Observation: HSE and Quality managers have documented
competence within respective disciplines. However, CEO cannot document HSE competence according to legislative requirements. It is not verified that the supplier is actively involving its sub-suppliers in its HSE and Quality training programmes. Additional training to address any gaps or risk identified as part of continuously improvement is not
verified, e.g., Human rights management training is not included in the training program.

– CEOs HSE competence according to legislative requirements
-Perform suply chain mapping and assess/map suppliers “sub supplier management”
-Additional training to address any gaps or risk identified as part of continuously improvement e.g Human rights

CEO has signed up for an HSE course for Managers in July 2021.
WE will also look into possibilities to train our personnel (at least Management) on human right management, and then include in our training matrix.

Related to training programs for our suppliers, we don’t see that we need to involve them in HSE and Quality training programs. What we normally do, is to perform audits where our suppliers have to document proper training of personnel related to delivery. What we will do, is ask for human right management training as part of audits.

We continuously, based on the market and also on audits performed on us, identify any gaps and/or risks related to our training and competence, and implement improvements (registered in WEReport/Improvement suggestions, and updated in Competence matrix and job descriptions).

Criteria for selection and approval of suppliers are not
defined.

Establish criteria for slections of WE suppliers not contracted through WM projects

WE have a procedure “How WE Contract and Manage Suppliers”. Criteria, such as “EPIM JQS registered”, ISO-certified or in compliance with ISO 9001, ISO 14001 and ISO 45001″ is now implemented in this procedure. Our “Supplier QHSE Questionnaire” secures requirements to suppliers also regarding Human rights.

Relevant stakeholders are identified. Human rights elements
are not included in the assessment.

Included human rigths elements in stakholder assessment.

Human rights will be included when contracts are updated or new jobs assigned. Human rights will also be included in our stakeholder assessments. This action is transferred to WE Improvement suggestions.

The risk processes do not cover all relevant OMS elements,
ref to findings in 5.2, 5.3, 5.4, 5.5 and 5.6.

Cover all relevant OMS elements in the risk processes

This is related to next four findings and is covered there.

Anonymous psychosocial working environment surveys
are not conducted.

Perform a anonymous psychosocial working environment survey

As WE is a small company with only 27 employees, and 5 departments, it has been considered as “impossible” to do an anonymous working environment survey, as the results will be easy to track to single persons. As mentioned, we have an anonymous report function on our intranet were our employees can chose to submit to either Safety delegate or QHSE Manager.

GDPR analysis that cover all relevant issues is not
documented (e.g., access control data).

Perform GDPR analysis to document status regarding relevant security aspects in WE

A GDPR analysis will be performed. This action is transferred to WE Improvement suggestions.
We have (after the audit) had an quarterly QHSE meeting that had a session on IT safety and security, including storage and access control.

Human rights risk management program is partly established.

Continue the work on the human rights risk management program

Human rights is already identified as a risk in our Enterprise risk register. Human rights risks are identified as an area of improvement and therefore included in our QHSE plan 2021. This will be an ongoing process, and we will implement this based on learnings from training and audits. This action is transferred to WE Improvement suggestions.

The incident reporting system does not facilitate
systematic root cause analysis.

Facilitate systematic root cause analysis through the incident reporting system

This will be implemented in our Incident module in WEReport. This action is transferred to WE Improvement suggestions.

There is limited system for formally investigating HSE and
Quality events/ incidents.

Continue the work on the investigation system.

We have personnel that is experienced investigators, and we offer our competence to our customers. This will be formalised in our new procedure “How WE Investigate” (under development). This action is transferred to WE Improvement suggestions.

A system to secure full compliance with statutory requirements for reporting (notification matrix) is not defined.

Secure compliance with statutory requirements for reporting trough information sheet on HR sharepoint homepage, or/and develope statutory requirements for reporting matrix.

We have a notification matrix, but it is not easily accessible, and we miss some contacting details. This well be implemented. This action is transferred to WE Improvement suggestions.

Defined competence requirements for personnel
performing audits and verifications are not verified.

Define in governing documents

We will implement auditor requirements in our competence matrix, and job descriptions. This action is transferred to WE Improvement suggestions.
We will secure that human rights/social performance is included in audit scope for coming audits (already implemented in planned activities).

Management review does not include assessment of
human rights elements. Trend analysis from performed verification activities are not included in management review.

Include assessment of human rights elements and trend analysis from performed verification activities in management review

Human rights will be included in Management Review for 2021. This is also included as an improvement suggestion in WEReport.

WE has developed an Audit, Review and Verification (ARV) software where we register all ARV activities and findings from these. As part of our continuous improvement, trends will be implemented in this software and a trend analysis will be secured in our next Management Review.
This action is transferred to WE Improvement suggestions.

An assessment documenting compliance with ISO 45001
is not verified.

GAP MS and 45001.

As shown in audit, we have started on a GAP-analysis toward ISO 45001. This will be focused on and finalised. This is also included as an improvement suggestion in WEReport.

No involvement with HSE through industry or trade
associations. Additional features to OMS are not verified.

Options regading assosiations will be maped and discussed.

We have assessed possible associations where WE could get involved. But the nature of our business prevent us from contributing to the forums we believe are relevant, such as NOROG’s Driller Management Forum and HSE Forum. These are not available for suppliers (we are the operators’ drilling department). Anyway, we will look again at which possible memberships it can be interesting and useful to contribute to. This is also included as an improvement suggestion in WEReport.

Close all actions in EPIM JQS

Secure that all findings registered online on EPIM JQS are closed in due time

2021: Most of the actions were closed within deadline. A lot of work has been put forward to update the Incident reporting module in WEReport. It has been very time demanding. A reporting matrix has been made.
06.01.2022: Human rights and trending has been put into management review template for 2022. We are working on the incident module.
18.02.2022: A long list of modifications on the Incident module has been put forward to Software developer, including root cause.
13.05.2022: Incident module is ready to be launched.

Observation: HSE and Quality managers have documented
competence within respective disciplines. However, CEO cannot document HSE competence according to legislative requirements. It is not verified that the supplier is actively involving its sub-suppliers in its HSE and Quality training programmes. Additional training to address any gaps or risk identified as part of continuously improvement is not
verified, e.g., Human rights management training is not included in the training program.

– CEOs HSE competence according to legislative requirements
-Perform suply chain mapping and assess/map suppliers “sub supplier management”
-Additional training to address any gaps or risk identified as part of continuously improvement e.g Human rights

CEO has signed up for an HSE course for Managers in July 2021.
WE will also look into possibilities to train our personnel (at least Management) on human right management, and then include in our training matrix.

Related to training programs for our suppliers, we don’t see that we need to involve them in HSE and Quality training programs. What we normally do, is to perform audits where our suppliers have to document proper training of personnel related to delivery. What we will do, is ask for human right management training as part of audits.

We continuously, based on the market and also on audits performed on us, identify any gaps and/or risks related to our training and competence, and implement improvements (registered in WEReport/Improvement suggestions, and updated in Competence matrix and job descriptions).

Criteria for selection and approval of suppliers are not
defined.

Establish criteria for slections of WE suppliers not contracted through WM projects

WE have a procedure “How WE Contract and Manage Suppliers”. Criteria, such as “EPIM JQS registered”, ISO-certified or in compliance with ISO 9001, ISO 14001 and ISO 45001″ is now implemented in this procedure. Our “Supplier QHSE Questionnaire” secures requirements to suppliers also regarding Human rights.

Relevant stakeholders are identified. Human rights elements
are not included in the assessment.

Included human rigths elements in stakholder assessment.

Human rights will be included when contracts are updated or new jobs assigned. Human rights will also be included in our stakeholder assessments. This action is transferred to WE Improvement suggestions.

The risk processes do not cover all relevant OMS elements,
ref to findings in 5.2, 5.3, 5.4, 5.5 and 5.6.

Cover all relevant OMS elements in the risk processes

This is related to next four findings and is covered there.

Anonymous psychosocial working environment surveys
are not conducted.

Perform a anonymous psychosocial working environment survey

As WE is a small company with only 27 employees, and 5 departments, it has been considered as “impossible” to do an anonymous working environment survey, as the results will be easy to track to single persons. As mentioned, we have an anonymous report function on our intranet were our employees can chose to submit to either Safety delegate or QHSE Manager.

GDPR analysis that cover all relevant issues is not
documented (e.g., access control data).

Perform GDPR analysis to document status regarding relevant security aspects in WE

A GDPR analysis will be performed. This action is transferred to WE Improvement suggestions.
We have (after the audit) had an quarterly QHSE meeting that had a session on IT safety and security, including storage and access control.

Human rights risk management program is partly established.

Continue the work on the human rights risk management program

Human rights is already identified as a risk in our Enterprise risk register. Human rights risks are identified as an area of improvement and therefore included in our QHSE plan 2021. This will be an ongoing process, and we will implement this based on learnings from training and audits. This action is transferred to WE Improvement suggestions.

The incident reporting system does not facilitate
systematic root cause analysis.

Facilitate systematic root cause analysis through the incident reporting system

This will be implemented in our Incident module in WEReport. This action is transferred to WE Improvement suggestions.

There is limited system for formally investigating HSE and
Quality events/ incidents.

Continue the work on the investigation system.

We have personnel that is experienced investigators, and we offer our competence to our customers. This will be formalised in our new procedure “How WE Investigate” (under development). This action is transferred to WE Improvement suggestions.

A system to secure full compliance with statutory requirements for reporting (notification matrix) is not defined.

Secure compliance with statutory requirements for reporting trough information sheet on HR sharepoint homepage, or/and develope statutory requirements for reporting matrix.

We have a notification matrix, but it is not easily accessible, and we miss some contacting details. This well be implemented. This action is transferred to WE Improvement suggestions.

Defined competence requirements for personnel
performing audits and verifications are not verified.

Define in governing documents

We will implement auditor requirements in our competence matrix, and job descriptions. This action is transferred to WE Improvement suggestions.
We will secure that human rights/social performance is included in audit scope for coming audits (already implemented in planned activities).

Management review does not include assessment of
human rights elements. Trend analysis from performed verification activities are not included in management review.

Include assessment of human rights elements and trend analysis from performed verification activities in management review

Human rights will be included in Management Review for 2021. This is also included as an improvement suggestion in WEReport.

WE has developed an Audit, Review and Verification (ARV) software where we register all ARV activities and findings from these. As part of our continuous improvement, trends will be implemented in this software and a trend analysis will be secured in our next Management Review.
This action is transferred to WE Improvement suggestions.

An assessment documenting compliance with ISO 45001
is not verified.

GAP MS and 45001.

As shown in audit, we have started on a GAP-analysis toward ISO 45001. This will be focused on and finalised. This is also included as an improvement suggestion in WEReport.

No involvement with HSE through industry or trade
associations. Additional features to OMS are not verified.

Options regading assosiations will be maped and discussed.

We have assessed possible associations where WE could get involved. But the nature of our business prevent us from contributing to the forums we believe are relevant, such as NOROG’s Driller Management Forum and HSE Forum. These are not available for suppliers (we are the operators’ drilling department). Anyway, we will look again at which possible memberships it can be interesting and useful to contribute to. This is also included as an improvement suggestion in WEReport.

Close all actions in EPIM JQS

Secure that all findings registered online on EPIM JQS are closed in due time

2021: Most of the actions were closed within deadline. A lot of work has been put forward to update the Incident reporting module in WEReport. It has been very time demanding. A reporting matrix has been made.
06.01.2022: Human rights and trending has been put into management review template for 2022. We are working on the incident module.
18.02.2022: A long list of modifications on the Incident module has been put forward to Software developer, including root cause.
13.05.2022: Incident module is ready to be launched.