SE Worldwide

Features / Incident management

Incident management + the injury lifecycle, end to end.

Field intake to closed case, with the regulatory cascade running in line. A 5-tab injury wizard captures the 1904.7 recordability cascade with cited reasoning and routes severe injuries to the OSHA Area Office on the 8-hour / 24-hour clock. Forms 300 / 300A / 301 + Cal/OSHA 5020 + UK F2508 + NL Ongevallenrapport render from the same canonical record. RCA, playbooks, and corrective actions attach inline. One connected record makes claims, hazards, discipline, and training neighbours — not separate systems.

Field intake through the OSHA 1904.7 recordability cascade — the running product against Apex Manufacturing demo data. On-screen captions narrate each step.

See it in action

Root-cause investigation — on incidents too.

RCA is a first-class workflow on incidents, not just hazards. The same six methodologies, knowledge base, and conclusion-to-corrective-action flow run against a recorded event. On-screen captions narrate each step.

Six RCA methodologies — searching the investigation knowledge base, then drilling into the FMEA risk-priority grid and the Apollo cause tree. The investigation links back to the originating incident; concluding it pre-populates corrective actions.

What's in it

The capability surface.

Universal incident model + pack extensions

  • Eleven base incident categories shipped at the platform core — including a Workplace Violence category for SB 553 classification; per-industry packs add their own (Manufacturing → Quality Incident; Construction → Subcontractor Incident; Mining → Ground Failure; Logistics → Cargo Damage).
  • Multi-category support per incident — events that span categories are recorded once.
  • Actual vs Potential severity split with auto-mirror logic for non-near-miss events.
  • Lifecycle state machine: Reported → Triaged → Investigating → Resolved → Closed, with Reopen + Cancel edges.
  • Contributing factors as a closed multi-select enum (no free-text-only contributing-cause rot).
  • GeoPoint + environmental-media tracking (air / water / soil multi-select) on every event.

5-tab injury wizard

  • Medical treatment — injury classification, body part, treatment level, physician-of-record.
  • Lost time — days away from work, restricted-work days, return-to-work targets.
  • Cost capture — per-incident cost across medical / lost-time / indemnity / legal / equipment-damage / productivity categories with a computed total.
  • Jurisdiction-specific compliance fields — federal OSHA + per-state + non-US flags, only the relevant fields render per the affected establishment's jurisdiction.
  • Affected persons — multi-person injury tracking with per-person role (Injured / Witness / Reporter / Bystander) + per-person body part + treatment level + lost-time days.

OSHA 1904.7 recordability cascade

  • Auto-determined recordability against 29 CFR 1904.5 (work-relatedness), 1904.7 (the cascade itself), 1904.7(b)(5)(ii) (first-aid exclusion list), and 1904.1 / 1904.2 (size + partial-industry exemptions, NAICS-aware).
  • Citation-grounded reasoning chain — every determination shows the specific regulation paragraph that drove it.
  • Admin override with required reason; override is audit-trailed (who, when, prior determination, new determination, reason).
  • Four-flag Reportability matrix (OSHA Recordable / EPA Reportable / State-Local Reportable / Company-Policy Reportable) — each flag has its own audit trail.
  • Privacy-concern category set per 1904.29 (sexual assault, mental illness, HIV/AIDS, needlesticks, etc.) with masking on the public 300 log.
  • The AI recordability advisor engages only when the rule engine returns Needs Review, the advisor's confidence clears its threshold, and the tenant has opted in — never as the first pass.

Severe-injury reporting (1904.39)

  • Trigger predicates — Fatality fires an 8-hour countdown; Overnight Hospitalization / Amputation / Eye Loss fires a 24-hour countdown.
  • OSHA Area Office contact resolution by establishment address — 10 federal regions + all 50 states + DC + Puerto Rico + Virgin Islands + American Samoa + Guam.
  • State-plan jurisdiction routing — federal-OSHA vs state-plan-private+public vs state-plan-public-only vs state-plan-mixed handled per the regulatory regime flag on the establishment.
  • ReportingSubmission record per attempt — method, timestamp, confirmation number, target authority, notes.
  • Manual ("submitted via phone") + assisted-UI paths both supported.

Forms — federal + state + non-US

  • OSHA Form 300 — per-establishment per-year running log, PDF with 1904.29 privacy masking, digital-signature support.
  • OSHA Form 300A — auto-computed annual summary from the 300, signed by executive at year-end, posting calendar (Feb 1 – Apr 30) with reminders.
  • OSHA Form 301 — per-recordable-case injury and illness incident report, 5-year retention, print-ready PDF.
  • Cal/OSHA Form 5020 — California-specific employer's report.
  • UK HSE Form F2508 / F2508A — accident report + dangerous-occurrence variant under RIDDOR 2013.
  • NL Ongevallenrapport — Nederlandse Arbeidsinspectie workplace accident report under Arbowet Artikel 9 + Arbobesluit.
  • Rendering — pixel-faithful regulatory-form layouts; per-form retention policy enforced.

OSHA ITA electronic submission

  • Two submission paths — manual CSV export for upload to the OSHA ITA web portal, OR direct electronic submission on the customer's behalf.
  • Per-tenant ITA credentials held in encrypted secret storage — never in the database, never in plain config.
  • Submission tracking — confirmation number recording, retry semantics, supersede semantics for re-submission of corrected data.
  • Audit trail per submission attempt; Mark-as-Submitted UI for the manual path.

Playbook engine

  • Versioned playbooks with linear steps that fire on incident lifecycle edges (Reported → Triaged, etc.).
  • Two built-in step types — assign work to people by role or permission, or pause until a specific status change happens.
  • Each triggered playbook run is immutable; a corrective-action task can link to an incident, a hazard, or another record.
  • Step-level SLA clocks; evidence attachment on tasks.
  • Seeded playbooks at launch — "Triage on Reported" + "Hazard Resolution"; tenants edit or add.

Investigation + Root Cause Analysis

  • Immediate cause, underlying cause, root cause, methodology, and lessons learned captured on the incident.
  • Six methodologies, selectable per investigation — 5-Whys, Fishbone / Ishikawa (6M categories), Cause Mapping (parallel evidence-verifiable chains), FMEA (Severity / Occurrence / Detection with live RPN), Bow-Tie (threats → top event → consequences with barriers), and Apollo / RealityCharting (Action + Condition cause tree).
  • Visual cause-tree diagrams render alongside the editor for the three structured methodologies (Cause Mapping, Bow-Tie, Apollo) — investigators see the shape of the story at a glance.
  • Curated Generic Causes library the AI suggestions are anchored to, so they speak your organisation's own cause vocabulary; tenants extend it without losing the seeded baseline.
  • Per-investigation report PDF, knowledge-base search across every past investigation, and corrective-action effectiveness tracking that shows whether a fix actually held or the cause recurred.
  • Concluded investigations can be reopened only if the tenant enables it (off by default for evidentiary integrity); every reopen is audit-trailed with a snapshot of the prior conclusion.
  • An "RCA Recommended" banner surfaces automatically on Extreme-tier hazards; AI next-step suggestions are confidence-tiered and always click-to-accept (never auto-fill).

Team collaboration on an investigation

  • Live presence — see who else is in the same investigation and which step they're working on, so two people don't unknowingly chase the same cause. An honest Offline indicator shows when the live channel isn't connected — and the panel still works fully either way.
  • Per-step discussion — a threaded comment anchored to a specific why-step, fishbone cause, or cause-map node, so the conversation stays attached to the part of the investigation it's about. Resolve a comment when it's handled; reopen it if the issue comes back.
  • Cause ownership — assign a cause to a named teammate so accountability is explicit. Ownership can change while the investigation is open and freezes once the investigation is concluded.
  • Every post, resolution, and ownership change is permission-checked, site-scoped, and audit-trailed — the live updates only notify; each change is a checked, recorded action.

Cross-module action-tracking dashboard

  • One tenant-wide view of every corrective action across the platform — incident-spawned tasks, hazard-remediation work, RCA-recommended follow-ups — answered by a single dashboard rather than hunting through each record.
  • Overdue items surface first; the triage view is the default. Open + overdue rows lead, then open + on-time, then completed.
  • Filter by trailing window (7 / 30 / 90 / 365 days) and overdue-only toggle.
  • Per-row source-kind cell deep-links straight to the originating incident, hazard, or RCA session.
  • Rollups by source kind (Incident / Hazard / RCA) and by task kind (Corrective Action vs other) — open / done / cancelled / overdue counts at a glance.
  • Permission-aware — only renders for users with task-management access; site scoping inherits from the user's site memberships.

Field intake — mobile + AI

  • Offline quick-capture for field workers — an injury, near-miss, or observation recorded with no signal queues and syncs in order when connectivity returns.
  • Offline review, not just capture — recent records sync to the device, so a field worker with no connection can look up incidents and observations, not only file new ones.
  • Photo + GPS capture on every event.
  • AI document extraction with citations — uploaded documents extract structured fields, each linked back to its source page for review.
  • Human-review surface — extraction on the left, source on the right; corrections roll into the audit trail.

Public no-account injury reporting

  • Posterable, scannable, kioskable — a dedicated public URL that anyone can use to report an injury, near-miss, or unsafe situation without an SE account. Print it on a shop-floor poster with a QR code; embed it on the intranet; stick it on a tablet at the security desk.
  • Anonymous by checkbox — reporter can opt to leave their name and contact for follow-up, or check the anonymous box and skip both. The platform masks them either way as a defence-in-depth pass.
  • Plain-language severity picker — "I'm not sure / near-miss / first-aid only / medical treatment / lost work time / someone died" — coarse on purpose so the reporter doesn't need to know OSHA recordability categories. Triage maps to the precise classification at conversion.
  • Admin triage queue — reports land in a dedicated review state, never directly in the incident record book. Spam, duplicates, and test posts get dismissed; real reports get promoted to incidents with the regulatory cascade running automatically from that point.
  • Anti-abuse without anti-injury — per-IP rate limit + anti-enumeration response shape. Deliberately skips the email-confirmation step that gates other anonymous-public surfaces — an injured worker on a shared kiosk shouldn't lose the report because they don't have email handy.
  • Forensic stamping — submitter IP and user-agent attached to every report for the admin reviewing abuse patterns; never surfaced to the reporter.

Admin triage + classification

  • Dedicated triage queue — public submissions land in a separate review state, never in the formal incident record book. The queue defaults to fresh actionable reports; a toggle reveals converted and dismissed reports for retrospective review and abuse-pattern analysis.
  • One-pass classification at conversion — the safety officer picks the site (the reporter wrote it in their own words; the officer maps it), confirms or overrides the severity, picks the outcome kinds, sets work-relatedness. Title and description default to the report's text but are admin-editable. The new formal incident lands with provenance intact pointing back to the original submission.
  • Heads-up on Fatality reports — when the reporter said someone died, the convert panel surfaces an inline reminder of the OSHA 8-hour reporting countdown before the officer picks Fatality as the outcome. The countdown banner then runs on the resulting incident detail page from there; the OSHA Area Office contact resolves automatically by establishment address.
  • Typed dismissal reasons — when a report isn't actionable (spam, duplicate, test post, out-of-scope), the dismissal step captures a typed reason rather than free-text. The queue can group by reason to surface patterns: "we've dismissed 14 reports as Spam from this IP range in the last month, time to tune the rate-limit."
  • Full audit chain end-to-end — every submission has a documented disposition (Submitted → UnderReview → Converted with reviewer + timestamp, or Dismissed with typed reason + reviewer + timestamp). Every formal incident promoted from a submission carries the provenance back-pointer so the safety officer can answer "where did this come from?" without joining audit history.
  • Anonymous-by-design respected — when the reporter checked the anonymous box, the triage detail page masks their name and contact in the admin display even though the entity stays unmasked at rest for the audit. Forensic IP and user-agent stay visible for the abuse review; reporter identity stays masked.

Representative workflows

What this looks like in practice.

Field intake → recordability → form 301 → ITA queue, in one pass

A line worker logs an injury from a tablet on the floor — a few quick fields, photo, location — and the draft routes to the Site Safety Officer for review. Save fires the 1904.7 cascade and produces a citation-grounded determination plus an audit-stamped Reportability matrix. The same record renders Form 301 immediately and queues into the year-end ITA submission set with no re-entry. If severe under 1904.39, an 8-hour or 24-hour countdown opens with the resolved OSHA Area Office contact ready for the call-out.

Multi-state employer with NL + UK subsidiaries — one canonical incident model

A multinational tenant has establishments in California, Texas, Michigan, the Netherlands, and the UK. Each carries its jurisdiction code + industry classification (NAICS for US, SBI for NL, SIC for UK) + employee count + registered address. A California injury runs Cal/OSHA's variant — Form 5020 + CA-variant 300 / 300A render. A Netherlands injury runs the Arbowet Artikel 9 + Arbobesluit cascade — Ongevallenrapport renders, the 4-hour NLA notification fires if the predicate hits. A UK injury runs RIDDOR 2013 — F2508 renders, over-7-day-incapacity tracks for the statutory follow-up. One incident model, jurisdiction-aware dispatch — each jurisdiction supplies its own recordability logic, forms, and reporting rules.

RCA on a near-miss → hazard register → mitigated before the next event

A near-miss lands at Severity = Potential. The investigator opens a 5-Whys session; AI suggests a why-step from prior similar sessions (low confidence, subdued, click-to-accept). The investigator accepts, edits, concludes with three recommendations. Conclusion auto-populates corrective actions as Workflow Tasks with owner + due-date + discussion thread, and the Resolved transition is gated on those completing. In parallel, the investigation surfaces a Hazard at the same location — pinned on the map with risk-matrix score + hierarchy-of-controls plan. A future incident at that location auto-links via realized-from-hazard on both records. The near-miss did the work the recordable would have done — without the body.

Regulatory coverage shipped

The citations behind the platform.

US federal OSHA

  • 29 CFR 1904.1 — size exemption (≤ 10 employees year-round)
  • 29 CFR 1904.2 — partial-industry exemption (~85 NAICS prefixes, evaluated per establishment)
  • 29 CFR 1904.5 — work-relatedness presumption + exceptions
  • 29 CFR 1904.7 — recordability cascade (death, days-away, restricted-work, medical treatment beyond first aid, loss of consciousness, physician-diagnosed significant injury)
  • 29 CFR 1904.7(b)(5)(ii) — first-aid exclusion list
  • 29 CFR 1904.29 — privacy-concern category set
  • 29 CFR 1904.39 — severe-injury reporting (8h fatality / 24h hospitalization / amputation / eye loss)
  • OSHA Form 300 / 300A / 301
  • OSHA ITA — CSV export + direct electronic submission

US state plans

  • All 50 states + DC + Puerto Rico + Virgin Islands + American Samoa + Guam covered through the state-plan registry.
  • Per-state regulatory regime flag (federal / state-plan-private+public / state-plan-public-only / state-plan-mixed).
  • Per-state Area Office data — addresses, phone numbers, electronic-submission URLs.
  • Cal/OSHA — Form 5020, CA-variant 300 / 300A.
  • MIOSHA, WA L&I, Oregon OSHA — state forms + per-state reporting deviations.
  • 17 remaining state plans — federal-form base + state-specific authority routing.

Netherlands

  • Arbowet Artikel 9 + Arbobesluit — workplace accident + occupational disease recordability cascade.
  • Ongevallenrapport — Nederlandse Arbeidsinspectie workplace accident report.
  • Serious-incident notification — 4-hour deadline trigger predicates + NLA regional office routing by postcode prefix.
  • Submission-lifecycle tracking; manual submission to the NLA portal with the confirmation reference recorded in SE (live API integration deferred — see "What's evolving" below).

United Kingdom

  • RIDDOR 2013 — deaths, specified injuries, over-7-day incapacity, dangerous occurrences.
  • Form F2508 — accident report.
  • Form F2508A — dangerous-occurrence variant.
  • Single national HSE contact — no per-region office routing required.
  • Manual PDF submission to HSE portal (live API integration deferred — see "What's evolving" below).

How this is different

What sets the incident model apart.

Most EHS platforms treat incident management as one of several modules sharing a database. SE treats the incident as the canonical event, and the surrounding capabilities — hazards, claims, discipline, training, regulatory recordkeeping — as adjacencies that read and write the same record. The differences that follow are direct consequences of that choice.

Recordability runs the regulation, not a checklist

The 1904.7 cascade is a structured rule engine over 1904.1 / 1904.2 / 1904.5 / 1904.7 / 1904.7(b)(5)(ii) — first-aid exclusion list, size exemption, partial-industry NAICS exemption all evaluated against the actual establishment shape. Every determination renders the specific regulatory paragraph that drove it. Admin overrides are allowed but require a reason and are audit-trailed against the prior determination. The burden of proof shifts to the override — exactly where an OSHA inspector wants it.

Jurisdiction is pluggable, not hardcoded

Most platforms ship US-OSHA-shaped tables and bolt on per-country variants as data overlays. SE built a pluggable jurisdiction model — each jurisdiction supplies its own recordability logic, forms, and reporting rules — registered for federal OSHA + 50 states + DC + 5 territories + Netherlands Arbeidsinspectie + UK HSE / RIDDOR. Adding a country is a registration, not a rebuild. A Dutch establishment runs Arbowet Artikel 9 + renders Ongevallenrapport; the US establishment one row over runs 1904.7 + renders Form 301 — same incident model, jurisdiction-aware dispatch.

AI is built in, not a chatbot bolted on

Document extraction citations and the recordability advisor run through one shared AI foundation — per-tenant usage caps, per-feature roll-up, cost-monitoring admin panel. Suggestions render with confidence tiers + click-to-accept; never auto-fill, never written to an audit-recorded field without a human OK. The recordability advisor engages only when the rule engine returns Needs Review, the advisor's confidence clears its threshold, and the tenant has opted in. AI assistive, not authoritative.

Privacy isn't an afterthought

1904.29 privacy categories are first-class on the incident — masking on the public 300 log + a separately-maintained confidential roster. GDPR DSAR export crosses incident + affected person + Form 301 case details + submissions + annual posting record; erasure / anonymisation on DSAR request is shipped, not a roadmap item. For NL + UK + future EU tenants this is the floor, not the ceiling.

One connected record is the integration

The incident as the central record — Hazards, RCA, Corrective Actions, WC Claims, Discipline, and Equipment are neighbours on the same record, not separate systems integrated together Incident the canonical record Hazards RCA Corrective actions WC claims Discipline Equipment + 1910.147 LOTO
Same record, same auth context, same audit trail. Not "incident-to-X integration" — neighbours on one record with six front-doors.

A near-miss's RCA surfaces a hazard at the same location, auto-backlinked. The hazard's hierarchy-of-controls plan ties to the equipment register's LOTO procedures. The incident's recordability flows into claims when a WC case opens. The disciplinary letter pulls the policy section that was violated + the incident facts that violated it. None of this is an integration — it's the same record, same auth context, same audit trail. Cross-module stitching is the failure mode SE is built to avoid.

Adjacencies

What incident management connects to.

Hazards

Realized-from-hazard linkage on the incident; investigation can surface a new hazard at the incident location; RCA spans both subject types.

Explore →

Workers' compensation claims

Every incident already carries the workers'-comp outcome data — restricted-work status, affected-person linkage, lost-time and treatment level. A full claims module — lifecycle, reserve breakdown by medical / indemnity / expense, payment + subrogation + litigation tracking, Experience Modification Rate trending, Total Cost of Risk, return-to-work case threads — is on the roadmap. Today that outcome data feeds whatever workers'-comp system the customer runs externally.

See the hub tile →

Discipline + policy enforcement

Disciplinary letters cite the violated policy section + the incident facts; progressive-discipline thresholds reference incident severity + type.

Explore →

Equipment + LOTO

Incident causation can link to equipment failure; OSHA 1910.147 LOTO procedures referenced by corrective actions.

See the roadmap →

Training + certifications

Incident type → required training mapping; certification expiration drives playbook triggers.

California workplace violence (SB 553)

The written Workplace Violence Prevention Plan and the Violent Incident Log under Labor Code 6401.9, plus an incident classifier for the four violence types — surfaced only where you have a California establishment. The log omits the affected person's identifying details, as the statute requires.

Notifications + Compliance Calendar

Incident creation, severe-injury countdowns, corrective-action assignment, posting reminders, ITA submission events all flow through the notifications layer; obligation-derived triggers fire proactive Compliance Calendar alerts.

Explore →

On the roadmap

What's next for incident management.

Everything above is shipped and ready to demo. These are the focused next additions for this area, sequenced by customer demand.

Voice-to-incident capture. Speak a field report on a mobile device; AI transcribes and extracts the structured fields for one-tap review — built for high-volume floor reporting.
Recordability-advisor model tuning. The advisor is shipped and production-capable; ongoing model and prompt tuning against accumulated customer recordability data sharpens it further over time.
OSHA ITA status-check API. Submission API shipped; status-check / supersede API framework in place, awaiting OSHA-side API verification.
UK HSE + NL Arbeidsinspectie live electronic submission. The audit-ready PDF and submission-lifecycle tracking work today for both; direct electronic submission to each portal is on the roadmap.
Per-zip-code Area Office precision. Today's resolution is state-level + federal-region; per-zip-code routing is a future refinement.
Real email / Slack / Teams notification channels. Notification surface is wired; production channel adapters (vs in-app + log-only) ship per-tenant.
OSHA inspection-readiness UI. Bundle + redact records on demand when an inspector arrives; ADR-accepted, milestone slot open.
State-plan-specific form variants beyond Cal/OSHA 5020. Michigan first-report, wage-loss forms, etc. open per-customer-demand.
Additional national jurisdictions. Canadian provincial WCBs (BC WSBC, Ontario WSIB, Quebec CNESST), Australia Safe Work + state regulators, broader EU (DGUV, INAIL, etc.). The jurisdiction model is built to add each in days to weeks once a customer needs it.
Multi-language UI. Form-rendering language is hardcoded primary per jurisdiction today (English for US/UK, Dutch for NL); full i18n on UI surface deferred.
Reconciliation UI. Side-by-side view of rule output vs AI suggestion vs admin's final flag — surfaces the override conversation explicitly.

Continue exploring

More on the SE platform.

Five live feature spokes + two roadmap pages + the Workers' Comp claims roadmap. Jump anywhere.

Incident management Live · You are here Hazards Workers' comp claims Compliance automation Behavioural safety Chemical safety Equipment + assets AI intelligence

See the incident lifecycle in the running product.

A 30-minute walk-through against your actual incident shape — your industry, your jurisdictions, your scale, your current tooling. We'll show the recordability cascade firing on a representative case, the forms rendering, and how one connected record makes hazards + claims + discipline neighbours.

Request a demo