Compliance Automation System
Phase 4: OSHA/EU-OSHA Compliance Automation
Automated compliance checking system that scans safety data against regulatory requirements and flags violations.
Overview
The Compliance Automation system automatically checks safety data (predictive scores, incidents, near misses) against configured safety regulations (OSHA, EU-OSHA, etc.) and creates compliance events for warnings and breaches.
Database Schema
safety_regulations
Stores safety regulations and compliance rules.
sql
CREATE TABLE public.safety_regulations (
id uuid PRIMARY KEY,
tenant_id uuid NOT NULL REFERENCES public.tenants(id),
rule_code text NOT NULL, -- e.g., "OSHA-1910.132", "EU-OSHA-89/391/EEC"
description text NOT NULL,
severity numeric CHECK (severity >= 0 AND severity <= 100),
category text, -- e.g., "PPE", "Training", "Incident Reporting"
jurisdiction text CHECK (jurisdiction IN ('US', 'EU', 'Global')),
pattern jsonb, -- JSON pattern for automated matching
enabled boolean DEFAULT true,
updated_at timestamp with time zone DEFAULT now(),
created_at timestamp with time zone DEFAULT now()
);Pattern Examples:
json
{
"incident_count_threshold": 3,
"risk_score_threshold": 70,
"near_miss_count_threshold": 10,
"severity_threshold": 3
}safety_compliance_events
Stores detected compliance events.
sql
CREATE TABLE public.safety_compliance_events (
id uuid PRIMARY KEY,
tenant_id uuid NOT NULL REFERENCES public.tenants(id),
regulation_id uuid NOT NULL REFERENCES public.safety_regulations(id),
entity_id uuid, -- Optional: zone_id, driver_id, etc.
entity_type text CHECK (entity_type IN ('zone', 'driver', 'worker', 'equipment', 'tenant')),
status text CHECK (status IN ('compliant', 'warning', 'breach')),
details jsonb DEFAULT '{}'::jsonb,
detected_at timestamp with time zone DEFAULT now(),
resolved_at timestamp with time zone,
created_at timestamp with time zone DEFAULT now()
);Edge Function API
Check Compliance Rules
Endpoint: POST /functions/v1/check-compliance-rules
Request Body:
json
{
"entity_type": "zone", // Optional: filter by entity type
"entity_id": "uuid", // Optional: specific entity
"jurisdiction": "US" // Optional: 'US', 'EU', 'Global'
}Response:
json
{
"success": true,
"tenant_id": "uuid",
"events_created": 5,
"summary": {
"total_regulations": 12,
"compliant_count": 8,
"warning_count": 3,
"breach_count": 1,
"last_check": "2025-02-05T10:00:00Z"
},
"events": [
{
"regulation_id": "uuid",
"entity_type": "zone",
"entity_id": "uuid",
"status": "breach"
}
]
}Usage:
typescript
import { checkComplianceRules } from '@/lib/api-edge';
// Check all compliance
await checkComplianceRules();
// Check specific entity
await checkComplianceRules('zone', zoneId);
// Check specific jurisdiction
await checkComplianceRules(undefined, undefined, 'US');Pattern Matching
The system matches patterns against safety data:
Incident Count Threshold
json
{
"incident_count_threshold": 3
}Matches if entity has 3+ incidents in last 30 days.
Risk Score Threshold
json
{
"risk_score_threshold": 70
}Matches if entity has risk score >= 70.
Near Miss Count Threshold
json
{
"near_miss_count_threshold": 10
}Matches if entity has 10+ near misses in last 30 days.
Severity Threshold
json
{
"severity_threshold": 3
}Matches if entity has incidents with severity >= 3 (high/critical).
Status Determination
- Compliant: Pattern matched but within acceptable limits
- Warning: Pattern matched, approaching threshold (1.0-1.2x threshold)
- Breach: Pattern matched significantly (2x+ threshold or high risk score)
UI Components
Compliance Dashboard Section
Location: Admin → Safety → Compliance Dashboard
Features:
- Compliance summary cards (Total, Compliant, Warnings, Breaches)
- Compliance events table with filters
- Regulations list
- Check Compliance button
- Resolve events (Admin only)
- Jurisdiction filter (US/EU/Global)
- Status filter (All/Compliant/Warning/Breach/Unresolved)
Access:
- Admin: Full access, can resolve events
- Safety Officer: Full access, can resolve events
- Workers/Drivers: Read-only access
React Query Hooks
typescript
import {
useSafetyRegulations,
useComplianceEvents,
useComplianceSummary,
useCheckComplianceRules,
useResolveComplianceEvent,
} from '@/lib/queries';
// Fetch regulations
const { data: regulations } = useSafetyRegulations('US');
// Fetch compliance events
const { data: events } = useComplianceEvents({
status: 'breach',
unresolvedOnly: true,
});
// Fetch summary
const { data: summary } = useComplianceSummary();
// Check compliance
const { mutateAsync: checkCompliance } = useCheckComplianceRules();
await checkCompliance({ jurisdiction: 'US' });
// Resolve event
const { mutateAsync: resolveEvent } = useResolveComplianceEvent();
await resolveEvent(eventId);Permissions & RLS
Safety Regulations:
- Admins: Full access
- Safety Officers: Full access (within tenant)
- Tenant Admins: Full access (within tenant)
- Workers/Drivers: Read-only access (within tenant)
Compliance Events:
- Admins: Full access
- Safety Officers: Full access (within tenant)
- Tenant Admins: Read access (within tenant)
- Workers/Drivers: Read-only access (within tenant)
Example Regulations
OSHA 1910.132 - Personal Protective Equipment
json
{
"rule_code": "OSHA-1910.132",
"description": "Employers must provide PPE when hazards are present",
"severity": 80,
"jurisdiction": "US",
"category": "PPE",
"pattern": {
"incident_count_threshold": 2,
"severity_threshold": 3
}
}EU-OSHA 89/391/EEC - Framework Directive
json
{
"rule_code": "EU-OSHA-89/391/EEC",
"description": "Employers must assess risks and take preventive measures",
"severity": 90,
"jurisdiction": "EU",
"category": "Risk Assessment",
"pattern": {
"risk_score_threshold": 70,
"incident_count_threshold": 3
}
}Best Practices
- Configure Regulations First: Add regulations before running compliance checks
- Set Appropriate Thresholds: Adjust pattern thresholds based on your industry and risk tolerance
- Regular Checks: Run compliance checks periodically (daily/weekly)
- Resolve Events: Mark events as resolved when compliance is restored
- Review Patterns: Update regulation patterns based on actual compliance needs