Knogin
[Developers]

COSHH Hazardous Substances Register

Every service that handles hazardous chemicals needs one auditable register of what is on-site, who assessed it, when the next review falls due, and what controls protect the people nearby. The COSHH Hazardous Substances

Back to All Modules
Category: ModulesLast Updated: May 26, 2026
modulescompliance

Overview#

Every service that handles hazardous chemicals needs one auditable register of what is on-site, who assessed it, when the next review falls due, and what controls protect the people nearby. The COSHH Hazardous Substances Register replaces fragile spreadsheets with a queryable, role-controlled record aligned to Control of Substances Hazardous to Health compliance requirements.

Each entry captures the substance, its hazard classification, its physical location, and a direct link to the relevant Safety Data Sheet. A review-date lifecycle engine watches every record and flags assessments that are approaching their review date or have lapsed, so health and safety managers see overdue and expiring items long before they become a compliance failure.

Because every record is scoped to a single tenant and organisation and every action is written to a structured audit log, the register also answers the questions an inspector asks: who created or changed an assessment, and when.

Key Features#

  • GHS-Aligned Hazard Classification: Each substance is filed against a hazard category drawn from the Globally Harmonised System, covering corrosive, toxic, flammable, oxidising, explosive, harmful, irritant, carcinogenic, and environmental classes, with an explicit risk level of low, medium, or high.

  • CAS-Numbered Substance Records: Every entry carries its Chemical Abstracts Service registry number as a canonical identifier, so the same chemical is recognised consistently across sites, suppliers, and Safety Data Sheets.

  • Automatic Review Lifecycle: A built-in engine derives assessment status from the next review date, moving a record from current to due-for-review within thirty days of its review date and to expired once that date passes, with no manual housekeeping.

  • Linked Safety Data Sheets: Each record holds the Safety Data Sheet web address and an availability flag, so responders can reach the controlling document for a substance in a single step.

  • Structured Control Measures: Protective controls are stored as a structured list rather than free text, keeping recorded mitigations consistent and machine-readable for reporting.

  • Filterable Register: The register can be filtered by assessment status, risk level, and hazard category, so a manager can isolate every high-risk or overdue substance across a site in one view.

  • Tenant and Organisation Scoping: Every read and write is bound to the requesting user's tenant and organisation, so registers from different services never bleed into one another.

  • Full Audit Trail: Create, read, update, and delete actions each emit a structured audit entry recording the user, the organisation, the affected record, and a timestamp.

Use Cases#

Laboratories and Research Facilities#

Lab safety officers maintain a single register of reagents and solvents on the bench, each linked to its Safety Data Sheet and flagged the moment its assessment is due for renewal.

Fire and Rescue Services#

Station managers track foams, fuels, and decontamination chemicals held across appliance bays and stores, filtering instantly for any high-risk or expired assessment ahead of an audit.

Ambulance and Vehicle Workshops#

Workshop supervisors keep oils, solvents, and cleaning agents under a controlled register, with overdue reviews surfaced automatically rather than discovered during an inspection.

Industrial and Manufacturing Sites#

Health and safety teams hold a site-wide register spanning multiple stores and process areas, using location and hazard-category filters to plan controls and prioritise reviews.

Integration#

The register is exposed through a GraphQL surface that customer systems can call directly. Read operations list substances filtered by status, risk level, and hazard category, or fetch a single record by identifier. Write operations create a substance, revise an assessment, and remove a record, with deletion restricted to administrators.

  • Named Operations: The read fields listHsCoshhSubstances and getHsCoshhSubstance, plus the write operations createHsCoshhSubstance, updateHsCoshhAssessment, and deleteHsCoshhSubstance, give partner tools one consistent contract for register data.

  • Authentication and Authorisation: Access uses OAuth2 bearer flows with JWT-based identity, so existing single sign-on and role assignments govern who can read, edit, or delete entries.

  • Normalised Substance Model: Records share one consistent schema across every connected service, so a register exported from one site reads the same as any other.

  • Structured Audit Stream: Audit entries can be forwarded to a customer SIEM or compliance store, giving an external system of record for every change to the register.

Customers plug in their own identity provider and reporting tools and gain a register that speaks one shared data shape, with role control and audit handled for them.

Open Standards#

  • CAS Registry Numbers (Chemical Abstracts Service): used as the canonical substance identifier on every register record.
  • UN GHS Hazard Categories (Globally Harmonised System of Classification and Labelling of Chemicals): the hazard-category classification maps directly to GHS physical and health hazard classes.
  • ISO 11014 / GHS Safety Data Sheet Format: the Safety Data Sheet link and availability flag reference documents structured to this standard.
  • ISO 8601: assessment, review, creation, and update timestamps use this standard date-time format.
  • RFC 8259 JSON: control measures are stored and exchanged as JSON, held as JSONB in PostgreSQL.
  • GraphQL: the register is published through a typed GraphQL contract for predictable read and write access.
  • OAuth2 and JWT: bearer-token authentication and JWT identity govern every call.

Security & Compliance#

  • Strict Tenant Isolation: Every operation resolves and validates the caller's organisation and tenant before any record is touched, and access to a tenant outside the caller's permitted set is refused.
  • Role-Based Deletion: Removing a substance from the register is restricted to administrators, while authenticated users can read and maintain entries.
  • Complete Audit Coverage: Create, read, update, and delete actions each produce a structured audit entry, supporting the evidential trail expected under COSHH and wider health and safety obligations.
  • Proactive Compliance Signalling: The review lifecycle surfaces due and expired assessments automatically, helping services act before a lapsed review becomes a finding.

Last Reviewed: 2026-05-26 / Last Updated: 2026-05-26

Ready to Build?

Get started with our APIs or contact our integration team for support.