How Often Should a Risk Assessment Be Reviewed? | UK Guidance | Safety Clarity

What the law says about reviewing risk assessments

The Management of Health and Safety at Work Regulations 1999 require employers to carry out a suitable and sufficient risk assessment. Regulation 3(3) states that an employer who carries out a risk assessment shall review the assessment when there is reason to suspect that it is no longer valid or there has been a significant change in the matters to which it relates.

What the Regulations do not say is how often you must review as a matter of routine. There is no fixed statutory interval — no requirement to review every six months, or annually, or triennially. The review obligation is triggered by circumstances, not by the calendar.

This does not mean you can carry out a risk assessment once and never look at it again. The frequency of review should be proportionate to the nature of the risks, the rate of change in the workplace, and the likelihood that conditions have changed since the last assessment.

The triggers for review — what must prompt a reassessment?

Reason to suspect the assessment is no longer valid

The risk assessment may no longer be valid if:

An accident or near-miss occurs that the risk assessment did not anticipate
A new hazard is identified that was not included in the original assessment
New scientific or technical knowledge emerges that changes the understanding of a known hazard
Legal changes mean that the existing controls no longer meet the required standard
Employee health surveillance data suggests the controls are not working effectively

Significant change in the matters to which the assessment relates

A significant change might include:

Changes to the workplace: Refurbishment, new machinery or equipment, relocation to new premises, changes to layout
Changes to work activities: New processes, new products or chemicals, new methods of working
Changes to the workforce: Significant increase or decrease in staff, employment of young workers, a pregnant employee, increased use of contractors, introduction of shift work
Changes to legislation or guidance: New regulations, updated HSE guidance, or new Approved Codes of Practice
Passage of time: Even in the absence of any obvious change, a risk assessment that has not been reviewed for a long time is more likely to have drifted from current reality

Why many organisations review annually

In the absence of a statutory interval, annual review has become widely accepted as a reasonable default for most workplaces. This convention is supported by HSE guidance and reflected in many employers liability insurance policies, which often require evidence that risk assessments are kept up to date.

Annual review also ensures that any incremental changes — individually minor but collectively significant — are caught. Workplaces change gradually: staff come and go, equipment ages and is replaced, working practices evolve informally. An annual review provides the structured opportunity to check that the risk assessment still reflects reality.

For higher-risk environments — construction, manufacturing, chemical handling — more frequent review may be appropriate. For lower-risk environments — a standard office, a small retail unit — annual may be more than sufficient if nothing has changed.

Already thinking about your risk assessment document?

Our AI Risk Assessment Assistant produces a professionally structured, editable Word document in minutes — tailored to your specific activity and sector. Free preview before you pay, full document from £4.99.

Try the Risk Assessment Assistant free →

What should a review actually involve?

A review is not always a complete rewrite. It is an assessment of whether the existing document remains suitable and sufficient. A good review process involves:

Walk the workplace — physically check that conditions match what the risk assessment describes
Consult the workforce — ask the people doing the work whether anything has changed, whether any controls are difficult to apply in practice, and whether they have noticed any new hazards
Check the controls are still in place — documented controls that are not actually being implemented are worse than useless; they give a false impression of safety
Review accident and near-miss records — incidents since the last review may reveal gaps in the assessment
Update where necessary — amend the assessment to reflect any changes found
Sign and date the review — document that a review was carried out, by whom, and what conclusions were reached

When no change is found

If the review concludes that nothing significant has changed and the existing controls remain adequate, the appropriate action is to document that the review was carried out and confirm that the assessment remains valid. This is not a failure — it is the expected outcome for a stable, well-managed workplace. The record of review is itself evidence of compliance.

Specific sector requirements for risk assessment review

Some regulations specify review intervals for specific types of assessment:

COSHH assessments: The HSE guidance recommends at least every five years for routine assessments, but more frequently for high-risk substances or when significant changes occur
DSE assessments: Should be reviewed when a user reports discomfort or there are significant workstation changes
Individual resident moving and handling assessments (care sector): Should be reviewed with each formal care review and when a resident's condition changes
Fire risk assessments: Must be reviewed regularly and specifically when there is reason to suspect the assessment is no longer valid
Construction Phase Plans (CDM 2015): Should be reviewed and updated as the project develops and risks change

Practical tips for keeping risk assessments current

Set a calendar reminder for the annual review date — do not rely on someone remembering
Build review into your management system so that it happens alongside other periodic checks (fire alarm tests, equipment inspections)
Make the review the responsibility of a named person, not just a general management duty
Create a simple change log so that updates between formal reviews are captured
Ensure the most recent version is accessible to the people who need it — an outdated printed copy in a filing cabinet is not adequate

What happens if a risk assessment is out of date when an accident occurs?

If an employee is injured and the risk assessment has not been reviewed for several years, or has not been updated to reflect a change in working conditions directly relevant to the accident, this will be a significant factor in any HSE investigation and civil claim. The employer will need to demonstrate either that the risk assessment was still valid despite the time elapsed, or that there was no obligation to review because nothing had changed. Having a demonstrably current risk assessment is always a stronger legal and reputational position.

Frequently asked questions about risk assessment review

Is there a legal requirement to review a risk assessment every year?

No. The Management Regulations do not specify an interval. The requirement is to review when there is reason to suspect the assessment is no longer valid or there has been a significant change. Annual review is widely accepted good practice and is expected by many insurers and clients, but it is not a statutory requirement for all workplaces.

Does the review have to be carried out by the same person who did the original assessment?

No. It must be carried out by a competent person — someone with sufficient knowledge, training, and experience. This does not need to be the original assessor.

What is the difference between reviewing a risk assessment and doing a new one?

A review checks whether the existing assessment remains adequate. A new assessment starts from scratch. If the workplace has changed substantially — new activities, major refurbishment, entirely new workforce — it may be more appropriate to produce a new assessment than to try to amend one that no longer reflects reality.

Can I do a risk assessment review myself, or do I need a consultant?

For most workplaces, a review can be carried out internally by someone with sufficient knowledge of the workplace and basic health and safety competence. The HSE explicitly states that for simple, low-risk workplaces, the employer can carry out and review the risk assessment themselves using available guidance.

What records should I keep of a risk assessment review?

You should record: the date of the review, who carried it out, what was checked, whether any changes were made, and confirmation that the assessment remains (or has been updated to be) suitable and sufficient. A single signed and dated entry on the assessment itself confirming the review is often sufficient for a straightforward review with no changes.

Get your risk assessment document — from £4.99

Writing a risk assessment from scratch takes time, and a generic template rarely reflects what actually happens in your workplace. Our AI Risk Assessment Assistant makes it straightforward.

Answer a few questions about your workplace, your activity, and your sector. Within minutes you get a complete, professionally structured risk assessment document — ready to download, customise, and use.

Follows the HSE INDG163 5-step method — the exact structure HSE inspectors recognise and expect to see
Tailored to your workplace — not a generic template. The document reflects your specific activity, hazards, and sector
IOSH and NEBOSH-aligned format — suitable for insurance, contractor submissions, and audits
Editable Word document — download and customise with your own branding, logo, and specific details
Free preview before you pay — see the full document before committing. Full version from £4.99

Start your risk assessment now →