1
The general contractor (GC) inherits the subcontractor’s compliance gap: OSHA’s Multi-Employer Citation Policy puts the GC on the hook as the Controlling Employer.
2
A GC’s clean training record does not protect the GC when the sub’s training record is incomplete. The audit asks for both, then writes the finding against the GC.
3
Real audit findings repeatedly trace back to subcontractor work: missed orientations, expired certifications, missing OSHA 10-Hour or 30-Hour Construction cards, missing fall protection training, and no documented site-specific safety briefing.
4
Leading GCs run subcontractor onboarding as a 5-step safety system: pre-mobilization documentation, role-based training verification, site-specific briefing, incident-reporting integration, and ongoing audit-trail maintenance.
A general contractor’s (GC) safety director hands the Occupational Safety and Health Administration (OSHA) inspector a clean training record. Every GC employee on the project is current on OSHA 30-Hour Construction (OSHA 30), fall protection, hazard communication, and equipment-specific training. The inspector reviews the records and nods. Then the inspector asks for the subcontractor’s records.
The subcontractor put a roofer on site for 3 days the prior month without current fall protection training under 29 CFR 1926.503. The sub’s safety paperwork was never collected by the GC’s safety team. The roofer is fine. No incident occurred. But the audit finding is now in process. The citation lands on the GC, not the sub, because under OSHA’s Multi-Employer Citation Policy, the GC is the Controlling Employer with general supervisory authority over the worksite.
This is the subcontractor risk no one on the construction site talks about. The GC’s training program can be flawless, the records can be airtight, and the OSHA citation still lands because of a gap in someone else’s paperwork. This article walks through why the GC inherits the subcontractor’s compliance gap, what the real audit findings look like, how leading GCs close the gap, and how 3 connected solutions (KC LMS, KC Docs, and KC Safety) carry the work.
The Subcontractor Compliance Gap General Contractors Inherit
OSHA’s Multi-Employer Citation Policy, issued as Directive CPL 02-00-124 on December 10, 1999, establishes that on a multi-employer worksite (which describes nearly every construction project), more than one employer can be cited for a hazardous condition. The policy defines 4 employer categories (creating, exposing, correcting, and controlling), and the Controlling Employer category, defined by general supervisory authority over the worksite, is the one that hits GCs hardest. On most construction sites, the Controlling Employer is the GC.
OSHA expects the Controlling Employer to exercise reasonable care to detect and prevent violations across the worksite, even when the violation is caused by a subcontractor’s worker and exposes only the subcontractor’s worker. The GC who could have caught the hazard through reasonable diligence (a documentation review, a site walk-through, a verification of the sub’s training records) is the GC OSHA cites.
The penalty structure under OSHA’s current adjustment (set in January 2025 and carried unchanged into 2026) puts Serious violations at up to $16,550 per violation and Willful or Repeated violations at up to $165,514 per violation. A GC that absorbs even one citation tied to a subcontractor’s training gap takes a financial and reputational hit that goes far beyond the immediate fine, with downstream effects on the Experience Modification Rate, the next bid evaluation, and the relationship with the owner.
The legal exposure is structural. The audit-trail exposure is operational. Both flow from the same underlying truth: when the GC mobilizes a subcontractor without verifying the sub’s compliance posture, the GC has accepted the sub’s compliance posture as its own.
Why Your Training Records Alone Will Not Protect You
The audit reality is direct. The OSHA inspector arrives, pulls the GC’s training records, finds them current, and then asks for 3 things the GC’s clean records do not cover.
Gap 1: Subcontractor Training Records the GC Never Received
The sub mobilized on Monday with workers the GC’s safety team had never met. The sub’s safety manager sent over a binder with insurance certificates and a generic safety policy. The training records for individual sub workers (OSHA 10-Hour Construction (OSHA 10) cards, fall protection training under 29 CFR 1926.503, equipment-specific training, hazard communication training under 29 CFR 1910.1200) were never delivered, never reviewed, and never filed.
When the OSHA inspector asks the GC for the training records of the sub worker who fell, the GC has nothing to hand over. The sub may have the records. The sub may not. Either way, the GC’s audit response is delayed, and the inspector now has a documentation finding to write against the Controlling Employer.
Gap 2: Subcontractor Certifications That Expired During the Project
A subcontractor crane operator’s certification under 29 CFR 1926.1427 was approaching its 5-year recertification deadline 6 weeks into a 4-month project. The sub did not flag it. The GC did not check. The operator continued working under the assumption that the original certification was still valid through the duration of the project, when in fact it expired before the project closed out.
The OSHA Top 10 most-cited standards for fiscal year 2025 had Fall Protection at #1 with 5,914 citations (the 15th consecutive year in the top spot) and Hazard Communication at #2 with 2,546 citations. Both training programs, along with crane operator certification and equipment-specific training, carry mid-project refresh or recertification triggers. A sub worker whose certification lapsed mid-project, or whose training requires refresh because a new hazard has been introduced, is a citation waiting to be written.
Gap 3: No Documented Site-Specific Safety Briefing for the Sub Crew
Under 29 CFR 1926.21(b)(2), the employer must instruct each employee in the recognition and avoidance of unsafe conditions and the regulations applicable to that employee’s work environment. The Controlling Employer’s obligation flows from this: every worker on the GC’s site, including every sub worker, should receive a site-specific orientation that covers the site’s hazards, the energy control procedures, the emergency procedures, the personal protective equipment requirements, and the reporting channels.
Many GCs run this briefing verbally at the start of a project, with no written acknowledgment from the sub workers. The OSHA inspector who arrives 8 weeks later finds no documented record that the sub crew received the site-specific orientation. The verbal briefing happened, but the audit-trail record does not exist. The citation finds the gap.
What This Looks Like in Real Audit Findings
The 3 gaps above are not abstractions. They show up in OSHA citation patterns across the construction industry. Here are 4 illustrative scenarios drawn from those patterns.
Scenario 1: Fall Protection Citation Against the GC After a Sub Worker Fall
A subcontractor roofer fell from a 12-foot height. The investigation found the worker was using a personal fall arrest system but had not received fall protection training that covered the specific anchor configuration on the GC’s site, as required under the training elements of 29 CFR 1926.503. The sub had a generic fall protection module on file. The GC had no verification that the training covered the site-specific anchor system. The citation went to the GC as Controlling Employer.
Scenario 2: Electrical Lockout Citation Under Construction Standards
A subcontractor electrician worked on energized equipment on a site running the GC’s site-wide electrical safety program under 29 CFR 1926 Subpart K, including the lockout and tagging requirements at 1926.417. The sub’s company had its own electrical safety program, but the GC’s site-specific energy control procedures had never been formally adopted by the sub, and the sub’s electrician had never been trained on them. When the OSHA inspector asked for the integration between the 2 programs, the GC could not produce it.
Scenario 3: Hazard Communication Citation Under 29 CFR 1910.1200
A subcontractor introduced a new chemical product to the worksite mid-project. The sub had a Safety Data Sheet (SDS) on file. The GC’s site-wide hazard communication binder was not updated. Sub workers and GC workers using the affected area had no access to the SDS during the period the chemical was on site. The citation went to the GC for failure to maintain the site-wide hazard communication program.
Scenario 4: Crane Operator Certification Citation Under 29 CFR 1926.1427
A subcontractor crane operator’s certification had expired 11 days before the lift. The sub’s operations team had not caught the expiration. The GC had requested certifications at the start of the project but had not set up a re-verification check at mid-project. The lift went through without incident, but an OSHA site inspection 2 days later flagged the expired certification, and the GC absorbed the citation.
The pattern across all 4 scenarios is the same. Each gap was preventable through a verification step the GC could have run at onboarding or at a mid-project audit checkpoint. None of the gaps were caught because the GC’s safety program was built around the GC’s own employees and treated the sub’s workers as the sub’s responsibility. The OSHA citation treats them as the GC’s responsibility.
Subcontractor onboarding
One missed safety briefing becomes a citation.
Get subs site-ready on day 1, with training assigned and completed from the field.
How Leading General Contractors Close the Gap
The GCs that consistently close subcontractor audits clean share a discipline: they treat subcontractor onboarding as a safety system, not a paperwork step. The system has 5 operating steps.
Step 1: Pre-Mobilization Documentation Gate
The sub does not mobilize until the GC has received, reviewed, and verified 5 categories of documentation:
- Worker-level training records (OSHA 10 or OSHA 30 cards where the project requires them, fall protection training, hazard communication training, equipment-specific certifications)
- Certifications with current expiration dates (crane operator under 29 CFR 1926.1427, signal person, rigger, competent persons under 29 CFR 1926.32(f) for the specific hazards the sub will encounter)
- Insurance certificates with the GC named as additional insured where required
- The sub’s written safety program, with version date
- A signed acknowledgment that the sub has received and reviewed the GC’s site-specific safety policies
The documentation gate is a procurement-grade checkpoint. The sub provides the records. The GC’s safety team verifies them against the project requirements. The verification record sits in the GC’s files.
Step 2: Role-Based Training Verification
The GC verifies that the sub’s workers have the role-specific training the project requires. A laborer needs OSHA 10 where the project or jurisdiction requires it. A foreman or supervisor needs OSHA 30 on the same basis. A worker at heights needs fall protection training under 29 CFR 1926.503. An electrician working on energized equipment needs training aligned to 29 CFR 1926 Subpart K. A crane operator needs current certification under 29 CFR 1926.1427. The verification is role by role, worker by worker, against the project’s actual hazard inventory.
Step 3: Site-Specific Safety Briefing With Documented Sign-Off
Every sub worker receives a site-specific orientation that covers the site’s hazards, the energy control plan, the emergency procedures, the reporting channels, the personal protective equipment requirements, and any project-specific safety SOPs. Each worker signs off in writing. The sign-off is captured against the worker’s record, with the version of the orientation they received, the date, and the trainer’s identity.
This step alone closes Gap 3 above. A documented, version-controlled, worker-level orientation record is what the OSHA inspector accepts as evidence the Controlling Employer exercised reasonable care under 29 CFR 1926.21(b)(2).
Step 4: Incident-Reporting Integration
The sub’s workers are integrated into the GC’s incident-reporting system from day 1. Every near-miss, every incident, every safety observation involving a sub worker is reported into the same system the GC uses for its own employees. The report ties back to the sub worker’s onboarding record, training history, and signed policies.
The integration matters because OSHA looks for it. An inspector who finds a sub worker incident with no internal GC report, no near-miss documentation, and no follow-up action sees a Controlling Employer that did not exercise reasonable care. An inspector who finds a complete report tied to the sub worker’s full onboarding file sees the opposite.
Step 5: Ongoing Audit-Trail Maintenance
The GC runs a quarterly subcontractor audit. The audit checks 5 things:
- Are the sub’s certifications still current, or has anything expired mid-project?
- Has the sub added new workers without putting them through the onboarding gate?
- Are incident reports being closed out with corrective actions?
- Are the SOPs the sub signed at intake still the current version, or has the GC updated the policy since?
- Has the sub’s scope of work changed in a way that requires additional training (a new hazard introduced, a new piece of equipment, a new task)?
The quarterly audit is the discipline that catches the certification approaching its recertification deadline in week 6 (Gap 2 above). It is the discipline that catches the new sub worker who showed up in month 3 and never went through orientation. It is the discipline that protects the GC at the next OSHA inspection.
Subcontractor Onboarding Is a Safety System, Not Paperwork
Most GCs treat subcontractor onboarding as a paperwork step at the start of a project. The sub sends over a binder, the GC’s safety coordinator scans it, the binder goes in a filing cabinet, and the project mobilizes.
The leading GCs treat onboarding as the foundation of their site safety program. The difference is whether the records the GC collects at onboarding actually feed the systems that operate during the project: training assignment, policy attestation, site-specific briefing, incident reporting, and quarterly audits. A paperwork-onboarding GC has a binder. A safety-system GC has 3 connected solutions running on the same worker record.
The reframe is simple. Subcontractor onboarding is not a one-time procurement task. It is the moment the GC absorbs the sub’s safety profile into the GC’s audit trail. Done well, the audit trail protects the GC. Done as paperwork, the audit trail is the citation.
How KC LMS, KC Docs, and KC Safety Support Subcontractor Compliance
The 5-step framework above requires 3 connected systems. KC LMS, KC Docs, and KC Safety carry the work on one shared data model, which is the architecture an audit-ready GC needs.
KC LMS
KC LMS holds the subcontractor’s training and certification records alongside the GC’s own employee records: subs and temporary workers onboard through role-based learning paths that get them site-ready on day 1, with a complete completion record for every individual regardless of how long they are on the project. The Compliance and Assignment Engine handles rule-based, recurring assignments with an audit-ready trail. Automated certification and recertification with expiry-driven reassignment catches the mid-project lapses that turn into Gap 2 citations. Native iOS and Android mobile apps with offline content let sub workers complete site-specific training on the device they already use in the field, with completion records tied back to the central system.
KC Docs
KC Docs holds the GC’s subcontractor safety policies, site-specific orientation documents, and energy control plans as versioned, immutable documents. Subs sign off at onboarding, the attestation is captured against the worker record, and the GC has the timestamped evidence the audit asks for. When the GC updates the site safety plan mid-project, the new version automatically re-triggers sign-off, and the timestamped attestation trail stands up to an audit or a citation review. This closes Gap 3 above: every sub worker has a documented, version-controlled site-specific safety briefing on file.
KC Safety
KC Safety holds the near-miss and incident reports from sub workers on the same data model as the training and policy records. When an incident happens, the report ties back to the sub worker’s training history and the policies they signed, with investigations and corrective actions tracked to closure. Step 4 of the 5-step framework runs through this solution. Step 5 (the quarterly audit) pulls all 3 records as one defensible package.
The 3 solutions run on one shared data model, so the sub worker’s training record, signed policies, and incident history live in one place. The GC’s quarterly audit is one report, not 3 reconciliations.
What the GC Safety Director Can Do This Quarter
A GC safety director who reads this guide can take 4 actions in the next 90 days without waiting for a new procurement cycle.
- First, run the subcontractor audit on current active projects. Pull every active sub’s training records, certifications, and signed policies. Compare them against what the project actually requires under the project safety plan. The gaps are the priority list for the next 30 days.
- Second, build the pre-mobilization documentation gate. Decide which records have to be in hand before any new sub mobilizes. Communicate it to every active sub and to every sub the company is evaluating for the next project. Make it a procurement-side requirement, not an after-the-fact safety request.
- Third, integrate sub workers into the incident reporting system. Stop running 2 separate near-miss systems (one for GC employees, one for subs). One worker record, one report, one audit trail.
- Fourth, calendar the quarterly subcontractor audit. Assign it to a named safety team member. Make sure they have access to the training records, the policy attestations, and the incident reports. The first audit will surface the most gaps. The third audit will run clean.
Jobsite compliance
Keep the documentation that survives an OSHA inspection.
Every worker on your site, on one record, whether they are yours or the sub’s.
Frequently Asked Questions
-
Who is liable when a subcontractor’s worker is injured because of a training gap?
Under OSHA’s Multi-Employer Citation Policy (CPL 02-00-124, issued December 10, 1999), the Controlling Employer (typically the general contractor) can be cited for a hazard on the worksite, even when the hazard was created by a subcontractor and exposed only a subcontractor’s worker. The Controlling Employer’s obligation is to exercise reasonable care to detect and prevent violations across the worksite. A documented audit trail showing that the GC reviewed the sub’s training records, ran a pre-mobilization documentation gate, delivered a site-specific orientation, and ran ongoing audits is the GC’s defense.
-
What documents should a general contractor collect from a subcontractor before mobilization?
Worker-level training records (OSHA 10-Hour or 30-Hour Construction cards where the project requires them, fall protection training under 29 CFR 1926.503, hazard communication training under 29 CFR 1910.1200, equipment-specific certifications), current certifications for any specialized roles (crane operator under 29 CFR 1926.1427, signal person, rigger, competent persons under 29 CFR 1926.32(f) for the specific hazards on the project), insurance certificates with the GC named as additional insured where required, the sub’s written safety program with version date, and a signed acknowledgment that the sub has received and reviewed the GC’s site-specific safety policies.
-
How often should a general contractor re-audit subcontractor training records during a project?
Quarterly at minimum. A quarterly audit catches certifications that expire mid-project, new sub workers added without onboarding, incident reports that need closeout, policy updates that need re-attestation, and scope-of-work changes that introduce new hazards requiring additional training. For higher-hazard projects (work at heights, energized work, hazardous material handling, crane lifts), some leading GCs run a monthly audit on top of the quarterly review.
-
Can a workforce platform hold subcontractor records alongside general contractor employee records?
Yes. Subs and temporary workers onboard with role-based learning paths, receive only the site-specific training they need, and carry a complete completion record for every individual regardless of how long they are on the project. KC LMS holds the training and certification records, KC Docs holds policies and attestations, and KC Safety holds near-misses and incidents, all on one shared data model with one source of truth for subcontractor credentials and certifications. The integration is what gives the GC’s quarterly audit one defensible package instead of 3 separate reconciliations.
References
- U.S. Department of Labor, Occupational Safety and Health Administration. Multi-Employer Citation Policy, OSHA Directive CPL 02-00-124, issued December 10, 1999.
- Occupational Safety and Health Administration. 29 CFR 1926.21, Safety training and education.
- Occupational Safety and Health Administration. 29 CFR 1926.32, Definitions, including §1926.32(f) competent person.
- Occupational Safety and Health Administration. 29 CFR 1926.503, Training requirements for fall protection.
- Occupational Safety and Health Administration. 29 CFR 1910.1200, Hazard Communication.
- Occupational Safety and Health Administration. 29 CFR 1926 Subpart K, Electrical, including §1926.417, Lockout and tagging of circuits.
- Occupational Safety and Health Administration. 29 CFR 1926.1427, Operator qualification and certification for cranes, with the 5-year recertification cycle.
- Occupational Safety and Health Administration. Top 10 Most Frequently Cited Standards, FY2025.
- Occupational Safety and Health Administration. OSHA Penalties.



