HSZSolutions™

ISO • OSHA • IOGP-Aligned Digital Safety Systems

Tag: incident reporting

  • How to Build a SharePoint Incident Report System in 45 Minutes (ISO 45001 Aligned)

    How to Build a SharePoint Incident Report System in 45 Minutes (ISO 45001 Aligned)

    Most labs and environmental consultancies are managing incidents the same way they did in 2005 — a shared Word document, a paper form in a binder, or an email chain that lives only in one person’s inbox.

    When an auditor asks for your incident register, you open a file. When they ask for corrective action evidence, you search your email. When they ask whether the issue has recurred, you guess.

    There is a better way, and it costs less than you think.

    This guide walks you through building an ISO 45001-aligned incident reporting system in SharePoint Online in under 45 minutes — using tools your organisation almost certainly already has.

    Why SharePoint Works for Small Technical Organisations

    Most dedicated HSE software platforms are built for enterprises. They’re feature-rich, heavily customised, and priced accordingly, $200 to $2,000 per user per year. For a 15-person environmental consultancy or an ISO/IEC 17025 accredited laboratory, that’s not a rational spend.

    SharePoint Online is included in most Microsoft 365 business subscriptions. You’re likely already paying for it.

    What makes SharePoint particularly well-suited for incident management is its list feature — a structured database with custom columns, filtered views, and permission controls, all accessible from any device, with no database administration required.

    You don’t need Power Automate. You don’t need Power Apps. You don’t need a developer. You need a SharePoint list and about 45 minutes.

    Step 1: Create Your Incident Report List

    In your SharePoint site, click New → List → Blank list. Name it Incident Register.

    Add the following columns. These are the minimum fields required to meet ISO 45001 Clause 8.2 (emergency preparedness), Clause 9.1.1 (monitoring and measurement), and Clause 10.2 (incident, nonconformity, and corrective action):

    Incident Details:

    • Incident Date (Date and Time)
    • Incident Time (Single line of text — or use the datetime field above)
    • Location (Single line of text)
    • Incident Type (Choice: Injury / Near Miss / Property Damage / Environmental / Illness)
    • Severity (Choice: Critical / Serious / Minor / Near Miss)
    • Description (Multiple lines of text)

    People:

    • Reported By (Person or Group)
    • Persons Involved (Multiple lines of text)
    • Witness Names (Multiple lines of text)

    Response:

    • Immediate Actions Taken (Multiple lines of text)
    • First Aid Provided? (Yes/No)
    • Reported to Regulator? (Yes/No)

    Investigation:

    • Investigation Required? (Yes/No)
    • Investigation Status (Choice: Not Started / In Progress / Complete)
    • Root Cause (Multiple lines of text)
    • Contributing Factors (Multiple lines of text)

    Corrective Action:

    • CAPA Reference Number (Single line of text — links to your CAPA tracker)
    • Corrective Action Description (Multiple lines of text)
    • Responsible Person (Person or Group)
    • Target Closure Date (Date only)
    • Actual Closure Date (Date only)
    • Status (Choice: Open / Under Investigation / Action Pending / Closed)

    That’s 23 fields. Build the list in one sitting — it takes about 20 minutes.

    Step 2: Configure Your Views

    A list without views is just a database. Views are what make it a management system.

    Create three views:

    1. Open Incidents — filter where Status is not equal to “Closed”. This is your active incident dashboard. Every open issue is visible at a glance.

    2. My Incidents — filter where Reported By equals [Me]. This gives individual staff members a personal view of the incidents they’ve raised and their current status.

    3. Overdue Actions — filter where Target Closure Date is less than [Today] AND Status does not equal “Closed”. This is your accountability view. If an action has passed its due date and isn’t closed, it appears here.

    These three views replace the need for any status report meeting about incident follow-up.

    Step 3: Link to Your CAPA Tracker

    Incident reporting and corrective action management are separate but connected. ISO 45001 Clause 10.2 requires you to not only record incidents but to take action to prevent recurrence and verify effectiveness.

    The CAPA Reference Number field you created in Step 1 is your connection point. When an incident requires a formal corrective action, you raise a CAPA item in your CAPA tracker list and enter the CAPA reference number in the Incident Register.

    This gives your auditor a complete, traceable chain: incident raised → root cause identified → corrective action assigned → corrective action verified → incident closed.

    If you need a ready-built CAPA SharePoint list with pre-configured status formatters, the CAPA SharePoint Pack v1 is available as a download and deploys in under 60 minutes.

    What a Complete System Looks Like

    A full ISO 45001-aligned SharePoint HSE management system contains seven interconnected lists. You don’t need to build all seven today. Start with the Incident Register in this guide. Add the CAPA tracker next. The other five — Investigations, Lessons Learned, Legal Register, Audit Findings, and Risk Register — can follow as your system matures.

    The goal for today is simple: get incidents out of email and paper forms and into a structured, searchable, auditable register that your whole team can access.

    Seven lists sounds like a lot. The Incident Register you just built is the hardest one. The rest follow the same pattern.

    The Audit Question You Need to Be Ready For

    The most common gap I see in incident management during ISO 45001 audits is not the absence of a record — it’s the absence of a closed loop.

    Incidents were logged. Actions were assigned. But no one can show the auditor that the action was verified as effective.

    The SharePoint system you’ve just built captures the target closure date, the actual closure date, and the responsible person in the same row as the incident. Nothing falls through the cracks because everything is in one place.

    When your auditor asks, “Show me how you verify corrective action effectiveness,” you open a filtered view and show them.

    Get Started Today

    Option 1 — Build it yourself:
    Use this guide and build your Incident Register from scratch. It takes about 45 minutes. The column list above gives you everything you need.

    Option 2 — Start with a ready-built tool:
    Download the Incident Report Pack — Google Lite for a pre-built Excel and Google Sheets incident log you can use today, with all ISO 45001 fields pre-configured.

    Option 3 — Get the complete system:
    The CAPA SharePoint Pack v1 includes the SharePoint column formatters, deployment guide, and SOP — so you’re not starting from a blank list.

    Option 4 — Talk to me:
    If you want a guided 30-minute walkthrough of how to set this up for your specific environment, book a free system review. No pitch. Just practical advice.

    Zoe Borde is the founder of HSZSolutions™ and a senior HSE consultant with 20+ years of experience building management systems for laboratories, environmental consultancies, and offshore operations. HSZSolutions™ builds practical, affordable digital HSE tools aligned to ISO 45001 and ISO/IEC 17025.

    © 2026 HSZSolutions™. All rights reserved.