Using AI data as evidence: how monitoring supports investigations and audits

This blog provides general information about how workplace safety data and CCTV footage may be relevant in investigations and audits. It is not legal advice. For guidance specific to your situation, consult a qualified legal professional.

When a WorkSafe inspector arrives following a serious incident, or when your ISO 45001 certification audit is scheduled for next quarter, there is one question that cuts through everything else: what does your evidence actually show?

Not what your policy documents say. Not what your safety manual outlines. What the objective record shows — about what was happening at your facility, whether risks were being managed, whether your systems were actually functioning in the way you say they were.

This is the gap that most safety programmes struggle with. They have policies. They have procedures. They may have training records and incident logs. What they typically lack is continuous, objective evidence that those policies were being followed in practice — evidence that exists independently of self-report, that covers what happened between formal audits, and that can be reviewed by an external party without relying on the memory or account of people who may have been involved.

Computer vision AI monitoring changes this. Here is how.

What investigators actually look for

When WorkSafe investigates a notifiable event, they are trying to establish three things: what happened, why it happened, and whether the PCBU took all reasonably practicable steps to prevent it.

The third question is the one that determines whether enforcement follows. And answering it requires evidence — not assertions.

A 2024 District Court decision, WorkSafe New Zealand v Glenbrook Farming & Equipment Hire Limited, is a useful illustration of what this looks like in practice. The defendant successfully defended a WorkSafe prosecution in part because the Court found that the PCBU had taken the reasonably practicable steps available to it. Lawyers Buddle Findlay note that this case is "a good reminder of the importance of maintaining detailed records of health and safety training and equipment maintenance to support a PCBU's response to an investigation."

The implication is direct: the quality of your records determines the quality of your defence. A PCBU that can show specific, documented evidence of risk identification, control implementation, monitoring activity, and corrective action is in a structurally different position to one that can only produce policy documents and argue verbally that systems were in place.

Under HSWA, PCBUs are required to keep records of notifiable events for at least five years. But the more strategically important point is the broader evidentiary record — the body of documentation that shows your safety management system was active and functioning, not just designed and filed.

The problem with self-reported evidence

Most organisations' safety evidence is self-reported. Incident logs are completed by the people involved or their supervisors. Near-miss reports depend on workers choosing to raise them. Training records show attendance, not application. Audit checklists record what was observed at the time of the audit, not what happened between audits.

None of this is worthless. But it has two significant limitations as evidence.

The first is completeness. Self-reported systems systematically underreport. Research consistently shows that near-miss reporting captures only a fraction of the events that actually occur — with some studies suggesting the true ratio is as high as hundreds of near-misses for every reported event. An incident record that shows low event rates may reflect a genuinely safe facility, or it may reflect a facility where workers have learned not to report.

The second is objectivity. Self-reported data is inherently difficult to verify independently. Where there is pressure — explicit or implicit — to maintain a good safety record, the data reflects that pressure as well as the underlying reality. In an investigation or audit context, a regulator who has seen many incident logs will know the difference between data that reflects genuine monitoring and data that reflects selective reporting.

An objective, automated monitoring system addresses both limitations. It captures events as they occur, regardless of whether anyone chooses to report them. The data is time-stamped, continuously generated, and exists independently of any human decision about what to record.

How AI data supports a WorkSafe investigation

When a notifiable event occurs, WorkSafe's investigation involves gathering information from multiple sources: physical evidence at the scene, witness statements, documents provided by the PCBU, and any other relevant records.

Continuous monitoring data is directly relevant in several ways.

Timeline reconstruction. One of the most difficult aspects of any incident investigation is establishing exactly what happened and in what sequence. Continuous monitoring data provides a contemporaneous record that can establish the timeline of events leading up to and including an incident — far more reliably than memory-based accounts gathered hours or days later.

Conditions before the event. A monitoring system that has been running continuously can show the state of a facility — traffic patterns, compliance with exclusion zones, PPE adherence, equipment movement — over the period leading up to an incident. This matters both for understanding what went wrong and for demonstrating the overall standard of management. A PCBU that can show consistent compliance monitoring across thousands of events, with documented coaching responses to detected issues, is making a very different evidentiary argument to one that has no record of what was happening before the incident.

Evidence of corrective action. Under HSWA, a key element of the "reasonably practicable" test is whether the PCBU knew — or should have known — about the risk, and whether it took proportionate action. A monitoring system that documents detected events, connects them to coaching and corrective action workflows, and records outcomes provides direct evidence that risks were identified and addressed over time. The absence of such a record — when risks were foreseeable — is exactly what attracts the harshest judicial language.

Your existing CCTV as an evidence source. For video footage to be useful as evidence in legal proceedings, it needs to meet basic requirements of authenticity: that the footage is what it purports to be, that it has not been tampered with, and that there is a clear record of who has accessed it. Your existing CCTV infrastructure — the cameras, the NVR/VMS, and the storage — is where this footage lives and where chain of custody is maintained. A well-governed CCTV system with proper access logs, secure storage, and documented retention policies provides the evidentiary foundation. AI safety monitoring like inviol adds a layer on top of that infrastructure by detecting and flagging events — but the underlying footage and its integrity sit with your CCTV system.

How AI data supports ISO 45001 audits

ISO 45001 requires organisations to demonstrate that their occupational health and safety management system is not just documented but actively functioning. Clause 9.2 requires internal audits to be conducted at planned intervals, with documented evidence of their implementation and results. Clause 9 more broadly requires organisations to monitor, measure, analyse, and evaluate their OH&S performance against defined criteria.

Auditors — both internal and certification-body auditors — are looking for objective evidence that the system is working. This is the standard articulated in ISO 45001: findings must be based on evidence, and that evidence must demonstrate effective implementation.

Continuous monitoring data provides a compelling evidence base for ISO 45001 audits in several ways:

Demonstrated leading indicator measurement. ISO 45001 explicitly encourages the use of leading indicators alongside lagging ones. Continuous event detection provides exactly this: a stream of leading indicator data showing event types, frequencies, locations, and trends over time. This is far more persuasive to an auditor than a statement that the organisation "monitors safety proactively."

Evidence of worker participation. ISO 45001 requires worker participation in the OH&S management system. A coaching-first monitoring approach — where detected events are reviewed with workers, discussed in toolbox talks, and acted upon — creates a documented record of genuine worker engagement with safety data, not just attendance at mandatory meetings.

Trend data showing continuous improvement. One of the questions ISO 45001 auditors consistently ask is: how do you know your system is improving? Event trend data — showing declining event rates over time, reduced rates in previously high-risk zones, and sustained improvement following coaching interventions — answers this question with objective evidence rather than assertion.

Corrective action closure. ISO 45001 requires organisations to address nonconformities and verify that corrective actions have been effective. A monitoring platform that documents event-to-coaching-to-outcome workflows provides exactly the corrective action closure documentation that auditors need to see.

From reactive to proactive evidence

There is a distinction between organisations that use monitoring data reactively (to explain what happened after an incident) and those that use it proactively (to demonstrate that their system is functioning continuously).

The reactive use is valuable — having objective footage and event data when a serious incident occurs is significantly better than relying on reconstructed accounts. But the proactive use is what changes an organisation's compliance posture fundamentally.

A PCBU that can show WorkSafe, or a certification auditor, or an enterprise customer conducting supplier due diligence, a 12-month record of continuous risk monitoring — with documented coaching responses, trend analysis, and evidence of improvement — is demonstrating something qualitatively different from a PCBU with an incident register and a safety policy. It is showing that its safety management system is a living, active system rather than a documented aspiration.

This comes from two things working together: your existing CCTV infrastructure providing the footage foundation, and a detection and coaching layer (like inviol) that turns that footage into documented safety actions. The combination is what creates a compelling evidence base — and it is increasingly the standard that sophisticated buyers, regulators, and certification bodies expect.

Practical considerations: making your evidence base stronger

A few practical points are worth noting for organisations thinking about how their safety data holds up in an investigation or audit context.

Your CCTV infrastructure is the evidence foundation. The footage that matters in an investigation lives on your CCTV system — your NVR, your VMS, your on-site storage. The integrity of that footage depends on your CCTV provider's access controls, storage policies, and retention settings. If you are thinking about evidentiary readiness, start with your CCTV provider: are access logs maintained? Is footage stored securely with documented retention periods? Under HSWA, notifiable event records must be kept for at least five years — talk to your CCTV provider about whether your current retention settings meet that requirement.

AI monitoring adds the detection and coaching layer. What inviol adds is the ability to detect safety events from your existing CCTV footage and connect those detections to coaching conversations. This creates a documented record that risks were being actively identified and responded to — which is valuable context in an investigation. But inviol is a coaching and detection tool, not a CCTV management or evidence storage platform. The underlying footage sits with your existing infrastructure.

Documentation of the coaching loop matters. Raw event detection is useful. Event detection connected to documented coaching sessions, follow-up actions, and outcomes is considerably more useful — because it demonstrates not just that risks were detected but that the organisation responded. The closed loop from detection to coaching to behaviour change is what demonstrates active management.

Proportionate deployment. Monitoring does not need to cover every camera in a facility to be useful. Focusing on the highest-risk areas — those with the greatest potential for serious harm — reflects genuine risk management priorities, which is exactly the kind of targeted approach that demonstrates "reasonably practicable" compliance.

To see how inviol's detection and coaching platform works alongside your existing CCTV, book a demo.

Frequently Asked Questions

Can CCTV footage be used as evidence in a WorkSafe investigation?

Yes. Time-stamped video footage from your existing CCTV system is directly relevant to WorkSafe investigations and can support a PCBU's compliance with its duty of care. For footage to be most useful as evidence, it should be maintained with clear access logs, stored securely, and produced in a format that preserves its integrity. This is managed by your CCTV infrastructure (NVR/VMS). AI safety monitoring like inviol adds value by detecting and flagging safety events from that footage and connecting them to documented coaching responses — creating evidence that risks were being actively identified and managed.

How does continuous monitoring data support ISO 45001 certification audits?

ISO 45001 requires organisations to demonstrate that their occupational health and safety management system is actively functioning, not just documented. Continuous monitoring data provides objective evidence of leading indicator measurement, worker engagement with safety processes, trend data showing continuous improvement, and closed-loop corrective action — all of which auditors require to verify that a system is working in practice.

Under HSWA, how long does a PCBU need to retain records of safety events?

WorkSafe NZ requires PCBUs to keep records of notifiable events for at least five years from the date the regulator was notified. For CCTV footage, this means working with your CCTV provider to ensure retention settings meet this requirement. AI monitoring coaching records and event data add further context, but the underlying footage retention is managed by your CCTV infrastructure.

What makes monitoring data more useful than self-reported incident logs?

Self-reported systems systematically underreport, and the data they generate depends on workers and supervisors choosing to record events. Continuous monitoring captures events automatically, regardless of reporting decisions, producing an objective, time-stamped record that exists independently of self-report. This significantly strengthens an organisation's evidentiary position in investigations and audits.

Does an AI monitoring system need to cover every camera in a facility to be useful as evidence?

No. Focusing monitoring on the highest-risk areas — those with the greatest potential for serious harm — is both proportionate and defensible. It reflects genuine risk management priorities, which is exactly the kind of targeted evidence that demonstrates "reasonably practicable" compliance under HSWA and equivalent WHS laws.