STFC Risk management
06 Dec 2010









1Initial launchJanuary 2007
1.1Added Quantitative risk assessmentsAugust 2007
2.0Following audit of RA code, code updated t​o include “On the job risk assessment”, modify responsibilities and remove group leader role and checklist. Addition of new responsibility to consider the need for the use of structured risk assessment tools (HAZOP etc). Remove Group leader responsibilitiesNovember 2012
2.1Amendments to audit checklistMay 2013
2.2Minor change to Line Manager training requirementsFebruary 2014

Added Document Retention Policy

Minor changes to Appendix 3

November 2014
​​Minor changes related to launch of SHE Assure
​October 2018

1. Purpose

Under the provisions of the Management of Health and Safety at Work Regulations (1999) a suitable and sufficient risk assessment must be carried out for any work activity or procedure, and the risk assessment of significant risks documented.

Risk Assessment is the fundamental basis of effective safety management and is the requirement of much safety legislation, for example:

  • The Control of Substances Hazardous to Health Regulations 2002 (COSHH);
  • The Genetically Modified Organisms (Contained Use) Regulations 2000;
  • Display Screen Equipment regulations 1992 (DSE);
  • The Provision of Personal Protective Equipment at Work Regulations 1992; and
  • The Manual Handling Operations Regulations 1992 (as amended).

Use of this code should identify those areas where such specialist assessments are required and address those where no such specific legislation applies.

The aim of this code is to ensure that risk assessment is carried out consistently across the STFC and to a standard that is ‘suitable and sufficient’

Critical to the effectiveness of any general risk assessment process is its pragmatic application. STFC is required to reduce risks “as far as is reasonably practicable” (i.e. taking into account the cost and effort needed to reduce the risk against its likelihood of occurrence and potential severity) and then manage any residual risk. It is not required to eliminate risk.

Risk assessment is a simple tool to prompt the pro-active consideration of the health, safety and environmental implications of any activity and should be used to inform decisions about how an activity is carried out. Pragmatic application of this code relies on the judgment of managers and employees to ensure that:

  • those activities where significant injury, ill health or environmental harm could arise are the subject of documented risk assessment; and
  • the risks associated with changes to the scope or intent of work during the execution of work are also managed.

The results of undertaking a risk assessment for an activity can range from endorsement of the current health and safety controls, through avoidance of an activity, or identification of additional actions to further minimise risk, and in the extreme, ceasing an activity where the health and safety of those involved, or environmental impact cannot be managed.

2. Scope

The requirements of this code apply to all activities undertaken by STFC staff whether working at STFC sites or other locations on Council business.

Carrying out a general risk assessment may indicate the need to conduct a specialist risk assessments, for example working with chemicals, confined space work etc. These specialist assessments must be referenced in the general assessment but the specialist assessment does not need to be rewritten in the general risk assessment.

The assessment of risks for facility user experiments is the responsibility of those responsible for an experiment, for example User Experimental Risk Assessments, and based on hazard information provided by users.

This code does not apply to contractors working on behalf of the STFC. The responsibility to undertake a risk assessment for contractor activities lies with the contractor’s management. The STFC has a clear responsibility to ensure that all relevant information to enable the assessment to be undertaken by the contractor’s management is provided.

Tenants are responsible for undertaking their own risk assessment according to their own systems and standards. However, STFC should be satisfied that these risk assessments are documented where there is direct impact beyond the tenant’s boundary that could affect STFC staff, contractors, visitors etc.

3. Definitions

3.1 Hazard and risk

Hazard and risk are two important concepts and a definition is probably useful:

  • A hazard is something that has the potential to cause harm,
  • A risk is a measure of the likelihood that actual harm could occur, together with an indication of how serious the harm could be.
3.2 “Suitable and Sufficient” Risk assessment

A process where the following are identified:

  • the hazards of a particular activity;
  • those who could be affected by these hazards;
  • how they could be affected;
  • the existing hazard controls;
  • the magnitude of the risk is estimated and assessed to determine whether risks have been reduced “as far as is reasonably practicable”; and
  • Where the risks have not been reduced “as far as is reasonably practicable” identifying additional controls that will need to be implemented prior to undertaking the activity to further reduce the likelihood or severity.

This generic process is undertaken in one of three ways. The decision to use which of the three ways is subjective, and based on the assessors perception of the risks involved. Training (Appendix 5) aims to establish some consistency across STFC, but the three ways relate to three levels of perceived risk – Low, Medium and High:

Low - Mental Risk Assessment – the thought process that all sensible individuals undertake every moment of every day when assessing the risks associated with activities from crossing a road to lifting a heavy load.
​​USE – By an individual for very quick, less than 5 minute, routine tasks. For exa​​mple – changing a filter on a vacuum pump.
Medium - “On The Job” (OTJ) Risk Assessment  - An on the spot risk assessment, which many are used to doing mentally, when changes or additions to planned work occur, or if carrying out a quick task. The quality of mental risk assessments can be improved by using a very simple pro-forma designed to prompt the consideration of a wide range of hazards, called an OTJ RA.
​USE – For risk assessment of tasks that are brief, likely to take less than 30 minutes, and are unlikely to be repeated. For example changing a water pump. This method can also be used to manage changing risks within a larger job. If the need to make a change arises, this method can be used to assess the suitability of current controls.
High - Documented Risk Assessment - STFC uses a standard method to undertake and document risk assessments for activities with significant risks; this methodology is described in Appendix 1.
​USE – For complex tasks, and those simple tasks where significant risks exist.​

Suitable and Sufficient” risk assessments are those that:

  • are carried out in sufficient detail (relative to the complexity of the job), to help others understand what the risks are and how they are being managed; and
  • take account of all reasonably foreseeable significant risks

4. Responsibili​​ties and Duties​

4.1. Department Directors shall:
  • 4.1.1 Ensure all significant safety, health and environmental hazards within their area of responsibility have been risk assessed and a record of the risk assessment recorded in the STFC risk assessment database (SHE Assure​), and that these risk assessments are actively reviewed every 2 years.
  •  ​
  • 4.1.2 Ensure that sufficient resource is made available to implement risk control measures which have been identified by risk assessment and where those measures are considered reasonably practicable.
  • 4.1.3 When their responsibility includes User Facilities, ensure that a system to Risk Assess Facility User Experiments is put in place and managed by their staff.
4.2. Line managers/Supervisors shall:
  • 4.2.1 Undertake risk assessments for all activities, existing and planned, within their control. Where the risks are significant the assessment should be documented. Risk assessments should be carried out in conjunction with those who are planning and doing the work. See Appendix 1 and Appendix 2.
  • 4.2.2 Ensure that as appropriate, actions arising from risk assessments to implement additional controls are prioritised (when a range of actions compete for resource and priority), and implemented prior to undertaking the activity.
  • 4.2.3 Ensure that risk assessments are communicated to all those who are undertaking an activity and who may be affected by an activity.
  • 4.2.4 Ensure that all documented Risk Assessments are reviewed in the light of:
    • Changes to workplace procedures, activities or equipment; or
    • Changes to guidance or legislation; or
    • An incident occurring.
  • As a minimum all documented risk assessments should be reviewed every two years to ensure they still reflect the way an activity’s risks are managed effectively. The Line Manager’s check list in Appendix 3 can be used as a tool to help review risk assessments.
  • 4.2.5 Ensure that the controls identified in all risk assessments continue to be maintained and implemented where the activities continue to be undertaken. In areas where significant hazards are present the control measures may require more frequent monitoring. The results of such monitoring should be used to inform the review of any risk assessment.
  • 4.2.6 Ensure that where staff, or those working for them, may be required to undertake activities for which the use of the OTJ risk assessment process is necessary that those staff, and others, are given training and instruction  in the use of the OTJ assessment process. See Appendix 2.
  • 4.2.7 For major projects with multiple task risk assessments, including projects using the STFC Project Management system, managers should consider if the overall project requires the use of project risk assessment tools such as HAZOP, HAZID or HAZAN (see Appendix 4). Where such tools are employed a member of the STFC SHE Group must be involved.
4.3. Staff, users, tenants and visitors shall:
  • 4.3.1 Actively contribute to the risk assessment process for the activities they are involved in. See Appendix 1 and Appendix 2.
  • 4.3.2 Discuss with their line manager or supervisor if any significant risks cannot be managed using the resources immediately available.
  • 4.3.3 Ensure they understand the health, safety and environmental risks associated with activities they undertake, as appropriate asking their supervisor or line manager. Where the risks are significant, read a copy of the risk assessment to ensure they understand the control measures that should be in place prior to undertaking that activity.
  • 4.3.4 Employ the “On the job” (OTJ) risk assessment process to manage additional risks that arise during the course of work that has not been subject to a documented risk assessment but warrants more than a simple mental risk assessment. See Appendix 2.
  • 4.3.5 Implement the control measures established by risk assessment whether it is a mental risk assessment an OTJ risk assessment or documented risk assessment, for activities they undertake.
4.4. Safety, Health and Environment (SHE) Group shall:
  • 4.4.1 Maintain electronic storage systems to provide:
    • a secure database of risk assessments, and management of actions arising from the risk assessment process; and
    • data to support and assess the implementation of this code across the STFC for management teams and committees.
Contact: Smith, Andrew (STFC,DL,COO)