Skip to main content

Developer-ready checklist for Module 10: Incident & Spill Log (IncidentIQ), written in the same standard as earlier modules. It’s structured for dev, QA, and compliance teams to implement and verify every function from data capture through analytics.

10. Incident & Spill Log — Developer Checklist

(IncidentIQ Module – OSHA 1904 / 1910.1200 / EPA / DOT alignment)

0) Foundations (blockers if incomplete)

Feature flags: incidentiq.enabled, incidentiq.ai, incidentiq.capa, incidentiq.osha_forms, incidentiq.env_transport. DB schema: incidents, incident_parties, incident_chemicals, incident_media, incident_capa, incident_escalations, incident_flags, incident_audit. Storage: secure object store for photos/videos + PDFs (SDS snippets and OSHA forms). Integrations: Sentinel (#9), Insights (#8), Training (#7), Plan (#6). Workflow engine: task assignment & escalation scheduler. PII policy: mask medical fields / restrict to Coordinator/HR.

10.1 Purpose & Compliance Hooks

Track events: incident.created, incident.updated, incident.closed, incident.escalated, incident.capa.created, incident.capa.closed. Expose aggregates to Insights: incident rate, CAPA closure %, time-to-close. Feed triggers to Sentinel for alerts and AI risk feedback. Acceptance: All incidents feed Sentinel/Insights; metrics match underlying records.

10.2 Create & Triage Incident

10.2.1 Start Incident

Form: type, date/time, site, location, reporter. Upload photo/video (mobile first; auto-compress). Severity + status (Open/Contained/Resolved). Acceptance: Create flow < 3 steps mobile; attachments upload successfully.

10.2.2 Associate Hazards

Link chemicals via inventory lookup; auto-attach SDS + pictograms. Unknown chemical → provisional record + later match workflow. Acceptance: SDS Section 4/5 auto-renders in preview.

10.2.3 Exposure Details

Persons involved, exposure route, PPE, first aid, medical referral, witnesses. Acceptance: Medical fields masked per role and audit-logged.

10.2.4 Containment & Cleanup

Steps taken, materials used, waste container IDs. Temporary label generator (API from Labels #5).

10.2.5 Regulatory Flags

Checkboxes for recordable/reportable/DOT/EPA. Conditional extra fields appear per flag. Acceptance: Validation enforces mandatory fields when flagged.

10.3 Investigation & Root Cause

10.3.1 5-Whys / Fishbone Templates

Structured inputs for Procedure/Training/Equipment/Environment/Human.

10.3.2 Contributing Data

Auto-pull linked training records, labels, storage logs.

10.3.3 AI Assistance (Standard + Pro)

Suggest probable root cause + CAPA templates based on similar incidents. Acceptance: AI suggestions editable; stored with confidence score.

10.4 Corrective & Preventive Actions (CAPA)

10.4.1 Action Items

Task fields: title, assignee, due date, priority, attachments, status.

10.4.2 Automation Hooks

Retraining auto-assignment (Training #7). Plan revision prompt (Plan #6).

10.4.3 Verification

Effectiveness check required before incident closure. Acceptance: Incident cannot close without at least one CAPA verified.

10.5 Notifications & Escalations

10.5.1 Immediate Alerts

High severity or recordable/reportable → notify Manager + Coordinator. Attach SDS Section 6 snippet in email.

10.5.2 Escalation Rules

2 h → Admin if unacknowledged; 7-day CAPA ladder.

10.5.3 Channel Matrix

Acceptance: Notifications send within tier SLA; no duplicate delivery.

10.6 Registers & Reporting

Incident register filters (status/severity/site/recordable). Bulk exports PDF/CSV/XLSX/API per tier. OSHA 300/300A/301 (Pro): auto-map fields, flag missing data, generate draft PDFs. Environmental/Transport (Pro): CERCLA/EPCRA/DOT fields + checklists. Acceptance: Exports validate against schema; PII redacted by role.

10.7 Analytics & Insights

Dashboards: trend lines by site & type; heatmap by location; chemical frequency; time-to-contain/close. AI Insights (Pro): recurrence prediction & CAPA impact analysis. KPIs: TRIR, CAPA closure %, % incidents with SDS attached, linkage to training. Acceptance: KPIs auto-update nightly; graphs filter by date/site.

10.8 Permissions & Data Retention

Reporter view own; Manager/Coordinator site-level; Admin org-wide. Medical fields visible only to Coordinator/HR; masked for others. Retention ≥ 5 years; tamper-evident audit trail. Acceptance: RLS enforced; audit log verifiable hash.

10.9 Tier Validation

Acceptance: Tier features toggle via license flag; UI and API respect restrictions.

Security Checklist (must-pass)

Tenant RLS on incidents and media. Encrypted storage for PII & medical attachments. Hash-stamp audit entries (edit, close, delete). Signed URL access (1-h TTL). Escalation emails/webhooks HMAC-signed. Delete/close operations require 2-factor (Manager + Coordinator approval).

QA Test Matrix

Happy Paths User creates spill → links SDS → uploads photo → auto notifies Manager. Coordinator adds root cause + CAPA → task completed → incident closed. High severity → escalates to Admin in 2 h. Pro: OSHA form PDF generated and exported. Edge Cases No internet (mobile offline) → queued sync works. Unknown chemical → later matched → alert resolved. Duplicate incident suppressed (batched). PII mask confirmed for non-HR user. CAPA unverified → close blocked. Performance Incident creation < 3 s; media upload < 5 s. Register load < 500 ms (1000 records). AI CAPA suggestion < 6 s avg.

Observability / Alerts

Metrics: incident rate, avg TTContain/TTClose, CAPA backlog, escalation count. System alerts: PDF generation failures, AI timeout > 5 s, queue backlog > N. Weekly health digest to Ops + Coordinator.

Deliverables (Definition of Done)

Figma/UI: Incident Form, Incident Register, CAPA Panel, OSHA forms preview, Analytics Dashboards. OpenAPI: /incidents, /incidents/{id}/capa, /incidents/reports, /incidents/osha_forms. Localization: EN/ES fields + email templates. E2E tests: create → investigate → CAPA → close → report flows. Admin tools: re-assign incident, force close, export register, purge PII expired > 5 years. Rollback: disable incidentiq.ai → manual CAPA only; incident logging continues normally.

✅ Compliance Alignment

Would you like me to proceed with Module 11 – Document Center / File Library next?

PlanEmailIn-appSlack/WebhookSMS
Starter
Standard
ProOptional
FeatureStarterStandardPro
Incident Creation + Photos
AI Root Cause/CAPA
Retraining / Plan Hooks
Escalation Ladder
OSHA Forms
Environmental / DOT Fields
AI Recurrence Prediction
ExportsPDF/CSVPDF/CSVPDF/CSV/XLSX/API
OSHA/EPA StepTellus FunctionPurpose
1904 RecordkeepingIncident Register + OSHA FormsDocument recordable events
1910.1200(e) Written ProgramCAPA → Plan Revision HookKeep program current
1910.1200(h) TrainingRetraining Auto-AssignEnsure workers informed
EPA/DOTEnvironmental/Transport FieldsCapture release threshold info
Step 6 – Evaluate & ReassessSentinel + Insights IntegrationTrend + risk analytics