School ICT Policies Thread, How do you handle doing risk assessments when a lot of what you do is risky? in School Administration; Tasks I perform on a daily* basis have a high level of risk either to me or the school if ...
27th April 2010, 03:43 PM #1
How do you handle doing risk assessments when a lot of what you do is risky?
Tasks I perform on a daily* basis have a high level of risk either to me or the school if you're not trained / qualified / experienced or haven't taken the relevant precautions.
Is there a way of writing a general (standing orders if you will) risk assessment for tasks that are common to my job description without me drowning in random paperwork and filling Behind the Red Door as a result?
*or more than once a week, anyway.
IDG Tech News
27th April 2010, 04:08 PM #2
Depends on what tasks you are talking about? Could you group them into similar activities such as working at height, working with electrical, working with annoying colleagues? Then you could do generic "Do not fall off the ladder" type assessments.
27th April 2010, 04:10 PM #3
System changes may risk down time?
27th April 2010, 05:54 PM #4
I suppose I'm wondering if people who regularly do $job, day-in and day-out that's potentially bloody dangerous (Zoo vet, say), spend significant amounts of time filling in risk assessments or if the powers that be say "well, he's a trained zoo vet who knows that tigers are pointy, so it falls under 'competent person who's aware and has taken measures to negate or reduce risks of his job'" in a bid to avoid paperwork mountains.
Off the top of my head, on any given week I regularly:
1) Like most of us, do things that (if I stuff up) can cause network downtime for everyone for which I have the usual measures (training, experience, testing, backups, documentation) in place to negate or manage the risk.
2) Work at height while testing network kit in cabs, planning (or tracing) cable runs or running cable.
3) Work on low voltage wiring (testing cable runs, punching down damaged/new ports)
4) Shift around reasonably heavy to very heavy kit (computers, servers, ups)
5) Work with hot/fast spinny stuff (soldering irons, bench drills, laser cutters, plasma cutters)
And I've done all of that for years on a weekly basis with no damage or downtime to myself, others or the school as a result of my actions (or inaction).
What I really want is a way of stating (to the satisfaction of H&S) "Pete is a competent person for X, Y & Z (where X, Y & Z encompasses stuff I usually do that for an unaccustomed person would pose a risk) and he doesn't have to create reams of Risk Assessment forms unless he's working on something (say full scale strip out and rebuild IT suite) exceptional."
If I had to create a risk assessment every time I did 1 - 5, I'd end up filling them in with "risks: danger of not completing contracted tasks due to amount of time filling in stupid forms".
Last edited by pete; 27th April 2010 at 05:56 PM.
27th April 2010, 09:00 PM #5
I think item 1 is very different from the others and should be handled differently. You should have some kind of change management in place. Key parts of this are that you plan what you're going to do and why. You have written plans which should include things like who has to be notified of the change, when it's going to happen, how you've tested it, how you'll know if it's succeeded and how you will roll back if there's a problem (that also means you need to specify how you will know if there's a problem and what the worst case scenario is and how likely that is). Obviously, a small organisation will do this in a simpler way than a big organisation.
Just read that paragraph and I'm not sure if it makes sense - look up ITIL Change Management to get a feel for what it's all about.
The others are things which involve risk of injury. Here, I think you should have a list of the things which are done, an indication of how often and the "what could go wrong" "how bad would it be" "how likely is it to go wrong" and "what do I to to try and make sure it won't go wrong"
For all the routine stuff I think there should be a scheduled check of what's going on - say once a year - and you complete a form at this point. I think our risk assessment forms are public - take a look at the "Combined Risk Assessment & Standard Operating Procedure Template" - it might help (well, it might help more than the gene therapy form!)
28th April 2010, 08:59 AM #6
We've implemented parts of FITS (that admittedly are easy and fit in with "yeah, we already/nearly already do that"), but haven't got round to the long term payoff stuff. The change management/rollback/plan info/vendor docs is all in the IT wiki, by service (say, all the network components necessary for OWA to work) and device (a server). I tend to use the Practise of System & Network Administration as a reference - it does ITIL & FITS-type stuff, but it's more sysadmin-orientated in that it shows demonstrable benefit that your average geek will appreciate.
Originally Posted by srochford
Cheers for that. I've also nicked the Genetic Modification form to slip into our H&S folder to see if anyone notices
For all the routine stuff I think there should be a scheduled check of what's going on - say once a year - and you complete a form at this point. I think our risk assessment forms
are public - take a look at the "Combined Risk Assessment & Standard Operating Procedure Template" - it might help (well, it might help more than the gene therapy form!)
Last edited by pete; 28th April 2010 at 09:01 AM.
By leco in forum Educational Software
Last Post: 24th October 2009, 10:11 AM
By Little-Miss in forum General Chat
Last Post: 5th October 2009, 09:20 PM
Last Post: 10th August 2007, 09:29 PM
By mark80 in forum MIS Systems
Last Post: 10th July 2007, 12:04 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)