Blog Safety Management

Hazard Logs and Hazard Tracking Systems

In this blog post and video ‘Hazard Logs and Hazard Tracking Systems’, I’m going to tell you about the benefits and features of Hazard Logs and Hazard Tracking Systems. I’m going to be covering these topics, which are the most commonly asked questions:

  • 1. What is a hazard log? (What is it what do we do with it?)
  • 2. The key elements of a hazard log (what needs to be in it to make it work)?
  • 3. Hazard Log management (what we need to do)?
  • 4. What about hazard log tools? (What can we use to create a hazard log)?
  • 5. What’s the difference between a hazard log and a risk assessment?
  • 6. What’s the difference between a hazard log and a risk register?

The Video: Hazard Logs and Hazard Tracking Systems

Watch the full, 35-minute lesson.

The Blog Post: Hazard Logs and Hazard Tracking Systems

Hi everyone, and welcome to the Safety Artisan.

I’m Simon and today we’re going to be talking about Hazard logs and hazard tracking systems.

As I said, we’re going to look at hazard logs and hazard tracking systems and we’re going to be answering the most popular questions.

The most often asked questions about Hazard logs and Hazard Tracking Systems that you will find on the internet. So that’s what we’re going to answer.

And this is going to be the first of three sessions on this subject.


Topics for this session. Right now commonly asked questions are:

  • What is a hazard log? What is it what do we do with it?
  • The key elements of a hazard log, what needs to be in it to make it work?
  • Hazard Log of management, what do we need to do?
  • What about hazard log tools? What can we use to create a hazard log?

Effectively now we’ll be looking at that in much more detail in sessions two and three but we’ll just go over the basics today and then also, some very common questions:

  • What’s the difference between hazard log versus a risk assessment? and
  • What’s the difference between a hazard log and a risk register?

And when I say Hazard Log, you can substitute has a tracking system at all times.

They’re really one and the same thing, which we will talk about.

What is a Hazard Log?

That neatly brings us onto what is a hazard log.

And I’ve got a definition here which is actually from the UK Ministry of Defence guidance, but it doesn’t really matter where it came from and just acknowledging the source.

But the definition is really useful in that a tells you what a hazard log is.

But also, it defines a hazard log in terms of what it does.

These are the benefits that a Hazard Log gives us.

It says a Hazard Log or a Hazard tracking system is a continually updated record of the hazards, accident sequences, and accidents associated with the system.

We’ll unpack that in just a moment.

It’s Not Just a Log!

But the point I want to make here, it’s a continually updated record. Okay? It’s a management tool.

It’s not a log. You know, I always think of captain’s log in star trek, which the idea that it’s just like a ship’s log, it’s a recording of everything that’s happened.

Well, you can do that.  you can have a very rigorous recording of who’s done what, when and that’s all good.

But it’s not just a sort of dry dusty record that should sit on the shelf.

It’s a tool to help us manage risks associated with a system.

We’re managing a system, whatever it might be, it might be a physical system, a vehicle, it might be an enterprise business, it might be a piece of software, it might be an IT system, you know, where you’re a bank and you’re using an IT system to service all your customers, etcetera.

It could be any one of those things and a hazard tracking system that enables us to manage all the information that we need to look at risks associated with that system.

It’s worth saying that normally we use hazard logs for safety whereby we’re worried about harm to people, but that’s not their only application.

You can use a hazard log or a risk register in any application.

We might be talking about financial loss, damage to reputation, equipment, harm to the environment, all of these things.


What is the hazard log? Well, it’s structured and we’ll talk about structure in a moment.

structure implies we’ve got lots of pieces of information, but they are linked together into a coherent structure.

And that’s very important. We’ll spend a lot of time talking about that later.

But those languages really are the key to the Hazard log.

It’s a structured means of storing and referencing, safety, risk evaluations, and other information relating to a piece of equipment or system.


A safety risk evaluation. we’ve got the assumption is that we’ve done some risk analysis, we’ve done some risk assessment, which is a structured series of risk analyses in order to look at the total picture of risk.

We’ve evaluated that risk against some kind of norm that we’ve said, you know, this is how much risk we’re willing to put up with and we can’t tolerate that. That’s the evaluated bit we’ve evaluated against some framework or benchmark.

Risk Reduction

It’s the principal means of tracking the status of all the hazards decisions and actions to reduce risk because typically we’re not doing this for the sake of it.

We’re doing this because we have risk and we need to manage that risk. And generally speaking, we want to reduce risk.

And there are other decisions to be made about How do we deal with risk?

You know, maybe we reduce it and live with it. Maybe we give it to transfer it to somebody else if we can or we get insurance for stuff that we’re not happy with whatever it might be.

There are lots of lots of different approaches but it’s all about tracking the status.

It’s the Key

We saw in the middle of the definition about storing and referencing risk evaluations. We’re probably referencing out to other documents to other artifacts that record and analyze the risk in detail.

But the hazard log is our key to finding all of those things.

we have references in there and we can track the current status of where we think all these risks and hazards are, how much risk is there associated with our system?

That is what a hazard log is.

And as you can see, it’s defined by what it does, which is also the benefit of using a hazard log. They’re all one and the same thing.  let’s move on.

Key Elements of a Hazard Log #1

What are the key elements of a hazard log? I’ve got two slides on this.

First, you remember we talked about what goes in a Hazard Log of hazards and risks and everything to do with the accident sequence or accident sequences associated with the system.

Typically what we have in a hazard log is we have a bunch of hazards.

Now each hazard may have multiple causes. There might be a hardware failure, software failure, environmental issues that could give rise to a hazard; there might be erroneous human activity.

All sorts of causes can lead to one hazard.

And also, one hazard can lead to a number of different consequences. For example, if we have, if we’re thinking about a ship, we’ve got a hazard that says flooding, we’re getting water in where it’s not supposed to be.

Well, actually, you know, if there’s, if the ship floods, people could drown inside the ship, the ship could, I think it could founder and think it could get full of water that it loses buoyancy and sinks or it could unbalance the ship and it could cap sites: and that’s just the accident outcomes.

Most of the time, if the hazard is present, nothing bad happens at all.  Some water gets in the ship. We don’t want it. Well, we pump the water out, most ships have got bilge pumps to get the water out or if it’s just a canoe, you take it out of the water, turn it upside down and you get the water out.

No problem. consequences aren’t always harmful.  They’re not always desirable, but they’re not always harmful either.

We can get a range of consequences, a range of causes, and one hazard in the middle.

And this representation is what’s called a bowtie analysis because it looks like a bow tie. I’m not recommending bowtie analysis, but it’s a great way to represent and explain an accident sequence. That’s all I’m using it for in this instance.

Key Elements of a Hazard Log #2

What do we typically have in a hazard log?

Accident Sequence

On the right-hand side here, you can see that we’ve got the progression from causes, through to hazard through to accidents or consequences.

And we all have lots of hazards, probably lots of lots of causes and some accidents.

They will all be linked and there’s the accident sequence on the right-hand side, you know, this curve from bottom to top, as we can see hazards linked to accidents and hazards linked to causes, but causes do not directly link to accidents because you’ve always got to go via a husband.

The definition of a hazard is the one that we’re using here, is that it’s enough, it’s enough, it’s sufficient to cause an accident. But the accident isn’t inevitable just because the hazard exists.

If there is a banana skin, I’ve got rather a humorous comic version here, if there is a banana skin on the pavement and there are people walking on the pavement, yep, that’s a hazard.

An accident is perfectly possible, but it doesn’t mean it’s inevitable. People might walk around the banana or goodness knows somebody might pick it up and throw it away. The accident is not inevitable, but once the hazard is there, that’s enough. (As opposed to there being a banana skin in the bin, that’s not a hazard.)

Once we get to the Hazard, nothing else unusual needs to happen for somebody to get hurt.

That’s the accident sequence now linked to causes hazards, and maybe accidents and controls.


These are the things that stop the accident sequence from progressing and actually, maybe it’s if we go back to the previous slide.

It’s probably a little bit clearer here, we can imagine controls as vertical barriers between the causes, the hazard, and the consequences. And then you know, there’ll probably be some controls.

We’ve got controls linking to all three, and controls are not perfect. Usually, they only reduce the severity of the accident/harm. Others reduce the likelihood of harm.

We’re reducing risk all the time and in addition to those, we have references.


All of our entities in the hazard log, maybe they are more fully described in a document or some other artifacts.

Maybe we’ve done some modeling to determine how much risk there is. There is a computer model somewhere that says this is how we model the risk and therefore this is what we think the level of risk is.

We refer out other things.  Which are under configuration control.  They’re not just random bits of paper. They’re actually authorized and dated and version numbered and they’re stored somewhere safe.

But of course, I’m getting ahead of myself. Those are the documents.


Maybe we’ve got a database full of documents or maybe we’ve got physical documents or a mixture. The hazard log references those documents.

And if there are electronically stored some hazard logs will give you the ability to electronically link to hyperlink to those electronic documents.

You can go into the hazard log; you can follow the audit trail and then get back to the evidence, on which all of this is based. You’ve got a complete picture if you like of your safety case. Basically, you’ve got your argument here that you’ve managed all of the hazards appropriately.

Let’s say you’ve reduced the risk of your hazards down to an acceptable level and that’s all documented and justified it somewhere else, but you’ve got links to it.

Not all, in fact, the minority of Hazard logs in my experience, go that far, but it’s, you know, it’s an ideal to aim for. It requires a lot of discipline to link all the documents in and maintain that level of configuration control, but it can be done.

Those are the key elements of a hazard log.

Not all hazard logs will have all of those things. For example, some standards tell you that causes are optional. You don’t have to have causes. Maybe you won’t have hyperlinks to everything etcetera, etcetera.

But most of those things you will have personally, I would argue it causes are essential but that’s another story will come to that later.

Managing Hazard Logs and Hazard Tracking Systems

Yeah, we talked about hazard log management in the sense of what a hazard log allows us to manage and what it allows us to do more sort of the benefits.

But how do we actually manage a has a long day today?

Well, somebody has got to look after the hazard log, an individual or a team of people maybe.

If we’re managing a complex system, things will be happening in the real world, which we need to track. Maybe we’ve had incidents, maybe we’ve had near misses, maybe, unfortunately, we’ve had an accident. That information has got to be assessed and we’ve got to either put it in the hazard log.

You could have an incident registering your hazard log as well. Or maybe you’ve got a separate incident register, but we need to look at the incidents and we need to look at any trends that are going on and saying, well, when we bought the thing or design the thing and we thought that this, this hazard would, would pop up very infrequently, maybe once a year, but actually it’s happening once a month.

We need to change the probability of the hazard. An incident might be that a hazard has been, has occurred, but it hasn’t led to an accident, there’s been no actual harm. But we’ve noted that something untoward has happened.

We’re looking at that and go, well, actually the probability is worse or better than what we thought it would be.

And we need to update that Hazard Log to keep track of that; those two things need to be done.

Decision Support

The reason that we’re doing this is the hazard log is there to support decisions made by people in authority. And those people in authority, need an accurate picture of the risk to say, well what is the real level of risk?

You know, we said we would go ahead and use the system because we thought the risk was down here.

Maybe now we realized there’s more risk in what we’re doing than we thought.

Can I accept that or do I have to reduce it?

And the hazard log helps us to rank risks and say these are the most important risks.

These are the biggest risks that we should be paying the most attention to because we should be reducing risk.

We should be continuously monitoring to say, you know, is the system running acceptably or an unacceptable level of risk.

And the hazard log helps to support those decisions by ranking risks amongst other things.

And then fourthly, we need to do quality control.

Quality Control

At the micro-level, we need to make sure that the data in the hazard log, the information is accurate. It’s up to date. It’s justified. We haven’t just got somebody’s best guess in there if we can do better.

That’s the kind of microscopic level, but there’s also, the sort of macro-level with quality control in that I’ve seen hazard logs that have been used as a dumping ground for all sorts of information.

That actually is nothing to do with hazards and risks. Okay?

And if that happens, you can end up with a bloated hazard log with hundreds or even thousands of entries and then that hazard log effectively becomes unusable.

Okay? it’s no longer fit for purpose because there’s much information in there, we can no longer see the wood from the trees.

We can’t support sensible decision-making because we’re blinded by all this guff this information that isn’t really pertinent.

we need to do quality control at both those levels and the one is dependent on the other.

Clearly, if we’ve got a hazard log that’s full of rubbish quality information, then the trends and the decision-making advice whether we’re getting are probably going to be rubbish as well.

But we’ve also, got to be aware that if we don’t manage to hazard log properly, we could end up with something that just doesn’t work as a hazard lob anymore.

Configuration Control

It’s just got too bloated and a big part of that is the 5th bullet, which is both micro and macro quality control is configuration control.

we control hazard log, we don’t allow just anybody to shove random information in there we make sure that only authorized people are putting in authorized information, which has been quality check.

We were confident that it’s the best quality that we can get. It’s justified.

There’s something, there’s some evidence that justifies the decisions that we’re making on what we’re putting in the Hazard log.

that configuration control is very, very important and it’s one of the reasons for having an automated to actually in the s specialist who will do a lot of these things or help you do a lot of these things for you.

I’ll help you with the discipline of hazard log management.


I’ve mentioned tools, here’s a screenshot of actually quite an old tool.

Now it’s quite difficult to get hold of Cassandra but that doesn’t really matter, it’s just an illustration.

This is the kind of view that you get from a purpose-built hazard log tool. It’s built upon a database.

And on the left-hand column here you’ve got some summary information you can get an overview of how many accidents hazards causes and controls, etcetera. You’ve got some numbers tracking [how many hazards there are at] their different status[es] as they go through the life cycle.

And then typically at the top here we’ve got some basic information title, description, who put it in, what’s the likelihood for example, and then at the bottom on this version we’ve got here is an overview of all the links to other things.

[Here we are, you can see we are in what were we in? We’re in a test hazard.]

We’ve got links to accidents, controls, causes, references, and history in this database and we can link all of those things together to get that structure to get a picture.

Tool Types

Once we have that structure we can start at any point in the hazard log, you know, we’ve had an incident and then we can follow it through, we can follow the links through to find all the pertinent information, and essentially that’s what the structure does for us.

We might be using a database very often we might be using a spreadsheet, might we might be using a commercial tool as a hazard log or a risk register or indeed, and that might be part of a suite of tools that does various things where we’re linking risk management to configuration management to product management to whatever it might be.

We might have a suite of tools.

Now, in the second session of these three lessons, I’m going to be talking about commercial tools that are all based on databases.

I’m going to be talking about what you get with a fully-featured commercial hazard log tool, has a tracking tool.

Spoiler Alert – Spreadsheets!

And then in the third session, I’m going to be talking about how you implement some of that in a spreadsheet.

Now, and it’s important to remember if we go back up what we have here, we looked at these key elements, what we’ve got here is a set of relations and if we store this, what we have is a relational database.

we’ve got many too many linkages between different entities.

Okay now, strictly speaking, we must have a database to do that properly.

However, most people use a spreadsheet which I know is not a relational database, but if you observe certain rules, you can have a spreadsheet that does some of what a relational database will do and if you are careful to observe the discipline of setting up the spreadsheet correctly and not corrupting it, then you will get most of the functionality of the database.

now I can hear the purists howling at me as I say that, but in the real world, most people use a spreadsheet.

I’m sorry. That’s the dirty little secret in safety management. let’s move on.

Hazard Log Versus Risk Assessment

We’re going to talk now about hazard log versus risk assessment.

These are two very different things but they are related. On the left there we have risk assessment and risk assessment in most standards.

This diagram is based upon the ISO-31000 which is a very, very common unified risk standard. And in it, risk assessment is defined as risk identification, risk analysis, and risk evaluation.

That is risk assessment. 

Now the Hazard Log doesn’t do risk assessment but it supports risk assessment, it enables you to store the results. Okay?

You can record the results of the risk assessment, you can also, record the risk treatments. (That’s another word for controls, all the controls and risk reduction measures that you’ve taken.)

It can establish you can record context in there as well.

The Log Enables Good Risk Assessment

And then the hazard log enables good communication and consultation because certainly the commercial hazard log tools or if you make a database or make a hazard log with a database, you can use the database functionality to generate bespoke reports for different stakeholders.

the hazard log supports good communication and consultation, which is excellent. Got to do that.

And it also, supports monitoring and review because we’ve got the structure because we can review different aspects, we can review the risks, the hazards, the controls, the structure of the database and the and the hazard log in the way it presents things helps us to do that.

That is the relationship of a hazard log with risk assessment.

A hazard log is an entity, it’s a thing. Risk assessment is an activity or a series of activities, but they do go together very well.

One supports the other, right?

What’s the Difference between a Hazard Log and a Risk Register?

Now another very commonly asked question is what’s the difference between a hazard log and the risk register? And the answer is in many ways not very much.  They’re both doing basically the same thing. If we go back to, you know, I talked about Hazard log supports this risk process.

Well, this is a generic risk process; you can apply it to anything. If you had a risk register, it would support the risk process just the same.

That’s the purpose of the risk register. it’s very, very similar to a hazard log.

Hazard Log Differences

However, differences are typically for a hazard log, we are using a hazard log to track safety impacts.

Now, strictly speaking, safety, I prefer the definition where we’re talking only about harm to people, as in most jurisdictions of the world, when we talk about safety, the law says we have to protect people, that’s safety law.

And then there are usually other laws for protecting the environment and then as a business or an enterprise, we might want to protect valuable assets as well.

But the core of it is protecting people.

And a hazard log has a tracking system that is also, hazard-centric, you remember the bow tie, the hazard is there in the middle, it’s the core of everything that we do and it’s the hazards that tie multiple causes and multiple consequences together.

It really is the key to understanding that structure and all those many-to-many relationships.

Risk Register Differences

The thing about a risk register is that we can use it for the risks of impacts are just about anything.

I think the ISO-31000 standard defines risk as ‘the effect of uncertainty on objectives’. Whatever you’re doing, if you’ve got a project, you know, you want to deliver something specific at a specific time to a specific cost.

Well, you can look at the risks to those objectives if your objective is ‘business as usual’, you just want to keep things running your enterprise running steadily.

Your risk register can look at all the risks that might trip up your enterprise and stop it from working.

Also, you can use it for continuous improvement.

Although usually when we talk about continuous improvement, we usually start talking about models. Like the classic CMM, the Capability Maturity Model. There are various flavors of CMM around the world to do safety, security, finance, all kinds of things. We’ve fallen in love with maturity models. that’s really taking risk management and improvement to the next step.

But of course, to just take the first step on the ladder, we’ve got to start managing stuff and recording stuff consistently without those basic things. Continuous improvement cannot happen without it. We need a risk register and or hazard log to do all of that.

Those are some key differences between hazard logs and risk registers. In reality, they are really quite similar.

Risk Events AKA Hazards?

Some risk registers incorporate the idea of a risk event. Well, funnily enough, that sounds rather like a hazard to me. We’ve got all of these latent causes lying around. We’ve got a risk event or a trigger and then that can realize the risk. If you’ve got a risk register that supports that concept, it’s pretty, it’s almost identical to a hazard log.

That’s Hazard logs versus risk registers.

There’s More to Come…

That is the end of today’s session. Thanks very much for listening. I hope you enjoyed it. And there’s more to come.

Further Sessions on Hazard Logs and Hazard Tracking Systems

As I said before, in the second session we’re going to look at the features and benefits of commercial hazard log tools.

I showed you a screenshot, what would a fully-featured, purpose-designed database tool do for you and why would you want to do that?

And if you’re managing a particularly complex or demanding system, it will be worth going to the expense of either buying a tool or designing your own hazard log in a proper relational database. 

I’ve seen lots of Hazard logs implemented in DOORs, for example, which is a requirements management tool but of course, you know some of your requirements and not to hurt people. You can integrate a hazard log into doors or into another requirements management till provided you set it up properly.

Now and actually that brings us neatly onto the third session, which would be how do we make a proper hazard log in a spreadsheet?

How do we put a hazard log in a spreadsheet without breaking the fundamental rules?

Because we can set up tables, tabs in a spreadsheet, where each table is a list of entities be it causes, hazards, controls, references, whatever it might be.

Each one of those is an independent table and then they linked to each other properly using the primary key in each table. So, just like a database does it, we can do that in the spreadsheet more or less.

Excel for example isn’t going to give you all of the features of a proper properly set up relational database tool but it can probably for most people it will probably be enough. You’re also, going to rely on a lot of self-discipline controlling the hazard log and operating in a spreadsheet but we’ll talk about that in the third session.

I talk about lots and lots of safety and risk-related things and some security risk stuff as well at

Please do go and visit and do Please subscribe for email updates. You can get some free handouts and also, some discounts. Stay in touch with what I’m doing and the lessons and handouts that I’m producing.

Do please subscribe. and it just remains for me to say thank you very much. This lesson on was hazard logs and hazard tracking systems.

I’m Simon and thank you for watching ‘Hazard Logs and Hazard Tracking Systems’ on the Safety Artisan. Back to Start Here.

What would you like to Know about Hazard Logs and Hazard Tracking Systems?

2 replies on “Hazard Logs and Hazard Tracking Systems”

Good Day

You mentioned that you will do follow-on sessions on commercial tools as well as how to implement a HTS in a spreadsheet.

Are these sessions available as I cannot find them?

Leave a Reply

Your email address will not be published. Required fields are marked *