After Macondo. After Piper Alpha. The first ask is the permit. Can you produce it in minutes?

Your CISO and your HSE Director know how this conversation ends. After every fatality investigation. After every regulator visit triggered by a near-miss. After every insurance underwriter's annual review. The first ask is the permit-to-work record. The second ask is who issued it, who executed it, who verified each isolation, who closed it out — with a chain of custody that has not been altered since.

If the answer takes days, you are slow. If the chain cannot be cryptographically attested, you are exposed. TeamSync's Intelligent Maintenance Repository preserves every permit-to-work, MOC package, isolation certificate, and HSE-critical document with a Merkle-chained audit ledger. The auditor — and the BSEE, PHMSA, OSHA PSM auditor, UK HSE Safety Case auditor, OGUK Step-Change-in-Safety auditor — gets the file on screen in minutes, not days, with cryptographic evidence the chain has not been altered.

Talk to a CISO/HSE-Director solutions engineer · Read the audit-ledger pillar · Read the energy microsite

"I cannot afford to be slow on the permit-to-work record."

"After Macondo, after the next incident, the regulator's first ask is the permit-to-work record. I cannot afford to be slow on that." — CISO / HSE Director (— Severity 5 × Frequency 5 × Urgency 3)

3 failure modes recur:

1. Permit lives in spreadsheets, paper, and a legacy permit-management system that was bought 16 years ago. No single source of truth.
2. The chain of custody — issuer, executor, verifier, closer — is a sequence of timestamps in a database. Mutable. Disputable. The auditor's "prove this hasn't been altered" question has no cryptographic answer.
3. The integration between the permit, the isolation procedure (LOTO), the contractor's deliverables, and the HSE policy is manual. Reconciliation takes the entire shift.

The cost of failing the regulator's first ask is not theoretical. BSEE Final Investigation Reports cite permit-to-work integrity in over 60% of OCS incident findings (2018–2024). PHMSA enforcement actions on pipeline operators routinely reference permit-and-MOC chain-of-custody gaps. OSHA Process Safety Management citations under 29 CFR 1910.119(d) often anchor on inability to produce permit records under the SLA. UK HSE Safety Case audits and OGUK Step Change in Safety reviews reach the same conclusion.

The Macondo Final Report (BOEMRE/USCG, 2011) traces the failure chain back through unrecognised hazards, missed verification steps, and incomplete handover. Piper Alpha's Cullen Report (1990) did the same a generation earlier. Each generation of regulators has demanded better evidence of permit integrity. TeamSync's audit ledger is the cryptographic answer the current generation requires.

What TeamSync gives the CISO + HSE Director.

1. The permit-to-work record is one document, with one ACL, in one repository.

Every PTW — hot work, confined-space entry, energy isolation (LOTO), lifting operation, hydrocarbon-release operation, intrusive maintenance — lives in TeamSync's Intelligent Maintenance Repository as a typed document with the metadata fields that the regulator and the safety case expect: issuing supervisor, executing crew, verification step, isolation list, energy sources controlled, gas-test results, time of issuance, time of completion, closeout signature.

2. Every permit event is anchored in the Merkle audit ledger.

When the permit is issued, when each verification step completes, when the isolation list is signed, when the closeout happens — each event is hashed and added to the ledger as a Merkle leaf. The leaf includes a hash of the prior leaf for that permit, so the chain is cryptographically linked. Tampering with any historical event invalidates the chain. The auditor's "prove this hasn't been altered" question becomes a one-line API call returning the Merkle inclusion proof. See the tamper-evident audit ledger pillar for the full mechanism.

3. The agentic AI workflow orchestrates the permit lifecycle.

Permit issuance triggers a TeamSync Agentic AI Workflow that routes the permit through verification steps, integrates with the isolation database, generates the gas-test request, holds the workflow at human-checkpoint nodes (the verifier must sign; the issuer must approve closeout), and refuses to mark the permit complete until every required signature is captured. The workflow cannot be bypassed; the audit ledger records every step.

4. The contractor portal and the field crew share the same permit.

The External Portal gives contractors short-lived access to their permits and the linked HSE policies. The field crew accesses the same permit from a TeamSync mobile app. There is no email-attached PDF of the permit floating between systems; there is one record, one ACL, one audit trail.

5. The MRO + MOC + permit triangle stays in one platform.

The CISO knows the ECO (engineering change order) → MOC (management of change) → PTW (permit-to-work) chain is where many incidents originate. TeamSync handles all 3 in one platform with the same audit ledger. When the regulator asks "show me the change history that led to this permit," the answer is one query against one ledger.

How TeamSync resolves the regulator's first 3 questions.

What the CISO + HSE Director get out of this.

Compliance frameworks satisfied.

How TeamSync compares for the CISO + HSE Director use case.

The HSE-document specialists (Sphera, Enablon) have deep workflow templates but lack a platform-grade tamper-evident audit ledger. Subsurface specialists (SLB, Halliburton) handle the well-engineering side but not HSE-document workflow.---

What 2 reference customers say.

"After our last BSEE inspection, the inspector spent the first 2 hours asking for permits. The previous workflow took us a full shift to assemble. The TeamSync workflow returned every requested permit in under 15 minutes, with the cryptographic verification on the same screen. The inspector's tone changed." — CISO + HSE Director, US Gulf of Mexico operator (named-reference programme rolling)

"OGUK Step Change in Safety reviews ask the same question every time: prove the permit chain. We retired 3 legacy permit-management systems and one HSE-document tool. Our chain-of-custody answer is now one API call." — Director of Safety + Risk, North Sea operator

CTAs.

Frequently asked questions.

Does TeamSync replace our HSE-document specialist (Sphera, Enablon)?

For the permit-to-work + MOC + isolation workflow, often yes — at lower TCO and with the cryptographic chain-of-custody those tools cannot match. For the broader EHS reporting and EHS-incident management workflows that those tools cover, coexistence is the typical pattern. The TeamSync solutions team scopes the right cluster against your renewal calendar.

Can the contractor execute a permit through their own system?

Yes via the External Portal. The contractor receives a short-lived signed-URL token; they access only the permits and policies they are entitled to; their actions are recorded in the same audit ledger as the operator's actions.

How does this interact with our Process Safety Information (PSI) under OSHA PSM?

The Intelligent Maintenance Repository handles PSI documents — P&IDs, equipment files, safe upper and lower limits, relief-system design — alongside the permit records. The audit ledger anchors PSI updates as well. When OSHA asks for the PSI baseline at the time of the incident, the answer is in the ledger.

What about isolation lists (LOTO)?

LOTO procedures are document-typed in TeamSync; the permit references the LOTO procedure version at issuance; the workflow refuses to mark the permit complete until the LOTO closure event is anchored. OSHA 1910.147 conformance becomes a query, not an exercise.

How do we handle multi-asset rollout (offshore + onshore + midstream)?

The platform's vertical-aware overlays activate per asset class. Offshore-specific PTW templates differ from onshore PSM templates; both are supported in the same tenant with appropriate ACL scoping.

What if our regulator is not US- or UK-based?

The platform supports the equivalent national bodies (Petronas Carigali, ANP Brazil, NOPSEMA Australia, ADNOC, Aramco, equivalent in your jurisdiction). The audit-ledger evidence is regulator-agnostic; the permit and PSI templates are configured per regulatory regime.

Can the agentic AI workflow refuse to issue a permit if a precondition is missing?

Yes. The workflow is bounded by the Business Rules Engine. Rules like "permit cannot issue if any required isolation has expired" or "permit cannot issue if the assigned executor has not completed the relevant training in the last 12 months" are enforced. The audit ledger records the rule evaluation and the refusal.

How fast can we deploy?

Most energy customers go live on the permit-to-work and MOC clusters within 60–90 days. Full Intelligent Maintenance Repository (PSI + assets + MOC + PTW) is a 4–6 month rollout. The TeamSync solutions team scopes per asset count.

Related capabilities

• Intelligent Repository — the document foundation
• Agentic AI Workflow — permit lifecycle orchestration
• DocuTalk — AI grounding in the HSE corpus
• Tamper-evident audit ledger — the cryptographic chain
• eDiscovery — regulator-response collection
• Teams Management + External Portal — contractor access

Related compliance overlays

• SOC 2 Type II, ISO/IEC 27001, GDPR Art. 17