Safety and Security 101: What HR Professionals Need to Know

The Safety and Security function deals with both enterprise and employee safety and security. It includes the organization's efforts to prevent and/or mitigate loss, risks to or from staff, threats to its physical assets, damage to its technology and intellectual property, or risks of any other kind arising from all elements surrounding the work environment. Safety and security encompasses two overlapping areas of practice, sometimes treated separately and sometimes combined, as appropriate.

Workplace safety

Workplace safety is a process that seeks to eliminate or reduce risks of injury or illness to employees. The chief aim of workplace safety is to protect an organization's most valuable asset—its people. Workplace safety is achieved through a variety of methods, including policies, procedures and specific hazard control techniques.

Policies and procedures are devised and integrated into the organization's overall management and administrative processes. They usually involve specific job task procedures established for working with or around equipment, hazardous environments or other forms of high-hazard conditions. Safety procedures and policies include accountability requirements to ensure that prescribed practices are followed.

Safety professionals apply a well-recognized hierarchy of measures to eliminate or control specific workplace hazards. The measures are applied as part of an orderly decision-making process, as follows:

Substitution. Can the existing process, material or equipment be replaced with a less hazardous process, material or equipment?

Isolation. Can barriers or limits be placed between people and the hazard? This could be physical barriers, time separation or distance.

Ventilation. Can the potential hazardous airborne substances be ventilated through dilution or capture?

Administrative controls. Can the hazards be effectively mitigated through specialized operating practices? Examples include restricting access to certain high-hazard areas to authorized personnel only, adjusting work schedules or adopting preventive maintenance programs to address potential equipment breakdown.

Personal protective equipment. If the preceding methods are not sufficient or feasible, can personal protective equipment be provided (e.g., safety glasses, gloves, hard hats, hearing protection, safety footwear, respirators)?

Workplace security

The chief aim of workplace security is to protect employees from internal and external security risks. Workplace security has gained much attention in the last several years due to an increase in workplace violence, the necessity of background investigations of prospective and current employees, Internet- and technology-based security needs, threats of terrorism, and increased legal liability to organizations for not taking reasonable measures to safeguard the workplace due to security threats.

Workplace security risks vary depending on an organization's business, its location and its hours of operation. A fundamental element of any workplace security initiative is a security risk assessment. Risks need to be properly identified to establish appropriate methods, either procedural or physical barriers and systems.

The scope of workplace security has continued to expand. Depending on the nature of the business and related security risks, organizations may need to address the following:

• Establishing a formal security function.
• Establishing computer, e-mail, and Internet policies and procedures.
• Including non-compete agreements and other types of clauses in employment contracts for the protection of proprietary information and intellectual property.
• Developing crisis management and contingency plans.
• Establishing theft and fraud prevention procedures.
• Developing workplace violence prevention procedures.
• Installing premises security systems.
• Developing restricted-access policies and key-control procedures.

Member Resource: Visitors Policy & Procedures

Legal Framework

The primary federal law affecting safety in the workplace is the Occupational Safety and Health Act of 1970 (OSH Act) which is designed to protect the health and safety of every American worker and placed the primary responsibility for health and safety on the employer. OSH Act regulations are commonly referred to as "standards" and are divided into separate standards for general industry, construction and maritime. Employers must comply with all applicable standards enforced by the Occupational Safety and Health Administration (OSHA). Employers must also comply with the general duty clause of the OSH Act, which requires employers to keep their workplace free of serious recognized hazards. See What You Need to Know About OSHA and How to Determine Regulatory Requirements for Safety.

Many OSH Act standards include explicit safety and health training requirements to ensure that workers have the required skills and knowledge to safely do their work. See Training Requirements in OSHA Standards.

The OSH Act also includes specific recordkeeping and reporting requirements.

Workplaces are subject to inspection by OSHA compliance safety and health officers and employers are subject to citations and penalties for violations of OSHA standards or serious hazards.

For a detailed overview of the OSH Act, see the U.S. Department of Labor's Employment Law Guide: Occupational Safety and Health.

Workplace security raises a wide variety of legal issues involving constitutional and common law protections as well as federal and state statutes. Laws implicating workplace monitoring, surveillance and searches include, for example:

• Individual privacy rights.
• Fair Credit Reporting Act.
• National Labor Relations Act.
• Federal and state wire-tapping laws.
• California Privacy Rights Act of 2020.

Facets of Safety and Security

Safety and security has a number of facets common to all areas of HR practice but applied in specific ways in the context of the functional area.

Careers

The human resource professional is becoming increasingly responsible for workplace safety and security matters such as safety program development, OSH Act compliance, policies and procedures for protecting trade secrets, the risk of violence in the workplace and general workplace access. HR professionals should at least understand basic information, concepts and techniques involved in workplace safety and security.

Workplace safety professionals and workplace security professionals may have similar or distinct roles and responsibilities in the workplace. Examples of safety and security job titles include:

• Occupational Health and Safety Specialists and Technicians
• Health and Safety Engineers
• Information Security Analysts

Communication

The overall effectiveness of workplace safety and security measures will depend on an organization's ability to effectively communicate safety and security goals and objectives, as well as the applicable policies, practices and processes.

A strategy needs to be devised and implemented in a manner that supports the goals and objectives. Steps would include:

First, identify the most important communications involving workplace safety and security issues, and establish a baseline for later comparison.

Next, establish goals and objectives to enable implementation and monitoring of carefully targeted measures.

Finally, follow-up is critical. Outcome data must be obtained to determine if the communication plan has worked and if it continues to have a positive impact.

An effective safety and security communication strategy also identifies the intended audience, the tools to be used, a timeline and a budget. Tools may include the following: internal memos, internal e-mails, intranet postings, webinars, virtual meetings or training, review of new safety and security policies in department meetings or training.

Here are a few basic questions that should be addressed in a safety and security communication plan for a targeted audience:

How do these policies and procedures affect my safety and security in the workplace?

What are my employer's expectations for my involvement in safety and security programs?

What are my job requirements as they relate to safety and security?

What regulations apply to my job?

Effective practices

Workplace safety and security is effective only when programs, policies and procedures achieve their stated objectives—to prevent harm to people, property and the environment. Best practices vary depending on the scope of the specific safety and security measures.

Building a world-class safety and security program takes time, dedication and commitment. Safety and security programs have many effective practices in common. Organizations should have a written safety and security program that addresses operation-specific hazards and security threats. Management must be visibly supportive and involved, and employees must actively provide feedback and contribute toward policy formation and implementation. Operation-specific hazard mitigation and control measures must be customized for the work site.

Premises security measures, key control, workplace violence prevention, weapons policies and data security measures will vary from organization to organization. OSHA regulations and specific safety policy requirements differ depending on the applicability of certain standards (e.g., hazard communication, machine safeguarding, control of hazardous energy, personal protective equipment).

Effective programs are characterized by:

• A supportive organizational culture with strong top-management support. Without strong support from the top, the safety and security program will have limited effectiveness.
• Goals and objectives linked to the organization's strategic plan.
• Measurement systems (scorecards and other metrics) that tie program successes to business performance measures.
• Clearly assigned responsibility and accountability for safety and security.
• Vertical integration of all procedures from the front line to the top executives.
• Effective training, education and development processes to ensure transfer of new knowledge, skills and abilities to the workplace.
• Hazard mitigation and control, as well as security risk identification, elimination and control methods throughout the organization. These methods are based on sound technical analysis, with interventions structured to properly control or eliminate risks and hazards on a site-specific basis.
• Integration of global threats and safety exposures into safety and security measures.
• Built-in compliance.
• Constant monitoring for improvement, regardless of past success.
• The expectation that safety and security are a way of life, not just an add-on or something done simply for the sake of compliance.

Safety programs are considered "effective" if, for example, proactive measures for hazard mitigation and control exist and there have been very few, if any, employee injuries. In other organizations, "effective" may be expressed as a 50 percent reduction in the previous year's injury rate. For still others, the emphasis may be more on leading indicators such as near-miss responses, safety perception survey data, and safety and security program participation rates.

Effective workplace security programs may be measured by virtue of how well prevention practices are adequately executed (e.g., background checks completed, bag checks completed, security incident log outcomes, number of security breaches). The remote workforce has elevated concerns about data privacy risks and employers must also take steps to protect company data and systems. See The Weakest Link in Cybersecurity.

Global safety and security

An organization's safety and security policies, procedures and practices may need to be developed, revised and implemented as a consequence of its presence in a foreign country. Understanding and following a host country's relevant laws and regulations and establishing the organization's own safety and security measures are essential.

Compliance with the U.S. safety regulations will not be adequate or even appropriate when operating in other countries, which have their own labor and safety regulations. OSHA itself has recognized the need for global consistency in, for example, chemical labeling and classification and has adopted the Globally Harmonized System of Classification and Labelling of Chemicals.

Understanding various global risks is necessary to formulate appropriate safety and security policies. Threats of terrorism against certain country nationals in particular countries are a fact of life in doing business globally, for example. Accordingly, safety and security measures may include policies regarding travel during national/international unrest, as well as special compensation arrangements, such as hazard pay. See How can an organization ensure the safety and security of expatriates and other employees in high-risk areas?

Geographic, cultural and technological factors also pose challenges in developing safety and security plans that integrate a variety of jurisdictional imperatives and cultural norms.

Metrics

Human resource professionals must establish meaningful safety and security metrics to determine how safety and security programs and practices contribute to the business. Relevant metrics may include the following:

• Injury and illness rates.
• Workers' compensation costs per employee.
• Workers' compensation incidence rates.
• Workers' compensation severity rate.
• Safety and security team initiatives completion rate.
• At-risk behavior reduction.
• Observation of safety behavior.
• Compliance trainings.
• Near-miss responses.
• Safety and security committee activities.
• Six sigma.
• Trend analysis.

Continuous improvement in the workplace safety and security function can be achieved only when safety and security systems are measured and connected to established goals. Metrics can demonstrate that security risk reduction, accident prevention and associated investments are having a positive impact on the business. See Developing Effective Safety Management Programs.

Technology

Employers use various forms of technology to manage information that flows through the human resource and related functions—including safety and security. Human Resource Information Systems (HRIS) provide a means to sort employee information so it can be readily used for record keeping, reporting and business decision-making. A wide variety of systems with differing levels of functionality are available.

Workplace safety and security can benefit tremendously from technology by facilitating acquisition and analysis of injury and illness data, injury costs per employee, training documentation and management, performance management, electronic communications, digital access key login information, security camera data management, and identity theft protection, among other benefits.

Member Resource: Expectation of Privacy Policy

Specific Practices

Certain safety and security practices particularly concern employers in almost any industry or sector.

Business continuity and recovery, and emergency response

Business continuity and recovery and emergency response are important elements of a safety and security program. Developing, implementing and managing these policies and procedures satisfy the goals of mitigating harm to people, property and the environment. These programs also establish methods to aid the organization in returning to pre-event operational status—a critical goal in reducing the impact to the business. See Managing Through Emergency and Disaster.

Substance abuse prevention is an essential element of an effective workplace safety and security program. Properly implemented preventive programs—including drug and alcohol testing—protect the business from liability. However, these programs require a specific structure and implementation strategy and must be carefully planned and executed to avoid legal landmines. Policies and procedures must be established consistent with federal and state law. An employer will need to determine which of the various testing procedures it will deploy as part of the program. See What Is a 'Safety-Sensitive' Job Under State Marijuana Laws?

Monitoring, surveillance and searches

Monitoring, surveillance and searches have always been a source of tension between employers and employees, particularly when employees are represented by a union. Individual privacy issues versus the employer's interest in maintaining a safe and secure workplace often involve intense conflict.

Monitoring, surveillance and searches are permissible provided the employer follows applicable federal and state laws. Private employers' random searches of an employee's personal property, such as purses, lunch boxes, briefcases and coats, are generally permissible with advance notice. Electronic data monitoring, surveillance and searches typically require an employer to adopt policies limiting employees' expectation of privacy and providing for notice.

Monitoring, surveillance and searches also serve to safeguard sensitive information and to combat identity theft, as well as theft or sabotage of confidential information and protected intellectual property. See Managing Workplace Monitoring and Surveillance.

Member Resource: Cameras in the Workplace Policy

Risk management

Risk management is a broadly used term. It means different things to different people from different industries. Fundamentally, risk management is the process of assessing exposures to loss within an operation and determining how best to eliminate, manage or otherwise reduce the risk of an adverse event from having a negative impact on the business. Risk reduction is achieved through policies and procedures, or through contractual transfer of the risk to a third party, typically an insurance company. Risk elimination is achieved through avoidance.

Human resource risk management, and its effect on workplace safety and security, means that evaluating strategic, operational, and employee- and compliance-related risks is a comprehensive process and involves determining how best to manage the identified risks and their potential impact and devising strategies to control exposures. Some of the key risk management concerns that HR professionals typically address, in addition to the basic safety and security risks, are those relating to identify theft and security breaches, Sarbanes-Oxley compliance, and information technology vulnerabilities.

Specific risk issues faced by HR professionals responsible for workplace safety and security include communicable disease prevention (including risks associated with pandemic viruses), environmental health, terrorism and violence. Each of these specific risk issues present many challenges to HR professionals.

Concerning communicable diseases, organizations need to balance an employee's privacy rights with the employer's responsibility to provide a safe and healthy workplace. This is not an easy task. See Managing Through Flu and Other Epidemics in the Workplace.

Environmental health hazards vary by organization. Common environmental exposures include those relating to smoking, indoor air quality and toxic substances used in the operation.

Terrorism is a global issue. In light of the increasing risk of terrorism, HR professionals need to address travel policies and known threats such as war and local unrest in countries where their organizations do business.

Violence in the workplace has been associated with the cost of doing business. The growing homicide rate is a real concern. Homicide is the third most common cause of on-the-job death for men and it is the leading cause of on-the-job death for women. An effective workplace safety and security program must contain policies, procedures and strategies for reducing and eliminating risks and workplace violence. From background checks to premises security, the employer has a tremendous responsibility and obligation to develop procedures for preventing violence. See Understanding Workplace Violence Prevention and Response.