What PSOE auditors will actually look for in your 2026 SMS audit.
Under the new National Audit Standard, your Safety Management System has to do more than exist. It has to be Present, Suitable, Operating, and Effective — and you have to be able to prove it. Here’s what each element really means, what kind of evidence satisfies it, and what auditors will see when they walk through your operation.
- ISO 9001
- ISO 27001
- TCA Level 2 TMA
- NHVR-Approved EWD
The PSOE standard, in operator language.
PSOE is the audit standard that governs Safety Management System audits under the 2026 HVNL reform. It’s deliberately structured to move beyond tick-box compliance. Auditors aren’t asked to verify that documentation exists — they’re asked to verify that the system the documentation describes is genuinely working in your operation.
The four elements are sequential: a system must first be Present (documented and accessible). It must then be Suitable (fits your specific operational risk profile). It must be Operating (followed in day-to-day work, with operational evidence). And it must be Effective (producing measurable safety outcomes over time). A system can fail at any element and fail the audit — passing all four is the legal standard.
Present
Is the SMS documented? Are policies, procedures, risk assessments, and operational standards available? Are they current? Can a driver, supervisor, or scheduler access the parts relevant to their role?
Documentation. Versioned, dated, accessible. Procedures for fatigue management, fitness to drive, mass management, vehicle inspection, incident response, training, Chain of Responsibility. Risk register. Scope statement.
Present is the easiest element to satisfy and the only one paper systems can comfortably meet. Most operators clear it.
A single source of truth for documentation, with version control, audit trails of who accessed what when, and role-based delivery so drivers see driver content and managers see manager content. Documentation isn’t separate from operations — it’s the same system.
Suitable
Does your SMS reflect your operation? Are the risks identified the actual risks your fleet faces? Are the controls proportionate? Does the system make sense for the kind of vehicles, routes, loads, and drivers you actually run?
Risk assessments specific to your fleet (concrete agitator dynamics if you run mixers; multi-stop routes if you run waste; driver pairs and remote operations if you run long-haul). Procedures that name your actual operations. Training that’s specific to your fleet’s vehicle types and roles.
Suitable is where generic SMS templates fall over. An SMS that could apply to anyone applies to no one. Auditors detect this immediately.
Industry-specific configurations. Risk profiles built from real operational data — actual harsh-braking events on actual routes, actual mass profiles, actual driver behaviour patterns. Your SMS isn’t built from a template; it’s built from your fleet’s data.
Operating
Is the SMS being followed? Not on paper — in trucks, in yards, in shifts, on the road. When a driver does a pre-start, is it recorded? When a fatigue limit is approaching, is it flagged? When a load exceeds mass, is it caught? When an incident happens, is it documented?
Operational data. EWD logs. Pre-start records with photos and timestamps. Mass readings. Fatigue alerts and the resulting decisions. Driver behaviour records. Incident reports. Communication trails between drivers, schedulers, and supervisors.
Operating is where paper-based and fragmented systems fail. Auditors don’t accept “we have a policy that says drivers do pre-starts” — they ask to see this morning’s pre-starts. They don’t accept “we monitor fatigue” — they ask to see how the last fatigue alert was resolved.
Live operational evidence as a by-product of normal operations. Every login, alert, check, and decision is captured automatically. When an auditor asks “show me last Tuesday’s morning pre-starts for this depot,” it’s three clicks. Not three weeks.
Effective
Is the SMS actually producing safer outcomes? Are incidents trending down? Are interventions being made? Is the system improving year over year? Are lessons from one incident being applied to prevent the next?
Trend data. Incident analytics. Intervention tracking. Year-on-year comparisons of harsh-event rates, fatigue events, fitness reports, mass exceedances. Documented changes to procedures based on incident learnings. Driver scorecard improvements.
Effective is the hardest element to satisfy without integrated data. Operators who can produce documents but can’t produce trends fail at this element — and the regulator’s stated focus is squarely on this proof.
Trend analytics. Per-driver, per-vehicle, per-depot, per-route. Incident-to-intervention tracking. Year-on-year safety performance reporting. The kind of reporting an internal safety team would build over years — already built, already running.
The audit walk-through: what auditors actually do on-site.
A National Audit Standard audit is structured. Auditors arrive with a sample plan: specific dates, specific drivers, specific vehicles, specific events. They’ll ask for evidence for those specific samples — not for the SMS in general, but for what that driver did on that day in that truck. They’ll cross-reference their samples against your records, your operational data, and (where relevant) interviews with the people involved.
The audit then expands from samples to systems: if a sample shows a missing pre-start, the auditor asks how often that happens, how it’s detected, what the corrective action looks like. The audit’s job is to find the gap between policy and practice.
Operators who pass cleanly tend to share three traits: their evidence comes from one system rather than five; their evidence is generated automatically rather than collated reactively; and their evidence shows trends, not just events.
How Netcorp produces PSOE evidence.
A specific, claim-by-claim mapping.
“Where's your fatigue management procedure?”
Documented SMS module, version-controlled, accessible to all roles
“Where's your driver Fit to Drive policy?”
Documented, with reporting mechanisms for fatigue, illness, medication, mental health
“How do you assess risk for your concrete fleet?”
Industry-specific risk profiles built from real OBM, GPS, and driver-behaviour data
“Why is your fatigue policy structured this way?”
Driver schedules, fatigue alert thresholds, and rest-break logic built from your fleet's actual operational patterns
“Show me last Tuesday's pre-starts for this depot.”
Digital pre-start records, photographed, timestamped, geo-located, retained
“How was the last fatigue alert resolved?”
EWD log + driver app communication + scheduler decision + outcome — all linked
“What did the driver do when the OBM showed an exceedance?”
OBM alert + driver acknowledgement + load adjustment record
“What's your harsh-braking trend this year vs last?”
Driver scorecard reporting, depot-level and fleet-level trends
“What changed after your last incident?”
Incident report + identified cause + procedure change + verification record
“How is your fitness duty tracking?”
Self-reports captured, scheduler responses recorded, outcomes traced
This isn’t theoretical. Australian heavy vehicle operators have been generating exactly this kind of evidence on Netcorp for over a decade.
The cost of not having this in place.
Failing a PSOE audit doesn’t just mean losing accreditation. Under the new framework, audit findings are admissible as court evidence. An incident-related court proceeding can pull in your last audit’s findings as evidence of the systems that were in place — or not in place — at the time. A clean PSOE audit becomes a meaningful legal asset. A failed one becomes a meaningful liability.
How to start.
Two paths. Both useful.
Book a 30-minute SMS Audit Readiness Demo
A real conversation with a Netcorp specialist. Bring your current SMS posture, your NHVAS expiry date, and any audit concerns you have. We’ll walk through how an integrated platform would produce PSOE evidence for your operation.
Book Your DemoTake the 3-Minute Audit Readiness Check
Answer 12 questions about your current evidence systems. Get a personalised PSOE readiness score and a one-page report you can take to your safety committee.
Start the Audit Readiness CheckEight questions, straight answers.
Present, Suitable, Operating, Effective — the four elements of the new SMS audit standard under the 2026 HVNL reform.
Formal NAS audits apply to accredited operators. But the same evidence standard increasingly applies in CoR-related court proceedings, so non-accredited operators with safety obligations are practically held to a similar standard.
A PSOE audit fails on any one element. Documentation alone isn’t sufficient.
Theoretically yes for very small, simple operations. In practice, the operational evidence required for Operating and Effective is extremely difficult to produce reliably from paper.
A typical NAS audit ranges from one to several days on-site, plus pre-audit document review and post-audit report production.
Generate operational, suitable, and effective evidence automatically as a by-product of normal operations. The system isn’t separate from your work — it’s the medium your work runs in.
No. The check is free and produces a useful report regardless of whether you ever speak to Netcorp.
Map your current SMS against the NAS structure, identify gaps in Operating and Effective evidence, address them, and run a mock audit before the real one. We can help.
Get audit-ready before 1 July 2026.
The reform doesn’t wait. Your fleet doesn’t have to either.
Book a 30-minute SMS Audit Readiness Demo
A real conversation with a Netcorp specialist about how your current evidence systems map to PSOE, where the gaps are, and what a fully integrated SMS would look like for your fleet. No slide deck. No hard sell.
Book Your Demo