News

Health & Safety Compliance in the Digital Environment

‘Convergence Culture’

“Ready or not, we are already living in a convergence culture” declared Jenkins (Convergence Culture, 2006) during another period of booming technological advancement – notably the dawn of the smartphone age. In broader culture the term ‘convergence’ had already been borrowed from Biology, adopted in Economics, Mathematics and Computing; generally alluding to a theory that basically describes a phenomenon where some creatures living in the same environment – although unrelated to each other, will eventually morph into a similar structure independently or develop identical traits.

In Telecommunications Policy (1998) several authors describe technological convergence along the aforementioned biological lines: multiple functions/technologies predicted to eventually share the same platform either for necessity or to increase efficiency. Fast-forward more than 20 years and the digital landscape has not failed to live up to lofty predictions, with the modern internet certainly boosting the speed in which progress has occurred.

Currently it has become expected that almost every electronic device serves multiple functions. For example the wristwatch can now receive and make phone calls alongside serving as a digital running and exercise companion – surprisingly the (then lauded) Fitbit was only launched in 2010. However for Q3 of 2018, Apple’s Smartwatch leapfrogged Fitbit for second place in global shipments and market share, achieving a year-over-year growth of 54% compared to Fitbit’s 3.1% shrinkage; an impressive feat for a company merely incorporating a related activity into their ‘smartwatch’ platform – convergence reaping benefits.

Convergence Meets Compliance

Health & safety compliance has also experienced convergence, albeit at a slower pace than larger culture. Any potential advancements in the industry are of course expected to be subject to – and limited by health & safety legislation and regulations; and this is important because legislation (primarily the Health and Safety at Work etc. Act 1974) created the government agency Health and Safety Executive (HSE) and gave them (to be more specific, the Secretary of State for Work and Pensions) broad powers in forming prosecutable health & safety regulations.

However the enhanced accessibility of up-to-date and indexed legislation online through the HSE’s information portals has meant that external consultation of health & safety law is in essence no longer needed. Realistically a medium to small company can compose its health & safety policy internally with minimal prior expertise. Along similar lines, the subject of data protection law which was passed as the GDPR in 2018 and the Data Protection Act of 1998 before that (addressed by Whenmouth previously here) has in practice converged with health & safety under the broad umbrella of compliance.

Compliance – or in this context: ‘regulatory compliance’, is simply about an organisation adhering to internal and/or external regulations for which incurred penalties range from a small fine to full-blown prosecution. So for example, a fire risk assessment and GDPR training for the organisation’s Data Protection Officer/s (both which are mandatory under current law) and tangible proof that these activities have been completed (eg. certificates) means that a singular system that logs, stores, and makes this proof immediately accessible trumps alternatively having multiple separate systems for this, especially for convenience and time-efficiency.

Increasing efficiency normally results in the reduction of business operating costs; and the emergence of software that has the capacity to incorporate various related activities under the compliance umbrella has been inevitable. Another example: Human Resources programs and Learning Management Systems (LMS) operate at different points along the compliance scale, but the desire to integrate related functions into a singular platform has seen the emergence and growth of software like Smartlog, which both manages compliance-relevant employee data and allocates mandatory e-learning courses to selected members of staff.

The Importance of a Core Competency

In order to successfully sell units, a highly capable product still needs credibility, especially one that has converged. Much like Apple’s branding retaining its credibility in the fitness and health watch market (as mentioned previously) or Samsung’s vast electronics experience massively contributing in their overtaking of Nokia as the market leader for mobile phone unit sales in 2012: a core competency is needed in order to retain any market credibility and successful integrate.

Amidst the integration of health & safety e-learning, risk assessment templates, site management alerts, logs, task allocation & monitoring, and (soon to be) asset management into Smartlog; Safesmart’s core competency lies in a history of fire safety engineering and consultations as well as an active fire risk assessment service that is up and down the country every week. It is a brand that puts fire safety at the top of the compliance pile, with the experience and expertise to back this up.

This is mainly because fire safety remains the heart of workplace health & safety, with 11,141 accidental non-residential fires attended by the Fire and Rescue services in England during 2017/18. These incidents resulted in 12 fatalities and 653 casualties with notably 2,245 (20%) of the fires occurred in offices/call centres, retail and hospitals/medical care; reinforcing both the ethical and legal need for all types of businesses to conduct a thorough fire risk assessment regularly.

Overall fire accident deaths only accounted for 8.3% of the 144 total workplace fatalities in 2017/18, however alongside the devastating personal injuries and losses of life, fire incidents by nature also more often result in copious amounts of property and asset damage of which very few businesses would be able to recover from financially.

Summary

According to HSE (2018) there has been a long-term downward trend in the rate of fatal injury per 100,000 workers since 1989, with the 2017/18 rate around a fifth (1/5) of the 1988/89 figures. So evidently workplace safety has improved over the years; and alongside the technological leaps and bounds in communications during the last couple of decades, improvements are also occurring in the delivery of health & safety compliance management and training, especially in regards to efficiency.

Convergence continues to drive innovations in the digital sphere and larger society, but with seemingly endless possibilities in the amount of different business management functions that can be potentially converged into a single platform, any limit will simply depend on the business and their compliance needs. But objectively some functions are more important than others, especially in relation to the law; which essentially means that across the board there is a one size fits all option.

Bibliography

Bohlin, E. (ed.)(1998) ‘Convergence and new regulatory frameworks: A comparative study of regulatory approaches to Internet telephony’ in ‘Telecommunications Policy Vol.22, Issue 10′. Elsevier

Jenkins, H. (2006) Convergence Culture. New York University Press

Forbes (2010) ‘Getting Fitbit’. Available at: https://www.forbes.com/2010/06/11/fitbit-tracker-pedometer-lifestyle-heatlh-lifetracking.html#124362215556 (accessed: 23/05/2019)

IDC (2018) ‘New Product Launches Drive Double-Digit Growth in the Wearables Market, Says IDC’. Available at: https://www.idc.com/getdoc.jsp?containerId=prUS44500418 (accessed: 23/05/2019)

Deloitte (-) ‘Regulatory & ethical compliance: Navigating through choppy waters‘ . Available at: https://www2.deloitte.com/uk/en/pages/audit/articles/regulatory-and-ethical-compliance.html (accessed: 30/05/2019)

GOV.UK (-) ’Fire safety in the workplace’. Available at: https://www.gov.uk/workplace-fire-safety-your-responsibilities/fire-risk-assessments (accessed: 30/05/2019)

GOV.UK (2019) ‘Fire statistics data tables’(Fire 0301 sheet). Available at: https://www.gov.uk/government/statistical-data-sets/fire-statistics-data-tables#non-dwelling-fires-attended (accessed: 28/05/2019)

HSE (2018) ‘Workplace fatal injuries in Great Britain 2018’. Available at: http://www.hse.gov.uk/statistics/pdf/fatalinjuries.pdf (accessed: 23/05/2019)

GDPR and Schools – The Case for Training Up Teachers

The journey to GDPR implementation has been one heavily influenced by digital technology and our growing capacity to store enormous quantities of information and content. The reality of a massive storage space that can be accessed from pretty much anywhere around the globe is one driven by high-speed internet and headlined by Swiss Army knife level-of-versatile pocket PCs – smartphones and ‘phablets’. On the negative front, quicker access and mass centralised storage has also meant a higher potential for data breaches and leaks in methods – and at scales that physical documents, media, passwords and other locally stored information could never be lost or stolen.

Firstly, to rewind: the Data Protection Act of 1984 mainly dealt with how personal data (race, religion, criminal convictions, physical, mental and sexual health, etc.) was handled, purposed to legislate computer bureaus (essentially early IT companies), and pinpointed accountability in the event of data misuse through the introduction of an appointed Data Protection Registrar as well as a Data Protection Tribunal. As IT was fast beginning to play a larger and more integral role in companies, the law was playing catchup – attempting to govern the rising various avenues of potential data misuse.

Because at the time IT services were outsourced pretty much universally, in practice only IT staff were Registrars, and the average business did not see a need – or were mandated to appoint one. However, the introduction of the Data Protection Act of 1998 legislated that a data controller who wishes to process data had to register in a database that was under the control of the UK Information Commissioner’s Office. This act introduced less broad and more detailed offences for data breaches; for example making it a criminal offence to request that someone makes a Subject Access Request in relation to prior cautions or convictions (defined in the legislation as ‘sensitive data’) when attempting to hire or continue to employ them.

Fast-forwarding 20 years, the General Data Protection Regulation (GDPR) in 2018 for all members of the EU and the EEA created a denser paper trail for data collection and its use (as well as more accountability). For example each company/ organisation who determines how the data they collect or hold is used is known as a data controller, but whoever processes the data on behalf of the data controller is known as a data processor. The legislation says that the details of this relationship between the two organisations should be readily available upon request, with their controller and processor contract fulfilling several minimum requirements such as committing to a ‘certain level of confidentiality and security’.

Evidently over time, as each data protection regulation has passed more blind spots and loop-holes created mainly by advancements in digital technology have been closed or exposed; however a major problem with GDPR lies in its very name: it is still very general.  A multi-issue bill that covers a truly complex and dynamic environment means that it is genuinely difficult to apply the relevant sections of the law to one’s business or organisation as even the amount of employees as well as the type of data held or processed affects whether certain regulations begin to apply or not.

Schools are a prime example of this legislative nightmare. For instance, companies with fewer than 250 employees are exempt from keeping a record of their processing activities unless their “processing of personal data is a regular activity, poses a threat to individuals’ rights and freedoms, or concerns sensitive data or criminal records” (European Commission, 2018).

Schools hold – and process enormous amounts of personal and sensitive data

As of 2016/17 UK schools have an average of around 16 full-time teachers per school (BESA, 2018) and even when factoring in part-time teachers, administration, site and contractual staff, the 250 employee threshold remains a long way away.

However state education officials and staff are carefully monitored and are held to the highest of standards in regards to a criminal record for example, and therefore their data is collected and held by their school employer as part of the previously mentioned “regular activity”. Therefore according to the law a Data Protection Officer (DPO) must be appointed in this event – even though the employee threshold has not been met. Additionally schools also hold enormous quantities of data about current and past pupils, of which requires even stricter measures of safeguarding under GDPR.

So evidently a school DPO – or DPOs have their hands very full with the two separate sets of data they have to safeguard, which both carry differing levels of required compliance in terms of how it can be processed. Therefore staff GDPR training or awareness courses are of the utmost importance in the education sector – from nurseries to notably universities and colleges, who typically employ more staff members than schools and enroll significantly more students.

Although each organisation sets internal levels (or standards) of compliance on top of mandatory regulations, GDPR training is necessary not just to avoid data misuse or breaches but to show an earnest attempt to comply with the law in the event that one occurs anyway, because ignorance is not a solid defense in court.

‘Smartlog’, Safesmart’s compliance and health & safety training software includes among its 20 training courses a basic GDPR training course as well as a much longer, more extensive course that is purposed for an organisation’s DPO. Up-to-date knowledge and frequent refreshment courses concerning the application of legislation are very helpful in promoting a more professional educational environment where students and teachers’ personal data is handled and stored much more carefully and in accordance with current law.

 

Bibliography

Legislation.gov.uk (-) ‘Data Protection Act 1984 (repealed 1.3.2000)’. Available at: http://www.legislation.gov.uk/ukpga/1984/35/contents/enacted (accessed: 21/02/2019)

Law Society of Scotland (2017) ‘GDPR – Do you need a data protection officer?’. Available at: https://www.lawscot.org.uk/news-and-events/news/gdpr-data-protection-officers/ (accessed: 21/02/2019)

Legislation.gov.uk (-) ‘Data Protection Act 1998’. Available at: https://www.legislation.gov.uk/ukpga/1998/29/contents/enacted (accessed: 21/02/2019)

European Commission ‘Rules for business and organisations’. Available at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en (accessed: 21/02/2019)

GOV.UK (2018) ‘National Statistics: School workforce in England: November 2017’. Available at: https://www.gov.uk/government/statistics/school-workforce-in-england-november-2017 (accessed: 21/02/2019)

BESA (-) ‘Key UK education statistics’. Available at: https://www.besa.org.uk/key-uk-education-statistics/ (accessed: 21/02/2019)

 

Does my business need to be compliant?

One of the first questions a business should ask in order to both a) abide with current law, as well as b) to keep employees aware of, and equipped against the variety of hazards that are often present in a work environment. Then after this it gets really complicated.

“What does the law say regarding _?”

“What mandatory information does my staff need to know regarding health and safety?”

“What is the best procedure in the event of an accident or incident at work?”

“How do we as a business best handle personal conflict between employees at work?”

Different workplaces present different challenges

Next, different parameters also have to be considered: which industry is your business in? And how many workers do you have? (The amount of employees affects what parts of the legislation begin to apply to your business).

Workforce Issues

And most, if not all of the time, compliance is simply a step towards safeguarding your employees and keeping a hazard-free work environment. For example RIDDOR reported 14 fatal work-related injuries in 2017/18 and according to the Labour Force Survey there were also over 600,000 non-fatal injuries to workers in the same period. Estimates also count around 13,000 deaths a year linked to past exposure of toxins at work – primarily chemicals or dust.

The general well-being of employees also affects productivity. For example HSE reports that in 2017/18 25.8 million working days were lost due to work-related ill health, as well as 15.4 million working days lost due to work-related mental health issues.

With your workforce’s physical and mental health to be considered in the day-to-day running of both small and large businesses alike, an in-depth understanding of your overall work environment in relation to the complex relationships individuals in an organisation might have to both each other and their physical environment is crucial to running a business successfully.

Therefore compliance becomes more than just abiding with the law, but using the knowledge and expertise of professionals in order to create a comfortable work environment for stakeholders in your business – unsurprisingly, positivity and professionalism can be sensed by your customers, especially if employees are confident in their own well-being and safety whilst at work.


Compliance training and relating procedures can be a timely process

Making the decision

Compliance of the law is therefore just another building block to a healthy work environment, but understanding one’s own specific needs is very time consuming. For example, between 2015/16 and 2017/2018 the education industry suffered the highest rates of stress, depression or anxiety at 2100 people per 100,000 (2.1%) when compared to average all industry rate of 1.3%; and additionally the causes of these issues range from the workload amount to workplace violence/threats or bullying.

Clearly nuance and care is needed in determining what best fits and works for your company, but thankfully there are specialist and knowledgeable advisors who can help you figure out your specific needs so you can take the next steps.

Who are we?

Safesmart is primarily a provider of an online management and compliance software called Smartlog, but we also offer consultancy on health and safety for small, medium and large businesses alike. Different industries have differing concerns and needs, ranging from an extensive risk assessment for a construction firm to booking a legionnaire awareness course for a small local pool for example; and budgets differ from company to company.

However Safesmart is tailored with this in mind; enabling a growing business to manage maintenance, compliance, accident/incident reporting (RIDDOR) – and many more, on one portable and versatile platform – Smartlog. We are very affordable – competitively so, and ever-improving our customer’s capabilities within our software enabling them to have a dedicated health and safety compliance database and program, giving them less to worry about.

You can find out more here: https://safesmart.co.uk/

Sources:

HSE (2018) ‘Work related stress depression or anxiety statistics in Great Britain, 2018’. Available at: http://www.hse.gov.uk/statistics/causdis/stress.pdf (accessed 06/02/2019)

HSE (2018) ‘Work-related ill health and occupational disease in Great Britain’. Available at: http://www.hse.gov.uk/statistics/causdis/ (accessed 06/02/2019)

HSE (2018) ‘LFS – Labour Force Survey – Self-reported work-related ill health and workplace injuries: Index of LFS tables’. Available at: http://www.hse.gov.uk/statistics/lfs/index.htm#allillinj (accessed 06/02/2019)

CPD Certified Online Training

 

CPDCertifiedlogo

 

 

 

 

 

 

 

 

 

 

 

 

 

We are pleased to announce that our online training courses are now CPD certified on their 1st submission. All our online training courses have been created by our health & safety, fire safety and compliance experts and on Tuesday the CPD Certification Service informed us that our 20 online training courses on Smartlog 5 meet their standards. This is testament to their detail & quality.

The CPD certification service have independently checked that the material in our training courses meets their standards.

Safesmart now provide ‘CPD Certified’ online training to unlimited users at an affordable price per site location.

‘The CPD Service’s recognised and authoritative CPD Member and CPD Certified symbols offer institutional associations, educational providers and consumers alike reassurance that the material concerned achieves the qualitative standards required by all parties.’ www.cpduk.co.uk/about 

 

 

MK Citizen – Children in Need

MK Citizen Children in Need

 

We raised £1,122 pounds for Children in Need on Friday the 16th of November.

On the day staff also made donations and took part in donation entry spot themed games such as a Connect 4 championship and a charity raffle for a Christmas hamper. This was amongst our work and our fire safety engineers on the road even sent in pictures of their decorations for the day. The prize for the Connect 4 champion was an extra day of holiday and so things got tense and competitive too. There was also a prize for the best dressed which went to Ramos for his awesome unicorn style outfit with his colorful waistcoat and hat. He is very happy to feature in the MK Citizen as a unicorn ☺

It was a fun day had by all raising money for an excellent cause. It’s great that MK Citizen featured us and we hope our activity may inspire more SMEs in Milton Keynes and around the UK to take part and be creative with fundraising ideas.

We hope to go bigger next year and support more charities that keep people safe in line with our mission to improve safety, efficiency and affordability.

 

 

 

The Problem with Risk Scores and a Risk Matrix

risk score risk matrix image

Increasingly year-on-year health and safety management is incorporating lots of statistics that are recorded, monitored and reported on a regular basis using health and safety software. This software improves management and ensures things are not forgotten, particularly if like Smartlog, risk assessments automatically assign tasks to individuals and remind them via email so that they take corrective action. On the other hand it can be considered that too much focus on statistics, in particular risk scores in a risk matrix can hide certain hazards by focusing on other hazards due to their numeric values. Moreover whilst statistics and reporting are great to measure progress and identify frequently occurring accidents, it is evident that the majority of time in health and safety management should be on prevention by design, planning and training.

Whilst risk assessments that feature risk scores can list a multitude of different levels of hazards for identification and review purposes, they create confusion over what is the most likely to happen and what is the highest severity of harm, as peoples’ perceptions of risk and severity differ. Risk assessment categorisation of risk focusing on likelihood and injury severity together under the term priority and then setting normal or high priority is a better system as issues are fixed quicker based on priority and not based on the subjective aspect of severity which is circumstantial in every case. For example tripping on the stairs because of a worn surface can be unlikely and can often only result in minor injury accidents however it can also result in death; this highlights the potential issue with risk scores in a risk matrix which might rate this with a low numerical value for both likelihood and severity.

An Outdated System?

In health & safety management risk scores and the risk matrix structure could be considered as a 20th century management tool originating from paper based risk assessments as a way of highlighting risk within the lines and columns on a paper risk assessment to decide which should be considered first. With 21st century cloud based health and safety software like Smartlog, risks are automatically moved to the top a priority action list and removed when they are resolved. Today’s quick priority identification and resolution via software means it is questionable what purpose risk scores achieve in today’s era of health and safety management with quick software that can facilitate quick corrective action if it’s designed that way.

The concept of risk and risk assessments has a long history. More than 2400 years ago the Athenians offered their capacity of assessing risk before making decisions and over the years it has become central to keeping people and operations safe. The introduction of The Health and Safety at Work etc. Act 1974 and The Management of Health and Safety at Work Regulations 1999 introduced documentation and management rules however there is no mention in these two pieces of legislation about the use of risk scores or a risk matrix in risk assessments.

Analysis – HSE

In fact risk scores and risk matrices are not mentioned in any health and safety legislation. Risk score matrices are mentioned on the HSE website but it’s only written that a risk matrix can be used, not that they must be used. In the Risk Management FAQs part of the HSE website here: www.hse.gov.uk/risk/faq.htm they have written:

‘Most businesses will not need to use risk matrices. However, they can be used to help you work out the level of risk associated with a particular issue. They do this by categorising the likelihood of harm and the potential severity of the harm. This is then plotted in a matrix (please see below for an example). The risk level determines which risks should be tackled first.
Using a matrix can be helpful for prioritising your actions to control a risk. It is suitable for many assessments but in particular to more complex situations. However, it does require expertise and experience to judge the likelihood of harm accurately. Getting this wrong could result in applying unnecessary control measures or failing to take important ones.’

(Accessed 19/11/2018)

The HSE explicitly mention here that getting risk scores wrong can result in failing to take important control measures. This is the issue and danger with using risk scores.

The HSE do not state that a score or colour rating of risk about the likelihood of risk occurring or severity is needed or that score and colour needs to be recorded or have a matrix. There is no mention of it on HSE’s website, in risk assessment examples from the HSE or in health and safety legislation. Moreover there is no mention of it in their risk assessment guide, HSE document indg163. www.hse.gov.uk/pubns/indg163.pdf

The image of the risk matrix shown in the HSE’s mention of risk matrices on their website shows the complexity and subjectivity issue of deciding on a combined numeric value and colour for a risk. This is an example of a 3×3 grid matrix; when a grid gets larger e.g. 10×10 there can be the possibility of even more confusion, differences in opinion and lack of consistency in scoring amongst people.

risk matrix risk score hse website screenshot

An article in IOSH magazine from an independent health and safety consultant also mentions that ‘in most cases it is not possible to quantify either the likelihood or the severity with such accuracy, we make relative judgements’ furthermore she writes that:

‘To avoid confusion, ditch the numbers and replace “mostly harmful”, “unlikely” and so on with descriptions that match your organisation’s risk profile, and simply use the coloured areas to categorise the risk bands.’

Clearly it is also questionable as to what purpose the colours even serve if high and normal priority settings are used with health & safety management software that facilitates speedy corrective action in a priority list format. In summary she also concludes her article by writing ‘Poorly understood severity and likelihood categories and arbitrary risk bands will lead us to draw the wrong conclusions.’

Similarly the author of the article also presented a presentation named ‘What is significant risk?’ at the 11 February 2014 IOSH London Metropolitan Branch Meeting. This presentation sought to highlight the issues and over complexity of quantitative risk assessment (QRA) risk matrices based on risk scores amongst IOSH members.

Moreover the same author mentioned in another IOSH magazine article that ‘In most cases, we don’t have enough reliable data for QRA. Rather than sticking numbers on to categories and mistakenly calling assessments quantitative or semi-quantitative, we should be proud of producing high-quality qualitative risk assessments.’ Risk assessment that focuses on high and low priority allocation of corrective action and descriptive text from hazard assessment rather than numbers is qualitative rather than quantitative.

Regarding risk assessment methodology it is Safesmart’s view that you should choose a qualitative risk assessment so not to come across the issues of risk scores in the prioritisation of corrective action tasks based on over complexity via numbers in a risk matrix structure.

As you can see in the HSE’s risk assessment template there is no mention of risk scores or a risk matrix:

HSE risk assessment template

The HSE’s sample template can be found under resources here: http://www.hse.gov.uk/risk/

INDG163 is the HSE’s legal guidance for completing risk assessments.

In document INDG163, The HSE state that in a risk assessment you need to:

– Identify the hazards
– Decide who might be harmed and how
– Evaluate the risks and decide on precautions
– Record your significant findings
– Review your risk assessment and update if necessary.

Regarding HSE legal requirements for risk assessment it is important to remember that there is no required format for risk assessment so long as within the format you can achieve these aspects mentioned in INDG163.

INDG163 no mention of risk score risk matrix

Evaluate the risks and decide on precautions:

In this section on p2 of HSE document INDG163, it does not specify that a risk likelihood, severity score, colour rating or risk matrix needs to be recorded. It just mentions that you have to decide ‘how likely it is that harm will occur and what to do about it.’

On p2 of HSE document INDG163 in the ‘Evaluate the risks’ information section it states:

‘Having identified the hazards, you then have to decide how likely it is that harm will occur, ie the level of risk and what to do about it. Risk is a part of everyday life and you are not expected to eliminate all risks. What you must do is make sure you know about the main risks and the things you need to do to manage them responsibly.’

Record your significant findings

When recording a risk assessment, the HSE state on p3 of INDG163 that ‘any record produced should be simple and focused on controls’. They state you need to ‘record of your significant findings – the hazards, how people might be harmed by them and what you have in place to control the risks.’

The passage reads:

‘Record your significant findings, Make a record of your significant findings – the hazards, how people might be harmed by them and what you have in place to control the risks. Any record produced should be simple and focused on controls.’

Putting hazards in order

On p4 of HSE document INDG163 it’s stated that the hazards identified need to be put in order of importance to address the most serious risks first.

The HSE state on p4 of INDG163 that:

‘If your risk assessment identifies a number of hazards, you need to put them in order of importance and address the most serious risks first.’

 By stating simply whether a hazard is normal or high priority it can be clearly and simply differentiated which hazards are high priority.

http://www.hse.gov.uk/pubns/indg163.pdf

RR151

In addition to the HSE’s comments about the danger of using risk scores and a risk matrix the ‘Health and Safety Laboratory’ (HSL) the research arm of the HSE have also conducted research on behalf of the HSE about ‘Good practice and pitfalls in risk assessment’ in the 2003 research report 151 (RR151).

RR151 mentions the following pitfalls that seemingly could be the case with quantitative numeric focused risk assessment with risk scores and risk matrices:

• ‘Carrying out a detailed quantified risk assessment without first considering whether any relevant good practice was applicable, or when relevant good practice exists’

• ‘Making decisions on the basis of individual risk estimates when societal risk is the appropriate measure’

• ‘Inappropriate use of risk criteria’

RR151 risk score risk matrix post

Moreover on p32 under the title of individual risk measures RR151 mentions a problem with numerical risk scores in a matrix:

‘Each risk box in the matrix represents the combination of a particular level of likelihood and consequence, and can be assigned either a numerical or descriptive risk value (the risk estimate). If numerical consequence and likelihood category indicators are used, it is common to estimate the risk values as the product of the likelihood and consequence values, as a convenient way of ranking the risks. Care should be taken if such an approach is adopted as, for example, hazards of low severity and high likelihood will receive the same risk value as hazards with high severity and low likelihood. Although the risk values may be the same, the response to these different hazards in terms of priority for correction may be very different (St John Holt, 1999), and care therefore needs to be taken to ensure the method for estimating risk results in values or categories that can be interpreted appropriately.’

Furthermore where there is mention of quantitative numeric risk assessment on p14 in RR151 it is not mentioned as a legal requirement it is just written that:

Where the hazards presented by the undertaking are numerous and complex, and may involve novel processes, for example in the case of large chemical process plants or nuclear installations, detailed and sophisticated risk assessments will be needed, and it is appropriate to carry out a detailed quantitative risk assessment in addition to the simple qualitative assessment. Quantitative risk assessment (QRA) involves obtaining a numerical estimate of the risk from a quantitative consideration of event probabilities and consequences (in the nuclear industry the term ‘probabilistic safety analysis’ is used in place of QRA).’

Regarding RR151 it is important to remember that ‘This report and the work it describes were funded by the Health and Safety Executive (HSE). Its contents, including any opinions and/or conclusions expressed, are those of the authors alone and do not necessarily reflect HSE policy.’

But ‘it is hoped that this report will provide useful guidance for Inspectors involved in the assessment of industry risk assessments on the appropriateness of the adopted approaches, and also to practitioners in industry involved in the process of carrying out workplace risk assessments of how to avoid common pitfalls.’

www.hse.gov.uk/research/rrpdf/rr151.pdf

There is a lot of research online that criticises the use of a risk matrix and we encourage you to research and read this to understand the issues.

Examples of academic texts include Louis Anthony Tony Cox of the University of Colorado Department of Biostatistics and Informatics who wrote a journal article in 2008 for Risk Analysis the official publication of the Society for Risk Analysis in which risk matrix limitations are listed – the abstract of this journal article called ‘What’s Wrong with Risk Matrices?’ can be viewed here

As well as this, a well written piece called ‘The Risk of Using Risk Matrices’ was published in September 2013 for the Society of Petroleum Engineers, SPE Economics and Management Journal. It was written by Philip Thomas, SPE, and Reidar B. Bratvold, SPE, University of Stavanger; and J. Eric Bickel, SPE, University of Texas at Austin. They have written in this article about risk matrices (RMs) saying that:

‘Despite these claimed advantages, we are not aware of any published scientific studies demonstrating that RMs improve risk-management decisions. However, several studies indicate the opposite: that RMs are conceptually and fundamentally flawed.’

Moreover this journal article is concluded with the following:

‘In this paper, we have illustrated and discussed inherent flaws in RMs and their potential impact on risk prioritization and mitigation. Inherent dangers such as risk-acceptance inconsistency, range compression, centering bias, and category-definition bias were introduced and discussed by Cox et al. (2005), Cox (2008), Hubbard (2009), and Smith et al. (2009). We have also addressed several previously undocumented RM flaws: ranking reversal, instability resulting from categorization differences, and the LF. These flaws cannot be corrected and are inherent to the design and use of RMs. The ranking produced by RMs was shown to be unduly influenced by their design, which is ultimately arbitrary. No guidance exists regarding these design parameters because there is very little to say. A tool that produces arbitrary recommendations in an area as important as risk management in O&G should not be considered an industry best practice.’

A summative key point to take from HSE INDG163 is that it’s written there that:

‘Any record produced should be simple and focused on controls’

Risk assessment risk scores are not simple and as the HSE says themselves ‘could result in applying unnecessary control measures or failing to take important ones.’ The other benefit of keeping risk assessments simple is that they can be understood and conducted by all to help improve health & safety management and awareness across a whole organisation. Engagement and awareness of staff in health and safety is proven to reduce the likelihood of accidents.

Does Smartlog have numeric risk score scales, colour coding or a risk matrix structure?

No, Smartlog has been designed to keep risk assessment simple and efficient in order help you improve safety quickly. In HSE document INDG163 on page 3 it’s actually stated that ‘any record produced should be simple and focused on controls’. Safesmart believe in safety through efficiency.

Smartlog’s qualitative risk assessment structure focuses on actions to improve safety and lower risk. Actions to correct hazards. Rather than having the option to give a numeric score or colour rating for a risk, Smartlog focuses on pass/fail questions with comments & images to ensure compliance and clearly show what action needs to be taken to improve safety via the selection of normal or high priority.

Scoring a risk out of 5 for example may mean that lower numbered risks are ignored or forgotten about. As mentioned earlier in this blog post, The HSE write online that ‘Getting this wrong could result in applying unnecessary control measures or failing to take important ones’.

Checks & Tests

Low risk hazards that may or may not have significant severity are still important and Smartlog ensures that all risks are clearly visible putting high importance hazards at the top of the interactive to-do list called ‘due checks & tests’ automatically based on answers to risk assessment questions and the selection of high or normal priority. Based on risk assessment answers, reminders are also sent to remind individuals to take corrective action, there are also reminder escalation levels so seniors are notified if action hasn’t been taken by tasked individuals. When corrective action is taken the due check & test is moved to complete and the risk assessment is updated accordingly so focus can again be on remaining corrective action that needs to be taken.

Safesmart’s view is that there is extensive difficulty in determining a score number for the likelihood and severity of risks as it’s a subjective process. As well as creating the issue of lower risk score hazards being forgotten, deliberation over scores can create confusion and waste time when the priority of a risk assessment is improving safety. Evidently time should be spent on this, not deliberating about the scoring of everything with a number or colour. Due to the nature of this subjectivity, discrepancy and difference in reporting by different individuals, issues are inherent in number & colour scoring of risk assessments. This means that compliance monitoring is affected, thus creating the possibility of confusion and misinformed decision as a consequence of scoring.

Conclusion

We hope reading this article has highlighted the issue of numeric risk scores and risk matrices. If you are still using a risk matrix with risk scores for your risk assessment process we urge you to reconsider and discover Safesmart’s Smartlog software. Our software is designed for fast and efficient risk assessment needed in today’s 21st century management environment that seeks to involve all in improving safety without unnecessary over complication and bureaucracy. Smartlog’s risk assessments are always live, always assigning corrective action and always helping to save lives.

Children in Need

Safesmart Children in Need

This Friday the 16th of November we are holding a Children in Need event at our office in Milton Keynes whereby we will give 1p for every spot that is used as decoration or worn and brought to work up to our target of 100,000 spots. We are an SME and so 100,000 spots is the maximum on this occasion but as we grow we continue to engage with more charities to not only help keep people safe with our health & safety software and services but with charitable giving where possible.

We thought of the idea from Pudsey’s spots on his bandage. Hopefully by mentioning what we’re doing, our idea of 1p per spot could resonate with you and others to help with fundraising ideas and the promotion of Children in Need.

Children in need is an excellent charity that helps hundreds of thousands of children across the UK every year. Their website mentions on 13/11/18 that they are currently supporting 2,400 projects all across the UK.

BBC Children in Need announced that its fundraising total for the 2017 Appeal was £60,750,000. The 2017 total was the collective efforts of every single person across the UK who did something to raise money, from sponsored runs to sponsored silences and bake sales.

BBC Children in Need’s vision is that every child in the UK has a childhood which is:
– Safe
– Happy and Secure
– Allows them the chance to reach their potential

Safesmart’s brand purpose and vision is to improve safety, efficiency and affordability. We also help to keep children safe in thousands of schools across the country as the Preferred Supplier for the Association of School and College Leaders. We help to keep children and adults safe in all industry sectors we supply whilst also supporting charities by providing our Smartlog software to them. Large well-known UK Charities use Smartlog to ensure safety and compliance across their operations.

Did you know? Pudsey Bear made his television debut in 1985 when Terry Wogan introduced the new, brown cuddly mascot to the audience. He was designed by Joanna Ball, a BBC graphics designer, who named him after the West Yorkshire town where she was born.

This year’s live BBC Children in Need appeal show will take place on Friday evening and promises to be an exciting spectacle of music, dance and entertainment. Hosted by Graham Norton, Tess Daly, Ade Adepitan, Mel Giedroyc, Rob Beckett, Marvin and Rochelle Humes, it will be a fantastic night, raising money for disadvantaged children and young adults here in the UK who need our support, and also celebrating and thanking the fundraisers who do so much.

We hope you will also take part in fundraising and donate to this great cause.

Fundraising ideas can be found here: www.bbcchildreninneed.co.uk/fundraisinghub/fundraising-ideas

Is Legionella Training a Legal Requirement? Is Legionella Training Needed?

Legionella training is a legal requirement for those who have a level of responsibility for the prevention & control of legionella. The HSE write section 50 of their L8 guidance about Legionella that ‘Inadequate management, lack of training and poor communication are all contributory factors in outbreaks of legionnaires’ disease. It is therefore important that the people involved in assessing risk and applying precautions are competent, trained and aware of their responsibilities.’

Furthermore on p14 HSE L8 mentions COSHH, regulations 8 and 12; Management Regulations, regulations 5, 7, 10 and 13; HSW Act, sections 2, 3 and 4 which ‘require employers to take reasonable steps to ensure that any control measures are properly used and applied. They require employees to make full and proper use of those control measures. Employers are also required to have arrangements in place for the management of health and safety, to have access to competent health and safety advice and to provide employees with suitable and sufficient information, instruction, and training.’

Legionella Training

Regarding legionella services & plumbing contractors, training is a requirement because of The Control of Substances Hazardous to Health Regulations 2002 Regulation 12 which state that ‘Every employer who undertakes work which is liable to expose an employee to a substance hazardous to health shall provide that employee with suitable and sufficient information, instruction and training.’

The Management of Health and Safety at Work Regulations 1999 Regulation 5 states precisely that ‘Every employer shall make and give effect to such arrangements as are appropriate, having regard to the nature of his activities and the size of his undertaking, for the effective planning, organisation, control, monitoring and review of the preventive and protective measures.’ Training staff who are going to have a level of responsibility for the prevention & control of legionella is evidently an appropriate arrangement for an employer to take regarding effective control and protective measures.

The Health and Safety at Work etc. Act 1974: Part 1, Section 2, 1 states that ’It shall be the duty of every employer to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all his employees.’ & 2 c. the duty of every employer to provide such information, instruction, training and supervision as is necessary to ensure, so far as is reasonably practicable, the health and safety at work of employees. Moreover section 4 of HSW 1974 mentions it shall be the duty of each person who has, to any extent, control of premises to ensure that persons other than employees are safe and without risks to health. Those who are duty holders regarding legionella prevention & control therefore need to ensure that those staff with legionella management responsibility are adequately trained to help ensure the safety of employees and visitors to premises regarding the organisation and requirement for legionella risk assessment and if appropriate water testing by specialist contractors.

On their website the HSE highlight appropriate legionella training of appropriate staff by mentioning the self-reflective question one should ask – Are the roles and responsibilities of all staff involved in the control regime clearly defined in writing and have they all received appropriate training? (http://www.hse.gov.uk/legionnaires/reviewing-what-you-do.htm)

Is legionella training a legal requirementThe frequency of training should be appropriate regarding peoples’ retention of information about legionella. New starters who will have a level of responsibility regarding legionella prevention & control should have training upon starting their role and Safesmart recommend that training for relevant staff isundertaken annually to refresh knowledge.

Legionnaires’ disease is a potentially fatal type of pneumonia, contracted by inhaling airborne water droplets containing viable Legionella bacteria. Such droplets can be created, for example, by: hot and cold water outlets; atomisers; wet air conditioning plant; and whirlpool or hydrotherapy baths.

Legionella awareness training helps to reduce the risk of people contracting legionnaires’ disease by improving awareness amongst management and duty holders. Legionella training is also important to ensure those liable are aware of legal requirements for example within HSE L8, HSG274 & HSG282 as well The Notification of Cooling Towers and Evaporative Condensers Regulations 1992 which require employers to notify the local authority, in writing, if they operate a cooling tower or evaporative condenser and include details about where they are located. The Regulations also require notification when such devices are no longer in use. Notification forms are available from your local environmental health department.

Safesmart provide online legionella awareness training via Smartlog and legionella risk assessment and associated services through our specialist subcontractor.

Contact us for details.

Health and Safety for Apprentices – HSE & Apprentices

Health & Safety for Apprentices

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In November last year we organised the first-ever Health and Safety for Apprenticeships Conference.

Safesmart decided to run this free conference to help UK employers understand their obligations and improve the safety of apprentices in the workplace.

We named it the ‘Health & Safety for Apprenticeships Conference’ with free registration through Eventbrite.

As far we’re aware it was first conference of its kind to focus on the specific topic of Health & Safety for Apprenticeships.

With lots of information in the news about the apprenticeship levy and the increasing number of young people choosing apprenticeships to start their career we feel it is vital to inform employers of the required Health & Safety legislation, their obligations and also ways to reduce risks in the work place for young people as well as older staff carrying out further training in new environments.

The purpose of the conference was to inform and makes things clear for employers as well as suggest tips to reduce risk for both young and older apprentices.

The free conference presentation can be downloaded: here

 

Some useful stats and links about health and safety & apprentices:

 

 

 

 

 

 

 

 

 

 

  • 21st World Congress on Safety and Health at Work (3 to 6 September 2017 in Singapore)

Second Minister for Manpower Josephine Teo –‘Data from the International Labour Organisation shows that workers aged 15 to 24 are 40 per cent more likely to get injured at work compared with their older counterparts, said Mrs Teo.’ http://www.straitstimes.com/singapore/manpower/young-people-urged-to-be-aware-of-workplace-safety

 

  • Protecting apprentices in the workplace – ‘In January 2013, a 16 year old engineering apprentice, Cameron Minshull, tragically lost his life after becoming entangled in a lathe.  Prosecutors in Cameron’s case alleged that his employer used apprentices as “cheap labour”, had a history of failing to train them properly and had a “grossly unsafe” system of work.’ http://strongerunions.org/2015/07/16/protecting-apprentices-in-the-workplace/

 

  • Wouldn’t say that ‘Young workers are ignoring health & safety’ but perhaps this survey shows more needs to be done – ‘The survey of 2,000 employees, working for businesses that have over five employees, found that 27 percent of workers aged between 18 and 34 have put themselves at risk by not following their companies’ safety procedures.’ https://www.thehrdirector.com/business-news/gen-y/young-workers-ignoring-health-safety/

 

 

 

Fire Risk Assessment Frequency – How Often?

Fire Safety Management and Fire Risk Assessment must be Improved. This blog post is to raise awareness and highlight employers obligations.

Sickening tragedies like Grenfell can be prevented by improving fire safety management. Fire risk assessment, fire safety engineering, evacuation planning, training and fire equipment maintenance all needs to improve. Fire risk assessment procedures along with health & safety software systems can help this, ensuring traceability, an audit trail and the facilitation of risk assessment & corrective action through automated reminders.

To provide a statistical example: The Greater Manchester Fire and Rescue Service mention stats from a DfE publication stating that in 2015 there were more than 600 fires in British Schools and each large fire causes £1.5M of damage on average, according to insurers.*

The Regulatory Reform (Fire Safety) Order 2005 covers general fire safety in England and Wales. In Scotland, requirements on general fire safety are covered in Part 3 of the Fire (Scotland) Act 2005, supported by the Fire Safety (Scotland) Regulations 2006. Article 3 of The Regulatory Reform (Fire Safety) Order 2005 clearly states that employers have fire safety responsibility.
Failure to comply with fire safety legislation is a criminal offence.

For fire safety compliance you must:

Carry out a fire risk assessment.

Ensure sufficient training as fire safety training is a legal requirement for all staff.

Have fire safety arrangements and an evacuation plan.

Ensure provision of information to employees.

Have appropriate fire safety equipment installed and maintained.

The HSE clearly state on their website that:

‘As an employer (and/or building owner or occupier) you are required to carry out and maintain a fire safety risk assessment. This is under the Regulatory Reform (Fire Safety) Order 2005, which applies in England and Wales, and under Part 3 of the Fire (Scotland) Act. The fire safety assessment can be carried out either as a separate exercise or as part of a single risk assessment covering other health and safety risks.
You need to make sure that, based on the findings of the assessment, you take adequate and appropriate fire safety measures to minimise the risk of injury or loss of life in the event of a fire.’

– (www.hse.gov.uk/risk/faq.htm – Frequently asked question – ‘what do I have to do in terms of fire safety’)

Legislation doesn’t state a precise frequency for conducting a fire risk assessment

However Article 9, (3) of The Regulatory Reform (Fire Safety) Order 2005 states that it needs to be kept up to date and done again if there has been significant change in the environment:
‘Any such assessment must be reviewed by the responsible person regularly so as to keep it up to date and particularly if—
(a)there is reason to suspect that it is no longer valid; or
(b)there has been a significant change in the matters to which it relates including when the premises, special, technical and organisational measures, or organisation of the work undergo significant changes, extensions, or conversions, and where changes to an assessment are required as a result of any such review, the responsible person must make them.’

The HSE state on their website that:

‘You should review your risk assessment:
• if it is no longer valid
• if there has been a significant change
Your workplace will change over time. You are likely to bring in new equipment, substances and procedures. There may be advances in technology. You may have an accident or a case of ill health. You should review your assessment if any of these events happen.
Remember to amend your assessment as a result of your review.
There is no set frequency for carrying out a review. ‘
– (www.hse.gov.uk/risk/faq.htm – Frequently asked question – ‘When should I review my risk assessment’ )

Frequent Fire Risk Assessment is best to improve safety

It is also important to be able to demonstrate your compliance should you receive a visit from the HSE or a Fire Officer. Safesmart recommend that the responsible person completes a fire risk assessment at least once per year or when there has been a significant change in the environment as mentioned in Article 9, (3) of The Regulatory Reform (Fire Safety) Order 2005.

If you would like advice about fire risk assessment frequency, perhaps regarding how often to do a fire risk assessment in changing environments, contact us to speak to our fire safety consultants. Our consultancy can help you make sense of Fire and Health & Safety and regulations to ensure your business is meeting its obligations. Click our solutions menu to see all the fire safety and health & safety services we provide as well as our fire safety engineering: extinguishers, alarms etc. Discover easier fire safety management with Smartlog too.

Sources:

  1. https://authority.manchesterfire.gov.uk/documents/s50005706/162.08.09.16.%20Fire%20Safety%20in%20Schools%20Building%20Bulletins%20100BB100.pdf
  2. The Regulatory Reform (Fire Safety) Order 2005: https://www.legislation.gov.uk/uksi/2005/1541/contents/made