Hazard vs Risk
A hazard is a source with the potential to cause injury or ill health; a risk is the combination of the likelihood and severity of that harm actually occurring. The tiger is the hazard; the tiger in a locked cage is a low risk.
Why ISO 45001 keeps them separate
The distinction structures the entire safety management process: you identify hazards (systematically — routine and non-routine work, emergencies, human factors, past incidents, changes), you assess the risk of each (likelihood × severity, given existing controls), and you control risk by acting on hazards through the hierarchy of controls — eliminate, substitute, engineering controls, administrative controls, PPE, in that order of preference.
Collapsing the two produces classic failures: chasing trivial hazards with high visibility while a low-visibility, high-severity risk (confined space, stored energy, contractor work) sits untreated.
Assessing and reducing risk in practice
Common quantification: a risk matrix (likelihood × severity grid) for general use, or RPN (Risk Priority Number = Severity × Probability × Detection) borrowed from FMEA where detection matters. The score's purpose is triage — which risks demand action first — not false precision. After controls are applied, what remains is residual risk, which management explicitly accepts or reduces further.
You can practice the full loop — spot hazards in a workplace scene, score RPN, apply controls, watch residual risk fall — in our free Hazard Trainer & Risk Lab.
Go deeper, free.
Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.
Browse the guidesCertify with USQC