Skip to main content

Developed and maintained by the NFCC

Control measure

Risk management

Control measure knowledge

There is a legislative requirement for fire and rescue authorities to have effective arrangements for gathering risk information, and to make this readily available to personnel. These arrangements should include an effective audit and review system to ensure that the information remains current.

The risk management planning process identifies and manages risk through:

  • Pre-planning for and managing emergencies
  • Fire safety
  • Crime and disorder initiatives
  • Training
  • Carrying out day-to-day activities

Most operational risks are foreseeable. However, the risks posed by events such as adverse weather conditions or civil contingencies are not easily quantifiable. A combination of operational risk information, risk assessments, local knowledge and professional judgement should ensure that appropriate risk management processes are put in place.

An operational risk information management system should:

  • Incorporate relevant information from other systems
  • Develop and support a common approach to the strategic and dynamic analysis of risk
  • Determine the appropriate application of resources and processes to address the risks that affect personnel, other emergency responders, members of the public and the environment

There should be clearly-defined strategic responsibilities for the development of policies and procedures within each fire and rescue service. Operational risk information should be managed as part of an integrated approach to managing risk and ensuring safe systems of work for all employees. Therefore managing risk should be considered alongside health and safety management.

The operational risk management process should also take into account other aspects and systems of the service, including fire safety, operational data, organisational skills and resourcing.

External sources of information should be considered with planning and carrying out risk management activities, including:

  • Legislation and regulations
  • Approved guidance and research
  • Health and safety resources

National Risk Assessment

The UK National Risk Assessment (NRA) is a yearly process aimed at identifying, characterising and comparing all the major hazards and threats of national significance that may cause significant impacts in the UK on a five-year horizon. Led by the Civil Contingencies Secretariat of the Cabinet Office, it involves a large multi-agency process that allows ranking risks based on the likelihood and impact of the ‘reasonable worst-case scenario’.

According to the Civil Contingencies Act, the NRA constitutes the fundamental basis for capabilities-based planning to support emergency preparedness and response from national to local level. Following on from carrying out the NRA, the Cabinet Office publishes the National Risk Register of Civil Emergencies (NRR).

In addition to providing information on how the UK government and local responders manage these emergencies, the NRR also signposts advice and guidance on what members of the public can do to prepare for these events.

The NRR and other government guidance helps local emergency planning forums to interpret the likelihood and impact of these risks for their local area. This in turn assists the statutory resilience forums to carry out Community Risk Assessments (CRA) and produce Community Risk Registers (CRR). This process ensures there is a fully-integrated risk assessment process between the government and all local responders, including fire and rescue authorities.

Risk management plans

In accordance with the relevant fire and rescue service national frameworks, each fire and rescue authority must produce a risk management plan that identifies and assesses all foreseeable fire and rescue related risks that could affect its community, including those of a cross-border, multi-agency or national nature.

The fire and rescue risk management plan must consider the NRA and NRR, the CRA and CRR, and any other appropriate risk assessments or risk registers.

When considering the storage of and access to the risk management plan it is necessary to determine the appropriate information and level of detail. The risk management plan should be produced and published in accessible formats for a wide audience, including:

  • Personnel, including incident commanders, to support appropriate decision-making
  • Other fire and rescue services and agencies
  • The public

Operational planning

To be effective and integrate the culture of successful health, safety and welfare management, fire and rescue service planning should be proactive and set out to identify, eliminate and control hazards to reduce the risks to its employees, the public, property and the environment. This takes place at three levels:

1. Strategic

Where a fire and rescue service demonstrates their strategic commitment to the health, safety and welfare of all employees by planning their health, safety and welfare policies, deciding priorities, providing resources, and developing strategies to promote a positive safety culture.

2. Systematic

Where a fire and rescue service plans the delivery of strategies to minimise hazards and risks to employees, to deliver a positive safety culture. This planning ensures that managers assess the level of risk and apply the necessary controls in the operational environment.

3. Dynamic (at incident)

Where operational personnel continuously evaluate and manage risk at the incident. An important part of risk management at this level is the post-incident review where relevant information is recorded and fed back into the strategic decision-making process via the systematic level, so that safety standards can be constantly improved.

National Operational Guidance

National Operational Guidance provides information about the hazards faced by operational personnel and the appropriate control measures to resolve them. By completing a strategic gap analysis of the guidance and considering their risk management plan, fire and rescue services can develop appropriate operational risk assessments.

The guidance has been written to allow flexibility in approach for fire and rescue services to implement control measures appropriately in their area for their personnel, resources and considering their own priorities and risk tolerance.

The guidance aims to allow flexibility and discretion in approach, so that personnel can respond in an appropriate and proportional manner to the hazards they encounter, in the context they find them, and through considering the benefits of their actions. Where policies or procedures prevent action that is necessary due to unforeseen circumstances or unidentified hazards, operational discretion may be applied. Detailed information about the application of operational discretion is provided in the Incident command guidance, and in the Incident command: Knowledge, skills and competence.

The guidance should not be applied directly to the activities of fire and rescue services; this should be informed by local risk management planning, equipment, training and resourcing. It is recognised that the emergency response priorities and capabilities of each fire and rescue service will differ.

Operational risk assessments

Planning should establish, implement and maintain procedures for hazard identification, risk assessment and determining the necessary controls. In the context of operational risk information, the hazard identification and risk assessment processes should take into account the:

  • Range of possible fire and rescue service activities
  • Which employees may be involved in using operational risk information, and their competence
  • Incident command system and management procedures in place
  • The risk tolerance of the organisation

Operational risk assessments should identify how the fire and rescue service will implement the control measures required to eliminate or reduce risk. These control measures may require:

  • Appropriately trained personnel, including specialist advisers
  • Suitable vehicles and equipment, including
    • Personal protective equipment (PPE)
    • Respiratory protective equipment (RPE)
  • Detailed procedures on how to establish a safe system of work; these may take the form of:
    • Standard operating procedures
    • Tactical plans
    • Operational information notes
    • Other policy and procedure statements

It is important for fire and rescue services to determine their level of risk tolerance, and to ensure all employees understand the implications. This will affect the activity of personnel, and incident commanders in decision-making and development of tactical plans.

All risk assessments should consider a partnership approach with other fire and rescue services and other agencies. Managing operational risk information should take into account the existing and future needs for intraoperability and interoperability.

Horizon scanning should form part of risk management planning. Fire and rescue services should consider nationally-identified incident patterns and how their area is likely to change, including planned developments or expected changes such as:

  • Community risk profile
  • Housing stock
  • Infrastructure
  • New industry
  • Technological developments

Further and more specific information on operational risk information is provided in the Site Specific Risk Information and Emergency response plans.

For further information about its implementation, refer to the guidance for Operational risk assessment.

Management of operational risk information

All relevant operational risk information should be recorded and made available to those who legitimately need to access the information

The commitment and leadership of the strategic management team is essential to the success of the operational risk information system. Managing operational risk information is part of an integrated approach to managing risk and ensuring safe systems of work for all employees. The approach should be defined, and supported by policies and procedures to ensure there is:

  • Strategic direction which demonstrates how the duty for the provision of operational risk information is linked to the operational duties of personnel
  • Assigned responsibility for establishing, implementing and maintenance of operational risk information
  • Established processes for the audit and review of operational risk information
  • Clarity of responsibility:
    • Of the fire and rescue service management team
    • Across different functions in the fire and rescue service
    • Between partner agencies
  • Clear documentation, with document control and compliance with data and information management
  • Appropriate distribution of operational risk information to employees; this may include the use of electronic means such as mobile data terminals
  • Appropriate sharing of operational risk information with other agencies, subject to data and information management compliance

Monitoring performance of risk management

The provision and management of operational risk information and the risk management plan should be monitored in order to:

  • Assess the effectiveness of arrangements
  • Provide reports on the qualitative and quantitative measures of performance
  • Provide information on how the risk management system is operating
  • Identify areas where corrective action or continual improvement is required
  • Consider its impact on health and safety management
  • Provide a comparison between historic and current performance
  • Consider the views of other parties and agencies
  • Identify the benefits of the risk management plan

Strategic actions

Fire and rescue services must:
  • Produce and maintain a risk management plan in line with legislative requirements

Fire and rescue services should:
  • Develop risk management plans that are compliant with legislation, and in consideration with the National Risk Assessment and Community Risk Assessment

  • Consider inclusion of previous incident history, identified risks and horizon scanning as part of the risk management plan

  • Consider cross-border risks during risk management planning in collaboration with neighbouring services

  • Share the completed risk management plan with employees and the public in accessible formats

  • Define the strategic responsibilities for the development of policies and procedures in support of risk management

  • Determine their level of risk tolerance and communicate this to relevant employees so that they operate within set boundaries

  • Share the operational risk information with employees in accessible formats

Tactical actions

There are no tactical actions associated with this control measure.