Awesome — here’s a developer-ready checklist for Module 12: Contractor / Visitor Safety (SafeEntry). It mirrors prior modules with acceptance criteria, edge cases, security, observability, and DoD so engineering, QA, and compliance can ship confidently.
12. Contractor / Visitor Safety — Developer Checklist
(SafeEntry – OSHA §1910.1200(e)(2) “Informing Other Employers/Contractors”)
0) Foundations (blockers if incomplete)
Feature flags: safeentry.enabled, safeentry.kiosk, safeentry.badges, safeentry.hazard_linked_training, safeentry.ai_review, safeentry.api_webhooks. DB schema: contractors, contractor_users, contractor_companies_meta, contractor_access, visitor_logs, contractor_training, contractor_documents, contractor_badges, contractor_audit. Integrations: Training (#7), Document Center (#11), Plan (#6), Inventory (#4), Sentinel (#9), Insights (#8). Storage: signed URLs for uploads (certificates, insurance, JSAs, RA/SWPP). Kiosk app: responsive PWA (offline-capable) for QR check-in/checkout & signatures. Badge printing (Pro): Zebra/Dymo connector or CUPS microservice.
12.1 Purpose (analytics & compliance hooks)
Track events: safeentry.contractor_registered, access.requested, access.approved|denied, checkin, checkout, training.assigned|completed, docs.uploaded|flagged, badge.printed. Emit Sentinel alerts for expirations (access, insurance, training) and incidents linking (#10). Insights tiles: “Untrained contractors onsite,” “Expiring access this week,” “Contractor risk score.” Acceptance: Events visible in Insights; alerts show up in Sentinel with actionable links.
12.2 Contractor Setup
12.2.1 Company Registration (External Contractor)
Public/self-serve portal: company name, contact, email, phone, services; optional uploads (insurance cert, OSHA summary, certifications). Email verification for contractor admins. Duplicate detection by domain + company name. Acceptance: Contractor record created; optional docs stored & tagged; duplicates prevented.
12.2.2 Link to Site(s)
Host Admin/Site Manager approves site/location scope and access duration (temp/recurring/permanent). Approval workflow with notifications; audit every decision. Acceptance: Access window persisted; pending → approved state transition logged.
12.2.3 Contractor Portal / Limited Dashboard
Restrict view to assigned sites; show SDS list, HazCom plan, site rules, assigned trainings. No cross-tenant data leakage. Acceptance: Portal uses strict RLS; only permitted resources visible.
12.3 Visitor Registration & Check-in
12.3.1 Pre-Entry Registration
Magic link/QR to prefill: name, company, visit reason, areas, duration, emergency contact. Privacy/consent checkbox (stored in audit). Acceptance: Pre-reg converts to pending visit entry; data appears at kiosk.
12.3.2 Kiosk / QR Check-in (Standard + Pro)
Tablet/PWA: scan QR or search name; display site-specific safety briefing; e-signature acknowledgment. Multilingual (EN/ES) content. Acceptance: Signature captured with timestamp, device id; record immutable.
12.3.3 Badge Printing (Pro)
Print badge: name, company, host, expiry, QR for verification. Reprint & revoke flows. Acceptance: Badge record linked to visit; verification scan shows status (active/expired/revoked).
12.3.4 Check-out / Exit Log
Manual or QR checkout; auto-checkout at midnight (configurable). Occupancy report by time range. Acceptance: Duration computed; report exportable.
12.4 Training & Orientation
12.4.1 Training Assignment (Standard + Pro)
Assign HazCom awareness/site orientation; enforce must-complete before access (gate at check-in). Due window & reminders. Acceptance: Incomplete training blocks check-in with override option (Admin only, with reason).
12.4.2 Hazard Access Mapping
From selected areas → map hazards using site inventory; attach relevant micro-modules (e.g., Flammable/PPE). Auto-refresh assignments when hazards change. Acceptance: Correct modules assigned; delta updates when new hazards added.
12.4.3 Training Record Retention
Store completion, score, date, cert; retrain cycle (12 months default) or on hazard change. Acceptance: Retraining tasks generated via Sentinel when due.
12.5 Document Exchange
12.5.1 Share SDS / HazCom Info
Site Manager shares selected SDS/plan sections (view-only PDFs; time-limited links).
12.5.2 Collect Contractor Docs
Upload JSA/SWPP, Risk Assessment, Toolbox Talks → saved in Document Center (#11) tagged “Contractor Docs”.
12.5.3 AI Review (Pro)
AI checks for required fields/signatures/expiry; flags missing items. Acceptance: Flagged docs appear in review queue; resolutions logged.
12.6 Alerts & Escalations
12.6.1 Expiring Access / Insurance / Training
Notify both sides 7 days before; Pro auto-suspend access on expiry.
12.6.2 Incident Integration
If contractor in IncidentIQ (#10): freeze access until incident closed; notify Coordinator & Site Manager.
12.6.3 Tier Channels
Starter: Email Standard: Email + In-app Pro: Email + In-app + Slack/Teams/Webhook + optional SMS Acceptance: Delivery matches tier; de-duped; unfreeze action restores access.
12.7 Reports & Analytics
12.7.1 Access Logs
Filter by company/site/date/status; export PDF/CSV (Starter/Standard), +XLSX/API (Pro).
12.7.2 Training Coverage
Contractor vs employee completion %; “untrained contractors onsite” list.
12.7.3 AI Insights (Pro)
Frequent high-hazard access without recent training; company-level risk score; re-orientation recommendations. Acceptance: Drill-downs link to assignments or access revocation.
12.8 Permissions & Access
12.8.1 Roles
Admin: org-wide; Site Manager: site scope; Contractor Admin: manage own workers/docs; Employee Host: view own invites only.
12.8.2 Security Controls
Optional NDA acknowledgment before file access. Time-limited share links; every access logged with signature/ack id. Acceptance: RLS + policy checks enforce boundaries; access logs exportable.
12.9 Tiering Summary
Acceptance: License flags toggle UI/API; downgrade hides & blocks premium routes.
Security Checklist (must-pass)
Tenant isolation (RLS) across contractors, visits, training, and docs. PII protection: encrypt emergency contacts; mask for non-authorized roles. Signature integrity: store hash of e-signature payload (name, time, device). Badge/QR security: signed token with short TTL for verification; revoke list honored. Access gating: check training + document prerequisites server-side (not only UI). Audit immutability: append-only contractor_audit with hash chain. Rate-limit kiosk & badge endpoints; anti-tailgating prompt (random photo capture optional, Pro).
QA Test Matrix
Happy Paths Contractor registers → host approves site/time window → training auto-assigned → completes → kiosk check-in allowed → badge printed (Pro). Visitor pre-registers → arrives → scans QR → signs briefing → checks in/out → logs visible. Edge Cases Training incomplete → check-in blocked; Admin override with reason recorded. Insurance expired → Pro auto-suspends; access restored after new upload. Hazard change adds new module → retraining queued. Lost badge → revoke & reprint; verification rejects old QR. Offline kiosk → queued check-ins sync when online with correct timestamps. Performance Kiosk check-in < 2s p95; badge render < 1s p95. Lists (10k visits) paginate < 500ms; exports stream within 1s.
Observability / Alerts
Dashboards: active contractors onsite, blocked check-ins, expiring items, average entry time. System alerts: kiosk offline, printer errors, webhook failures, AI review timeouts. Daily site summary to Manager; weekly roll-up to Coordinator.
Deliverables (Definition of Done)
Figma/UI: Contractor portal, approval screen, kiosk flow, badge template, access logs, training gate, doc upload & AI review, reports. OpenAPI: /safeentry/contractors, /safeentry/access, /safeentry/checkin, /safeentry/badges, /safeentry/reports, /safeentry/webhooks. Localization: EN/ES (portal, kiosk, emails/SMS). E2E tests: register → approve → train → check-in → badge → checkout → reports. Admin tools: revoke access, bulk invite contractor workers, resend briefs, force badge invalidation, export audits. Rollback plan: disable safeentry.kiosk|badges|ai_review → manual entry and email brief remain functional.
✅ Compliance Alignment Want me to proceed with Module 13 – Internationalization (i18n) & Localization or jump to Module 14 – AdminHQ & Billing next?
| Feature | Starter | Standard | Pro |
|---|---|---|---|
| Contractor DB | Basic list | + details | + insurance/certs |
| Check-in | Manual | QR/kiosk | + badge print |
| Training | Manual assign | Auto per site | Auto + hazard-linked |
| Doc Exchange | View SDS | Upload + review | + AI review |
| Alerts | Email + In-app | + Slack/Webhook/SMS | |
| Analytics | Table | Charts | + AI risk score |
| Access Control | Company level | Site-based | Time-restricted + full audit |
| Integrations | — | Training/Plan | + API/Webhooks |
| Requirement | SafeEntry Feature | Purpose |
|---|---|---|
| §1910.1200(e)(2) Informing other employers | Shared SDS & plan access; site briefing | Ensure contractors informed before work |
| Pre-entry instruction & proof | Training assignment + e-signature | Document comprehension & consent |
| Ongoing control | Expiry alerts + auto-suspend | Prevent untrained/expired access |
| Documentation & retention | Portal + Document Center + logs | Audit trail for liability & inspections |