Risk Management and Risk Assessment Policy
1. Risk policy, scope and definitions
2. Scope and relationship to other policies
3. Definitions
4. Principles
5. Responsibilities
6. Risk Identification
7. Risk evaluation and escalation
8. Control implementation and monitoring
9. Recording incidents
10. External events
11. Contractors
12. Review
13. Related documents
14. Risk register
Appendix A: Training
1. Risk policy, scope and definitions
This policy sets out how Ashbourne identifies, assesses, controls, records, reviews, and escalates risk in order to safeguard students, protect staff, and maintain a safe and compliant learning environment. It applies to safeguarding, health and safety, premises, educational visits, online safety, and operational risks.
Each material risk has a named risk owner (role), responsible for maintaining the risk assessment, ensuring controls operate, monitoring effectiveness, and escalating where thresholds are exceeded. For example, the Head of Administration manages the risk of safer recruitment of all staff employed by the college, in particular the detail required by the Single Central Register. The DSL oversees, assesses, records and monitors all safeguarding risks pertaining to staff or students.
Risk owners must be competent to discharge their responsibilities and will receive role-appropriate training and updates at intervals appropriate to the risk area (at least annually where guidance or risk profile changes frequently, and at least biennially where specialist training is required). Training compliance is recorded centrally and reviewed by SLT. They are also responsible for keeping up to date with current guidance and legislation and benefit from annual reviews or risk related to their department.
Occasionally as in the case of fire risk or asbestos risk, we will employ specialist professionals to advise on risk and mitigation of risk. Where specialist risk is identified (e.g. fire safety, asbestos, legionella, structural works, complex safeguarding/online safety issues), the College will commission competent external advice. Recommendations and remedial actions are recorded, assigned to an owner, and tracked to completion.
Accidents, near misses, and relevant incident trends are reviewed termly (and immediately following any serious incident) to identify themes, strengthen controls, and update risk assessments and the risk register.
Each senior staff is trained in risk assessment and evaluate each risk identified according to likelihood of occurrence (A) and impact of occurrence (B).
Risks are evaluated using two qualitative descriptors:
Overall rating and escalation:
Controlling risks is managed daily, weekly and yearly. For example, all teachers are trained to refuse a student’s entry to class unless wearing a lanyard. We organise weekly testing of emergency lights and PAT tests are scheduled annually. Controls are monitored through routine checks (daily/weekly/termly/annual), supervision, audits, and incident review. Where a control fails or is bypassed, the risk owner must record the failure, take corrective action, and consider whether escalation is required.
2. Scope and relationship to other policies
Risk assessment is embedded across the College’s policy framework. Each operational policy and procedure must, where relevant:
Policy owners must review the risks and controls within their area at least annually and following any serious incident, near miss, safeguarding concern or material change in circumstances.
This policy should be read alongside the College’s key high-risk frameworks – safeguarding/child protection, online safety (filtering and monitoring), educational visits/off-site activities, and health & safety/fire safety – which are subject to enhanced oversight due to their safeguarding, legal and operational criticality.
Risk management extends to both on-site and off-site activities and includes dynamic risk assessment where circumstances change.
The scope spans the following areas:
The College maintains activity-level risk assessments.
3. Definitions
Risk: an event or circumstance (including hazards and behaviours) that could cause harm to a student, staff member, visitor, or the College, including physical, psychological, safeguarding, online, legal/compliance, operational, and reputational harm.
Hazard: something with the potential to cause harm (e.g. chemicals, unsafe access, unsuitable adult).
Control / mitigation: measures that reduce likelihood and/or impact.
Risk register: a list, and analysis, of all risks including: the risk identified, policy area, rating according to probability and impact, controls, the risk owner, and review date.
4. Principles
The College will:
Each material risk has a named risk owner (role) who is responsible for ensuring that the risks within their area are identified, assessed and controlled. Risk owners must:
Risk owners must be familiar with the relevant statutory and regulatory guidance for their area and know the appropriate points of contact and escalation routes (internal and external) to obtain advice and/or make referrals where required. (For example: DSL, LA, UKVI, HSE, Fire Authority, ICO, etc.)
Risk assessments are reviewed at least annually and sooner where triggered by a serious incident, near miss, safeguarding concern, significant change in activity/premises/cohort, or updated statutory guidance.
5. Responsibilities
5.1 Proprietor
5.2 Principal
5.3 Compliance and Data Protection Lead
5.4 Designated Safeguarding Lead (DSL)
5.5 Health & Safety and Infrastructure (Premises/IT) Lead
5.6 All staff
6. Risk identification
Risks are identified through a combination of:
Additional guidance will be obtained as required from relevant regulators and agencies (and through internal specialist leads), and significant new risks are recorded on the appropriate risk assessment and/or the College risk register.
Risk identification outputs are reviewed at least annually and sooner where triggered by a serious incident, near miss, safeguarding concern, significant change in circumstances, or updated statutory guidance.
7. Risk evaluation and escalation (principle and method)
The assessment of risk is a matter of precaution and professional judgement. Where a risk has the potential to cause severe harm (including life safety or serious safeguarding harm), the College applies a precautionary approach: it is treated as RED and escalated without delay. If in doubt, staff must escalate to the relevant line manager or a member of SLT (and to the DSL where safeguarding is implicated).
Risks are evaluated using two qualitative descriptors:
Overall rating and escalation:
8. Control implementation and monitoring
Controls are implemented and monitored through:
Where a control fails or is bypassed, the risk owner must record the issue, apply corrective action, and re-assess/escalate as needed.
9. Recording incidents, accidents and safeguarding concerns
All incidents, accidents and near-misses are recorded promptly. Health and safety incidents and near-misses are recorded in the College’s health and safety incident log. Safeguarding concerns are recorded separately in the College’s safeguarding recording system and are accessible only to the DSL/DDSLs and authorised staff.
Serious incidents and any matter indicating a potentially significant risk are escalated without delay to SLT (and to the DSL where safeguarding is implicated). Records are reviewed termly to identify themes and required actions, and an annual review is undertaken to capture learning and update controls, risk assessments and the risk register.
10. External events, trips and outings
The College undertakes a range of external activities throughout the year, including hiring external venues (e.g. examination hall, performances), organising local educational visits (e.g. museums, galleries, theatre), and periodic residential or overseas travel.
For all external venues and off-site activities, the College will ensure that arrangements are suitably risk assessed and approved in advance. This includes:
Where venues provide staff (e.g. ushers, technicians, security), those staff remain under the direction of the venue, but the safety and supervision of students remains the responsibility of the College. Students will be supervised at all times by accompanying College staff, and any safeguarding concern will be escalated without delay to the DSL (or deputy) in line with College procedures.
The Director of Studies has overall responsibility for risk management of external events.
11. Contractors
All contractors working on site must sign in and out, comply with college site rules, and complete a contractor induction (including fire arrangements and safeguarding boundaries). Contractors must not have unsupervised contact with students and will be appropriately supervised when working in areas accessible to students.
Before works commence, the college will obtain and review proportionate evidence of contractor suitability, including (as appropriate): confirmation of competence, public liability insurance, and relevant risk assessments and method statements (RAMS). Higher-risk works (e.g. hot works, work at height, significant electrical works) require specific controls and authorisation, including permits-to-work where applicable.
Records of contractor induction, approvals, RAMS and any permits-to-work are retained by the Premises & IT Manager.
12. Review and assurance
This policy is reviewed annually and after: serious incidents, significant changes (premises, systems, cohort), or updates to statutory guidance. Governance receives termly reporting on key risks, actions and assurance evidence.
13. Related documents
Each operational policy must, where relevant, identify key risks, controls, escalation routes, record-keeping requirements and review triggers.
Appendix A: Training