Guide

Lone worker risk assessment,
done properly

The step-by-step structure UK safety managers use — what to assess, which controls count, and how to keep it a living document rather than a filed one.

Why lone working gets its own assessment

A general workplace risk assessment asks what could harm someone. A lone worker risk assessment asks a harder pair of questions: what could harm someone when nobody is there to help, and how would anyone know? The same task — checking a pump house, visiting a client, felling a tree — carries different risk when the nearest colleague is forty minutes away.

UK law doesn't ban lone working, but the Management of Health and Safety at Work Regulations require risks to be assessed, and the HSE's lone working guidance makes clear that solitude itself is a factor to assess. In practice: if people work alone in your organisation, an assessor, insurer or court will expect to see a lone-working assessment with controls that match the risk.

Step 1 — Map who actually works alone

Start with reality, not the org chart. Lone working hides in plain sight: the first person to open the depot, the carer between home visits, the engineer who stays late to finish a job, the driver on a rural round. List roles, then list the moments within each role where the person is out of sight and earshot of colleagues.

For each, capture the environment (remote site, client's home, roadside, height, water, machinery), the duration and frequency of solitude, and the communication reality — including the honest mobile-signal picture, not the coverage map's optimism.

Step 2 — Assess the hazards through the lone-working lens

Work through your normal hazard categories, but score them for a person alone: medical events (would a collapse be discovered in minutes or hours?), violence and aggression (client-facing roles carry this even in gentle sectors), environment (terrain, weather, livestock, traffic), and task hazards (chainsaws, ladders, confined spaces — some tasks should simply never be done alone; say so explicitly).

The output for each hazard is the classic pair — likelihood and severity — plus the lone-working multiplier: time to discovery. It's the multiplier that turns a sprained ankle into a night on a hillside.

Step 3 — Controls the HSE expects to see

Controls follow the hierarchy you already know: eliminate lone working for the highest-risk tasks; reduce it with scheduling and buddying; then manage what remains. For managed lone working, assessors consistently look for four things: a means to raise an alarm (including hands-free man-down detection for falls), a check-in regime proportionate to risk, a tested escalation path with named responders, and training so workers actually use all three.

Technology is a control, not a policy: a lone-worker platform like Vygard implements the check-ins, man-down detection and escalation trail, and — importantly for the assessment — evidences them. The audit log is the difference between claiming a control exists and proving it operated on the day it mattered.

Step 4 — Keep it alive

Review the assessment annually, after any incident or near-miss, and whenever the work changes — new sites, new shift patterns, new client groups. The strongest signal an assessment is real rather than performative: missed check-ins and alarm activations from your lone-worker system feeding back into the next revision. The data tells you where the assessment was wrong.

Frequently asked questions

Is lone working illegal in the UK?
No. Lone working is legal for most tasks, but employers must assess its risks and put proportionate controls in place. A small number of high-risk activities effectively require a second person — your assessment should name them.
Do I need a separate risk assessment for each lone worker?
You need assessments that cover each distinct type of lone working — a home-visit carer and a forestry cutter need different assessments. Identical roles can share one, provided individual factors (medical conditions, experience) are considered.
What counts as a suitable check-in system?
Proportionate to risk: a high-risk task might warrant 30-minute check-ins with automatic escalation, while low-risk office lone working might need only start/end confirmations. What matters is that missed check-ins trigger a defined, tested response — not an unwatched inbox.

Last updated 2026-07-16

Ready to see it on your data?

Self-serve the live demo or book a 30-minute call with our team.