Safesmart to launch £50,000 school kit sponsorship grant

Last summer, Milton Keynes won its bid to be named as a European City of Sport for 2020 – awarded by the European Cities and Capitals of Sport Federation (ACES Europe); and to celebrate this achievement, Safesmart is launching a school kit sponsorship grant worth £50,000 over the next decade.

The sponsorship grant will be open exclusively to all schools that are Safesmart customers using the health and safety compliance software Smartlog; with Milton Keynes local St Mary and St Giles Church of England School becoming the first official recipient of the award.

Headteacher Kate Holland said:

“We are delighted that a local business has so kindly chosen to sponsor our football team. We are extremely grateful for Safesmart’s support.”

Also adding:

“With school budgets becoming tighter, this sort of support goes a long way in encouraging all to succeed in sport.”

All schools which use Smartlog for their health and safety compliance will be eligible to apply directly for the grant a maximum of once each per year, with each successful individual award being worth up to £500.

The formal application process will open in April 2020, with successful recipients being announced before the school summer holidays.

Last Week in Health and Safety

Color, Egg, Broken

A quick round-up of the biggest health and safety stories from the week commencing 18th November 2019:

A ‘No-light’ Christmas in Penbury

Last week Kent County Council refused to issue a Christmas lights permit for Penbury because the planned lights and decorations are twice as heavy as the lamp posts can safely hold. This last minute decision by the council has left no room for alternative arrangements. Full story here.

Egg production company ordered to shell out over £60,000 in fines

A Lancashire egg production company was fined £60,000 by the HSE after a forklift overturned and seriously injured its driver.

“Companies should be aware that HSE will not hesitate to take appropriate enforcement action against those that fall below the required standards” said the HSE inspector, as Staveley’s Eggs Ltd were also ordered to pay costs of £4,259.42. Full story here.

Combustible cladding concerns could involve ‘more than 100,000 buildings’

According to Inside Housing, minutes from a September meeting between representatives of London boroughs and government officials revealed that reducing the official high-rise building threshold from 18-metres to 11-metres would raise the amount of buildings under scrutiny from just 12,000 to over 100,000. Full story here.

HSE releases 2018/19 health & safety figures: The key takeaways

The 2018/19 Health and safety statistics summary can be found on:

The HSE have released the annual health and safety figures for the year 2018/2019, and here are the key takeaways:

1. Work related ill-health cases are a mixed bag:

The cases for new and long-standing illnesses last year totalled 1.36 million; and this year’s figure is down ever so slightly (1.35 million); however work-related musculoskeletal disorder cases (498,000) are up from last year (470,000) by a large 28,000 cases.

Stress, depression or anxiety cases (which made up 44% of all illness cases last year and an almost identical 45% this year) are up by around 6,000 and are responsible for 54% of all working days lost due to illness this year. However, working days missed due to stress, depression or anxiety are 2.7 million less than last year; a significant improvement.

Overall, working days lost due to all work-related ill health are down by almost 3.5 million; however the annual total costs of illness to businesses (around £15 billion) has remained unchanged from last year.

2. Fatal injuries to workers have gone up:

In 2017/18 there were 141 worker fatalities and in 2018/19 the figure is up to 147, which is the joint highest figure for 6 years but slightly lower (149) than the ten-year average since 2009/10. However a downward trend still remains overall, with the latest ten-year average a full 56% lower than the previous decade’s average of 233 fatalities a year.

3. Workplace fatal injuries to members of the public have gone down:

Fatal injuries to members of the public have declined from last year, with the latest figure of 92 the lowest since 1996 and well below the 1999 to 2019 twenty-year average of 322* fatalities. In Europe as a whole, the UK still retains a lower workplace fatality rate than Germany, Italy, France and Spain – in fact the UK three-year average rate for 2013-2015 was the lowest of all EU member states.

*Major changes in 2013/14 and 2015/16 to what is included in public fatalities figures should be taken into account when interpreting these statistics.

4. Less people are getting injured at work:

This year there were 2,323 less non-fatal injuries than last year (69,208 injuries compared to last year’s figures of 71,531). This latest figure is the lowest recorded since 1985, and the rate of non-fatal injuries to workers has shown a long-term downward trend overall. As a result, 28.2 million working days this year were lost due to work-related ill-health and non-fatal injuries compared to 30.7 million days last year; a significant improvement.

5. The HSE prosecuted less cases this year

2017/18 saw 11,522 notices issued by enforcing bodies, 493 cases prosecuted (or referred to COPFS in Scotland) by the HSE, and £72.6 million in fines from such convictions; and 2018/19 saw slightly less issued notices (11,040), more than 120 less prosecutions (364) and £54.5 million in fines — £18.1 million less than last year. However, the average fine per case this year is similar to last year (£150,000 and £148,000 respectively), which indicates that the significant drop in fines is most likely a result of the fall in HSE prosecutions.


HSE (2019) ‘Health and safety statistics’. Available at: (accessed: 11/11/2019)

HSE (2019) ‘Workplace fatal injuries in Great Britain, 2019’. Available at: (accessed: 12/11/2019)

HSE (2019) ‘Kinds of accident statistics in Great Britain, 2019’. Available at: (accessed: 12/11/2019)

HSE (2019) ‘Historical picture statistics in Great Britain, 2019 – trends in work-related ill health and workplace injury’. Available at: (accessed: 12/11/2019)

HSE (-) ‘European comparisons’. Available at: (accessed: 12/11/2019)

HSE (2019) ‘Health and Safety statistics in the United Kingdom, 2019’. Available at: (accessed: 12/11/2019)

HSE (2019) ‘Enforcement statistics in Great Britain, 2019’. Available at:

HSE (2019) ‘LFS – Labour Force Survey – Self-reported work-related ill health and workplace injuries: Index of LFS tables’. Available at: (accessed: 13/11/2019)

Safesmart releases Asset Management System

Asset Management, smartlog
Asset Management features barcode tagging & scanning, media attachments, bulk asset uploading and one-button reporting.

At the tail-end of July, Safesmart released an Asset Management system – the biggest update to Smartlog since the current version of Accident Reporting was introduced within the release of Smartlog 5 in September 2016.

Utilising an in-depth and interactive asset registering system and centralising compliance management are both desirable objectives for an organisation; especially in the education and healthcare sectors where regular government body inspections are carried out, and equipment, certificates and licenses have to be valid and up-to-date.

For no added cost to Smartlog customers, our Asset Management system achieves both the aforementioned objectives, providing vast monitoring capabilities in relation to overall compliance as well as asset value tracking – such as depreciation, damage, repair and item condemnation/write-off.

However because the management of assets/inventory does not consistently intersect with health & safety compliance, deficiencies within Asset Management will not be included in the ‘Checks & Tests’ facility on Smartlog – displayed separately instead within the Asset Management facility itself; but automated email alerts and hierarchical escalation remain.

Also featuring barcode scanning & tagging, media attachments, bulk asset uploading and one-button reporting; the facility has the capabilities and versatility to be utilised as a high-gear inventory control system or as a simple digital asset register.

You can read more about Asset Management here.

Health & Safety Compliance in the Digital Environment

‘Convergence Culture’

“Ready or not, we are already living in a convergence culture” declared Jenkins (Convergence Culture, 2006) during another period of booming technological advancement – notably the dawn of the smartphone age. In broader culture the term ‘convergence’ had already been borrowed from Biology, adopted in Economics, Mathematics and Computing; generally alluding to a theory that basically describes a phenomenon where some creatures living in the same environment – although unrelated to each other, will eventually morph into a similar structure independently or develop identical traits.

In Telecommunications Policy (1998) several authors describe technological convergence along the aforementioned biological lines: multiple functions/technologies predicted to eventually share the same platform either for necessity or to increase efficiency. Fast-forward more than 20 years and the digital landscape has not failed to live up to lofty predictions, with the modern internet certainly boosting the speed in which progress has occurred.

Currently it has become expected that almost every electronic device serves multiple functions. For example the wristwatch can now receive and make phone calls alongside serving as a digital running and exercise companion – surprisingly the (then lauded) Fitbit was only launched in 2010. However for Q3 of 2018, Apple’s Smartwatch leapfrogged Fitbit for second place in global shipments and market share, achieving a year-over-year growth of 54% compared to Fitbit’s 3.1% shrinkage; an impressive feat for a company merely incorporating a related activity into their ‘smartwatch’ platform – convergence reaping benefits.

Convergence Meets Compliance

Health & safety compliance has also experienced convergence, albeit at a slower pace than larger culture. Any potential advancements in the industry are of course expected to be subject to – and limited by health & safety legislation and regulations; and this is important because legislation (primarily the Health and Safety at Work etc. Act 1974) created the government agency Health and Safety Executive (HSE) and gave them (to be more specific, the Secretary of State for Work and Pensions) broad powers in forming prosecutable health & safety regulations.

However the enhanced accessibility of up-to-date and indexed legislation online through the HSE’s information portals has meant that external consultation of health & safety law is in essence no longer needed. Realistically a medium to small company can compose its health & safety policy internally with minimal prior expertise. Along similar lines, the subject of data protection law which was passed as the GDPR in 2018 and the Data Protection Act of 1998 before that (addressed by Whenmouth previously here) has in practice converged with health & safety under the broad umbrella of compliance.

Compliance – or in this context: ‘regulatory compliance’, is simply about an organisation adhering to internal and/or external regulations for which incurred penalties range from a small fine to full-blown prosecution. So for example, a fire risk assessment and GDPR training for the organisation’s Data Protection Officer/s (both which are mandatory under current law) and tangible proof that these activities have been completed (eg. certificates) means that a singular system that logs, stores, and makes this proof immediately accessible trumps alternatively having multiple separate systems for this, especially for convenience and time-efficiency.

Increasing efficiency normally results in the reduction of business operating costs; and the emergence of software that has the capacity to incorporate various related activities under the compliance umbrella has been inevitable. Another example: Human Resources programs and Learning Management Systems (LMS) operate at different points along the compliance scale, but the desire to integrate related functions into a singular platform has seen the emergence and growth of software like Smartlog, which both manages compliance-relevant employee data and allocates mandatory e-learning courses to selected members of staff.

The Importance of a Core Competency

In order to successfully sell units, a highly capable product still needs credibility, especially one that has converged. Much like Apple’s branding retaining its credibility in the fitness and health watch market (as mentioned previously) or Samsung’s vast electronics experience massively contributing in their overtaking of Nokia as the market leader for mobile phone unit sales in 2012: a core competency is needed in order to retain any market credibility and successful integrate.

Amidst the integration of health & safety e-learning, risk assessment templates, site management alerts, logs, task allocation & monitoring, and (soon to be) asset management into Smartlog; Safesmart’s core competency lies in a history of fire safety engineering and consultations as well as an active fire risk assessment service that is up and down the country every week. It is a brand that puts fire safety at the top of the compliance pile, with the experience and expertise to back this up.

This is mainly because fire safety remains the heart of workplace health & safety, with 11,141 accidental non-residential fires attended by the Fire and Rescue services in England during 2017/18. These incidents resulted in 12 fatalities and 653 casualties with notably 2,245 (20%) of the fires occurred in offices/call centres, retail and hospitals/medical care; reinforcing both the ethical and legal need for all types of businesses to conduct a thorough fire risk assessment regularly.

Overall fire accident deaths only accounted for 8.3% of the 144 total workplace fatalities in 2017/18, however alongside the devastating personal injuries and losses of life, fire incidents by nature also more often result in copious amounts of property and asset damage of which very few businesses would be able to recover from financially.


According to HSE (2018) there has been a long-term downward trend in the rate of fatal injury per 100,000 workers since 1989, with the 2017/18 rate around a fifth (1/5) of the 1988/89 figures. So evidently workplace safety has improved over the years; and alongside the technological leaps and bounds in communications during the last couple of decades, improvements are also occurring in the delivery of health & safety compliance management and training, especially in regards to efficiency.

Convergence continues to drive innovations in the digital sphere and larger society, but with seemingly endless possibilities in the amount of different business management functions that can be potentially converged into a single platform, any limit will simply depend on the business and their compliance needs. But objectively some functions are more important than others, especially in relation to the law; which essentially means that across the board there is a one size fits all option.


Bohlin, E. (ed.)(1998) ‘Convergence and new regulatory frameworks: A comparative study of regulatory approaches to Internet telephony’ in ‘Telecommunications Policy Vol.22, Issue 10′. Elsevier

Jenkins, H. (2006) Convergence Culture. New York University Press

Forbes (2010) ‘Getting Fitbit’. Available at: (accessed: 23/05/2019)

IDC (2018) ‘New Product Launches Drive Double-Digit Growth in the Wearables Market, Says IDC’. Available at: (accessed: 23/05/2019)

Deloitte (-) ‘Regulatory & ethical compliance: Navigating through choppy waters‘ . Available at: (accessed: 30/05/2019)

GOV.UK (-) ’Fire safety in the workplace’. Available at: (accessed: 30/05/2019)

GOV.UK (2019) ‘Fire statistics data tables’(Fire 0301 sheet). Available at: (accessed: 28/05/2019)

HSE (2018) ‘Workplace fatal injuries in Great Britain 2018’. Available at: (accessed: 23/05/2019)

GDPR and Schools – The Case for Training Up Teachers

The journey to GDPR implementation has been one heavily influenced by digital technology and our growing capacity to store enormous quantities of information and content. The reality of a massive storage space that can be accessed from pretty much anywhere around the globe is one driven by high-speed internet and headlined by Swiss Army knife level-of-versatile pocket PCs – smartphones and ‘phablets’. On the negative front, quicker access and mass centralised storage has also meant a higher potential for data breaches and leaks in methods – and at scales that physical documents, media, passwords and other locally stored information could never be lost or stolen.

Firstly, to rewind: the Data Protection Act of 1984 mainly dealt with how personal data (race, religion, criminal convictions, physical, mental and sexual health, etc.) was handled, purposed to legislate computer bureaus (essentially early IT companies), and pinpointed accountability in the event of data misuse through the introduction of an appointed Data Protection Registrar as well as a Data Protection Tribunal. As IT was fast beginning to play a larger and more integral role in companies, the law was playing catchup – attempting to govern the rising various avenues of potential data misuse.

Because at the time IT services were outsourced pretty much universally, in practice only IT staff were Registrars, and the average business did not see a need – or were mandated to appoint one. However, the introduction of the Data Protection Act of 1998 legislated that a data controller who wishes to process data had to register in a database that was under the control of the UK Information Commissioner’s Office. This act introduced less broad and more detailed offences for data breaches; for example making it a criminal offence to request that someone makes a Subject Access Request in relation to prior cautions or convictions (defined in the legislation as ‘sensitive data’) when attempting to hire or continue to employ them.

Fast-forwarding 20 years, the General Data Protection Regulation (GDPR) in 2018 for all members of the EU and the EEA created a denser paper trail for data collection and its use (as well as more accountability). For example each company/ organisation who determines how the data they collect or hold is used is known as a data controller, but whoever processes the data on behalf of the data controller is known as a data processor. The legislation says that the details of this relationship between the two organisations should be readily available upon request, with their controller and processor contract fulfilling several minimum requirements such as committing to a ‘certain level of confidentiality and security’.

Evidently over time, as each data protection regulation has passed more blind spots and loop-holes created mainly by advancements in digital technology have been closed or exposed; however a major problem with GDPR lies in its very name: it is still very general.  A multi-issue bill that covers a truly complex and dynamic environment means that it is genuinely difficult to apply the relevant sections of the law to one’s business or organisation as even the amount of employees as well as the type of data held or processed affects whether certain regulations begin to apply or not.

Schools are a prime example of this legislative nightmare. For instance, companies with fewer than 250 employees are exempt from keeping a record of their processing activities unless their “processing of personal data is a regular activity, poses a threat to individuals’ rights and freedoms, or concerns sensitive data or criminal records” (European Commission, 2018).

Schools hold – and process enormous amounts of personal and sensitive data

As of 2016/17 UK schools have an average of around 16 full-time teachers per school (BESA, 2018) and even when factoring in part-time teachers, administration, site and contractual staff, the 250 employee threshold remains a long way away.

However state education officials and staff are carefully monitored and are held to the highest of standards in regards to a criminal record for example, and therefore their data is collected and held by their school employer as part of the previously mentioned “regular activity”. Therefore according to the law a Data Protection Officer (DPO) must be appointed in this event – even though the employee threshold has not been met. Additionally schools also hold enormous quantities of data about current and past pupils, of which requires even stricter measures of safeguarding under GDPR.

So evidently a school DPO – or DPOs have their hands very full with the two separate sets of data they have to safeguard, which both carry differing levels of required compliance in terms of how it can be processed. Therefore staff GDPR training or awareness courses are of the utmost importance in the education sector – from nurseries to notably universities and colleges, who typically employ more staff members than schools and enroll significantly more students.

Although each organisation sets internal levels (or standards) of compliance on top of mandatory regulations, GDPR training is necessary not just to avoid data misuse or breaches but to show an earnest attempt to comply with the law in the event that one occurs anyway, because ignorance is not a solid defense in court.

‘Smartlog’, Safesmart’s compliance and health & safety training software includes among its 20 training courses a basic GDPR training course as well as a much longer, more extensive course that is purposed for an organisation’s DPO. Up-to-date knowledge and frequent refreshment courses concerning the application of legislation are very helpful in promoting a more professional educational environment where students and teachers’ personal data is handled and stored much more carefully and in accordance with current law.


Bibliography (-) ‘Data Protection Act 1984 (repealed 1.3.2000)’. Available at: (accessed: 21/02/2019)

Law Society of Scotland (2017) ‘GDPR – Do you need a data protection officer?’. Available at: (accessed: 21/02/2019) (-) ‘Data Protection Act 1998’. Available at: (accessed: 21/02/2019)

European Commission ‘Rules for business and organisations’. Available at: (accessed: 21/02/2019)

GOV.UK (2018) ‘National Statistics: School workforce in England: November 2017’. Available at: (accessed: 21/02/2019)

BESA (-) ‘Key UK education statistics’. Available at: (accessed: 21/02/2019)


Does my business need to be compliant?

One of the first questions a business should ask in order to both a) abide with current law, as well as b) to keep employees aware of, and equipped against the variety of hazards that are often present in a work environment. Then after this it gets really complicated.

“What does the law say regarding _?”

“What mandatory information does my staff need to know regarding health and safety?”

“What is the best procedure in the event of an accident or incident at work?”

“How do we as a business best handle personal conflict between employees at work?”

Different workplaces present different challenges

Next, different parameters also have to be considered: which industry is your business in? And how many workers do you have? (The amount of employees affects what parts of the legislation begin to apply to your business).

Workforce Issues

And most, if not all of the time, compliance is simply a step towards safeguarding your employees and keeping a hazard-free work environment. For example RIDDOR reported 14 fatal work-related injuries in 2017/18 and according to the Labour Force Survey there were also over 600,000 non-fatal injuries to workers in the same period. Estimates also count around 13,000 deaths a year linked to past exposure of toxins at work – primarily chemicals or dust.

The general well-being of employees also affects productivity. For example HSE reports that in 2017/18 25.8 million working days were lost due to work-related ill health, as well as 15.4 million working days lost due to work-related mental health issues.

With your workforce’s physical and mental health to be considered in the day-to-day running of both small and large businesses alike, an in-depth understanding of your overall work environment in relation to the complex relationships individuals in an organisation might have to both each other and their physical environment is crucial to running a business successfully.

Therefore compliance becomes more than just abiding with the law, but using the knowledge and expertise of professionals in order to create a comfortable work environment for stakeholders in your business – unsurprisingly, positivity and professionalism can be sensed by your customers, especially if employees are confident in their own well-being and safety whilst at work.

Compliance training and relating procedures can be a timely process

Making the decision

Compliance of the law is therefore just another building block to a healthy work environment, but understanding one’s own specific needs is very time consuming. For example, between 2015/16 and 2017/2018 the education industry suffered the highest rates of stress, depression or anxiety at 2100 people per 100,000 (2.1%) when compared to average all industry rate of 1.3%; and additionally the causes of these issues range from the workload amount to workplace violence/threats or bullying.

Clearly nuance and care is needed in determining what best fits and works for your company, but thankfully there are specialist and knowledgeable advisors who can help you figure out your specific needs so you can take the next steps.

Who are we?

Safesmart is primarily a provider of an online management and compliance software called Smartlog, but we also offer consultancy on health and safety for small, medium and large businesses alike. Different industries have differing concerns and needs, ranging from an extensive risk assessment for a construction firm to booking a legionnaire awareness course for a small local pool for example; and budgets differ from company to company.

However Safesmart is tailored with this in mind; enabling a growing business to manage maintenance, compliance, accident/incident reporting (RIDDOR) – and many more, on one portable and versatile platform – Smartlog. We are very affordable – competitively so, and ever-improving our customer’s capabilities within our software enabling them to have a dedicated health and safety compliance database and program, giving them less to worry about.

You can find out more here:


HSE (2018) ‘Work related stress depression or anxiety statistics in Great Britain, 2018’. Available at: (accessed 06/02/2019)

HSE (2018) ‘Work-related ill health and occupational disease in Great Britain’. Available at: (accessed 06/02/2019)

HSE (2018) ‘LFS – Labour Force Survey – Self-reported work-related ill health and workplace injuries: Index of LFS tables’. Available at: (accessed 06/02/2019)

CPD Certified Online Training
















We are pleased to announce that our online training courses are now CPD certified on their 1st submission. All our online training courses have been created by our health & safety, fire safety and compliance experts and on Tuesday the CPD Certification Service informed us that our 20 online training courses on Smartlog 5 meet their standards. This is testament to their detail & quality.

The CPD certification service have independently checked that the material in our training courses meets their standards.

Safesmart now provide ‘CPD Certified’ online training to unlimited users at an affordable price per site location.

‘The CPD Service’s recognised and authoritative CPD Member and CPD Certified symbols offer institutional associations, educational providers and consumers alike reassurance that the material concerned achieves the qualitative standards required by all parties.’ 



MK Citizen – Children in Need

MK Citizen Children in Need


We raised £1,122 pounds for Children in Need on Friday the 16th of November.

On the day staff also made donations and took part in donation entry spot themed games such as a Connect 4 championship and a charity raffle for a Christmas hamper. This was amongst our work and our fire safety engineers on the road even sent in pictures of their decorations for the day. The prize for the Connect 4 champion was an extra day of holiday and so things got tense and competitive too. There was also a prize for the best dressed which went to Ramos for his awesome unicorn style outfit with his colorful waistcoat and hat. He is very happy to feature in the MK Citizen as a unicorn ☺

It was a fun day had by all raising money for an excellent cause. It’s great that MK Citizen featured us and we hope our activity may inspire more SMEs in Milton Keynes and around the UK to take part and be creative with fundraising ideas.

We hope to go bigger next year and support more charities that keep people safe in line with our mission to improve safety, efficiency and affordability.




The Problem with Risk Scores and a Risk Matrix

risk score risk matrix image

Increasingly year-on-year health and safety management is incorporating lots of statistics that are recorded, monitored and reported on a regular basis using health and safety software. This software improves management and ensures things are not forgotten, particularly if like Smartlog, risk assessments automatically assign tasks to individuals and remind them via email so that they take corrective action. On the other hand it can be considered that too much focus on statistics, in particular risk scores in a risk matrix can hide certain hazards by focusing on other hazards due to their numeric values. Moreover whilst statistics and reporting are great to measure progress and identify frequently occurring accidents, it is evident that the majority of time in health and safety management should be on prevention by design, planning and training.

Whilst risk assessments that feature risk scores can list a multitude of different levels of hazards for identification and review purposes, they create confusion over what is the most likely to happen and what is the highest severity of harm, as peoples’ perceptions of risk and severity differ. Risk assessment categorisation of risk focusing on likelihood and injury severity together under the term priority and then setting normal or high priority is a better system as issues are fixed quicker based on priority and not based on the subjective aspect of severity which is circumstantial in every case. For example tripping on the stairs because of a worn surface can be unlikely and can often only result in minor injury accidents however it can also result in death; this highlights the potential issue with risk scores in a risk matrix which might rate this with a low numerical value for both likelihood and severity.

An Outdated System?

In health & safety management risk scores and the risk matrix structure could be considered as a 20th century management tool originating from paper based risk assessments as a way of highlighting risk within the lines and columns on a paper risk assessment to decide which should be considered first. With 21st century cloud based health and safety software like Smartlog, risks are automatically moved to the top a priority action list and removed when they are resolved. Today’s quick priority identification and resolution via software means it is questionable what purpose risk scores achieve in today’s era of health and safety management with quick software that can facilitate quick corrective action if it’s designed that way.

The concept of risk and risk assessments has a long history. More than 2400 years ago the Athenians offered their capacity of assessing risk before making decisions and over the years it has become central to keeping people and operations safe. The introduction of The Health and Safety at Work etc. Act 1974 and The Management of Health and Safety at Work Regulations 1999 introduced documentation and management rules however there is no mention in these two pieces of legislation about the use of risk scores or a risk matrix in risk assessments.

Analysis – HSE

In fact risk scores and risk matrices are not mentioned in any health and safety legislation. Risk score matrices are mentioned on the HSE website but it’s only written that a risk matrix can be used, not that they must be used. In the Risk Management FAQs part of the HSE website here: they have written:

‘Most businesses will not need to use risk matrices. However, they can be used to help you work out the level of risk associated with a particular issue. They do this by categorising the likelihood of harm and the potential severity of the harm. This is then plotted in a matrix (please see below for an example). The risk level determines which risks should be tackled first.
Using a matrix can be helpful for prioritising your actions to control a risk. It is suitable for many assessments but in particular to more complex situations. However, it does require expertise and experience to judge the likelihood of harm accurately. Getting this wrong could result in applying unnecessary control measures or failing to take important ones.’

(Accessed 19/11/2018)

The HSE explicitly mention here that getting risk scores wrong can result in failing to take important control measures. This is the issue and danger with using risk scores.

The HSE do not state that a score or colour rating of risk about the likelihood of risk occurring or severity is needed or that score and colour needs to be recorded or have a matrix. There is no mention of it on HSE’s website, in risk assessment examples from the HSE or in health and safety legislation. Moreover there is no mention of it in their risk assessment guide, HSE document indg163.

The image of the risk matrix shown in the HSE’s mention of risk matrices on their website shows the complexity and subjectivity issue of deciding on a combined numeric value and colour for a risk. This is an example of a 3×3 grid matrix; when a grid gets larger e.g. 10×10 there can be the possibility of even more confusion, differences in opinion and lack of consistency in scoring amongst people.

risk matrix risk score hse website screenshot

An article in IOSH magazine from an independent health and safety consultant also mentions that ‘in most cases it is not possible to quantify either the likelihood or the severity with such accuracy, we make relative judgements’ furthermore she writes that:

‘To avoid confusion, ditch the numbers and replace “mostly harmful”, “unlikely” and so on with descriptions that match your organisation’s risk profile, and simply use the coloured areas to categorise the risk bands.’

Clearly it is also questionable as to what purpose the colours even serve if high and normal priority settings are used with health & safety management software that facilitates speedy corrective action in a priority list format. In summary she also concludes her article by writing ‘Poorly understood severity and likelihood categories and arbitrary risk bands will lead us to draw the wrong conclusions.’

Similarly the author of the article also presented a presentation named ‘What is significant risk?’ at the 11 February 2014 IOSH London Metropolitan Branch Meeting. This presentation sought to highlight the issues and over complexity of quantitative risk assessment (QRA) risk matrices based on risk scores amongst IOSH members.

Moreover the same author mentioned in another IOSH magazine article that ‘In most cases, we don’t have enough reliable data for QRA. Rather than sticking numbers on to categories and mistakenly calling assessments quantitative or semi-quantitative, we should be proud of producing high-quality qualitative risk assessments.’ Risk assessment that focuses on high and low priority allocation of corrective action and descriptive text from hazard assessment rather than numbers is qualitative rather than quantitative.

Regarding risk assessment methodology it is Safesmart’s view that you should choose a qualitative risk assessment so not to come across the issues of risk scores in the prioritisation of corrective action tasks based on over complexity via numbers in a risk matrix structure.

As you can see in the HSE’s risk assessment template there is no mention of risk scores or a risk matrix:

HSE risk assessment template

The HSE’s sample template can be found under resources here:

INDG163 is the HSE’s legal guidance for completing risk assessments.

In document INDG163, The HSE state that in a risk assessment you need to:

– Identify the hazards
– Decide who might be harmed and how
– Evaluate the risks and decide on precautions
– Record your significant findings
– Review your risk assessment and update if necessary.

Regarding HSE legal requirements for risk assessment it is important to remember that there is no required format for risk assessment so long as within the format you can achieve these aspects mentioned in INDG163.

INDG163 no mention of risk score risk matrix

Evaluate the risks and decide on precautions:

In this section on p2 of HSE document INDG163, it does not specify that a risk likelihood, severity score, colour rating or risk matrix needs to be recorded. It just mentions that you have to decide ‘how likely it is that harm will occur and what to do about it.’

On p2 of HSE document INDG163 in the ‘Evaluate the risks’ information section it states:

‘Having identified the hazards, you then have to decide how likely it is that harm will occur, ie the level of risk and what to do about it. Risk is a part of everyday life and you are not expected to eliminate all risks. What you must do is make sure you know about the main risks and the things you need to do to manage them responsibly.’

Record your significant findings

When recording a risk assessment, the HSE state on p3 of INDG163 that ‘any record produced should be simple and focused on controls’. They state you need to ‘record of your significant findings – the hazards, how people might be harmed by them and what you have in place to control the risks.’

The passage reads:

‘Record your significant findings, Make a record of your significant findings – the hazards, how people might be harmed by them and what you have in place to control the risks. Any record produced should be simple and focused on controls.’

Putting hazards in order

On p4 of HSE document INDG163 it’s stated that the hazards identified need to be put in order of importance to address the most serious risks first.

The HSE state on p4 of INDG163 that:

‘If your risk assessment identifies a number of hazards, you need to put them in order of importance and address the most serious risks first.’

 By stating simply whether a hazard is normal or high priority it can be clearly and simply differentiated which hazards are high priority.


In addition to the HSE’s comments about the danger of using risk scores and a risk matrix the ‘Health and Safety Laboratory’ (HSL) the research arm of the HSE have also conducted research on behalf of the HSE about ‘Good practice and pitfalls in risk assessment’ in the 2003 research report 151 (RR151).

RR151 mentions the following pitfalls that seemingly could be the case with quantitative numeric focused risk assessment with risk scores and risk matrices:

• ‘Carrying out a detailed quantified risk assessment without first considering whether any relevant good practice was applicable, or when relevant good practice exists’

• ‘Making decisions on the basis of individual risk estimates when societal risk is the appropriate measure’

• ‘Inappropriate use of risk criteria’

RR151 risk score risk matrix post

Moreover on p32 under the title of individual risk measures RR151 mentions a problem with numerical risk scores in a matrix:

‘Each risk box in the matrix represents the combination of a particular level of likelihood and consequence, and can be assigned either a numerical or descriptive risk value (the risk estimate). If numerical consequence and likelihood category indicators are used, it is common to estimate the risk values as the product of the likelihood and consequence values, as a convenient way of ranking the risks. Care should be taken if such an approach is adopted as, for example, hazards of low severity and high likelihood will receive the same risk value as hazards with high severity and low likelihood. Although the risk values may be the same, the response to these different hazards in terms of priority for correction may be very different (St John Holt, 1999), and care therefore needs to be taken to ensure the method for estimating risk results in values or categories that can be interpreted appropriately.’

Furthermore where there is mention of quantitative numeric risk assessment on p14 in RR151 it is not mentioned as a legal requirement it is just written that:

Where the hazards presented by the undertaking are numerous and complex, and may involve novel processes, for example in the case of large chemical process plants or nuclear installations, detailed and sophisticated risk assessments will be needed, and it is appropriate to carry out a detailed quantitative risk assessment in addition to the simple qualitative assessment. Quantitative risk assessment (QRA) involves obtaining a numerical estimate of the risk from a quantitative consideration of event probabilities and consequences (in the nuclear industry the term ‘probabilistic safety analysis’ is used in place of QRA).’

Regarding RR151 it is important to remember that ‘This report and the work it describes were funded by the Health and Safety Executive (HSE). Its contents, including any opinions and/or conclusions expressed, are those of the authors alone and do not necessarily reflect HSE policy.’

But ‘it is hoped that this report will provide useful guidance for Inspectors involved in the assessment of industry risk assessments on the appropriateness of the adopted approaches, and also to practitioners in industry involved in the process of carrying out workplace risk assessments of how to avoid common pitfalls.’

There is a lot of research online that criticises the use of a risk matrix and we encourage you to research and read this to understand the issues.

Examples of academic texts include Louis Anthony Tony Cox of the University of Colorado Department of Biostatistics and Informatics who wrote a journal article in 2008 for Risk Analysis the official publication of the Society for Risk Analysis in which risk matrix limitations are listed – the abstract of this journal article called ‘What’s Wrong with Risk Matrices?’ can be viewed here

As well as this, a well written piece called ‘The Risk of Using Risk Matrices’ was published in September 2013 for the Society of Petroleum Engineers, SPE Economics and Management Journal. It was written by Philip Thomas, SPE, and Reidar B. Bratvold, SPE, University of Stavanger; and J. Eric Bickel, SPE, University of Texas at Austin. They have written in this article about risk matrices (RMs) saying that:

‘Despite these claimed advantages, we are not aware of any published scientific studies demonstrating that RMs improve risk-management decisions. However, several studies indicate the opposite: that RMs are conceptually and fundamentally flawed.’

Moreover this journal article is concluded with the following:

‘In this paper, we have illustrated and discussed inherent flaws in RMs and their potential impact on risk prioritization and mitigation. Inherent dangers such as risk-acceptance inconsistency, range compression, centering bias, and category-definition bias were introduced and discussed by Cox et al. (2005), Cox (2008), Hubbard (2009), and Smith et al. (2009). We have also addressed several previously undocumented RM flaws: ranking reversal, instability resulting from categorization differences, and the LF. These flaws cannot be corrected and are inherent to the design and use of RMs. The ranking produced by RMs was shown to be unduly influenced by their design, which is ultimately arbitrary. No guidance exists regarding these design parameters because there is very little to say. A tool that produces arbitrary recommendations in an area as important as risk management in O&G should not be considered an industry best practice.’

A summative key point to take from HSE INDG163 is that it’s written there that:

‘Any record produced should be simple and focused on controls’

Risk assessment risk scores are not simple and as the HSE says themselves ‘could result in applying unnecessary control measures or failing to take important ones.’ The other benefit of keeping risk assessments simple is that they can be understood and conducted by all to help improve health & safety management and awareness across a whole organisation. Engagement and awareness of staff in health and safety is proven to reduce the likelihood of accidents.

Does Smartlog have numeric risk score scales, colour coding or a risk matrix structure?

No, Smartlog has been designed to keep risk assessment simple and efficient in order help you improve safety quickly. In HSE document INDG163 on page 3 it’s actually stated that ‘any record produced should be simple and focused on controls’. Safesmart believe in safety through efficiency.

Smartlog’s qualitative risk assessment structure focuses on actions to improve safety and lower risk. Actions to correct hazards. Rather than having the option to give a numeric score or colour rating for a risk, Smartlog focuses on pass/fail questions with comments & images to ensure compliance and clearly show what action needs to be taken to improve safety via the selection of normal or high priority.

Scoring a risk out of 5 for example may mean that lower numbered risks are ignored or forgotten about. As mentioned earlier in this blog post, The HSE write online that ‘Getting this wrong could result in applying unnecessary control measures or failing to take important ones’.

Checks & Tests

Low risk hazards that may or may not have significant severity are still important and Smartlog ensures that all risks are clearly visible putting high importance hazards at the top of the interactive to-do list called ‘due checks & tests’ automatically based on answers to risk assessment questions and the selection of high or normal priority. Based on risk assessment answers, reminders are also sent to remind individuals to take corrective action, there are also reminder escalation levels so seniors are notified if action hasn’t been taken by tasked individuals. When corrective action is taken the due check & test is moved to complete and the risk assessment is updated accordingly so focus can again be on remaining corrective action that needs to be taken.

Safesmart’s view is that there is extensive difficulty in determining a score number for the likelihood and severity of risks as it’s a subjective process. As well as creating the issue of lower risk score hazards being forgotten, deliberation over scores can create confusion and waste time when the priority of a risk assessment is improving safety. Evidently time should be spent on this, not deliberating about the scoring of everything with a number or colour. Due to the nature of this subjectivity, discrepancy and difference in reporting by different individuals, issues are inherent in number & colour scoring of risk assessments. This means that compliance monitoring is affected, thus creating the possibility of confusion and misinformed decision as a consequence of scoring.


We hope reading this article has highlighted the issue of numeric risk scores and risk matrices. If you are still using a risk matrix with risk scores for your risk assessment process we urge you to reconsider and discover Safesmart’s Smartlog software. Our software is designed for fast and efficient risk assessment needed in today’s 21st century management environment that seeks to involve all in improving safety without unnecessary over complication and bureaucracy. Smartlog’s risk assessments are always live, always assigning corrective action and always helping to save lives.