Phone
TESTIMONIALS

Risk Management and Risk Assessment Policy

Risk Management and Risk Assessment Policy


1.    Risk policy, scope and definitions
2.    Scope and relationship to other policies
3.    Definitions
4.    Principles
5.    Responsibilities
6.    Risk Identification
7.    Risk evaluation and escalation
8.    Control implementation and monitoring
9.    Recording incidents
10.  External events
11.  Contractors
12.  Review
13.  Related documents
14.  Risk register

Appendix A: Training

1. Risk policy, scope and definitions
This policy sets out how Ashbourne identifies, assesses, controls, records, reviews, and escalates risk in order to safeguard students, protect staff, and maintain a safe and compliant learning environment. It applies to safeguarding, health and safety, premises, educational visits, online safety, and operational risks.

Each material risk has a named risk owner (role), responsible for maintaining the risk assessment, ensuring controls operate, monitoring effectiveness, and escalating where thresholds are exceeded. For example, the Head of Administration manages the risk of safer recruitment of all staff employed by the college, in particular the detail required by the Single Central Register. The DSL oversees, assesses, records and monitors all safeguarding risks pertaining to staff or students.

Risk owners must be competent to discharge their responsibilities and will receive role-appropriate training and updates at intervals appropriate to the risk area (at least annually where guidance or risk profile changes frequently, and at least biennially where specialist training is required). Training compliance is recorded centrally and reviewed by SLT. They are also responsible for keeping up to date with current guidance and legislation and benefit from annual reviews or risk related to their department.

Occasionally as in the case of fire risk or asbestos risk, we will employ specialist professionals to advise on risk and mitigation of risk. Where specialist risk is identified (e.g. fire safety, asbestos, legionella, structural works, complex safeguarding/online safety issues), the College will commission competent external advice. Recommendations and remedial actions are recorded, assigned to an owner, and tracked to completion.

Accidents, near misses, and relevant incident trends are reviewed termly (and immediately following any serious incident) to identify themes, strengthen controls, and update risk assessments and the risk register.

Each senior staff is trained in risk assessment and evaluate each risk identified according to likelihood of occurrence (A) and impact of occurrence (B).

Risks are evaluated using two qualitative descriptors:

  1. Impact (Severity): Minor / Moderate / Severe
  2. Likelihood (Exposure) (how often it could arise in our context): Low / Medium / High

Overall rating and escalation:

  • RED: Severe impact (regardless of exposure), or Moderate impact with High likelihood – escalate to SLT; activity paused or additional controls required until risk is reduced or formally accepted by the Principal/SLT (as appropriate).
  • AMBER: Moderate impact with Low/Medium likelihood, or Minor impact with High likelihood – manage and record; line manager review; actions tracked.
  • GREEN: Minor impact with Low/Medium exposure – manage locally and record where appropriate; routine review.


Controlling risks is managed daily, weekly and yearly. For example, all teachers are trained to refuse a student’s entry to class unless wearing a lanyard. We organise weekly testing of emergency lights and PAT tests are scheduled annually. Controls are monitored through routine checks (daily/weekly/termly/annual), supervision, audits, and incident review. Where a control fails or is bypassed, the risk owner must record the failure, take corrective action, and consider whether escalation is required.

(Back to menu)

2. Scope and relationship to other policies
Risk assessment is embedded across the College’s policy framework. Each operational policy and procedure must, where relevant:

  1. identify the key risks within its scope;
  2. state the controls in place to prevent, detect and respond; and
  3. specify escalation routes, recording requirements and review triggers.

Policy owners must review the risks and controls within their area at least annually and following any serious incident, near miss, safeguarding concern or material change in circumstances.

This policy should be read alongside the College’s key high-risk frameworks – safeguarding/child protection, online safety (filtering and monitoring), educational visits/off-site activities, and health & safety/fire safety – which are subject to enhanced oversight due to their safeguarding, legal and operational criticality.

Risk management extends to both on-site and off-site activities and includes dynamic risk assessment where circumstances change.

The scope spans the following areas:

  1. Health and safety, including fire safety
  2. Premises, site security and visitor management
  3. Safeguarding, child protection and student welfare (including peer-on-peer abuse)
  4. Online safety, cyber security and information governance (including data protection)
  5. Educational visits and off-site activities
  6. Compliance, governance and operational resilience, including UKVI sponsorship duties (where applicable) and critical incident/business continuity arrangements
  7. Reputational risk


The College maintains activity-level risk assessments.

(Back to menu)

3. Definitions
Risk: an event or circumstance (including hazards and behaviours) that could cause harm to a student, staff member, visitor, or the College, including physical, psychological, safeguarding, online, legal/compliance, operational, and reputational harm.
Hazard: something with the potential to cause harm (e.g. chemicals, unsafe access, unsuitable adult).
Control / mitigation: measures that reduce likelihood and/or impact.
Risk register: a list, and analysis, of all risks including: the risk identified, policy area, rating according to probability and impact, controls, the risk owner, and review date.

(Back to menu)

4. Principles
The College will:

  • maintain a strong safeguarding culture where concerns are raised early and acted upon;
  • apply proportionate controls using a hierarchy of controls (eliminate. substitute, engineer, administrative, PPE);
  • ensure decisions are evidence-based and properly documented;
  • assign clear accountability for risk ownership and action tracking;
  • review risk in response to incidents, trends and changes in circumstances.

Each material risk has a named risk owner (role) who is responsible for ensuring that the risks within their area are identified, assessed and controlled. Risk owners must:

  • review the adequacy of existing controls and ensure they are implemented and operating as intended;
  • identify emerging risks and changes in circumstances, and update risk assessments and related procedures accordingly;
  • maintain appropriate records/evidence of controls, checks and actions; and
  • escalate promptly to SLT (and to the DSL where safeguarding is implicated) where risk is judged high, controls are not operating effectively, or additional resources/decisions are required.

Risk owners must be familiar with the relevant statutory and regulatory guidance for their area and know the appropriate points of contact and escalation routes (internal and external) to obtain advice and/or make referrals where required. (For example: DSL, LA, UKVI, HSE, Fire Authority, ICO, etc.)

Risk assessments are reviewed at least annually and sooner where triggered by a serious incident, near miss, safeguarding concern, significant change in activity/premises/cohort, or updated statutory guidance.

(Back to menu)

5. Responsibilities
5.1 Proprietor

  • Holds strategic oversight of risk management and receives termly reporting on key risks and control effectiveness.

5.2 Principal

  • Accountable for the risk management framework, ensuring it is implemented and monitored.
  • Approves risk appetite thresholds and escalation requirements.
  • Ensures safeguarding and H&S governance is effective and appropriately resourced.

5.3 Compliance and Data Protection Lead

  • Maintains this policy, templates, and the review/audit schedule.
  • Coordinates the College Risk Register and termly assurance reporting.
  • Owns information security, filtering/monitoring (where used), and data protection controls relevant to risk.

5.4 Designated Safeguarding Lead (DSL)

  • Owns safeguarding risk assessment arrangements, including online safety and contextual safeguarding.
  • Ensures safeguarding concerns/thresholds and referrals are managed in line with statutory guidance and local procedures.

5.5 Health & Safety and Infrastructure (Premises/IT) Lead

  • Owns premises and H&S risk assessments (fire, contractors, maintenance regimes, statutory testing schedules).
  • Owns information security, filtering/monitoring (where used), and data protection controls relevant to risk.
  • Assists DSL with filtering and monitoring

5.6 All staff

  • Must follow risk controls, report hazards/concerns promptly, and support a culture of vigilance and early escalation.
  • Produce and maintain activity-level risk assessments within their remit.

(Back to menu)

6. Risk identification
Risks are identified through a combination of:

  • policy and procedure review, ensuring that each policy area records key risks, controls, escalation routes and review triggers;
  • incident intelligence, including safeguarding concerns and trends, accidents, near misses, behavioural incidents, complaints, and any significant operational disruptions;
  • assurance activity, including site inspections, audits, statutory testing, and reviews of contractor works where relevant;
  • information governance monitoring, including data protection incidents/near misses, cyber security events and IT service alerts; and
  • changes in circumstances, including changes to the student cohort (including vulnerabilities), staffing, premises, systems, or external guidance.

Additional guidance will be obtained as required from relevant regulators and agencies (and through internal specialist leads), and significant new risks are recorded on the appropriate risk assessment and/or the College risk register.

Risk identification outputs are reviewed at least annually and sooner where triggered by a serious incident, near miss, safeguarding concern, significant change in circumstances, or updated statutory guidance.

(Back to menu)

7. Risk evaluation and escalation (principle and method)
The assessment of risk is a matter of precaution and professional judgement. Where a risk has the potential to cause severe harm (including life safety or serious safeguarding harm), the College applies a precautionary approach: it is treated as RED and escalated without delay. If in doubt, staff must escalate to the relevant line manager or a member of SLT (and to the DSL where safeguarding is implicated).

Risks are evaluated using two qualitative descriptors:

  1. Impact (Severity): Minor / Moderate / Severe
  2. Likelihood (Exposure) (how often it could arise in our context): Low / Medium / High

Overall rating and escalation:

  • RED: Severe impact (regardless of exposure), or Moderate impact with High likelihood – escalate to SLT; activity paused or additional controls required until risk is reduced or formally accepted by the Principal/SLT (as appropriate).
  • AMBER: Moderate impact with Low/Medium likelihood, or Minor impact with High likelihood – manage and record; line manager review; actions tracked.
  • GREEN: Minor impact with Low/Medium exposure – manage locally and record where appropriate; routine review.

(Back to menu)

8. Control implementation and monitoring
Controls are implemented and monitored through:

  • supervision and duty rotas; access control; visitor management; staff conduct expectations;
  • training compliance; induction; periodic refreshers;
  • site checks, statutory testing schedules, maintenance logs;
  • IT controls, acceptable use rules, incident response procedures;
  • audits and spot checks; termly review of key controls.


Where a control fails or is bypassed, the risk owner must record the issue, apply corrective action, and re-assess/escalate as needed.

(Back to menu)

9. Recording incidents, accidents and safeguarding concerns
All incidents, accidents and near-misses are recorded promptly. Health and safety incidents and near-misses are recorded in the College’s health and safety incident log. Safeguarding concerns are recorded separately in the College’s safeguarding recording system and are accessible only to the DSL/DDSLs and authorised staff.

Serious incidents and any matter indicating a potentially significant risk are escalated without delay to SLT (and to the DSL where safeguarding is implicated). Records are reviewed termly to identify themes and required actions, and an annual review is undertaken to capture learning and update controls, risk assessments and the risk register.

(Back to menu)

10. External events, trips and outings
The College undertakes a range of external activities throughout the year, including hiring external venues (e.g. examination hall, performances), organising local educational visits (e.g. museums, galleries, theatre), and periodic residential or overseas travel.

For all external venues and off-site activities, the College will ensure that arrangements are suitably risk assessed and approved in advance. This includes:

  • confirmation that the venue has appropriate premises safety arrangements (including fire safety/evacuation procedures) and suitable insurance;
  • an activity-specific risk assessment covering travel and supervision, safeguarding considerations, medical needs, emergency arrangements and communication; and
  • designation of a visit/event lead responsible for head counts, supervision, and implementing the emergency plan.


Where venues provide staff (e.g. ushers, technicians, security), those staff remain under the direction of the venue, but the safety and supervision of students remains the responsibility of the College. Students will be supervised at all times by accompanying College staff, and any safeguarding concern will be escalated without delay to the DSL (or deputy) in line with College procedures.

The Director of Studies has overall responsibility for risk management of external events.

(Back to menu)

11. Contractors
All contractors working on site must sign in and out, comply with college site rules, and complete a contractor induction (including fire arrangements and safeguarding boundaries). Contractors must not have unsupervised contact with students and will be appropriately supervised when working in areas accessible to students.

Before works commence, the college will obtain and review proportionate evidence of contractor suitability, including (as appropriate): confirmation of competence, public liability insurance, and relevant risk assessments and method statements (RAMS). Higher-risk works (e.g. hot works, work at height, significant electrical works) require specific controls and authorisation, including permits-to-work where applicable.

Records of contractor induction, approvals, RAMS and any permits-to-work are retained by the Premises & IT Manager.

12. Review and assurance
This policy is reviewed annually and after: serious incidents, significant changes (premises, systems, cohort), or updates to statutory guidance. Governance receives termly reporting on key risks, actions and assurance evidence.

(Back to menu)

13. Related documents
Each operational policy must, where relevant, identify key risks, controls, escalation routes, record-keeping requirements and review triggers.

 

Authorised by The Principal
Date September 2025
Effective date of the policy September 2025
Circulation Teaching staff / all staff / parents / students on request
Review date September 2026

(Back to menu)

 
Appendix A: Training 

Requirement Responsible staff Participants Frequency
Safeguarding induction DSL All staff On appointment
Safeguarding update DSL All staff Annual, half-termly
DSL, DDSL DSL DSL, DDSL Every 2 years, annual update
Prevent DSL All staff Induction, annual update
Online safety / filtering and monitoring DSL, Facilities & IT Manager All staff Induction, annual refresh
GDPR Compliance lead All staff Induction, annual refresh
Cyber security basics Facilities & IT Manager All staff Induction, annual refresh
Fire drills Facilities & IT Manager All staff and students Termly
Lockdown SLT, Facilities & IT Manager All staff Annual practice, refresh
First aid competence (EFAW) Facilities & IT Manager Designated first aiders Every 3 years, Annual refresh
First aid competence (FAW) Facilities & IT Manager Designated first aiders Every 3 years, Annual refresh
AED Facilities & IT Manager Designated first aiders; broader staff awareness recommended Annual refresh
Anaphylaxis & asthma Facilities & IT Manager, DSL All staff Annual
Safer recruitment Compliance lead, Head of Admin Recruitment staff Every 3 years
Visitor & premises security Facilities & IT Manager Reception staff Induction, annual refresh
Educational visits DoS/Activities Officer Trip leaders Pre-trip briefing
Behaviour management Head of Sixth Form/DSL Personal tutors Induction, annual refresh
Exam administration DoS, Exams Officer, Head of Admin Invigilators, exam staff Annual
Access arrangements DoS, Exams SENCO SENCO Annual refresh
Contractors & site safety Facilities & IT Manager Facilities & IT Manager 2 yearly
Lab safety Facilities & IT Manager Science teachers Induction, annual refresh

 

(Back to menu)

Menu ☰