Most safety programs can name their hazards. Far fewer can show how they assessed each one, who owns the control, and when it was last reviewed. That gap is exactly what a hazard identification and risk assessment (HIRA) process closes โ and in 2026, with OSHA scrutiny rising and ISO 45001 making proactive hazard identification a continuous duty, a one-time spreadsheet no longer cuts it.
Summary: HIRA (Hazard Identification and Risk Assessment) is a structured, repeatable process for finding workplace hazards, scoring their risk, and controlling them before they cause harm. The six steps are: identify hazards, assess risk, control, record, communicate, and review. Done well, HIRA is a living program โ not a static document โ and it underpins compliance with OSHA’s General Duty Clause and ISO 45001. This guide walks each step, explains the risk matrix, and shows how to keep HIRA continuously up to date with mobile safety inspections.
Why HIRA matters: by the numbers
- OSHA’s General Duty Clause, Section 5(a)(1), requires employers to address recognized hazards โ the legal foundation for HIRA (OSHA).
- ISO 45001 makes hazard identification a continuous, proactive requirement, not a one-time exercise (ISO 45001:2018, Clause 6.1.2).
- Work injuries cost U.S. employers an estimated $176.5 billion in a recent year (National Safety Council, Injury Facts).
- Teams that track proactive leading indicators report up to 59% lower TRIR than lagging-only programs (Voxel AI, 2025).
What HIRA is
HIRA stands for Hazard Identification and Risk Assessment. It is the process of systematically finding what could cause harm, judging how serious and likely that harm is, and putting controls in place to reduce the risk to an acceptable level.
The key word is systematic. A HIRA is not a brainstorm or a one-off audit. It is a repeatable method you apply to every task, area, and change โ and then keep current as conditions change.
The 6-step HIRA process
A reliable HIRA follows the same six steps every time. Treating them as a loop โ not a line โ is what keeps the assessment alive.
Step 1: Identify hazards
Walk the task or area and list everything with the potential to cause harm โ physical, chemical, ergonomic, biological, and psychosocial. Involve the people who do the work; they see hazards a desk review misses.
Step 2: Assess the risk
For each hazard, judge how likely harm is and how severe it would be. The risk matrix below turns that judgment into a consistent score so you can rank what to fix first.
Step 3: Control the hazard
Apply the hierarchy of controls: eliminate the hazard if you can, then substitute, engineer, use administrative controls, and finally PPE. Higher-order controls are more reliable because they do not depend on human behavior every time.
Step 4: Record the assessment
Document the hazard, its score, the control, and the owner. A clear record is both your operating plan and your evidence of due diligence if a regulator or incident review asks for it.
Step 5: Communicate
Share the findings and controls with everyone affected. A control nobody knows about is not a control. Toolbox talks, briefings, and accessible records all play a part.
Step 6: Review
Re-assess on a schedule and whenever something changes โ new equipment, a new process, or an incident. The review feeds straight back into Step 1, which is what makes HIRA continuous. See our essential guide to HIRA for a deeper walkthrough.
Running your own HIRA? Download our free HIRA Template & Risk Matrix โ a ready-to-use worksheet with the 5×5 scoring grid and a controls column built in.
The risk matrix explained
The risk matrix scores each hazard by multiplying likelihood and severity. A hazard that is almost certain and would cause major harm lands in the extreme zone; one that is unlikely and minor sits in the low zone. The score is not the goal โ prioritisation is. It tells you where to spend control effort first.
Keep the scale simple and consistent across teams. A 5×5 grid is enough for most operations, and consistency matters more than precision: the same hazard should get the same score whoever assesses it.
Common HIRA mistakes
The most common failure is treating HIRA as a document to file rather than a process to run. The assessment is completed once, filed, and never revisited โ so it drifts out of date the moment the work changes.
Other frequent gaps: scoring hazards without involving frontline workers, listing controls with no owner, and never closing the loop on a control that was promised but not verified. Each turns a sound method into paperwork.
Keeping HIRA live
A living HIRA needs mobile capture, scheduled re-assessment, and a closed loop on every control. See our guide to choosing safety inspection software. When assessments live on a tablet rather than in a binder, field teams can update them on the spot and trigger a corrective action the moment a new hazard appears.
That is the difference between a HIRA that proves compliance once and one that actually keeps lowering risk. Certainty’s safety inspection software is built to keep that loop running across every site.
Key Takeaways:
- HIRA is a repeatable process to find, score, and control hazards โ not a one-time document.
- The six steps: identify, assess, control, record, communicate, and review.
- The risk matrix scores likelihood × severity so you can prioritise controls.
- Use the hierarchy of controls โ elimination beats PPE every time.
- Keep HIRA live with mobile capture, scheduled review, and a closed loop on every control.
You might also be interested in
Behavior-Based Safety in 2026
Why leading indicators and verified closure now matter more than counting observation cards.
An Essential Guide to HIRA
A deeper walkthrough of hazard identification and risk assessment fundamentals.
Confined Space Safety in 2026
Lessons from recent OSHA enforcement on the program gaps that cost lives.
Frequently Asked Questions (FAQs)
What is HIRA?
HIRA stands for Hazard Identification and Risk Assessment. It is a structured process for finding workplace hazards, scoring their risk by likelihood and severity, and applying controls to reduce that risk to an acceptable level.
What are the steps of HIRA?
The six steps are: identify hazards, assess the risk, control the hazard, record the assessment, communicate to those affected, and review on a schedule and after any change. The review loops back into identification.
What is the difference between HIRA and a JSA?
A job safety analysis (JSA) breaks a single job into steps and identifies the hazard of each step. HIRA is broader: it assesses hazards across tasks, areas, equipment, and changes, and scores them on a risk matrix to set priorities.
What is a risk matrix?
A risk matrix is a grid that scores each hazard by combining how likely harm is with how severe it would be. The resulting rating โ from low to extreme โ tells you which hazards to control first.
How often should a HIRA be reviewed?
Review on a set schedule โ many programs use annual or semi-annual cycles โ and additionally whenever something changes: new equipment, a new process, a near miss, or an incident. A change is a trigger, not a reason to wait for the next scheduled review.
Make your HIRA a living program
Certainty captures hazards on mobile and closes the loop on every control โ so your risk assessment never goes stale.
