Health by Design Systematic Risk Management

Identifying and managing risk early in the project lifecycle is healthier, safer, and cheaper overall than fixing issues later. Risk created or existing in the early stages of the lifecycle will have knock-on effects that impact on individuals or groups.

 Knowledge from risk management practices gives us many fantastic systematic processes to draw upon to give us a view of how to manage Health by Design. It is vital to remember that although we must manage the legal requirements associated with design, health and wellbeing offers so many more opportunities for better performance and a happy workforce, which can also be identified through risk management techniques.

Managing risk is central to many professional disciplines including designers, project managers, engineers, operational management, occupational health specialists, and health and safety specialists. Each professional discipline may come to their activities with different mindsets and tools to achieve what’s needed. Only by the collective engagement of these disciplines will you be able to manage Health by Design.

Laws relating to Health by Design fall largely under the umbrella of the Health and Safety at Work etc Act (HASWA). They are there to manage the many known risks in the design and delivery of a product, but they also include conditions to look for new and less well-known risks. Regulations include:

  • The Management of Health and Safety at Work Regulations
  • The Workplace (Health Safety and Welfare) Regulations
  • The Manual Handling Operations Regulations
  • The Control of Noise at Work Regulations
  • The Control of Vibration at Work Regulations
  • Control of Substances Hazardous to Health Regulations (COSHH)
  • The Provision and Use of Work Equipment Regulations
  • The Control of Asbestos Regulations
  • The Personal Protective Equipment at Work Regulations.

Requirements of the Equality Act are also paramount in good design.

The Construction (Design and Management) Regulations also need to be considered in Health by Design work, as they impose duties on clients and designers, and they require construction phase plans and a safety file to identify how risks are being managed. This type of information is invaluable to those attempting to improve Health by Design, whether is part of the CDM regulations or not, because it offers useful information and solutions to design development.

The RSSB Guidance Note on the CSM for Risk Assessment is written for railway use. It only aligns in part to Health by Design; however, the tools and perspective can be useful for the general management of risk:

The key elements to draw out from the guidance are:

1. Systems Definition

This forms the basis of hazard identification and risk analysis at the various stages of a project, and so should be treated as a live, evolving document. It also acts as a repository of the identified safety requirements and project assumptions as the project develops and once the risk assessment process has been completed. As with all of these key elements the level of detail should be sufficient to support the hazard identification process and risk analysis, and so should be proportionate to the size and nature of the change project.

The system definition should address at least the following issues:

a) system objective, e.g. intended purpose

b) system functions and elements, where relevant (including e.g. human, technical and operational elements)

c) system boundary including other interacting systems

d) physical (i.e. interacting systems) and functional (i.e. functional input and output) interfaces

e) system environment (e.g. energy and thermal flow, shocks, vibrations, electromagnetic interference, operational use)

f) existing safety measures and, after iterations, definition of the safety requirements identified by the risk assessment process

g) assumptions which shall determine the limits of the risk assessment.

2. Hazard Identification

Identifying hazards is the foundation of the risk management process, and therefore it is vital to identify a comprehensive and complete list of all reasonably foreseeable hazards. The hazard identification stage is usually iterative, requiring review and revision as a project develops and more information becomes available. The hazard record is the output of the process and should be considered a live record.

A robust, sensible and efficient approach to hazard definition is one where a clear distinction is made between hazards and causes. This helps to ensure that:

a) The number of top-level hazards is kept to a manageable level.

b) A more effective link between the hazards and the accident outcomes can be made.

c) Individual causes can be effectively mitigated by lower level decision makers or actors in the project, while still allowing an understanding of overall system safety

Some hazard identification approaches are desk-based (typically involving an individual working alone), others are workshop-based bringing together expert knowledge in a collaborative environment. A hazard identification exercise may involve a combination of the two. Desk based approaches can include: a review of historical data or a Functional Hazard Analysis (FHA). Workshop based activities may go from a structured Hazard and Operability (HAZOP) type study to a more informal 'brainstorming' exercise.

3. Risk Evaluation and Risk Acceptance

The risk evaluation and acceptance part of the risk assessment process takes as its starting point a classified list of hazards and delivers the following:

a) A set of safety requirements, which are the safety measures that will be put in place to control risk to an acceptable level (these are documented in the system definition and hazard record)

b) An updated hazard record and system definition

c) A justified decision that the risk will be acceptable if all the safety requirements are met

The CSM RA regulation defines three risk acceptance principles:

a) Application of codes of practice (Existing industry codes of practices such as Rail Industry Standards (RIS) are seen to meet some of the safety requirements of the new system)

b) Comparison with reference system(s) (the system brought into use has safety requirements that are directly comparable to an existing system set of safety requirements that are already accepted)

c) Explicit risk estimation (A or B are not met and therefore these safety requirements need their own explicit risk estimation. There is no single ideal explicit risk estimation method or technique that should be applied in all cases, but there are various commonly used methods or approaches which may be appropriate for a change project depending on its size and nature such as Bow Tie Diagrams and Failure Mode and Effects Analysis (FMEA)).

4. Safety Requirements

Safety requirements can be considered as those safety measures (Qualitative and/or Quantitative) that are needed to be implemented in order to demonstrate that the safety targets (Hazards) of the new system or change have been met. Safety measures are seen as a set of actions either reducing the frequency of occurrence of a hazard or mitigating its consequences in order to achieve and/or maintain an acceptable level of risk.

Safety requirements could include any of the following:

a) Requirements to implement features or functions of technical systems associated with the change

b) Requirements to deliver minimum levels of integrity for functions of technical systems

c) Requirements on the operational and SMS arrangements, such as provision of user manuals, provision of driver training, updates to operational procedures and restrictions on use

d) Requirements on the maintenance arrangements, such as provision of tools, spares, special equipment and maintainer training, and inclusion of certain checks within maintenance procedures

e) Any temporary restrictions introduced for an initial period of operation to control.

5. Hazard Management

Hazard management is concerned with how identified and analysed hazards are addressed in a proportionate manner. A key part of this process is recording and demonstrating how hazards have been or will be controlled to ensure risk is acceptable and the proposed change will be safe.

The risk management process can be regarded as a process of identifying all hazards and then moving them all to closure. A hazard is closed when there is demonstrable evidence that the safety requirements controlling the hazard have been met. However, some safety requirements may only be fully implemented once a system is in operation.

A hazard record contains information about each hazard and usually takes the form of a table with a row for each hazard and columns for the different sorts of information that is kept for each hazard. The table may be maintained using a database, spreadsheet or word processing tool. A database may be more appropriate for more complex projects where there are a significant number of hazards from various sources. For simple projects with a small number of hazards a simple word document may be enough.


These headings form the basis of a systematic risk assessment and are well defined within the document. As you follow steps 1 to 4 you will uncover more information to understand the hazard management required. Once you have developed a first set of hazard management requirements and you form a picture of hazard management, they will change the system definition (step 1) and you will have to go through the process again. You will have to repeat this until a solid set of requirements are built and hazards are surfaced and considered as controlled to the appropriate risk level.

Log in or register to keep reading
Register for free individual access
  • Unlock research, articles and more
  • Get updates on RSSB’s activities





Need some help?
To talk to us about accessing RSSB content or corporate membership:
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.