Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error
Safe System Of Work Vs Risk Assessment
Options
Go to last post Go to first unread
Previous Topic Next Topic
LaserSafetyGuy  
#1 Posted : 15 September 2025 15:17:59(UTC)
Rank: New forum user
LaserSafetyGuy

I'm relatively new to the H&S world and was just wondering if a SSoW and RA are basically the same thing? I have been asked to review my companies current RA's and see if we have any gaps and just wondered if we could be caught out by not having SSoW to compliment the RA's?

Thanks
Back to top
stevedm  
#2 Posted : 15 September 2025 15:30:03(UTC)
Rank: Super forum user
stevedm

They are closely related but not the same thing...

Risk Assessment (RA)

  • What it is: A formal process to identify hazards, evaluate risks, and determine control measures.
  • Focus: It’s about understanding the risks and deciding what controls are necessary.
  • Output: A documented assessment (often with a risk matrix) listing hazards, who may be harmed, existing controls, and any additional controls required.
  • Legal basis: Required under the Management of Health and Safety at Work Regulations 1999 in the UK.

Safe System of Work (SSoW)

  • What it is: A documented method of carrying out a task safely, using the controls identified in the RA.
  • Focus: It’s about doing the work safely in practice.
  • Output: Usually a procedure, method statement, or set of instructions (sometimes linked to training).
  • Legal basis: Required under the Health and Safety at Work Act 1974 and regs like PUWER, LOLER, COSHH etc., which require safe working methods.

How they fit together

  • The RA comes first: you assess the hazards and risks.
  • The SSoW comes second: you describe how the work must actually be done safely, based on the RA’s findings.

Think of it like this:

  • RA = What could go wrong and how to control it.
  • SSoW = Step-by-step instructions to make sure the controls are actually applied.

Could you be caught out without SSoWs?

Yes, potentially. If you only have RAs, you may not be demonstrating that workers have clear, practical instructions for carrying out the job safely. Inspectors (HSE, auditors, etc.) often expect to see both:

  • The RA to show you’ve considered the risks.
  • The SSoW (or method statement, SOP, permit-to-work, etc.) to show how the job is actually done safely.
Back to top
thanks 2 users thanked stevedm for this useful post.
peter gotch on 17/09/2025(UTC), Connor35037 on 17/09/2025(UTC)
A Kurdziel  
#3 Posted : 15 September 2025 15:42:05(UTC)
Rank: Super forum user
A Kurdziel

No they are not but they can be combined as a RAMS(Risk Assessment Method Statement)

A risk assessment is NOT a document. It is a process that that you carry out to establish if a work procedure or process is being carried it in a safe way, so far as reasonably practical. You need by law to carry out this process but you only need to record ie write down the findings of this process ie what controls you will be applying.

The expression a Safe System of Work comes for an old court case (Clyde vs Wilson) which established that an employer was    responsible for the safety of their employees and that they needed to create the  Safe System of Work to ensure their safety. The court case did not  specify the process(ie risk assessment)  that they need to follow to create the Safe System of Work .

So, in most situations what practically happens is that you decide on a process or procedure. You describe the process or procedure in a document which you can call the Safe System of Work, SOP(Standard Operating procedure) or Method Statement. There is no legal requirement to produce this written document but it is difficult to see how you can do the risk assessment, without defining what you are risk assessing.  You then apply the risk assessment to the documented process or procedure, and you assesses if the controls are adequate .The findings of the risk assessment, which you must record,  will consist of deciding if the documented process/procedure is safe enough or if  you require additional controls.  You then have to communicate the findings  to the workforce typical.  I am not sure who might try to catch you out. The HSE d not go around “marking” risk assessments. They are interested in if the controls selected are adequate. That’s when you get into trouble when controls are not adequate and an accident happens.     
Back to top
thanks 3 users thanked A Kurdziel for this useful post.
stevedm on 16/09/2025(UTC), peter gotch on 17/09/2025(UTC), Connor35037 on 17/09/2025(UTC)
peter gotch  
#4 Posted : 17 September 2025 14:42:53(UTC)
Rank: Super forum user
peter gotch

Hi LaserSafetyGuy

If the regulator is HSE and they decide to prosecute the odds are that somewhere in the case there will be an accusation that the risk assessment was inadequate in some way even if they may not use the correct words "suitable and sufficient".

There may be a specific charge under Regulation 3 of the Management Regulations but even if there is at the start it might be dropped in a plea bargaining exercise and just form part of the prosecution case under e.g. Sections 2 and/or 3 of HSWA.

....and if the bone of contention between prosecution and defence is about what was or what wasn't "reaonably practicable" and the onus is on the defence to prove on the balance of the evidence that the defendant HAD done all that was reasonably practicable - see Section 40 of HSWA which sets out a "reverse burden of proof" - then the exact words used in the risk assessment documentation are unlikely to take centre stage.

One problem is that if the defendant elects to plead Guilty (even if they think they are only just guilty) it leaves space for HSE to then make pronouncements about the inadequacy of the risk assessment which may be entirely unfounded. [Been there on two occasions as an Expert Witness where in each "Joint Experts' Statement, i.e. one Prosecution and one Defence Expert, we had agreed that the risk assessment had been substantially sound]. 
Back to top
thanks 1 user thanked peter gotch for this useful post.
A Kurdziel on 18/09/2025(UTC)
A Kurdziel  
#5 Posted : 18 September 2025 08:28:10(UTC)
Rank: Super forum user
A Kurdziel

Sometimes I tell people that one of the issues with risk assessments is that WE the H&S professionals invented the idea of risk assessment as a way for US, to  establish if things were being done to eliminate risk so far as reasonably practicable. Then politicians, lawyers etc hi-jacked it and made it a legal requirement.  This has led the risk assessment to be a bone of contention to be used and abused, rather like the early gospels.  The main heresy that this promotes is that risk assessment is an end itself, with people being convinced that a properly sanctified risk assessment will protect you from prosecution.  The HSE understand the truth behind this and would never prosecute someone for simply having an unsuitable and insufficient risk assessment. It’s the controls and how they are applied that count, with the onus on the employer to demonstrate that they are doing everything reasonably practicable to ensure peoples’ H&S. that is what we invented risk assessment far.

…don’t get me started on the “risk assessments” that people were told to carry out in relation to Covid in the workplace: who ever came up with that idea should be burned at the stake for heresy.    
Back to top
thanks 1 user thanked A Kurdziel for this useful post.
peter gotch on 18/09/2025(UTC)
peter gotch  
#6 Posted : 18 September 2025 10:29:27(UTC)
Rank: Super forum user
peter gotch

Morning LaserSafetyGuy

I agree with AK entirely that the risk assessment (under whatever name or names people choose to give the documentation that results) has turned into a circus and has become an "end in itself".

That said I do think that it is an implicit requirement that a duty holder who does things that involve risk and who is required to manage those risks, usually to the extent that is "reasonably practicable" has to make an assessment - if not how could they demonstrate that they HAVE done what is appropriate to mitigate the risks to an adequate degree?

I NEVER thought we needed specific legislation such as that in Reg 3 of the Regs, let alone the multitude of similar specific requirements to assess different types of risk. 

This happened mostly as successive UK Governments were so terrified of introducing so called Red Tape that their solution to "transposing" various European Commision H&S Directives was to take each one and do a "copy out" of the words.

So, if the Directive on e.g. noise says "Assess the risk of harm from noise", then instead of some guidance from HSE to say "remember to consider noise in your risk assessment" we got a specific requirement in the Code of Regulations that transposed the relevant Directive to risk assess whatever risk that Directive related to.

Result - far too many people look at each task and conclude that they need to do perhaps five or six risk assessments, when ONE would often be much better and be much more likely to adequately address ALL the risks (and MITIGATIONS) as a package.

There are occasions when it IS sensible to look at e.g. the noise on its own, but not if the end result is some assessment that is done in splendid isolation from the broader view.
Back to top
thanks 1 user thanked peter gotch for this useful post.
A Kurdziel on 18/09/2025(UTC)
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2025, Yet Another Forum.NET