In the previous post, I explored how HSE compliance is expanding, and how security-related scenarios are increasingly triggering HSE obligations across areas such as worker safety, emergency response, environmental protection, and business continuity.
The next challenge is not only identifying these overlapping requirements.
It is managing them in practice.
Parallel Structures, Different Approaches
In most organisations, HSE and security responsibilities have developed separately.
HSE typically operates within structured compliance frameworks, supported by:
- Legal registers
- Audit processes
- Incident reporting
- Corrective action tracking
Security, on the other hand, has often been managed through:
- Risk assessments
- Threat monitoring
- Operational procedures
- Incident response protocols
Both functions are well established. But they are not always structured in the same way.
Where the Disconnect Appears
Under normal conditions, this separation may not be obvious. But when a real-world event occurs, the gap becomes clear.
Take a security-related incident at a site. Immediately, multiple processes may be triggered:
- Emergency response procedures
- Workforce accountability
- Site access control
- Communication with authorities
- Contractor coordination
- Incident investigation
At that point:
- HSE may initiate emergency response and reporting
- Security may manage threat response and site control
- Operations may focus on continuity and recovery
Each function is acting appropriately – but not necessarily together.
Different Organisations, Same Issue
This challenge applies across organisations of all sizes.
In smaller organisations:
- There may be no dedicated security function
- The HSE manager may be responsible for both HSE and security-related obligations
- Processes may rely on individual knowledge rather than structured systems
In larger organisations:
- HSE, security, legal, and operations may be separate functions
- Responsibilities may be clearly defined at a corporate level
- But not every site has specialist expertise
Offices, warehouses, project sites, and smaller operations may still rely on generalists.
So the issue is not simply organisational structure.
It is how responsibilities are aligned in practice.
Where It Starts to Break Down
When HSE and security-related responsibilities are not aligned, several issues typically emerge:
- Unclear Ownership
Who is accountable for the overall response?
- HSE?
- Security?
- Operations?
Ownership may be defined in theory, but becomes less clear in real situations.
- Conflicting Processes
Different functions may follow different procedures:
- HSE processes focused on safety, compliance, and reporting
- Security processes focused on control, containment, and threat response
These do not always align.
- Fragmented Information
Information may be spread across:
- HSE systems
- Security reports
- Emails and internal communications
- Contractor records
There is no single, consistent view.
- Multiple Authorities
An event may require interaction with:
- Labour or environmental regulators
- Police
- Civil defence
- Security authorities
Each with different requirements and expectations.
- Inconsistent Evidence and Investigation
An HSE incident investigation is not the same as a security-related investigation.
Security-related events may require:
- Different evidence handling
- Restricted information sharing
- Different reporting protocols
- Involvement of external authorities
Without alignment, documentation and traceability can become inconsistent.
The Core Issue
None of these problems are new.
What has changed is the level of pressure.
As HSE compliance expands to include security-related scenarios, organisations are increasingly expected to demonstrate:
- Coordinated response
- Clear accountability
- Consistent documentation
- Compliance across multiple domains
This is difficult to achieve when responsibilities are managed in parallel but not integrated.
From Capability to Coordination
Most organisations already have the necessary capabilities.
They have:
- HSE systems
- Security procedures
- Emergency plans
- Business continuity frameworks
The issue is not capability.
It is coordination.
More specifically:
- How responsibilities align across functions
- How information is shared
- How actions are tracked
- How compliance is demonstrated
What Comes Next
As organisations try to address this challenge, many turn to systems and tools.
But another issue quickly emerges.
Even well-structured compliance systems can struggle when requirements cut across multiple domains and need to be managed in real time.
I’ll explore that in the next post.
