Contractor HSE capability assessment a

Supplement to Report 423

THIS EXCEL DOCUMENT WAS PRODUCED FROM IOGP REPORT 423-01, VERS
PLEASE CHECK THE IOGP LIBRARY FOR THE MOST CURRENT VERSION - WW

Contents
Scope and HSE capability assessment: overview and scoring system This sheet
Table 1 – Questionnaire for contractor HSE capability assessment Sheet 2

Scope
Report 423-01 is a supplement report to IOGP Report 423, HSE management – guidelines for working together i
Report 423 around a contractor HSE capability assessment questionnaire and scoring system, along with an audi

In this excel document Table 1 from report 423-01 (a questionnaire for contractor HSE capability assessment) h
The suggested scoring system outline in report 423-01 is reproduced below. Please familiarise yourself with

This questionnaire is suggested for use during Phase Two: Sourcing/capability assessment when clients screen p
questionnaire is intended to be provided by the client and completed by the contractor.

In many cases, the completed questionnaire may be validated via an audit, by a suitably trained independent pe
These exercises should take place sequentially so that the independent person can challenge the individual withi
form.

HSE capability assessment: overview and scorin

The Contractor’s capability assessment questionnaire may be evaluated by attaching a score to the selected resp
follows:
D C B A

Unacceptable Poor Acceptable Excellent

0 3 6 10

The HSE capability assessment scoring approach should reflect the layout of the client’s HSE-MS to show how th
(recognizing at this stage Clients are not asking the potential contractors to meet any requirements). In reviewin
areas within the HSE-MS but should not drift into adjacent areas which might not be relevant.
The Client should consider emphasizing or de-emphasizing portions of the questionnaire by assigning weighting
assigning lower weighting to security capabilities when security is not viewed as a particular risk, or where matte
industry. This assessment questionnaire is for the HSE-MS of the contractor, and is contract independent.
Scores of 0 should normally indicate that a Contractor should not be considered as suitable for inclusion on the t
issues to be addressed during the tendering process if the Contractor is still to be considered.
The questionnaire and scoring system offered in Table 1 use IOGP Report 510, Operating Management Systems
reflect the purpose and expectations for the relevant OMS element. The questions are designed to help contracto
set in IOGP 510.
 ssment and scoring system
RT 423-01, VERSION 1.0.
T VERSION - WWW.IOGP.ORG

This sheet

s for working together in a contract environment . It contains additional guidance to

stem, along with an audit checklist.

capability assessment) has been converted for practical use.

miliarise yourself with reports 423 and 423-01 before using this tool.

nt when clients screen potential contractors and their HSE Management Systems. The

trained independent person (either from a third party or within the client organization).
enge the individual within the contractor organization, who completed the assessment

and scoring system

core to the selected response for each category. A suggested scoring system would be as

HSE-MS to show how the contractor’s capability aligns with the clients HSE-MS
quirements). In reviewing HSE capability, the assessment should focus on all relevant
vant.
by assigning weighting factors in consideration of the specific industry risks. e.g. by
ular risk, or where matters related to security are not specifically addressed in the
act independent.
ble for inclusion on the tender list. Any sections rated 0 should be highlighted as specific
ered.
g Management Systems Framework as a basis. The descriptors for the scoring categories
esigned to help contractors demonstrate that their HSE-MS meets the HSE expectations
Table 1 – Questionnaire for contractor HSE capa

General guidelines for completion of questionnaire:

• This questionnaire covers the information required to assess the extent to which HSE and its management are
• When completing the questionnaire, the contractor should include all associated contractor activities and relev
• Emphasis should be placed on the need for complete answers substantiated by supporting documentation as i
documentation should relate specifically to the contractor’s local organization (that is where the contract work w

• The questionnaire should be validated by a responsible contractor line manager prior to submission.
• Where a question has been developed from the details within IOGP Reports 510 and 511, these are identified
Practice and “(M)” for a Measure, with the accompanying reference number also. For example “(E1.3)” indicates

Client guidelines for the use of the questionnaire:

• The submissions may be assessed by a scoring mechanism in the evaluation process, such as that provided in

• A follow-up discussion with the contractor’s management may be needed.

• Contractors should receive feedback on the results of the client’s evaluation.

Company name: Date: Location: Use:

Fill in b

Element 1: Commitment and accountability

1.1 Commitment a) 1. How are managers personally involved in HSE aspects? (E1.2)
and accountability
to HSE aspects

a) 2. What is the responsibility of managers in this respect? (P1)

b) How do managers ensure commitment from the workforce to perform activities
in accordance with company policies, standards and objectives, and in compliance
with external requirements? (E1.3)

c) How does the contractor ensure learning from internal and external sources
and promote continuous risk reduction and performance improvement? (E1.8)

d) Provide evidence of accountability and commitment at all levels of the

organization. (E1.5)

e) Is there a code of conduct in place to establish behavioural, ethical and

compliance obligations for employees? If yes, please provide a copy. (E1.4)

f) 1) What communication and engagement mechanisms are established? (E1.6)

f) 2) How is responsibility assigned for prompt, appropriate and engaging

communication to those involved in delivering HSE performance? (P1)

g) 1) Provide evidence to show that the HSE-MS is in place across the

organization, with priorities established, authorities and accountabilities assigned,
and resources allocated. (E1.1)
 g) 2) Who in your organization is accountable for the oversight and co-ordination
of activities within the scope of their part of the HSE-MS? Are they also
accountable for monitoring effectiveness? (P1)
Provide evidence of processes in place to manage documentation ensuring the
latest versions are approved, identifiable and available, with defined retention,
back-up and archival systems for management of information and related records.
(E1.7)

A/B/
D- Unacceptable C - Poor B- Acceptable A- Excellent C/D

No evidence of personal Some evidence of personal

commitment on the part of commitment on the part Evidence of personal
all the organization’s of all the organization’s commitment on the part of all
managers and workers. None managers and workers. Some the organization’s managers and Evidence of mindfulness and a
of the personnel who direct of the personnel who direct workers. Accountability based on strong, proactive HSE culture in
and control activities and control activities well-defined authority levels, senior management and at all levels
understand their understand their acceptance of decision making throughout the organization.
accountability for HSE-MS accountability for HSE-MS and a clear understanding of job
policies, systems, decisions, policies, systems, decisions, responsibilities.
and outcomes. and outcomes.

Element 2: HSE Policies, standards and objectives

2.1 HSE Policies and a) Who is the most senior person in the organization responsible for
standards authorization of PSOs appropriate to each activity? Provide name and title. (E2.2).

b) 1) Does your company have HSE policies and standards in place which
establish risk- based requirements, including the commitment to comply with
applicable regulatory or other requirements? (E2.3)

b) 2) How do you communicate your policies and standards to all of your

employees? (E2.3)

b) 3) What are your arrangements for advising employees of changes in the

policies or standards? (E2.3)
 c) 1) How do you identify new industry standards or regulatory requirements
that may be applicable to your activities? (E2.3)

c) 2) Describe the process used for producing, updating and disseminating

standards. (E2.3)

c) 3) Are your company standards aligned with IOGP/industry guidelines or

recommended practices? If yes, state which. (E2.3)

c) 4) Describe process for review of applicable regulations and standards at the

local, national, regional and international levels to ensure Policies and Standards
are aligned and remain up-to-date. (P2)

c) 5) Where do you define the company standards you require your contractors
to meet? (P2)

c) 6) How do you ensure these standards are met and verified? (P2)

2.2 HSE Objectives a) Does your company have HSE objectives which include measurable success
criteria based on continuous improvement; maintaining standards; or compliance
with policy, regulatory or other requirements? (E2.4)
If the answer is yes, please attach a copy.
 b) Describe how you communicate your HSE objectives to all your employees.
(E2.4)

c) What initiatives or campaigns have been developed at an appropriate level of

the company to meet short and long-term strategic objectives? (P2)

2.3 Policies, a) How do you ensure that the PSOs defined address applicable aspects of your
Standards and business activities throughout their life cycle? (E2.1)
Objectives (PSO)

b) Are there different entities operating on the same facilities (including joint
venture partnerships) and have PSO been harmonized to ensure a consistent
message and application? If yes, please provide an outline of harmonization.
(E2.5)

c) Describe the process used to review PSOs, including how these are
documented and approved by a competent authority. Please provide an example.
(E2.6)

d) How does your organization gather and consolidate feedback on PSO

applicability and effectiveness and use this to identify shortfalls against
expectations? (P2)

e) Describe the process used to risk-assess and approve an exemption or

deviation from an HSE MS requirement and how you ensure the approval is by an
appropriate level of management. (P2)

A/B/
D- Unacceptable C - Poor B- Acceptable A- Excellent C/D
 Appropriate PSO are in place to
Appropriate PSO are in place to define the expected outcomes of
Policy statements and basic define the expected outcomes of HSE-MS implementation. PSO
No written HSE policies, HSE HSE performance standards HSE-MS implementation. PSO providing commitments and
performance standards or exist on paper but have not providing commitments and boundaries, assisting the company to
objectives endorsed by been well communicated boundaries and assisting the meet or exceed regulatory
senior management. to the organization, no HSE company to meet regulatory requirements and other voluntary
objectives defined. requirements and other commitments and setting responsible
voluntary commitments. expectations where regulatory
requirements do not exist.

Element 3: Organization, resources and capability

3.1 Organizational a) How is your organization structured to effectively implement the HSE-MS and
Structure for HSE ensure compliance with legal and other requirements? Please provide an
Management organization chart. (E3.1)

b) When organizational change is necessary, what process is in place to assess,

mitigate and review actual and potential risks, as well as impacts on operating
activities and the HSE-MS itself? (P3)

c) How do you ensure people in roles identified as HSE critical can be replaced
e.g. due to retirement, transfer or leaving the role for other reasons? (P3)

d) What mechanisms and programmes for joint participation and management

consultation within the workforce do you have? (E3.5 & P3)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

The organization with defined

HSE responsibilities,
The organization has no Limited organization with
accountabilities and authorities
defined HSE responsibilities, defined HSE responsibilities, “Acceptable” together with a process
is structured
accountabilities and accountabilities and to ensure extension of HSE-MS
to deliver its planned objectives
authorities. There is no authorities. They have some consistency towards contractors, who
effectively and efficiently. They
evidence of equipment, equipment, processes and are a key resource when deployed to
have the right equipment,
processes and skilled people people in place, but limited increase the organization’s capability.
processes and people in place,
in place. specialist HSE resources..
with the right skills at the right
time.
3.2 Resources and a) What recruitment, deployment, career development, retention and succession
capability plans are in place? (E3.2)

b) What HSE training programmes do you have in place for the following: (E3.2)

b) 1) Managers and supervisors at all levels who will plan, monitor, oversee and
carry out the work?

b) 2) HSE specialist personnel within your organization? Please specify the

resources available. (E3.2)

b) 3) Other HSE personnel?

b) 4) Employees to ensure they have adequate knowledge of basic industrial

HSE? (E3.2)

b) 5) Employees to ensure they have been instructed and have received

information on any specific risk factors and risks arising out of the nature of their
activities e.g. job and site orientations? (E3.2)
 c) Describe the process used to periodically review and update HSE training e.g.
to meet HSE objectives and applicable legal or other HSE requirements. (E3.2)

d) Where HSE training is given in-house, please describe the content and
duration of courses.

e) What tools to do you use to identify and access HSE specific resources, skills
and knowledge? (P3)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Verbal instructions on
company procedures only. Capability of managers and
“Acceptable” together with follow-up
No formal HSE training Documents provided for new workforce is supported by
observation of employee’s
programme. No specialized employees but no appropriate levels
performance. Additional HSE training
HSE training for managers, on-the-job orientation by of competence, skills, experience
provided to address any gaps
supervisors or specialists/ supervisor. Some and behaviour to work
identified and changes in job
personnel. specialized HSE training for effectively and meet HSE-MS
responsibilities/ function.
managers, supervisors or Expectations.
specialists/personnel.

3.3 Competence a) Does your organization have a competence assurance process in place? If yes,
assurance please describe the scope and content of your competence assurance process.
(E3.3)

b) What clearly defined HSE competencies are required for the individual roles
and jobs within teams? Please provide an example of training matrix. (P3)
 c) What measures are in place to review individual’s or team’s capability and
address temporary any gaps? (P3)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

A competence assurance
process exists to screen, select,
train and conduct ongoing
assessment of the HSE “Acceptable” Column together with
Some general competence qualifications, fitness-for-task, Critical roles in terms of operating risk
profiles available, but enabling may also be identified, documented,
not specifying the training behaviours, and supervisory tracked
No evidence of competence
needed or HSE needs and abilities of the and regularly reviewed. This ensures
assurance in place.
qualifications for specific job workforce to meet specified job appropriate priority is given to
requirements. Records exist requirements. Records are assessment, training requirements,
but are not kept up to date. retained and kept up-to- date to fitness-for- task, development plans,
assure that training has been mentoring and performance review.
completed and competencies
have been assessed as
adequate.

3.4 Allocation of a) What system is in place to allocate appropriate and sufficient internal and
internal and external resources to meet HSE objectives? (E3.4)
external resources

b) Does your company have a contractor management process or system? If yes,

provide an outline of the process. (E3.4

c) 1) How do you asses the HSE capability and capacity internally, and if
external resources are needed, of your suppliers and contractors? (E3.4)

c) 2) What programmes have you put in place to enhance opportunities for local
sourcing of people, goods and services? (P3)
 d) How do you ensure that plans are established amongst suppliers and
contractors, for personnel identification in HSE critical roles and how they can be
replaced if they retire, transfer or leave their role for other reasons? (P3)

e) Do you provide HSE specific training, tools and initiatives to improve the risk
awareness and performance of suppliers and contractors who provide goods and
services? If yes, please provide an outline. (P3)

f) What HSE training do you provide to managers and workers responsible for
contracting activities and oversight of contractors? (P3)

g) 1) How do you agree upon the interfaces and other bridging mechanisms for
activities involving multiple parties using different management systems? (P3)

g) 2) How do you identify alignment and relevant gaps (including roles,

responsibilities and actions) in the different management systems of the
participants? (P3)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

System in place for allocation of

appropriate and sufficient
Basic system in place for
internal and external resources.
allocation of appropriate and “Acceptable” together with follow-up
No written process for Contractors are selected with
sufficient internal and conducted on the HSE performance
allocation of appropriate and consideration of HSE abilities.
external resources. For of their contractor. Contractor and
sufficient internal and Relationships are established
management of suppliers and their contractors working together for
external resources. and verification controls
contractors, selection process achievement of HSE objectives.
to maintain sufficient and
limited in HSE criteria.
effective supply of goods and
services are in place.

Element 4: Stakeholders and customers

4.1 Stakeholders a1) How do you identify Stakeholders, including local communities? (E4.1)
and customers

a2) How are relationships established throughout the activities life cycle? (E4.1)

a3) Which significant stakeholder groups does your company have? (P4)

a4) What is your company’s local community engagement plan and strategy? (P4)

b1) What processes does your company have to assess, manage and engage with
customers and other stakeholders regarding life cycle risks and opportunities
associated with the company’s products, assets and activities? (E4.2)

b2) Describe how compliance with regulatory requirements is part of these

processes. (E4.2)

c) What mechanisms are in place to document, evaluate and address

stakeholder and customer expectations and feedback, including concerns and
grievances? (E4.3)
 d1) What kind of relationships has your company established with stakeholders
and customers? (E4.4)

d2) Describe how communication and engagement is performed? (E4.4)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Effective relationships with

stakeholders and customers
Open and sustainable established. Relevant risks are
Open and sustainable
relationships not established. identified and clearly “Acceptable” together with Contractor
relationships established.
Contractor not able to communicated, addressed and gaining short or long-term economic,
Contractor has identified
manage the risks and managed. Contractor’s products social or environmental benefits from
relevant risks but these are
opportunities that have and services their relationship
not fully understood,
potential to affect its meet the expectations of its with stakeholders and costumers.
addressed and managed.
stakeholders and customers. customers in terms of HSE
performance and technical
support.

Element 5: Risk assessment and control

5.1 Risk assessment a) 1) What processes and methods does your company have in place to manage
and control risks to an acceptable level for the scope of your activities? (E5.1)

a) 2) How does your company ensure no operation is performed without a

specific risk assessment? (E5.1)

a) 3) How does your company monitor that all control and mitigation measures
are in place before performing any operation? (E5.1)
 b) 1) How are conflicting interests dealt with, within your risk management
process? (P5)

b) 2) Is there commitment to review and improve risk management and

associated processes periodically, and in response to an event or change in
circumstances? (P5)

c) Provide evidence of documentation and communication of the risk

management processes for significant risks, including risk acceptance approval at
appropriate levels of the organization, scheduled reviews and updating of risk
registers. (E5.2)

d) How do you manage changes and assess associated risks, e.g.

temporary/permanent changes that affect the organization, activities, assets,
operations, products, plans or procedures? (E5.3)

e) How are vulnerabilities and non-conformances recognized, including

deviations from operating procedures or weak signals that provide indications of
potentially increasing risk? (E5.4)

f) How is learning from incidents, events, non-conformities and good practices

from internal and external sources incorporated into risk assessments and their
review? (M5)

g) Has your company established risk control and regulatory compliance plans to
manage ‘normal’ conditions, allowing the organization to manage HSE risks locally
while maintaining full compliance with relevant requirements and legislation? If
yes, please specify which areas of risk, context or requirements. (P7)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D
 Company HSE-MS makes
reference to the need Company HSE-MS includes
Company HSE-MS does not
to conduct HSE risk techniques for the assessment of
include identification, “Acceptable” together with
assessment but has no task based and specific HSE
assessment and treatment of recognition of positive impacts and
techniques to perform subject risk identification,
HSE risk considering the optimization of benefits that the
identification, assessment and assessment and treatment of
all potentially affected business activity may provide. These
treatment of risk considering HSE risk considering
parties, including external could include the development of
all potentially affected parties, all potentially affected parties,
stakeholders. A culture people, local capacity building,
including external including external stakeholders.
of risk awareness that environmental
stakeholders. A culture of risk A culture
supports decision-making at conservation opportunities and
awareness that supports of risk awareness that supports
each level of the organization infrastructure.
decision- making at each level decision-making at each level of
does not exist.
of the organization is not the organization is established.
established.

5.2 Health risk a) What are the preferred methods for undertaking risk assessments to
factors and impact effectively identify, assess and treat risks related to ill health to an acceptable
level?

b) What is the organization’s rationale for managing health risk and determining
risk acceptability?

c) Do you have specific objectives, policies and programmes on specific health

risks?

d) 1) Who is accountable and responsible for managing health risk?

d) 2) Briefly describe the resources available to support those accountable and

responsible for managing health issues?
 e) 1) What systems are in place to control health risk and monitor the
effectiveness of these controls/barriers?

e) 2) Is regular workplace exposure monitoring for individual workers part of

these systems?

e) 3) How does the contractor ensure that required restitution time is provided
and that extensive use of overtime does not become a working environment
burden for its employees?

e) 4) How does the contractor evaluate the health risks presented by use,
transport and disposal of chemicals?

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

“Acceptable” together with

Basic Health risk and control
Comprehensive Health policies, recognition of positive impacts and
programmes are in place but
objectives and programmes the optimization of benefits that the
No specific health policies, not for significant health risks,
cover occupational and business activity may provide. These
objectives and risk and eg. occupational related
community health risks to could
control programmes in place. illness,etc. No evidence of
personnel associated with the include infrastructure (e.g. water
comprehensive health
company’s activities. wells and clinics) and community
programmes
health.

5.3 Safety risk a) What are the preferred methods for undertaking risk assessments to
factors and impact effectively identify, assess and treat risks related to personal and process safety
incidents and damage to assets and/or company value to an acceptable level?
(P5)
 b) What is the organization’s rationale for managing safety risk and determining
risk acceptability? (P5)

c) Do you have specific objectives, policies and programmes on specific safety

risks and ensuring compliance with applicable regulations? (P5)

d) 1) Who is accountable and responsible for managing safety risk? (P5)

d) 2) Briefly describe the resources available to support those accountable and

responsible for managing personal and process safety issues (P5)

e) 1) What systems are in place to control personal and process safety risks and
monitor the effectiveness of these controls/barriers? (P5)

e) 2) What systems does your organization have in place for the provision and
upkeep of PPE, both standard issue and items required for specialized activities?
(P5)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D
 Basic HSE programmes are in “Acceptable” together with
place, but not for significant Comprehensive HSE recognition of positive impacts and
No specific safety hazard risks, e.g. personnel injury, programmes cover safety risks the
management programmes in explosive atmospheres, etc. related to injury, process safety optimization of benefits that the
place. No evidence of incidents and damage to assets business activity may provide. These
comprehensive safety and/or company value.. could include infrastructure (e.g.
programmes. roads) and road safety.

5.4 Environmental a) What are the preferred methods for undertaking risk assessments to
risk factors and effectively identify, assess and treat risks related to local and global
impact environmental impact to an acceptable level? (P5)

b) What is the organization’s rationale for managing environmental risk and

determining risk acceptability? (P5)

c) Do you have specific objectives, policies and programmes on specific

environmental risks and ensuring compliance with applicable regulations? (P5)

d) 1) Who is accountable and responsible for managing environmental risk? (P5)

d) 2) Briefly describe the resources available to support those accountable and

responsible for managing environmental issues? (P5)

e) 1) What systems are in place to control environmental risk and monitor the
effectiveness of these controls/barriers? (P5)
 e) 2) How do document and report the usage of chemicals, including new
chemicals? (P5)

e) 3) What process covers performance of chemical risk (and substitution)

assessments, to implement necessary mitigating measures and to confirm
relevant permit/license from public authorities? (P5)

e) 4) What systems are established for identifying, classifying, managing and

reducing waste?

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Basic environmental
“Acceptable” together with
programmes are in place but
recognition of positive impacts and
not for significant risks Comprehensive environmental
the optimization of benefits that the
No specific environmental e.g. spills, air emissions, programmes cover
business activity may provide. These
hazard management pollution prevention, chemical environmental
could
programmes in place.. and/or waste management, risks associated with the
include the development of
etc. No evidence of company’s activities.
environmental conservation
comprehensive environmental
opportunities.
programmes

5.5 Security risk a) What are the preferred methods for undertaking risk assessments to
factors and impact effectively identify, assess and treat risks and threats related to security of
people, assets, information and reputation to an acceptable level?

b) What is the organization’s rationale for managing security risk and

determining risk acceptability?
 c) Do you have specific objectives, policies and programmes on specific security
threats and ensuring compliance with applicable regulations and voluntary codes
of practice?

d) 1) Who is accountable and responsible for managing security risk?

d) 2) Briefly describe the resources available to support those accountable and

responsible for managing security issues?

e) What systems are in place to control security risk and monitor the
effectiveness of these controls/barriers?

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

“Acceptable” together with

recognition of positive impacts and
Basic security programmes
the optimization of benefits that the
are in place but not for
Comprehensive security business activity may provide. These
No specific security threat significant security risks,
programmes cover security risks could include the development of
management programmes in e.g. hostage taking, terrorism,
to personnel associated with the people, local capacity building.
place. mass evacuation, etc. No
company’s activities. Commitment to
evidence of comprehensive
the Voluntary Principles on Security
security programmes
and Human Rights, when applicable,
conducting security activities

5.6 Social a) What are the preferred methods for undertaking risk assessments to
responsibility risk effectively identify, assess and treat risks related to social impact (social
factors and impact responsibility to employees, the local community and other stakeholders) to an
acceptable level? (P5)
 b) What is the organization’s rationale for managing social risk and determining
risk acceptability? (P5)

c) Do you have specific objectives, policies and programmes on specific social

risks such as community relations; cultural heritage aspects and inter-cultural
sensitivities; and the prevention of human rights violations? (P5)

d) Does your organization have workforce strategies and procedures in place to

comply with internationally recognized labour standards covering any of the
following areas: Minimum wages, Working hours, Disciplinary practices,
Employment Practices, Working Conditions, Terms of employment for migrant
workers, including Human trafficking? (P5)

e) 1) Who is accountable and responsible for managing social risk? (P5)

e) 2) Are there appropriate resources to support those accountable and

responsible for managing social risk? (P5)

f) What systems are in place to control social responsibility risk and monitor the
effectiveness of these controls/barriers? (P5)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D
 “Acceptable” together with
recognition of positive impacts and
the optimization of benefits that the
business activity may provide. These
Basic social Responsibility could include local capacity
programmes are in place but building, education and the
not for significant Social Comprehensive Social development of local people and
No specific Social Responsibility Risk factors, Responsibility programmes cover communities. Have additional
Responsibility management e.g. social disturbances, Social Responsibility Risk factors initiatives to co- operate across the
programme in place. labour action, community associated with the company’s industry on development of Social
impact, etc. No evidence of activities. responsibility programmes.
comprehensive social Note: Where applicable laws or
responsibility programmes requirements prohibit contractor from
upholding Human Rights policy,
Contractor seek ways to ensure
respect for human rights to the
greatest extent possible.

Element 6: Asset design and integrity

6.1 Asset design and a) How is base line information and the results of risk assessments used as input
integrity to asset design, selection and integrity decisions (E6.1)

b) Which criteria, specifications and standards are defined to address risks and
verify conformity throughout the life cycle of facilities, equipment and materials?
(E6.2)

c1) Which procedures does your company have to ensure facilities and/or
equipment are operated within defined design and operating limits at all times?
(E6.3)

c2) How are these procedures communicated to personnel that operate, maintain,
inspect and manage the facilities and/or equipment? (E6.3)

d) Which processes are in place to identify and manage HSE critical risk controls/
barriers to prevent a major incident? (E6.4)
 e1) Briefly describe the processes in place to maintain, replace, test, inspect,
calibrate, certify and verify performance of facilities and equipment? (E6.5)

e2) How are frequencies for these type of activities determined? (E6.5)

e3) How does your company manage deviations from specified criteria? (E6.5)

f) Has your company established an accessible register of HSE critical facilities or

equipment and their minimum performance criteria? If yes, please provide a
sample. (P6)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Asset design and integrity

Asset design and integrity Facilities and equipment are
(including process safety) “Acceptable” together with facilities
(including process safety) designed and constructed (or
does not address significant and equipment exceeding applicable
does not address all of the selected) to be suitable for their
risks of technical failure standards and/ or that a robust
significant risks of technical purpose/task. They are
and/or the operation of process is established to ensure
failure and/or the operation of operated, inspected and
facilities and equipment facilities, equipment, materials and
facilities and equipment within maintained to achieve and
within defined design operational procedures are kept up to
defined design and operating sustain robust standards of
and operating limits. No date with current standards/
limits. Some elimination or integrity and performance
elimination or risk control requirements.
risk control measures in place. throughout their life cycle.
measures in place.

Element 7: Plans and procedures

7.1 HSE plans and a) Which plans and procedures are established, documented and maintained in
procedures accordance with identified HSE legal and other requirements in line with the HSE
risk level defined by the organization and the required risk controls? Please
provide a list/ copy. (E7.1)
 b) What process is established to revise and approve plans and procedures at an
appropriate level of authority? (E7.2)

c) What guidance and training does your company provide to enable effective
implementation of plans and procedures as appropriate? (E7.3)

d) How does your company ensure that the latest version of an approved plan or
procedure is available at point of use? (E7.4)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D
Basic HSE procedures exist.
Contractor has written HSE plans
No details of how things are
and procedures as necessary to
to be done to ensure accuracy
manage HSE risks. Plans and “Acceptable” together with plans and
and
procedures comprise clearly procedures as necessary to ensure
No written HSE plans and consistency of approach when
defined requirements and opportunities. Plans are also
procedures as necessary to applying HSE risk controls.
integrate the results of the risk developed to optimize
manage HSE risks. They include some
assessments to prepare HSE performance and drive
operating/maintenance
for executing work and continuous improvement.
procedures, action plans,
implementing risk controls/
work instructions or other job
barriers.
aids.

7.2 Contingency, a) 1) What arrangements does your company have for:

emergency, crisis • Contingency
and continuity • emergency
management • crisis
• continuity management planning? (E7.5)

a) 2) Provide some examples of situations which are included for each of the
above? (E7.5)
 b) How does your company ensure that required resources are in place with
regular tests and drills, including incorporation of lessons learned? (E7.5)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Company has a comprehensive

Basic emergencies covered by
contingency, emergency, crisis
plans, e.g. fire, medical, spill,
No evidence of attention and continuity planning
evacuation. No or irregular
paid to contingency, processes covering all “Acceptable” together with systematic
drills conducted. Limited
emergency, crisis and reasonably foreseeable incorporation of lessons learned.
attention to contingency,
continuity management. situations. Required resources
crisis and continuity
available and regular tests and
management.
drills are conducted.

Element 8: Execution of activities

8.1 Execution and a) 1) What processes does your company use to prepare for activities and ensure
control of activities operational readiness and integrity of systems before commencing work? (E8.1)

a) 2) How does your company confirm that interfaces/handovers are

established? (E8.1)

b) How does your company assure consistent application of processes to ensure

activities and tasks are executed in accordance with plans? (E8.1)

c) What kind of supervision activities exist to confirm each activity and/or task is
executed in compliance with the plans and procedures and delivers the expected
outcome? (E8.3)
 d) Describe your company culture related to “Stop and Intervene? (E8.4)

e) How does your company manage inadequate performance or unacceptable

behaviour? (E8.4)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

No consistent
Some plans and procedures Company ensures that activities
implementation of the plans
implemented. Limited and associated risk controls are
and procedures, and no
intervention when a risk consistently executed with
intervention when a risk
control/barrier proves discipline by authorized and “Acceptable” together with
control/barrier
ineffective or stated competent persons, as defined consistently achieves and/or exceeds
proves ineffective or stated
requirements are not being in the plans and procedures. specified requirements. Contractor
requirements are not being
met. Some resources Each step of the execution of actively seeks and share experience
met. Inadequate resources
allocated and/or necessary activities leads to the desired and knowledge across the industry.
allocated or not appropriately
resources not appropriately result and intervention happens
prepared
prepared for the task. in a timely manner when
for the task. No culture of
Culture of discipline exits. required.
discipline.

Element 9: Monitoring, reporting and learning

9.1 Monitoring and a) What arrangements does your organization have to ensure the
learning implementation of and compliance with the HSE-MS (E9.1)

b) What arrangements does your organization have to ensure the achievement

of its HSE objectives? (E9.1)

c) Please describe which processes your company has for (E9.3):

c) 1) learning from incidents, events and non-conformities from both internal

and external sources
 c) 2) benefitting from learning opportunities and good practices within the
organization, your industry, and from other public sources

c) 3) implementation of appropriate remedial actions (with application of

Management of Change processes as appropriate) to address event/incident
causes, strengthen risk controls/barriers and prevent recurrence

c) 4) verification of closure of actions or plans

d) How does your company communicate the learning from monitoring and
reporting processes? (P9)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Performance monitoring Company has a system for

No system for formally limited to incident statistics, monitoring effectiveness of the
monitoring HSE performance, i.e. reactive only. Monitoring HSE-MS and act on reliable and
“Acceptable” together with
risk controls/ barriers of risk controls/barriers accurate data. They actively
monitoring of performance in all
function and that operations function and that operations seek positive learning from
specified subjects with formal review,
are delivering planned are delivering planned activities, feedback, innovation
follow up and communication for
performance. No system performance not in place. and experience. They ensure
continuous improvement.
established for information Limited availability of immediate learnings and
for sharing and learning. information for sharing and corrective actions are
learning. applied and communicated.

9.2 Incidents, a) How does your company report, record, classify and investigate Incidents,
events and non- events and non-conformities (with actual and/or potential consequences) to
conformities determine direct and underlying causes? (E9.2)
b) Does your company have established some sort of voluntary public reporting?
If yes, please specify. (P9)

c) Please provide the following Company work-related activities statistics for

each year for the last five years, including work performed by Contractor
personnel:
a. Number of fatalities

b. Number of lost time injuries

c. Number of Lost Workday Cases

d. Number of Medical Treatment Cases

e. Number of First Aid Cases

f. Number of Near Miss Incidents

g. Fatal Accident Rate (per 100 million hours worked)

h. Lost Time Injury Frequency (per million hours worked)

i. Total Recordable Incident Rate (per million hours worked).

d) Please provide company work-related Environmental performance statistics

(as relevant to your operations) for each year of the last five years for:

a. Gaseous emissions

b. Energy Consumption
 c. Flaring

d. Aqueous discharges

e. Non-aqueous drilling fluids retained on cuttings discharged to sea

f. Spills of oil and chemicals.

e) Please provide Tier 1 and Tier 2 Process Safety Event statistics (as relevant to
your operations) for each year of the last five year.
NOTE 1: If not using the IOGP definitions (refer to the most recent IOGP safety data reporting user

NOTE 2: In case of Tier 1 PSEs, fatalities and high potential near miss, please provide a brief descri
A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

No system for reporting, System in place for reporting, “Acceptable” together with Voluntary
Limited reporting, recording
recording and classification recording and classification of public reporting. Company
and classification of HSE
of HSE Incidents, events and HSE incidents, events and transparently engages stakeholders
Incidents, events and
non-conformities. Company non-conformities. Events/ on its operating management
non-conformities. Data set is
supplied insufficient incident trends steadily approach, progress and performance.
not complete. Trends show
information to establish improving and evidence of Complete information to analyse
performance is not improving.
trends. mature reporting culture. performance is delivered

9.3 HSE a) 1) Which processes does your company use to define and establish leading
performance and lagging key HSE performance indicators (KPIs) using measures designed to
improve performance and behaviours? (E9.4)

a) 2) How often does your company review HSE KPIs to ensure they provide
meaningful information?
 b) How does your company ensure quality in terms of consistency, accuracy and
completeness of monitored and reported data (KPIs)? (E9.5)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

System in place to report data

“Acceptable” together with cultural
No system for HSE Limited HSE performance and information (e.g. leading
reporting and surveys to ensure
performance monitoring monitoring is carried out. and lagging indicators) that
understanding of
and/or analysis of the data Limited analysis of the data provide a
organizational HSE culture. Leading
reported to produce useful reported to produce useful clear understanding of HSE
indicators are fostered in the
indicators is established. indicators. performance to meet both
company.
company and stakeholder needs.

9.4 HSE events and a) Briefly describe types of HSE events and incidents which are investigated?
incidents (P9)
investigation and
follow-up

b) Briefly describe the processes used for the investigation of HSE events and
incidents? (P9)

c) Briefly describe the processes used for the follow up of HSE events and
incident investigations, including the communication of lessons learned and
required actions?

d) Briefly describe the processes used for the analysis of HSE events and incident
investigation findings?

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D
 System in place for
investigation of some HSE
System in place to investigate “Acceptable” together with follow up
incidents. Limited event (near
events/incidents and analyse of remedial
No system for formally miss) investigation. Limited
data and information to identify actions and communication of
investigating HSE events/ analysis of data and
causes and suitable actions to incident learning for effective
incidents and/or analysis of information to identify causes
address weaknesses prevention. Near miss incidents
data and information. and suitable actions to
and opportunities for investigated in the same manner as
address weaknesses
improvement. other incidents.
and opportunities for
improvement.
9.5 Statutory a) 1) How does your company ensure compliance with any statutory
notifiable incidents requirements for reporting and investigation in the jurisdictions you operate
or non- compliance within.? (P9)
notices

2) Has your company suffered any statutory notifiable events/incidents in the last
five years (safety, security, occupational health, environmental or social
performance)? Answers with details including dates, country and location,
summary of event/incident and follow-up of remedial actions taken. (P9)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

No system in place for

Limited compliance with System in place for compliance
compliance with statutory “Acceptable” together with active
statutory requirements for with statutory requirements for
requirements for reporting experience transfer within industry.
reporting and investigation. reporting and investigation.
and investigation.

Element 10: Assurance, review and improvement

10.1 Assurance a) 1) Briefly describe your company’s assurance process to evaluate conformity
process, including with expectations; organizational capability; effectiveness of the HSE-MS in
audits meeting objectives, stakeholder and business needs; and also identify areas for
improvement? (E10.1)

a) 2) Do you have a written procedure for HSE auditing? If yes, please attach a
copy. (E10.1)
 b) Who is involved in conducting HSE audits? How is the audit team selected to
provide specific expertise and independence from the activities being audited?
What qualifications are required for auditors?

c) How are HSE audits scheduled and what scope of auditing is covered? e.g.
internal, regulatory compliance, supplier/contractor, HSE management system
implementation. (P10)

d) 1. How does your company monitor trends? (M10)

d) 2. What does trend monitoring include? (M10)

e) How does your company track that audits are executed as per plan, with
timely implementation of action items? (M10)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

No systematic assessment of Company systematically assess

Some assurance mechanisms
the HSE-MS to ensure the HSE-MS to ensure
established to assess that the
effectiveness, suitability and effectiveness, suitability and “Acceptable” together with a learning
HSE-MS expectations and
fitness-for-purpose is fitness-for- purpose is sustained culture from assurance processes and
related processes are properly
sustained and improvement and improvement plans are performed audits.
understood, implemented and
plans are developed at each developed at each level of the
executed.
level of the organization. organization.
 10.2 Management a) Briefly describe your HSE MS management review process. (E10.2)
review and follow-
up

b) What is assessed in management review meetings to ensure understanding of

risk control/barrier weaknesses and identify opportunities for improvement?
(E10.3)

c) How are improvements planned, communicated and embedded within the

HSE-MS to drive continuous improvement? (E10.4)

d) Provide evidence of managers formally reviewing the effectiveness and

fitness-for- purpose of the HSE-MS. (E10.5)

e) Please provide a copy of minutes from management review meeting. (M10)

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D
Limited review of the
effectiveness and adequacy of
Those with accountability for the
the HSE-MS in controlling
No systematic review of the HSE-MS seek assurance on its
significant risks
HSE-MS to ensure implementation to deliver
associated with current and
effectiveness, suitability and desired performance. “Acceptable” together with a process
future activities. Limited
fitness-for-purpose is They assess the strengths and in place to follow- up on action items
improvement in the HSE-MS
sustained and improvement weaknesses of the system via to ensure effective completion.
from assurance findings,
plans are developed at each regular review to determine
reviews, investigations of
level of the organization. actions for continuous
events/incidents and weak
improvement.
signals from any level of the
organization.

Section A: HSE management - additional features

 (i) Certification of Please provide information on third party verification or any certification which
HSE-MS you have received from certification bodies.

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Some evidence of working

Externally certified to one or more
towards compliance with
No evidence of Management Management system developed recognized
recognized international
system developed to a level to a level comparable to international standards e.g. ISO
standards, e.g. ISO 9001, ISO
comparable to international international standards but not 9001, ISO 14001, OHSAS
14001, OHSAS 18001
standards certified. 18001 (or ISO 45001), ISO
(or ISO 45001), ISO 29001,
29001, API Q1
API Q1

(ii) Memberships of Describe the nature and extent of your company’s participation in relevant HSE
Associations industry, trade, and governmental organizations.

(iii) Additional Does your organization (globally, regionally or locally) have any HSE features or
Features of HSE-MS arrangements not described elsewhere in your response to the questionnaire?

A/
D- Unacceptable C - Poor B- Acceptable A- Excellent B/
C/D

Company has membership of

No involvement with HSE Company is an active member of
industry bodies/ association “Acceptable” together with industry
through industry or trade industry bodies/ associations
little involvement with HSE or client recognition/awards for HSE
associations. No additional related to HSE. Several HSE-MS
initiatives. Some additional initiatives and/or performance.
features to HSE-MS. features which add value.
HSE-MS features with value.
 HSE capability assessment

d its management are organized by the contractor.

tor activities and relevant support functions not only for a specific contract.
ng documentation as indicated in the questionnaire. Responses and any supporting
e the contract work will be conducted).

submission.
1, these are identified by “(E)” for an Expectation, “(P)” for a Process and/or
mple “(E1.3)” indicates that a question was derived from OMS Expectation E1.3.

ch as that provided in HSE capability assessment: overview and scoring system.

Use:

Fill in blank fields only. Tick off A, B, C, or D as appropriate.

Written response
 SCORE

Written response
SCORE
Written response

SCORE
SCORE
SCORE
 SCORE

Written response
 SCORE

Written response
SCORE
SCORE
SCORE
SCORE
SCORE
SCORE
Written response
 SCORE

Written response
SCORE
 SCORE

Written response
 SCORE

Written response
SCORE
afety data reporting user guide), please include your company definitions.

se provide a brief description of incidents and follow-up of these.

SCORE
SCORE

SCORE
 SCORE

Written response
SCORE
 SCORE

Written response
SCORE

SCORE