Risk assessment is the process of evaluating risks to your organisation, its activities and, crucially, your staff in a specific location. 

Assessing the security and safety risks in your operating context helps the organisation meet its duty of care obligations and enables you to make more informed decisions about the measures and actions required to manage staff security and safety in your location. 

[toolbox-standout-box]Threats most likely to occur, and which would have the greatest impact on staff, assets, programmes or the organisation, pose the greatest risk. These risks should become the focus of your security and safety measures.[/toolbox-standout-box]

It is important to properly document these risk assessments as a formal record of the risks faced by staff. Documented assessments will also support the rationale for necessary security expenditure on physical security measures, equipment, training or other security approaches. 

A structured risk assessment process involves five stages: 

1. Identify threats – identify all the possible security and safety threats in the location.
2. Evaluate threats – evaluate each threat to understand how, when and why it occurs, and the degree to which staff, assets and programmes are vulnerable.
3. Determine risk – consider the likelihood and potential impact of the different threats, given the measures and procedures already in place, to ascertain the level of risk involved.
4. Mitigate risk – identify additional strategies, measures or actions that could help reduce certain risks to an acceptable level.
5. Document assessment – the risk assessment process should be documented, including the key findings and mitigation measures adopted.

Risk assessments should be reviewed and updated on a regular basis to reflect changes in the operating environment, and to ensure that appropriate security measures are in place at all times.