SiFa Software for DGUV Documentation: What Your Workspace Must Deliver

DGUV Regulation 2 obligates companies to document the deployment hours of occupational safety specialists (SiFa), record inspection findings, and provide evidence of an annual work plan. Section 5 ASiG and Section 6 of the Occupational Health and Safety Act (ArbSchG) supplement this obligation: the employer is responsible for ensuring that the SiFa can properly fulfil its tasks — and that this can be substantiated.

In operational practice, the shortcoming is often not the specialist themselves, but rather the absence of a structured filing system that can withstand an audit. This article describes the specific documentation requirements imposed by DGUV V2, what SiFa software must achieve to meet them, and how the CIVAC workspace consolidates both levels of requirement — legal and operational — into a single audit trail.

DGUV Regulation 2 sets minimum SiFa deployment hours for companies with more than ten employees. These hours vary according to the type of operation and risk level but must in every case be evidenced. Companies under the standard care model maintain separate documentation for basic care and event-driven care.

Specifically, practice demands: an inspection log with date, area, identified deficiencies, and remedial measures; an annual work plan that fixes the priorities of SiFa activity in advance; evidence of training conducted and participation in workplace inspections; and assessments of risk appraisals pursuant to Section 5 of the Occupational Health and Safety Act (ArbSchG).

All these documents may be requested by the professional association or the occupational safety authority in the event of an inspection. If they are absent, supervisory action follows — and the employer is liable under Section 130 OWiG for the organisational failure. A documentation system that does not structurally cover these categories is unsuitable for DGUV-compliant SiFa work. Further information on the role of the occupational safety specialist and their legal obligations can be found on the CIVAC role page.

Section 6 of the Occupational Health and Safety Act (ArbSchG) stipulates that risk assessments must be documented in writing. The SiFa supports the employer in preparing these assessments but bears no responsibility for their completeness — that responsibility remains with the employer. The software must therefore serve both parties: the SiFa as a working tool and the employer as an instrument of proof.

A DGUV-compatible documentation solution maps risk assessments as structured projects: scope definition, recording of hazards, risk evaluation, specification of protective measures, effectiveness review. Each step is time-stamped and versioned. Changes to the assessment are fully traceable.

It is equally important to link assessments to training records: who was trained on which hazard, when, and with what outcome must be retrievable within the same documentation structure. Systems that manage risk assessments and training certificates separately force manual consolidation at audit time — and with it, sources of error.

A network drive with PDF folders is not SiFa software. An audit-proof solution must cover three functional levels: task management, report generation, and audit-proof storage.

Task management means that recurring activities — such as quarterly inspections, annual risk assessment reviews, or training cycles — are set up as recurring cadences in the system. The SiFa receives reminders; completed tasks are automatically logged. Report generation means that inspection logs and action lists are created from predefined templates rather than blank Word documents. This reduces omissions and standardises the appearance of reports.

Audit-proof storage means that documents are saved with a timestamp, editor ID, and version number. Subsequent modification without a log entry is technically impossible. Only this combination produces the audit trail that the professional association expects in the event of an inspection. The auditor calls — the evidence is ready.

The CIVAC workspace organises SiFa work across six interconnected modules. Tasks maps day-to-day work: template-driven individual and recurring tasks, email intake, and automatic task-type recognition. Every completed task is recorded in the audit log with a timestamp.

Training manages mandatory instruction requirements under DGUV standards: module, test, certificate, and participant list. The completion-tracking function shows at a glance which employee groups still have outstanding items. Projects maps risk assessments and site inspections as a five-stage workflow: scope, uploads, queries, risks, and report. Documentation consolidates all completed activities monthly into an exportable compliance record. Questions provides an AI assistant with a confidence score that cites normative requirements from DGUV regulations. Templates contains 37 ready-to-use audit and assessment templates that can be adapted to the individual operation.

The most frequent finding in professional association audits is not the absence of a SiFa, but the absence of evidence for the deployment hours worked. DGUV V2 distinguishes between basic care (a fixed number of hours per employee count) and event-driven care (for specific occasions such as new work procedures, accidents, or restructurings).

Both time categories must be reported separately. A timesheet in Excel does not meet this requirement because it establishes no link to specific activities and is not audit-proof. Appropriate software records deployment times in context: which task was carried out, which area was affected, what result was achieved?

In the CIVAC workspace, every SiFa activity is automatically captured with a timestamp and activity category. The monthly documentation export presents basic care hours and event-driven hours separately. This document can be exported at the touch of a button and corresponds to the format that professional associations expect in the event of an inspection.

DGUV Regulation 2 regulates not only the SiFa but also occupational health care provided by the company doctor. Both roles work closely together in operational practice: joint inspections, coordinated risk assessments, and aligned training programmes.

SiFa software that does not reflect this interdependency forces double documentation. In the CIVAC workspace, the SiFa and company doctor can use the same workspace — with separate roles but a shared audit log. Inspection reports that require both signatures are created as joint projects. The documentation export correctly attributes both parties' contributions.

For companies that employ neither an internal SiFa nor an internal company doctor, CIVAC offers both roles via Officer-as-a-Service: contract, person, and appointment document within two working days — instead of the typical two to six weeks. Licence the workspace for your internal officers, or have our officers appointed.

In practice, SiFa documentation does not stand in isolation. It is linked to payroll accounting (employee counts for deployment-time calculations), training management (training records), equipment monitoring (inspection intervals under BetrSichV), and quality management (corrective actions from inspections).

SiFa software should therefore offer at minimum a structured CSV or PDF export function, and ideally an API interface for common HR and QM systems. Proprietary formats that preclude further processing pose a risk during system migrations.

The CIVAC workspace generates exportable compliance evidence in PDF format that can be imported directly into the document management systems of common ERP solutions. Data residency is exclusively within the EU — AES-256 at rest, TLS 1.3 in transit — thereby meeting the data protection requirements of Art. 32 GDPR, including for personal employee data in training records.

CIVAC offers two models that can be combined. With the Tool Licence, you licence the workspace for your internal SiFa. The SiFa works within the system, documents deployment hours, inspections, and training sessions, and exports the monthly compliance record. The appointment relationship remains entirely with the employer.

With Officer-as-a-Service, CIVAC provides an external SiFa from its certified partner network, appointed in writing. Appointment document, signed, filed, verifiable. The external SiFa also works within the CIVAC workspace, giving employers real-time visibility into deployment hours, open actions, and documentation status at all times.

The hybrid model combines both: an internal SiFa on the licence for day-to-day operations, supplemented by an external company doctor via Officer-as-a-Service for compulsory occupational health care. Both roles share the same workspace, the same reporting line, the same audit trail.

Most documentation gaps in SiFa work arise not from negligence but from a lack of system support. Anyone who creates inspection logs manually, records deployment times in spreadsheets, and files training records in folders is building structural risks that only become visible when an audit occurs.

DGUV-compliant SiFa software significantly reduces this risk: through standardised templates, automatic time recording, and a monthly documentation export that consolidates all of the SiFa's compliance work into a format that professional associations expect.

CIVAC provides 37 ready-to-use audit templates and creates the structural preconditions for audit robustness — both for internal SiFas on the tool licence and for external SiFas via Officer-as-a-Service. Turn reading into action. Write to info@civac.de or use the contact form on civac.de.