Back to Blog
Business CaseJun 22, 202613 min read

Safety KPIs for ESG Reporting: What Investors and Regulators Expect

safety KPIs ESGGRI 403SASB metricsESG safety reporting

Your sustainability team just asked for two years of injury data broken down by employee versus contractor, by injury type, and benchmarked against an industry rate. If your incident records live in a folder of spreadsheets, that request turns into a week of manual reconciliation — and a real risk that the numbers you hand to investors do not match the numbers in your OSHA logs.

Safety data has moved out of the EHS department and into the annual report. Occupational health and safety is now a core social metric in every major ESG framework, which means your TRIR, your fatality count, and your near-miss program are being read by rating agencies, lenders, and institutional shareholders. This guide maps the safety KPIs those audiences expect to the EHS data you already collect.

Reporting safety data to investors? WhyTrace Plus keeps incident records, recordable classifications, and corrective actions in one auditable system, so your ESG disclosures trace back to source. Free to start.


Why Safety Became an ESG Disclosure, Not Just a Compliance Number

ESG reporting is the structured disclosure of an organization's environmental, social, and governance performance to investors and regulators. Occupational health and safety sits squarely in the "S" — the social pillar — because workforce injury and fatality rates are treated as a material indicator of how well a company manages operational risk and human capital.

The shift happened for a concrete reason. Investors learned that a poor safety record predicts more than human cost: it correlates with regulatory penalties, production stoppages, litigation, insurance premiums, and reputational damage. A fatality is no longer just a tragedy reported to OSHA. It is a data point a credit analyst weighs when pricing your debt.

Three frameworks now carry most of the weight in how safety gets reported:

  • GRI (Global Reporting Initiative) — the most widely used framework for comprehensive sustainability reporting, with GRI 403 dedicated entirely to occupational health and safety.
  • SASB (Sustainability Accounting Standards Board) — industry-specific financial-materiality metrics, now consolidated under the ISSB and embedded in IFRS S1/S2.
  • TCFD (Task Force on Climate-related Financial Disclosures) — climate-focused, fully absorbed into IFRS S2 as of its 2023 completion.

The practical consequence for an EHS manager is that the data you collect for OSHA recordkeeping is no longer a single-purpose dataset. The same recordable injury that goes on your Form 300 also feeds a GRI 403-9 disclosure, a SASB rate metric, and a board-level human capital narrative. The challenge is no longer collecting the data. It is producing it in three different shapes from one trustworthy source.


GRI 403: The Occupational Health and Safety Standard Investors Read First

GRI 403 is the Global Reporting Initiative's topic standard for occupational health and safety, structured as ten disclosures covering both management approach and quantitative outcomes. It is the most common starting point for safety reporting because GRI remains the most widely adopted sustainability framework worldwide.

GRI 403 splits into two groups. The first seven disclosures (403-1 through 403-7) are qualitative — they describe your safety management system, hazard identification process, worker participation, training, and how safety is promoted. The last three (403-8 through 403-10) are quantitative and are where your incident data turns into numbers investors compare across companies.

Disclosure What it requires EHS data source
403-1 OH&S management system ISO 45001 certification, system scope
403-2 Hazard identification, risk assessment, incident investigation JSA/JHA records, RCA process
403-4 Worker participation and consultation Safety committee minutes, reporting channels
403-5 Worker training on OH&S Training completion records
403-8 Workers covered by the OH&S system Headcount, contractor census
403-9 Work-related injuries Recordable injuries, hours worked, rates
403-10 Work-related ill health Occupational illness records

The disclosure that draws the most scrutiny is 403-9, work-related injuries. It requires you to report the number and rate of fatalities, high-consequence injuries, and recordable injuries — separately for employees and for workers who are not employees but whose work is controlled by the organization (contractors). It also requires the number of hours worked, the main types of injury, and a statement of the calculation method.

That employee-versus-contractor split is where spreadsheet-based reporting breaks down most often. OSHA recordkeeping under 29 CFR 1904 generally tracks your own employees. GRI 403-9 expects contractor figures alongside, computed on a consistent basis. If your incident system does not tag each record with a worker classification from the start, you reconstruct it under deadline pressure — and that is exactly the kind of gap an assurance provider flags.


SASB and IFRS S2: Industry-Specific Safety Metrics That Map to Financial Filings

SASB metrics are industry-specific disclosure standards designed for financial materiality — the safety data most likely to affect a company's financial condition or operating performance. As of 2026, the SASB Standards are maintained by the ISSB and incorporated into IFRS S1 (general sustainability) and IFRS S2 (climate). TCFD was formally completed in 2023, with its recommendations fully absorbed into IFRS S2.

This consolidation matters for how you organize data. Rather than maintaining separate datasets for three frameworks, you are increasingly producing one set of metrics that satisfies a converging global baseline. As of early 2026, more than 20 jurisdictions have made ISSB standards effective, with another set finalizing adoption — and in markets such as the UK and Canada, ISSB-aligned reporting is moving toward mandatory status.

SASB's safety metrics vary by industry, but the recurring ones are familiar to any EHS manager:

SASB-style metric Definition Common in
Total Recordable Incident Rate (TRIR) Recordable injuries × 200,000 ÷ hours worked Manufacturing, construction, oil & gas
Fatality rate Fatalities × 200,000 ÷ hours worked All high-hazard sectors
Near-miss frequency rate (NMFR) Near misses × 200,000 ÷ hours worked Extractives, chemicals
Lost time incident rate (LTIR) Lost-time injuries × 200,000 ÷ hours worked Logistics, heavy industry

Two points matter for accuracy. First, SASB disclosures often require the rate to be reported separately for employees and contractors — the same split GRI 403-9 demands, which is one reason a single well-structured dataset can serve both frameworks. Second, the calculation base must be stated and held constant. The 200,000-hour base (100 full-time workers over a year) is the OSHA convention; some global reporters use 1,000,000 hours. Mixing bases across years is a common error that makes your own trend line meaningless and invites questions during assurance.

The near-miss frequency rate deserves attention because it is a leading indicator, and investors increasingly look for them. A company reporting a healthy near-miss reporting rate alongside a declining TRIR tells a more credible safety story than one reporting only lagging injury counts. If your near-miss program produces inconsistent or under-reported data, that weakness shows up directly in the metric. For the organizational mechanics behind a credible program, see Near-Miss Reporting: Why Programs Fail and How to Fix Them.


Try WhyTrace Plus Free

ESG safety metrics are only as trustworthy as the incident records behind them. WhyTrace Plus tags every incident with worker classification, recordable status, and injury type at intake — so the employee/contractor split and TRIR calculation your sustainability team needs is already in the data, not reconstructed under deadline.

Start free | See how it works


Mapping Your EHS Data to GRI, SASB, and TCFD

Framework mapping is the work of connecting each disclosure requirement to a specific field in your incident and safety management records. Done once, properly, it turns annual reporting from a reconstruction project into a report-generation step.

The table below shows where the three frameworks overlap and where they diverge, so you can structure your data to serve all of them at once.

Reporting need GRI SASB / IFRS TCFD (now IFRS S2) Source data
Recordable injury rate (TRIR) 403-9 Industry safety metric Recordable count + hours
Fatalities 403-9 Industry safety metric Fatality records
Employee vs. contractor split 403-9 Often required Worker classification tag
Near-miss / leading indicators 403-2 narrative Some industries Near-miss reports
Management system & governance 403-1 to 403-7 Governance disclosure Governance pillar ISO 45001 docs, committee records
Climate-driven safety risk (heat, extreme weather) 403-2 Risk management pillar Heat illness records, hazard assessments

The TCFD-to-IFRS S2 column is the one EHS teams overlook. Climate-related physical risk includes worker exposure to extreme heat, wildfire smoke, and severe weather — hazards that produce recordable injuries. As climate disclosure becomes mandatory in more jurisdictions, the heat-illness and extreme-weather incidents in your EHS records become evidence for the "physical risk" section of a climate filing. The same incident data serves both your safety report and your climate report.

A workable mapping approach:

  1. Inventory every disclosure you are required or expected to make across frameworks.
  2. Trace each one to a single source field in your incident system — not a spreadsheet derived later.
  3. Tag at intake, not at reporting time. Worker classification, recordable status, injury type, and body part should be captured when the incident is logged.
  4. Lock your calculation conventions — the hours base, the definition of "lost time," the contractor scope — and document them so the same method applies every year.
  5. Keep the audit trail from headline number back to individual record. Assurance providers test exactly this path.

For the analytical side — turning the raw records into the trends and benchmarks investors want to see — methods for slicing incident data are covered in Incident Trend Analysis: Discovering Seasonal and Shift Patterns in Safety Data.


What Investors and Regulators Actually Scrutinize

Assurance and analyst scrutiny focuses less on the headline rate and more on whether the number is defensible, consistent, and connected to a functioning management system. A low TRIR with no supporting process raises more questions than a moderate TRIR backed by clean records.

Here is where reports get challenged:

Consistency over time. A TRIR that drops sharply in one year invites the question of whether your reporting got better or your safety got better. Reviewers look for a stable methodology and a plausible trend, not a single impressive figure.

The employee/contractor boundary. Reporting only employee injuries while contractors do most of the high-hazard work is a recognized way to understate risk. GRI 403-9 and most SASB metrics require the contractor figures precisely to close that gap. Reviewers check for them.

Lagging versus leading indicators. A report built entirely on injury counts describes the past. Adding near-miss rates, hazard-identification activity, training completion, and corrective-action closure rates signals an organization managing risk forward, not just counting outcomes after the fact.

Closed-loop corrective action. When a serious incident is disclosed, the obvious follow-up question is what was done about it. An organization that can show the investigation, the root cause, the corrective action, and verified effectiveness presents a far stronger governance story. This is where ESG reporting and your CAPA process intersect directly — the topic of Corrective Action Management: Stop Losing Track of Your CAPA Items.

Traceability. The single most common assurance finding is the inability to trace a reported number back to source records. If the figure in the sustainability report cannot be reconciled to the incident log and the hours-worked data, the disclosure is unverifiable — and increasingly, unverifiable disclosures are treated as a governance weakness in their own right.

The throughline is that investors are not only reading your safety numbers. They are reading them as a proxy for management quality. Clean, traceable, consistent safety data signals an organization in control of its operations. Messy data signals the opposite, regardless of how low the headline rate happens to be.


Frequently Asked Questions

Q. What is the difference between GRI 403 and SASB safety metrics?

GRI 403 is a comprehensive occupational health and safety standard with ten disclosures covering both your management system (qualitative) and your injury data (quantitative), designed for a broad stakeholder audience. SASB metrics are narrower and industry-specific, selected for financial materiality and now maintained by the ISSB within IFRS S1/S2. Many companies report against both: GRI for the full safety narrative, SASB for the financially material rates that appear in or alongside financial filings. The good news is the quantitative core — recordable rates, fatalities, the employee/contractor split — overlaps heavily, so one well-structured dataset can feed both.

Q. Is TCFD still a separate framework I need to report against in 2026?

No. The Task Force on Climate-related Financial Disclosures completed its work in 2023, and its recommendations were fully incorporated into IFRS S2, the ISSB's climate standard. As of 2026, organizations applying IFRS S2 meet the former TCFD recommendations automatically. For EHS teams, the relevant connection is that climate-related physical risks — extreme heat, severe weather — produce recordable injuries, so your safety data can serve as evidence in the physical-risk portion of an IFRS S2 climate disclosure.

Q. Which safety KPIs do investors look at most closely?

Total Recordable Incident Rate (TRIR) and fatality rate are the headline figures, because they are comparable across companies and tied to GRI 403-9 and SASB metrics. Beyond those, investors increasingly value leading indicators — near-miss frequency rate, hazard-identification activity, training completion, and corrective-action closure rates — because they signal forward-looking risk management rather than after-the-fact counting. The employee-versus-contractor breakdown is also scrutinized, since reporting only employee injuries can understate total operational risk.

Q. How do I make sure my ESG safety numbers survive third-party assurance?

Build traceability from the headline number back to individual incident records. Tag worker classification, recordable status, and injury type when each incident is logged, lock your calculation conventions (hours base, lost-time definition, contractor scope) and apply them consistently every year, and keep the corrective-action record connected to each serious incident. Assurance providers test whether a reported rate reconciles to the underlying log and hours-worked data — the most common finding is the inability to make that reconciliation.

Q. Do small and mid-sized companies need to report safety KPIs for ESG?

Increasingly, yes — even when not directly mandated. Smaller suppliers are pulled into ESG reporting through customer and lender requirements: a large manufacturer disclosing supply-chain safety data will request injury rates from its suppliers, and lenders attach ESG conditions to financing. Building a clean, traceable safety dataset now is far easier than reconstructing years of records when a major customer or lender requests them on a deadline.


Key Takeaways

  • Occupational health and safety is now a core social metric in every major ESG framework. Your TRIR, fatality count, and near-miss data are read by investors, lenders, and rating agencies — not just OSHA.
  • GRI 403 is the most widely read safety standard, with disclosure 403-9 (work-related injuries) drawing the most scrutiny, including a required employee-versus-contractor split.
  • SASB metrics are now maintained by the ISSB and embedded in IFRS S1/S2; TCFD was completed in 2023 and absorbed into IFRS S2. The frameworks are converging, so one well-structured dataset can serve all three.
  • Map each disclosure to a single source field, tag worker classification and recordable status at intake, and lock your calculation conventions so the same method applies every year.
  • Investors scrutinize consistency, the employee/contractor boundary, leading indicators, closed-loop corrective action, and above all traceability — the ability to reconcile every reported number back to source records.

Resource Description Best For
Corrective Action Management: Stop Losing Track of Your CAPA Items How to build a closed-loop CAPA system auditors and investors trust Connecting incident disclosures to verified corrective action
Incident Trend Analysis: Seasonal and Shift Patterns Methods for turning raw incident data into the trends ESG reports require Producing benchmarked, comparable safety metrics
The Business Case for Incident Management Software The financial argument for systematizing incident data capture Justifying an ESG-ready incident system to leadership

For organizations building the upstream safety processes that feed these metrics, related tools cover adjacent ground. Use AI-assisted JSA and risk assessment (AnzenAI) to strengthen the hazard-identification narrative GRI 403-2 expects, and safety knowledge management for tacit expertise (know-howAI) to preserve the institutional knowledge behind your safety management system disclosures.


From incident record to investor-ready disclosure

WhyTrace Plus captures worker classification, recordable status, injury type, and corrective actions at the moment an incident is logged — then keeps the audit trail from headline KPI back to source record. When your sustainability team needs a GRI 403-9 split or a SASB rate, the data is already in the right shape.

Start free | Request a demo


Sources:

Try WhyTrace Plus Free

Sign up with just your email. No credit card required. Run up to 10 AI-powered analyses per month on the free plan.

Essential guides

Related Articles

Safety KPIs for ESG Reporting: What Investors and Regulators Expect | WhyTrace Plus Blog | WhyTrace Plus