C02 · 2025
AI Safety Log
- Client
- Tier-1 infrastructure operator
- Sector
- Infrastructure / Rail
- Duration
- 14 weeks
- Outcome
- –47% manual hazard-review effort
- Tech Stack
- Next.js · Postgres · OpenAI · ISO 31000
The brief.
The problem
The client's hazard log was maintained across a tangle of Excel workbooks shared by email and stored on network drives. Safety engineers at three separate rail sites each maintained their own version, with no systematic process for consolidation or cross-reference. Hazard reviews were running months behind schedule: a single review cycle required a safety engineer to manually aggregate entries from three sources, apply the risk matrix by hand, draft a status report, and circulate it for sign-off. The volume of work had grown beyond what the team could absorb, and reviews were slipping.
The constraint
The replacement system had to slot into the client's existing change-control process without disrupting ongoing programme delivery. Every hazard entry and every change to that entry needed a complete audit trail — who made the change, when, with what justification — to satisfy both internal governance and the client's regulator. The safety team was not willing to accept a migration that created a gap in the audit trail, and the IT group had a strict six-week freeze on infrastructure changes during the programme's commissioning phase.
How we built it.
We opened with a two-day stakeholder immersion across two of the three sites, sitting alongside safety engineers during a live hazard review cycle. The goal was not to document requirements in the abstract but to understand the actual rhythm of the work: which fields were looked at first, where disagreements between sites typically arose, and what information a safety engineer needed at hand to make a risk-rating decision without escalating. Those observations shaped every architectural decision that followed.
The platform was built on Next.js with a PostgreSQL backend on Google Cloud Platform. Row-level security ensured each site could only see its own hazard entries by default, while the central safety team retained cross-site read access. Every write operation — new hazard, status change, evidence upload, risk re-rating — was recorded in an immutable audit log table with a server-side timestamp and the authenticated user's identity. An OpenAI integration provided a drafting assist for hazard descriptions, reducing the time engineers spent writing prose from scratch while keeping humans as the sole authors of record.
Migration was staged to respect the IT freeze. In the first phase, the new system ran in parallel with the existing spreadsheets, with safety engineers entering new hazards into both. A migration script imported historical entries in bulk after the freeze lifted, preserving original creation dates so the audit trail remained continuous. The parallel running period also gave the team confidence that the system behaved as expected before they committed to cutting over fully.
“We went from dreading the monthly review cycle to actually being on top of it. Having everything in one place with the audit trail built in — that changed how we operate.”
The final phase expanded the deployment to the third site and introduced the automated review scheduling feature: the system calculates each hazard's next mandatory review date based on its risk rating, surfaces overdue items on the team dashboard, and sends notification emails to the responsible engineer fourteen days ahead of the deadline. In the three months following go-live, zero SLAs were missed across all three sites.
What moved.
What we shipped.
