Safety Services


Risk Assessment Standard

This Standard applies to the risk assessment of work activities undertaken by UCL employees i.e. staff and post-graduate students.


This Standard applies to risk assessment of work activities undertaken by UCL employees i.e. staff and post-graduate students. Specifically, it details the arrangements Departments must have in place to ensure that both the process of assessment and the assessments themselves are suitable and sufficient.

This Standard does not cover how to conduct a risk assessment. Please view our Risk Assessment pages for information on the risk assessment process.

Legal requirements

The Management of Health and Safety at Work Regulations 1999 requires that UCL:

  • Assesses risks to the health and safety of anyone that may be affected by our activities – staff, students and others (e.g. visitors, contractors) so as to identify the measures needed to prevent and/or control harm

Other health and safety regulations also require the assessment of specific risks and/or types of work. These may vary in detail required but essentially the process of assessment is the same. In addition, an assessment does not necessarily have to be carried out more than once for the purpose of different regulations. The Management of Health and Safety at Work Regulations are broad in scope and cover all risks, with the more specific regulations setting out in more detail what needs to be considered as part of the assessment.


  • Department: In the context of this Standard "Department" applies to UCL organisational units immediately below faculty level and therefore includes groups known as division, institute etc
  • Hazard: Anything that has the potential to cause harm
  • Harm: Usually considered to be injury or ill-health but it could also include damage to property, equipment or the environment. It could also include damage to reputation - personally, to the group you work with or to UCL in general
  • Risk: The probability that harm could be caused by hazards, together with an indication of how serious the harm could be

Department arrangements 

All work activities that pose a significant Risk must be assessed. Risks associated with life, in general, do not need to be considered unless the work activity compounds or significantly alters those Risks. Assessments should be clear as to what is covered but also clear as to any exclusions.  

Assessments can be broad in scope or address a particular Hazard arising from a work activity. This is particularly the case for certain Hazards that require a specific approach to assessment and/or detailed information not relevant in more routine activity assessments.

The use of the riskNET risk assessment module is mandatory at UCL. Use of riskNET allows for recording of different types of activity assessment under one overarching title, for example, covering a whole research project. 

The level of detail needed in any assessment should be in proportion to the Risk associated with the work activity. More Hazardous activities may require more detail and/or more sophisticated approaches to assessment. 

Local arrangements for assessment must be documented and approved by the Head of Department and must address the following.

Who can carry out assessments

  • Those carrying out assessments should be competent i.e. have sufficient knowledge, skills and experience to undertake the assessment
  • If they are not directly involved in the activity being assessed, they much involve/consult those carrying out the work
  • The ability to carry out a risk assessment may require specific training and/or specialist input - see training requirements

Peer review

  • Preparation of assessments must always involve those carrying out the work but certain assessments, for example, high risk, complex and/or novel work may also need additional scrutiny by a competent independent individual
  • There are specific requirements for scrutiny of assessments for work with genetically modified organisms
  • Departmental Safety Officers may be involved in the risk assessment review process as a means of checking the impact of the work on other activities in the Department or if new Hazards are being introduced into the Department


  • Assessments should be approved by the person in management control of the work, for example, the Principle Investigator. Certain activities may require a higher level of approval because of the Risk posed by the work, even with identified controls in place
  • A Departmental Safety Officer should not be solely responsible for approving assessments but may be a joint approver for assurance purposes


  • Risk assessments must be recorded online using the riskNET database. riskNET provides a central, searchable database of assessments and helps ensure they are suitable and sufficient


  • The findings of risk assessments, in particular the control measures identified, must be communicated to all those carrying out or affected by the work. This can be achieved by the use of the distribution list in riskNET which automatically informs an individual when a risk assessment is approved
  • Other means of communication should be considered, including the use of ‘tool-box talks’ (presentations) which may be more appropriate for groups without regular computer access such as cleaners and security staff
  • Departmental Codes of Practice or Standard Operating Procedures (“SOP”) may also be used to communicate findings of assessments and in particular the controls measures identified

Training requirements

Review and revision

  • All assessments must be reviewed if there is any reason to suspect they are no longer valid, for example, if there has been a significant change to the work
  • Risk assessments in riskNET will be valid for 1 year and must be reviewed after this period of time
  • When reviewing a risk assessment, riskNET will also ask for the reason for revision to be entered, allowing formal recording of this information

Assurance and monitoring

  • The means by which Departments ensure that there are suitable and sufficient assessments in place for all Departmental activities should be identified. This could range from a simple check of the presence or absence of assessments for a sample of activities to a more detailed check on the quality of assessments and whether controls identified have been implemented

Last updated: Monday, April 13, 2020