Lockout/tagout ranked fourth on OSHA's Top 10 Most Cited Standards for fiscal 2025, with 2,562 violations. [1] The maximum penalty for a wilful or repeat violation now sits at $165,514 each. [2]
That is the operational backdrop for any LOTO software purchase. The wrong choice gets exposed in the next audit, the next near miss, or the next multi-site rollout. Most EHS leaders buy a LOTO platform once every five to seven years. The decision sticks.
This guide gives you a 12-criterion framework, the questions to ask in demos, and the red flags that should disqualify a vendor before contract.
## Start with your buyer archetype
A generic feature checklist will mislead you. The criteria that matter most depend on what you are replacing.
**Paper or spreadsheets.** Your priority is getting procedures into a structured digital format without losing institutional knowledge. Look hard at procedure authoring depth, image and signature capture, and the import path for what you already have written down. The [hidden cost of paper LOTO](https://zentri.cc/resources/blog/hidden-costs-paper-loto) is rarely the paper itself. It is the procedure version drift no one is tracking.
**An EHS suite where LOTO is a weak module.** You bought a broad EHS platform and inherited a LOTO module that ticks the box without ticking the procedure. Your priority is depth: procedure authoring, isolation-point libraries, and group lockout. A specialist will outperform a suite on these every time. Read [VelocityEHS vs Zentri](https://zentri.cc/resources/blog/velocityehs-vs-zentri) for how the suite-vs-specialist trade-off plays out in practice.
**A hardware vendor's portal.** Your existing platform was built around padlocks and tags, with software added later. Your priority is how the system organises information. Ask whether equipment, isolation points, and procedures are tracked as separate items with their own histories, or whether they are just labels stuck onto a tag part number.
**Multi-site standardisation.** You have working systems at individual sites and the variance between them is now the problem. Your priority is template versioning, approval workflows, and role-based access that survives a global rollout. The [business case for digital LOTO](https://zentri.cc/resources/blog/business-case-digital-loto) covers the operational cost framing in detail.
Pick the archetype that fits, then weight the framework below accordingly.
## The 12-criterion evaluation framework
| # | Criterion | What good looks like | What weak looks like |
|---|-----------|---------------------|----------------------|
| 1 | Procedure authoring | Reusable templates, full version history with every version preserved, rich text, photos on every step | A simple PDF builder, no version history |
| 2 | Equipment and isolation library | One isolation point can be linked to many pieces of equipment, and equipment can be grouped under a parent asset | Isolation points re-keyed for every new procedure |
| 3 | Multi-person plan execution | Several authorised employees signed on at once, each claiming different isolation points, with the system controlling verification order | One user at a time, no real concurrent execution |
| 4 | Two-person verification | Strict order between primary verifier and second verifier, controlled by the system itself, not just by the screen layout | Order suggested on screen but easily skipped |
| 5 | Approval workflows | Multi-stage, role-based, separate closure approval gate distinct from initial approval | Single approve button, no segregation of duties |
| 6 | Audit log depth | Separate streams for activity, approval, SSO, and admin actions | One flat log everyone can edit |
| 7 | Roles and permissions | Granular permission catalogue, custom role overrides per tenant | Three or four hardcoded roles |
| 8 | SSO and account sync | Single sign-on (SSO) plus automatic account creation and removal that follows your IT system | Email and password only, or SSO that still leaves you creating accounts manually |
| 9 | Multi-site standardisation | Plant-area tagging, building/floor/department fields, per-site role assignment | Single tenant, no cross-site visibility |
| 10 | Language support | At least English plus one major regional language with in-app switcher | English-only |
| 11 | OSHA 1910.147 alignment | A clear list of supported energy types, periodic inspection tracking, [audit-readiness documentation](https://zentri.cc/resources/blog/how-to-prepare-for-a-loto-audit-compliance-checklist) | "OSHA-compliant" claim with no detail |
| 12 | Connections to other software | Clear about which connections to your existing systems are available today versus on a roadmap | Vague claims about "integrations" with no documented examples |
A note on criterion 3. Multi-person plan execution is the criterion most often demonstrated badly in vendor demos. Ask the salesperson to walk through a five-person lockout on a multi-energy asset where two technicians are working in parallel on different isolation points. You want to see two technicians claim different points at the same time without conflicting, the system enforcing who verifies first and who verifies second, and a single audit log that proves who did what and when. If the demo collapses to one user clicking through every step, or if the second technician has to wait until the first one is finished, the platform does not really support concurrent execution. It is a single-user system that just happens to share data between users.
A note on criterion 6. Most vendors say they have an audit log. Few have separate streams. Ask to see the difference between a regular activity log entry, an approval log entry, and an SSO log entry. If the vendor cannot show you those as genuinely separate logs, you will have a hard time satisfying an auditor who wants segregation of duties evidenced in the records, not asserted in a contract.
> **Want a structured way to score vendors against these 12 criteria?** Our [LOTO audit-readiness checklist](https://zentri.cc/resources/blog/how-to-prepare-for-a-loto-audit-compliance-checklist) doubles as a side-by-side scoring matrix you can take into shortlist meetings.
## Five red flags that should disqualify a vendor
**1. "Offline mode" claims without a working demo.** Many platforms market offline mode without actually being able to keep working when the network drops. Ask for a demo with the laptop in airplane mode, then ask what happens to the audit log when the device reconnects. If the answer is hand-wavy, treat the feature as marketing.
**2. Per-procedure pricing.** Pricing models that scale with procedure count punish the buyers who actually adopt the platform. Look for company-wide or site-based pricing that does not penalise depth of use. Run the numbers through an [ROI calculator](https://zentri.cc/roi-calculator) before signing.
**3. A single flat audit log.** Auditors want segregation of duties evidenced in the records, not in the contract. A platform with one combined log that mixes user logins, plan approvals, and admin actions will cost you hours in any compliance review and weaken the chain of evidence if you ever need it.
**4. "Fully customisable" without a customisation screen.** Ask the salesperson to add a custom field to a procedure template live in the demo, then version the template and confirm the old plans still reference the old version. If they cannot, "customisable" means "we will build it for you" and that is a service contract, not a product feature.
**5. No public OSHA 1910.147 mapping.** A vendor who cannot show you which sections of 1910.147 their workflow addresses, and where the gaps are, is asking you to take compliance on faith. Pair this question with [the most common LOTO violations](https://zentri.cc/resources/blog/osha-top-loto-violations-2025-digital-compliance) and ask how each one is prevented in the product.
## The evaluation process that actually works
**RFP scope.** Keep it under 30 questions. Half functional, half operational. Ask about implementation timeline, training model, and the named individual who will own your account in the first 90 days. Vendors who answer all 30 in two days are showing you what support will feel like. Vendors who take six weeks are showing you the same thing.
**Demo.** Hand the vendor four scenarios in writing before the call. A paper procedure migration. A five-person group lockout on a multi-energy asset. A temporary lockout removal during testing, with the testing window properly bracketed. A procedure version update mid-execution. The first two test depth. The third tests a workflow most platforms ship badly. The fourth tests version control honestly.
**References.** Ask three questions of every reference. What surprised you in the first 30 days. What did the vendor say it could do that it could not. What would you do differently if you bought again.
**Pilot.** Scope one site, one production line, four procedures, six weeks. Define success in writing before kickoff. Vendors that resist a paid pilot are showing you the friction you will have on contract renewal.
## Sources
[1] Safety+Health Magazine. (2026). *OSHA reveals final 'Top 10' data for FY 2025*. National Safety Council. https://www.safetyandhealthmagazine.com/osha-reveals-final-top-10-data-for-fy-2025/
[2] Occupational Safety and Health Administration. (2025). *2025 Annual Adjustments to OSHA Civil Penalties*. US Department of Labor.
