Emergency Response Plan (ERP) Malaysia: DOSH & BOMBA Requirements for Factories

Disclaimer: This article provides general guidance on Emergency Response Plan requirements based on OSHA 1994 (Amendment 2022), Fire Services Act 1988, and DOSH guidelines. Regulations may be amended. Always verify current requirements with DOSH, BOMBA, or qualified safety professionals before making compliance decisions.

Every Malaysian factory is required to have an Emergency Response Plan under OSHA 1994 Section 15(2)(f). Since the Amendment 2022 took effect on 1 June 2024, this is no longer a best practice recommendation. It is a statutory requirement with penalties up to RM 500,000 for non-compliance.

BOMBA separately requires emergency procedures as part of the Fire Certificate (Sijil Perakuan Bomba) renewal. If your factory cannot demonstrate fire emergency procedures, drill records, and a functioning Emergency Response Team during BOMBA's annual inspection, your Fire Certificate renewal is at risk.

This guide covers the legal framework, ERP document structure, Emergency Response Team roles, fire drill requirements, evacuation planning, emergency equipment, and the specific gaps that fail DOSH and BOMBA inspections.

Legal Framework: Two Regulators, One Factory

Your factory's ERP must satisfy two separate regulators: DOSH (workplace safety) and BOMBA (fire safety). They inspect different things, but both expect documented emergency procedures and evidence of drills.

Regulator	Legislation	Key ERP Requirements	Penalty for Non-Compliance
DOSH	OSHA 1994 (Amendment 2022)	Section 15(2)(f): Develop and implement emergency procedures. Section 18B: Risk assessment including emergency scenarios.	Up to RM 500,000 or 2 years imprisonment
BOMBA	Fire Services Act 1988 (Act 341)	Section 28: Fire Certificate requirement. Section 32: Maintain fire safety installations. Fire Services Regulations 2001: Annual FC renewal with fire drill records.	Up to RM 10,000 or 5 years imprisonment
DOSH (CIMAH)	CIMAH Regulations 1996	Major hazard installations must submit formal ERP to DOSH every 3 years, prepared by DOSH-approved Competent Person.	Per OSHA 1994 penalty framework

Standard factories do not need to submit their ERP to DOSH. However, DOSH inspectors will request to see the document during workplace audits and expect evidence that it has been tested through drills. CIMAH-regulated facilities handling hazardous chemicals above threshold quantities have a stricter requirement: formal ERP submission to DOSH every three years.

Emergency Scenarios Your ERP Must Address

Your ERP cannot be a generic document. It must address the specific emergency scenarios relevant to your facility based on your HIRARC assessment. These are the scenarios that apply to most Malaysian factories.

Scenario	Common Causes in Factories	Response Actions
Fire	Electrical faults, hot work, flammable material storage, machine overheating	Alarm activation, evacuation, initial firefighting, BOMBA notification
Chemical spill	Container failure, transfer accidents, equipment leak, valve failure	Containment, PPE donning, cleanup per SDS, ventilation, area isolation
Gas leak	Pipe damage, valve failure, equipment malfunction, cylinder leaks	Evacuation, ventilation, ignition source elimination, gas detection monitoring
Medical emergency	Machinery injury, chemical exposure, cardiac event, heat stress	First aid, ambulance call (999), scene preservation, incident documentation
Explosion	Dust accumulation, gas buildup, pressure vessel failure, chemical reaction	Evacuation, search and rescue, structural assessment, external agency notification
Flood	Flash flooding, river overflow, drainage failure (common in Malaysia)	Equipment shutdown, stock elevation, evacuation if necessary, utility isolation
Power failure	Grid outage, transformer failure, internal electrical fault	Emergency lighting activation, equipment safe shutdown, backup power engagement

If your factory handles chemicals, the chemical spill scenario must reference specific Safety Data Sheets (SDS) for the chemicals on site. A generic "contain and clean up" procedure is not adequate for DOSH inspection.

ERP Document Structure

Your ERP should follow a consistent structure that both DOSH inspectors and BOMBA officers can review efficiently. These are the mandatory sections.

Section	Contents	Common Gap
Facility information	Site address, floor plans, hazardous material inventory, maximum occupancy	Floor plans outdated or missing after renovations
Emergency contacts	Internal ERT contacts, BOMBA, nearest hospital, DOSH, utility companies, management	Phone numbers outdated, no after-hours contacts
Roles and responsibilities	ERT structure, chain of command, individual duties per scenario	Roles assigned to people who have left the company
Alarm systems	Alarm types (different sounds for different emergencies), activation procedures	Workers do not know the difference between alarm types
Evacuation procedures	Routes per area, assembly points, headcount procedures, special needs provisions	Assembly points not large enough or too close to building
Scenario-specific procedures	Step-by-step actions for each emergency type identified in HIRARC	Generic procedures not matched to actual facility hazards
Equipment locations	Fire extinguishers, first aid kits, spill kits, emergency PPE, utility shutoffs	Equipment moved but maps not updated
Training and drill schedule	Training plan, drill frequency, record-keeping requirements	No drill records to present during inspection
Review and version control	Version number, revision date, list of changes, distribution list	Document dated 3 years ago with no evidence of review

Emergency Response Team Structure

Your ERT must be sized to cover all shifts. An ERT that only operates during day shift leaves your factory exposed during night and weekend operations when supervision is typically thinner and response times from external services may be longer.

ERT Role	Responsibilities	Training Required
ERT Coordinator / Incident Commander	Overall emergency management, decision-making, external agency liaison	ERP leadership training, communication skills, incident command
Deputy Coordinator	Backup to coordinator, manages specific functions during multi-team response	Same as coordinator
Fire Wardens / Floor Marshals	Guide evacuation, conduct headcount, confirm area clearance	Fire warden certification, evacuation procedures
Firefighting Team	Initial fire suppression using portable extinguishers and hose reels	Fire extinguisher use, hose reel operation, fire behaviour
First Aid Team	Medical assessment, first aid, casualty documentation, ambulance liaison	Occupational First Aid certification (valid 3 years)
Spill Response Team	Chemical containment, cleanup, decontamination per SDS	HAZMAT awareness, spill kit use, SDS interpretation
Communications Officer	Internal PA announcements, external calls (BOMBA, ambulance), record-keeping	Communication protocols, PA system operation
Security Team	Access control, traffic management, external agency guidance to incident	Security procedures, traffic control, access management

ERT Sizing Guidelines

Factory Size	Minimum ERT per Shift	Key Consideration
Small (under 50 employees)	5 to 8 trained responders	Multi-role ERT members (e.g., fire warden also does first aid)
Medium (50 to 200 employees)	10 to 15 trained responders	Dedicated roles with backups for each function
Large (200+ employees)	20+ trained responders across functions	Full team structure with multiple responders per role per shift

Want to Align Your Emergency Plan with Insurance Requirements? Talk to Our Risk Specialists.

Fire Drill Requirements and Frequency

BOMBA expects fire drill records during Fire Certificate renewal inspections. No drill records means no evidence that your ERP has been tested, which puts your FC renewal at risk.

Drill Type	Minimum Frequency	What Must Be Documented
Full evacuation drill	At least twice per year (all shifts must participate)	Date, time, participants, evacuation time, issues identified, corrective actions
Fire warden walkthrough	Monthly	Route verification, equipment location check, obstruction report
Tabletop exercise	Quarterly	Scenario discussed, ERT leader participation, decisions reviewed, lessons learned
First aid response drill	Twice per year	Simulated injury scenario, response time, treatment actions, equipment checks
Chemical spill drill	Annually (if chemicals are on site)	Simulated spill, containment procedure, PPE use, cleanup protocol

A critical gap in many Malaysian factories is that drills only happen during day shifts. If your factory runs 24 hours, night shift workers may never have participated in a drill. BOMBA and DOSH both expect all shifts to have drill experience.

Evacuation Planning Requirements

Element	Requirement	BOMBA Inspection Point
Exit signage	Illuminated exit signs at all emergency exits, visible from 30 metres	Signs lit, visible, not blocked by stock or equipment
Emergency lighting	Battery-backed lighting along all evacuation routes, minimum 1 lux at floor level	Lights functional during power failure test
Route clearance	Routes kept clear of obstructions at all times, minimum 1.2m wide	No stock, equipment, or materials blocking exit routes
Exit doors	Open outward, unlocked during occupancy, panic hardware on doors serving 60+ persons	Doors functional, not locked, correct swing direction
Evacuation maps	Posted at key locations showing "You Are Here" marker, routes, and assembly points	Maps current, visible, reflect actual layout
Assembly points	Safe distance from building, away from emergency vehicle routes, clearly marked	Large enough for maximum occupancy, surface accessible
Headcount procedures	System to account for all personnel at assembly points (roll call, tag board, digital)	Method documented, fire wardens trained in headcount

Emergency Equipment Inspection Schedule

Having emergency equipment is not enough. It must be inspected and maintained. Expired fire extinguishers and dead emergency lighting batteries are among the most common BOMBA inspection failures.

Equipment	Inspection Frequency	What to Check
Fire extinguishers	Monthly visual check, annual professional service	Pressure gauge, pin and seal, corrosion, accessibility, valid service tag
Fire hose reels	Monthly operational test, annual service	Water flow, hose condition, nozzle function, valve operation
Fire alarm system	Weekly panel check, quarterly full test	Panel status, detector function, battery backup, alarm audibility
Emergency lighting	Monthly function test	Activation during simulated power failure, battery condition, light output
First aid kits	Monthly inventory check	Contents complete, no expired items, accessible location
Spill kits	Monthly contents check	Absorbent material adequate, PPE included, located near chemical storage
Eye wash stations	Weekly flow test	Water flow, water quality (clear, no debris), accessible within 10 seconds of hazard
PA / communication system	Monthly audio test	Audibility in all areas including noisy production zones, backup power

Common ERP Gaps That Fail Inspections

These are the specific failures that DOSH and BOMBA inspectors find most frequently. Each one can result in an improvement notice (DOSH) or Fire Certificate non-renewal (BOMBA).

Gap	Why It Fails Inspection	How to Fix
No drill records	Cannot prove drills were conducted	Document every drill: date, time, participants, findings, corrective actions
Outdated ERP document	Contacts wrong, procedures obsolete, layout changed	Annual review with version control. Update after any facility change.
Untrained ERT members	Cannot demonstrate competency when inspector asks	Annual training with dated records and content documentation
Blocked evacuation routes	Direct safety hazard, visible during walkthrough	Daily housekeeping, weekly route audits, disciplinary for obstruction
Expired fire extinguishers	Equipment may not function in emergency	Monthly visual checks, annual professional servicing, tracking spreadsheet
No night shift ERT coverage	Factory unprotected during off-hours operations	Train ERT members on all shifts, maintain minimum team per shift
ERP not accessible	Document locked in office, workers cannot reference it	Copies at security post, control room, each floor. Summary cards at workstations.
No external coordination	Local BOMBA station unaware of facility hazards	Visit local BOMBA station, share facility information, invite to annual drill

ERP Review Triggers

Trigger	Action Required
After any actual emergency incident	Full review of response effectiveness, update procedures based on lessons learned
After drills reveal gaps	Address specific failures, retrain where needed, update procedures
Facility layout changes	Update floor plans, evacuation routes, equipment locations, assembly points
New processes, chemicals, or equipment	Add new emergency scenarios, update hazardous material inventory
ERT members leave or are replaced	Update contact lists, train replacements, verify shift coverage
Scheduled annual review	Full document review even if nothing else triggers a revision

ERP and Your Insurance Programme

Facilities with documented and tested emergency procedures present better risk profiles to insurers. This is not theoretical: insurance surveyors assess your emergency preparedness during pre-inception risk surveys.

Your ERP documentation directly affects fire insurance and industrial property insurance (IAR) assessments. Surveyors check for emergency procedures, drill records, equipment maintenance, and ERT training. A factory with a tested ERP and trained team demonstrates proactive risk management, which supports better insurance terms.

During claims investigation, loss adjusters will request your ERP to assess whether the emergency response was adequate. If your ERP was outdated, your ERT was untrained, or your fire extinguishers were expired at the time of the incident, it weakens your position during the claims process.

Get Your Factory's Insurance Programme Aligned with Emergency Preparedness. Contact Foundation Today.

Frequently Asked Questions

Is an Emergency Response Plan mandatory for all factories in Malaysia?

Yes. Under Section 15(2)(f) of OSHA 1994 (Amendment 2022), effective 1 June 2024, all employers must develop and implement emergency procedures. Factories with Fire Certificates must also demonstrate fire emergency procedures to BOMBA during annual inspections. The maximum penalty for non-compliance is RM 500,000 or 2 years imprisonment.

How often must we conduct fire drills?

At least twice per year for full evacuation drills, with all shifts participating. High-risk facilities (chemical storage, flammable materials) should conduct quarterly drills. BOMBA inspectors expect drill records during Fire Certificate renewal. Monthly fire warden walkthroughs and quarterly tabletop exercises are also recommended.

Do we need to submit our ERP to DOSH?

Standard factories do not need to submit ERPs to DOSH. However, DOSH inspectors will request to see the document during workplace audits. CIMAH-regulated facilities (those handling hazardous chemicals above threshold quantities) must submit formal ERPs to DOSH every three years, prepared by an approved Competent Person.

What training do ERT members need?

Training depends on role. Fire wardens need evacuation and fire warden training. First aid team members need Occupational First Aid certification (valid 3 years). Firefighting team members need training on extinguisher and hose reel use. Spill response teams need HAZMAT awareness training. All ERT members must understand the overall ERP and their specific responsibilities through at least annual training.

Can BOMBA conduct unannounced inspections?

Yes. BOMBA can conduct unannounced inspections and may ask to observe a drill or interview workers about emergency procedures. More commonly, BOMBA inspectors review drill records and procedures during scheduled Fire Certificate inspections. Being prepared for unannounced visits means keeping your ERP current and your equipment maintained at all times.

What happens if we do not have an ERP during a DOSH inspection?

DOSH can issue an improvement notice requiring you to develop and implement emergency procedures within a specified timeframe. Failure to comply can result in prosecution under OSHA 1994 with fines up to RM 500,000. Daily penalties of RM 2,000 may apply for continuing non-compliance.

How do we coordinate with BOMBA for major emergencies?

Include your nearest BOMBA station contact in your emergency contact list. For facilities with significant fire or HAZMAT risks, visit your local BOMBA station to discuss facility hazards, provide site plans, and ensure they have current access information. Consider inviting BOMBA to observe your annual full-scale drill. This coordination improves response time and effectiveness during actual emergencies.

Does our ERP need to cover contractor activities?

Yes. Under Section 18A of the amended OSHA 1994, principals have duties toward contractors working under their direction. Your ERP must include provisions for contractor emergency procedures: induction on your evacuation routes, assembly points, alarm systems, and ERT contacts. Contractors performing high-risk work (hot work, confined space entry) need activity-specific emergency procedures.

What is the minimum content for fire drill documentation?

Every fire drill record must include: date and time of drill, number of participants and percentage of total workforce, measured evacuation time, specific issues or failures identified during the drill, corrective actions assigned with responsible persons and deadlines, and sign-off by the Safety and Health Officer or ERT Coordinator.

How does ERP compliance affect insurance claims?

During claims investigation, loss adjusters assess whether your emergency response was adequate. They request your ERP, drill records, equipment maintenance logs, and ERT training records. Factories with documented and tested procedures demonstrate proactive risk management. This strengthens your claim position. Conversely, an outdated ERP, expired extinguishers, or untrained ERT at the time of an incident weakens your position and may complicate claim settlement.

An Emergency Response Plan is not a document you create once for a BOMBA inspection and file away. It is a system that must be tested through drills, updated after changes, and maintained with current contacts, trained teams, and functional equipment. The companies that invest in genuine emergency preparedness do not just pass inspections. They respond effectively when real emergencies occur.