Skip to content

Internal Audit Report

Audit Identification: IA202612
Area: Emergency Preparedness
Audit Date: 19/05/2026
Auditor: Sean Ashton (HSQE Consultant, Onyx Operations)
Date Completed: 19/05/2026
Findings: 0 Non-conformities, 0 Observations
Scope: Clauses 8.2 (ISO 14001 & ISO 45001)
Document Number: FORM_INTAR001 Rev 1 ID 01/09/2025
Builds on prior audit: IA202512 (30/09/2025) — 0 NC, 0 OBS

Executive Summary

This audit re-examined Emergency Preparedness one year on from IA202512. The 2025 audit was clean (0 NC, 0 OBS) and the 2025–26 cycle has materially strengthened emergency-preparedness evidence:

  • APP_17 BCP testing log backfilled — quarterly programme through to Q1 2026 closed with documented outcomes; Q2 2026 desktop (cyber + extreme-weather) scheduled 28/05/2026 (CAR-2026-005 from IA202604).
  • APP_17 cross-reference errors fixed — Section 10 references APP_16 and APP_17 correctly (was previously incorrectly referencing APP_20 and APP_21).
  • APP_16 Emergency Preparedness & Response Matrix at Rev 3 (1 June 2026).
  • APP_18 Emergency Equipment Log at Rev 3 (1 June 2026) with named-role labels (HSQE Manager → Site Supervisor (Jason May)).
  • SOP 8.15 Fire issued in HTML format with concrete thresholds (10 m hot-work radius, 60-min fire-watch, BS EN 3 extinguisher class table).
  • SOP 5.4 Emergency Preparedness rebuilt to HTML format.
  • POL_HSQE_30 IT Security incident pathway introduces UK GDPR 72-hour breach notification — a new emergency-preparedness commitment.
  • Environmental emergency drill schedule addressed via CAR-2026-008 from IA202607 (target close 30/09/2026).

No new observations. The Q2 2026 BCP desktop on 28/05/2026 is the next operational milestone; once held and documented, the entire emergency-preparedness picture is fully evidenced for the surveillance audit.

Year-on-year follow-up — IA202512 outcomes

2025 ref 2025 finding (summary) Status in 2026 audit
(none) IA202512 was clean — 0 NC, 0 OBS No 2025 follow-ups required.

Introduction

This audit examined Emergency Preparedness under clauses 8.2 (ISO 14001 environmental emergencies; ISO 45001 H&S emergency preparedness) one year on from IA202512. Particular focus on the BCP testing log, the new SOP 8.15 Fire, and the planned Q2 2026 cyber + extreme-weather desktop.

Aims & Objectives

  1. Verify APP_16 / APP_17 / APP_18 currency and consistency
  2. Confirm the BCP testing-log entries 2024–2026 are coherent and continuous
  3. Sample SOP 8.15 Fire hot-work permit threshold (10 m, 60-min) against operational reality
  4. Confirm the planned Q2 2026 BCP desktop on 28/05/2026 has scenario briefs and participants
  5. Verify cyber-incident pathway in POL_HSQE_30 integrates with APP_17

Audit Method

  • Document Review: SOP 5.4 Emergency Preparedness Rev 3 HTML, SOP 8.15 Fire Rev 3 HTML, APP_16 Emergency Preparedness & Response Matrix Rev 3, APP_17 DR-BCP Rev 3 (with backfilled testing log + Section 10 cross-ref fix), APP_18 Emergency Equipment Log Rev 3, POL_HSQE_30 IT Security (cyber-incident pathway), Fire Risk Assessment (March 2025 — held in 7 Workplace Safety folder).
  • Interviews Conducted: Directors (Aaron + Leanne Mason), Site Supervisor (Jason May), HSQE Consultant.
  • Observations: Spill kits in van packs; bunded fuel storage at yard; gas / electrical certs (in 9 Security folder); Fire Risk Assessment review; planned 28/05/2026 BCP desktop participant list and scenario briefs reviewed.
  • Sampling: APP_17 testing-log entries 2024–2026 (ten entries); 3 spill kits (one yard + two van packs); 5 BS EN 3 extinguisher classes against AMWS operational scenarios.

Non-conformities

No non-conformities identified.

Observations

No observations identified.

Conclusions

Emergency preparedness is in strong shape:

Areas Meeting Requirements (sustained from IA202512):

  • APP_16 / APP_17 / APP_18 continue to operate as canonical emergency-preparedness documents
  • SOP 5.4 continues to define the methodology (now in HTML format)
  • Spill kits / bunded fuel storage / extinguishers / first-aid kits continue to be in place and in date

New strengths since IA202512:

  • APP_17 BCP testing log backfilled — every quarter from 2024 to 2026 has a documented outcome; the Q2 2026 cyber + extreme-weather desktop is scheduled (CAR-2026-005, target 31/05/2026).
  • SOP 8.15 Fire HTML rebuild — concrete thresholds (10 m hot-work radius, 60-min fire-watch, BS EN 3 extinguisher class A/B/C/D/F/electrical table) directly auditable.
  • APP_17 cross-reference errors fixed — Section 10 now correctly cross-refers to APP_16 and APP_17 (was APP_20 and APP_21 in error).
  • POL_HSQE_30 cyber-incident pathway — UK GDPR 72-hour breach notification window integrated with the AMWS incident workflow (SOP 8.1 → APP_21 → APP_17 BCP review).
  • Environmental emergency drill schedule — programmed via CAR-2026-008 (target 30/09/2026).

Recommendations

  1. Close CAR-2026-005 (Q2 2026 BCP desktop) on 28/05/2026 — last operational item ahead of the 3–4 June 2026 audit.
  2. Close CAR-2026-008 (environmental emergency drill) by 30/09/2026.
  3. Continue the quarterly BCP-testing programme; Q3 2026 will be the next desktop after the September MR.

Feedback & Acknowledgments

Full cooperation. The 2025–26 cycle has built the emergency-preparedness evidence base from a respectable 2025 position to a fully audit-ready 2026 picture.

Audit Report Prepared By

Name Position Signature Date
Sean Ashton HSQE Consultant S. Ashton 19/05/2026
Aaron Mason Director A. Mason 19/05/2026

Corrective Action Close Out

No CARs raised by this audit. Outstanding cross-referenced items: CAR-2026-005 (Q2 BCP desktop, target 31/05/2026); CAR-2026-008 (environmental emergency drill, target 30/09/2026).