ISO 45001 Cl. 8.1 • HSE INDG226 — Risk assessment for CRGI’s virtual working model
Excel format for operational use — editable risk scores, additional hazards, print-ready
HPOL20 (Virtual Operations Policy) and HPOL21 (DSE Policy).| # | Activity / Process | Foreseeable Hazard | Who / What Affected | Existing Controls | C | L | R | Exposure | New Controls & Further Action | C | L | R | Exposure |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Home office workstation setup | Ergonomic risks from inadequate home furniture; unsuitable desk height, monitor position or chair support leading to musculoskeletal disorders | All CRGI staff working from home offices as their primary workplace | • DSE self-assessment (HFORM11) at induction • Workstation setup guide • Equipment loan available • Annual review |
3 | 4 | 12 | Moderate | • Photographic DSE assessment at induction and annually • CRGI-funded equipment where deficiency identified • Minimum specification: adjustable chair, separate keyboard/mouse, external monitor for CAD • Cross-reference RA003 for detailed DSE controls |
3 | 2 | 6 | Low |
| 2 | Use of engineering software from home | Eye strain and fatigue from extended use of AutoCAD, Revit, Navisworks and Recap on home setups; inadequate screen size or resolution for detailed engineering drawings | Staff performing CAD design, 3D modelling and point cloud processing from home | • Break reminders • 20-20-20 rule • Minimum screen size guidance • Software-specific ergonomic settings (dark mode, zoom levels) |
2 | 4 | 8 | Moderate | • Minimum 24” monitor (27” recommended for point cloud work) • Calibrated colour settings for design review • Maximum 4-hour intensive CAD block before mandatory 30-min break • Eye test entitlement communicated annually |
2 | 2 | 4 | Low |
| 3 | Technical collaboration on engineering designs | Miscommunication or design errors from virtual collaboration; version control issues; inability to physically review drawings together; time zone challenges with international clients | All CRGI staff collaborating on engineering projects; client-facing design reviews | • Teams/SharePoint for collaboration • Document control procedure (HPROC10) • Design review meetings • Version control in file naming |
4 | 3 | 12 | Moderate | • Mandatory use of BIM 360/ACC for multi-discipline projects • Design review checklist before client issue • Screen sharing for collaborative mark-up sessions • Document transmittal log for all client issues |
4 | 1 | 4 | Low |
| 4 | Home electrical safety | Electrical hazards from home wiring, overloaded circuits, lack of RCD protection; use of high-powered engineering workstations on domestic circuits | CRGI staff and household members; property; equipment | • Electrical safety guidance • Surge-protected power strips • PAT testing guidance for CRGI-provided equipment |
3 | 2 | 6 | Low | • RCD protection confirmation for home office circuit • Maximum power load calculation guidance for typical engineering workstation • Cross-reference RA004 for detailed fire/electrical controls |
3 | 1 | 3 | Very Low |
| 5 | Isolation and mental health in virtual model | Chronic social isolation from full-time virtual working; lack of in-person team interaction; difficulty separating work and personal life; increased stress from complex technical projects without physical team support | All CRGI staff; particularly new starters and those living alone | • Weekly team calls • Ops Manager check-ins • Open door policy • Wellbeing resources |
3 | 3 | 9 | Moderate | • Structured onboarding with daily check-ins for first month • Monthly whole-team virtual social • Annual face-to-face team event • Mental health first aid awareness • Encourage co-working spaces where appropriate • Cross-reference RA005 |
3 | 1 | 3 | Very Low |
| 6 | Data security in home environment | Sensitive client engineering data visible to household members; insecure home Wi-Fi networks; shared home computers accessing CRGI systems | Client intellectual property; CRGI business data; contractual confidentiality obligations | • CRGI devices only for client work • Home Wi-Fi security guidance (WPA3) • Screen lock policy • NDA in contractor agreements |
4 | 2 | 8 | Moderate | • Dedicated CRGI device — no shared family computers • Privacy screen recommendation for shared spaces • Quarterly security awareness refresher • Cross-reference RA002 for detailed data security controls |
4 | 1 | 4 | Low |
| Likelihood ↓ / Consequence → | 1 Negligible | 2 Minor | 3 Moderate | 4 Major | 5 Catastrophic |
|---|---|---|---|---|---|
| 5 Almost Certain | 5 | 10 | 15 | 20 | 25 |
| 4 Likely | 4 | 8 | 12 | 16 | 20 |
| 3 Possible | 3 | 6 | 9 | 12 | 15 |
| 2 Unlikely | 2 | 4 | 6 | 8 | 10 |
| 1 Rare | 1 | 2 | 3 | 4 | 5 |
HPROC01 (Risk Assessment Procedure): any hazard scoring High (13–16) or Very High (17–25) after existing controls must be escalated to the CEO for formal risk acceptance before work proceeds. All residual risks are recorded in HREG01 (Risk & Opportunity Register). OH&S hazards feed into HREG03 (Hazard Register) and environmental aspects into HREG02 (Environmental Aspects Register).
HFORM20 (Risk Assessment Acknowledgment Form) and tracked in HREG06 (Training & Competency Matrix).