What Is an EHS Management System? (And Why Seveso Sites Need Something More Specific)

If you searched for "EHS management system," you're probably trying to do one of two things: understand the concept in general, or figure out what you're actually required to build and document at your own site. Those are different questions with different answers, and most articles on this topic only answer the first one.
This one answers both. We'll cover what an EHS management system is in general terms, and then get specific about what changes if your site falls under the EU Seveso III Directive. If you run a chemical plant, tank terminal, or any other major-hazard establishment classified as Seveso (lower-tier or upper-tier, known in the Netherlands as BRZO), the generic definition isn't wrong — it's just not what applies to you. What applies to you has a name, a legal basis, and a specific set of required elements. It's called a VBS.
What Is an EHS Management System, in General Terms
An EHS (Environment, Health & Safety) management system is the structured set of policies, processes, and controls an organization uses to manage the risks it creates for people, property, and the environment through its operations. The "system" part matters: it's not a single document or a single safety officer's job, it's an organized way of running risk management as a continuous activity rather than a one-off project.
At a basic level, most EHS management systems are built around the same cycle, regardless of industry or geography:
- Policy and objectives — a documented commitment from leadership on what the organization is trying to achieve in health, safety, and environmental performance, and why.
- Risk and hazard identification — a process for finding out what could go wrong, before it does.
- Controls and procedures — the measures put in place to eliminate, reduce, or manage those risks, and the documented procedures that keep them consistently applied.
- Training and competence — making sure the people doing the work, and the people supervising it, actually know what they're supposed to do and why.
- Monitoring and reporting — inspections, audits, incident reporting, and the data trail that shows whether controls are working in practice, not just on paper.
- Review and improvement — a feedback loop that turns findings from monitoring and incidents into actual changes to policy, controls, or training.
That structure is intentionally generic, because "EHS management system" as a term covers everything from a small manufacturing site tracking slip-and-fall incidents to a multinational managing environmental permits across dozens of facilities. The regulatory backdrop varies by sector and jurisdiction — occupational health and safety law, environmental permitting requirements, sector-specific rules — but the underlying management system logic is broadly similar: identify risk, control it, verify the controls work, improve.
For most companies, this generic picture is the right level of detail. It's a useful mental model and a reasonable starting point for building out policies and procedures.
It is not, however, the right level of detail if you operate a site that stores or processes hazardous substances above the Seveso III threshold quantities. For those sites, "have an EHS management system" isn't a best practice you choose to adopt. It's a specific legal obligation with a specific name, and the generic checklist above is the floor, not the ceiling.
For Seveso-Classified Sites, Your EHS Management System Has a Name: The VBS
If your establishment is classified under the Seveso III Directive (2012/18/EU) — lower-tier or upper-tier — you are legally required to maintain what the Directive calls a safety management system, implementing the operator's Major Accident Prevention Policy (MAPP). In the Netherlands, this is universally referred to as the veiligheidsbeheersysteem, or VBS. Other member states use their own national terminology, but the underlying legal obligation and structure trace back to the same source: Article 8 and Annex III of Seveso III.
This is worth stating plainly, because it's the single most important fact in this article: a VBS is not a Seveso-specific variant of an EHS management system that you build in addition to your "real" one. It is your EHS management system. For a Seveso-classified site, there is no meaningful separate generic EHS layer sitting alongside the VBS — the VBS is the legally defined form your environment, health, and safety management takes, because the regulator has already decided what the components need to be and how they need to relate to each other.
That's a different starting point than "here are some general best practices for managing risk." It means:
- The elements of your management system aren't a matter of internal preference or industry convention — they're specified in Annex III of the Directive.
- Your MAPP has to be proportionate to the major-accident hazards your site presents, and your VBS has to be proportionate to the complexity of your organization and the hazards involved — but "proportionate" is not the same as "optional."
- Competent authorities inspect against this structure specifically. When an inspector reviews your safety report or conducts a site inspection, they are checking whether these named elements exist, are documented, and are actually operating — not whether you have "an EHS program" in some general sense.
- Failure isn't just an internal quality problem. It's a compliance failure with direct regulatory consequences, up to and including enforcement action and loss of permit to operate.
So if you're an EHS director, compliance manager, or HSE manager at a Seveso site and you've been managing your management system as a generic EHS program with some extra chemical-safety content bolted on, it's worth checking that against what Annex III actually requires. The gap is usually not in intent — most sites are trying to do the right thing — it's in structure and documentation. Generic EHS frameworks don't map cleanly onto the VBS elements, and that mismatch is where audit findings tend to come from.
The Seveso III Annex III Elements: What Your VBS Actually Has to Contain
Annex III of the Seveso III Directive sets out the elements that a safety management system must address. These aren't suggestions — they're the structure competent authorities use to assess whether your VBS is adequate. Here's what each one means in practice.
1. Organization and Personnel
This is the foundation: who is responsible for what, at every level of the organization, in relation to major-accident hazard management. It covers roles and responsibilities for personnel involved in managing major hazards at all organizational levels, the identification of training needs for that personnel and the provision of that training, and the involvement of employees and, where appropriate, subcontractors' employees.
In practice, this means you need a clear, documented answer to questions like: who owns the MAPP at board level? Who is accountable for a specific safety-critical procedure on a specific installation? How do you track that the person currently doing a safety-critical job has actually completed the training required for it — not just that a training program exists, but that this specific person, this month, is current? Subcontractor management is often the weakest point here: contractors working on-site during turnarounds or maintenance need to be brought into the same competency and awareness framework, not managed as an afterthought outside it.
2. Identification and Evaluation of Major Hazards
A systematic process for identifying major hazards arising from normal and abnormal operation, and assessing their likelihood and severity. This is broader than a general workplace risk assessment — it's specifically about major-accident hazards: the scenarios that could lead to a release, fire, or explosion with serious consequences on or off site.
This element has to connect directly to your safety report and your hazard and operability studies. It's not a one-time exercise done to produce the safety report and then filed away — it needs to be a living process that gets revisited when processes, substances, quantities, or site conditions change. A VBS that treats hazard identification as a document produced once for a permit application, rather than a maintained process, will not hold up under inspection.
3. Operational Control
Procedures and instructions for safe operation, including maintenance of plant, processes, equipment, and temporary stoppages. This is the element with the largest volume of day-to-day documentation: standard operating procedures, permit-to-work systems, maintenance schedules, isolation procedures, and the records that prove they were followed — not just that they exist.
Operational control is also where the gap between "we have a procedure" and "the procedure was actually followed, by the right person, with the right sign-offs, on this specific date" becomes most visible. Paper-based or spreadsheet-based systems tend to capture that a procedure document exists, but struggle to produce, on demand, evidence that it was executed correctly for a specific piece of equipment on a specific date — which is exactly what an inspector or an incident investigation will ask for.
4. Management of Change
A process for planning modifications to, or the design of, new installations, processes, or storage facilities — assessing the major-hazard risk implications before the change happens, not after. This covers both permanent modifications and temporary changes, and it needs to trigger a re-evaluation of relevant hazard assessments and operational procedures.
Management of change is frequently where things quietly break down, because change tends to happen at operational speed while the safety management paperwork happens at a slower pace. A temporary bypass installed during a shutdown, a substitution of one chemical for another, a modification to a control system — if these don't automatically trigger a hazard re-assessment and a documented sign-off before they go live, the rest of the VBS is being built on assumptions that may no longer be true.
5. Planning for Emergencies
Adopting and maintaining procedures to identify foreseeable emergencies through systematic analysis, and to prepare, test, and review emergency plans — including making sure the relevant information reaches employees and is available to the relevant authorities for the external emergency plan. This element connects directly to the internal emergency plan required under Article 12 of the Directive, and to coordination with the authorities responsible for the external emergency plan.
This is one of the few elements with a hard, recurring compliance date attached to it — emergency plans have to be tested and reviewed at defined intervals, not just written once. Being able to demonstrate, on demand, when the last test happened, what the findings were, and what changed as a result, is often the fastest way to show an inspector that this element is a living process rather than a filed document.
6. Monitoring Performance
A process for the ongoing assessment of compliance with the objectives set out in the MAPP and the VBS, including the mechanisms for reporting when they fail — near-misses and incidents in particular — and their investigation and follow-up. This is the feedback element: it's what tells you, in real time, whether the rest of the system is actually working, rather than waiting to find out during an audit or, worse, during an actual incident.
Leading and lagging indicators both belong here. Lagging indicators — incidents, near-misses, non-conformances — are necessary but arrive after the fact. Leading indicators — overdue inspections, expired competencies, open corrective actions, missed procedure steps — are what let you intervene before something becomes an incident. A VBS that can only report on what already went wrong isn't monitoring performance in the sense Annex III intends.
7. Audit and Review
Periodic, systematic assessment of the MAPP and the effectiveness and suitability of the VBS, carried out by senior management, with the results documented and acted on. This closes the loop: audit and review is what makes the previous six elements a system rather than six separate activities running in parallel.
The Annex is explicit that this needs to be a documented, systematic process with senior management involvement — not an informal check-in. Auditors and inspectors will ask to see the audit trail: when was the last management review, what did it find, what corrective actions came out of it, and were those actions actually closed out. If the answer requires reconstructing the history from email threads and separate spreadsheets, that's a structural weakness in the VBS itself, independent of whether the underlying safety performance is actually good.
Why Generic EHS Software Doesn't Map to VBS Structure
Most EHS software on the market — and most of the advice you'll find under a generic "EHS management system" search — is built around the general cycle described earlier in this article: policy, risk assessment, training, incident reporting, audits. That's not wrong, but it's organized around EHS as a discipline, not around the seven Annex III elements as a legal structure.
The practical consequence is that Seveso sites using generic EHS tools end up doing translation work by hand. Inspection data lives in the tool the way the software vendor organized it — by location, by asset, by inspection type — and someone has to manually map that back to "does this constitute evidence for Operational Control" or "does this feed into Monitoring Performance" when it's time to prepare for an audit or update the safety report. Management of change often isn't a first-class concept in generic EHS platforms at all, because it's not a universal EHS need — it's a Seveso-specific one. Emergency plan testing and review cadences, tied to specific regulatory intervals, are similarly easy to lose track of in a tool that wasn't built with Article 12 in mind.
None of this means generic EHS software is bad software. It means it was built to answer a different question than the one a VBS actually asks. A VBS isn't "manage EHS risk well, in general" — it's "demonstrate, element by element, against a specific Annex III structure, that your safety management system is adequate and being followed." That's a documentation and evidence problem as much as an operational one, and it's specific enough that it benefits from tooling built around it directly, rather than adapted to it after the fact.
How Capptions' Seveso Control Fits
Capptions built Seveso Control around this exact structure — the VBS as defined by Seveso III, not EHS management as a generic category. The goal is to let inspections, audits, procedures, and corrective actions map directly onto the Annex III elements they're meant to demonstrate, so that when it's time to show a competent authority — or your own management team — that your VBS is functioning as required, the evidence is already organized the way the regulation is organized, rather than needing to be reconstructed from a generic system after the fact.
If you're managing a VBS today using tools that were built for EHS in general rather than Seveso compliance specifically, it's worth asking a simple question: if an inspector asked you tomorrow to walk through evidence for each of the seven Annex III elements, one at a time, how much of that could you produce directly from your current system — and how much would you have to assemble by hand first?
In Short
An EHS management system, in the general sense, is the structured approach an organization takes to managing environmental, health, and safety risk: policy, hazard identification, controls, training, monitoring, and review. That framework is a reasonable starting point for most businesses.
For Seveso-classified sites, it's not the endpoint — it's the outline of something more specific and more legally binding. Your required EHS management system is a VBS, defined by Article 8 and Annex III of the Seveso III Directive, built from seven named elements: organization and personnel, identification and evaluation of major hazards, operational control, management of change, planning for emergencies, monitoring performance, and audit and review. Getting the general concept right is necessary. Getting the VBS structure right — and being able to prove it, element by element, on demand — is what compliance actually requires.