TradedocSexual harassment risk assessment
A blank workplace harassment risk assessment you can print and fill by hand. Or the faster option — work through the five steps on your phone, controls logged, the document tribunal-ready before October. Tracks the Equality Act 2010 s.40A preventative duty (uplift to 'all reasonable steps' on 1 October 2026).
No card required. Cancel anytime.
What it is
A workplace risk assessment for the prevention of sexual harassment. Same format as any HSE-style risk assessment — identify hazards, who could be harmed, controls in place, residual risk, action plan. The Equality and Human Rights Commission technical guidance treats the risk assessment as the central evidence that the employer has taken 'all reasonable steps' (the duty as upgraded from 1 October 2026).
UK legal requirement
Equality Act 2010 s.40A (preventative duty), uplifted to 'all reasonable steps' from 1 October 2026 by the Employment Rights Act 2025. EHRC technical guidance 'Preventing sexual harassment at work' identifies the risk assessment as core evidence. HSE 5-step risk-assessment format (Identify, Decide, Evaluate, Record, Review) provides the structural framework. Tribunal uplift up to 25% on harassment compensation if the duty is breached.
Compliance status
This template tracks Equality Act 2010 s.40A — preventative harassment duty (uplift to 'all reasonable steps' from 1 October 2026). Our compliance radar crawls the publishing bodies every six hours — see the standards we build to today or the radar of what's coming next.
Engineer remains responsible for verifying compliance with the version applicable to their work. TradeDoc is a tool, not a regulator.
Who needs it
- ·Every UK employer — proportionate to size and risk, but no minimum-size carve-out
- ·Construction sites where lone working on customer premises and mixed-gender crews are routine
- ·Trades visiting domestic customers (gas, electrical, plumbing) — third-party risk is structural
- ·Hospitality and retail with night shifts, alcohol on premises and customer-facing roles
What goes on it
Every mandatory field, in the order the inspector or auditor will check them.
Step 1 — Identify the hazards
Where could sexual harassment happen? Lone working at customer sites, mixed-gender crews on long-term jobs, evening shifts, night work, alcohol at work events, customer-facing roles, isolated or low-supervision locations, social-media interactions out-of-hours. Map them to roles and locations.
Step 2 — Identify who could be harmed
Workers, agency staff, contractors, visitors, customers. Pay attention to demographics — younger workers, lone female-presenting workers, LGBTQ+ workers, junior workers reporting to senior managers, workers from minority ethnic backgrounds, workers with disabilities — where evidence shows higher exposure.
Step 3 — Evaluate the risks and current controls
For each hazard, what's already in place — policy, reporting routes, training, supervision arrangements, lone-working systems, customer-vetting procedures. Rate residual risk after current controls as low/medium/high.
Step 4 — Record the assessment
Document the assessment — date, assessor, hazards identified, controls in place, residual risk, action plan with named owners and target dates. The record is the evidence; without it, no tribunal will find 'all reasonable steps'.
Step 5 — Review and update
Annual review at minimum, sooner if there is an incident, a reorganisation, a new role/location/work pattern, or new EHRC guidance. Each review re-dated and signed. Track action-plan completion.
Action plan
Specific named actions for each high or medium residual risk — additional training, lone-working check-in protocol, third-party warning script, customer-blocklist process, manager-handling-reports refresher, anonymous reporting channel implementation. Each with owner, date, completion log.
Common mistakes on a hand-filled one
The small things that get picked up on audit, insurance review, or when the next engineer reads it.
- ✗Treating the policy as the assessment — they are different documents; the EHRC guidance treats the risk assessment as the backbone of the 'all reasonable steps' defence
- ✗Generic risk assessment copy-pasted from a template with no actual hazard mapping — tribunals see straight through this
- ✗Forgetting third-party harassment risk — customers, suppliers, site visitors are explicitly in scope from October 2024
- ✗Single annual review and no incident-triggered re-assessment — risk assessments are live documents that update on events
- ✗No action plan or no owner against actions — listing risks without accountability is not 'reasonable steps'
- ✗Missing the lone-working dimension — traders working alone on customer premises is a structural high-risk pattern that small firms routinely overlook
The faster option
Fill one on your phone in 2 minutes
Pick the template. Answer the fields. Customer signs from their inbox. PDF saved in the vault with a unique number. Free forever on your first 100 docs a month. Pro £15/month adds custom branding and one-tap customer email. No card at sign-up.
Frequently asked questions
What's the difference between the policy and the risk assessment?+
The policy says what is prohibited and how reports are handled. The risk assessment says where harassment is most likely to happen in this specific workplace, who is at risk, and what controls are in place to prevent it. EHRC guidance treats them as a pair — neither alone is enough.
Does a sole trader need a risk assessment?+
Yes, but it can be short. A sole trader hiring one apprentice has identifiable risks (lone customer visits, mixed-gender household callouts, evening jobs at premises serving alcohol) and identifiable controls (mandatory check-in calls, the right to refuse a job). The bar is proportionate but the duty is the same.
How often should it be reviewed?+
Annually at minimum. Also after any incident, after a reorganisation, when a new role or working pattern is introduced, when new EHRC guidance is issued, and after any change in the demographic mix or location of work. Each review re-dated, signed and the action-plan progress logged.
What goes on the action plan?+
Specific actions — not generic statements. 'Implement lone-working check-in protocol for evening domestic call-outs by 30 June, owner: lead engineer' beats 'improve lone-working culture'. The action plan is the bridge from risk identification to compliance evidence.
What if I find a high-risk hazard I can't fully control?+
Document the hazard, document the controls you have considered and ruled out (with reasons), and document the controls you have implemented as the maximum reasonable. The EHRC framework is reasonable to your size and resources — but you must be able to justify the limits.
Is the EHRC actually enforcing this?+
Yes. The EHRC has standalone investigation and enforcement powers under the Equality Act 2006 — Section 23 unlawful-act notices and binding action plans. The October 2024 duty has already triggered EHRC action against larger employers; the October 2026 uplift is expected to broaden enforcement to mid-sized employers.