Hello, 

I'm currently trying to get out of a bad contract with a service provider that shall not be named, that we'll call 'Subinsular'... My argument is that the service is simply not fit for purpose for a business of our size that deals with the manufacture and import/export of medicines and dangerous goods.

One of the many points explored in my complaint was that the systems risk assessments do not go into any sufficient level of detail, e.g. they only allow 300characters per risk and there is no evaluation of the severity of risk.

The rep states; "It is now common practice in health and safety to steer away from scoring risk assessments as it is seen as being far too subjective"

Whilst I do understand the limitations of the severity matrix in its various forms I thought it was a HSE requirement to explore the severity? 

I was to understand that under COMAH it is a requirement to consider whether there is the minimum information present as required by Schedule 4 part 2 para 4 b, "assessment of the extent and severity of the consequences of identified major accidents".  HSG 190 at Para 324 states that for the assessment of the extent and severity, the range of scenarios considered must be representative and suitable for emergency planning. HSG 191 (Emergency Planning for Major Accidents) paragraph 75 explains Local Authority Emergency Planners require information, amongst other things on:

• The potential effects of the dangerous substances on people;
• The possible consequences of a release of dangerous substances to people;
• What events could give rise to a release;
• What distances the substances will be dangerous to people;
• What level of harm will the dangerous substances pose;
• How likely and how potentially serious are the events.

The guidance says that this key information is required from the operator's safety report. The report must provide clear information on the impact of the potential major accident scenarios to satisfy the requirement of Schedule 4 part1 Para 4 of the regulations. 

If anybody could help clarify this for me it would be appreciated.

Thank you.

Originally Posted by: Kate

HSE certainly does require very detailed analysis including of severity (down to how many fatalities) on major accident hazards, which is what COMAH is about.  But is yours a COMAH site?

For low risk activities, HSE have sample risk assessments showing their expectations here: http://www.hse.gov.uk/risk/casestudies/index.htm

These do indeed do away with ratings of any kind.

I'm not sure, we're not a huge petro-chemical plant, we're a small-medium (76employees) group of international trading companies, three sister companies and one subsidary spread over three sites, we manufacture, import and export dangerous goods (fuels) and medicines for MOD and emergency services, police, navy, army etc. all over the world.

We've had one serious life changing (explosive) incident three years ago that is still being investigated by the HSE. I don't think we are 'low risk' and think the simplicity of the service provided is too basic for our companies needs.

I am assuming that your “service provider” are acting as your competent person?  If so what exactly is their role?

• Do they do your risk assessments? If so why are they competent to do them since you should really be the experts in this area?
• Are they providing the risk assessment profromas? Is this a system they bought in or is it one they developed? One reason am I nervous about using a completely electronic type H&S management system is that one size does not fit all and it should be capable of being adapted to a specific user. You say yourself that you are not a typical company and you are handling an interesting range of substances.  You really require someone who understands the issues and can work with you to manage them
• Where they brought in after the “incident”? Was it a bit of a knee jerk reaction after the HSE turned up on your doorstep?
• Contractual issues are beyond my remit but usually there are break points when either sides can agree stop without suffering any penalties.  When is the next one due?   

You are required to demonstrate that risks are As Low As Reasonably Practicable (ALARP).  I doubt you will be able to do that in all cases with a 300 character limit.  So how is your service provider planning to do this?

It is totally stupid to allow a software tool to compromise how you manage your risks.  However, the service provider may be supplying what you asked for originally, so you may have a commercial struggle.  It is equally important that you are an intelligent customer, so you do really need to know what you need.  The service provider can offer advice, but you must specify your requirements and they can then decide if they are able to satisfy them or not.  Arguing about how severity of risk is covered is probably not addressing the fundamental issues.

Well, because the system is so clunky (not at all user friendly) it simply hasn't been utilised for the past 18months, they've brought me in to try and play catch up and get them up to standard, managed to scrape us through the ISO:9001:2015 Quality transition, and now working on 14001, whilst managing Health and Safety over four companies on three sites too.

We have had three site visits, H&S audits, in the past 18months so we have had some functionality from them, and we do have two days training in the bank with them which we'll be using for Fire Marshal training to comply with the fire risk assessment I wrote. 

One H&S guy I respect suggested I 'overuse' the service with them so we really get our monies worth and they might be more inclined to release us from the contract if we are costing them time and money.

We are backing up all our documents and doing all our risk assessments etc. in house now in anticipation that this contract will definitly end one way or the other (in 18 months if they wont budge, or before if possible)

I really don't know that the contractor would offer us the protection we would need in the event of another major incident, I suspect they could just wriggle out of it for non-compliance as we have some overdue tasks because the system hasn't been used properly.

Next communique I have with them I'm going to ask if they can extend the character limit to be fuller to cover the complex issues we face, if they claim the system was bespoke for our company then it should be adaptable right? we'll see! thanks for your help all.

Self and Hasty, I'm with James on this.

You've identified that what this supplier is giving you is not fit for purpose as regards your risk assessments.

Do what the law requires - "suitable and sufficient" with documentation that helps you get the message over to those who do the relevant tasks.

On the basis of what you describe it would be very difficult to do this with a pre-determined word count, unless you can achieve mostly via graphics.

Leave the lawyers to sort out the contractual implications (though they will need support in demonstrating why the supplier is not delivering what you need).

Good luck.

Had I been at the helm before the contract was taken out I would have never gone with them in the first place. I would have researched a lot, and if I didn't have the skills myself I would have gotten someone in who did, not outsourced something so vital as H&S.

(@Peter , There is no application of graphics unless it's just an uploaded document to the blank template, no intergration of documents. So really it's just a platform for me to upload my in-house documents, which really surves little to no purpose)

I'm sure that for a simple office based business with minimum low risks then the system would be sufficient for covering against litigation in the event of an accident. However I'm sure that the system is insufficient for our business, especially when it's not being used properly by anyone, because it's not user friendly let alone exploring it's limitations. 

I have a rep from the company coming to visit me next week to go over the contract and the complaint in more detail, so please keep your suggestions and advice coming so I'm armed with decent peer responses when it comes time to do battle!

Again thanks.

You could start by asking the rep what their evidence base is for the statement:

"It is now common practice in health and safety to steer away from scoring risk assessments as it is seen as being far too subjective"

ditto why they don't think that an assessment of severity might be required as part of any assessment.

Does the rep have any experience as a health and safety professional or are they essentially just a salesperson?

In my experience it is common practice in health and safety both to score and to include an element of severity in the computation. There are many issues to be addressed in many systems used for risk assessment, but some form of prioritisation is usually helpful whilst if there is no assessment of likely/reasonably foreseeable or whatever severity is fairly essential, even if it's only the gut feeling when you are doing an assessment in your head!

This posting is not appropriate for an erudite debate on e.g. the shortcomings of many e.g. numeric risk matrix assessment processes, since the basis of the question is at another level entirely!

Edited by user 17 August 2018 12:48:06(UTC)  | Reason: Moved some words into more logical position

Elf and Hasty (like the name by the way!!) - I think the consultancy have been very careful in their response - they do not say that severity need not be considered - they suggest that 'scoring' risks is no longer seen as central to the risk assessment... In this I think I agree with them.  Far too often, the use of a numerical matrices - assigning apparently objective numerical values to an inherently subjective judgement - results in the numbers carrying more weight than the opinion.  And since human nature dictates that many people will have a subjective opinion of just how bad a risk is, the rating values are routinely assigned to produce the result which the assessor feels is appropriate.  The move away from assigning quasi-mathematical rating systems allows the assessor to apply his/her honest and educated judgement. Fundamentally that is all that risk assessments are - the application of experience and knowledge to decide if the current situation is 'safe' and if not, is it 'safe enough' or does more need to be done. 

It is clearly facile to suggest that severity (potential consequence) should not be considered when assessing a risk.  Without such consideration, the risk of minor bruising faced by hundreds of people every day - is likely to be seen as a greater priority than the risk of accidental ignition of explosives that may wipe out the facility but could only happen once every hundred years... The frequency (likelihood / exposure / duration) of any hazard is imporant, but so too is the potential severity (consequence, outcome....).   

On the subject of 'one size fits all' consultancies - I have worked for two of them.  I felt morally and ethically compromised by a lot of the stuff I was employed to do for clients (and didn't last long with either of the jobs...).  The product is packaged and sold by sales people with little or no knowledge or understanding of health and safety, or of the client business.  All too often this results in the packaged services being unsuitable for the client.  The consultancy contract lawyers are well experienced in handling clients once the penny drops, but there are ways to break free.  Perhaps the easiest - as you have suggested - is to make more use of the services than the salesman envisaged.  If you become an unprofitable client because the consultants are spending more time and effort with you than was priced into the original contract, then the consultancy may be very happy to say goodbye.  It may be difficult to prove that the service offered is not 'fit for purpose' unless you can demonstrate very clearly (and with sufficient 'gravitas' or expert support) how it is failing.  The consultancies are generally well experienced in dealing with 'unhappy' customers, and may not willingly let go unless it becomes clear that holding on is damaging their interests as well as your own.

An arbitrary word count limit on describing anything in a database or spreadsheet is driven by old school IT systems rather than any pragmatic appraisal of what is required... The problem is that the limits remain even though no longer required or appropriate.  Computer Memory was simply too expensive so limits were applied.  These seem to have stuck even though most PCs can now store and process information orders of magnitude larger than those we were saddled with fifteen years ago... I am long enough in the tooth to recall designing a chem labelling manual that had to be partially read from one 7inch floppy, edited, then written immediately to another floppy to save the changes before opening the next partial segment.  The whole file ran to around 200kB - but that was over three times the space available in computer memory...  All the entries were heavily abbreviated! 

Rereading my post I realised that perhaps I should have mentioned when referring to dimethyl mercury, that around 1mg on the skin, if not removed instantly, can cause brain damage leading to death, as was the case with Prof. Wetterhahn.

Chris

Edited by user 21 August 2018 15:52:45(UTC)  | Reason: Not specified