OSHA compliance isn’t something most business owners think about until something goes wrong. A jobsite injury. A surprise inspection. A penalty letter that lands on your desk on a Tuesday morning and ruins the rest of your week.
If you’re running a company with physical labor, warehouse operations, or field crews, the regulatory exposure is real and ongoing. A Professional Employer Organization can take a significant chunk of that compliance burden off your plate, but only if you set things up correctly from the start.
Here’s the problem: not every PEO handles OSHA the same way. Some offer robust safety programs with dedicated risk managers who actually show up at your worksite. Others hand you a binder of generic policies, check a box, and call it compliance. The gap between those two experiences is where businesses either get protected or get burned.
This guide walks you through the actual mechanics of getting OSHA compliance management working through a PEO. We’ll cover auditing your current exposure, asking the right questions during PEO evaluation, understanding how co-employment affects liability, building your safety infrastructure, preparing for inspections, and holding your PEO accountable after you sign.
One thing to note before we dive in: this is written for business owners and HR leaders who already have a working understanding of what a PEO does. We’re not going to spend time on the basics of co-employment here. If you need that foundation first, start with our core PEO resources and come back. Here, we’re going deeper into the OSHA-specific mechanics that most PEO sales conversations never touch.
Step 1: Audit Your Current OSHA Exposure Before Talking to Any PEO
Before you sit down with a single PEO sales rep, you need to know your own risk profile. This isn’t optional. The PEO is going to assess you anyway during underwriting, and walking in blind puts you at a disadvantage in two ways: you won’t know whether their safety program actually fits your needs, and you won’t be able to push back intelligently on how they’re pricing your risk.
Start by pulling your OSHA inspection history. You can search the OSHA inspection records database at osha.gov to see any citations your establishment has received. Review what violations were cited, whether they were serious or willful, and whether corrective actions were actually completed and documented. This is your starting point.
Next, get your Experience Modification Rate. Your EMR is a number that compares your workers’ comp claims history to industry averages. A 1.0 is average. Below 1.0 means you’re performing better than your peers. Above 1.0 means you’ve had more claims than expected, and you’re paying more for workers’ comp because of it. Your insurance broker or current workers’ comp carrier can give you this number. If you’re already working with a PEO, it may be embedded in their master policy, which complicates things and is worth understanding before you switch providers. For a deeper look at how workers’ comp accounting flows through a PEO arrangement, review our guide on workers’ comp accounting through your PEO.
Pull your OSHA 300 logs for the past three years. These logs document every recordable work-related injury and illness. Review them honestly. Look at which departments or job functions are generating incidents, whether there are repeat injury types, and whether your current safety programs are actually addressing the root causes.
Then identify which OSHA regulatory framework actually governs your operations. General industry operations fall under 29 CFR 1910. Construction work falls under 29 CFR 1926. Maritime and agricultural operations have their own frameworks. This distinction matters more than most people realize, because a PEO that primarily serves office-based businesses has fundamentally different safety expertise than one that works with construction contractors or manufacturing facilities. Matching the PEO’s actual expertise to your regulatory environment is a step most businesses skip entirely.
The common pitfall here is assuming a PEO will “fix everything” without understanding your own baseline first. If you don’t know what’s broken, you can’t evaluate whether the PEO is actually fixing it. You’ll sign on, feel like something is happening, and only find out there were gaps when OSHA shows up.
Step 2: Evaluate PEO Safety Programs With OSHA-Specific Questions
Most PEO sales conversations stay at a surface level. You’ll hear about “robust safety programs,” “risk management resources,” and “dedicated support teams.” None of that tells you anything useful. The questions you ask during evaluation need to be specific enough that a PEO without real safety infrastructure can’t fake the answers.
Here’s where to push:
Do they assign a dedicated safety consultant or just a hotline? A hotline is reactive and generic. A dedicated safety consultant who knows your industry, visits your worksite, and has a relationship with your team is a materially different offering. Ask for specifics: what’s the consultant-to-client ratio? How often do they conduct on-site visits? Is there an additional cost for on-site support or is it included?
Do they conduct on-site hazard assessments? Written safety programs are only as useful as the hazard identification behind them. If the PEO has never walked your facility, their written programs are generic templates. Ask whether they do initial site assessments, how those assessments are documented, and how findings get turned into corrective action plans.
How do they handle OSHA 300 log management? Ask directly: who maintains the 300 log, you or them? What’s their process for determining recordability? Do they have someone who reviews injury reports and makes the recordability call, or does that fall entirely on you? Understanding these details is part of the broader picture of compliance reporting requirements every business owner should track.
What’s their loss-run data for clients in your NCCI code? If you’re in a high-risk industry classification, ask the PEO how many clients they currently serve in similar codes. A PEO that avoids high-risk industries may not have the expertise or the appetite to actually support you. Loss-run data shows their claims history, which tells you whether their safety programs are producing results or just producing paperwork.
Is their safety program proactive or reactive? Proactive means regular audits, training calendars, hazard identification processes, and safety metrics reviews before incidents happen. Reactive means they engage after something goes wrong. Both have value, but if you’re trying to reduce your EMR and avoid citations, proactive is what you need.
The red flag that should end a conversation immediately: a PEO that can’t clearly explain how co-employment splits OSHA responsibility between you and them. If they’re vague, evasive, or give you a generic answer about “shared responsibility,” that’s a sign they either don’t understand it themselves or they’re hoping you don’t ask follow-up questions. Either way, that’s not a partner you want managing your OSHA exposure.
Step 3: Clarify the Co-Employment Split on OSHA Liability
This is the step most businesses skip, and it’s the one that matters most when things go wrong.
Under OSHA’s multi-employer citation policy, OSHA can cite multiple employers at a single worksite. They look at four categories: the creating employer (who created the hazard), the exposing employer (whose employees are exposed), the correcting employer (responsible for correcting the hazard), and the controlling employer (who has overall supervisory authority over the worksite). In a PEO co-employment arrangement, you and the PEO can each fall into one or more of these categories depending on the circumstances. If you need a foundational understanding of how the co-employment process works, it’s worth reviewing that before diving into the liability specifics.
The practical reality is this: OSHA generally treats the worksite employer, meaning you, as the entity responsible for day-to-day safety conditions. You control the work environment. You direct the employees. You enforce (or fail to enforce) safety protocols. The PEO’s administrative role doesn’t transfer that worksite control to them.
What the PEO typically owns in a well-structured arrangement: safety program design, training resource development, OSHA 300 log recordkeeping support, workers’ comp claims management, and regulatory guidance. What stays with you: day-to-day worksite control, enforcing safety protocols, providing and maintaining PPE, equipment maintenance, and ensuring employees actually follow the programs the PEO helped design.
The contract language matters enormously here. When you review the PEO service agreement, look specifically for these things:
Indemnification clauses: Who indemnifies whom, and under what circumstances? If OSHA cites you for a violation related to a safety program the PEO designed, does the indemnification clause protect you or leave you exposed?
Employer of record for OSHA 300 logs: Under 29 CFR 1904, the employer who controls the work environment maintains the 300 log. Some PEO agreements make the PEO the employer of record for recordkeeping purposes. Others leave it with the client. Know which arrangement you’re in before you sign.
Inspection response protocol: What exactly does the PEO commit to doing if OSHA shows up at your worksite? Get this in writing. “We’ll support you” is not an answer. You want specifics: who you call, what they provide, and what their role is during the citation response process.
If you need deeper guidance on reviewing PEO service agreement language, it’s worth spending time with a detailed contract review resource before you sign anything. The OSHA liability section of a PEO agreement is not where you want to discover surprises after the fact.
Step 4: Build the Safety Program Infrastructure With Your PEO
Once you’ve signed on with a PEO that has real safety capabilities, the actual work starts. This is where a lot of businesses drop the ball by treating onboarding as a passive process. You hand over your information, the PEO sends you some documents, and you assume you’re covered. That’s not how it works.
The first priority is collaborating with your PEO’s risk management team to build or meaningfully upgrade your written safety programs. Depending on your industry, this typically includes an Injury and Illness Prevention Program, a Hazard Communication program (including SDS management), and whatever specific programs your operations require: lockout/tagout, fall protection, confined space entry, respiratory protection, or others. These need to be written for your specific operations, not copy-pasted from a generic template with your company name dropped in. Businesses in high-hazard trades like electrical contracting or construction should look at PEO risk management services that specialize in their sector.
Next, build a training calendar with clear ownership. Which trainings does the PEO deliver, and through what format? Which trainings do you handle internally? How often does each training recur? How is completion documented and stored? OSHA expects you to be able to demonstrate that employees received required training. “We did a safety meeting” is not documentation. Names, dates, topics covered, and signatures are documentation.
Establish the incident reporting workflow before any incident happens. This means: who gets notified first when an injury occurs, how quickly, and through what channel? How does the PEO’s claims team integrate with your supervisors? And critically, how do OSHA-reportable events get escalated? OSHA requires fatalities to be reported within 8 hours and in-patient hospitalizations, amputations, or eye losses within 24 hours. Those timelines don’t bend because you have a PEO. If your supervisors don’t know the escalation path, you will miss a reporting deadline at some point. Having a clear workers’ comp injury management protocol in place before an incident occurs is critical to meeting these deadlines.
One practical recommendation that often gets overlooked: designate an internal safety point person even though the PEO is supporting you. This doesn’t have to be a full-time safety manager. It can be an operations supervisor or an HR coordinator with defined safety responsibilities. The reason this matters: when OSHA conducts an inspection, they want to talk to someone with actual worksite authority. A PEO representative sitting in a corporate office in another state doesn’t satisfy that. You need someone on your side who knows your programs, your training records, and your facility.
Step 5: Prepare for OSHA Inspections Under the Co-Employment Model
Here’s something that catches business owners off guard: when OSHA shows up at your worksite, they’re dealing with you. Not your PEO. Not a PEO representative who can explain the co-employment arrangement and redirect the conversation. The compliance officer is there to inspect your worksite, and you are the worksite employer.
Preparation for this reality should start well before any inspection occurs. Your inspection readiness checklist should include:
OSHA 300 logs accessible on-site: Current year and the previous three years. They must be available for inspection. Know where they are and who has access.
Written safety programs posted and current: Not last year’s version. Not a draft. Current, signed, and posted or accessible to employees as required.
Training records organized and retrievable: If an OSHA compliance officer asks for documentation of your last forklift operator certification or your most recent hazard communication training, you need to be able to produce it quickly. Scrambling through email threads during an inspection is not a good look.
PPE documentation available: Hazard assessments that justify the PPE selection, records showing PPE was provided, and documentation that employees were trained on proper use.
Understand your PEO’s role during and after an inspection. Most PEOs will provide post-inspection support: helping you respond to citations, understand abatement requirements, negotiate penalties where possible, and develop corrective action plans. That support is valuable. But they will not be standing next to you during the walkaround, and you shouldn’t expect them to be.
If you receive a citation, contact your PEO’s risk team immediately. Understand the abatement timeline for each citation, because OSHA sets specific deadlines and missing them creates additional liability. Know that citations go on your record, not the PEO’s, even if the PEO helped design the safety program that was found deficient. That’s the co-employment reality, and it’s why the infrastructure you build in Step 4 matters so much. If you’re operating in warehouse or distribution environments, reviewing how enterprise compliance risk management for warehousing works can help you prepare for the specific hazards OSHA targets in those settings.
Step 6: Monitor, Measure, and Hold Your PEO Accountable
Signing a PEO agreement and building initial safety infrastructure is not the finish line. The value of a PEO safety program compounds over time if you’re actively managing the relationship. It erodes if you treat it as a set-it-and-forget-it arrangement.
Set up quarterly reviews with your PEO’s safety team and track actual metrics. The ones that matter most:
Total Recordable Incident Rate (TRIR): This measures how often recordable injuries occur relative to hours worked. If your TRIR is trending up while you’re paying for a PEO safety program, that’s a conversation you need to have.
Days Away, Restricted, or Transferred (DART) rate: This captures the severity of incidents, not just frequency. A lower DART rate means injuries are less serious and employees are returning to work faster.
Training completion rates: Are required trainings actually happening on schedule? Incomplete training is both a compliance gap and a leading indicator of future incidents.
Open corrective actions: How many identified hazards or post-incident corrective actions are still open? An accumulating backlog is a red flag.
Watch your EMR year-over-year. If the PEO’s safety program is working, this number should trend downward over time. A declining EMR directly reduces your workers’ comp costs, which is one of the clearest financial returns on a well-run PEO safety program. Understanding how PEO workers’ compensation management actually works will help you connect those EMR improvements to real cost savings. If your EMR is flat or climbing after two or three years with a PEO, you have a legitimate basis to push back on what you’re getting.
Know when to push back or walk away. If your PEO is slow to respond to safety concerns, doesn’t deliver promised on-site visits, or treats OSHA compliance as a checkbox exercise rather than an ongoing program, that’s not a minor service quality issue. That’s a gap in your regulatory protection. Renegotiate the service agreement, escalate to their leadership, or start evaluating alternatives. Before making a switch, it helps to understand the cost comparison between internal HR and PEO expenses so you can make a data-driven decision.
One honest note on fit: a PEO isn’t always the right solution for OSHA compliance management. Large companies with established in-house environmental health and safety departments often don’t need or benefit from what a PEO’s safety team provides. Businesses in highly specialized industries with very specific regulatory requirements may find that generic PEO safety programs don’t meet the technical depth they need. If you’re in that position, it’s worth being honest about it rather than paying for a service that isn’t actually serving your needs.
Your OSHA Compliance Checklist: Putting It All Together
Before we wrap, here’s a quick-reference summary of the steps covered in this guide.
1. Audit your OSHA exposure and know your EMR before shopping PEOs. Don’t walk into a sales conversation blind.
2. Ask PEO-specific safety questions during evaluation. Push past the generic answers and get specifics on dedicated consultants, on-site visits, and 300 log management.
3. Get the co-employment liability split in writing. Review indemnification clauses, employer of record designations, and inspection response commitments in the service agreement.
4. Build the safety infrastructure collaboratively, but keep an internal point person. Your PEO can design the programs, but you need someone on your side who owns them operationally.
5. Prepare for inspections as if the PEO isn’t there. Because during a walkaround, they won’t be. Your records, your programs, your people.
6. Track outcomes quarterly and hold the PEO to measurable results. TRIR, DART, EMR trends, training completion, open corrective actions. If the numbers aren’t moving in the right direction, have the conversation.
OSHA compliance through a PEO can genuinely reduce your risk and your costs, but it’s not autopilot. The businesses that get the most value treat it as an active partnership, not a handoff. They stay engaged, they track the metrics, and they hold their PEO accountable the same way they’d hold any other vendor accountable.
If you’re comparing PEO providers and want to see how their safety and risk management programs actually stack up side by side, Don’t auto-renew. Make an informed, confident decision. PEO Metrics gives you a clear, side-by-side breakdown of pricing, services, and contract terms so you can see exactly what you’re paying for before you commit.
