Sarbanes-Oxley and OSHA



Compliance Sarbanes-Oxley and OSHA
Compliance Sarbanes-Oxley and OSHA

The Sarbanes-Oxley Act

The Sarbanes-Oxley Act of 2002 is mandatory. ALL organizations, large and small, MUST comply. Sarbanes-Oxley and OSHA training programs.

This website is intended to assist and guide. It provides information, and identifies resources, to help ensure successful audit, and management. Whether you are entirely new to the Sarbanes-Oxley legislation, or whether you have an established strategy, this portal should hopefully prove to be of substantial value


The legislation came into force in 2002 and introduced major changes to the regulation of financial practice and corporate governance. Named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, it also set a number of deadlines for compliance.

The Sarbanes-Oxley Act is arranged into eleven titles. As far as compliance is concerned, the most important sections within these are often considered to be 302, 401, 404, 409, 802 and 906.

An over-arching public company accounting board was also established by the act, which was introduced amidst a host of publicity.

Sarbanes-Oxley Compliance

Compliance with the legislation need not be a daunting task. Like every other regulatory requirement, it should be addressed methodically, via proper analysis and study.

Also like other regulatory requirements, some sections of the act are more pertinent to compliance than others. To assist those seeking to meet the demands of this act, the following pages cover the key Sarbanes-Oxley sections:


Having studied the above pages, even if you are considering using an external consultant or legal expert, it is well worth taking some basic steps to enhance your position immediately. This not only demonstrates due diligence, but may well reduce the consultancy costs themselves.

One area that perhaps falls into the category is security. In many respects security underpins the requirements of the Sarbanes-Oxley Act. It is therefore important to quickly establish a credible and detailed security policy, which can often be done readily via off the shelf packages.

Finally, perhaps the most important statement on the entire web site: don’t put off until tomorrow what can be done today! With other legislation and regulation we have seen far too often organizations leave compliance until the last few days, and subsequently suffer adverse consequences.


OSHA and Active Shooter Compliance
OSHA and Active Shooter Compliance


(UpDated by Presidential Executive Order)

On September 8, 2011, OSHA issued a compliance directive on workplace violence that outlines enforcement procedures for OSHA field officers in determining whether and how to investigate employers for instances of alleged workplace violence.

Relying on OSHA’s General Duty Clause (which requires employers to maintain workplaces “free from recognized hazards that are causing or are likely to cause death or serious physical harm).”

“Recognized Hazards”

In a workplace where risk of violence and serious personal injury are significant enough to be “recognized hazards”, the general duty clause would require employers to take steps to minimize these hazards.

Failure could result in the finding of an OSH Act violation.

Recent court rulings relative to liability lawsuits have shown active shooter scenarios are now considered a “recognizable hazard” to employees.

OSHA may cite and fine employers for failing to provide workers with adequate safeguards against workplace violence after an investigation.

Liability & Probability

Courts are finding fault with employers.

(2013 court decision – Hennepin County, Minneapolis MN)

The court found fault with employer for negligence and failing to train their employees

“Liability is on the employer to train their employees to recognize the indicators of the potential active shooter and how to respond when they are faced with an actual active shooter incident”

OSHA’s directive focuses on two primary questions:

  • Did the employer recognize potential hazards in the workplace?
  • Are there feasible means of preventing or minimizing such hazards?

Train employees

  • OSHA encourages employers to implement training and notification programs/systems to educate employees on the known risks for workplace violence and the steps that can be taken by employees to minimize the potential for workplace violence.
  • Employers should inform employees what has been done to mitigate the risks and what mechanisms are available for reporting hazards or incidents that occur.
  • Management and supervisors should be trained on how to effectively respond to workplace emergencies and employee complaints of workplace hazards.

Reassess hazards periodically

  • An initial evaluation and implementation of precautions to minimize the risk of workplace violence is a critical first step; however, OSHA says that employers should also periodically reassess the potential for workplace violence. Employers may consider a regularly scheduled evaluation of whether or not the mechanisms in place to reduce workplace violence are effective and whether there are other mechanisms that can be introduced to further protect employees. Trainings should be repeated periodically and updated based on any changes in procedure or risks


(UpDated by Presidential Executive Order)

SEC. 5. Duties

(a) Each employer —

(1) Shall furnish to each of his employees employment and a place of employment            which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees;

(2) Shall comply with occupational safety and health standards promulgated under            this Act.

(b) Each employee shall comply with occupational safety and health standards and all rules, regulations, and orders issued pursuant to this Act, which are applicable to his own actions and conduct.

Training assists business with the following to minimize costly aftermath calculations:

  1. Prepare an action plan
  2. Enroll in an active shooter educational program
  3. Review Company Survival Profile & Engage the “Winning Mindset

Aftermath Costly Calculations:

  • The threat will never be fully eliminated
  • Active assailants seek to do as much damage as possible
  • Active shooting events trigger customers to take business elsewhere regardless if there is a connection or not between the shooter and the business
  • Business continuity is disrupted across the entire enterprise network, impacting customers, employees, investors, operations, revenue stability regardless of incident location
  • Employee productivity and confidence undermined
  • Death and injury lead to general liability, worker’s compensation and other casualty insurance claims in addition to litigation
  • Property damage can shut down operations and revenue during repair

Aftermath Costly Calculations – Action Plan:

  • Crisis management planning starts with documented training of employees on proactive survival options, mental preparation and integrated planning
  • It is imperative companies train employees on how to survive reducing risk and mitigating potential damage

Filed under: Compliance Sarbanes-Oxley and OSHA


Chris Grollnek / Active Shooter Prevention Expert | Policy Strategist