Hazard Identification Explained: Sources, Triggers, and Control Links
Hazard identification is the discipline of finding credible sources of harm before risk assessment, control selection, and field verification begin.
Key takeaways
- 01Define hazards as credible sources of harm before assigning risk ratings or controls.
- 02Use field observation, incident history, maintenance feedback, workforce input, design data, and change review as evidence sources.
- 03Reopen hazard identification after change, incidents, abnormal work, contractor turnover, or evidence that controls are degrading.
- 04Separate hazard identification from risk assessment so the team does not score vague scenarios.
- 05Connect serious hazards to critical controls, named owners, and verification routines.
Hazard identification is the structured process of finding credible sources of harm before an organization estimates risk, selects controls, or authorizes work. It looks for energy, exposure, task conditions, change, and weak signals that could injure people, damage assets, interrupt operations, or degrade health over time.
Many teams treat hazard identification as the first column of a form. That is too small. The form records the result, while the discipline itself asks whether the people closest to the work have named the energy, exposure, uncertainty, and change that make harm possible.
Definition
Hazard identification defines what can hurt people, not yet how likely it is or how severe the outcome could be. That distinction matters because a rushed team often jumps straight to risk rating, where numbers create confidence before the actual source of harm has been described well.
ISO 45001:2018 expects organizations to identify hazards under routine, non-routine, emergency, human, organizational, and workplace conditions. In practice, the strongest identification work includes 6 evidence families: task observation, incident history, maintenance feedback, workforce input, design information, and change review.
What sources feed hazard identification?
Hazard identification sources should combine records, field evidence, and worker knowledge because no single source sees the whole work system. Injury logs show what already broke through, while observations and workforce voice reveal exposures that have not yet become recordable events.
- Energy sources
- Mechanical, electrical, thermal, chemical, gravitational, pressure, stored, or kinetic energy that can be released into people or equipment.
- Exposure sources
- Places where people enter the path of energy, contaminants, unstable loads, moving equipment, sharp edges, or psychosocial strain.
- Task sources
- Steps in routine or non-routine work where tools, access, layout, timing, competence, or supervision can create hidden danger.
- Change sources
- New equipment, products, contractors, staffing levels, layouts, production targets, or procedures that alter the risk profile.
As Andreza Araújo argues in Safety Culture: From Theory to Practice, formal systems only become culture when they shape daily decisions. A hazard list that ignores real work may satisfy an audit, but it will not help the supervisor decide whether the job should start.
Which triggers should reopen hazard identification?
Hazard identification should reopen whenever the work, workforce, equipment, environment, or control condition changes enough to make the old assumptions unreliable. The most common failure is reviewing hazards only once a year, even though the operation changes every week.
Trigger events include a process change, new contractor crew, incident or serious near miss, repeated equipment fault, abnormal weather, temporary bypass, overtime surge, customer demand spike, new chemical, changed layout, or evidence that a control is not working. These triggers should feed the risk register cleanup process, not sit in meeting notes.
How do hazards connect to risk assessment and controls?
Hazard identification names the source of harm, risk assessment evaluates the credible scenario, and control selection decides how to prevent or reduce exposure. When those three steps blur together, teams often choose a control before they understand the scenario that control must interrupt.
A useful sequence is simple. First, name the hazard with enough detail that a worker can recognize it in the field. Second, define who is exposed, during which task, and under what conditions. Third, estimate the risk. Fourth, select controls through the hierarchy of controls. Fifth, verify whether the control still exists where work happens.
Across 250+ cultural transformation projects, Andreza Araújo has seen that weak hazard identification produces weak controls. If the hazard is written as "unsafe behavior," the control becomes training. If the hazard is described as "hands placed near an unguarded nip point during jam clearing," the control discussion changes immediately.
Hazard identification vs risk assessment
Hazard identification and risk assessment are related, but they answer different questions. Hazard identification asks what can cause harm, while risk assessment asks how credible and severe the harm scenario is after exposure, existing controls, and operating conditions are considered.
| Question | Hazard identification | Risk assessment |
|---|---|---|
| Main focus | Source of harm | Credible harm scenario |
| Typical output | Hazard statement | Risk rating and priority |
| Common error | Writing vague hazards | Scoring before the scenario is clear |
| Field test | Can a supervisor point to it? | Can the team defend the rating? |
This distinction also protects What-If field reviews from becoming abstract workshops. The team should leave the review able to point at the source of harm, not only debate a number in a matrix.
How do supervisors recognize weak hazard wording?
Supervisors can recognize weak hazard wording by asking whether the statement names a source, an exposure route, and a task condition. If it does not, the wording is probably too vague for field control.
"Working at height" is a category, not a complete hazard statement. "Technician exposed to fall during roof fan inspection because anchor access requires crossing an unprotected edge" gives the supervisor something to verify. The same logic applies to chemicals, machines, vehicles, psychosocial risks, and contractors.
During her PepsiCo South America tenure, where the accident ratio fell 50% in six months, Andreza Araújo learned that leaders need evidence they can act on. Better hazard wording makes that evidence visible before the next incident investigation has to reconstruct what everyone had already normalized.
When should hazards become critical controls?
Hazards should feed critical-control thinking when the credible scenario can produce fatality, permanent disability, major process loss, or severe occupational illness. Not every hazard needs a critical-control register, but every serious scenario needs control ownership and verification.
The bridge between identification and prevention is the control link. Once a serious hazard is named, the team should ask which control prevents the event, who owns it, how often it is verified, and what weak signal proves it is degrading. That is where critical control registers, risk registers, and Bow-Tie views stop competing and start serving different decisions.
Practical field check
A practical hazard identification check should fit into normal supervision rather than becoming a separate ritual. Before non-routine work starts, ask what energy is present, where the person is exposed, what changed today, which control prevents harm, and what condition would stop the job.
The same questions can strengthen pre-task risk assessment supervisor checks because they force the conversation toward concrete exposure. The goal is not a longer form. The goal is a better decision before work starts.
Each month without clean hazard identification leaves the organization rating vague scenarios, funding weak controls, and asking supervisors to manage risk that has not been named clearly enough to control.
For teams building a stronger risk system, start with one high-risk process and rewrite the hazard statements until a supervisor, operator, and EHS manager point to the same source of harm. That small test reveals whether the organization has a list, or whether it has operational knowledge.
Frequently asked questions
What is hazard identification?
What is the difference between hazard identification and risk assessment?
When should hazard identification be reviewed?
Who should participate in hazard identification?
How does hazard identification support critical controls?
About the author
Andreza Araújo
Safety Culture Expert | Senior EHS Executive
Andreza Araújo is a safety culture expert and senior EHS executive with more than 25 years of experience in environment, health and safety. She is a Civil Engineer and Occupational Safety Engineer from Unicamp, holds a Master's degree in Environmental Diplomacy from the University of Geneva, and completed sustainability studies at IMD Switzerland. Andreza has served in Global Head of EHS roles in Fortune 500 environments, leading cultural transformation programs across multinational operations. She has represented Brazil as a speaker at the United Nations in Paris and has spoken at the International Labour Organization in Turin. She is the author of more than 16 books on safety culture in Portuguese, Spanish, English and German. Her work has earned more than 10 EHS awards, including two recognitions from Indra Nooyi, former PepsiCo CEO.
- Civil & Safety Engineer (Unicamp)
- M.A. Environmental Diplomacy (University of Geneva)
- Sustainability Cert (IMD Switzerland)
- People Management & Coaching (Ohio University)
- UN Paris speaker representative for Brazil
- ILO Turin speaker
- LinkedIn Top Voice
- Indra Nooyi PepsiCo CEO recognition (2x)
Documentaries
Watch Andreza's documentaries
Three productions on safety culture, organizational failure and the human lessons behind major disasters.
Podcasts
Listen to Andreza's podcasts
She hosts three shows on safety leadership, EHS and organizational culture, in English and Portuguese.
