6.1.2 Hazard Identification and Assessment of Risks & Opportunities [ISO 45001 Procedure] Hazard Identification

Clause of ISO 45001:2018 is identical to the hazard identification and risk evaluation in OHSAS 18001. The cornerstone of the OHMS is the hazard identification and risk assessment process. The importance of this section of the health and safety management system cannot be overstated.


Use a Template for hazard identification, risk assessment and risk control to start the risk assessment process.

Before you begin, make a list of all the areas, activities, jobs, tasks that need to be risk assessed. For each of these areas and activities, use the Hazard Identification Register to identify if a hazard is present or not.


For each of the hazards identified in the checklist, complete the information required in the hazard identification register and Safety Risk Assessment forms, as appropriate.

Remember that the risk assessment part is just the prioritization mechanism to decide what actions to do first, and very careful attention needs to be placed on the hazard identification and risk control sections.

Ensure your organization’s hazard identification process considers:

  • Results of the context analyses (see 4.1 and 4.2)
  • Overview of documented information
  • Routine and non-routine activities and situations
  • Human factors
  • New or changed hazards
  • Potential emergency situations
  • People
  • Changes in knowledge of, and information about, hazards

In Clause 6.1.1, there is a new requirement to identify opportunities, as well as:

  1. Overview of documented information
  2. Consideration of workers at a location not under the direct control of the organization
  3. Consideration of those in the vicinity of the workplace who can be affected by the activities of the organization;
  4. Other issues including situations not controlled by the organization and occurring in the vicinity of the workplace that can cause ‘work-related’ injury or ill health

List the potential hazards or incidents that could happen while doing this process or job. A hazard is something with the potential to cause harm or injury. All hazards rated as 'Moderate' and 'Major' scores are considered significant and are prioritized for risk assessment in order to determine appropriate controls.

Consideration will have to be taken when developing your company specific road map (policy statement) to the avoidance and elimination of such hazards. In order to plan for hazard identification, risk assessment and control; the organization must identify and control risks associated with identified hazards associated with routine and non-routine activities.

Hazard identification and risk assessment form the core of the health and safety management system’s drive for control and improvement. What is important at this stage; is to understand the terms hazard and risk; these terms are commonly used, interchangeably in everyday conversation.

ISO 45001:2018 defines hazards as those things which have the potential to cause harm, and risks as those things which relate to the potential for harm to actually arise. A simple example might be to consider the electrical supply in a building. Electricity itself represents a hazard and provided the supply is live, the risk of electric shock remains.


These hazards and risks are best identified by understanding your business processes, identifying the tasks and activities where they arise and listing the inputs and outputs from each activity.

The key features of this clause are:

  • A procedure for identifying occupational hazards appropriate to a task
  • Evaluating the consequent risks and deciding which are significant
  • Identifying a level of risk which the organisation considers to be tolerable
  • Using this as a basis for setting objectives for improvement
  • Keeping the risk assessments and any improvement objectives up to date

This means that you need to document a procedure in sufficient detail to ensure a repeatable and consistent process.

There is also a need to keep sufficient records to show that the procedure has been effectively applied. It must cover the following situations:

  1. Normal, i.e., current operations, planned maintenance activities (what happens most of the time)
  2. Abnormal, e.g.; breakdown maintenance, out-of-control processes (planned but less frequent)
  3. Potential emergency, e.g.; fire, explosion, spillages etc. (the things that could go wrong)
  4. Planned changes (the ‘maintaining’ part of the requirement)

These can represent a wide range of issues, but it is essential they are all considered because your whole OH&S Management System will be focused on the output of this identification process and ranking for significance.

Auditors will test the process and its outputs for content, repeatability, accuracy, records, and later on, for the use of its outputs in focusing the direction and delivery of the health and safety management system.

Step 1: Look for Hazards

Walk around the work area, paying attention to activities and materials that have the potential to cause harm. Identify materials and substances; as well as equipment and tools.

Observe activities in the workplace as well as how people perform the activities.

Ask employees or representatives what they think and review applicable manufacturers’ health and safety data sheets.

Step 2: Decide Who Might Be Harmed and How

Groups of people that may be affected include operators, cleaners, contractors, maintenance personnel, members of the public, people sharing your workplace etc. Pay particular attention to young workers, inexperienced operators, disabled people, visitors and lone workers

Step 3: Evaluate The Risks and Decide Whether Current Controls Are Adequate

Consider how likely it is that each hazard could cause harm by using risk ratings to prioritize risk.

Determine whether or not you need to do more to reduce the risk and implement control measures (actions list) if the risks are not adequately controlled

Step 4: Record your Findings

Keep written records for future reference in order to demonstrate compliance to legal requirements (e.g.; manual handling, working in confined spaces).

Step 5: Review risk assessments and revise where necessary

Review and revise the risk assessment when there is any significant change (e.g.; new hazards arise due to new machines, substances and processes).

Regularly review the risk assessment to check that the precautions for each hazard still adequately control the risk and, if necessary, reassess the risk. Assessment of OH&S Risks

Processes for the assessment of risk to the OH&S management system must be available as documented information and must consider day-to-day operations and decisions (e.g.; peaks in work flow, restructuring) as well as external issues (e.g.; economic change).

Methodologies can include ongoing consultation of workers affected by day-to-day activities (e.g.; changes in work load), monitoring and communication of new legal requirements and other requirements (e.g.; regulatory reform, revisions to collective agreements regarding occupational health and safety), and ensuring resources meet existing and changing needs (e.g.; training on, or procurement of, new improved equipment or supplies).

The risk assessment should involve consultation with, and participation by, workers and take into account legal and other requirements. Risk assessment should be conducted by personnel with competence in risk assessment methodologies and techniques and appropriate knowledge of the organization’s work activities.

Having identified all hazards and associated risks which could impact on occupational health and safety, the process of rating the risks for significance can be carried out. This crucial process, together with a thorough knowledge of legal and other similar requirements, provide the foundations of the health and safety management system.

This assessment process is vital in determining the need for controls aimed at either reducing risk to levels deemed to be tolerable or meeting the requirements of legislation. The significance level (or risk rating) should then be used to prioritise actions. Remember that the importance of this process cannot be overestimated. If you get this process wrong, the whole system will be suspect.

The assessment of the severity of a health and safety risk drives management attention and supports planning for mitigation. Using a Health & Safety Risk Assessment form, a qualitative risk assessment scheme consisting of qualitative probability and impact scales is undertaken to ensure detailed understanding of the effects of each hazard and risk.

Risk Level (S1)

Likelihood of Occurrence

Severity of Impact
























Highly likely






Almost certain






Likelihood (S2)



Likelihood Rating






May only occur in exceptional circumstances


1 in 1,000



Could occur during a specified time period


1 in 100



Might occur within a given time period


1 in 10



Will probably occur in most circumstances


1 in 2



Expected to occur in most circumstances


1 in 1

Severity (S3)



Severity of Impact

Degree of Harm



Minor injury not requiring first aid or no apparent injury/adverse outcome, near miss



Temporary minor injury/illness/first aid treatment needed, referral to A&E or GP



Semi-permanent injury, over 3-day reportable injury. RIDDOR reportable



Major injury, or long-term incapacity/semi-permanent injury, hospital >/= 3-day absence



Death or major permanent incapacity. Multiple fatalities. Multiple permanent disabilities

Significance Score (S4)



Impact Exposure

Management Control Action (MCA)


1 to 2

Very low

Take reasonable steps to mitigate and monitor the risk. Institute permanent controls in the long term. Permanent controls may be administrative in nature if the hazard has low frequency, rare likelihood and insignificant consequence.

2 years

3 to 4


Take reasonable steps to mitigate and monitor the risk. Institute permanent controls in the long term. Permanent controls may be administrative in nature if the hazard has low frequency, rare likelihood and insignificant consequence.

1 year

5 to 9


Take reasonable steps to mitigate the risk. Until elimination, substitution or engineering controls can be implemented, institute administrative or personal protective equipment controls. These lower-level controls must not be considered as permanent solutions. Interim measures until permanent solutions can be implemented, develop administrative controls to limit the use or access. Provide supervision and specific training related to the issue.

Within 3 months

10 to 17


Act immediately to mitigate the risk. Either eliminate, substitute or implement engineering control measures. If these controls are not immediately accessible, set a timeframe for their implementation and establish interim risk reduction strategies for the period of the set timeframe. An achievable time frame must be established to ensure that elimination, substitution or engineering controls are implemented.


20 to 25

Very High

Act immediately to mitigate the risk. Either eliminate, substitute or implement engineering control measures. Remove the hazard at the source. An identified very high risk does not allow scope for the use of administrative controls, even in the short term.

Immediate Assessment of OH&S Opportunities

The process for assessment should consider the OH&S opportunities and any other opportunities determined, their benefits and potential to improve OH&S performance.

Opportunities to Improve OH&S Performance

  • Consideration of hazards and risks when planning and designing facilities, processes, plant and equipment, and materials
  • Modification of working processes including the alleviation of monotonous and repetitive work
  • Introduction of new technology to ameliorate high-risk activities
  • Collaborating in forums that focus on issues relating to occupational health and safety
  • Introduction of job safety analysis and task-related assessments
  • Implementation of permit-to-work processes
  • Implementation of ergonomic and other injury prevention-related assessments
  • Improvement of the occupational health and safety culture of the organization

Opportunities to Improve the Health and Safety Management System

  • Enhancing the visibility of Top management’s support for the OH&S management system
  • Improving worker consultation and participation in OH&S decision making
  • Enhancing the incident investigation process
  • Improving two-way communication on OH&S issues and promoting health and safety in the work place
  • Expediting corrective actions to address health and safety nonconformities
  • Implementing OH&S objectives with the same passion as other business objectives
  • Improving competency in identifying hazards, dealing with health and safety risks and implementing appropriate controls
  • Adopting a risk assessment approach to conducting health and safety audits and inspections
  • Viewing workers at all levels as a key resource of the organization
  • Ensuring that the management review promotes a strategic and critical evaluation of the health and safety management system

Related Information You Might Find Useful

Next ISO 45001 Clause

Each ISO 45001 Clause Explained

Updated: 6th April 2022
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO Checklist

Don’t Try to Manage It All Alone!

Our ISO Auditors and OH&S Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.

ISO 9001
ISO 14001
ISO 45001

Hazard Identification & Risk Assessment Procedure

The purpose of this procedure is to outline your organization’s ongoing and proactive methodology for the identification of operational hazards and the assessment of perceived risks to evaluate both existing and potential workplace hazards, and to determine the methods required to mitigate or eliminate the risks arising.

Forms & Reports also included:

  • Hazard Identification & Risk Assessment Process Turtle Diagram
  • Failure Mode & Effects Analysis (FMEA) Matrix
  • Hazard Identification Register
  • Health & Safety Risk Assessment
  • Job Safety Analysis Template
  • Workplace Inspection Template
  • Manual Handling Risk Assessment
  • COSHH Assessment Form
  • Work Equipment Risk Assessment

>> Free Download - Control of Calibrated Equipment Procedure - this will give you a good idea of what to expect when you purchase the procedure.

>> I'm looking for more Procedures



$19 USD

add to cart

  • Supplied as fully-editable MS Word or Excel files
  • All the templates use styles – making reformatting and rebranding a breeze
  • Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Credit card, PayPal or ApplePay

money back guarantee

We are 100% confident in the quality and contents of our products. Used by thousands of organizations around the world, our templates have been sold online since 2002.

Please read our Money Back Guarantee.


Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

  • Small Businesses – dentists, accountants, engineers
  • Large organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first-timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates and OH&S manuals is scalable and generic; regardless of the size and type of organization. The elements that form the Health and Safety Management System Template are the same.

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.


FAQs About Our Templates

Ask Us a Question

More Information


ISO 9001 Client images