Your site has cameras, access controls, visitor management procedures and perhaps a security service. But can you answer these three questions with certainty?

→ Are your safety measures really effective?
→ Are they documented and traceable for an audit?
→ Do you know who has access to which areas, and since when?

For many QHSE and HSE managers, physical security is a subject they often manage alone, without a structured method, in addition to their main regulatory obligations. A physical security audit can change all that.

Physical security and QHSE: an increasingly shared perimeter

A reminder: definitions

Occupational health and safety (OHS / HSE) is concerned with protecting workers against occupational hazards: workplace accidents, occupational illnesses, exposure to chemical or physical agents. It is governed by a dense body of regulations – the Labor Code, European directives, ISO 45001 standards – and is the responsibility of the QHSE or HSE manager.

Physical security concerns the protection of the site itself against external or internal threats of human origin: intrusions, theft, malicious acts, unauthorized access to sensitive areas. It is not governed by the same legislation, is not assessed using the same tools, and is not subject to the same standards.

In many organizations – particularly SMEs and ETIs in the industrial sector – it is the QHSE manager or site director who is in charge of both. Not by choice, but by organizational default: there is no dedicated safety manager, and the QHSE is the natural point of contact for all matters concerning the protection of people and installations.

This reality has a direct consequence: physical security is sometimes managed without a structured method, without formal assessment, and often without sufficient traceability to respond to an audit. Shortcomings remain invisible – until the day of an incident, inspection or certification requirement.

This is precisely where a structured physical security audit brings value.

What is a physical security audit?

A physical security audit is not a verification of the presence of cameras or the compliance of locks. It’s a systemic assessment that examines whether existing protection measures are working together in a coherent, documented way.

A good assessment covers at least ten dimensions:

1. Governance and responsibilities: Are safety roles clearly defined? Is there a documented escalation chain in the event of an incident?
2. Access control and rights management: Are access rights checked regularly? Are the access rights of former employees and service providers deactivated when they leave?
3. Visitor, supplier and contractor management: Are reception and escort procedures formalized and applied in the field?
4. Perimeter and sensitive areas: Are fences, gates, SAS and critical areas adapted to the risk level of the site?
5. Video surveillance and alarms: Are the systems operational, correctly parameterized, and intervention procedures defined?
6. Key and badge management: Do you have an up-to-date register? Are keys recovered on departure?
7. Critical resources: Are sensitive assets (data, equipment, critical production areas) specifically identified and protected?
8. Safety awareness and culture: Are employees trained in safety procedures and expected behaviors?
9. Interface with emergency systems: Are safety procedures coordinated with HSE prevention and emergency plans?
10. Auditability and traceability: In the event of an inspection or incident, can you provide evidence that your measures are being applied?

The maturity model: understanding where you stand

An effective physical security audit doesn’t just produce a list of non-conformities. It establishes a maturity profile – a snapshot of the actual state of your system, dimension by dimension. This profile enables you to answer a concrete question: where should you concentrate your efforts in order to significantly reduce risks, without spreading resources too thinly on marginal improvements?

The five-level model (Reactive → Basic → Structured → Managed → Optimized) provides a reading grid shared by the QHSE manager, the facility manager and general management.

From assessment to management: integrating safety into NV Compliance

The value of a physical security audit lies not in the final report, but in what you do with it. The measures identified can be integrated directly into NV Compliance to :

– Assign each action to a manager with a deadline
– Monitor progress in real time
– Document implementation
– Generate reports for internal or certification audits

In this way, safety becomes a management indicator in the same way as regulatory compliance.

Quick Audit or full Assessment: which format to choose?

The Physical Security Quick Audit is ideal for sites requiring a quick initial assessment: on-site inspection, analysis of existing measures, concise report with prioritized measures and Management Summary. Ideal for SMEs or single sites.

The comprehensive Physical Security Assessment is aimed at complex industrial sites or multi-site organizations. It follows a five-step methodology (Understand → Assess → Prioritize → Improve → Control) and produces a structured roadmap (which can also be integrated into NV Compliance).

Conclusion

The physical security of your site is not a technical subject reserved for security experts. It’s a matter of governance, responsibilities and traceability – all integral parts of the QHSE perimeter. A structured audit gives you a clear vision of your real risks, the priority measures to be put in place, and the documentary basis to respond calmly to any internal or external audit.

Would you like to assess the physical security of your site? Contact us, our physical safety & HSSE expert will be happy to discuss your needs with you!

For an organization based in a single country, regulatory monitoring is already a daily challenge: legal differences between cantons – for Switzerland, for example – or local regulations, or the subtleties of ICPE classifications – for France, or other local regulations…

For a group operating in several countries, this complexity changes dimension. Each territory has its own legal framework, its own supervisory authorities, its own pace of regulatory publication, etc.
However, the obligation to comply remains the same:

• the organization must demonstrate, at all times, that it complies with the applicable requirements in each of its areas of activity
• Or, in the event of non-compliance, that it has produced action plans for restoring compliance.

Multi-site regulatory monitoring is not just an option for large groups. It’s an operational reality for every company as soon as it crosses a border.

The specificities of regulatory monitoring in an international context

Different regulatory frameworks

The first difficulty is structural: two neighboring countries can have fundamentally different approaches to the law, and in particular to HSE, energy and social regulations.

One of the reasons for this stems from the different perspectives and general principles that originally governed Roman law, Germanic law, Arab-Muslim law and so on.

It’s a subject we know well!
An industrial group with a site in France is subject to European law transposed into national law, with its own publication and updating mechanisms. Its establishment or parent company in Switzerland must meet both national and cantonal legal requirements.

A company in Morocco is governed by the Moroccan Labor Code and its implementing decrees, with distinct control procedures. However, its activities in Senegal fall within an OHADA environment for commercial aspects, but with its own local regulations in terms of health and safety and the environment.

These differences are not simply administrative and cultural. They have direct consequences on internal organization, the nature of the regulatory records to be kept, and the responsibilities incurred in the event of non-compliance.

Asymmetrical update rates and variable sources.

In some countries, regulatory texts are published on a regular and traceable basis – digital Official Journal, consolidated legislative bases, official bulletins accessible online.

In other cases, updates are less formalized, texts less centralized and sources more diverse and complex to find: monitoring requires active surveillance of multiple local sources.

This asymmetry creates a real risk: organizations tend to control their compliance better in countries where regulations are the most documented, and to underestimate their exposure in less formalized environments – where risks can be harder to anticipate.

(Local) interpretation must be assured by precise expertise.

As each country has its own legal framework, regulatory intelligence must be applied to the precise interpretation of texts in line with the legal spirit of each country.

What’s more, it’s clear that new regulations are becoming increasingly complex to understand and/or interpret, and that expert assistance is becoming indispensable

Indeed, it’s not enough to simply collect and apply a text to an organization, you have to understand it in depth and understand how it applies to the specific features of each site. This requires local support and contacts.

That’s why an effective multi-site regulatory watch always involves two levels: a common framework – a common requirement – provided at group level, and locally-anchored expertise in the field.

How to organize your multi-site regulatory watch

The template can be customized according to the group’s desired structure

Organizations that succeed in achieving international compliance often share a two-tier organization.

At group level: a central team or an expert service provider ensures methodological consistency, monitors applicable national and international texts, and produces a consolidated view of compliance across the entire scope.
👉 This level guarantees that all entities speak the same compliance language and that management has comparable indicators from one country to another.

At site or country level: a local referent – QHSE manager, legal expert or outsourced Novallia consultant – assesses compliance in the specific regulatory context of the territory. He or she integrates the obligations specific to each facility, and implements the action plan according to compliance priorities.

Centralize the framework and delegate compliance locally

The right approach: centralize the compliance assessment method, tools and steering dashboards. Decentralize monitoring of local legislation, field assessment and action plans.

The role of multi-site compliance software

What a tool should enable

Multi-site regulatory compliance software must meet three needs simultaneously:

1. The autonomy of each site: each local manager must be able to access his regulatory register within his own legal framework, update his assessments and follow up his action plans without depending on a central team.
2. Group consolidation: management must be able to obtain, in real time and without compilation work, a consolidated view of compliance across the entire scope: by country, by entity, by regulatory domain or theme, as desired (customizable in the application configuration).
3. Continuous updating of databases: regulatory texts are constantly evolving in each country. The software must integrate these updates automatically, without local teams having to monitor official sources themselves.

See our article on how to choose the right regulatory compliance tool.

NV Compliance: a solution designed and optimized for international organizations

NV Compliance is Novallia’s regulatory monitoring and compliance application. It is built around a tree structure that enables compliance to be organized by site, country and group, or even by activity or any other relevant criterion, with data consolidation at the level of each customer’s choice.

The databases cover over 30 countries – including France, Switzerland, Morocco, Tunisia and several Sub-Saharan African countries – and are continuously updated by teams of expert engineers and lawyers. Texts are not simply added to the application as they stand: they are read, interpreted, summarized and broken down requirement by requirement to facilitate conformity assessment.

Dashboards can be customized by geographical scope, regulatory database (Environment, OHS, etc.) or any other criterion specific to the Group’s organization.

Conclusion: multi-country compliance, above all an organizational risk

Multisite regulatory monitoring is an organizational challenge: how can we ensure that each local entity has access to the applicable texts, assesses them correctly, and passes on the information needed by management?

The organizations that have solved this problem have not done so by adding resources in each country. They have put in place a system – method, tool, local expertise – that makes compliance manageable, whatever the geography.

—

Would you like to assess your multi-site regulatory watch organization? Our consultants can arrange for a video and a questionnaire to help you understand your business and your geographical area.
→ Request a quote or a diagnosis of your compliance | Discover NV Compliance

Novallia is a consulting and software company specializing in regulatory monitoring and compliance, with operations in Switzerland, France, Morocco, Tunisia, Senegal and Germany.

The result: misidentified obligations, invisible non-conformities… until they become critical.

Based on a checklist we created at Novallia: “7 questions to assess your regulatory watch and compliance system”, we offer you this practical checklist to assess the maturity of your regulatory watch and identify priority areas for improvement.

What is a regulatory watch (definition)

The regulatory watch consists of :

• identify the texts applicable to a company,
• follow their evolution,
• translate these texts into operational requirements,
• assess the level of compliance,
• manage the actions required to eliminate non-conformities, i.e. to restore compliance.

Effective regulatory intelligence is more than just gathering information.
👉 It is a complete system for monitoring regulatory compliance.

1. Clearly defined responsibility

Who manages your regulatory watch? Without an identified manager :

• obligations are poorly followed,
• decisions are not traced,
• responsibility becomes blurred in the event of an inspection.

A reliable system is based on :

• a designated manager,
• a clear perimeter,
• coordination with operational teams.

2. Comprehensive coverage of activities, sites and facilities

A regulatory watch must cover 100% of the company’s actual perimeter.

Frequent points of vigilance :

• new, non-integrated sites,
• business development,
• technical installations added.

Example: A regulatory text evolves and introduces new requirements applicable to an activity already in place. If this evolution is not detected or integrated into the monitoring process, the company continues to operate according to the old regulations, creating a non-conformity that remains invisible until a control or an audit.

3. Reliable sources and structured follow-up

A regulatory watch often relies on several sources:

• Journal Officiel,
• institutional sites (prefecture, etc.)
• reference organizations,
• specialized bases.

These sources must be identified, their frequency of consultation defined and their reliability guaranteed. Without this, the system becomes uncertain.

4. Turning texts into operational requirements

This is one of the most critical points.

A raw regulatory text cannot be used as is.
It must be transformed into :

• concrete requirements,
• understandable actions,
• verifiable criteria.

Best practices, what we implement at Novallia :

• breakdown into unit requirements,
• operational data sheets,
• direct link with field activities.

This is where the difference lies between a “theoretical” watch and a really useful one.

5. Formalize conformity assessment

A regulatory watch is only valuable if it can answer a simple question:
Are we compliant?

This assessment must be :

• formalized,
• argumented,
• historicized.

It is essential to be able to demonstrate :

on what basis a requirement is deemed compliant, what evidence is involved, what decisions have been made.

6. Link each non-conformity to an action plan

Identifying a non-conformity without addressing it is tantamount to accepting the risk.

An effective system must include :

• a structured action plan,
• one manager per action,
• a clear deadline,
• follow-up.

In practice, the regulatory watch, conformity assessment and action plan must function as an integrated system, not as isolated steps.

7. Be ready for an audit at any time

A good maturity indicator is simple: can you present your regulatory monitoring system to an auditor tomorrow?

This implies :

• a structured regulatory register,
• requirements,
• a decision history,
• accessible evidence.

Without traceability, even a real device can be considered insufficient.

Common mistakes in regulatory monitoring

• monitoring limited to information gathering,
• the absence of transformation into requirements,
• an incomplete perimeter,
• a non-formalized assessment,
• unfulfilled action plans,
• a non-auditable device.

Why structure your regulatory watch today?

A structured regulatory watch enables :

• secure operations,
• limit legal risks,
• save time during audits,
• effectively manage compliance.

It becomes a genuine risk management and operational management tool.

Conclusion: towards a structured regulatory watch with tools

If you’ve been able to answer these points in the affirmative, and with a concrete response in your organization: bravo! Your watch is mature and structured.

Faced with the growing complexity of regulations, many companies are moving from a traditional monitoring system to a structured one that incorporates :

• a regulatory register,
• a requirements base,
• a conformity assessment,
• action follow-up.

This approach makes compliance measurable, controllable and demonstrable.

FAQ – Regulatory watch and compliance

What’s the difference between regulatory watch and regulatory compliance?

👉 The regulatory watch consists in identifying and monitoring applicable texts.
👉 Regulatory compliance corresponds to the result: the fact of complying with these requirements.

Is a regulatory watch mandatory?

👉 It’s not always explicitly mandatory, but it’s essential to comply with the regulatory obligations applicable to an activity.

Can you outsource your regulatory watch?

👉 Yes. Many companies choose to outsource all or part of their regulatory monitoring in order to secure their system and gain in reliability.

Conclusion

If several of these points are not under control, your regulatory monitoring system is probably weak.

Structuring your watch doesn’t just mean keeping better track of legislation.
It means setting up a system capable of transforming regulations into concrete, monitored and demonstrable actions.

Contact us to find out how we can help you set up a reliable system!

How do you define regulatory watch?

Firstly, regulatory watch is an activity that consists in identifying, on a day-to-day basis, the legal texts applicable to an organization.
Secondly, it involves monitoring the evolution of these texts: new, amended or repealed texts.

Legislative production can be national, European or international. And the regulatory fields covered may be in the HSE field: Environment, Health & Safety, Energy, Food Safety, Transport, etc., but also other rights such as HR, Finance, Data Protection, Commercial, etc.

What do companies need in terms of regulatory intelligence?

Coping with regulatory pressure or anticipating change are often the challenges of setting up a structured regulatory watch.

The aim is to be informed in real time of regulatory changes specific to the company’s activity (and also in the event of a change in activity):

• new applicable text,
• modification of an existing text,
• repeal of a text,
• draft new text

CONFORMITY OR CONFORMITY ASSESSMENT

Mise en place d’une veille réglementaire automatique et centralisée puis évaluation de la conformité :

After monitoring, we define the process to be put in place to comply with these applicable legal requirements. This is called compliance.

The aim is to assess the conformity of installations, processes, infrastructures, etc. for each applicable requirement, and to rule on compliance.

The regulatory compliance audit is a tool for assessing a site’s compliance with the regulatory requirements applicable to it, as determined during the prior regulatory watch process.

The aim of a regulatory compliance audit is therefore to assess compliance or possible non-compliance with a requirement, and to propose corrective and improvement actions for the site concerned.

This assessment enables the company to better manage and steer all its activities in line with applicable regulatory requirements, and to be fully aware of its level of compliance with regulations, standards and Group requirements.

Companies’ compliance needs

Examine the Site’s compliance with applicable regulatory requirements.
In the event of non-compliance, Sites must be able to demonstrate that they have credible Action Plans in place to deal with inspections by the authorities or in the event of an accident.

What’s the practical application?

Regulatory monitoring and compliance are sometimes used as the basis for an HSE strategy, or for ISO 45001 and ISO 14001 audits. These two processes are essential to a sound HSE strategy, especially for industrial companies.

Use cases of our NV Compliance tool for regulatory monitoring and compliance

Biopharma use cases

Use cases in

To find out more about regulatory watch?

Comment réussir sa veille réglementaire en 5 étapes?

Comment bien choisir son outil de veille réglementaire

Compliance is first and foremost a risk management tool. It enables us to identify, assess and prevent the risks associated with non-compliance with laws, regulations and standards. Accurate risk mapping is essential for setting up an effective compliance program. This proactive approach helps companies avoid accidents/incidents, sanctions, financial losses and reputational damage.

– Know (and respect) laws and standards

The primary aim of compliance is to ensure that all applicable laws and regulations are observed. This includes not only national, federal, cantonal and municipal laws, but also international regulations that may apply to the company’s activities. Beyond the legal framework, Compliance also aims to promote and enforce compliance with selected international standards within the organization, thereby reinforcing its culture of integrity.

– Strengthen its image and reputation

In a world of fast-moving information, a company’s reputation is a precious asset. A breach of compliance can have disastrous consequences for brand image. By implementing a robust compliance management system, companies protect their reputation and strengthen the trust of their stakeholders: customers, investors, partners and employees.

– Improving overall performance

Contrary to popular belief, compliance is not just a constraint, but can be a genuine performance driver. By optimizing internal processes, reducing OHS and environmental risks and promoting transparency, legal compliance contributes to operational efficiency and long-term value creation.

What’s more, if you optimize your compliance, you’ll have more time for your field activities and team relationships!

– Provide a competitive advantage

A company recognized for its commitment to legal compliance enjoys a clear competitive advantage. It is perceived as a reliable and responsible partner, which can open up new business opportunities, particularly in highly regulated sectors and markets.

Corporate Social Responsibility (CSR)

Compliance is part of a broader approach to corporate social responsibility. It helps to demonstrate an organization’s commitment to ethical and sustainable practices, thereby meeting society’s growing expectations of responsible corporate behavior.

In this sense, Compliance is the cornerstone of CSR, because before imagining and implementing voluntary measures, every company must first respect the legal system in which it operates.

– To protect against sanctions

An important objective of compliance is to prevent the legal and financial sanctions that can result from non-compliance with regulations. These penalties can be extremely severe, even threatening the very survival of a company. Compliance acts as a protective shield against these risks.

According to the Director General of the International Labour Organization:
“It’s not just working conditions that have changed over time, but also the nature of health and safety risks. And this evolution will continue in the future. With all the transformative technological, demographic and environmental changes shaping a new world of work, it’s becoming more important than ever to anticipate new and emerging health and safety risks.”

Compliance is an essential and strategic element for companies, guaranteeing the legal and ethical conformity of their activities. More than simply applying the law, it embodies a culture of integrity and social responsibility, protecting a company’s reputation and performance. By promoting transparency and proactive risk management, compliance becomes a genuine lever for competitiveness and sustainability in an increasingly demanding economic environment.

Managing and developing a business without mastering the regulations is like driving a car without ever having read the Highway Code. Doable, but terribly risky!

Identifying hazards is an essential step in the prevention process.
It consists in identifying existing hazards, then assessing the risks they present, in order to adopt the necessary measures to protect workers.

Independently of the legal obligation imposed on the employer, hazard identification helps to improve the company’s image and performance.

In fact, this preventive approach makes it possible to meet the human, social and financial challenges facing every company.

• It helps to improve working conditions and thus reduce absenteeism by preserving the physical and mental integrity of employees.
• It also helps to avoid the costs associated with an accident or occupational illness, thus preserving the company’s production capacity.
• Consequently, employee health and safety must never be dissociated from company operations.

2 Hazard identification regulations

2.1 The obligation to take the necessary measures to protect workers

Employers are required to ensure health and safety at work. This is laid down in Article 82 of the Accident Insurance Act (LAA) and Article 6 of the Labor Act (LTr).

To this end, Article 3 of the Swiss Ordinance on Accident Prevention (OPA) – which applies in principle to all companies employing workers in Switzerland – requires employers to take all protective measures and precautions necessary to prevent accidents:

• to the prescriptions of this order;
• other workplace safety provisions applicable to his company;
• recognized rules of safety technology and occupational medicine.

These protective measures must be checked at regular intervals to ensure that their effectiveness is not impaired. In the event of technical or organizational changes in the company, the employer will have to adapt them to the new conditions.

2.2 Suva’s S-T-O-P principle

Suva is one of the main pillars of the Swiss social insurance system, and has developed the “S-T-O-P” principle concerning the employer’s duty to implement protective measures.
These measures must be defined and an order of priority established for their implementation, based on the following principle:

• “S” indicates substitution measures: if possible, hazardous substances, installations and work processes should first be replaced by harmless or less hazardous products, methods and equipment.
• “T” indicates technical measures: workers must then be protected by collective protection measures (e.g. ventilation, guardrails, safety nets, etc.).
• “O” indicates organizational measures: the duration or number of employees exposed to hazards must be limited by means of training, supervision, break regulations, etc.
• “P” indicates Personal Protective Equipment (PPE): PPE can only be used as a complement to measures higher up the hierarchy, and is considered a measure of last resort.

2.3 Content and purpose of hazard identification

When the hazards are more specific and companies do not have the skills in-house, they have to call on specialists: STPS specialists, CFST engineers, occupational physicians, ergonomists, etc.).

This is the purpose of CFST directive no. 6508, which gives concrete form to the employer’s obligation to call on the services of occupational safety specialists (although it does not alter the scope of the OPA).

Identifying hazards is the first systematic step in workplace prevention. It is the central element of the MSST concept (occupational physicians and other occupational safety specialists).

Its aim is toidentify all situations, substances, equipment and processes likely to affect the health and safety of workers, and then to assess the resulting risks in order to implement appropriate and effective protective measures.

In concrete terms, the approach covers the following elements:

• Inventory of activities and workstations
  • Analysis of routine, occasional and exceptional tasks (maintenance, emergency interventions, cleaning, work at height, isolated work, etc.).
  • Consideration of actual operating modes, including possible deviations from procedures.
• Hazard identification
  • Physical: falls, machinery, moving parts, noise, vibrations, radiation, extreme temperatures.
  • Chemicals: hazardous products, gas/vapor/dust emissions, storage and handling of substances.
  • Biological: pathogens, working in damp environments or with animals.
  • Ergonomic: manual handling, awkward postures, repetitive movements.
  • Organizational and psychosocial: overwork, atypical working hours, stress, harassment.
  • Fire and explosion (ATEX): presence of combustible gases, vapors and dusts.
• Risk assessment
  • Analysis of potential severity of damage and probability of occurrence.
  • Identify and take into account existing protective measures (technical, organizational, PPE/EPC).
  • Update assessments whenever changes are made (new machine, product, organization).
• Consideration of particularly vulnerable groups
  • Pregnant or breast-feeding women: adapt workstations (avoid reprotoxic chemical agents, vibrations, carrying heavy loads, noise exposure, long night shifts).
  • Young workers and apprentices: prohibition of certain hazardous tasks, reinforced supervision, appropriate training.
• Definition and prioritization of protection measures according to the STOP principle:
  1. Substitution of hazardous products, processes or equipment.
  2. Technical: barriers, protection, ventilation, source capture.
  3. Organization: instructions, procedures, planning, limiting exposure.
  4. Personal protection (PPE): gloves, goggles, hearing protection, etc.

The ultimate aim is to reduce risks to as low a level as reasonably practicable, ensure regulatory compliance and continuously improve occupational health and safety. The results of hazard identification must be documented, monitored over time and integrated into the company’s overall prevention plan.

2.4 The employer’s civil and criminal liability

In accordance with the LAA/UVG and the Ltr, as well as the Swiss Code of Obligations and the Swiss Penal Code, the employer assumes overall civil and criminal responsibility for workplace safety.

Employers are responsible for choosing and implementing the protective measures they adopt.

Consequently, he can only be relieved of the accusation of a breach of his duty to protect workers if he proves that he has carefully selected the workers involved, trained and instructed them appropriately, and supervised them in a reasonable manner.

3 – Why choose Novallia for your hazard identification?

Novallia can help you determine the hazards in your company, using the method supported by SUVA:

3.1 Subdivide the company’s activity into business segments

Novallia offers to carry out your hazard identification based on the sectors of activity present in your company.

In fact, it’s essential to take into account “work situations” that may involve several activities and functions within your company, rather than just individual workstations.

3.2 Identify activities, work equipment and substances used

For all your business sectors, Novallia can identify the dangerous phenomena that can occur during your activities.

The aim is to identify every piece of work equipment and substance used that could pose a hazard to workers.

3.3 Identifying hazards

Novallia assesses the hazards and risks present in your company using :

• Ongoing dialogue with workers
• Scrupulous observation of actual work performed
• Field measurements by our experts to determine the presence of specific risks
• Controlling mandatory audits imposed on companies

3.4 Defining and implementing measures

After assessing the extent of the risks present in your company, our experts will advise you on the measures to be taken to eliminate them permanently or reduce them according to the S-T-O-P principle.
These may be useful recommendations for your company, or legal obligations that must be met.

3.5 Verify the effectiveness of measures by carrying out safety audits

Novallia will be with you every step of the way for all your activities.
Our experts can carry out security audits at your request, to ensure that the measures in place are always effective and up to date.

Indeed, if a decisive change or event occurs in your company, it becomes essential to carry out a new hazard assessment, and adapt it if necessary.

For more information on our services, please contact Novallia.

Safety at work in France remains a major challenge for both companies and employees, with a strong legal obligation and considerable human and economic impact.

Safety at work, a daily challenge

Safety at work is not just a matter of complying with a series of administrative rules: it’s a real culture that needs to be established to protect employees’ physical and mental health.

According to the Ministry of Labour, each employer must

• inform and train employees about risks,
• propose appropriate measures and
• improve safety at high-risk workstations, thus guaranteeing better prevention.

In France, in 2023-2024, there will be 717,719 recognized workplace accidents, of which 555,803 will result in lost time, and 759 fatalities. The main causes were manual handling (48-53%), falls (27-32%) and the use of machinery, often linked to inadequate training or failure to follow instructions.

Work-related accidents: figures and trends

According to Assurance Maladie, the number of accidents at work is declining slightly (by 1.5% in 2023), but fatalities are on the rise, underlining the need to step up prevention. Occupational illnesses, including musculoskeletal disorders and mental illnesses, are also on the rise, leading to absenteeism and long-term disability.

Why prevention needs to be stepped up

Despite the legal obligation enshrined in the French Labor Code (Articles L. 4121-1 et seq.), many companies only measure safety after an incident has occurred. Yet it is essential to develop a proactive approach:

• involve employees in drawing up instructions,
• measure danger reports and promote internal dialogue.

What to do?

Awareness-raising, ongoing training and the monitoring of indicators (number of hazards reported, equipment inspected, improvements proposed) help to really improve safety in the workplace and create a serene environment.

Legal obligations and tools available

Regulations require every company to produce a single risk prevention document, which identifies, analyzes and prioritizes the risks present in the workplace. Consulting firms (but also health services) support companies in implementing concrete actions: employee training, awareness-raising, safety culture audits or equipment audits. Finally, an effective prevention policy and good communication help to avoid accidents, reduce absenteeism and associated costs, and improve productivity.

2025: More stringent regulatory requirements

July 2025

Since July 10, 2025, the French government has stepped up occupational risk prevention. In concrete terms :

• More powers for labor inspectors, who can punish breaches even without an accident.
• Generalization of penal transactions: uncorrected discrepancies can be very costly.
• In the event of a fatal accident, liability now extends to the entire chain (employer, principal, client).
• Enhanced cooperation between labor inspectorates and law enforcement agencies.
• Increased support for victims.

October 2025

The deadline of October 1, 2025 concerns a new occupational safety regulation: from this date, employees assigned to positions requiring driving authorization or electrical clearance will no longer be subject to the usual reinforced individual medical monitoring.

• Every 5 years, the employees concerned will have to obtain a medical certificate issued by the occupational physician, confirming that they are not contraindicated in driving or in carrying out their duties.
• The certificate must be presented to the employer, who must keep a copy for the duration of its validity.
• Old notices of suitability issued before the entry into force remain valid for 5 years from their date of issue.
• If the certificate is refused, a simplified procedure before the industrial tribunal (Conseil de prud’hommes) is available to settle the dispute.
• The aim of this measure is to redeploy the medical resources of occupational health services to workplaces presenting particular risks, and to strengthen primary prevention.

This deadline strengthens traceability and the organization of prevention for specific risk jobs, while reducing the medical monitoring requirements for certain employees.

Employer obligations

• Identify the positions concerned and inform employees of the new obligation.
• Ensure that the medical examination required to obtain the certificate is organized for employees concerned by October 1, 2025.
• Keep all certificates for their period of validity, and keep the list up to date.

Prevention is the key to averting risks upstream!

Some ideas for action

• ✅ Regular risk analysis
• ✅ Targeted and ongoing training
• ✅ Maintenance and documented checks
• ✅ Compliant equipment
• ✅ DUERP and PAPRICAT updated
• ✅ Medical follow-up and traceability of actions

How can Novallia help you?

With its regulatory watch and compliance service

Keep up to date with the latest occupational health and safety regulations!

Monitoring and regulatory compliance

With its consulting services

Diagnostic sécurité

Safety culture diagnosis

Occupational risk assessment

Chemical risk assessment

With training courses

• Understand occupational health and safety issues and apply regulations
• Chemical risk regulations
• Chemical risk training for personnel
• Acquire basic knowledge of chemical hazards

Official sources

• Decree no. 2025-355 of April 18, 2025, effective October 1, 2025.
• Information on reinforced individual follow-up: FNEDT, ACISMT, Ministry of Labor.

Additional sources and resources

• Ministry of Labour, Occupational Safety
• Assurance Maladie 2023 report
• Labour code and legal obligations
• INRS key figures
• Statistics on accident causes

Safety at work is everyone’s business, and it’s thanks to collective commitment, proactive prevention and compliance with legal obligations that we can create a safer, healthier working environment!

1. What is ISO 9001: definition

ISO 9001 is an international quality management standard designed to ensure that products and services meet the requirements of customers and stakeholders, while adhering to management principles such as customer focus, leadership, people engagement, process management and continuous improvement. It establishes a framework for optimising organisation, ensuring compliance, enhancing customer satisfaction and promoting operational excellence.

The next revision of ISO 9001-2026, expected to be published in 2026 (probably in October), is progressing towards the final draft stage and is expected to have the same structure while offering modernisations.

Why these changes?

The previous version of ISO 9001 dates back to 2015.
Since 2015, many societal and social changes have taken place. For example:
In the digital sphere: data has become a major issue, as have cyber security and artificial intelligence.
New customer expectations: huge growth in e-commerce, increasing importance of social media and the customer experience designed as an omnichannel experience.
Climate and sustainability: these current issues and their consequences must also be integrated into corporate strategy and therefore into the ISO9001 standard.
Resilience to crises: implementing health and geopolitical risks and supply chain disruption issues.

2. Main changes expected for ISO 9001:2026

The changes in version 2026 are gradual but strategic, focusing on seven key areas:

1. Integration of climate change.

   As in ISO 14001 and ISO 45001, climate risks and opportunities must now be integrated into the organisation’s strategy (clause 4.1). This revision is based on the 2024 amendments, which require organisations to take climate-related risks and opportunities into account in their strategic vision, thereby strengthening environmental responsibility within management systems in general.

2. Strengthened leadership and quality culture.

   Article 5.1.1 specifies that managers must embody and promote ethics and a culture of quality at all levels. Leadership is no longer just responsible, but exemplary: it sets the tone and embodies the expected behaviours. A few examples are provided to managers to demonstrate their commitment.

3. Quality policy and strategic alignment.

   Quality policy and strategic alignment.

4. Optimised risk and opportunity management

   The reorganisation of clause 6.1 makes it easier to distinguish between risks and anticipate major opportunities for resilience. From 2026 onwards, the standard should explicitly separate the analysis of risks and opportunities in order to help organisations structure their approach, reporting and management in these two areas.

5. Employee awareness and engagement

   Awareness requirements have been expanded; quality culture and ethics must be known, understood and practised in the field. According to clause 7.3, employees must adopt behaviours that promote quality and integrity at work.

6. Technology: digitalisation, data and digital tool management.

   The standard recognises the importance of cybersecurity, software reliability and data management in measuring and controlling quality. These new requirements involve validating the digital tools used for quality management in order to guarantee the reliability and cybersecurity of processes.

7. Sustainability and stakeholders

   The expansion of the ESG (environmental, social, governance) scope now requires the inclusion of specific environmental and social performance indicators in the quality strategy, facilitating cross-functional reporting with ISO 14001 and 45001 standards.

8. Harmonisation and improved guidelines

   The addition of practical examples and improved compatibility with ISO 14001 (environment) and ISO 45001 (safety) standards simplify system integration.

3. What steps should be taken to prepare for this?

• Conduct a gap analysis in relation to the new requirements.
• Update the quality documentation and review the documentation scheme.
• Train teams, particularly senior management and managers, in quality culture, ethics and resilience.
• Adapt supply chain and supplier management to anticipate disruptions.
• Strengthen the validation of digital tools (software, AI) used to manage quality.
• Integrate customer satisfaction and feedback loops into QMS management.

4. What are the risks and opportunities associated with this update to the ISO 9001 standard?

Opportunity for improvement of the ISO 9001 standard :

• The standard proposes a sustainable, modern quality system that is connected to current issues.
• Concern for strategic alignment with the expectations of customers and stakeholders.
• More visible leadership, a culture of quality and ethics valued.
• Increased resilience to supply chain risks.
• Facilitated synergy with ISO 14001/45001 for multi-system organisations.

Risks or negative points:

• Transition costs (process updates, training, gap analysis).
• Transition costs (process updates, training, gap analysis).
• Concepts that are sometimes abstract or difficult to implement in practice (quality culture, climate context).

In conclusion: why and how should you prepare for the changes to the ISO 9001 standard and maintain your certification? Here are a few tips 👇

The new ISO 9001:2026 version is not a complete overhaul of ISO 9001:2015. It builds on the latter and develops it further by incorporating current issues such as technological change and climate and societal challenges.

The revision aims to update the standard so that it remains relevant to technological changes, new customer expectations, and climate and societal issues. After official publication in September 2026, organisations will have three years to migrate to the requirements of the new standard, with the 2015 version remaining valid until 2029.

Key steps to prepare effectively:

• Update the analysis of the context, particularly climate and ESG.
• Review how management promotes a culture of quality.
• Modernise the management of data, tools and technological biases.
• Boost customer and stakeholder engagement, strengthen risk planning and resilience.
• Follow the resources, guides, and transition training offered by certification bodies.

In conclusion: ISO 9001:2026 modernises quality by strengthening customer culture, ethics, resilience and digitalisation. The key is proactivity – engaging management, raising staff awareness and consolidating the value of the QMS in the service of customer satisfaction and continuous improvement.

Novallia supports you in understanding the new challenges posed by the standard and, thanks to its network of partners, will accompany you through the transition to 2026. Contact us!