View Lincolnshire SCB Procedures View Lincolnshire SCB Procedures

5.1.20 Health and Safety Risk Assessment and Recording


  1. Introduction
  2. Data Protection/Caldicott Principles
  3. Registration Criteria
  4. Points to Consider for Highlighting Individuals on Internal or External Information Exchange Networks
  5. Detailed to be Recorded
  6. Checking MOSAIC
  7. Sharing and Receiving Information Information from Other Directorates and External Agencies
  8. Review

1. Introduction

Lincolnshire County Council has a duty under the Health and Safety at Work Act 1974, and Management of Health and Safety at Work Regulations 1999 to ensure the safety of its employees. Risk assessments are required where employees may be exposed to hazards or potentially dangerous situations including physical attack or threats.

To ensure that risk assessments relating to 'violence at work' situations are 'suitable and sufficient', it is necessary to operate an internal and external information exchange network to assist managers in the risk assessment process.

The Department of Health and Social Care (DHSC) National Task Force on Violence Against Social Care Staff Report and Action Plan (recommendation 11) supports the need for professionals to share information on potential assailants to reduce the risk of injury or harm. Section 115 of the Crime and Disorder Act 1998 empowers the police, local authorities, probation and health authorities to exchange information for these purposes.

The exchange of information should recognise Human Rights concerns and not be a 'loose' exchange of vague fears, which may label people unfairly. This procedure observes these principles and those of the Data Protection Act and the Information Governance Initiative. With this in mind the information exchange must be subject to review with the appropriate involvement of the Manager, Legal Services, Information Officers, MOSAIC and Data Protection Advisors.

Within the Directorate the MOSAIC databases will be used to highlight the details of known assailants or addresses where serious incidents have been reported and assessed using the procedure detailed in this section. This information can then be shared where appropriate with other directorates and agencies in accordance with Data Protection legislation and Information Governance Principles.

2. Data Protection/Caldicott Principles

The information to be highlighted on the internal database or shared with external agencies is subject to the Data Protection Act 2018 and to the Caldicott Principles.

The personal data to be recorded shall be:

  • Obtained lawfully and fairly;
  • Held only for lawful purposes;
  • Used or disclosed only for those or in accordance with legislation;
  • Adequate, relevant and not excessive in relation to the purpose for which it is held;
  • Accurate and where necessary kept up-to-date;
  • Processed in accordance with the rights of data subjects;
  • Held no longer than is necessary for the purpose for which it is held;
  • Surrounded by proper security.

Staff are reminded of their professional responsibilities and instructions for sending e-mails or other communication containing personal or sensitive information. Even where the sharing of such information is legitimate, staff should carefully consider the content of the communication and ensure that access by all recipients is necessary, prior to sending.

3. Registration Criteria

Any person who has committed a serious act of violence including threats and intimidation, against an employee or member of the Council and is considered a significant risk will be highlighted as such on the internal information exchange networks. Managers and employees require access to this information so that appropriate steps can be taken to reduce risks to personal safety.

Highlighting individuals in this way will occur only after an incident has been officially reported using this procedure or if the Directorate is notified via appropriate external agencies e.g. The Multi-Agency Public Protection Arrangements (MAPPA).

4. Points to Consider for Highlighting Individuals on Internal or External Information Exchange Networks

The individual circumstances of each case must be assessed during the line manager's initial investigation/review of the incident. The investigation should be carried out as soon as possible after the incident considering the following:

  • Were injuries sustained? The exact severity, and were weapons or animals involved?
  • Consider the influence of alcohol or drugs;
  • Refer to previous records; has this person been violent in the past? Is this person already registered as a danger to others?
  • If verbal threats are made, is it likely the threats will be realised? Refer to previous records;
  • Knowledge of the psychological/medical history of the assailant and whether they are aware of their actions (refer to case history);
  • Is the assailant likely to be in contact with other Council employees, e.g. Social Workers, Home Care Workers, Community Support Teams, or external agencies, e.g. Youth Offending Service, Probation, Housing, Health etc?
  • Would additional information being available prior to this incident have helped colleagues?
  • Is the incident considered a one-off, i.e. is the person distressed in this incident but unlikely to be a risk in the future?

In complex cases more detailed strategy/risk management meetings may be necessary. Please refer to LCC’s Health and Safety policy and the Violence at Work Policy.

If a significant risk is identified following this review, the assailant's details should be highlighted as a risk to staff using the form CS1/262 and the Significant Incident Risk Assessment form and recorded on the MOSAIC database via the Safeguarding Unit. If this person is also believed to be a risk to non-Social Care staff, this should also be recorded on the CS1/262 form enabling other Directorates and external agencies to be informed via the MAPPA representative where necessary.

Individuals are entitled to comment upon any personal data recorded on file. This entitlement also applies to individuals assessed as a risk to staff. A letter from the Manager or from Legal Services should be sent to the individual informing them that their details have been recorded in this way. This letter will only be sent after a risk assessment by managers has determined it will not increase the risk to staff. This shall be evidenced and recorded in the Significant Incident Risk Assessment form. Legal Services should be forwarded a copy of the CS1/262 where a letter from them is deemed necessary.

If a letter is sent to the individual, it will indicate that the person is able to contact the Directorate via the Corporate Complaints Procedure, e.g. if they allege that the information is incorrect or misleading. If there is any substance to their argument, a decision can be taken to remove/amend the entry following the outcome of a relevant investigation into the matter.

Where assailant's details are not known, and there is no link to a current service user, information alerts can be shared within the Directorate and to others so long as the appropriate Information Governance principles/instructions are followed. When information is available on a member of the public who is a risk (not a service user), this should be entered on the database as a new contact by the Safeguarding Unit.

5. Detailed to be Recorded

The CS1/262 is to be completed and authorised by the notifying Manager and the head of Service notified by the Manager. The form should only be forwarded to Legal Services where a letter to the individual is required to be sent by Legal Services. There should be no delay in forwarding a copy of the form to the Safeguarding Unit to enter and highlight the details on the database. The original should be placed on file.

If relatives and friends of a service user are the perpetrators of violence, the service user reference number will be identified on the CS1/262 and details recorded against this service user reference number. A contact will be entered for individuals who do not have a reference number or link to a current case. The contact and the hazard warning will need to be recorded by the Safeguarding Unit.

Warnings that can be recorded on MOSAIC are as follows:

Level1 - Hazards (health and safety risks)

  • No visits offsite;
  • Not to be interviewed alone;
  • Potential risk to men;
  • Potential risk to women;
  • Risk of physical aggression;
  • Environmental concerns, e.g. dangerous animal, safety of the service user's home.

Level 2 - Individuals against whom there are allegations of child abuse

  • Refer to manager.

Level 3 - Individuals known to pose a risk to children

  • Refer to manager.

6. Checking MOSAIC

At the time of allocating and/or visiting a service user that isn’t familiar to the person undertaking the visit, MOSAIC is to be checked to see if there are any hazards recorded, either against the service user themselves or against a family member.

If there is a hazard recorded against a service user, the hazard notification on MOSAIC will be apparent on the record.

7. Sharing and Receiving Information Information from Other Directorates and External Agencies

The Children’s Services link officer to MAPPA will be notified by the Safeguarding Unit. Where it is identified on the form that other Directorates and agencies need to be informed of the potential risks to staff, appropriate communication via MAPPA or within LCC will take place.

When information on a high-risk person is received from MAPPA, the link officer will liaise with the appropriate managers or the Safeguarding Unit to initiate an appropriate alert within the Directorate or to other Directorates within LCC.

8. Review

A report will be run each month by the Safeguarding Unit to identify those people whose warning is due for review. The listing will be forwarded to the relevant manager(s). The manager will liaise with the relevant teams for up-to-date advice on whether the person still poses a risk to others.

he manager or where appropriate Legal Services will inform the person (where relevant) that their details are no longer highlighted.

The documentation relating to this process, e.g. the PO3, CS1/262 and the Significant Incident Risk Assessment form, must be completed in all circumstances.

The procedures will be subject to an annual review by the Information Governance Manager.

Case/Referral closure

Where there is a live hazard flag at the time of closing a case or referral, the hazard must be reviewed prior to closure and recorded in MOSAIC using one of the following indicators:

  • Hazard Reviewed: Continuation of Hazard.

Within MOSAIC, a hazard review case note must be completed. Where a hazard flag is continued, staff must provide evidence and justification for the decision made.

  • Hazard Reviewed: Hazard Ended.

Within MOSAIC, a hazard review case note must be completed. Where a hazard flag is ended, staff must provide evidence and justification for the decision made. In addition, the note must clearly state that any future allocation should consider the last Health and Safety assessment findings. Where the historic risk is still evident, staff must consider completing a further assessment and the decision must be documented.


When searching for a child, MOSAIC will alert users to any people with an associated level 1, 2 or 3 flag.

The data imputer for all of the above information will be the Safeguarding Unit.

Management Information

Reports - MOSAIC can produce reports of all flagged persons by:

  • Category;
  • Date of initial recording;
  • Review due date (a regular report is generated to flag up reviews);
  • Notifications.