Ecesis EHS Software

PSM Compliance
Audit Guide

Compliance audits are the verification mechanism that ensures your PSM program is actually working as intended. Under 29 CFR 1910.119(o), employers must certify that they have evaluated compliance with the PSM standard at least every three years. The audit must be conducted by qualified personnel and result in documented findings that the employer must then correct. A well-conducted audit identifies gaps before OSHA does, protects workers, and demonstrates due diligence. Ecesis PSM software supports audit readiness with centralized documentation across all 14 elements and compliance tracking that maintains audit-ready records at all times.

Audits must comprehensively evaluate all 14 elements every three years
At least one auditor must be knowledgeable in the specific process being audited
Findings must be corrected with documented responses and retained for two audit cycles

What OSHA Requires

Under 29 CFR 1910.119(o), the employer must:

  • Certify that they have evaluated compliance with the provisions of 29 CFR 1910.119 at least every three years to verify that the procedures and practices developed are adequate and are being followed
  • Use at least one person knowledgeable in the process to conduct the audit
  • Develop a report of the audit findings
  • Promptly determine and document an appropriate response to each finding
  • Document that deficiencies have been corrected
  • Retain the two most recent compliance audit reports

Step-by-Step Implementation

Plan the Audit

Effective PSM audits require thorough planning. Develop an audit plan that addresses:

  • Scope: All 14 elements of PSM for each covered process
  • Schedule: Ensure the audit is completed within the three-year cycle. Schedule well in advance to allow for preparation and resource allocation
  • Audit team: Select auditors with appropriate qualifications (at least one person knowledgeable in the process, and ideally at least one person with PSM auditing experience)
  • Logistics: Access to documents, interview schedules, field inspection access, and management availability for opening and closing meetings

Develop Audit Protocols

Create detailed audit checklists for each of the 14 PSM elements. For each element, the protocol should verify:

  • Written procedures or plans exist as required
  • Documentation is complete and current
  • Practices in the field match written procedures
  • Training records demonstrate competency of involved personnel
  • Deadlines and frequencies are being met (PHA revalidation, training refreshers, equipment inspections, procedure certifications)
  • Previous audit findings have been corrected

Combine document review, personnel interviews, and field observations for a comprehensive evaluation.

Conduct the Audit

Execute the audit systematically:

  • Opening meeting: Review the audit scope, schedule, and methodology with facility management
  • Document review: Examine written programs, procedures, records, and documentation for each element
  • Interviews: Talk with operators, maintenance personnel, supervisors, and management to verify understanding and implementation
  • Field verification: Walk process areas to confirm that documentation matches actual conditions (P&IDs match installed equipment, procedures are accessible, safety systems are functional)
  • Closing meeting: Present preliminary findings to management

Manage Findings to Closure

After the audit, complete the formal reporting and corrective action process:

  • Prepare a written audit report documenting findings for each element evaluated
  • For each finding, document the employer's response (accept, reject with rationale, or modify)
  • Assign corrective actions with responsible parties and due dates
  • Track corrective actions to completion and document the closure
  • Retain the report for at least two audit cycles (approximately six years)
  • Use findings to improve the PSM program and inform the next audit cycle

Common Pitfalls to Avoid

Treating the audit as a documentation exercise without verifying that practices in the field match written programs
Using auditors who lack specific process knowledge and cannot evaluate technical adequacy
Generating findings without a tracking system for corrective action completion
Missing the three-year deadline because audit planning started too late

How Software Supports This Element

Ecesis PSM software supports audit readiness and compliance verification:

Need help implementing Compliance Audits? Ecesis process safety management software provides the tools to build and maintain a compliant program for this and all other 14 PSM elements. Learn more about Ecesis PSM software or contact us to schedule a free 30-minute demo.

Frequently Asked Questions

Can we use internal employees for PSM audits?

Yes. OSHA does not require external auditors. However, auditors should be objective and not audit their own work. Best practice uses a combination of internal personnel with process knowledge and at least one team member with audit methodology experience who is independent of the area being audited.

How long should a PSM audit take?

Duration depends on facility complexity and the number of covered processes. A small facility with one covered process might complete an audit in 3 to 5 days. Large facilities with multiple processes and extensive documentation may require 2 to 4 weeks. Do not rush the audit to meet an arbitrary timeline.

What if we cannot correct a finding before the next audit?

Document the response to the finding, including a corrective action plan with milestones and a target completion date. If interim protective measures are needed, document those as well. OSHA expects prompt attention to findings but recognizes that some corrections (such as capital projects) require longer timelines.

Do we need to audit contractor compliance?

Yes, the compliance audit should evaluate your implementation of the contractor element (1910.119(h)), including whether you are evaluating contractor safety performance, providing required hazard information, maintaining the contractor injury log, and periodically evaluating contractor fulfillment of their obligations.

What records support audit readiness?

Auditors typically review: employee participation plan, PSI documentation, PHA reports and finding resolutions, operating procedures with annual certifications, training records, contractor evaluations, PSSR documentation, mechanical integrity inspection records, hot work permits, MOC records, incident investigation reports, emergency action plan, and the two most recent audit reports.

Ecesis PSM Compliance Software

PSM Software

Centralized platform to manage all 14 PSM compliance elements

Management of Change

Submit, route, and approve change requests through defined workflows

Incident Investigation

Report, investigate, and track corrective actions to completion

Training Management

Deliver and track PSM training with comprehension verification

Mechanical Integrity

Schedule inspections, track deficiencies, and manage maintenance

PSM Compliance Calendar

Track deadlines across all 14 elements automatically

Related PSM Resources

PSM Software Implementation Guide 14 PSM Elements PSM Requirements PSM Compliance Calendar Hazard Analysis

What Is Ecesis?

Ecesis is a leading EHS Software Solution that has been helping companies around the world reach their EHS goals since 1993.

Get in Touch

1499 West 120th Avenue
Suite 110
Westminster, CO 80234
(720) 547-5102 (866) 733-6912 Click To Email Us

Connect With Us

EHS Software on LinkedIn EHS Software on Facebook EHS Blog

Copyright © 2026 EnviroData Solutions, Inc.

Terms of Use    Privacy Statement    Cookies