Principal Hazards Critical Controls Mining Safety Regulation

Principal Hazard Management Plans: What Australian Mining Requires

RiskSight Team

Principal hazard management plans are a regulatory obligation across Australian mining jurisdictions. Most operations have them. Fewer treat them as active operational systems rather than documents filed in a safety management system.

The distinction matters. A PHMP that is reviewed annually and maintained in a document control system is a compliance artefact. A PHMP that is connected to daily verification activities, incident investigations, and control monitoring is a functioning risk control. Regulators increasingly expect to see the latter. Audits that examine only the document find deficiencies in the operational system that the document cannot reveal.

This article covers what PHMPs are required to contain, which hazards they must address, and how critical control management keeps the PHMP functioning between formal reviews.

What Principal Hazard Management Plans Are Required to Address

A principal hazard management plan is a documented system for managing a specific class of hazard — one capable of causing multiple fatalities or a catastrophic outcome. It is not a general risk assessment. It is a dedicated management framework for the hazards that, if uncontrolled, could kill multiple people or destroy an operation.

The legislative basis varies by jurisdiction:

  • Queensland: The Mining and Quarrying Safety and Health Act 1999 and its regulations require PHMPs for each principal hazard present at a mine. The Act defines principal hazards and specifies the minimum content requirements.
  • New South Wales: The Work Health and Safety (Mines and Petroleum Sites) Act 2013 and associated regulations require hazard management plans for defined serious hazards.
  • Western Australia: The Mines Safety and Inspection Act 1994 requires site safety management plans that address principal hazards to an equivalent standard.

In each jurisdiction, the obligation rests on the principal employer or mine operator. Regulatory inspectors may request to see the PHMP and its associated verification records during a site audit. A current document with no evidence of operational implementation is a non-compliance finding.

What Australian Regulations Classify as a Principal Hazard

Principal hazards are defined by regulation, not by internal risk assessment. A hazard qualifies as principal because of its consequence potential, not its likelihood. The specific categories vary slightly by jurisdiction, but the following hazards are classified as principal across Australian mining:

  • Inrush — inundation of a mine by water, mud, or fill material
  • Inundation — flooding of open-cut pits or underground workings
  • Ground or strata instability — collapse, slope failure, pillar failure, surface subsidence
  • Fire — underground fire, surface fire involving explosives or fuel
  • Explosion — from explosives, dust, gas, or flammable liquids
  • Uncontrolled release of energy — electrical, mechanical, hydraulic, pneumatic
  • Radiation — from radioactive ores or processing materials
  • Hazardous materials — exposure to toxic gases, dust, or chemical substances
  • High-consequence vehicle accidents — collisions involving heavy mobile equipment

Operations with multiple hazards from this list require a separate PHMP for each. A large surface coal mine may have PHMPs for dust explosion, spontaneous combustion, inrush, ground stability, and high-consequence vehicle accidents simultaneously.

Not every risk on a site qualifies as a principal hazard. The classification threshold is consequence severity — the potential to cause multiple fatalities or catastrophic harm. Standard operational risks belong in the ISO 31000 risk register. Principal hazards require their own management framework.

What a PHMP Must Contain Under State Mining Legislation

Regulatory requirements vary in their specificity, but PHMPs in Australian mining jurisdictions are generally required to address the following elements:

Hazard identification: A clear statement of the hazard and the mechanism by which it could cause harm. This includes the scenarios (threats) that could give rise to the hazard and the consequences if the hazard is realised.

Risk assessment: A documented assessment of the likelihood and consequence of each scenario, including the controls currently in place. Many operations use bowtie analysis as the primary risk assessment method for PHMPs, as it explicitly maps threats, consequences, and barriers in one view.

Control measures: The specific controls that manage the hazard, including the critical controls — those whose failure would create a direct path to the catastrophic outcome. Each control should have a defined performance standard: what it must achieve, in what conditions, and how its performance is measured.

Monitoring and review: A system for verifying that controls are in place and functioning, and for reviewing the PHMP when circumstances change. This is where most PHMPs are weakest. A review cycle of 12 months is common. For a principal hazard, 12 months is too long to go without confirmation that critical controls are functioning.

Responsible persons: Named individuals with authority and accountability for each element of the PHMP. Not teams, not departments — named individuals.

Change management: A process for updating the PHMP when the hazard, the operation, or the control system changes. New equipment, modified processes, and organisational changes can all affect the PHMP without triggering a scheduled review.

What Critical Control Management Contributes to the PHMP

Critical control management (CCM) is the operational system that keeps a PHMP functioning between formal reviews. Without CCM, the PHMP describes controls that may or may not be in place at any given time.

CCM connects to the PHMP in four ways:

Verification schedules: Each critical control identified in the PHMP requires a verification schedule — who checks it, how often, and what evidence is required. These schedules operationalise the PHMP’s monitoring requirements. They are not additional work. They are what the monitoring requirement means in practice.

Control health monitoring: Verification data, aggregated across a site or portfolio, shows whether critical controls are meeting their performance standards over time. A control that is verified consistently and passing is healthy. A control that is frequently overdue or repeatedly failing is degrading. That signal should reach site management before it reaches an incident report.

Alert and escalation: When a critical control fails a verification check or goes overdue, the PHMP’s monitoring system must respond. This means an alert to the responsible person and an escalation path if the issue is not resolved within a defined period. A critical control whose degradation is not detected until an audit is a PHMP that is not functioning operationally.

Incident investigation linkage: When an incident occurs on a principal hazard, the investigation must map back to the PHMP. Which controls were in place. Which failed. Which were absent. That mapping — from the ICAM investigation back to the bowtie and the PHMP control register — is what allows the PHMP to be updated with accurate findings rather than assumptions.

What Goes Wrong When PHMPs Are Treated as Documents

The most common PHMP failure mode is treating the plan as a document management obligation rather than an operational system.

The signs of this failure:

  • Critical controls are listed in the PHMP but not assigned to verification owners in the field
  • Verification records, where they exist, are paper forms filed separately from the PHMP
  • The PHMP is reviewed annually but not updated when equipment or processes change during the year
  • Principal hazard incidents are investigated using the site’s standard incident procedure, with no connection back to the PHMP’s control register
  • Site management cannot produce current evidence of control effectiveness for a specific critical control when asked

A regulator conducting an audit does not only read the PHMP. They ask supervisors and workers what the critical controls are for a given hazard. They ask how verifications are conducted and recorded. They look at the most recent verification records and the most recent incident involving that hazard. When those elements are disconnected — when the PHMP says one thing and the field reality shows another — the operation has a non-compliance finding regardless of how current the document is.

What the Verification Cycle Requires to Satisfy Regulators

Regulatory verification of a PHMP goes beyond checking that the document is current. Inspectors expect evidence that the controls described in the PHMP are being maintained in practice.

That evidence includes:

  • Field verification records: Timestamped records of who verified each critical control, what was checked, and what the result was. Photo evidence, mobile sign-off, and GPS location strengthen the record.
  • Control health trends: Data showing whether critical control verification rates are stable, improving, or declining over time. A single point-in-time verification is insufficient. Trends show whether the system is working.
  • Corrective actions from verification failures: When a critical control fails a verification check, a corrective action must be generated, assigned, and tracked to closure. The corrective action record links the failure to its remedy.
  • PHMP revision history: Evidence that the PHMP has been updated when the operation, the equipment, or the control system changed — not only at the annual review.
  • Multi-site consistency (where applicable): For operations with multiple sites sharing the same principal hazards, portfolio-level reporting shows whether critical controls are consistently managed across all locations.

This evidence cannot be produced on demand from a document management system. It requires a connected system in which verification records, control health data, investigation findings, and corrective actions are held together.


For a breakdown of how RiskSight manages critical risks and principal hazards — bowtie-linked registers, field verification, control degradation alerts, and multi-site portfolio reporting — see Critical Risk Software for Mining & Heavy Industry.

Start a 30-day free trial with demo data included. No credit card required.

Ready to modernise your risk management?

Start your 30-day free trial. No credit card required.

Start free trial