Best practices

A huge amount of work is outsourced. Using the knowledge and experience of third parties leads to a well-organised production process and improves flexibility. But working with third parties also increases insecurity on site. The failure to manage contractor risks or to manage them adequately regularly leads to financial and reputational damage. Developing a strategy for optimising third-party collaboration is essential. The industry needs an integrated vision of contractor policy. A vision in which third party risks, compliance with rules and procedures, performance, quality and safety awareness are central. Let’s take a look at some good practices.


Any partnership with a third party involves a number of risks that need to be identified in time. Effective risk management starts with a comprehensive identification of the third party risks. These include process risks, unwanted events, contract risks, risks of non-compliance with laws and regulations and information system failures.

Good practice

Focus initially on the contracts regulating cooperation with third parties. A comprehensive contract, outlining the rights and responsibilities of all parties, helps to effectively manage cooperation with third parties. It is also important to establish policies and implement controls to mitigate risks to third parties. Proper monitoring and testing processes are necessary to ensure that risk mitigation controls are working as expected.

Contractors are not always willing to actively mitigate their risks. The most powerful method to proactively manage risks and prevent industrial incidents is to implement a contractor management system. This ensures that third parties:

  • Meet the requirements of your organisation
  • Have a high standard of safety
  • Have sufficient insurance and financial stability
  • Have the experience and knowledge to carry out the work

Contractor due diligence

Contractor due diligence refers to the investigations and assessments that clients and contractors must carry out, from pre-qualification until the end of the contracted work.

Due diligence requires the contractor to understand the legal safety requirements, to know the hazards in the workplace, to monitor compliance and to communicate adequately and regularly.

The ultimate goal of the client is to ensure that contractors and subcontractors are not able to evade safety measures and their responsibilities. A large part of a client’s due diligence obligations must be carried out even before the contractor is hired. During onboarding, the client decides whether to delegate responsibility for the project and associated safety obligations to the contractor. By keeping track of the due diligence activities, the client can submit a file to court and inspectors, if necessary.

Good practice

Companies with modern contractor policies take a risk-based approach to third-party investigation and due diligence. They look at:

  • The reliability of the contractor company
  • The experience of the contractor
  • The nature of the job to be performed
  • The sector in which the client/contractor is active

As a result of this information, contractors are divided into risk categories. These categories determine the level of due diligence. The onboarding of the contractor company is the backbone of a safe and smooth cooperation. The client has access to all company information, certifications, contracts and documents.


You have confidence in your in-house contractors, but what about subcontractors? Even if the contracting firm has gone through a flawless qualification process, do you know for sure who is on site? Are the fourth parties you are working with capable of doing the job safely and are they well informed? Do you know their identity and history? Implementing a comprehensive pre-qualification process for subcontractors and contractors can act as a firewall to protect your business and the people on your site.

Good practice

Every subcontractor should be subject to an initial check beforehand, and then to a (semi-)annual audit to ensure that the rules are being enforced. We list the important steps and best practices for building an effective pre-qualification and reducing the risks of working with fourth parties.

Understand the need for pre-qualification
Focus on:

  • Complete company information
  • Performance and safety history
  • Licensing information
  • Insurance certificates
  • References
  • Financial statements

Review references and look for hidden information
Make time to review references, such as clients, referral sources and partnering contractors. This will give you a good overview of the company’s general reputation and help you to identify any legal issues. Look for clues as to whether the company might be difficult to work with. Try to get a picture of their company culture and values.

Do a financial evaluation
Review and audit the financial statements of the subcontractors you work with. This will provide a clear picture of the health and stability of the company. Assess the key ratios on the income statement. Pay particular attention to under-invoiced amounts. These may be the result of claims or an indication of poor cash management. Footnote disclosures, which are often overlooked, contain critical information on related party transactions, arrears, debt provisions and covenants, and claims or contingencies. Significant changes in contract estimates (earnings dilution) provide a more complete picture of the entity’s financial position and operations.

Evaluate the project and performance history
Consider whether the subcontractor’s portfolio of completed contracts and qualifications shows a track-record of similar types of work and project scope. Check the qualifications listed yourself and do not leave this to the main contractor. Assess the systems and controls used by the subcontractor to maintain standards of quality and timely project completion. Companies with a well-designed organisational structure are more likely to complete the job on time. Also check safety records and have fourth parties complete safety training as well.


On many industrial sites, safety remains the sole preserve of operational staff. This is a wrong and risky way of working! A company is a collective entity, with its own identity, its own values and standards and its own corporate culture. A strong safety culture is the responsibility of everyone on the site, from the CEO to the subcontractor.

Good practice

A sustainable safety culture is enforced. It requires an integrated approach to safety through coherent action in three areas: technical aspects, safety management, and human and organisational factors. Here are the three key safety pillars.

Shared awareness
This is the basis of a strong safety culture. All actors must be aware of the main risks. These hazards depend on the activity, the site and the occupation. They must be shared and understood by everyone in the organisation. The focus:

  • Both managers and operational staff feel responsible and involved
  • The management has a strong safety leadership
  • The role of HSE experts is redefined
  • There is a smooth cooperation between all departments and with external parties
  • There is an effective process to enforce safe behaviour and knowledge of safety rules

The right balance
Rules and procedures exist to ensure safe production, but do they reflect reality? Anticipating and dealing with unexpected situations as good as possible are the keys to an appropriate safety culture. Because there is no such thing as a ‘perfect safety culture’. Instead of importing models, every company must make strategic choices and strive to set an example. Rule-based safety (through a centralised and regulated approach) is fine, but it must be complemented by ‘managed safety’ to achieve the right balance.

  • Invest in the skills of employees and third parties
  • Give front-line managers a greater say
  • Encourage debate
  • Give feedback

Assess the current situation
Before a safety culture can be changed and embedded, a careful assessment of the current situation is required. Often this only happens after a serious accident, after a series of incidents or when implementing technological or organisational changes. The doing and thinking, in short the corporate culture, is questioned. How does the corporate culture positively or negatively influence safety-related issues? The assessment must:

  • Expose what employees and third parties think (beliefs, perceptions)
  • Dissect safety situations and behaviour
  • List difficulties
  • Identify deviations from instructions and rules
  • Question the relationship between thinking and doing
  • Involve all parties: management, operational staff, support departments, contractor companies and local authorities
  • Share and discuss safety news (good and bad)


In many industrial companies, managing cooperation with third parties is done by different departments. This silo approach makes it difficult to get the full picture, makes cooperation more difficult and creates security risks. When a company suffers from silo behaviour, it is because of power struggles, fear, organisational inefficiency or simply because they don’t bother to update shared information. When information is not shared, your business cannot make the right data-based decisions.

Good practice

The best way to overcome this challenge is to standardise processes across departments and functions. Choose consistent, well-defined processes for third-party screening, onboarding, risk assessments, due diligence, audits and monitoring. Making third-party information available centrally facilitates monitoring and the entire qualification process. By working with a contractor management system, you ensure:

  • A uniform vision of cooperation
  • Common goals
  • Rapid exposure of pain points
  • A powerful way of working
  • Improved and smoother cooperation
  • Consistent communication between departments and with third parties
  • Increased safety
  • Less loss of time
  • An effective way to be covered


Compliance and safety training for contractors is a requirement in the industrial sector. They are used during onboarding, on an ad hoc basis in case of unexpected changes in safety regulations and at regular intervals to continuously improve the safety on-site. Many companies still underinvest in safety training. On many industrial sites, signing a few papers is enough. The safety rules are simply not (or not sufficiently) read. The primary objective of ‘safety’ is pushed aside, with safety incidents as a regrettable result.

Good practice

Good training methods require a significant investment of time and money. Just over half (53%) of the companies that participated in a Compliance Training Study van Brandon Hall Group, spend between 76 and 100 hours per year on compliance training. The use of e-Learning (customised online training) delivers the best results.

  • It actually reduces risk
  • It is interactive and therefore less boring
  • It can be done in different languages
  • You can test contractors
  • It can be done remotely and in advance


Onyx One is a contractor management system. It is a secure solution for clients and contractor companies to work together quickly and effectively. Onyx One focuses on qualification, training, administration, safety and overview. Working with Onyx One modernises contractor policies and contributes to greater safety in the workplace.

Would you like to learn more about how the Onyx One system takes the worry out of working with third parties? And this across all departments? Onyx One is an all-in-one platform and helps the safety manager, the administration manager, the project manager, the security manager, the business excellence/implementation manager, the IT manager and all contracting firms.

Feel free to contact us for more information.

Leave a Comment

Your email address will not be published. Required fields are marked *