A lockout/tagout procedure is only useful if it still matches the equipment, still reflects the work being performed, and is still being followed by the people using it.
That is the real purpose of a periodic LOTO review.
It is not just a paperwork exercise. It is a way of proving that the procedure on file is still suitable, that completed lockout records support what happened in the field, and that any problems found during the review are corrected rather than forgotten.
In the US, this connects directly to OSHA's lockout/tagout standard. OSHA 29 CFR 1910.147(c)(6) requires employers to conduct periodic inspections of energy-control procedures at least annually. The inspection must be used to correct deviations or inadequacies, and the employer must certify that the inspection was performed, identifying the machine or equipment, inspection date, employees included, and the person performing the inspection. You can read the OSHA text here: [29 CFR 1910.147(c)(6)](https://www.osha.gov/laws-regs/regulations/standardnumber/1910/1910.147).
For European sites, there is no single EU-wide regulation that maps exactly to OSHA lockout/tagout. But the underlying expectation is still clear: employers must maintain safe work equipment, inspect equipment where deterioration could create dangerous situations, keep inspection results available, and adapt prevention measures as circumstances change. Relevant references include [Directive 2009/104/EC](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32009L0104) on work equipment and [Directive 89/391/EEC](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A31989L0391) on employer safety duties.
The regulatory language matters, but the practical question is simple:
> Can you prove that your lockout/tagout procedures are still working?
## Periodic review is where procedure meets reality
A written procedure can look perfect and still fail in practice.
The equipment may have changed. A valve may have been replaced. An isolation point may have moved. A new contractor may be using the procedure differently from the internal maintenance team. A verification step may be completed, but without evidence. A template may have been updated after a finding, but nobody checked whether older plans were still being executed against the previous version.
That is why periodic review is valuable. It forces the site to compare the controlled procedure with the execution record.
A good periodic review should prove three things:
| Question | What the review should prove |
|---|---|
| Is the procedure still suitable? | The isolation steps, energy sources, verification methods, and closeout requirements still match the equipment. |
| Is the procedure being followed? | Completed lockout records show that workers used the correct procedure and completed the required controls. |
| Are findings being corrected? | Deviations, weak records, missing evidence, or procedure issues are recorded and followed through to closure. |
Those three checks make the review more than an annual tick-box activity. They turn it into a practical test of whether the energy-control process is still protecting people.
## The real problem: records exist, but the review is scattered
Most teams do not lack records. They lack organised records.
A safety manager may be able to prove that a lockout was completed, but it may take far too long to pull the full story together. The reviewer has to open the equipment file, find the current procedure, locate the completed plans, check whether the template changed, open scanned paper forms, review photos, confirm who signed on, inspect checklist records, and then record findings somewhere else.
That is not a review workflow. It is admin archaeology.
The result is a review that depends heavily on the reviewer's discipline and memory. Some findings are captured well. Others are left as notes in a spreadsheet. Close-out evidence may be stored separately from the original finding. If the same question comes up six months later, someone has to rebuild the story again.
A structured LOTO Audit Review solves this by pulling the review around the equipment, the procedure, the completed plans, the findings, and the final attestation.
## Start with a defined review scope
A periodic review should start with a clear scope. Without scope, the reviewer is left deciding what to inspect as they go, which makes the result harder to defend.
The scope may be monthly, quarterly, annual, or event-based.
| Review type | Typical scope |
|---|---|
| Monthly LOTO Review | Equipment with completed lockout plans in the previous month |
| Quarterly Review | A broader review across a line, plant area, or defined time period |
| Annual Procedure Inspection | Active equipment and energy-control procedures requiring periodic inspection |
| Equipment Spot Check | High-risk equipment, recently changed assets, or selected machines |
| Custom Review | A specific contractor activity, incident follow-up, campaign, or internal audit scope |
In Zentri's LOTO Audit Review workflow, the reviewer starts by selecting the type of review and seeing the scope before launching it. The scope preview can show the equipment included, completed plans nested under that equipment, and relevant LOTO template changes. That makes the review intentional from the start, rather than a blank spreadsheet.
If the review is monthly, the system should pull the equipment touched by lockout plans in that month. If it is annual, the scope should be wider. Either way, the reviewer should not have to manually search every plan and decide what belongs.
## Review equipment first
A periodic LOTO review should be equipment-led.
Many review processes start from completed forms rather than from the machine or system being controlled. That makes it harder to see whether the procedure still matches the equipment.
Equipment-first review keeps the right context together. The reviewer can see the equipment, its lockout instructions, the plans executed against it, recent activity, template changes, and any findings or follow-up actions.
This also fits OSHA's certification requirement, which expects the inspection certification to identify the machine or equipment on which the energy-control procedure was being used. The equipment is not just a label. It is the anchor for the review.
In practice, the reviewer should be able to open a piece of equipment and ask:
> Are the lockout instructions still correct, and do the completed plans show that people followed them?
That question is much stronger than simply asking whether a form was completed.
## Review the procedure and the completed plans together
A periodic LOTO review is strongest when the reviewer can compare the intended procedure with the actual execution record.
The lockout instructions show what should have happened. The completed plan shows what did happen. The audit trail shows who did it, when they did it, and what evidence was captured.
That comparison is the heart of the review.
For example, the procedure may require zero-pressure verification before opening a line. The completed plan may show that the lockout was completed, but the checklist evidence may not show the verification. That does not automatically mean the work was unsafe, but it does mean the record is weak. The reviewer needs a way to mark that clearly and assign follow-up.
A simple verdict structure keeps the review consistent:
| Verdict | Use when |
|---|---|
| Pass | The record is acceptable and no action is needed |
| Fail | A serious issue, missing control, or nonconformance is identified |
| Needs Action | The review can continue, but follow-up is required |
| N/A | The item is not applicable to this review scope |
In Zentri's review workflow, each equipment item can be expanded so the reviewer can inspect the lockout instructions and the completed plans in one place. Plans can be marked with review outcomes such as Pass, Fail, Needs Action, or N/A. The point is not to make the reviewer click through more screens. The point is to keep the finding attached to the evidence that caused it.
This is where a [LOTO audit trail](/resources/blog/loto-audit-trail-what-evidence-should-a-digital-lockout-system-capture) becomes useful. If the execution evidence was captured properly during the job, the review becomes a structured inspection rather than a manual investigation.
## Procedure changes need review too
Completed plans are only one side of the review.
The procedure or template itself may also have changed. A new isolation point may have been added. A verification method may have been updated. A checklist may have been tightened after a near miss. A closeout requirement may have been introduced because of a previous audit finding.
Those changes need to be visible during the periodic review.
A procedure change is not automatically a problem. In many cases, it is evidence that the site is improving its controls. The problem is when those changes are invisible to the person performing the review.
The reviewer should be able to see which LOTO templates changed during the review period, what version changed, when it changed, and whether the change needs communication, retraining, or further follow-up. This is especially important where completed plans in the period used an older version of the procedure.
A review that ignores template changes can miss the bigger picture. The execution record may show what happened last month, but the template history shows whether the procedure itself is still moving in the right direction.
## Record findings while the context is visible
Findings are better when they are recorded at the moment the reviewer sees the issue.
If a plan skipped a required verification step, the reviewer should not have to leave the review, open a spreadsheet, write a note, attach a screenshot elsewhere, and then hope the connection remains obvious later. The finding should be captured directly against the equipment, plan, or template being reviewed.
| Finding example | Likely outcome |
|---|---|
| Required zero-energy verification missing | Fail |
| Verification present, but supporting evidence is weak | Needs Action |
| Template updated correctly after a safety bulletin | Pass |
| Equipment in scope, but no applicable activity occurred | N/A |
| Paper record uploaded, but signature is unclear | Needs Action |
| Contractor sign-on missing from group LOTO record | Fail or Needs Action |
The language matters. "Needs Action" is different from "Fail." A missing verification record may be a serious nonconformance. A weak photo may simply need follow-up. A template change may pass review but still require communication to the maintenance team.
The system should allow that nuance without forcing every issue into the same bucket.
## Attestation gives the review a clear endpoint
A periodic review needs a formal completion point.
At some stage, the reviewer needs to say: this scope has been reviewed, these findings were recorded, these exceptions are visible, and this review is complete.
That is what attestation does.
A good attestation record should show the reviewer, the date and time, the review scope, and the statement being signed. For OSHA-aligned reviews, the record should support the required certification elements: the machine or equipment, the date of inspection, the employees included, and the person performing the inspection.
There is another point that should not be ignored. The person performing the review should generally not be one of the people who used the procedure being inspected. OSHA's periodic inspection requirement says the inspection must be performed by an authorized employee other than the ones using the energy-control procedure being inspected.
In real plants, conflicts can still happen. A small site may have limited qualified reviewers. A safety manager may have been involved in one plan inside a wider monthly review. The important thing is that the conflict is not hidden. If the review proceeds, the reason should be written, retained, and printed in the audit package.
Zentri's audit review workflow is designed around that principle. If a conflict is identified, the review can require an override reason before attestation, and that reason stays with the record.
## Export the audit package
The final review should produce a record that can stand on its own.
That does not mean every audit must produce a 200-page report. It means the exported package should be complete enough to show what was reviewed, what was found, who attested, and what evidence supports the review.
A practical audit package should include:
| Audit package element | Why it matters |
|---|---|
| Review name and period | Shows the scope and timing of the review |
| Equipment reviewed | Supports machine/equipment-level inspection records |
| Completed plans reviewed | Shows which execution records were inspected |
| Template changes reviewed | Shows whether procedure changes were considered |
| Verdicts and findings | Shows the outcome of the review |
| Notes and attachments | Supports the reviewer's judgement |
| Follow-up actions | Shows what needs correction |
| Attestation | Shows who completed the review and when |
| Conflict or override reason | Preserves transparency where exceptions exist |
This is where many manual reviews break down. The review may have been done, but the evidence of the review is spread across too many places. If the review package is generated from the structured workflow, the export becomes the output of the review rather than a separate admin task.
## Close out findings after the review
Not every finding can be closed on the day of the review.
A finding may require retraining. It may require a procedure update. It may require a supervisor to confirm that a contractor has been briefed. It may require a new photo, a revised checklist, or evidence that a missing step has been corrected.
That follow-up should be linked back to the original finding.
There is an important distinction here:
| Action | Meaning |
|---|---|
| Close out | The original finding was valid and the follow-up work is now complete |
| Amend | The original review record needs correction |
Both actions should preserve history. A close-out should show what was done and when. An amendment should show what changed and why. Neither should erase the original record.
This follow-up loop is where periodic review becomes genuinely useful. The goal is not only to identify issues. The goal is to make sure issues are closed.
## From audit trail to audit review
The previous article in this series covered the [LOTO audit trail](/resources/blog/loto-audit-trail-what-evidence-should-a-digital-lockout-system-capture): the execution evidence captured during lockout/tagout work.
This article covers the next layer: reviewing that evidence.
The audit trail shows what happened. The audit review shows how the evidence was inspected, judged, attested, exported, and followed up.
If the audit trail is weak, the review becomes painful. If the audit trail is structured, the review becomes faster and more reliable. If the review workflow is also structured, the site can show not only that records exist, but that those records were actually inspected.
That is the difference between storing evidence and proving the procedure still works.
## How Zentri supports LOTO Audit Review
Zentri's [digital lockout tagout software](/lockout-tagout) is designed to make LOTO records easier to execute, review, and defend.
Zentri's LOTO Audit Review workflow helps teams run periodic reviews from one structured place. Instead of starting with scattered forms and files, the reviewer can define the review scope, inspect equipment, review completed plans, check procedure changes, record findings, attest the review, export the package, and close out follow-up actions.
The workflow supports monthly reviews, quarterly reviews, annual procedure inspections, equipment spot checks, and custom review scopes. It keeps the review equipment-first, so the procedure, completed plans, findings, and follow-up actions stay connected to the machine or system being inspected.
It also builds on the execution records already captured in Zentri: worker sign-on, [group lockout/tagout](/resources/blog/group-lockouttagout-how-to-manage-multi-person-loto-without-losing-visibility), pre- and post-execution checklists, isolation step evidence, signatures, attachments, timestamps, and activity logs.
Periodic LOTO review should not be a scramble to prove what happened. It should be a structured way to show that your procedures are still suitable, still being followed, and still improving when findings are found.
---
## See how Zentri helps teams run periodic LOTO reviews
Zentri helps teams manage digital lockout/tagout plans with guided execution, worker visibility, checklist controls, audit trails, periodic review workflows, and exportable records.
[Book a Demo](/demo)
