What are the Health And Safety Executive’s ‘Five Steps’ to Risk Assessment?

The Health and Safety Executive (HSE) has created five steps for organisations and employers to follow when carrying out risk assessments within their workplace. It can be daunting and confusing to conduct risk assessments, so these five steps are certainly helpful and provide a thorough guide for organisations to follow.

What is the Health and Safety Executive (HSE)?

The Health and Safety Executive (HSE) is the UK based body which has the purpose to ensure that health and safety in the workplace is achieved through appropriate means. HSE is responsible for enforcing health and safety legislation and the legal requirement that organisations carry out risk assessments. HSE are also responsible for conducting research into the occupational risks which can exist within UK organisations. Therefore, the acumen of the HSE means that the five steps created hold a lot of weight for organisations conducting their risk assessments.

What are the five steps to risk assessment, recommended by the HSE?

Step 1: Identify Hazards

A hazard is anything which could cause an individual harm. Hazards can be designated into different types, such as: physical, chemical, biological and mental hazards.

For example, chemical hazards can include asbestos and aerosols, whereas physical hazards can include liquid spilt on the floor which an individual could slip on, or constant noise which can be harmful. There is a large range of hazards which can be apparent within the workplace, and it is the employer’s responsibility to ensure that all of them are identified and documented.

Step 2: Who could be at risk from these hazards?

Within the workplace, there are obviously employees and work associates present, but this also extends to visitors, as it is still an organisation’s responsibility to protect visitors as well. Once your hazards have been identified within the workplace, the risk which is associated with these hazards and who will be exposed to these hazards is the next port of call. For example, an employee who has to drive two hours to work during rush hour will be exposed to more risk than an employee who has to travel five minutes to work. Therefore, if your employee is required to drive for two hours during rush hour, you need to take into consideration what you can do to help this affected individual.

The physical and mental differences between employees might mean that some employees are more at risk to certain hazards than others. For example, if there is a pregnant employee there needs to be a lot of consideration taken to protect them from certain hazards, such as slips and trips.

Step 3: Implement the necessary control measures and ‘take action’.

This process involves the organisation taking into consideration the risk level associated with the hazard (whether it is high risk, medium risk or low risk). Following this, it will be decided which hazards will then be protected by the necessary control measures.

Step 4: Record all of these hazards, risks and control measures.

If an organisation has over five employees, it will be required to carry out a risk assessment. This should be documented, allowing each step of the risk assessment procedure to be written down and re-assessed.

This documentation protects the organisation as it proves that the legal requirement of a risk assessment was carried out. It also allows the following step, which is the review stage, to become a lot easier because it will all be documented.

Step 5: Review stage of the risk assessment.

Once the risk assessment has been completed it must be taken for review, and this must continue to happen regularly. Review of the risk assessment ensures that all hazards were dealt with appropriately, and that all employees who are at risk have been appropriately protected. When new employees join the organisation or in general as changes occur within the organisation, this will demand a new risk assessment be conducted. Therefore, your risk assessment must be continually re-assessed to ensure it stays up to date and effective.

The HSE’s five steps to risk assessment can be very useful in offering guidance to your organisation and the conduct of risk assessment in general. Risk assessments are legal requirements and certainly beneficial, so they must be carried out appropriately.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.