“Suitable and sufficient” workplace risk assessments for UK employers — fire, COSHH, manual handling, DSE and task-based — plus the ongoing risk management to keep them live. Delivered by CMIOSH consultants. Since 1984.
A risk assessment is a careful look at what, in your workplace, could cause harm — so you can decide whether you have done enough to prevent it. Under Regulation 3 of the Management of Health and Safety at Work Regulations 1999, every UK employer must make a “suitable and sufficient” assessment of the risks to employees and anyone else affected by the work. It applies whatever your size.
If you employ five or more people you must also record the significant findings. Smaller employers are not legally required to write it down, but doing so is sound practice and is routinely expected by insurers, clients and tender pre-qualification questionnaires.
Risk management is the layer on top: keeping assessments live as your sites, tasks and people change, tracking the actions they generate, and reviewing them when something material changes or an assessment is simply no longer valid. KeyOstas delivers both — one-off assessments and ongoing risk management — through CMIOSH consultants who make the register a working tool, not a file-and-forget document.
Regulation 3 of MHSWR 1999 requires every employer to make a suitable and sufficient assessment of the risks to the health and safety of employees and others. Employers with five or more employees must record the significant findings and any group of employees identified as especially at risk.
From the assessments the law requires to the management system that keeps them current — all delivered by CMIOSH-grade consultants.
Suitable-and-sufficient assessments of your premises, tasks and activities, written in plain English.
Fire, COSHH, manual handling, DSE, work at height and noise — the topic-specific assessments your operations need.
A live register that records hazards, controls and the actions outstanding — with owners and dates.
Scheduled reviews so assessments reflect how your sites and tasks actually operate today, not last year.
We test existing controls against the hierarchy of control and identify where they fall short of what is reasonably practicable.
Practical support so your own managers can maintain and extend the assessments between consultant visits.
Four reasons UK employers trust KeyOstas with risk assessment and ongoing risk management.
Five CMIOSH-grade consultants — Chartered Members of IOSH, the highest grade IOSH awards. Most one-person UK consultancies hold no Chartered grade at all.
Our lead consultant is listed on the Occupational Safety and Health Consultants Register — the cross-body register endorsed by HSE, IOSH and IEMA. Verify us directly on OSHCR.
No junior account managers, no offshored advice lines. The Chartered consultant who scopes your engagement on the free call is the consultant who delivers it.
Findings closed, not just listed. Documents your team will actually use. The benchmark is whether this made your business safer.
From first call to delivery, the Chartered consultant you meet is the consultant who does the work — no handoffs, no junior advisors.
Talk to a Chartered consultant. We map your current state, your regulatory exposure and your priorities. No obligation, no pitch.
Written scope, deliverables, the named consultant who will lead, and a fixed fee or retainer rate — in your inbox within one working day.
Site work, documentation and ongoing competent-person support if you need it. The consultant who scoped the work is the consultant who delivers it.
A one-off set of risk assessments is fixed-scope project work; ongoing risk management sits inside a retained advisory package.
A fixed-scope set of workplace risk assessments — general and specialist — with a risk register and action plan. Written proposal within 24 hours of the scoping call.
Ongoing risk management — scheduled reviews, action tracking and competent-person support — built into a retained package. Silver tier and above include Competent Person nomination.
The questions UK buyers ask us most about this service. Tap any to expand.
Yes. Regulation 3 of the Management of Health and Safety at Work Regulations 1999 requires every employer, regardless of size, to make a “suitable and sufficient” assessment of the risks to employees and anyone else affected by the work.
If you employ five or more people you must record the significant findings of your risk assessment. If you have fewer than five employees you are not legally required to write it down — but doing so is good practice and is usually expected by insurers, clients and tender pre-qualification questionnaires.
Identify the hazards; decide who might be harmed and how; evaluate the risks and decide on controls; record your significant findings; and review the assessment regularly, updating it when anything changes.
A competent person — someone with sufficient training, knowledge and experience for the hazards involved. For complex or higher-risk activities that usually means a qualified H&S professional; KeyOstas assessments are delivered by CMIOSH (Chartered) consultants.
A hazard is anything with the potential to cause harm — a chemical, a height, a moving vehicle. A risk is the likelihood that the hazard will actually cause harm, combined with how serious that harm could be. A risk assessment evaluates the risk and decides whether controls are adequate.
Whenever it may no longer be valid — after a significant change to premises, equipment, processes or people, after an incident or near miss, or when new information or legislation emerges. Many organisations also set a routine annual review as a backstop.
Services and courses UK employers most often combine with this one.
Free 20-minute scoping call. Written proposal and fixed fee within 24 hours. CMIOSH consultants, UK-wide.
Book a scoping call →