer permitted under the site's operating rules, regardless of the contractor's qualification status. Results over ten months: the first full year with zero post-maintenance barrier integrity discrepancies recorded in the barrier management log, against three in the preceding year. Contractor qualification completion rates for safety-critical task categories improved from 67% to 100%. A sector review of contractor management practices in the Dutch chemical industry, conducted by an industry body in the second half of 2025, referenced the facility's barrier-adjacent supervision protocol as an example of effective control. This finding informed the group's approach to contractor management at its other European sites. Lesson: A verified barrier that a contractor bypasses using their standard is not a protected control. It is a control with an undocumented vulnerability. Barrier management that does not extend to contractor activities within the barrier zone has a systematic gap. Recommended Reading:
3. The Supervision Problem — Where Contractor HSE(Q) Management StopsMost contractor HSE(Q) programs have two phases: qualification, followed by the assumption that qualified contractors manage themselves. What happens between site arrival and permit close-out is considered the contractor's operational responsibility. The client's role, in this model, ends at the gate. That model has produced a consistent pattern in major incident investigations involving contractors. The contractor held a current certification. The permit to work was issued. The supervision record showed the appropriate boxes checked. And somewhere between the permit issuance and the permit close-out, something happened that the existing records do not account for—because no one with accountability for contractor oversight was present when it happened. A hazardous materials logistics company operating from Lyon—handling Class 3 and Class 6 materials, operating under French transport and storage permit conditions. Since 2017, the Duty of Vigilance Law (Loi de Vigilance) has governed the company. As a mid-to-large operator in France's logistics sector, the company is subject to the staged obligations of the EU Corporate Sustainability Due Diligence Directive. An internal investigation was triggered by a near-miss during loading operations involving a forklift contractor team working in a zone adjacent to Class 3 storage. The investigation team traced the sequence of events through the permit records, the supervision schedule, and the contractor's own incident report. The contractor supervisor's signature appeared on the permit-to-work at the required checkpoints. The supervisor had been physically present for the loading operation at which the near-miss occurred. The site's supervision protocol addressed the client company's own supervisors. It had not been extended to cover the contractor's internal supervision arrangements. The client had confirmed the contractor team was on site. It had not been confirmed that the contractor's supervisor was at the location specified in the permit. The investigation identified this gap not as a contractor failure but as a client-side system failure. The contractor had submitted a permit-to-work with signatures. The client's system had accepted the documentation without the physical verification that would have confirmed the signatures reflected actual presence. A Hazardous Logistics Operator's Contractor Supervision Program A contractor supervision audit was introduced as a standing element of the site's permit-to-work management. For every active permit involving external teams handling hazardous materials or working in zones adjacent to the storage of classified materials, a client-side observer conducted a minimum 30-minute presence inspection per shift—unannounced, documented, and reported to the site safety function by the end of the shift. The permit-to-work close-out protocol was redesigned. The permit could only be closed by joint sign-off: the contractor supervisor and a client-side representative, physically present together at the work location at the time of sign-off. Remote sign-off was no longer accepted for any task category covered by the hazardous zone permit classification. CS3D due diligence documentation was integrated into the contractor management system. Evidence of due diligence in contractor supervision—observation records, joint permit close-outs, and contractor performance tracking—was captured per engagement and stored in the compliance record. The previous annual contractor review had produced a snapshot. The new system produced a continuous record. Results over twelve months: seven instances of permits signed without supervisor presence were identified in the first quarter of the program through the observation audit—all corrected before further work was authorized under those permits. Zero near-miss events involving contractor teams in the twelve months following program implementation, compared with two in the preceding twelve months. A compliance review by external legal advisors assessed the contractor supervision documentation as sufficient to demonstrate due diligence under existing French law and CS3D staging obligations. Lesson: Prequalification determines who arrives on your site. Supervision determines what they actually do. Most contractor HSE(Q) programs invest significantly in the first area. Most invest very little in the second. The incident record reflects that imbalance directly. Recommended Reading:
HSEQ Market Insights — April 2026Trends Shaping the HSE(Q) Industry: Gulf SQAS and the Contractor Management Shift. The SQAS (Safety and Quality Assessment for Sustainability) framework, managed by Cefic and used to qualify contractors in the Gulf chemical logistics industry, is being updated to place greater emphasis on how companies oversee their contractors' HSE(Q) performance. Organizations that have viewed SQAS as just a certification rather than a tool for managing their supply chain. Organizations that have seen SQAS only as a certification instead of a way to manage their supply chain are now facing assessors who specifically want to know how they monitor, track, and respond to contractor HSE(Q) performance between qualification reviews. Companies that can demonstrate contractor management, rather than just contractor selection, will retain and grow their Gulf business relationships. CS3D Implementation and Supply Chain Liability Exposure. The EU Corporate Sustainability Due Diligence Directive is already changing how industrial operators in Germany, France, and the Netherlands approach contractor management documentation, with its first-tier implementation obligations applying to large European companies from 2027. Legal teams advise that CS3D due diligence standards encompass contractor health and safety performance, creating parent-company exposure to incidents on client sites if due diligence is inadequate. Organizations waiting for 2027 to begin building their contractor due diligence records are making a preparation error — the records they will need to produce in 2027 should be accumulating now. Insurance Market Specification on Contractor Control. Industrial property and liability underwriters are increasingly applying specific contractor-management questions to renewal assessments in the hazardous materials, petrochemical, and pharmaceutical sectors. The question is no longer, "Do you operate a contractor qualification process?" The question is, "What is your supervision protocol for contractor work on safety-critical systems, and what records does it generate?" Organizations that do not have records demonstrating they actively supervise—rather than just having qualification documents—face coverage limits and higher insurance costs related to maintenance and contractor work risks. Personalized Recommendations for Our SubscribersRead your contractor qualification criteria as if you were a contractor company undergoing evaluation. Count the questions that require documentation, and count the questions that require demonstrated competence—not submission of a certificate, but evidence of actual ability to perform within your specific permit-to-work and isolation standards. If the documentation questions outnumber the competence questions by more than two to one, your qualification process selects for paperwork rather than performance. That ratio tells you where your contractor risk sits. Map your contractor supervision coverage against your barrier-adjacent work zones. For every zone in your facility where a documented critical control is located, determine whether your current contractor management protocols require a client-side representative to be present when contractor work is active in that zone. If the answer for any barrier-adjacent zone is "no" or "it depends on the task," you have an unsupervised gap in your barrier management system. The barrier was verified. The supervision of the people working near it was not extended to cover them. Please review your contractor management documentation against CS3D's due diligence standard before your legal team requests it. The question CS3D creates is not whether your contractors are qualified. The question is whether you can demonstrate active, continuous due diligence in managing their performance on your site. An annual qualification review and a permit-to-work record do not constitute that demonstration. A contractor supervision log, a performance register, and joint permit close-out records come significantly closer together. Questions for You to ConsiderWhat is the difference between contractor prequalification and contractor competence verification? Contracting evidence of prequalification confirms that a contracting company meets the minimum HSE(Q) documentation requirements, including standards, certificates, incident records, and management systems. Competence verification confirms that the specific crew and supervisor arriving on your site can perform in accordance with your permit-to-work standard, your isolation procedures, and the major hazard context. The first is a review of what a company has built. The second is a test of what the people in front of you can do. Most contractor HSE(Q) programs invest in the first and assume the second follows. The investigation record suggests otherwise. Why can a contractor bypass a documented barrier without any intent to do so? The contractor is operating to their standard, which may meet regulatory requirements at every other site they work in, but not at yours. The gap is not malice or negligence; it's the lack of explicit integration between two systems that were thought to be compatible. When a contractor's permit-to-work standard and a client's barrier management standard are not formally reconciled, the contractor defaults to their established practices. The client's system presumed an alignment that never materialized. What does ISO 45001 Section 8.1.4 require of your organization regarding contractors? Section 8.1.4 of ISO 45001:2018 extends OHSMS obligations explicitly to contractors, outsourced processes, and procurement. The standard requires that organizations determine and apply controls to ensure that external providers operate in conformance with the organization's occupational health and safety management system requirements. The scope of an ISO 45001 certification extends beyond the organization's own workforce. It includes, as an explicit requirement, the HSE(Q) management of contractors operating within the certified scope. Most organizations with ISO 45001 certification have not read that section as a contractor management obligation. Their system documentation and their contractor map practices often reflect that gap. The Practical ActionIdentify the last maintenance window at your facility where a contractor was on site working without a client-side representative present in the work zone. This should not be the final window in the overall process. The last work the contractor team was working on was under a current permit-to-work, with no client-side person present to observe the work in progress. Map every documented critical control within the contractor's work zone for that window. Use your risk register or your bowtie for the relevant process area. List every barrier that was within the contractor's operational envelope. For each barrier on that list, answer three questions:
If you cannot answer all three questions for each barrier, your contractor's HSE(Q) program manages the contractor's arrival on your site. It did not manage the contractor's work. That is the boundary of what most programs actually cover. In the absence of client-side supervision, everything that happens between site arrival and permit closeout occurs outside the effective reach of your HSE(Q) management system— regardless of what the permit records show. Next Month: Emergency Preparedness — The Gap Between the Drill and the Real EventIn May, we examine a risk management dimension that most organizations believe they have addressed — and discover, when the real event occurs, that they have addressed the drill rather than the emergency. The gap between a successful exercise and a functional emergency response is wider than most emergency plans acknowledge. We will examine what that gap looks like, where it appears most consistently, and how high-reliability organizations close it before the event rather than after. Get the free 30-Minute Compliance Vulnerability Audit for High-Risk Operations and use the contractor management module to check where your gaps in prequalification, supervision, and control measures are right now. → https://techniqueworks.kit.com/compliance-audit Amador Brinkman · Technique Works |