Kevin Ian Schmidt

How to Complete a Risk Assessment

A risk assessment is a systematic examination of a task, job or process that you carry out at work for the purpose of identifying the significant hazards, the risk of someone being harmed and deciding what further control measures you must take to reduce the risk to an acceptable level.

  • Identifying the significant hazards that are present (a hazard is something that has the potential to cause someone harm or ill health).
  • Deciding if what you have already done reduces the risk of someone being harmed to an acceptable level, and if not;
  • Deciding what further control measures you must take to reduce the risk to an acceptable level.

Who should do risk assessments?

Risk assessments should be overseen by a person who is experienced and competent to do so, competence can be expressed as a combination of Knowledge, Awareness, Training, and Experience. As needed employees that work in the area should be consulted to help identify risks, as they are job experts in their area.

Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help.

8 steps to carrying out a risk assessment;

  1. Identify the hazards
  2. Identify those at risk
  3. Identify existing control measures
  4. Evaluate the risk
  5. Decide/Implement control measures
  6. Record assessment
  7. Monitor and review
  8. Inform

Look for the hazards that you could reasonably expect to result in significant harm, for example;

Slipping and tripping hazards from poorly maintained floors, Fire hazards from flammable materials etc.

Identify those at risk

Think about individuals or groups of people who may be affected e.g.

  • Office staff
  • Maintenance personnel
  • Members of the public
  • Machine operators

Particular attention must be paid to disabled staff, lone workers, temporary staff and young inexperienced workers.

Identify Existing Control Procedures

Examine how you already control the risks; it is unlikely that your workers are getting injured on a daily basis, so you must have some controls in place already. To decide if those existing control procedures are adequate, and to evaluate the risk, complete a risk ranking which will determine the residual risk.

Evaluate the risk

A risk is defined as the likelihood that a hazard will cause harm

I.e. Risk = Likelihood x Severity – below is an example of a simple 1-5 risk ranking system.

  1. Rare
  2. Unlikely
  3. Possible
  4. Likely
  5. Almost Certain

If the hazard does result in harm, how severe would the injury be?

  1. Scratch (trivial)
  2. Cut (Minor injury)
  3. Fracture (Major injury – Over 3 day injury)
  4. Amputation (Major injury)
  5. Death (Death)

Decide and Implement new control measures

If the risk is not adequately controlled decide which new control procedures are required and ensure these procedures are implemented. The control measures are the actions performed to reduce either the probability of the accident happening or the severity of the outcome, and where possible both. When considering what measures to put in place it is important to consider both severity and likelihood, in order to minimise the overall risk.

When deciding what new control measures will be required, it is helpful to work through the ‘hierarchy’ of controls. The hierarchy is as follows:

  1. Elimination – get rid of the risk altogether
  2. Substitution – exchange one risk for something less likely or severe
  3. Physical Controls – separation/Isolation, eliminate contact with the hazard
  4. Administrative controls – safe systems of work, rules in place to ensure safe use/contact with hazard
  5. Information, instruction, training & supervision – warn people of hazard and tell/show/help them how to deal with it
  6. Personal Protective Equipment – dress them appropriately to reduce severity of accident

Control measures should be practical and easy to understand (what to do and why they are doing it), applicable to the hazard, able to reduce the risk to acceptable levels, acceptable to the workforce and easy to operate.

Understanding the Hierarchy of Control will help you  better understand how best to mitigate risks

After you have implemented the new control procedures, then re–rank the risks as above to determine the new residual risk, you should aim to get the risk to as low as is reasonably practicable until it is at a tolerable level.

Record the assessment

Keep copies of the assessments for your records and for inspection by OSHA should they ever be requested. Retaining copies is also helpful in reviewing the risk assessment, at a minimum annually, or when it becomes imperative to add to it, such as when new equipment, or workplace layout changes.

Monitor and review

You must ensure that the control measures are achieving the desired level of control. You must review the assessment on a regular basis or if anything changes e.g. new staff, change in machinery or process.


Remember, even if you work in a seemingly low risk working environment, hazards exist and the risk management process is still an essential part of creating your safe work systems.

Mistakes in Managing Safety

The challenge of managing the many aspects of safety at work at times can feel overwhelming. There are many legal, moral, and financial reasons for us to pay attention to our safety obligations. With all these challenges we need to ensure that we are not wasting our time, money, and efforts doing things that simply don’t work. Here is a list of common errors we can make in managing workplace safety issues that hopefully we can all avoid.

10 Mistakes made while Managing Safety

(1) Celebrate the lack of injury and not the existence of safety.

It is a huge mistake to focus on the lack of injury as the measure that we’ve been safe. Everyone I’ve ever met can tell me of a situation when they have taken a terrible risk with their well-being and have gotten away with it. Of course, we should be happy when we’ve gone a period of time without anyone being hurt, but that doesn’t mean we were “safe”. Safety cannot be defined as a lack of injury. Safety is created by what we do, not what we avoid.

Too many companies reward the “lucky” who didn’t get hurt while being unsafe and the “liars” who don’t report injuries to avoid being the employee that breaks the safety record. We need more focus on making our work places safe by doing the safety activities it takes to create safety. Safety celebrations should be shared with those people who have helped make our workplaces safe and not those who have just been lucky!

(2) Do safety to our employees and not with them.

Rules imposed by others don’t often get the buy-in needed to change behavior. Involving employees in the process of establishing the safe behaviors and rules that apply to their workplaces makes it much more likely that those rules of behavior will be complied with. Challenging groups of employees to set and review the standards of performance involves them in the essentials of safety.

(3) Do safety only for the government.

Companies in the early stages of developing their safety cultures often make the mistake of being “reluctant compliers”. They are doing safety because the government is forcing them to do it. The value of managing safety is truly beneficial to a company’s bottom line productivity and performance. The sooner a company starts doing safety for the added value to their performance the sooner they will start to perform! Safety is about getting everyone home every night. Of course, how we do that should follow the applicable OHSA regulations. Don’t do safety for the government, make your work safe and make it legal… your company will thrive financially because of it.

(4) Ignore the importance of the proper tools, equipment, materials and work space.

The historic myth that unsafe behavior causes 88% of the incidents we experience is simply NOT true. Unsafe behaviors are involved in ALL incidents we experience. The other part of the formula that is often ignored by believing in this myth is that unsafe conditions are also always present. We need to focus our efforts on both safe behaviors and safe conditions (tools, equipment, materials and work environment). If we only supply broken tools to humans, we shouldn’t be surprised when they get hurt. If we don’t supply an easily accessible lifting machine for employees to use, we shouldn’t be surprised when they are injured by over lifting. Good tools and equipment increase the chances that workers will do their work by not taking unnecessary risks.

(5) Ignore the culture of unsafe behavior.

Not making safe behavior personal and not holding each other accountable for making it safe at work is a huge mistake. Allowing our fellow employees to continue unsafe behaviors is often disastrous. We are our brothers and sisters’ keepers. Not unlike when we play team sports games, we must take the opportunity to coach our fellow employees who are missing the safe behaviors they need to do so they go home safely every night.

A safety culture can make or break your workplace, literally. If you need to formulate a plan for improving your safety culture, check out this post.

(6) Miscalculate the power of groups actively caring about each other.

Inviting co-workers to give us feedback and coaching when they see us doing something unsafe is a wonderful way to increase the team approach to safety. Unless invited, our coworkers may feel reluctant to bring our mistakes to our attention for fear of a poor reaction. We’re in this together so why not open up the discussion and invite each other to help us through the challenges of behaving safely.

(7) Deliver Safety Programs to passive employees.

I’m not sure what happened historically to make us believe that we could deliver safety to employees like a pizza. The sooner we hold everyone accountable for safe production and not just production with safety added on, the better off we’ll all be. Challenging employees to come up with the ways to make their work safe is well documented as a sure fire way to increase your safety performance.

(8) Measure results and not the activities that create safety.

Companies who define safety activities for all of their staff throughout their organizations (including the CEO) are safer than those who don’t. Demanding that the measurement of doing a great job includes doing safety tasks like: investigations, hazard assessments, inspections and attending meetings, gets what needs to be done, actually DONE. Not doing this ensures that safety activities will take a back seat to production every time.

Need to know more about measuring workplace safety, check out this post.

(9) Manage OHS differently than we manage the other parts of our businesses.

Why would a profitable successful company with a clear record of managing success implement a “safety program” that doesn’t EXACTLY replicate why they are successful in the first place? Manage safety exactly like you manage your business and you’ll get similar results. There are too many companies that manage safety differently than their business to the peril of their safety results.

If you know how your employees and management team are motivated to give you production, why would you settle for doing something different to get safety results?

Far too often companies take a very positive and proactive approach to motivating productivity activities yet do exactly the opposite when it comes to safety by providing only negative reinforcement for safety. Safety is a condition of employment is a commonly used threat. Of course, it is, and so is being on time and doing your job. Too many companies in their orientation focus on making negative consequences the key messages during orientation rather than to tell employee that we need their help to make it safe here and we are counting on you to help us with safe production. Of course, you cannot ignore unsafe behaviors any more than you would ignore behaviors that didn’t comply with your productivity systems. Stop making safety feel like a negative thing. There is nothing negative about doing our work with a focus on safe production.

(10) Hold safety meetings that everyone wants to avoid.

I have spoken to tens of thousands of employees in my career about the functionality of the “safety meetings” that they attend. Overwhelmingly people tell me they don’t like what goes on in these meetings very much. The natural question is “Why are we going to a meeting and not liking what is going on?” Simply fix it! At your next meeting stand up and tell folks you’d like to discuss how to make these meetings better. Let’s all set a goal of not sitting silently at a meeting that isn’t addressing our needs. Just say NO to unsuccessful safety meetings!

To learn some more about engaging your employees on safety committees, check out this post.

Well there you have it. I hope you have some ideas to think about to make your safety culture better. Own the safety process, take part in creating it, stand up and be counted. We need to do this together and stop doing things that we know fail. Let’s be successful together… it matters a lot to you and the people that you work with!

Lower Experience Modification Rate for Increased Profits

This is part 2 of our series on EMR and how it is effecting the profitability of your company. For Part 1, click here.

Is your company looking for a way to increase profitability? Before you cut personnel, before you look for ways to cut expenses, before you try anything else, have you looked at your Worker’s Compensation insurance rate? This is called the experience modification rate, and is calculated based upon your risk rating. To learn more about how your EMR rate is calculated, check out part 1 of this series.

An above average experience modification rate (EMR), can be costing your company valuable profit, and if you’re not aware of it, this can be a hidden profit suck.

So, what can you do?

It isn’t as easy as lowering your car insurance by just switching companies, because the EMR follows your company from insurance company to insurance company. It is a multiple stage approach, which I will lay out for you.

Steps to Lower Experience Modification Rate

The first step is to do a claims review. Many companies request a claims review, then sit there and nod their heads as the company presents the information, which is honestly useless. Just being told about the information doesn’t help you. You need to understand the information and how it can impact your company.

  • Was this person or are they currently an employee?
    • It occasionally happens where an employee is assigned to the wrong company, so ensure all listed people are properly assigned.
  • When was last claim payout? Is it an opportune time to settle the case?
    • Why would you settle a claim? Settlement of a claim can lower the impact it has to a claim. If a case was assigned a reserve of $100,000, and has paid out $3,000, there is a reserve of $97,000 which is reflecting on the claim as a high claim case. A settlement of $10,000 would close the case at a value of $13,000, bringing back $87,000 and lowering the impact to the EMR.
  • Review of class codes.
    • Every employee has a class code under which they are assigned, and ensuring they are properly accounted for in payroll records for hours worked is important for a proper EMR calculation. Why is this so important? If you run an auto repair business, a mechanic has a naturally higher risk classification than an accounts receivable clerk, if someone in your business covers both positions, classifying them under the higher risk code could lower the XMOD calculation simply by having less injuries for a higher risk classification code.

If you have made any corrections or adjustments during this process, have the EMR recalculated, and this could save your company thousands.

With the claims review completed, it is time to conduct a trend analysis.

When just starting in this process, the information will be basic. It will come from your worker’s compensation auditor, during the claims review. What you’re looking for, are accidents increasing or decreasing? Any identifiable patterns to claims/injuries; such as 40% are lifting improperly or such?

As your program matures, you can include items like Near Miss reports, location first aide only incidents, safety committee findings, or anything else your company builds up.

Once you have conducted a thorough tend analysis, the next step is to design a Return to Work (RTW) Program

A Return to Work Program is invaluable to lowering an Experience Modification Rating. It decreases associated costs to provide employees with light duty work, because wages are paid directly to the employee vs paying them from insurance. This decreases the costs paid out by insurance, which is a factor in calculating the EMR.

When implementing a RTW program, it is important that the employee serves a valuable job function, so as to add value to your company, but you also have to take into consideration that the job is within the person’s skill set, and the job is not seen as punitive. What? Yes, some tasks can be seen as punitive, like if the worker is reassigned to a task that provides no value to the company. Companies have done things like having workers sort nuts & bolts, then at the end of the day they mix everything together again. A task like this could be seen as punitive towards the employee, and could have your company under scrutiny for punitive or vindictive actions towards an injured employee.

Keep this in mind while managing a Return to Work Program, and design a program that aids the employer and employee.

Next step in this process is establishing a strong safety program.

When establishing a safety program this is a multi-faceted approach, allow me to lay this out for you:


Following these steps, your company will be able to lower your company’s Experience Modification Rate, which translates into increased profits, and a safer workplace for all employees.

Keep in mind, besides fixing errors, making a change to an EMR is not an instantaneous process, and it will take at least a year to see the impact, while it can take 2 years to see marked improvement, due to getting information to the field employees and building a full and proper safety culture.

Experience Modification Rate Explained

In today’s competitive world of business, it is necessary for companies to take every precaution relating to insurance claims and the efficiency of their safety programs.

Workers compensation insurance is mandatory in every state. The premium depends upon the state, the industry, and other factors like your Experience Modification Rating, XMOD, Experience Mod, or EMR. The Experience Modification Rating is a formula that compares the claims and costs of worker’s compensation in your company to other businesses that are similar in terms of size and capital.

Workers’ compensation and how businesses deal with it is becoming increasingly important, as this can impact the profitability of the company. Understanding and tracking this rating will help you discern how well your loss prevention practices work and can help you lower your rates.

How Experience Modification Rating Affects Profits

Experience Modification Rating is a way of rewarding or penalizing companies for their safety management. The lower your rating the lower your workers comp rates will be, while the higher your rating the higher your workers comp rates will be.

Employers that on average have a yearly premium that meets or exceeds $3,000 will often be supplied with an Experience Modification Rating. Each year, your Experience Modification is calculated by the NCCI (National Council on Compensation). In most instances, your rating is calculated using the three past years of date supplied by your insurance company. So for example, your 2019 EMR would be calculated based upon all claims from 2018, 2017, and 2016.

If your yearly premium is $100,000 and your Experience Mod is 1.20, then your premium will increase by $20,000 for that year, making your annual premium $120,000. Conversely, if your rating is.80, then your premium will decrease by $20,000 for that year, making your annual premium $80,000. As you can see, your workers compensation insurance rate is greatly impacted by this rating. So, if you’re trying to compete for business, or remain profitable in a competitive market, an XMOD of 1.20 could put you $40,000 behind, meaning if you have a margin of 35%, you would need an additional $114,285 in sales to just offset this loss.

How is the Experience Modification Rating calculated?

Having no claims is best. However, most companies do have some type of claim. Medical-only claims that don’t involve loss of time are reduced by 70% before being figured into the equation.

I will to attempt to explain the experience modification factor in layman’s terms. I’m not going to delve into the formula and its components but rather only those pieces that you have direct control over. I’ll touch on classifications, payrolls and losses.

Class Codes

Just like anything, without the proper foundation all things will crumble. This is definitely the case with your class code. If you have the wrong class code then you’ll have the wrong mod. As agents, we use the Scopes manual to give us class code descriptions and rules. You should ask to see the narrative for your specific code(s). Only then can you determine if you are properly classified. Some classifications allow for a division of payroll. In several states most of the codes allow for division of payroll. What I mean by this, if you fit into two (or more) codes, you can divide the payroll between them as long as you maintain separate payroll records. It would behoove you to do so, otherwise all of your payroll will go into the higher rated classification. Why pay more if you don’t have to?


Payroll is another component that you control. Your payroll is your payroll. What you need to make sure of is that the auditor has assigned the proper payroll to each class code. Sounds rather simple doesn’t it? Don’t let if fool you. Did the auditor include overtime premium pay? He shouldn’t have. Is there division of payroll? Don’t rely on them to tell you about these things because they won’t.


For those of you who’ve had a bad experience with experience rating, you’re sure to know it’s the losses that were the primary culprit in your debit mod. Nothing affects your mod more so than the loss component. Do you even know what your losses are? Do you have any open claims? Do you have any losses that will be dropping off your next mod calculation? Are you picking up a bad year? Did your insurer recover any money through subrogation? Were any of your losses over-reserved? If there’s one thing to remember from this article, it is to stay on top of your losses.

The first $5,000 of each loss of time claim is counted at full value, and anything over that is discounted. This means that your Experience Mod is less affected by a large single claim than it is by multiple small claims.

So, what can you do to improve your Experience Modification Rate (EMR)?

Check out our suggestions here for how to lower your EMR.


As you can see, the XMOD of your company is not some crystal ball calculation, and is really just an overall insurance look of risk for your company. Understanding this, and looking at it as a simple mathematical calculation, will provide you with an understanding of how to lower your costs and increase your company’s profitability.

How to Improve Your Safety Culture

According to the Broken Windows Theory of Crime, if a broken window is left unrepaired, people walking past it will assume no-one is in charge. Within a short space of time, more windows will be broken creating a subtle indication that anything goes.

Crime is contagious and works like an epidemic.

So, if a broken window attracts more crime, does this mean that a workplace that is poorly cared for has more injuries?

And the answer is simple: yes.

According to a study by Dave DeJoy and Todd Smith from the University of Georgia’s College of Public Health, they found a well-kept site means safety is a priority.

Crime is contagious. So is not caring about where you work and the safety of your workmates. Organizations that allow untidiness and broken equipment are subconsciously saying that safety and equipment aren’t important. By fixing up the little things in your environment (e.g.: broken/unsafe machinery, PPE that needs replacing), you fix up the safety culture.

High performance companies keep their workplace cultures in check by balancing core areas. These are Unity, Compassionate Leadership and Communication. Together, these factors hit the sweet spot for trust (which is when people feel safe). Trust is integral for a high functioning culture.

As Simon Sinek says in “Start with a Why”, “only when individuals can trust the culture of an organization, will they take personal risks to advance the company. Great organizations become great because the people inside feel protected”.

This desire “to feel safe” is two-fold, it means feeling safe to excel and take risks in your career, but also knowing that you are protected from getting injured at work or from being bullied or harassed by colleagues.

3 Simple Steps to improve safety culture

To get to “Trust”, companies need to align themselves with the following three inter-related factors that are driven from the top, but are orchestrated at every level:

1.Unity– High performing workplaces are unified and have every-one working together as a team. There is no “Us versus Them” mentality.

Humans have a very strong and instinctive desire to be part of something bigger than themselves. It’s the same at a workplace. Staff want to be part of a group and a successful one that’s going somewhere. It’s important for companies to cultivate a strong sense of group identity. This means that all communication uses the terms “we” and us” and that clear goals are set.

2.Compassionate Leadership– We all need to feel loved and appreciated. It’s important that companies convey this to their staff. Not just through words, but through the right actions.

Staff and even visitors, to your workplace, will look for visible signs that staff are highly valued to the organization.

This means looking for evidence of:

  • A tidy, clean kitchen and toilet area,
  • Clean workspaces,
  • Operational equipment,
  • Clean PPE, and
  • Happy staff working together.

By ensuring a tidy work environment and operational equipment, leaders ensure that subtle messages are given that only productive and safe behaviors are tolerated.

Other more intrinsic signs are that staff ‘s personal needs are considered important and that they are listened to, if they have any concerns.

3.Communication– Finally, we have the final step that communicates the other two areas but in a transparent, predictable manner. This is where communication connects staff emotionally to the information by using stories and metaphors.

Communication must be regular and transparent. Woe betide any CEO who dares to announce that safety is important, but in a later announcement declares that due to poor sales, the safety budget is going to be cut. Messages must always be transparent and credible.

They must also include:

Unity messages that working at the company is a team effort, that group goals are achievable and that looking out for teammates is required, while being responsible for your own safety.

Compassionate messages that the company wants the best for staff, that staff contributions are welcomed, and that safety is a priority.

Communication is also open at all levels and staff can offer feedback that is actioned rather than ignored.

By ensuring that these three factors are in balance, organizations ensure that their workplace is highly functional and cohesive, with trust being the centerpiece of how the organizations operates.

Security Policies and Security Documentation

This document is prepared and presented as a basic overview of contemporary best practices regarding written documentation — primarily security policy – needed within an effective security program. It is generic in that it is developed without a specific application or facility in mind. As such, all or parts of this information may not be appropriate for every building or facility. The intent is to provide fundamental information for non-technical and non-security readers.

Security documentation is the written material used to govern all aspects of a security program. Such documentation would include, at minimum, the following;

  • Policies
    • Standards
    • Guidelines
    • Emergency Plans
    • Training Material
    • Informational Material


It can be said that there are – in essence – only 3 reasons for performance failure in an organization’s security program;

(1) The is NO policy and procedure addressing the issue;
(2) There is a policy and procedure addressing the issue, but it was not followed;
(3) The policy and procedure addressing the issue was followed, but the contents were inadequate to properly address the circumstances of the particular situation.

In the triad of architectural, technological and operational security, the policies and procedures are the foundation of the later and are easily the most overlooked and most important aspect of a comprehensive and effective security program.

An organization’s policies and procedures are dynamic in that they must be continuously updated and constantly refined. Perhaps no other single aspect of an entity more clearly reflects its culture and philosophy than the body of written policies and procedures by which it governs.


Easily, the most common obstacle in any attempt to develop security policies and procedures is the failure to have the full support of top management. At the very least, the direct approval of the top position is necessary. Ideally, the policies and procedures should be reviewed and approved by the governing body – such as the Board of Directors – or a committee thereof. This support from the top of the organization must also be clearly reflected in the document itself.

Additionally, management must support the effort through “example”. This means that the policies and procedures must apply to everyone, regardless of their position within the organization. If exceptions are to be allowed, the exceptions should be stipulated in the policy and procedure document.


If a “perfect” policy and procedure document could ever exist, even it would be of no value if the person’s subject to its contents and responsible for its implementation and enforcement are not aware of the details. Traditionally, binders of printed documents were reproduced and widely distributed so as to be accessible to the workforce. Today, fewer printed copies are prepared and there is a greater reliance on electronic media. A best practice is for the security department to have its own website on the organization’s intranet. Among the many benefits of this is the ability to make the security policies and procedures readily available for reviewing and downloading, ideally in the Adobe.PDF format.

The essential contents of the policies and procedures should also be presented during employee orientations and included in an employee handbook.


Typical security documentation can be described as follows:

POLICY: The organizations stated security objectives and the requirements in general terms. Policy also establishes departmental responsibilities and cooperative interaction where issues may overlap. Most importantly, it conveys authority. Policies address specific issues, however, the statements are usually very broad and without detail.

STANDARDS: Standards establish minimum performance parameters. These are statements that are usually “actionable”, “measurable” and/or “observable”. Standards are more detailed that Policies, and can often be the same as or similar to technical specifications.

GUIDELINES: Policies and standards require writing in a very precise and special way that avoids misunderstanding. Because it is not a narrative style that most people are accustomed to reading, some helpful explanatory notes can aid in comprehension. Guidelines serve this purpose but are not “requirements” in themselves.

PROCEDURES: Procedures are directed at persons responsible for taking action under the various circumstances and conditions, or in response to certain events. These are very specific and step-by-step to the extent practical and reasonable. Where Policies and Standards may apply on an enterprise-wide basis, there will always be a large portion of the Procedures that must be specific to each individual location or facility.

EMERGENCY PLANS: Generally, a given facility will have need for several emergency plans, each addressing specific events. Emergency plans are constructed – in part – so that they may be referenced in real time during an event. The most common emergency plans are in response to such things as a fire or bomb threat. Additional plans may be needed for other events such as an attack or when the threat of attack is elevated. Procedures within Emergency Plans tell people “where” they will go and “what” they will do when the get there.


A key aspect to a good manual is that it is relatively easy for any user to find the information they are seeking. Because a policy and procedure document is continuously revised, a conventional, single document with sequential page numbering would be less than optimal. Additionally, it is desirable to numerate the contents other than through the employment of page numbers, since these tend to change during revision. It is also very desirable to facilitate later reference to individual “provisions” within the document, similar to the manner in which government laws are numerated. An example structure might be something similar to the following:

1 = Chapter
1.01 = Subchapter
1.01.01 = Section = Subsection

It is advisable to create a standard format or template for the pages in order to facilitate the replacement of pages with revisions, and for readability. The template should incorporate a place for the title of the chapter and a place the date of the most recent revision. The document should contain a Table of Contents and a word index is a great enhancement.

Typically, an organization would have a general or master body of policies and procedures that are universally applicable across the entire global enterprise. Entities with multiple facilities will likely need to reserve certain subjects for further individualization for various locations such as different cities, states or countries in order to accommodate variations in applicable laws.

Additional policies and procedures will usually be needed based upon the specific nature of the organization, such as the business or industry in which it falls. Government regulatory compliance can be a major element of the document in some operations.

Where the policy manual is separate from the procedure manual – as is generally recommended – the relative procedures should reference the corresponding policy.


There are a myriad of subjects that might be addressed in a comprehensive set of security policies and procedures. Many of the common subjects will overlap with areas commonly addressed by the Human Resources department, and sometimes with other units as well. It is strongly recommended that legal counsel review and approve all policies prior to dissemination.

Typically, policy is written in a narrative and semi-general format and the only “rule” is that the message be clear and unambiguous. Each policy would generally state the organization’s position on the subject, and most importantly, it should delegate the necessary authority and responsibility for developing the corresponding procedures for execution and enforcement.

Procedures are typically written in a “step-by-step” format. As a guide, security procedures for security officers should be developed with a new guard on his or her first day on the job in mind.


If policies are important, than adherence to policy must be equally important. The policy MUST set forth appropriate consequences for violations of any policy, in the form of disciplinary action. Failure to consistently enforce policies might tend to negatively impact the legal enforceability of all policies. Where an organization lacks the collective will to act to enforce a policy, that policy should be changed or abolished. No policy should ever continue to exist for which enforcement action is not instituted consistently.


No policy and procedure manual can be completely written in advance that will be applicable to any organization without customization and modification. The following is a list of basic subject areas – not in any specific order – that should be considered for inclusion in a security policy and procedure manual;

1.0 Statement from Executive Management
2.0 Security Department Mission, Purpose and Objectives
3.0 Security Department – General
3.1. Organizational Structure
3.2. Policy Enforcement
3.3. Investigations
3.4. Reporting
3.5. Background Investigations
3.6. Use of Force
3.7. VIPs
3.8. Communications
4.0 Security Department – Management
4.1. Authority
4.2. Qualifications
4.3. Liaison with Government Agencies
4.4. Periodic Departmental Reports
4.5. Security Awareness Training of Non-Security Personnel
4.6. Responsibilities
4.7. Staff Performance Appraisals
5.0 Security Department – Staffing
5.1. Qualifications
5.2. Uniforms
5.3. Equipment
5.4. Training
5.5. Post Orders
6.0 Security Department – Duties and Responsibilities
6.1. Policy Enforcement
6.2. Investigations
6.3. Response to Criminal Acts
6.4. Suspicious Persons
6.5. Emergency Conditions
7.0 Information Protection
7.1. Document Storage for Business Continuity
7.2. Document Destruction
7.3. “Clean Desk” Program
7.4. Trash Removal
8.0 Lost and Found
9.0 Courtesy Escorts
10.0 Cash Handling
11.0 Parking and Traffic Control
11.1. Vehicle Registration
11.2. Signage
11.3. Vehicle Removal
12.0 Security Responsibilities of All Employees
12.1. Reporting Incidents & Suspicious Situations
12.2. Cooperation in Investigations
12.3. Privacy and Consent to Search
12.4. Contacts by Governmental Agencies
12.5. Contacts by the Media
12.6. Cooperation during Emergencies
12.7. Protection of Assets
12.8. Prohibited Items
12.9. False Reporting Prohibited
12.10.Employee Conduct
13.0 Lock and Key Control
14.0 Material Passes
15.0 I.D. Credentials
15.1. Employees
15.2. Visitors
15.3. Vendors / Contractors
16.0 Workplace Violence
17.0 Ethics
18.0 Medical Emergencies
19.0 Fire and Life Safety
19.1. Systems Inspection & Testing
19.2. Unsafe Conditions
20.0 Audits of the Security Department
21.0 Access Control
22.0 CCTV
22.1. Overt Surveillance
22.2. Covert Surveillance
23.0 Security Screening
23.1. Pedestrians
23.2. Vehicles
23.3. Parcels and Packages
24.0 Emergency Conditions
24.1. Preparation of Emergency Plans
24.2. Incident Command
24.3. Drills and Exercises

Ten Safety Tips at Work

Workplace injuries are relatively commonplace nowadays, this article will hopefully point out to you of 10 easy methods to prevent serious injuries from occurring.

  1. Keep work areas uncluttered to circumvent falls

In accordance with the Bureau of Labor Statistics, falls are quite typical workplace injuries. In addition to the statistic, the Bureau reported that one 4th of falls were from the height of 10 ft or fewer. What this means is workers are stumbling, sliding, or falling consequently of disorganized areas or slippery flooring.

Injuries from slips, trips or falls could possibly be avoided by striving to maintain work areas tidy and uncluttered. This might be enforced by regularly scheduled cleanings, because it is simple for work areas to rapidly accumulate clutter.

  1. Promote a culture centered on safety

This responsibility initiates from the managers of the place of work. Through classes, orientations, along with other interactions with employees’ managers and administrators hold the chance to stress the significance of workplace safety.

Because they build this relationship with employees, hopefully the whole work environment will start to take safety to heart and can begin concentrating on maintaining a secure work space. Managers can conduct scheduled assessments to locate potential hazards and train employees preventing these from becoming real problems.

  1. Ensure ease of access to emergency exits and equipment shutoffs

By continuing to keep work areas organized and free from clutter, the employees will consequently be maintaining obvious and immediate access to emergency exits and equipment shutoffs in the situation of a serious safety emergency. Keeping obvious pathways to those two areas well ensure quick exits and reactions in case of a security threat.

  1. Reduce work environment stress

When employees become consumed with stress or are excessively-tired, they become vulnerable to accidents or acting in an unsafe manner. High amounts of worker stress could be prevented by creating a wide-open style of communication between employees and administrators to ensure that employees have the freedom to speak when they’re feeling strained or stressed. Permitting employees to adopt regular breaks during the day will give you a way for employees to de-stress and recharge, hopefully stopping any safety dangers.

  1. Lift heavy objects properly

When heavy products are lifted improperly, the may cause serious back injuries to employees. By training employees on the way to lift such products with proper form, you’ll have the ability to minimize back injuries.

Heavy objects ought to be lifted lightly and effectively using upper thighs and legs, as opposed to the back. The product ought to be held near to the body as it is being transported, to be able to supply the most stability.

  1. Provide enough training for employees on all equipment and tools

When employed in any industrial setting where large machinery exists, it is necessary that workers are trained and understand how all the machinery works. This proper understanding may prevent employees from using machinery improperly and for that reason will minimize injuries. Too, all heavy machinery ought to be regularly checked to make certain that it’s running properly.

  1. Report all potential risks immediately

It goes together with developing a culture of safety place of work safety factors are everybody’s responsibility. Managers and administrators should encourage all employees to inform them of an unsafe condition they see within the work environment to be able to avoid injuries.

  1. Possess an understanding of chemical hazards

Utilization of harsh and effective chemicals are typical in many places of work. Due to this, it is crucial that employees possess an understanding and knowledge of the character of the chemicals they’re using. Employees ought to know the effects and potential risks that include dealing with chemicals.

Together with understanding of those chemicals, employees can safeguard themselves to prevent hand injuries by utilizing glove protection. Chemical resistant gloves can be found, such as this flock lined version, or these triple dipped PVC gloves.

  1. Use correct personal protective equipment for your specific job

Many, if not all industries require some type of PPE for workers. It is crucial that employees learn how to use their PPE and that the gear feels safe and well-fitting.

Gloves are among the most typical and easily accessible types of PPE. They are available in a multitude of protection levels, plus they provide benefits including comfort, puncture and chemical resistance, and maintained dexterity and versatility. The kind of glove you select is dependent on the workplace atmosphere and the level of protection needed. Disposable nitrile or latex industrial gloves provide superb protection for many circumstances, while keeping excellent dexterity. For more robust conditions, a sturdier work glove is often appropriate.

  1. Correctly store chemicals

Since chemicals are typical in many places of work, you should understand how to store them properly. They must be stored in sealable containers on a closable cabinet or perhaps a sturdy shelf possessing a front-edge lip. The closeable cabinet or front-edge lip may prevent any containers of chemicals from falling and spilling from the storage space.

Measuring Workplace Health and Safety Performance

The monitoring and measuring of health and safety performance is a key component of a company’s health and safety management process, as it allows management to see the effectiveness of any new policies and procedures that have been implemented recently. Without proper measurements to see the results of any changes, it is impossible to know whether those changes are having the required effect. If they are, they should be kept. If they are not, then further changes are needed, or a completely new approach adopted.

There are two ways of monitoring health and safety performance; active/proactive and reactive monitoring.

Active/proactive monitoring: This involves inspections and checks in order to ensure that policies and procedures are being implemented correctly (if they are being implemented at all that is!), to prevent accidents and incidents from occurring. With regards to health and safety, prevention is much more preferable to cure, and avoiding accidents will benefit workers as well as management.

Reactive monitoring: As the name suggests, this method of monitoring involves looking at what has gone wrong (i.e. an accident or incident taking place) and then deciding what can be done to prevent it from happening again. Whilst the new procedures and controls may benefit those in the future, it is little comfort to the worker that was injured (or worse) in this instance.

In order to be useful, measurements must be reliable and accurate, otherwise the whole system is undermined, and much-needed changes to prevent future accidents or illness may not be introduced. Examples include reporting all accidents, even minor ones where the person was treated from items in the first aid box and did not need any time off work. Whilst it is tempting for a person not to bother reporting such a minor accident, it may be the case that the same equipment of process is causing this minor injury quite often, and a simple health and safety measure could be introduced to prevent it occurring, and possibly preventing a more serious injury in the future.

Many companies struggle with developing health and safety performance measures, often focusing on a single statistic such as accident numbers. To be truly effective, a range of measurements is needed covering a variety of health and safety issues, which means if one statistic is not accurate (e.g. minor accidents are not being reported), other measurements will help to contribute to the overall picture.

Setting Safety Goals and Measurements

Development of specific, measurable, attainable, relevant and time-sensitive (SMART) goals is important to the success of any safety and health program. Unfortunately, many people make the mistake of focusing solely on the desired outcomes in the development of their goals. They fail to develop activity-based goals that will help them to get to those outcomes. To increase the chances of success, develop both activity-based and outcome-based goals.

To learn more about setting SMART Goals, check out this post

Examples of outcome-based and activity-based goals are below.


Outcome based goals Activity based goals
% Reduction in OSHA recordable injuriesInvestigations completed on time
%Reduction in workers’ compensation claimsInvestigation identifies causes
% Reduction in workers’ compensation costsInvestigation identifies action plan
Reduction in vehicle accidents per mile drivenAction plan implemented
Safety meetings held as scheduled
Improvement in corporate audit resultsAgenda promoted in advance
Reduction in observed hazardsSafety records updated and posted
Reduction in average cost per claimInspections conducted as scheduled
Frequency of all injuries/illnessesInspection findings brought to closure
Severity of all injuries/illnessesManagement safety communications
Lost-time accidentsManagement safety participation
Near miss/near hit reports
Discipline/violations reports
Absenteeism rates
Productivity per employee rates
Production error rates
Incidence of workplace violence
Incidence of accidental releasesRate of employee


Resolution of suggestions/complaints
Self-audits for regulatory complianceSafety committee initiatives
Contractor recordable injuries/illnesses
Total manufacturing process incidentsJob safety analyses
Total transportation incidentsEmployee participation rates
Employee housekeeping
Percent safety goals achievedEmployee safety awareness
Training conducted as scheduledEmployee at-risk behavior
Safety training test scoresSupervisor/manager participation
Statistical tracking for programsSupervisor/manager communication
Statistical process controlSupervisor/manager enforcement
System safety analysesSupervisor/manager safety emphasis
Contractor safety activitiesSupervisor/manager safety awareness
Positive reinforcement activitiesInjury/illness cases reported on time
OSHA audit – no citationsStatistical reports issued on time
OSHA audit – citations, no finesRatio of safety and health staff to workforce
Willful violationsSafety and health spending per employee
Serious or repeat violationsTitles in safety and health library
Other-than-serious violationsTechnical assistance bulletins issued
Total dollar amount of penaltiesPolicies and procedures updated on time
Average time to abate reported hazardWellness program participation rates
 Average time to respond to complaintFire protection audit


are you prepared for a crisis

Crisis Management – Are You Prepared?

Research by Oxford Metrica shows that it is not the fact of suffering a crisis that damages a business – in reality no business can eliminate the possibility of a problem- rather, what really counts is how the organization is seen to manage the crisis: take control quickly, respond professionally, and communicate well and the organization is likely to prosper. Dither, hide or appear to be uncaring, and tough – even terminal – challenges may lie ahead.

As a result, thorough crisis preparedness is essential so that the organization can be off the starting blocks like an Olympic sprinter. And – just like athletics – what used to be speedy enough to win a gold medal is now far from world class. They used to say that the first 24 hours of a crisis were crucial. The speed and spread of crises today – largely driven by the immediacy and reach of on-line media – makes a mockery of this golden rule. Being prepared before the crisis breaks and being able to respond almost instantaneously allows organizations to retain control over their destiny.
This means that all the old lessons of crisis preparedness still apply (but more so):

  • Understand your areas of vulnerability
  • Develop and implement crisis management plans and processes
  • Rehearse the plan and enhance it
  • Train your people, especially those required to act as a spokesperson in a crisis
  • Monitor the landscape
  • Engage in pro-active issues management

But the power of online media presents a new and potentially scary dynamic. Digital media has enormous power to both create and destroy reputations. And many organizations are still grappling with how to harness online media in the face of this potentially business-critical challenge.

Failing to do this leaves the organization frighteningly vulnerable in today’s world. If a crisis is gestating online, then the organization must have the capability to also manage it online. Sticking to traditional media has the potential for at least three negative results. Firstly, you may fail to reach those people most affected and concerned by the crisis – the people talking about it online. Secondly, you lose the opportunity to engage with the online community which has the power to spread positive messages about what the organization is doing to deal with the situation. And finally, you may further escalate the situation by communicating bad news to people who were previously unaware that there was a problem.

The key to success is the combination of traditional reputation management insights and expertise, and the application of the latest on-line reputation management tools to get the message through.

As the start point for online reputation management, companies should:

  • Develop crisis management “dark sites” to respond quickly, clearly and effectively to emerging issues and incidents
  • Ensure that it has identified and set up the infrastructure to communicate via social media such as Twitter and Facebook
  • Implement online media monitoring to track what is being said about them in cyberspace
  • Employ search engine optimization to ensure the company’s perspective is heard loud and clear rather than being swamped by the views of others
  • Develop the capability to quickly create content – latest information, briefing papers, podcasts, blogs – for online media

The internet has the power to spark and spread a crisis: but used effectively, digital tools have enormous potential to help organizations prevent and manage them too.

The Importance of Communication During Disaster Management A crisis is defined by a series of events occurring rapidly and unplanned in an area that you manage. The importance of excellent communication cannot be stated enough, because all your decisions as the emergency manager are based on the information gained from all the responders and witnesses to the disaster.

In fact, a good emergency management plan will have a dedicated communication position and their sole responsibility is to coordinate all the other communication to provide the manager with a single stream of communication.

I have witnessed a manager trying to control a crisis, while using a company mobile phone, his personal mobile phone, a radio handset and people nearby speaking to him. Where do you think his ability to actually manage this crisis was?

Check Out: Strategies Behind Crisis Management

First failure point in disasters is the communication systems

It is strange to see just how many managers rely on mobile phones as the company communication system during a disaster. Take a second to think about how long a mobile system stays functional for during a disaster until it is overloaded with users and crashes.

This is where the importance of selecting the right communication equipment is highlighted. If the equipment fails, it doesn’t matter how skilled your emergency management team is, they cannot talk to each other passing on vital data.

Consider reviewing your emergency equipment for;

  • Do your company mobile phones have all employees’ numbers in the contact list
  • Do you have spare batteries, fully charged and ready to go for all phones relied on during the emergency?
  • Will your landline phone system still be in use if the power/computer goes down?
  • How do you manage multiple conversations on your mobile without hanging up on each other?
  • Does always everyone on the response team have their communication equipment with them

The second failure point is lack of efficiency using the communication equipment

When conducting practices, it is easy to speak slowly and clearly with all waiting patiently for you to finish. This is no way to practice for emergencies.

Try this instead. Give everyone a radio/phone and tell them all to walk briskly around a decent sized park or oval nearby for a minute or two.

You move to the middle and then call them. Ask them to describe what they see quickly as they walk past the different objects. Listen to what happens next. If this doesn’t instill in you the importance of good communications during a disaster nothing will.

What you will experience is;

  • Rapid breathing as adrenalin kicks in and people rush their spoken words
  • Some cutting over others as they are not listening to the comm’s but thinking about what they will say next.
  • A lot of dead radio space as people are trying to understand how to describe what they see to you and forgetting that they have the phone/radio on

As a direct result of this little experiment you will also get a taste of what it will be like to try and listen to 10-20 different messages coming at you in the center.

Check Out: Steps for Designing a Workplace Crisis Management Plan

How to improve your communications

Assign callsigns and radio codes for building names and locations for example so that you reduce the time each person stays on the network.

Assign a Communications Leader to handle all inbound and outbound calls by becoming the center spoke and allow you to make decisions and not take messages.

Good emergency management means everyone has a role to do and someone needs to be responsible for ensuring your communication systems will stand up to the challenge. Don’t just focus on fire extinguishers and first aid kits as these will do no good to you, if you cannot get the messages to your emergency team.

Even just four people in your communication system means there are eleven channels of communication that messages will flow along. Imagine how many communication channels need managing for 20 response staff.

quality safety training

10 Reasons Why Safety Training is Often Ineffective

There are a number of reasons why so many safety courses fail to provide results in the workplace. This article lists ten of the most common reasons for the lack of results.

  1. The most important one is that the environment to which the participants return is not blessed with effective leadership. This ineffective leadership does not encourage or foster a safe environment. Often, there is a culture of blame when there is an accident or incident.
  2. Next, the training is purely knowledge-based and not behavioral based. This means that whilst the participants may leave the course with extra knowledge, they don’t necessarily know how to apply it. Academic teaching methods are used, theories are expounded and there are few practical elements in the training. Safety is an emotional subject and the training programs must be designed with care.
  3. Safety Training can be boring in the wrong training hands. This is a great turn off for so many people attending the courses because they become disengaged and will not accept any new concepts or change their behavior back in the workplace.
  4. Frequently, the person taking the training course does not understand how people learn. This means that most of the money, effort and time is wasted and the participants become cynical and unwilling to embrace new ideas.
  5. Because so many training courses attempt too much, the group members rapidly go into an overload coma. When this occurs, no learning takes place and consequently no behavioral change back in the workplace.
  6. The participants are subjected to endless videos and “death by PowerPoint™” This means that at least two thirds of the group members are not reached by the information.
  7. The training is not fun. Worldwide research shows that training which is fun with plenty of humor is much more effective in terms of the retention and attention of participants. Furthermore, there is a greater acceptance of new ideas and concepts.
  8. The managers are not trained with the rest of the staff. This means that there is always the opportunity for a greater disconnect between the two groups in terms of common goals and objectives.
  9. There are no training objectives which are shared with the participants. They are not included in the process of setting goals and objectives nor are the involved in deciding how these are to be reached. There are no expectations set for performance after the training.
  10. There is no follow-up coaching on the job so that training is taken out of context and is irrelevant. There is no measurement of changed behavior.

If the participants in the training are not asked for a commitment to a safer working environment, it is unlikely that they will spontaneously give it.