Skip to main content

Risk assessment

This guidance supports line managers to make a suitable and sufficient assessment of significant hazards associated with the work activities they manage.

Code Of Practice

As part of managing the health and safety of your activities, you must control the risks associated with them. To do this, you need to think about what might cause harm to people and decide whether you are taking reasonable steps to prevent that harm. This process is called risk assessment and it is a legal requirement.

The requirements for risk assessment apply to all people carrying out work activities for the University of Bath. This covers work activities carried out by employees, postgraduate research students carrying out research work, visiting academics, contractors working directly for the University and volunteers. Students carrying out work activities in addition to their studies or research (for example when acting as demonstrators) are considered to be employees when carrying out these activities. Work activities includes work activities both on and off campus.

Risk assessments should consider workers and anyone else who might be affected by the University's work activities. This could include students, members of the public, contractors and anyone else who might be affected by your work.



Anything with the potential to cause harm. This could include psychological factors as well as physical, chemical, biological or radio-chemical agents.


The likelihood of a hazard causing harm.


The extent of any harm caused

Suitable and sufficient

There is no absolute legal definition for this term, but guidance indicates that to achieve this standard, the risk assessment should:

  • show that a proper check has been made by considering all foreseeable significant hazards
  • identify who might be affected
  • reflect the scale of the work carried out, taking account of the number of people involved
  • identify reasonable control measures that if applied will reduce the risk of harm or loss as low as is reasonably practicable
  • be clear and straightforward to understand

Employees and/or their representatives should be involved in the process.

Who is responsible for carrying out risk assessments

The responsibility for carrying out risk assessments sits with the employer. At the University, the responsibility for day-to-day management of health and safety matters is delegated through line management. As such, line managers are responsible for making sure that risk assessments are completed for all works they oversee, supervise or manage. Where people have responsibility for supervising the work of non-employees, such as postgraduate research students or volunteers, they will have the responsibility for making sure risk assessments are completed for the work activities carried out by these people.

When you need a risk assessment

Sensible risk management is about taking practical steps to protect people from real harm and suffering. You should carry out a risk assessment before you do any work which presents a risk of injury or ill health.

You do not need to include insignificant risks. You do not need to include risks from everyday life unless your work activities increase the risk.

What a risk assessment is

A risk assessment is a systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking.

Risks should be reduced to the lowest reasonably practicable level by taking preventative measures in the following order of priority, termed the Hierarchy of Control:

  1. Elimination − redesign the job or replace a substance so that the hazard is removed or eliminated.

  2. Substitution − replace the material or process with a less hazardous one.

  3. Engineering controls − for example use work equipment or other measures to prevent falls where you cannot avoid working at height, install or use additional machinery to control risks from dust or fume or separate the hazard from operators by methods such as enclosing or guarding dangerous items of machinery/equipment. Give priority to measures which protect collectively over individual measures.

  4. Administrative controls – Identify and implement procedures to work safely. For example: reducing the time workers are exposed to hazards; prohibiting use of mobile phones in hazardous areas; increasing safety signage, and performing risk assessments.

  5. Personal protective clothes and equipment − only after all the previous measures have been tried and found ineffective in controlling risks to a reasonably practicable level, must personal protective equipment (PPE) be used. For example, where you cannot eliminate the use of a hazardous substance or use work equipment such as local exhaust ventilation to minimise the exposure (should one occur). If chosen, PPE should be selected and fitted by the person who uses it. Workers must be trained in the function and limitation of each item of PPE.

What type of risk assessment to produce

There are three types of risk assessment:


When a group of tasks are similar potentially across a number of similar locations, e.g. when there are a number of offices in a single building; one 'office safety' risk assessment would be appropriate.


This is for a specific task where the hazards and risks are clearly defined, e.g. an experiment in a laboratory.


A risk assessment that is for a person rather than a task. This may be due to a disability or physical injury that requires reasonable adjustments to their work environment and/or tasks carried out. A Display Screen Equipment (DSE) assessment would also fall into this category.

Completing a risk assessment

Read our guidance on how to complete a risk assessment.


If you have any questions, please contact us.

On this page