Health & Safety Risk Assessment — Plain English Guide

This is the starting point for UK workplace compliance. If you're not sure where to begin, start here. This page explains the general duty to assess risk — and links to the specific assessments your business probably also needs.

Looking for the technical detail? Read the version for professionals → MHSWR 1999, Regulation 3, hierarchy of control, and integration with other regulatory regimes.

What is a health and safety risk assessment?

A check of your workplace to identify risks and stop people getting hurt.

Is a health and safety risk assessment a legal requirement?

Yes. You must assess and manage risks under the Management of Health and Safety at Work Regulations 1999.

Do I need a risk assessment for my business?

Yes. It's the simplest way to show you are protecting your staff, customers, and business.

Why do businesses actually do risk assessments?

To reduce risk. They prevent accidents, protect people, and show you've done the right thing if something goes wrong.

Who is responsible for risk assessments?

You are. If you run or manage the business, it's your responsibility.

What are the different types of risk assessment?

General H&S risk assessment is the starting point. Specific assessments include:

• Fire risk assessment
• Legionella risk assessment
• COSHH (chemicals and hazardous substances)
• DSE (display screen equipment)
• Manual handling
• Noise

Most workplaces need several.

What is COSHH?

Control of Substances Hazardous to Health. A type of risk assessment specifically for chemicals, dust, fumes, and biological agents. Required under the COSHH Regulations 2002.

What is a Display Screen Equipment (DSE) assessment?

A risk assessment for people who use computers or screens for significant parts of their working day. Required under the Health and Safety (Display Screen Equipment) Regulations 1992. Covers seating, screen position, lighting, and breaks.

What happens if I don't do a risk assessment?

You carry the risk. If someone is injured, you could be fined, prosecuted, or held liable.

Can I do a risk assessment myself?

Yes — but only if you understand the risks and how to control them properly.

Do I need qualifications to do a risk assessment?

No. But you must be competent and able to justify your decisions.

What does a risk assessment actually involve?

Identifying hazards, who could be harmed, and how to reduce the risk.

What is a hazard?

Something that can cause harm. For example: electricity, slips, fire, or manual handling.

What is a risk?

The chance that harm could happen.

What are the 5 steps of a risk assessment?

1. Identify hazards
2. Decide who could be harmed
3. Evaluate and reduce risk
4. Record findings
5. Review regularly

Do I need to write down a risk assessment?

In most cases, yes. There used to be a "5 or more employees" written threshold but it's been superseded — for any meaningful business activity, you should write it down. It's the only way to prove you did it.

How often should risk assessments be reviewed?

Regularly — and whenever something changes. Annual review is industry standard, but the law says review whenever there's reason to suspect it's no longer valid. New equipment, new processes, new staff, an incident, or a near miss are all triggers.

What triggers a new risk assessment?

Changes, new equipment, new staff, or an incident.

Can a risk assessment fail?

Yes — if risks are not properly identified or controlled.

What happens after a risk assessment?

You must act on it. Put controls in place to reduce or remove risks.

What are control measures?

Actions taken to reduce risk. For example: training, signage, PPE, or safer processes.

What is PPE?

Personal protective equipment. For example: gloves, helmets, safety shoes, or eye protection.

Do I need to train staff on risk assessments?

Yes. Staff need to understand risks and how to work safely.

What's the difference between a risk assessment and a method statement?

A risk assessment identifies risks. A method statement explains how the work is done safely. Together they're known as RAMS, and most contractors and clients require both before work starts.

How long does a risk assessment take?

Depends on complexity. Simple sites can be quick; complex ones take longer.

How much does a risk assessment cost?

DIY risk assessments are free — just your time. Professional risk assessments typically £200–£500 for small premises and £500–£2,000+ for larger or higher-risk sites. Cost depends on size, complexity, and the type of work being assessed.

Do small businesses need risk assessments?

Yes. The law applies regardless of size.

Do offices need risk assessments?

Yes. Risks still exist even in low-risk environments.

Do landlords need risk assessments?

Yes — for managing risks in shared or managed spaces.

Can I use a template risk assessment?

Yes — but it must be tailored to your actual workplace. A generic template that hasn't been adapted to your premises and activities is not a valid risk assessment.

Do insurers ask for risk assessments?

Often, yes. They help prove you are managing risk properly.

What's the real purpose of a risk assessment?

To stop people getting hurt and protect your business.

---

Need the technical version? Read the H&S risk assessment guide for professionals →