
On a mega-project, the head contractor's prequalification team and the principal's assurance people read your management system before they let you near the work - not after you win. So if your IMS only looks good on the shelf, you get screened out at the gate, quietly, before price ever comes up. The move is to be tender-ready and audit-ready in advance, so that when a multi-billion-dollar pipeline of Queensland road and rail work opens up, your system is already evidence you can hand over rather than a scramble you start post-award.
Here is what that actually takes.
Why do Queensland's mega-projects change the game for contractors?
Queensland is in the middle of one of the biggest transport-infrastructure runs in its history. The Coomera Connector - a new motorway between Logan and the Gold Coast - is a multi-stage, multi-billion-dollar build, with the priority section alone costed around 3.5 billion dollars. Add the ongoing M1 upgrades, the Bruce Highway safety program and the state's broader push for stronger governance and assurance on public infrastructure, and you have a market with a lot of work and a lot of scrutiny attached to it.
That scrutiny is the part contractors underestimate. On projects this size, the principal carries the political and legal risk if something goes wrong on their site. So they push governance down the chain. The head contractor's prequalification demands a working management system, the principal's assurance team samples your evidence during delivery, and both of them treat your ISO certificates as a starting question, not a finished answer. The bigger the project, the harder they look.
What do principals check before they award mega-project work?
They are checking whether your system is real. Not whether you have documents - everyone has documents - but whether the way you actually run jobs matches what those documents claim. Expect them to test:
- Whether your ISO 9001, ISO 14001 and ISO 45001 certificates are current, in scope for the work, and from an accredited certifier.
- Whether your risk assessments, SWMS and permits are live records from real jobs, not templates with last year's date on them.
- Whether incidents get investigated, closed out, and fed back into your controls - or just logged.
- Whether your subcontractors are managed to the same standard you are.
- Whether the people named in your plans are the people actually doing the work, with the tickets to prove it.
None of that is exotic. It is the same evidence a decent internal audit would surface. The problem is that most contractors have never run their own system through that lens before a client does it for them.
Controls on paper vs hazards managed in practice
This is the distinction that wins - or loses - assurance reviews. A control on paper is a line in a document. A hazard managed in practice is that control actually working, at the point of risk, on the day. Assurance teams have learned to tell the difference in about ten minutes on site.
| Controls on paper | Hazards managed in practice |
|---|---|
| A SWMS exists for the task | The crew doing the task has read it, signed it, and can tell you the controls |
| Plant has an inspection sticker | The pre-start is filled in daily and defects actually stop the machine |
| A risk assessment names a control | A specific person owns the control and there is evidence it was applied |
| Training matrix says "competent" | Tickets are current and match the people on the tools today |
| Incident register has entries | Actions are closed, verified, and changed how the job is run |
The regulator is making the same distinction, and it is expensive to get wrong. In June 2026 a Queensland mining contractor was fined 310,000 dollars over the death of a coal-mine worker, after failing to carry out a job risk assessment for a lifting task - a control that existed as an obligation but was not applied in practice. In New South Wales, a company and its director were fined a combined 249,600 dollars after a worker was struck by a reversing forklift. In both cases the paperwork was not the failure point. The hazard on the day was.
That is the whole argument for running on systems, not heroics. When your controls only live in a folder, safety depends on the right person happening to do the right thing under pressure. ISO 45001 exists to remove that dependency - to make the control happen because the system makes it happen, not because someone was switched on that morning. Principals know this. It is exactly what their assurance sampling is designed to expose.
How do you get tender-ready before you bid?
You close the gap between your documents and your delivery before anyone from the principal's side goes looking for it. Practically, that means running the assurance review on yourself first.
Pull your certificates and check scope. Confirm your ISO certificates are current, accredited (look for the JAS-ANZ mark), and that their scope actually covers the work you are bidding. A certificate scoped to the wrong activity is worse than useless in a tender.
Sample your own evidence. Pick three recent jobs and trace them end to end - risk assessment, SWMS, permits, pre-starts, competency records, and any incidents. If you cannot produce a clean thread on your own work, the principal certainly will not find one.
Close your open loops. Overdue corrective actions and unclosed incidents are the fastest way to fail an assurance review. Get the register current and the actions verified as done.
Line up your subcontractor governance. You are accountable for their system too. Make sure you are actually collecting and checking their insurances, licences and SWMS, not just asking for them.
Prepare the pack you will be asked for. Have your management-system summary, certificates, org and responsibility matrix, and a sample of live records ready to hand over. Tender-ready means the evidence is assembled, not findable-if-we-dig.
What the tender asks for vs what actually wins the assurance review
| What the tender document asks for | What actually wins the review |
|---|---|
| Copies of ISO certificates | Certificates in scope, plus evidence the system behind them runs |
| A safety management plan | A plan that matches how your crews actually work |
| Your incident statistics | Proof your incidents change your controls |
| A subcontractor management procedure | Real records showing you apply it |
| Named key personnel | Those people on site with current tickets |
The pattern is consistent. The tender asks for artefacts. The award goes to the contractor whose artefacts are backed by a system that visibly works. Get that alignment right before you bid and prequalification stops being a hurdle and starts being your advantage over the contractors still treating it as paperwork.
How far ahead should you start?
Sooner than feels comfortable. Certification gaps, expired tickets and overdue actions all take weeks to fix properly, and you cannot manufacture a track record the night before a submission closes. If there is mega-project work you intend to chase this year, the readiness work belongs in the diary now - not in the fortnight after the tender drops, when you are also trying to price it.
Get your system tender-ready
If you are bidding into Queensland's infrastructure pipeline and you are not certain your IMS would survive a principal's assurance review, start with a free audit-readiness check. We look at your system the way a head contractor's prequalification team will - and tell you where the gaps are while you still have time to close them.
For the tools to do more of it yourself - IMS templates, risk and SWMS frameworks, and audit-ready record systems built for Australian contractors - visit the shop at shop.hbass.com.au. Run on systems, not heroics, and let the evidence win you the work.
Founder, Hillview Business Services. 15+ years inside civil construction, mining and infrastructure businesses.