Safety Space Logo

Safety Space

Management of Change Procedure: An Australian H&S Guide

Expert workplace safety insights and guidance

Safety Space TeamWorkplace Safety

A supervisor has just approved a “temporary” workaround on one site, a subcontractor has swapped equipment on another, and your plant team has pushed a software change to an alarm or interlock without anyone calling it a management of change event. That's where most MoC systems break. Not on the major project everyone sees coming, but on the small change that gets treated like routine work.

A workable management of change procedure has to do two things at once. It must slow down the right changes long enough for proper hazard review, and it must stay usable enough that supervisors, engineers, and contractor leads use it under production pressure. In Australian construction, manufacturing, and industrial services, that balance is the whole job.

Table of Contents

Why Your MoC Procedure Fails and How to Fix It

A line manager approves a minor layout adjustment to clear congestion near a machine. No one updates the traffic plan. A week later, operators and forklifts are crossing in a way they weren't before. Nothing about that change looked major when it was discussed. That's exactly why it was dangerous.

In another common version, a site team installs a temporary bypass, changes a sequence, substitutes a chemical, or alters who supervises a critical activity on night shift. The work still gets done. The paperwork might even look tidy. But the risk picture has changed and the controls haven't caught up.

A woman replacing an ineffective process with a structured risk control gear, discarding bureaucratic stamps.

Most failures start with a false label

Most weak MoC systems fail because the business labels change incorrectly. It gets called maintenance. It gets called temporary. It gets buried inside a permit, a SWMS revision, or a toolbox talk. Once that happens, the review is too shallow.

Under Australian WHS settings, that approach doesn't hold up. The legal and operational basis for a management of change procedure is tied to WHS law and the PCBU duty to ensure, so far as is reasonably practicable, workers' health and safety. Guidance also emphasises structured review before implementation, including hazard identification, consultation with affected workers, and verification that controls remain effective after the change, as outlined in this summary of Australian MoC and WHS duties.

Practical rule: If the change can alter exposure, supervision, interaction between trades, plant behaviour, or the reliability of an existing control, it isn't “minor” just because it's quick.

A lot of leaders understand organisational change in the broad sense from resources on driving business transformations. In industrial WHS, the bar is different. The issue isn't staff buy-in first. The issue is whether the change introduces a hazard, weakens a control, or creates a condition your existing risk documents no longer describe accurately.

What actually fixes it

The repair usually isn't more paperwork. It's clearer rules and harder gates.

What works in practice:

  • Clear triggers: Supervisors need a short trigger list they can apply on the spot.
  • Named authority levels: People need to know who can approve what, and what must escalate.
  • Pre-start hold points: No implementation until training, drawings, procedures, isolations, and affected documents are ready.
  • Post-change verification: Someone competent checks the change in the field, not just in the form.

What doesn't work:

  • Generic forms: One giant form for every change invites shortcuts.
  • Open-ended discretion: “Use your judgement” sounds practical but causes under-reporting.
  • Late consultation: Telling workers after the change is not consultation.
  • No closeout: Unclosed MoCs become permanent drift.

If your current system gets bypassed, assume the process design is part of the problem. People bypass MoC when it's vague, slow, disconnected from permits and maintenance, or impossible to use on site.

Defining the Triggers When Is a Formal MoC Required

The hardest part of a management of change procedure isn't writing the workflow. It's defining the entry point. If your teams can't tell when formal MoC starts, they'll default to the easiest path available.

Many guides still don't give clear thresholds for small, temporary, or digital changes. That matters because managers are constantly deciding whether a permit, JSA, SWMS update, or full MoC is the right control path. Under-classifying a “minor” change can have real safety consequences, and that's one reason this remains such a common operational problem in manufacturing and construction, as discussed in this MoC trigger and threshold article.

An infographic showing five key triggers requiring a formal management of change procedure in industrial settings.

Use trigger questions not vague judgement

Don't ask supervisors, “Is this significant?” That's too subjective. Ask questions with a yes or no answer.

Use trigger questions such as:

  • Plant and equipment: Does the change affect plant, guarding, isolation, control logic, lifting arrangement, load path, or access?
  • Process and materials: Are you changing a chemical, operating limit, production rate, set point, or sequence?
  • People and roles: Does the change alter supervision, competency requirements, shift coverage, handover, or contractor interfaces?
  • Systems and software: Are you changing alarms, sensors, interlocks, permit settings, monitoring tools, or digital workflows that affect how work is controlled?
  • Temporary conditions: Is the workaround likely to stay in place beyond the shift, the task, or the original intent?

If the answer is yes to any of those, you should at least screen it through MoC.

A practical classification test

You don't need a complex matrix at the front end. A three-band test works better.

Change typeTypical control pathPractical note
Routine task within existing controlsPermit, JSA, SWMS, maintenance planningOnly if the task matches approved conditions and existing risk controls still fit
Change with local impact and manageable riskScreened MoC, targeted risk review, local approvalGood for contained changes that still alter hazard exposure
Change affecting risk profile, interfaces, or system integrityFull MoC with formal review and management approvalUse this for plant, process, layout, software, contractor interface, or organisational changes

This test only works if you define examples in your procedure. Without examples, crews will keep treating borderline changes as routine work.

A permit controls the work being done. MoC controls the new conditions created by the change.

Examples that usually get missed

The missed changes are predictable.

  • Temporary scaffold modifications: If the modification changes access, loading, exclusion zones, tie pattern, or trade interaction, it needs more than a note on the permit.
  • Short-term chemical substitution: If procurement swaps a product because stock is unavailable, review handling, storage, incompatibility, PPE, and emergency response.
  • Shift pattern changes: A roster change can change fatigue exposure, supervision coverage, emergency response, and who is authorised for high-risk tasks.
  • Software or alarm changes: A small update can alter operator response time, remove a warning, or create false confidence in a control that used to behave differently.
  • Maintenance workarounds: Bypasses, overrides, and “we'll reset it manually for now” are classic MoC triggers.

A useful field test is simple. Ask, “If this changed condition stays in place and someone gets hurt, will we be able to show we recognised the new risk and approved it properly?” If the answer is no, stop and run MoC.

The Core MoC Workflow From Proposal to Closeout

A usable workflow needs gates. Not because auditors like them. Because without gates, work progresses before key checks are finished, and the form becomes a record of failure rather than a control.

Australian safety practice commonly treats effective MoC as a gated workflow: screen the change, review risk and unintended consequences, obtain authorised approval, complete training and notification, implement, then close out with documentation and learning capture. The value of that sequence is that it creates evidence for every material change, consistent with the seven-phase gated MoC template.

A diagram illustrating the seven-step Management of Change workflow from initial proposal to final documentation closeout.

Proposal and screening

At the front end, keep the proposal short but disciplined. The originator should state what is changing, why it's needed, where it applies, whether it is temporary or permanent, and what existing documents or controls may be affected.

The first gate is screening, a stage where many organisations are too soft. The screener should decide whether the change is routine, whether it needs formal MoC, and what level of review and approval is required.

Good screening questions include:

  • Scope: Is this one asset, one site, one task, or a wider system change?
  • Duration: Is it temporary, staged, trial-based, or permanent?
  • Interfaces: Does it affect contractors, adjacent trades, maintenance, operations, or emergency response?
  • Dependency: Does the change rely on updated documents, training, software, or supplier information before it can go live?

If your business struggles with inconsistent records, it helps to look at stronger methods for documenting business processes. MoC falls apart when nobody can find the current drawing, procedure, training record, or approval history.

Risk review and approval gates

Once screened in, the change moves into a proper review. This is not just a generic risk assessment lifted from the task pack. It should examine what the change introduces, what existing controls it affects, and what can go wrong during transition as well as steady-state operation.

A solid review should capture:

  • Hazards introduced by the change
  • Controls weakened by the change
  • New competencies required
  • Documents that must be revised before start-up
  • Any testing, commissioning, or verification needed
  • Who must be consulted before approval

The approval gate has to match the consequence and scope. Local supervisors can approve some local changes. They should not be signing off plant modifications, control system changes, or multi-site procedural shifts on their own.

A common weakness is treating approval as an email. Approval should show that the authorised person reviewed the risk, understood the operational impact, and confirmed pre-implementation requirements are complete. The process is much stronger when MoC records sit inside a controlled document environment such as a document management program, where current versions, approvals, and closeout evidence can be tracked properly.

Field test: If you can't tell from the record who approved the risk, what documents changed, and what had to happen before implementation, you don't have a reliable MoC record.

Implementation closeout and learning capture

Implementation is where rushed teams tend to collapse the gate. They assume approval means go. It doesn't. Approval means go once the conditions of approval are met.

Before implementation, confirm training, notifications, updated procedures, revised SWMS where relevant, revised drawings, labels, signage, and isolation or commissioning requirements. Then verify in the field that the installed or enacted change matches what was approved.

Closeout should answer four questions:

  1. Was the change implemented as approved
  2. Were all affected documents updated
  3. Did the new controls work in practice
  4. What needs to be captured for future work

Temporary changes require discipline. Every temporary MoC should have an owner, an expiry or review point, and a clear path either to removal or to formal permanent adoption. Without that, temporary conditions become business as usual.

Risk Assessment and Control Within MoC

The risk assessment inside MoC has a different job from a standard task-based assessment. It isn't just asking whether the work is safe. It's asking whether the changed state is safe, whether transition into that state is controlled, and whether old assumptions are now wrong.

Australian safety guidance treats MoC as a measurable risk-control process rather than an informal workflow. It also expects employee consultation and documentation updates so the change can be traced later in audits or investigations. Done properly, systematic change control helps prevent accidents, reduce downtime, and improve productivity because hazards are identified and controlled through the change process, as summarised in this overview of MoC as a risk-control system.

Assess the change not just the task

A weak MoC review asks, “What are the hazards of the job?” A stronger review asks, “What is different now, and what does that difference break?”

That means looking at:

  • Normal operation: What hazards appear once the change is in place?
  • Abnormal operation: What happens on start-up, shutdown, fault, upset, or loss of utilities?
  • Human interaction: Will operators, maintainers, cleaners, drivers, or contractors behave differently because the system now presents different cues?
  • Control dependence: Are you replacing a hard control with an administrative one, or relying more heavily on training and memory?

If your team needs a stronger method for this stage, use a structured approach to risk assessment in WHS practice and adapt it to focus on the delta created by the change rather than the original baseline task.

Consult the people who will wear the risk

Consultation goes wrong when it's limited to signatures. The best MoC reviews involve the people who operate, maintain, clean, isolate, supervise, and recover the plant or work area after disruption.

A useful workshop usually includes a mix of operations, maintenance, WHS, engineering where relevant, and frontline workers familiar with the actual conditions. The point isn't to gather opinions for their own sake. It's to test assumptions.

Questions worth asking in consultation include:

  • What will people do differently because of this change
  • What shortcuts are likely under time pressure
  • Which controls are most likely to be bypassed or misunderstood
  • What won't the design team or office-based reviewer see from drawings alone

Workers usually identify the awkward access point, hidden interaction, or likely workaround long before the paperwork does.

Prove controls after the change goes live

Control selection isn't the end of the MoC risk process. Verification is. You need evidence that the control worked under site conditions.

That verification can include:

  • Field checks: Physical inspection against approved configuration
  • Functional checks: Testing alarms, interlocks, guarding, isolation points, or workflow controls
  • Competency checks: Confirming affected workers understood the revised process
  • Document checks: Verifying the right versions are live and obsolete ones are removed

Organisations often expose themselves in investigations when the approval exists, the implementation happened, but nobody checked whether the new arrangement matched the approval or whether workers had the current instructions.

Managing MoC with Contractors and Across Multiple Sites

If your MoC procedure only works when the same managers, the same crews, and the same documents are all in one place, it won't survive real industrial operations. Multi-site work and subcontract labour expose every weakness in the system.

That pressure is obvious in Australia's mobile workforce. The ABS reported that about 1.3 million employed persons usually worked away from their usual workplace in 2024, which is one reason MoC needs quick, digitally accessible approvals and contractor-specific verification in contractor-heavy settings, as noted in this discussion of MoC for mobile and multi-site work.

A diagram illustrating a five-step procedure for managing change effectively with contractors across multiple industrial sites.

Why paper systems collapse in mobile work

Contractor-heavy work creates three recurring failures.

First, no one is clear who owns the MoC. The principal contractor, host PCBU, subcontractor supervisor, and site representative all assume someone else is handling it.

Second, the process is too slow for remote or short-duration work. When approval depends on email chains, scanned forms, or someone being back in the office, crews work around the system.

Third, site-to-site inconsistency creeps in. One project treats temporary changes as MoC events. Another handles the same thing with a verbal approval and a toolbox talk.

Non-negotiable point: If contractors can change the condition of the work, they must be inside your MoC rules, not adjacent to them.

What to lock into contractor arrangements

You can't fix contractor MoC with induction alone. Put the duty into the engagement and the site rules.

Contractor arrangements should define:

  • Trigger obligations: Contractors must notify and seek approval before altering plant, methods, sequencing, access, temporary works, software settings, or supervision arrangements that affect risk.
  • Role boundaries: State who initiates, who reviews, who authorises, and who verifies closeout.
  • Evidence requirements: Specify what the contractor must provide before implementation, such as revised SWMS, drawings, licences, competency evidence, or supplier information.
  • Stop-work authority: Give site representatives power to halt unapproved change immediately.

This is particularly important in service models where multiple vendors operate under separate scopes. Even sectors outside core industrial operations solve part of this through tighter service definitions. If you want a contrast, look at how structured obligations are set out in Overton Security contract services. The lesson isn't about security. It's that contract language matters when responsibilities cross organisational boundaries.

A model that works across sites

The practical answer is a standard framework with local decision rights.

Use one MoC procedure across the organisation, one trigger set, one classification approach, and one record structure. Then define what can be approved locally and what must escalate to regional or corporate level.

For multi-site control, the system should support:

  • Single register visibility: Everyone can see open, approved, overdue, temporary, and closed MoCs.
  • Remote approvals: Authorised people can review and approve without waiting for paper.
  • Contractor verification: Site teams can confirm induction status, competency, and current documents before implementation.
  • Document distribution: Updated procedures and forms are available on the device people use in the field.

A central contractor management system helps because MoC and contractor control are usually the same operational problem viewed from different angles. If your approvals, competencies, and contractor records live in separate silos, the field team ends up guessing which version is current.

Common Pitfalls and Sustaining the Process

The most common MoC failure after rollout is drift. The procedure starts strong, then urgent jobs get waved through, temporary changes stay open, and approvals become habit rather than review.

The drift points to watch

Watch for these early signs:

  • Urgent work bypasses MoC: If “production can't wait” routinely beats review, the system has already weakened.
  • Temporary changes have no end point: These are the changes most likely to become invisible.
  • Approvals are delegated too far down: Convenience starts replacing authority.
  • Records don't match site reality: That's usually a sign the field changed faster than the system.

One useful check is to sample closed MoCs and ask three blunt questions. Could a new supervisor understand what changed from the record alone? Could an investigator trace the approvals and controls? Could the site verify the current state against the approved one?

How to keep the system alive

Sustained MoC performance usually comes from routine management attention, not from rewriting the procedure every year.

Use a practical maintenance cycle:

  • Audit the triggers: Check whether people are classifying changes consistently.
  • Review overdue temporary MoCs: Escalate anything sitting in limbo.
  • Bring MoC into leadership meetings: Discuss change quality, not just change volume.
  • Use incidents and near misses: Test whether an unrecognised change sat in the background.
  • Refresh supervisors: Focus on examples and misclassification, not generic theory.

A mature management of change procedure becomes part of how the organisation thinks about operational control. A weak one stays a form.

If your current MoC process is too slow, too vague, or too dependent on paper and email, Safety Space is worth a look. It gives WHS teams a practical way to manage approvals, documents, contractor oversight, and multi-site visibility in one place, so change control is easier to run properly under real operating pressure.

Ready to Transform Your Safety Management?

Discover how Safety Space can help you implement the strategies discussed in this article.

Explore Safety Space Features

Related Topics

Safety Space Features

Explore all the AI-powered features that make Safety Space the complete workplace safety solution.

Articles & Resources

Explore our complete collection of workplace safety articles, tools, and resources.