QEHSQEHS
Book a demo

External stakeholders

Give contractors, suppliers, auditors, and regulators a scoped front door.

A separate portal with magic-link sign-in and a tight scope fence — so external parties can file incidents, prequal questionnaires, and audit findings without consuming a seat license or touching internal data.

Real QEHS programs run across company lines. Contractors file incident reports from site. Suppliers upload prequal evidence. Auditors review documents during a fieldwork week. Regulators need read-only access on inspection day. QEHS gives each of these a purpose-built portal — not a bolt-on.

Book a demoSee pricingContact sales
app.qehsethos.com · Program dashboardPROGRAMSSafetyQualityEnvironmentRiskComplianceOperationsSafety program · Q2 2026Last 90 days · 4 sites · 2,184 employeesTRIR1.24-0.18NEAR-MISS REPORTS318+62OPEN CAPAS41-9INSPECTION CADENCE97%+4%INCIDENT RATE · 12 WEEKW0W3W6W9W12CAPA AGING · BY SEVERITYCritical6High14Medium12Low9OPEN ACTIONS · BY OWNERJRJ. ReyesPlant manager8SOS. OwusuEHS lead6AKA. KumarSupervisor5MDM. DiazQA engineer3
Give contractors, suppliers, auditors, and regulators a scoped front door.

4

External-user kinds — contractor, supplier, auditor, regulator

0

Seat licenses consumed

15m

Magic-link TTL — balance UX and security

Magic-link sign-in, no seat consumed

External users authenticate via short-lived, single-use email links — no password for you to manage, no license for them to burn.

  • 15-minute, SHA-256 hashed, single-use tokens; constant-time verification.
  • 8-hour session cookie scoped to /external — never touches the main app auth.
  • Per-user expiry window + admin-driven disable — access vanishes the day the contract ends.
  • Magic-link emails ship via the same trial mailer, with your branding.

Scope fences — module, record, location

Every external user is pinned to a narrow slice of the tenant. The fence is enforced on every read and write, not just in the UI.

  • Module scope — "contractor Jane only sees incidents + training, never audits"
  • Record scope — "auditor Bob only sees the 12 records inside his engagement"
  • Location scope — "regulator only sees the Chicago plant, not the Atlanta one"
  • Expiry + immutable "kind" — contractors never silently get upgraded to admins

Public intake forms

Publish a tenant-branded form that anyone on the internet can submit — near-misses, hazard observations, supplier self-registrations — without an account.

  • Field-key allow-list — internal-only columns never leak to the public form
  • Rate limiting, honeypot, time-on-page heuristic, and optional hCaptcha / Turnstile
  • Every submission (accepted or rejected) logged with outcome + IP + UA for forensic review
  • Confirmation code the submitter uses to look up status — collision-safe, dictation-safe

Audit + privacy

Same audit trail, same privacy guarantees, same soft-delete + grace period as internal users.

  • Every external sign-in, data access, and state transition hits the tenant audit log
  • GDPR deletion requests include external-user data by default
  • Soft-delete + configurable grace period apply uniformly
  • Regulators can be toggled to read-only inspection mode with a single flag
Contractor-heavy operators (construction, maintenance, utilities) stop emailing PDFs and start capturing field signal at source. Audit firms stop asking for screenshots. Regulators skip the open-doors-for-a-week dance.

Ready to see External stakeholders?

Pick a slot with our team.

30-minute demo tailored to your QEHS programs and your stack. No slide decks, just a working tenant.

Book a demoTalk to sales