OSHA requirements are set by statute, standards and regulations. Our interpretation letters explain these requirements and how they apply to particular circumstances, but they cannot create additional employer obligations. This letter constitutes OSHA's interpretation of the requirements discussed. Note that our enforcement guidance may be affected by changes to OSHA rules. Also, from time to time we update our guidance in response to new information. To keep apprised of such developments, you can consult OSHA's website at https://www.osha.gov.

September 11, 1996

Mr. Frank White
Vice President
Organization Resources Counselors, Inc.
1910 Sunderland Place, NW
Washington, D.C. 20036

Dear Mr. White:

Thank you for your letter to Secretary Reich concerning voluntary safety and health audits under the Occupational Safety and Health Act (the Act). Secretary Reich has asked me to respond. I appreciate Organization Resource Counselors' (ORC) interest in this issue. ORC's expertise in occupational safety and health issues is well established, and its views merit careful consideration.

Your letter takes issue with the Department of Labor's (the Department) practices regarding access to employer safety and health audits in Occupational Safety and Health Administration (OSHA) inspections. You state that the Department has not provided clear guidance as to the circumstances in which OSHA will seek disclosure of employer audits. You ask that the Department declare that it will not seek audit documents from an employer in conjunction with any inspection or investigation under the Act. You assert that with a few narrow exceptions, there are no federal requirements that an employer conduct a safety or heath audit. Your concern is that the possibility that audit results could be reviewed by the government may cause employers to refrain from conducting audits or may inhibit candor in the audit, undermining its usefulness. You explain employers may fear that audit reports would provide evidence of willful violations of the Act that, if disclosed to the government, could lead to assessment of large fines. Because audits are an important component of an effective safety and health program you believe it is important that the Department not create a disincentive to voluntary audits.

The Department shares your view that employer safety and health programs are fundamental to our effort to protect safety and health in the workplace, and that self-audits are an important part of an effective program. We strongly believe, however, that barring OSHA access to audit results would gravely impair the agency's ability to enforce the Act and to draw inappropriate distinctions between employers with effective and ineffective programs.

Such a policy is not necessary to encourage use of audits. Employers derive many benefits from effective safety and health programs that provide for audits, including reduced absenteeism, lower workers' compensation premiums and payments for medical treatment and disability, and favorable treatment from OSHA. Employers with effective programs have fewer and less serious hazards and thereby face reduced exposure to OSHA citations and penalties as a result. Moreover, employers found to have effective programs are eligible for limited scope inspections (in construction) and substantial penalty reductions for violations found in recognition of their good faith efforts. The concern that employers acting in good faith to respond to audit findings would be charged with willful violations rests on a misunderstanding of the relevant legal standards.

A Ban on Access to Employer Information Would Impede Enforcement

1. ORC broadly defines a self-audit as any internal or external review of safety and health conditions or performance conducted by or on behalf of an employer" (p.2). This definition is broad enough to include almost any information that an employer has developed or obtained that is relevant to compliance with its OSH Act obligations; the definition would include information obtained or analyzes performed for the purpose of identifying hazards present in the workplace that are regulated by OSHA, determining the measures the employer will take to address the hazard and comply with its OSH Act obligations, and assessing the adequacy of those measures. A policy barring OSHA from access to this kind of information would gravely impair the agency's ability to enforce the Act.

The policy you suggest would allow OSHA to conduct inspections only by means such as visual observation of workplace conditions and the compliance officer's own physical monitoring efforts. Visual observation can be an effective technique for assessing compliance with requirements, particularly narrow specification requirements prescribing readily detectable physical measures within a reasonably small area. In many other situations, however, review of employer records and consideration of the employer's own analyzes and understanding of the sign are essential to an effective inspection.

This is particularly the case with requirements such as those that mandate the employer establish a program to address a hazard, or take measures to prepare for hazards that occur intermittently or change over time, or provide training to employees, or execute a continuing course of conduct or take appropriate protective measures based on its own assessment of hazards its workers face. As you know, there are many such requirements; new OSHA standards tend to be written in performance terms, rather than as narrow specification requirements.

For example, consider the general respiratory protection standard. That standard requires the employer to provide a respirator "when such equipment is necessary to protect the health of the employee"; the employer is to select respirators "which are applicable and suitable for the purpose intended" and is to anticipate and plan for "possible emergency and routine use". The employer is to establish a respiratory protective program and is to assure that respirators are "regularly cleaned and disinfected" and that the user of any respirator is "properly instructed in its selection, use and maintenance" (29 CFR 1910.134).

An effective inspection for compliance with these requirements must consider information the employer has compiled concerning workplace safety and health conditions and performance. The compliance officer may need to review information concerning the toxic substances employees are or may be exposed to over the course of their work and the sufficiency of engineering controls to limit the exposure. The compliance officer may also need to review records concerning the system the employer has established for maintenance of respirators, and the steps the employer has taken to train respirator users. Placing employer information of this kind, off limits would imperil the credibility of the inspection.

2. The premise for ORC's position is that the review of safety and health conditions and performance in the workplace is purely optional with the employer. It is argued that OSHA must not seek access to the information in these reviews, because if the agency does, employers will stop conducting them. ORC's position against disclosure, as we understand it, does not include audits that are required by OSHA standards. ORC asserts, however, that with a few narrow exceptions, there are no federal requirements for audits.

This position, we respectfully suggest, misapprehends the scope and degree of existing requirements that employers conduct audits as ORC defines that term. Employers in the construction industry are subject to a comprehensive audit requirement. They must institute a safety and health program that provides for frequent and regular inspections of job sites by competent persons to assure compliance with the OSHA construction standards (29 CFR 1926.20(b)). There is no comprehensive requirement for general industry employers to conduct audits, but there are many audit requirements in individual standards, including fundamental generic standards. The confined spaces standard, for example, requires employers to evaluate whether their workplace includes confined spaces, to establish a written program if employees will be required to enter confined spaces, to monitor and record conditions for each entry, and to review annually the program entries conducted and make necessary modifications (29 CFR 1910.146). The lockout/tagout standard requires employers to develop energy control procedures for servicing and maintenance and to conduct periodic inspections to ensure that the procedures and the requirements of the standard are followed (29 CFR 1910.147(c)). The process safety management standard requires comprehensive process hazard analyzes, mechanical integrity inspections, incident investigations, and compliance audits (29 CFR 1910.119). The hazardous waste standard includes similar requirements (29 CFR 1910.120).

The general personal protective equipment (PPE) standard requires employers to conduct an assessment of the hazards employees are likely to be exposed to, to select appropriate PPE based on the assessment, to train employees, and to assure that employees have understood the training (29 CFR 1910.132). There is to be daily inspection and periodic testing of electrical PPE (29 CFR 1910.137(b)). The general respirator standard requires employers to establish written procedures governing selection and use, to select respirators based on a hazard assessment, to maintain appropriate surveillance of work area conditions and degree of employee exposure or stress, and to conduct regular inspection and evaluation to determine the continued effectiveness of the program, including inspections of all respirators before and after each use (29 CFR 1910.134(b), (f)). Many narrower hazard-specific standards also require employers to assess workplace conditions or inspect for compliance with requirements. See, e.g., 29 CFR 1910.272(g)(1) (grain handling).

Health standards issued by OSHA under Section 6(b) of the Act commonly contain similar provisions. The lead standard, for example, requires employers to conduct monitoring to evaluate employee exposures to airborne lead, to develop a written compliance plan to reduce exposures to the permissible level and to revise and update the plan semi-annually (29 CFR 1910.1025(d), (e)). See also 29 CFR 1910.95(c) (hearing conservation).

Where obligations such as these are involved, an inspection would be impossible if OSHA were barred from access to employer reviews of workplace conditions or performance, because the obligation is to conduct such a review. The scope and number of such requirements suggests that it would be no easy task to disentangle those parts of a comprehensive review that are voluntary from those that are not. But even where an OSHA standard includes no explicit obligation to review workplace conditions or performance to facilitate compliance with the standard, the employer is obligated to comply with the standard itself and the steps the employer has taken to assure compliance are highly relevant to enforcement of the Act. The courts have stressed that the OSH Act does not impose absolute liability on employers for noncompliance with a standard, but that it does require diligent efforts to comply, see Horne Plumbing & Heating Company v. Occupational-Safety and Health Review Commission 528 F.2d 564 (1976).

The OSH Review Commission has held that to prove a violation of the Act, the Secretary must show not only that a violative condition exists, but that the employer had actual or constructive knowledge of the condition, see CF&T Available Concrete Pumping, 15 BNA OSHC 2195, 1991-93 CCH OSHD **29,945 (No. 90-329,1993). The Secretary must show that the employer knew, or with the exercise of reasonable diligence could have known, of the violative condition, Ibid. The state of the employer's knowledge and the diligence of the methods it has employed to find and prevent violations are therefore of central importance to investigation and enforcement of the requirements of the Act. Employer reviews of safety and health conditions or practices that are relevant to compliance with a standard have a direct bearing on whether the employer has met its obligations. A policy barring OSHA from access to information of this kind would undermine enforcement of the Act.

Access to information of this kind is also essential to classification of violations and calculation of penalties. Under Section 17(j) of the Act, a penalty must be based in part on the employer's good faith. OSHA has interpreted good faith as referring to the employer's establishment of an effective safety and health program, which includes audits. Existing guidelines in the Field Inspection Reference Manual (FIRM) authorize a reduction of 25% in the penalty for employers who have implemented such programs. See FIRM page IV-14 at C.2.L(5)(b). As discussed below, OSHA is in the process of establishing initiatives, referred to as the New OSHA, that will substantially increase the discount for superior and outstanding programs.

In short, the policy you suggest would severely impair OSHA's ability to enforce the Act. The policy would undermine the agency's ability to inquire into the existence of violative conditions, to establish employer knowledge, to classify violations found, and to assess penalties.


The New OSHA

Several of the initiatives announced in the May 1995 National Performance Review report, The New OSHA, depend on the agency's acquiring a thorough understanding of the employer's worksite safety and health program, including the employer's evaluation of safety and health hazards present and the steps the employer takes to address them. The policy ORC proposes would preclude OSHA's obtaining this information.

As you know, the central concept of the New OSHA initiatives is that OSHA should emphasize the state of the employer's safety and health program, rather than simply inspecting for compliance with individual standards. Although many employers have a safety and health program the programs vary dramatically in scope and effectiveness. OSHA has prepared, with help from ORC and others, the Program Evaluation Profile ("PEP"), which is presently undergoing field testing. The PEP analyzes employer programs on fifteen factors, and assigns a numerical score for each factor. Some of the important factors include comprehensive worksite survey and hazard analysis, regular site inspection, employee hazard reporting system and response, accident and "near-miss" investigation, and injury and illness data analysis, all of which require an audit as ORC uses that term. OSHA must be able to review information concerning the employer's performance on these factors for the New OSHA initiatives to work.

OSHA's intention is that employers who score well on the PEP will obtain important benefits, including large reductions in penalties for serious violations, and elimination of penalties for other-than-serious violations. The New OSHA demonstrates an alternative means of recognizing and rewarding employer safety and health efforts that is superior or outstanding. The audit access ban ORC proposes would shield all programs, good, bad, or indifferent from inquiry. Even records of known hazardous conditions would be off limits to OSHA. The audit access ban would prevent OSHA from understanding the state of the employer's efforts and from treating employers with superior or outstanding programs differently from employers with ineffective, developmental or basic programs. The new OSHA approach on the other hand, allows a detailed assessment of employers' health and safety performance. Employers who have done a good job receive favorable treatment, while poor performance can be identified and remedied.


An Access Ban Is Unnecessary

An employer derives many significant benefits from an effective safety and health program that provides for self-audits. These benefits arise both within and outside the ambit of the OSH Act. Employers who conduct effective self-audits receive substantial advantages in OSH Act inspections compared with those who don't. We therefore do not agree that an audit access ban is necessary to induce employers to conduct audits.

An effective self-audit procedure, is part of a comprehensive safety and health program, should reduce employee injuries and illnesses, saving the employer costs resulting from absenteeism, workers' compensation and other insurance payments. An effective program may help reduce employee turnover and improve productivity. In terms of the OSH Act, the principal consequence of an effective audit program is a reduction in the number and severity of hazards, leading to a corresponding reduction in citations and penalties in the event of an inspection. A conscientious program should be particularly effective in eliminating high gravity serious, willful, repeated, and failure to abate violations, which carry by far the heaviest penalties.

In view of all these benefits, we find it difficult to believe that companies will stop implementing comprehensive safety and health programs or conducting audits if OSHA retains its present policy. Moreover, even if OSHA were to adopt a policy against inquiry into audit information, that policy would not make such information truly confidential. Occupational health audits would generally be subject to the records access rule, which guarantees a right of access to employees (29 CFR 1910.1020). If employees are represented by a union, employer information about workplace safety and health must be disclosed upon request to the union, as an incident to the company's duty to bargain in good faith about safety and health issues, see NLRB v. American National Can Company, Foster-Forbes Glass Division, 924 F.2d 518, 524 (4th Cir. 1991).

Finally, such information would apparently not be protected from disclosure in private tort litigation. The courts have generally rejected claims to withhold information of this kind in discovery under a "self-evaluative privilege." The Ninth Circuit addressed the issue in Dowling v. Amedcan Hawaii Cruises, 971 F.2d 423 (9th Cir. 1992). The court stated that voluntary audits are rarely curtailed because they may be subject to discovery in litigation. Noting that companies typically conduct such audits to avoid litigation resulting from unsafe working conditions, the court found ironic the claim that such candid assessments will be inhibited by the fear that they could later be used as a weapon in the hypothetical litigation they are intended to prevent

In short, employers who conduct effective audits derive many advantages, including advantages in the event of an OSHA inspection, from the practice. They have no need of the shield against access that you suggest which in any event could not make the audits truly confidential. We are nonetheless concerned by your statements that some employers perceive a disincentive to perform self-audits from OSHA's policies. In order to address this perception, it may help to describe relevant elements of OSHA's citation policy and the case law under the Act.

The purpose of self-audits is to find hazardous conditions and remedy them. If a self-audit discloses a condition that is a violation of the OSH Act presumably the employer will take action to correct the problem. In the event the employer permanently remedies the condition before an OSHA inspection takes place (and before the occurrence of an accident or other event triggering an inspection), including taking appropriate steps to prevent a recurrence of the violation, OSHA's practice is not to issue a citation, even though the violation may have existed within the six month statute of limitations period. If the violation has been permanently corrected on the employer's own initiative without the need for action or intervention by OSHA, the agency sees no need to spend its own limited enforcement resources addressing the problem. Further, as noted, evidence that the employer is finding and fixing problems on its own will weigh heavily in the employer's favor for purposes of good faith.

If, on the other hand, an employer has identified a violative condition in an audit and has failed to abate it, and the OSHA inspection finds the violation, a citation may issue. Even here, however, good faith efforts made in response to the audit will benefit the employer. If the employer has responded promptly to the audit and believes in good faith, although erroneously, that it has resolved the problem and come into compliance with the OSHA standard, that would tend to negate willfulness. The Review Commission has frequently held that an employer's reasonable good faith belief that its actions comply with a standard is inconsistent with willfulness, although the actions were in fact incomplete and do not fully remedy the hazard, see Calang Corp., 14 BNA OSHC 1789, 1987-90 CCH OSHD **29,080 (No. 85-319, 1990). In short, the concerns you have expressed that conscientious employers who conduct audits would expose themselves to willful citations are based on a misunderstanding of the case law and the Secretary's citation policy.

Of course, if the employer has simply ignored the audit finding of a hazardous condition, the employer will get no credit for the audit. Such an employer could benefit from a policy barring access to audit information. We see no reason, however, for rewarding an audit program that takes no action to remedy identified hazards. We expect however, that there are few employers in this category. Responsible employers who react conscientiously to audit findings will benefit themselves and their workers.

We would be pleased to meet with you to discuss the issues addressed in this letter, should you consider such a meeting useful.


Joseph A. Dear
Assistant Secretary