Skip to content
Company Logo

Assessing and Monitoring Health and Safety Risk

Scope of this chapter

Assessing and monitoring health and safety risks is a key part of ensuring the service provides a safe working environment for staff and visitors, and safe care and treatment for the people we support.

Risks are things that could cause accidents, injuries and other harm (such as illness or mental health issues).

Assessing, reviewing and monitoring risks in the workplace is a legal requirement under the Management of Health and Safety at Work Regulations 1999.

Assessing, reviewing and monitoring risks relating to the people we support is a legal requirement under the Health and Social Care Act (Regulated Activities) Regulations 2014.

This chapter provides examples of common and specific risks that must be assessed, and how to carry out a generic health and safety risk assessment.

Note: Every service is different and as such, the risks will be different. This chapter does not claim to identify all potential risks. This is the responsibility of the registered person.

Relevant Regulations

Related Chapters and Guidance

The risks that must be assessed fall broadly into 3 categories:

  1. Generic risks;
  2. Risks that only affect certain staff members;
  3. Person-specific or activity-specific risks.

Generic risks are those that are common. They have the potential to affect everyone or most people. This includes staff, people being supported and visitors.

All of the following are examples of generic risks that should be assessed:

  • Slip and trip hazards;
  • Fire safety;
  • Evacuation in an emergency;
  • Gas safety (including Oxygen where applicable);
  • Electrical safety;
  • Maintenance of premises and equipment;
  • Moving and handling;
  • Risk of violence at work;
  • Risks from medications;
  • Risk from substances hazardous to health;
  • Infection risks;
  • Handling and disposal of waste;
  • Risks from the weather;
  • Disruption to utilities (gas, electricity, water);
  • Staffing levels and skills deficits;
  • Lone working risks;
  • Occupational health risks;
  • Where applicable, company or private vehicle use and maintenance.

For example:

  • Pregnant workers;
  • Workers with an existing occupational health disease;
  • Workers with a disability or health condition that places them at increased or additional risk.

Person-centred risks are risks that do not affect staff and visitors - only the people we support. They can affect one person or several people.

For example, specific risks:

  • From everyday tasks e.g., cooking, making a drink, cleaning;
  • From community activities e.g., swimming, going shopping, going to an event, going on holiday;
  • From a specific health need e.g., those with low immunity or oxygen users;
  • From a particular individual e.g., safeguarding risks;
  • From themselves e.g., self-neglect, hoarding, absconding.

People carrying out risk assessments must be suitably competent, skilled and knowledgeable to do so.

Most generic health and safety risk assessments should be carried out by the registered person and/or Designated Health and Safety Lead. If another manager or senior staff member has received relevant training, this task can be delegated. However, the responsibility for making sure risks are assessed and control measures in place remains the responsibility of the registered person.

Some risk assessments may require specialist knowledge or expertise. It may be beneficial to seek external support when carrying out these assessments. For example, around fire, gas or electrical safety.

The process of generic health and safety risk assessment is explained in the next section of this chapter.

If a risk only affects a certain staff member, the risk assessment should be carried out with that staff member to ensure that it reflects their circumstances.

It should follow the same process as a generic risk assessment.

When assessing risks to people being supported, the process is different. It needs to be person centred and involve the person. It is not always about eliminating risk but supporting people to take a risk when there is a benefit to doing so.

The process of person-centred risk assessment is explained in a dedicated chapter of this Handbook.

See: Risk Assessment (Person-centred)

Risk very rarely happens in a single context or environment. Generic risk assessment should therefore take account of all the different contexts in which the risk may occur. If a risk is likely to occur in more than one environment or context, it should be assessed in each;

For example, if a person is at risk of falling due to their mobility issues, risks should be considered in the context of the home environment, the community and any specific activities they do that may pose an increased risk.

Managers may carry out risk assessments, but anyone likely to be impacted should also be given opportunities to be involved. This is a legal requirement. As such, managers must collaborate and consult with both staff and the people being supported (or their representatives) as part of the risk assessment process. Any views expressed should be listened to and any ideas for managing risks considered;

It is not expected that all health and safety risks can be eliminated but the service must do everything reasonably practicable to protect people from harm. This includes staff, people being supported and visitors.

Risk assessment involves 5 steps:

  1. Identify what the risks are;
  2. Decide how likely it is that someone could be harmed, and how seriously;
  3. Take action to eliminate the risk, or if this isn’t possible, control it;
  4. Make a record of the risks and control measures;
  5. Review the control measures.

For example:

  • Are there moving and handling risks?
  • Are there risks from substances or chemicals?
  • Is there a risk from the environment - slips, trips, falls;
  • Is all the equipment suitable for use and well-maintained?
  • Do staff using equipment do so safely, and are they trained?
  • Are staff or others at risk of violence?
  • Are there any unsafe work practices around things like infection control and medication?
  • Do people know what to do in an emergency?
  • Would people be able to exit safely in an emergency?


  • Who might be harmed?
  • How might they be harmed?
  • What is the significance of any harm likely to be to the individual and others - low, moderate,  significant?
  • What is already being done to control the risks?
  • Is it possible to eliminate the risks? If so, how?
  • If not, is there any further action needed to better control the risks?
  • If so, who needs to carry out the action and how soon?

The following should be recorded:

  1. The risks (things that may cause harm);
  2. Who is at risk of harm and how;
  3. What is being done to control the risk of harm occurring.

Risk assessments must be shared with all staff and other people that may be affected by the risk. They should also be made available upon request to the Health and Safety Executive (HSE), a Fire Safety Officer, the Care Quality Commission (CQC) or commissioning bodies as part of an inspection.

Everyone is personally responsible for following the control measures.

Everyone is responsible for proactively monitoring whether risk assessments are effective.

The registered person must ensure that arrangements are in place to review and update risk assessments periodically and whenever the need arises.

For example:

  • If people being supported leave or join the service;
  • If staff leave or join the service;
  • If there are signs that a control measure may no longer be effective;
  • If there has been an incident, accident, near miss etc.;
  • If new equipment is installed or delivered;
  • If the needs of staff members or people using the service change.

To review the risk assessment, complete steps 1-4 above.

The Health and Safety Executive (HSE) and the government has guidance online to help in the assessment of specific risks as follows:

Fire, gas and electrics

Fire safety

Fire safety risk assessment: residential care premises

Gas safety

Electrical safety

Environmental risks

Slips and trips

Falls from windows

Moving and handling

Moving and handling


Electric profiling beds

Equipment safety

Personal safety

Workplace transport

Workplace violence

Risk of specific injuries

Scalding and burning

Sharps injuries

Harmful substances

Management of healthcare waste

Harmful substances

Infection risks

Personal Protective Equipment


Occupational health


Latex allergy

Risks that only affect certain staff members

New and expectant mothers

People with disabilities

Young people at work

Migrant workers

The Health and Safety at Work Act etc.1974, and associated legislation, conveys powers on Care Quality Commission (CQC) Inspectors and Fire Officers to enforce statutory compliance.

A failure to control health and safety risks will lead to prosecution of the registered person or relevant staff member when there has been:

  1. A failure to comply with an Improvement or Prohibition Notice;
  2. A failure to manage fire safety or notify the Fire Service of any significant risks on the premises;
  3. A breach of law that has significant potential for harm, regardless of whether it caused an injury;
  4. A reckless disregard for the health and safety of staff, people being supported or others;
  5. Repeated breaches of legal requirements where it appears that management is neither willing nor structured to deal with this adequately;
  6. Substantial legal contravention, where there has been a serious accident or a case of ill health.

If the CQC considers that there has been a breach of Regulation 12: Safe care and treatment, registration can be withdrawn.

Last Updated: September 12, 2022