Regulatory Compliance Quiz

Q: How do I decide whether a requirement is an OSHA rule, an EPA rule, or just company policy?

Start by identifying the hazard and activity (e.g., chemical labeling, injury logging, hazardous waste accumulation). Then map it to the governing body: OSHA generally covers workplace safety and health standards; EPA generally covers environmental programs such as RCRA hazardous waste. Treat company policy as an additional layer that may exceed the legal minimum—useful for risk control, but it should not replace the underlying regulatory citation in your procedures.

Q: What documentation is most often requested during an OSHA inspection or internal audit?

Expect requests for training records (who, when, topic, instructor), inspection logs (routine equipment/area checks with corrective actions), injury/illness records (as applicable under Part 1904), and written programs (e.g., hazard communication). A common failure is having “we do it” practices without a traceable record showing the frequency, scope, and follow-up.

Q: Does federal OSHA apply the same way in every state?

No. Some states operate OSHA-approved State Plans that must be at least as effective as federal OSHA and may have additional or different requirements. For quiz purposes, focus on correctly identifying the controlling standard and documenting your reasoning; in practice, confirm whether your location is under federal OSHA or a State Plan and align citations, posters, reporting paths, and deadlines accordingly.

10 – 41 Questions 8 min

This quiz targets day-to-day decisions that drive OSHA and EPA compliance: determining which standards apply, implementing documented controls, and maintaining defensible records. Using outdated citations, incomplete logs, or mismatched site procedures increases incident likelihood and can trigger citations, penalties, and operational shutdowns. Treat it as mandatory training reinforcement for audit-ready prevention work.

Start

Choose quiz length

1An auditor asks for proof that employees completed required safety training, but no sign-in sheets or electronic records exist. What is the primary compliance problem?

2Headquarters issues one safety procedure for all facilities, but one site is office-only and another uses hazardous chemicals. What is the best next step to ensure compliance?

3After you learn an injury is OSHA recordable, by when should it generally be entered on the OSHA 300 Log?

4On a multi-employer worksite, who typically has responsibility for OSHA compliance related to the hazards they create or control?

5A written exposure control program at your plant is based on an exposure limit that was revised two years ago. Recent sampling shows employees are below the old limit but above the new one. What is the most defensible immediate response?

6You manage facilities in both federal OSHA and state-plan OSHA jurisdictions. What is the best way to confirm the applicable requirements for a specific state-plan site?

7A contractor arrives to perform confined space entry and refuses to use your permit process, claiming their own program is sufficient. What should the host employer do?

8A supervisor initially classifies an injury as “first aid,” but you later learn the employee missed three full days of work. How should the case be recorded?

9Operations installs new machinery that increases production but introduces pinch points and higher noise. No regulatory review was done before startup. What should have occurred before commissioning?

10You revise a lockout/tagout procedure after an audit finding. What is the most appropriate follow-up action to support compliance?

11Sampling results show exposures trending upward and approaching the applicable limit, but engineering controls will take months. What interim measure is most defensible while long-term controls are designed?

12For employee exposure monitoring results (e.g., air sampling data), what is a common minimum retention expectation under OSHA’s access to exposure records requirements?

13Your company policy requires adopting more protective exposure guidelines than the legally enforceable minimum. What is the best way to document this without confusing auditors or employees?

14Before a contractor performs permit-required confined space work, which host-employer action best supports compliance?

15After a process change, you discover the new workflow bypasses an existing machine-guarding interlock. What is the best immediate compliance response?

16Which statement best distinguishes company policy from a legal requirement?

Disclaimer

This quiz is for educational purposes only. It does not replace official safety training, certification, or regulatory compliance programs.

Regulatory Compliance Errors That Trigger OSHA/EPA Findings

Most wrong answers in regulatory compliance come from mixing legal requirements, site scope, and documentation rules. Use the patterns below to spot and correct gaps before they become incident contributors or audit findings.

1) Citing the wrong authority (or an outdated version)

Failure mode: Referring to what a rule “used to require,” an old corporate slide deck, or a non-authoritative summary.
Avoid it: Verify the current CFR citation and effective language before setting limits, frequencies, or training topics.

2) Skipping an applicability analysis

Failure mode: Applying a single checklist to office, warehousing, maintenance, and chemical operations without scoping differences.
Avoid it: Map hazards and processes to the specific OSHA subparts (e.g., HazCom, LOTO, respiratory) and EPA programs (e.g., RCRA generator status) that actually attach to the work.

3) Confusing “policy” with “law”

Failure mode: Treating internal rules as legally required, or assuming a regulatory requirement is optional because it is not in the company manual.
Avoid it: Document two layers: legal minimums (regulatory musts) and company controls (added risk reduction).

4) Weak recordkeeping and retention discipline

Failure mode: Doing the control but failing to keep proof (training rosters, inspections, exposure data, waste determinations/manifests).
Avoid it: Build “evidence outputs” into each task: who signs, where it’s stored, and how long it’s retained.

5) Treating compliance as a one-time setup

Failure mode: Initial training only; no refresher triggers when processes, chemicals, vendors, or staffing change.
Avoid it: Tie refreshers to change management, incident learnings, and periodic internal audits, not just annual calendars.

Real-World OSHA/EPA Decision Drills (Apply, Document, Defend)

Use these short drills to practice the same reasoning the quiz expects: identify the controlling regulation, decide what must be done now, and define what evidence would satisfy an inspection or audit.

Scenario prompts

Near-miss with medical evaluation: A worker is sent to urgent care “just to be safe” after a chemical splash but returns to work the same day with no restrictions. Determine whether the case is recordable, what entries (if any) belong in OSHA injury/illness records, and what supporting documentation should be retained.
HazCom program drift: A department introduces a new cleaning solvent from a local supplier. The SDS is emailed to a supervisor but not added to the SDS system, and secondary containers are unlabeled. Identify immediate corrective actions, required elements of the written program, and how to verify employee understanding.
Multi-site procedure conflict: Corporate issues one universal safety procedure. A satellite site performs hot work and uses flammables; another is office-only. Define what a defensible “applicability memo” should include and which training topics must differ by site.
RCRA generator category swing: A maintenance shutdown generates an unusual volume of solvent wipes and spent chemicals. Decide what information you need to determine generator status for the month, how to handle accumulation labeling/dating, and what notifications or planning steps may be triggered.
Contractor oversight gap: A contractor performs confined space entry under your permit system, but their training documentation is incomplete. Determine what the host employer must verify, what can be accepted as equivalent evidence, and what must be documented before entry begins.
Inspection readiness: An inspector asks for training records, recent inspection logs, and incident reporting procedures. List what you would produce first, how you would explain your record system, and what “red flags” you would proactively correct before the next visit.

Audit-Ready Regulatory Compliance: 5 Actions to Get Right

Do a written applicability analysis before building controls: tie each operation to the specific OSHA/EPA program requirements that apply, and document why others do not.
Separate legal requirements from corporate expectations: label procedures with the underlying regulation(s) and clearly mark any “company standard” add-ons.
Design every control with built-in evidence: define the required record (log, checklist, roster, sampling report), the owner, the storage location, and retention rules.
Keep chemical and waste decisions defensible: maintain SDS access and labeling discipline, and document hazardous waste determinations and generator status logic for unusual events.
Make refreshers change-driven, not calendar-driven: retrain and re-verify competence when processes, chemicals, equipment, staffing, or regulations change.

Regulatory Compliance Glossary (OSHA/EPA Terms Used in Practice)

Applicability analysis: A documented determination of which standards apply to a site, process, or task and why. Example: “This shop is covered by HazCom due to chemical use; PSM does not apply because no threshold quantity highly hazardous chemicals are present.”
Recordable case: An injury/illness meeting OSHA recording criteria that must be entered on the OSHA log when the employer is covered. Example: “A laceration requiring stitches is medical treatment beyond first aid, so it is recordable.”
Written program: A required written document describing how a regulatory program is implemented at the workplace. Example: “The HazCom written program identifies how SDSs are maintained and how labels are managed for secondary containers.”
Generator status: An EPA RCRA category based on the quantity of hazardous waste generated in a calendar month, which drives on-site management requirements. Example: “A shutdown month may elevate status and trigger additional accumulation and training obligations.”
Corrective action (CAPA): A documented fix that addresses both the immediate issue and its root cause, with verification of effectiveness. Example: “Replace missing labels today; then revise purchasing intake so SDS/labeling is captured before chemicals enter use.”

Authoritative OSHA/EPA References for Regulatory Compliance Study

OSHA Compliance Assistance Quick Start (General Industry) — Structured entry point for identifying common OSHA requirements and building an organized compliance plan.
OSHA Recordkeeping: What to Record — Practical criteria and decision points for determining what must be recorded under 29 CFR Part 1904.
OSHA Recordkeeping Forms (300/300A/301) — Official forms and posting/certification basics used during inspections and internal audits.
OSHA 29 CFR 1910.1200: Hazard Communication — Regulatory text covering chemical classification/communication, written program expectations, SDS access, and training obligations.
EPA: Steps in Complying with Hazardous Waste Regulations — Core RCRA generator compliance workflow, including hazardous waste identification and required notifications.

Regulatory Compliance Quiz FAQ (OSHA/EPA Application + Documentation)

How do I decide whether a requirement is an OSHA rule, an EPA rule, or just company policy?

Start by identifying the hazard and activity (e.g., chemical labeling, injury logging, hazardous waste accumulation). Then map it to the governing body: OSHA generally covers workplace safety and health standards; EPA generally covers environmental programs such as RCRA hazardous waste. Treat company policy as an additional layer that may exceed the legal minimum—useful for risk control, but it should not replace the underlying regulatory citation in your procedures.

What documentation is most often requested during an OSHA inspection or internal audit?

Expect requests for training records (who, when, topic, instructor), inspection logs (routine equipment/area checks with corrective actions), injury/illness records (as applicable under Part 1904), and written programs (e.g., hazard communication). A common failure is having “we do it” practices without a traceable record showing the frequency, scope, and follow-up.

Why does the quiz emphasize “applicability” instead of memorizing rules?

Compliance errors often come from applying a correct rule to the wrong situation. The same company can have multiple obligations depending on processes, chemicals, equipment, and jurisdiction. A short, well-written applicability analysis prevents over-scoping (wasted effort) and under-scoping (missed legal duties that can contribute to incidents and enforcement actions).

How should I handle regulatory changes when my site procedures are already “approved”?

Approved procedures are not automatically compliant forever. Use a management of change trigger: when a regulation, interpretation, chemical, process, or control changes, revise the procedure, retrain impacted roles, and document the revision history. If you manage cross-functional compliance work, the scenario logic in this quiz aligns well with structured risk-and-control thinking used in financial compliance; see Banking Compliance Quiz - Free Risk Assessment Practice for parallel decision patterns.

Does federal OSHA apply the same way in every state?

No. Some states operate OSHA-approved State Plans that must be at least as effective as federal OSHA and may have additional or different requirements. For quiz purposes, focus on correctly identifying the controlling standard and documenting your reasoning; in practice, confirm whether your location is under federal OSHA or a State Plan and align citations, posters, reporting paths, and deadlines accordingly.

What’s the safest way to answer questions where the “right” action depends on site facts?

Answer in the sequence inspectors and auditors expect: (1) identify what you need to know (jurisdiction, process, quantities, exposure data, employee roles), (2) state the minimum required control, (3) define the records that prove it, and (4) add interim risk controls if compliance cannot be achieved immediately. This same “facts → requirement → evidence” structure is also used in investigative compliance; for a different domain example, see AML/CFT Compliance Quiz - FATF Standards Practice Questions.