Lockout/tagout consistently ranks among the most-cited OSHA standards. In fiscal year 2024, the Control of Hazardous Energy standard (29 CFR 1910.147) recorded 2,443 violations - making it the fifth most frequently cited standard across all industries [1]. With maximum penalties now reaching $16,550 per serious violation and $165,514 for willful or repeated offences [2], a failed LOTO audit is not just an operational headache. It is a direct financial risk.
Most safety leaders understand the basics: you need written procedures, trained employees, and the right lockout hardware. But many facilities stumble on one requirement that is deceptively simple to describe and surprisingly difficult to execute well - the annual periodic inspection. This is the part of the standard that asks you to prove your programme actually works, not just that it exists on paper.
This guide walks through exactly what auditors and compliance officers look for during a LOTO audit, the most common findings that trip facilities up, and a practical checklist to keep your programme permanently audit-ready.
## What OSHA Actually Requires: The Periodic Inspection
The annual periodic inspection is spelled out in 29 CFR 1910.147(c)(6). It requires employers to inspect each energy control procedure at least once per year, with a specific set of conditions that must be met for the inspection to count [3].
First, the inspection must be performed by an authorised employee other than the person using the procedure being inspected. This is a common point of confusion - you cannot simply have someone review their own work. The inspector needs to be a different authorised individual who is qualified and trained on the procedure in question [4].
Second, the inspector must observe a representative sample of authorised employees actually performing the lockout/tagout procedure. This is not a desk exercise. OSHA expects someone to physically watch the procedure being carried out in the field and verify that every step is followed correctly.
Third, the inspector must conduct a review with each authorised employee of their responsibilities under the energy control procedure. When tagout is used instead of lockout, this review extends to affected employees as well [3]. Group meetings between the inspector and authorised employees are acceptable - OSHA does not require individual one-on-one sessions [5].
Finally, the employer must certify each inspection with documentation that includes four specific elements: the machine or equipment covered, the date of the inspection, the employees included, and the person who performed the inspection [3]. If any of these four elements are missing from your records, you have a documentation gap that an auditor will flag.
An important nuance: if you have procedures that are used less frequently than once per year, they only need to be inspected when they are actually used. But every procedure that is in active use must be reviewed within the 12-month window [6].
## The UK and EU Perspective
While OSHA's periodic inspection requirement is the most prescriptive framework globally, European regulations carry comparable obligations.
In the UK, the Provision and Use of Work Equipment Regulations 1998 (PUWER) requires that work equipment is provided with suitable means of isolation from all energy sources (Regulation 19) [7]. PUWER also mandates regular inspection of work equipment to detect faults in good time, with clear records maintained for review by Health and Safety Executive inspectors [8]. The Electricity at Work Regulations 1989 reinforce isolation requirements specifically for electrical systems.
At the EU level, EN ISO 14118 addresses the prevention of unexpected start-up of machinery, establishing principles for the design and selection of means to isolate and dissipate energy. While the EU framework does not impose an identical "annual audit" mandate, the combination of machinery directives, workplace safety legislation, and employer duty-of-care obligations creates a similar expectation: you must be able to demonstrate that your isolation procedures are current, effective, and understood by the people who use them.
For organisations operating across both US and European jurisdictions, the practical takeaway is the same. You need documented procedures, evidence that employees understand and follow them, and records that prove ongoing oversight. The specific regulatory reference changes, but the underlying audit exposure does not.
## The Five Most Common LOTO Audit Findings
After reviewing enforcement records and compliance guidance, the same handful of issues appear again and again. Understanding these patterns is the fastest way to identify gaps in your own programme before an auditor does.
**Outdated or missing machine-specific procedures.** OSHA requires energy control procedures to be specific to the equipment being serviced. A generic "turn off the power" instruction does not meet the standard. Each procedure must address the specific types and magnitudes of energy present, the location of isolation points, and the steps for verifying de-energisation. When equipment is modified or replaced, the corresponding procedure must be updated - and many facilities fail to close that loop [9]. CJ TMI Manufacturing America, a frozen food manufacturer, was placed in OSHA's Severe Violator Enforcement Programme in 2021 after repeated LOTO violations led to an employee amputation - making it one of the largest OSHA penalties of 2024 [10].
**No evidence of periodic inspection.** This is the requirement that catches the most facilities off guard. Having procedures is not enough. You must demonstrate that those procedures have been inspected within the past 12 months, that a qualified inspector observed their execution, and that the required certification records exist. Many employers are aware of their written programme obligations but overlook this ongoing verification step entirely [11].
**Incomplete training records.** OSHA requires employers to certify that training has been accomplished and is being kept up to date. The certification must contain each employee's name and dates of training [3]. Partial records - missing names, undated entries, or records that have not been updated after retraining - represent a straightforward citation. When a periodic inspection reveals knowledge gaps, additional retraining is required, and that retraining must also be documented.
**Group lockout/tagout procedures not properly documented.** Group LOTO situations - where multiple employees are servicing the same equipment simultaneously - carry additional documentation requirements under 29 CFR 1910.147(f)(3). The procedure must clearly define the role of an authorised employee who takes primary responsibility for the group lockout. Each person in the group must apply their own individual lockout or tagout device. Facilities that handle group LOTO informally, without written procedures that address these specifics, are vulnerable to citation.
**No process for updating procedures after equipment changes.** Energy control procedures must reflect the current state of the equipment they cover. When a machine is retrofitted, a new energy source is added, or isolation points are reconfigured, the corresponding LOTO procedure needs to be revised. Without a formal change management process that links equipment modifications to procedure updates, it is only a matter of time before your documentation falls out of alignment with the reality on the plant floor.
## The LOTO Audit Preparation Checklist
Working through the following items will put you in a strong position for any scheduled or surprise inspection. Each item maps directly to a requirement in the OSHA standard or its EU/UK equivalents.
Start with your written energy control programme. Confirm it covers all three pillars required by 1910.147(c)(1): energy control procedures, employee training provisions, and periodic inspection protocols. Verify that the programme is accessible to all relevant employees - not locked in a manager's office or buried on a shared drive nobody checks.
Next, review your machine-specific procedures. Each procedure should identify the equipment by name, describe all hazardous energy sources, specify the location and type of each isolation device, and outline the steps for shutdown, isolation, lockout/tagout application, stored energy release, and verification. Cross-reference your procedure inventory against your current equipment list to ensure nothing has been added, removed, or modified without a corresponding procedure update.
Check your periodic inspection records for the past 12 months. For each energy control procedure in active use, confirm that you have a completed certification record showing the machine or equipment covered, the date of the inspection, the employees included in the review, and the name of the inspector. Confirm that the inspector was a different authorised employee from those using the procedure. If any deficiencies were noted, verify that corrective actions were documented and completed.
Audit your training records. Every authorised, affected, and "other" employee category should have a current training record with their name and dates of training. If any retraining was triggered by a periodic inspection finding, job change, equipment change, or observed deficiency, those additional training dates should be recorded as well. Pay particular attention to contractors and temporary workers - they are covered by the standard too.
Finally, verify your lockout/tagout devices. Confirm they are standardised within the facility (by colour, shape, or size), durable enough for the environment, substantial enough to prevent removal without excessive force, and identifiable to the employee who applied them. Tags should be legible and include a warning legend such as "Do Not Start" or "Do Not Operate."
## Why Paper-Based Systems Make Audits Painful
If your programme currently lives in binders, spreadsheets, and filing cabinets, you already know the friction. Pulling together documentation for an audit means chasing down individual inspection forms, verifying that every signature is present, confirming training dates against employee rosters, and hoping that the most recent version of each procedure is the one in the binder - not an outdated copy from two equipment changes ago.
Version control is the most persistent problem. When procedures are printed and distributed, there is no reliable mechanism to ensure that every copy on the plant floor reflects the latest revision. An auditor who finds one outdated procedure in the field can reasonably question the integrity of the entire programme.
The time cost compounds at scale. A mid-sized manufacturing operation with 50 to 100 lockout procedures, each requiring annual inspection with certified records, training documentation for every employee category, and evidence of corrective actions - that is hundreds of individual records to locate, verify, and present. Facilities routinely report that audit preparation consumes days or even weeks of safety team time when managed manually.
## How Digital LOTO Keeps You Permanently Audit-Ready
The shift from paper to digital lockout/tagout is not about replacing binders with PDFs. It is about building a system where compliance evidence is generated automatically as part of normal operations, rather than being assembled retroactively.
A platform like [Zentri](https://zentri.cc/lockout-tagout) creates a timestamped, tamper-evident audit trail every time a procedure is executed. Each step of the lockout process is recorded - who performed it, when, on which equipment, and whether every step was completed. That audit trail lives in a centralised, cloud-based system that can be accessed instantly during an inspection, without anyone needing to dig through a filing cabinet.
Procedure version control becomes automatic. When a procedure is updated in the system, the change is reflected immediately for every user. There are no outdated copies floating around the plant floor, and you can demonstrate a complete revision history showing when each change was made and by whom.
QR code verification adds another layer of audit evidence. When a technician scans a QR code on a piece of equipment before starting a lockout, the system confirms they are executing the correct procedure on the correct asset. This addresses one of the most common sources of LOTO incidents - human error in equipment identification - while simultaneously creating documentation that an auditor can verify.
For the periodic inspection requirement specifically, digital systems make it straightforward to track which procedures have been inspected, when, by whom, and whether any findings were recorded and resolved. Instead of manually compiling inspection certificates, the records are already structured, searchable, and exportable.
The result is a programme where audit readiness is not a separate activity. It is a byproduct of doing the work.
## Turning Audits from a Scramble into a Non-Event
A LOTO audit should never be a crisis. The requirements are well-defined: current procedures, documented inspections, trained employees, and certified records. The challenge is not understanding what is required - it is maintaining the discipline and infrastructure to keep every element current across dozens or hundreds of procedures and employees, year after year.
The organisations that treat audits as a non-event are the ones that have moved compliance from a periodic project to a continuous process. Whether your next inspection comes from OSHA, the HSE, an internal auditor, or a prospective customer's due diligence team, the question is the same: can you demonstrate, right now, that your programme is complete, current, and actually being followed?
If the answer requires a week of preparation, that is a signal worth acting on.
**Ready to make your LOTO programme permanently audit-ready?** [Book a demo](https://zentri.cc/demo) and see how Zentri's digital lockout/tagout platform keeps your compliance evidence current - automatically.
---
### References
1. OSHA, "Top 10 Most Frequently Cited Standards for Fiscal Year 2024," https://www.osha.gov/top10citedstandards
2. OSHA, "Adjusted OSHA Civil Penalty Amounts for 2025," https://www.osha.gov/news/newsreleases/osha-trade-release/20250114
3. OSHA, "29 CFR 1910.147 - The Control of Hazardous Energy (Lockout/Tagout)," https://www.osha.gov/laws-regs/regulations/standardnumber/1910/1910.147
4. OSHA, "Authorized Employees and Periodic Lockout/Tagout Inspections - Standard Interpretation," https://www.osha.gov/laws-regs/standardinterpretations/1994-08-05-0
5. OSHA, "eTool: Lockout-Tagout - Periodic Inspections," https://www.osha.gov/etools/lockout-tagout/hot-topics/energy-control-program/periodic-inspections
6. Weeklysafety.com, "Lockout Tagout Procedure Inspection Requirements," https://weeklysafety.com/blog/loto-inspections
7. UK Health and Safety Executive, "Provision and Use of Work Equipment Regulations 1998 (PUWER)," https://www.hse.gov.uk/work-equipment-machinery/puwer.htm
8. CHAS, "PUWER Regulations: Detailed Compliance Guide," https://www.chas.co.uk/blog/ultimate-guide-puwer-regulations/
9. Seyfarth Shaw LLP, "Lockout/Tagout: The Most Misunderstood, Most Costly, and Most Misapplied Standard," https://www.seyfarth.com/news-insights/lockouttagout-the-most-misunderstood-most-costly-and-most-misapplied-standard.html
10. TapRooT, "Top Ten Biggest OSHA Fines of 2024," https://taproot.com/biggest-osha-fines-2024/
11. OSHA, "eTool: Lockout-Tagout - Training and Retraining," https://www.osha.gov/etools/lockout-tagout/hot-topics/energy-control-program/training-retraining
