How to Build a Temporary Deviation Tracker in 14 Days
A practical F2 guide for supervisors and EHS managers who need short-lived exceptions to stay visible, owned, and time bound until the work is restored.

Key takeaways
- 01A temporary deviation tracker only works when it keeps exceptions visible, owned, and time bound until the work is restored or formally changed.
- 02Keep the template short, because long forms become cosmetic compliance while the field keeps carrying the same exposure.
- 03One owner and one verifier stop the tracker from confusing administrative closure with real risk reduction.
- 04Expiry dates, escalation thresholds, and weekly review prevent a short-lived workaround from becoming normal work.
- 05Andreza Araujo's safety culture work treats repeated decisions as the real test, which is why the tracker must change the next shift, not just preserve a note.
A temporary deviation tracker is a live register that keeps short-lived exceptions visible, owned, timed, and verified until the work is restored or formally changed. It works only when the tracker is treated as a control for field risk, not as a parking lot for unfinished decisions.
Operations teams accept temporary deviations every week, but many of them disappear into email threads and shift handovers. The result is familiar, because the exception begins as a narrow workaround and ends as routine work with no clear owner.
Across 25+ years leading EHS in multinationals and more than 250 cultural transformation projects, Andreza Araujo has seen that pattern repeat. In A Ilusao da Conformidade, the lesson is plain: paperwork can look complete while the field remains exposed, which is why a tracker must show who owns the exception, what control keeps it open, and when the decision expires.
This guide is for supervisors, EHS managers, and operations leaders who need a usable way to keep temporary deviations from becoming silent normality. The task is practical, because a deviation tracker only helps if it changes the next shift.
What you need before starting
Before you start, choose one register, one owner, one review rhythm, and one rule for what counts as a temporary deviation. If every function invents its own version, the tracker becomes another administrative object that nobody trusts when the work gets hard.
The temporary deviation tracker should stay narrow. It is not a full risk register, a management of change file, or a place to store every operational note. It is a record of exceptions that change exposure, especially when the team accepts a workaround, a delay, or a control that needs verification before the next shift.
As Andreza Araujo argues in Safety Culture: From Theory to Practice, repeated decisions reveal the real operating model. That is why the tracker has to fit real meetings, permit reviews, and handovers, not sit outside them.
Step 1: Define which deviations belong in the tracker
Start by naming the deviations that deserve a permanent trail. Good candidates are temporary bypasses, short-lived workarounds, delayed repairs, partial isolations, temporary barriers, and other exceptions that keep work going while the site waits for a better condition.
Do not put every small issue in the tracker. If the list grows too broad, people will stop reading it and start treating it like paperwork. The test is simple: if the decision changes exposure, control strength, or who owns the next action, it belongs in the tracker.
This is the same discipline behind risk acceptance. A temporary deviation should never be confused with silent permission to keep going when the work has already moved outside the planned conditions.
Step 2: Set a short template with the right fields
Keep the template short enough to use in a live meeting. A practical structure has eight fields: date, area, deviation, risk statement, owner, expiry, verification, and escalation trigger. If a field does not help the next reader understand the exception, remove it.
Long forms usually produce cosmetic compliance. The tracker should make the exception readable, not make the form impressive. That is why a concise design works better than a wide form whose value is only visible in a spreadsheet archive.
Use the same logic you would use when rebuilding a risk register. The point is not to store more text. The point is to keep the next decision visible.
Step 3: Assign one owner and one verifier
Every deviation needs one owner who can change the work and one verifier who checks whether the field condition still matches the record. The owner can be a supervisor, engineer, operations manager, or EHS leader, depending on the exception. The verifier should be close enough to the work to see whether the workaround still holds during a normal shift.
The owner and verifier should not be the same person. This separation keeps the tracker from accepting administrative closure as risk reduction. If the tracker says the issue is closed, the field should be able to prove it.
This step aligns with field risk escalation matrix design, because the person who names the exception should also know who can pause the work when the condition changes.
Step 4: Put a clock on every entry
A temporary deviation without an expiry date is not temporary. It is a weak decision that has already started to spread. Put a specific date, shift, or operating window on every entry, and make the review happen before the clock runs out.
The expiry date matters because the field changes faster than the paperwork. A contractor arrives, a task expands, a part is missing, or a supervisor changes, and the old assumption no longer holds. If nobody revisits the entry, the tracker quietly becomes a record of normal work that no longer deserves that name.
Use the same discipline that supports risk trigger thresholds. A trigger that only lives in a policy does not protect anyone unless it tells the site when the exception has gone too far.
Step 5: Link each deviation to a real control and a real risk statement
Every record should answer two questions. What control is keeping the deviation tolerable, and what risk remains if that control weakens? If the answer is vague, the tracker is hiding exposure instead of governing it.
The most useful record says what is different today, what barrier is holding the line, and what would make the team stop. That is more valuable than a line that only says temporary approval granted. When the field reads the tracker, it should be able to see the decision path.
| Tool | What it is for | What it is not for |
|---|---|---|
| Temporary deviation tracker | Short-lived exceptions with owner, expiry, and verification | Permanent design changes or vague operational notes |
| Risk register | Broader risk inventory and treatment history | A parking place for every small workaround |
| MOC file | Formal review of lasting change to equipment, process, or method | A way to avoid naming a temporary exception |
The comparison matters because the site should know when a temporary deviation has crossed the line into a lasting change. That is where risk appetite and risk tolerance become useful, since a vague exception can look small while still carrying a serious residual exposure.
Step 6: Set escalation thresholds before the first deviation appears
Escalation should not depend on the courage or personality of the supervisor. It should depend on observable thresholds, such as repeated extensions, missing verification, changed task scope, weaker control evidence, or a new condition that makes the old approval invalid.
Keep the thresholds visible and plain. If the deviation needs a second extension, if the control has not been checked in the field, or if the task now includes a higher consequence, the issue should move up the line before the crew treats it as normal.
This is where the tracker and the escalation matrix meet. The field risk escalation matrix tells people who must act. The tracker tells them which exception needs action now.
Step 7: Review the tracker weekly with operations and EHS
A temporary deviation tracker has value only when leaders revisit it. Put it on the agenda of the weekly operations review, the shift handover, and any meeting where a change, delay, or contractor issue can alter exposure.
The weekly review should scan for three things: deviations that are still open, entries whose expiry date is near or overdue, and records that have already been extended once. Those repeats often reveal production pressure, unclear authority, or a barrier that the organization keeps accepting because the fix feels inconvenient.
Use the same logic as risk acceptance decision authority. A tracker loses value when it becomes an archive of exceptions instead of a working list of decisions.
Step 8: Close, renew, or convert the item
Close a deviation only when the promised review happened and the risk changed in the way the team expected. If the temporary control became permanent, say so and move the issue into the right process. If the deviation is still valid, renew it with fresh evidence and a new expiry. If the condition is now lasting, convert it to management of change.
That rule matters because a tracker without closure discipline becomes a museum. People can admire the past, but they cannot use it to steer the next decision. The strongest trackers create a chain from issue, to choice, to verification, to lesson learned.
As Andreza Araujo argues in A Ilusao da Conformidade, the organization should not reward records that look neat while the field stays exposed. The point is not to preserve the exception. The point is to reduce or remove it.
Use this checklist before launch:
- One owner can change the work and owns the temporary deviation.
- The template stays short enough for live use.
- Every entry records the exception, the expiry, the verification, and the trigger for escalation.
- The tracker is reviewed in weekly operations meetings and at shift handover.
- Each closed item has field verification, not only a signature.
FAQ
What is a temporary deviation tracker?
It is a live record of short-lived exceptions that change exposure, keep the work visible, and make the next decision easier to verify. It should show who owns the deviation, when it expires, and what evidence keeps it open.
Who should own the tracker?
The owner should be the manager who can change the work, pause it, or fund the fix. EHS can design the method and coach the review, but operations owns the decision that makes the deviation possible.
When should a deviation be escalated?
Escalate when the expiry is missed, the control is unverified, the task scope changes, or the same exception needs a second extension. Those are signs that the issue is no longer a short-lived workaround.
How is the tracker different from a risk register?
The tracker is for live exceptions with expiry and verification. The risk register is broader and should not be used as a dump site for every temporary workaround. Keep the two tools separate so the organization can see what is temporary and what is structural.
What should leaders review each week?
Leaders should review open deviations, overdue expiries, repeated extensions, and cases where the field evidence no longer matches the approval. If the weekly review does not change a decision, the tracker is too weak.
A temporary deviation tracker protects people only when it forces the organization to name the exception, own the risk, and restore the control. If your site still treats exceptions as small and forgettable, start with one tracker, one review rhythm, and one hard expiry rule.
Frequently asked questions
What is a temporary deviation tracker?
Who should own the tracker?
When should a deviation be escalated?
How is the tracker different from a risk register?
What should leaders review each week?
About the author
Andreza Araújo
Safety Culture Expert | Senior EHS Executive
Andreza Araújo is a safety culture expert and senior EHS executive with more than 25 years of experience in environment, health and safety. She is a Civil Engineer and Occupational Safety Engineer from Unicamp, holds a Master's degree in Environmental Diplomacy from the University of Geneva, and completed sustainability studies at IMD Switzerland. Andreza has served in Global Head of EHS roles in Fortune 500 environments, leading cultural transformation programs across multinational operations. She has represented Brazil as a speaker at the United Nations in Paris and has spoken at the International Labour Organization in Turin. She is the author of more than 16 books on safety culture in Portuguese, Spanish, English and German. Her work has earned more than 10 EHS awards, including two recognitions from Indra Nooyi, former PepsiCo CEO.
- Civil & Safety Engineer (Unicamp)
- M.A. Environmental Diplomacy (University of Geneva)
- Sustainability Cert (IMD Switzerland)
- People Management & Coaching (Ohio University)
- UN Paris speaker representative for Brazil
- ILO Turin speaker
- LinkedIn Top Voice
- Indra Nooyi PepsiCo CEO recognition (2x)
Documentaries
Watch Andreza's documentaries
Three productions on safety culture, organizational failure and the human lessons behind major disasters.
Podcasts
Listen to Andreza's podcasts
She hosts three shows on safety leadership, EHS and organizational culture, in English and Portuguese.