OHS Hazard Identification and Risk Assessment Process
ISO45001 Toolkit: Version 1 ŠCertiKit
OHS Hazard Identification and Risk Assessment Process
Implementation guidance The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text, and certain generic terms, see the Completion Instructions document.
Purpose of this document The OHS Hazard Identification and Risk Assessment Process documents how hazards in the workplace will be identified, the risks resulting from them assessed, and the resulting actions put in motion.
Areas of the standard addressed The following areas of the ISO45001 standard are addressed by this document: •
•
6 Planning o 6.1 Actions to address risks and opportunities ▪ 6.1.1 General ▪ 6.1.2 Hazard identification and assessment of risks and opportunities ▪ 6.1.4 Planning action 8 Operation o 8.1 Operational planning and control ▪ 8.1.2 Eliminating hazards and reducing OH&S risks
General guidance The OHS hazard identification and risk assessment process underpins much of the ISO45001 standard, and it is worth spending some time to understand its main points. ISO45001 specifies a hierarchy of controls to be used to eliminate hazards and reduce risks. This defines an order of preference for the types of actions to be taken. This process may be used in a number of different circumstances, from a high-level assessment across the organization down to a low-level analysis of a specific work activity or change. A risk assessment spreadsheet tool is provided in the toolkit for use with this process.
Version 1
Page 2 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
Review frequency We would recommend that this document is reviewed annually.
Document fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”. To update this field (and any others that may exist in this document): 1. Update the custom document property “Organization Name” by clicking File > Info > Properties > Advanced Properties > Custom > Organization Name. 2. Press Ctrl A on the keyboard to select all text in the document (or use Select, Select All via the Editing header on the Home tab). 3. Press F9 on the keyboard to update all fields. 4. When prompted, choose the option to just update TOC page numbers. If you wish to permanently convert the fields in this document to text, for instance, so that they are no longer updateable, you will need to click into each occurrence of the field and press Ctrl Shift F9. If you would like to make all fields in the document visible, go to File > Options > Advanced > Show document content > Field shading and set this to “Always”. This can be useful to check you have updated all fields correctly. Further detail on the above procedure can be found in the toolkit Completion Instructions. This document also contains guidance on working with the toolkit documents with an Apple Mac, and in Google Docs/Sheets.
Copyright notice Except for any specifically identified third-party works included, this document has been authored by CertiKit, and is ©CertiKit except as stated below. CertiKit is a company registered in England and Wales with company number 6432088.
Licence terms This document is licensed on and subject to the standard licence terms of CertiKit, available on request, or by download from our website. All other rights are reserved. Unless you have purchased this product you only have an evaluation licence.
Version 1
Page 3 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
If this product was purchased, a full licence is granted to the person identified as the licensee in the relevant purchase order. The standard licence terms include special terms relating to any third-party copyright included in this document.
Disclaimer Please Note: Your use of and reliance on this document template is at your sole risk. Document templates are intended to be used as a starting point only from which you will create your own document and to which you will apply all reasonable quality checks before use. Therefore, please note that it is your responsibility to ensure that the content of any document you create that is based on our templates is correct and appropriate for your needs and complies with relevant laws in your country. You should take all reasonable and proper legal and other professional advice before using this document. CertiKit makes no claims, promises, or guarantees about the accuracy, completeness or adequacy of our document templates; assumes no duty of care to any person with respect its document templates or their contents; and expressly excludes and disclaims liability for any cost, expense, loss or damage suffered or incurred in reliance on our document templates, or in expectation of our document templates meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.
Version 1
Page 4 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
OHS Hazard Identification and Risk Assessment Process
Version 1
DOCUMENT REF
OHS-DOC-06-2
VERSION
1
DATED
[Insert date]
DOCUMENT AUTHOR
[Insert name]
DOCUMENT OWNER
[Insert name/role]
Page 5 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
Revision history VERSION
DATE
REVISION AUTHOR
SUMMARY OF CHANGES
Distribution NAME
TITLE
Approval NAME
Version 1
POSITION
SIGNATURE
Page 6 of 19
DATE
[Insert date]
OHS Hazard Identification and Risk Assessment Process
Contents 1
Introduction ............................................................................................................... 8
2
Hazard identification and risk assessment process ..................................................... 9 2.1
Criteria for performing hazard identification and risk assessments ................................ 9
2.2
Process diagram......................................................................................................... 10
2.3
Establish the context .................................................................................................. 11
2.4
Identify the hazards and resulting risks ....................................................................... 11
2.4.1 2.4.2
2.5 2.5.1 2.5.2 2.5.3
3
Identify the hazards ................................................................................................................... 11 Identify the resulting risks ......................................................................................................... 12
Assess the risks without controls ................................................................................ 12 Assess the likelihood of the risk ................................................................................................. 12 Assess the impact of the risk ..................................................................................................... 13 Classify the risk .......................................................................................................................... 14
2.6
Identify existing control measures .............................................................................. 15
2.7
Assess the residual risk level ...................................................................................... 15
2.8
Assess the adequacy of existing control measures ...................................................... 16
2.9
Plan any additional actions to address risks ................................................................ 16
2.10
Risk monitoring, reporting and review ........................................................................ 17
2.11
Roles and responsibilities ........................................................................................... 17
Conclusion................................................................................................................ 19
Figures Figure 1: OHS Hazard Identification and Risk Assessment Process................................................ 10 Figure 2: Risk matrix chart .......................................................................................................... 15
Tables Table 1: Risk likelihood guidance ................................................................................................ 13 Table 2: Risk impact guidance..................................................................................................... 14 Table 3: Hierarchy of controls ..................................................................................................... 16 Table 4: RACI table ..................................................................................................................... 18
Version 1
Page 7 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
1 Introduction The effective management of occupational health and safety has always been a priority for [Organization Name] in order to protect its workforce, meet its legal obligations and be a responsible employer. However, there is still much to be gained by [Organization Name] in continuing to introduce industry-standard good practice processes in the area of occupational health and safety management. [Organization Name] has decided to adopt the ISO45001 standard as an effective way to put in place an occupational health and safety (OH&S) management system to ensure that our objectives remain clear and current and our processes, policies and controls are continually improved. As part of this exercise it has decided to pursue full certification to ISO45001 in order that the effective adoption of occupational health and safety best practice may be validated by an external third party. A key part of an OH&S management system is the assessment of hazards and the risks resulting from them. In this context, a hazard is defined as a source with a potential to cause injury and ill health. A risk is the effect of uncertainty - the happening of an unwanted event, or the non-happening of a wanted event, which affects occupational health and safety in an adverse way. Risk is realised when: • • • •
The occupational health and safety objectives of the business are not achieved Occupational health and safety is not safeguarded from or mitigated against hazards There is non-compliance with organization policies and procedures or external legislation and regulation The occupational health and safety resources of the business are not utilised in an efficient and effective manner
It is important that [Organization Name] has an effective hazard identification and risk assessment process in place to ensure that potential negative occupational health and safety impacts do not become real, or if they do, that contingencies are in place to deal with them. It is also important that the process is sufficiently clear so that successive assessments produce consistent, valid and comparable results, even when carried out by different people. The purpose of this document is to set out such a process.
Version 1
Page 8 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
2 Hazard identification and risk assessment process The process described in this document is aligned with the international standard ISO45001 which defines the requirements for an occupational health and safety management system. It is recommended that this document be reviewed for a full understanding of the environment within which this hazard identification and risk assessment process operates. It is a key requirement of this process that its output be kept up-to-date and be effectively communicated within [Organization Name]. It is also important that workers are consulted and participate in the process at all stages. The process of hazard identification and risk assessment is shown in Figure 1 and described in more detail in the following sections.
2.1 Criteria for performing hazard identification and risk assessments There are a number of criteria that determine when a hazard identification and risk assessment should be carried out within [Organization Name] and these will vary in scope. In general, the criteria are that an assessment should be performed in the following circumstances: • • • •
As a local exercise to assess a specific work activity so that hazards and risks are understood, and appropriate controls may be put in place before the activity begins As a review of one or more work activities to identify ongoing improvements that may be made to the way the activity is carried out A comprehensive assessment covering all business activities, products and services within scope as part of the initial implementation of the occupational health and safety management system As part of projects that involve significant change to business activities
If there is uncertainty regarding whether it is appropriate to carry out an assessment, the organization should err on the side of caution and ensure that one is performed.
Version 1
Page 9 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
2.2 Process diagram
Figure 1: OHS Hazard Identification and Risk Assessment Process
Version 1
Page 10 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
2.3 Establish the context The overall environment in which the hazard identification and risk assessment is carried out should be described and the reasons for it explained. The scope of the assessment should also be defined. This may be expressed in terms of factors such as: • • • • •
The specific work activity under consideration Geographical location, e.g. countries, offices, manufacturing plants Organizational units, e.g. specific departments Business processes or activities Products or services
Where appropriate, workers should be consulted about the scope of the assessment to ensure that it covers the areas of greatest need.
2.4 Identify the hazards and resulting risks 2.4.1 Identify the hazards Hazards may arise from a number of different sources and will depend upon the nature and context of the work activity or other situation being assessed. The following list should be used as a starting point for the identification of hazards that may result in risks: •
•
•
•
The work environment o Workload o Quantity and hours of work o Social factors, such as harassment and bullying o Organizational culture Work activities and situations o Workplace conditions o Equipment in use o Materials and substances used o Business processes, such as production and maintenance o Human factors o Working methods People o Who has access to the workplace o People near the workplace o Workers offsite Change o Organizational changes o Changes to the work that is performed o Changes to the way work is performed
Version 1
Page 11 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
•
•
o Changes in existing, known hazards Other issues o Work area design and adaptation o Operating procedures o Activities or situations in the surrounding area, either under the control of the organization or a third party, or arising from public access Actual and potential incidents o Past incidents o Past emergency situations and their causes o Potential future incidents
The participation and consultation of workers is a key part of ensuring that all of the relevant hazards are considered. Identified hazards will then be used as the basis of consideration of the risks that may arise from them.
2.4.2 Identify the resulting risks The identification of risks arising from the identified hazards and relevant to the assessment will be performed by a combination of observation, group discussion and interview with interested parties. Such interested parties will normally include (where possible): • • • • • • • •
Manager(s) responsible for each business activity, product or service Workers, or representatives of the people who normally carry out each aspect of the activity Additional people involved in the assessment of occupational health and safety hazards Providers of the inputs to the activity Recipients of the outputs of the activity Appropriate third parties with relevant knowledge, e.g. compliance obligations Representatives of those providing supporting services and resources to the activity Any other party that is felt to provide useful input to the risk identification process
Identified risks will be recorded with as full a description as possible that allows the likelihood and impact of the item to be assessed, including an indication of who might be harmed if the risk happens. Each risk should also be allocated an owner.
2.5 Assess the risks without controls 2.5.1 Assess the likelihood of the risk An estimate of the likelihood of a risk occurring must be made. This should consider whether it has happened before, either to this organization or similar organizations in the Version 1
Page 12 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
same industry or location. The likelihood of each risk should be graded on a numerical scale of 1 (low) to 5 (high). General guidance for the meaning of each grade is given in Table 1. When assessing the likelihood of a risk, existing measures that are in place should not be considered. More detailed guidance may be decided for each grade of likelihood, depending on the subject of the risk assessment.
GRADE
DESCRIPTION
SUMMARY
1
Rare
Has never happened before and there is no reason to think it is any more likely now
2
Unlikely
There is a possibility that it could happen, but it probably won't
3
Possible
On balance, the risk is more likely to happen than not
4
Likely
It would be a surprise if the risk did not occur, either based on past frequency or current circumstances
5
Very Likely
Either already happens regularly, or there is some reason to believe it is virtually imminent
Table 1: Risk likelihood guidance
2.5.2 Assess the impact of the risk An estimate of the impact that the risk being realized could have should be given. Impact should be considered in the following areas: • • •
Occupational health and safety Public well-being Compliance obligations
[Note: You may decide to adjust the above list by adding or removing areas to be considered] The impact of each risk should be graded on a numerical scale of 1 (low) to 5 (high). General guidance for the meaning of each grade for risks is given in Table 2. More detailed guidance may be defined for each grade of impact, depending on the subject of the risk assessment. GRADE
OCCUPATIONAL HEALTH AND SAFETY
PUBLIC WELL-BEING
COMPLIANCE OBLIGATIONS
1 Insignificant
Negligible
Very small additional risk
No implications
2 Minor
Small impact that can be managed and corrected
Within accepted limits
Small risk of not meeting compliance
3 Moderate
Minor immediate injury, or long-term illness
Elevated risk requiring immediate attention
In definite danger of operating illegally
Version 1
Page 13 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
GRADE
OCCUPATIONAL HEALTH AND SAFETY
PUBLIC WELL-BEING
COMPLIANCE OBLIGATIONS
4 Major
Serious immediate injury or significant long-term illness
Significant danger to life
Operating illegally in some areas
5 Catastrophic
Immediate loss of life, or lifeshortening long-term illness
Real or strong potential loss of life
Severe fines and possible imprisonment of staff
Table 2: Risk impact guidance
2.5.3 Classify the risk Based on the assessment of the grade of likelihood and impact, a score is calculated for each risk by multiplying the two numbers. This resulting score is then used to decide the classification of the risk based on the matrix shown in figure 2. Each risk will be allocated a classification based on its score as follows: HIGH: MEDIUM: LOW:
12 or more 5 to 10 inclusive 1 to 4 inclusive
[Note – you may decide to change the definition of high, medium and low classifications based on your general risk appetite. E.g. you may decide that only risks with a score of 16 or more will be classified as high.]
Version 1
Page 14 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
RISK LIKELIHOOD: What are the chances of the risk event happening?
RISK IMPACT: How severe could the consequences be if the risk event happened?
INSIGNIFICANT 1
MINOR 2
MODERATE 3
MAJOR 4
CATASTROPHIC 5
VERY LIKELY 5
MEDIUM 5
MEDIUM 10
HIGH 15
HIGH 20
HIGH 25
LIKELY 4
LOW 4
MEDIUM 8
HIGH 12
HIGH 16
HIGH 20
POSSIBLE 3
LOW 3
MEDIUM 6
MEDIUM 9
HIGH 12
HIGH 15
UNLIKELY 2
LOW 2
LOW 4
MEDIUM 6
MEDIUM 8
MEDIUM 10
RARE 1
LOW 1
LOW 2
LOW 3
LOW 4
MEDIUM 5
Figure 2: Risk matrix chart
2.6 Identify existing control measures The existence of existing measures used to address the risk must then be considered, as these will affect the likelihood and impact of the risk being realised. These may include: • • •
Engineering controls, such as guards and rails Administrative controls, including training Use of personal protective equipment (PPE), such as hardhats and gloves
The current effectiveness of these existing measures must also be assessed. This is best done in consultation with the people using the controls.
2.7 Assess the residual risk level Once the existing controls to be applied have been identified, the resulting changes to the likelihood and/or impact of the risk must be assessed to give the residual risk level i.e. the remaining risk.
Version 1
Page 15 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
2.8 Assess the adequacy of existing control measures If the residual level of risk once existing controls have been considered is higher than required, further control actions may be applied to reduce it further and bring it within acceptable bounds. These additional controls must be reasonably practicable within the context of the activity under assessment.
2.9 Plan any additional actions to address risks The OH&S Manager will ensure that all parties who have an interest or bearing on the treatment of the risk are consulted, including the risk owner. Additional actions will be identified based on the hierarchy of controls shown in Table 3. PREFERENCE
CONTROL
EXAMPLES
A
Eliminate the hazard
Avoid the use of hazardous materials completely, plan ergonomics into the design of working areas, use job design principles to avoid workplace stress, remove vehicles from an area
B
Substitute with less hazardous processes, operations, materials, or equipment
Replace solvent-based paint with water-based paint, use lower powered electrical equipment, replace flooring with less slippery alternatives
C
Use engineering controls and reorganization of work
Install machine guards, better ventilation, noise reduction, make jobs more compatible with good mental health
D
Use administrative controls, including training
Provide awareness training on health and safety issues, change shift patterns, health surveillance programmes, better procedures
E
Use adequate personal protective equipment
Safety shoes, hardhats, safety glasses, gloves, with training on use and maintenance
Table 3: Hierarchy of controls
Each action must have an appointed person responsible for its implementation, and an intended action date. The risk assessment and action plan will then be put forward to management for approval. In addition to overall management approval, the action plan for each risk should be signed off by the relevant owner.
Version 1
Page 16 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
2.10 Risk monitoring, reporting and review As part of the implementation of new actions and the maintenance of existing ones, key performance indicators will be identified, which will allow the measurement of the success of the actions in addressing the relevant risks. These indicators will be reported on a regular basis and trend information produced so that exceptional situations can be identified and dealt with as part of the management review process of the OH&S management system. In addition to a full annual review, risk assessments will be evaluated on a regular basis to ensure that they remain current and the applied actions valid. The relevant risk assessments will also be reviewed upon major changes to the business such as office moves, mergers and acquisitions or introduction or new or changed products, services and business activities. The results of risk assessments must be communicated to workers with an interest in the processes and procedures that fall within their scope. This should be done in conjunction with more general awareness activities to raise the profile of risk management within the organization.
2.11 Roles and responsibilities Within the process of risk assessment, there are several key roles that play a part in ensuring that all hazards and risks are identified, addressed and managed. These roles are shown in the RACI table below, together with their relative responsibilities at each stage of the process. Table 4 clarifies the responsibilities at each step using the RACI model.
STEP
RESPONSIBLE
ACCOUNTABLE
CONSULTED
INFORMED
Establish the context
OH&S Manager
Top management
Local management
Relevant workers
Identify the hazards and resulting risks
Risk Assessor
Top management
Relevant workers and local management
OH&S Manager
Assess the risks without controls
Risk owners
Top management
Relevant workers and local management
OH&S Manager
Identify existing control measures
Risk Assessor
Top management
Relevant workers and local management
OH&S Manager
Assess the residual risk level
Risk owners
Top management
Relevant workers and local management
OH&S Manager
Assess the adequacy of existing controls
Risk Assessor
Top management
Relevant workers and local management
OH&S Manager
Version 1
Page 17 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
STEP
RESPONSIBLE
ACCOUNTABLE
CONSULTED
INFORMED
Plan any additional actions to address risks
Risk owners
Top management
Relevant workers and local management
OH&S Manager
Risk monitoring, reporting and review
OH&S Manager
Top management
Risk owners
Relevant workers and local management
Table 4: RACI table
Further roles and responsibilities may be added to the above table as the hazard identification and risk assessment process matures within [Organization Name].
Version 1
Page 18 of 19
[Insert date]
OHS Hazard Identification and Risk Assessment Process
3 Conclusion The process of hazard identification and risk assessment is fundamental to the implementation of a successful occupational health and safety management system and forms a significant part of the ISO45001 standard. Only by fully understanding its hazards and risks can an organization hope to ensure that the actions it puts in place are sufficient to provide an appropriate level of protection against relevant occupational health and safety incidents. By following this process [Organization Name] will go some way to ensuring that the occupational health and safety risks that it faces in the day-to-day operation of its business are effectively managed and controlled.
Version 1
Page 19 of 19
[Insert date]
