Safety And Compliance Software Requirements: State-by-State Guide for GCs
Safety and compliance software requirements vary by state, and general contractors operating across multiple jurisdictions must configure their tools to match each state's rules. A 2025 AGC Safety Survey found that 62% of multi-state GCs had received at least one citation in the previous year because their compliance program did not account for state-specific safety requirements. The fine totals averaged $34,000 per firm.
This state-by-state guide uses real case studies to show how safety and compliance software must adapt to different jurisdictions. Each section covers the unique requirements, common pitfalls, and software configuration steps for that state.
Federal Baseline: What Every State Shares
Before diving into state differences, understand the federal floor. Every state must meet or exceed these OSHA standards.
Your safety and compliance software must track these items for every subcontractor regardless of project location.
Hazard communication. Written program, safety data sheets, and worker training for every chemical on site.
Fall protection. Required at 6 feet in construction (29 CFR 1926.501). Documentation of fall protection plans, equipment inspections, and training.
Scaffolding. Competent person designation, daily inspections, and capacity ratings for all scaffold systems.
Excavation. Competent person on site, soil classification, protective system documentation, and daily inspections before worker entry.
Electrical safety. GFCI protection, assured equipment grounding conductor program documentation, and qualified worker designations.
State-by-State Requirements
| State | State OSHA Plan | Key Additional Requirements | Software Configuration Need |
|---|---|---|---|
| California | Cal/OSHA | IIPP, heat illness prevention, crane certification | Custom rule set for Cal/OSHA standards |
| New York | Federal OSHA + state laws | Labor Law 240/241, scaffold training | Scaffold-specific tracking module |
| Texas | Federal OSHA | No state plan, but Texas Mutual requirements | Carrier-specific compliance tracking |
| Florida | Federal OSHA | Heat exposure rules, hurricane prep plans | Weather-triggered compliance alerts |
| Washington | DOSH | Stricter fall protection, crane rules | State-specific fall protection thresholds |
| Oregon | Oregon OSHA | Heat stress rules, wildfire smoke protection | Environmental condition monitoring |
| Michigan | MIOSHA | Specific trench safety requirements | Enhanced excavation tracking |
| Minnesota | MNOSHA | Cold stress prevention, confined space rules | Temperature-triggered compliance alerts |
| Nevada | NVOSHA | Additional silica exposure requirements | Silica monitoring documentation |
| Virginia | VOSH | Heat illness standard, COVID legacy rules | Health monitoring compliance module |
Case Study 1: California IIPP Requirement
The situation. A mid-size GC based in Arizona expanded into California for a $12 million commercial project. Their safety compliance software was configured for federal OSHA standards. They did not account for California's Injury and Illness Prevention Program (IIPP) requirement.
The gap. Cal/OSHA requires every employer on site to maintain a written IIPP that includes hazard identification procedures, accident investigation processes, and employee training documentation. This goes beyond the federal hazard communication standard.
The consequence. Cal/OSHA inspected the site after a minor incident. The GC had no IIPP documentation for three of their subcontractors. Total citations: $37,500.
The software fix. Configure your compliance software with a California-specific rule set that requires IIPP documentation from every subcontractor before they mobilize. The system should verify that the IIPP includes all eight required elements and is dated within the current calendar year.
Case Study 2: New York Labor Law 240 Compliance
The situation. A national GC running a high-rise project in Manhattan assumed standard fall protection documentation was sufficient. Their software tracked OSHA fall protection training and equipment inspections.
The gap. New York Labor Law 240 (the Scaffold Law) imposes absolute liability on GCs and property owners for gravity-related injuries. This creates a higher documentation standard than federal OSHA. The GC needed proof of daily scaffold inspections, specific competent person certifications, and documented safe work procedures for every elevated task.
The consequence. A scaffold worker fell from 14 feet. Under Labor Law 240, the GC bore full liability because they could not produce daily inspection records for three of the previous seven days. Settlement: $1.2 million.
The software fix. Add a New York scaffold compliance module that requires daily inspection uploads (not just weekly summaries), documents competent person certifications with photo verification, and blocks scaffold access when inspection records are missing.
Case Study 3: Washington State Crane Certification
The situation. A GC from Oregon took on a project in Seattle. Oregon follows federal OSHA crane operator certification rules. Washington State enforces stricter requirements through DOSH.
The gap. Washington requires crane operators to hold a Washington State crane operator license in addition to the NCCCO certification that federal OSHA accepts. The GC's software verified NCCCO cards but did not check for the state license.
The consequence. DOSH inspected the site and found two crane operators without Washington State licenses. Combined fines: $14,000. The project lost four days while the operators obtained their state credentials.
The software fix. Configure state-specific operator certification requirements. For Washington, require both NCCCO and state license verification. The software should block crane operation assignments when either credential is missing.
Case Study 4: Multi-State Heat Illness Prevention
The situation. A GC operating in California, Texas, and Florida needed to track heat illness prevention compliance across all three states. Each state has different requirements.
The gap. California requires a written heat illness prevention plan with specific triggers at 80F and 95F. Texas follows federal OSHA general duty clause without specific temperature triggers. Florida enacted its own heat standard in 2025 with different thresholds than California.
The consequence. The GC used California's plan template across all states. Texas OSHA did not cite them (because their plan exceeded the federal minimum), but Florida cited them for not meeting Florida-specific requirements around rest break frequency and shade structure specifications.
The software fix. Build state-specific heat illness compliance modules with location-based triggers. Integrate weather data feeds to activate compliance requirements automatically when temperatures exceed state-specific thresholds.
Connecting Safety Software to Your AI Platform
An ai-powered compliance platform automates the state-specific rule management that these case studies highlight. Instead of manually configuring rules for each state, the AI monitors regulatory databases and updates your rule sets when states change their requirements.
This is especially valuable for GCs expanding into new states. The platform applies the correct rule set based on project location without requiring manual configuration.
Building a State-Specific Configuration Framework
Follow this process for every new state you enter.
Step 1: Identify the OSHA plan type. Is it a federal OSHA state, a state-plan state, or a hybrid? This determines which standards apply.
Step 2: Research state-specific additions. Check the state labor department website for construction-specific safety requirements beyond federal OSHA. Focus on fall protection, crane operations, excavation, and heat/cold exposure.
Step 3: Review state enforcement history. Look at recent citation data from the state OSHA program. This tells you which violations the state prioritizes in inspections.
Step 4: Configure your software. Build a state-specific rule set that includes both federal and state requirements. Set up alerts for the state's priority enforcement areas.
Step 5: Train your team. Brief project managers and superintendents on state-specific requirements before mobilization. Document the briefing in your compliance software.
FAQs
How many states have their own OSHA-approved safety plans? Twenty-two states and territories operate their own OSHA-approved state plans covering both private and public sector workers. Seven additional states cover public sector workers only. The remaining states operate under federal OSHA. Your software must distinguish between these categories because state-plan states can enforce stricter standards than federal OSHA.
Do I need different software for each state? No. A single platform with state-specific rule sets handles multi-state compliance. The key is that the software supports configurable rules by jurisdiction. When you create a new project, you assign the project's state and the system applies the correct rule set automatically. Avoid platforms that only support a single, uniform set of rules.
How often do state safety requirements change? State OSHA programs update their standards an average of 3-5 times per year. Major changes (new standards or significant revisions) happen once or twice per year. Minor changes (clarifications, penalty adjustments) happen more frequently. Your software should monitor these changes and alert you within 48 hours of publication.
What is the most commonly missed state-specific requirement? Heat illness prevention. Nine states now have specific heat-related safety standards that exceed the federal general duty clause. GCs from states without heat standards frequently miss these requirements when working in states that have them. California, Oregon, Washington, Minnesota, and Colorado all have specific heat protection rules.
Can safety compliance software integrate with my incident reporting system? Yes. Leading platforms integrate with incident reporting tools to connect safety compliance data with actual incident data. This integration reveals correlations between compliance gaps and incidents. For example, it may show that subcontractors with missing training records have 3x the incident rate of fully compliant subs.
How do I handle subcontractors who work in multiple states? Your software should track each subcontractor's compliance status by state. A subcontractor compliant in Texas may not be compliant in California due to different training, insurance, or licensing requirements. The platform evaluates the sub against the requirements of each project's location, not just their home state.
Track Safety Compliance Across Every State
SubcontractorAudit configures state-specific safety rules automatically, monitors regulatory changes in all 50 states, and gives your team a single dashboard for multi-state compliance. Request a demo to see the platform in action.
Founder & CEO
Founder and CEO of SubcontractorAudit. Building AI-powered compliance tools that help general contractors automate insurance tracking, pay application auditing, and lien waiver management.