RISK ASSESSMENT IN DATA CENTRES (WHY IT MATTERS AND HOW IT STRENGTHENS SAFETY)

Article contents

Risk assessment matters in data centres because they are live, high-risk environments where work happens alongside active power and cooling systems that cannot be shut down.

Most serious incidents come from power failures and human error, usually driven by weak procedures or training. Structured risk assessment embeds safety into design and operations, protecting people while reducing outages and improving long-term resilience.

Key insights:

• Data centres are live, high-risk environments where engineers work around active electrical systems, cooling infrastructure, and critical equipment, making structured risk assessment essential to prevent harm and maintain availability
• Health and safety risk assessments systematically identify hazards, evaluate likelihood and impact, and apply controls through design, procedures, and training, ensuring safety is built into operations rather than relying on individual behaviour
• Most serious data centre incidents stem from power failures and human factors, with gaps in procedures and training responsible for the majority of outages, reinforcing the importance of continuous, well-documented risk assessment
• Effective risk assessment improves worker safety, regulatory compliance, and operational resilience, enabling organisations to prioritise resources, reduce downtime, and embed safety into long-term data centre management
  

A maintenance engineer opens a panel on a UPS system during a routine inspection. Across the facility, cooling pumps circulate thousands of litres of chilled water. Overhead, cable trays carry high-voltage feeds to densely packed server racks. Each of these activities happens in data centres every day, and each carries risk.

A data centre at full operation is a live, high-risk environment. Engineers work beside live electrical systems, pressurised cooling networks, moving plant, and active server halls that cannot be taken offline. Keeping those systems available depends on people working safely within them.

Here, risk assessment becomes an operational essential rather than a box-ticking exercise. It provides a structured way to identify where harm could occur, evaluate how likely and severe those risks are, and put proportionate controls in place before incidents happen.

In this article, we'll answer the question “what is a health and safety risk assessment”, explore how risk assessments contribute to health and safety, and examine how RED's integrated approach supports safer, more resilient facilities from design through operation.

What is a health and safety risk assessment?

A health and safety risk assessment is a practical, structured way to understand where harm could occur in the workplace and how it can be prevented. It involves identifying hazards, assessing the level of risk they create, and putting controls in place to reduce those risks to an acceptable level. It forms the foundation of effective health and safety management, protecting people, assets, and operations.

A key part of the process is separating hazards from risk. A hazard is the source of potential harm, such as live electrical equipment. Risk considers how likely harm is to occur and how serious the outcome could be, based on factors like access, protective safeguards, and the competence of those working nearby.

Controls are then applied in a structured order, starting with removing the hazard altogether where possible.Where that isn’t feasible, risks are reduced through design solutions, safe systems of work, and clear procedures, with personal protective equipment used only when other measures cannot fully control the risk. This ensures safety is built into the work environment rather than relying on individual behaviour alone.

Risk assessment is also a legal obligation. In the UK, legislation such as the Health and Safety at Work Act and the Management of Health and Safety at Work Regulations requires employers to identify and control workplace risks. Similar legislation exists internationally, making effective risk assessment a fundamental part of compliant, well-run data centre operations.

What is risk assessment in safety? A step‑by‑step explanation

1. Define scope and assets

Data centres begin by establishing the scope of the assessment, including the facility itself (data halls, power and cooling systems), critical assets (servers, networking equipment, UPS and battery banks, fire systems), and the people and processes involved in operation and maintenance. This ensures all key areas of risk are considered.

2. Identify hazards and threats

Operators identify all potential sources of harm, both physical and systemic. Common data centre risks include:

• Electrical hazards: high-voltage equipment, live electrical strips (busbars), UPS systems, risk of electric shock or arc flash
• Fire and smoke: high-load electrical systems, overheating equipment, requiring detection and suppression systems
• Working at height: raised platforms, rooftop plant, cable trays; falls remain a leading cause of injury
• Physical/ergonomic hazards: trips or slips from raised floors and cabling, musculoskeletal strain from lifting heavy servers or awkward postures
• Manual handling and confined spaces: underfloor maintenance, battery replacement, equipment installation
• Chemical hazards: battery acid, refrigerants, fire suppression agents, cleaning solvents; air quality and noise considerations
• Operational risks: power outages, cooling failures, human error during maintenance or configuration changes
• Security threats: unauthorised access, insider risks, tampering, cyber threats to building systems
• Environmental and external risks: flooding, extreme weather affecting cooling or power supply, utility interruptions

Walkthroughs, historical incident reviews, and staff consultation help capture a complete picture of this step.

3. Analyse risks

Each hazard is assessed for:

• Likelihood: How probable is the event?
• Impact: How severe would the consequences be?

This prioritises which risks require immediate attention and what level of controls are needed.

4. Evaluate and select controls

Measures are determined to manage or eliminate each risk, such as:

• Engineering and design: redundant power, advanced cooling, fire suppression
• Administrative: access policies, procedures, monitoring
• Physical security: perimeter barriers, CCTV, intrusion detection
• Cybersecurity: firewalls, patch management, intrusion detection systems

Controls are applied based on the severity and likelihood of each risk.

5. Document findings

All assessment results are recorded, including identified hazards, risk evaluations, and the controls in place or planned. Documentation supports compliance, accountability, and communication across teams.

6. Implement controls

Chosen control measures are deployed across operations, security, facilities, and IT teams. Implementation includes training, drills, and failover testing to ensure operational reliability.

7. Monitor, review, and update

Risk assessment is continuous. Reviews occur after significant changes (equipment upgrades, facility expansions), following incidents, and at scheduled intervals. This ensures controls remain effective and adapt to operational demands.

How risk assessments contribute to health and safety

Data centre risk assessments are central to creating safe, resilient data centre operations, allowing organisations to spot potential issues before they escalate. Identifying risks early allows for proactive measures that can prevent accidents, equipment damage, and operational downtime.

For employees, this means a safer working environment, lower injury risk, and greater overall wellbeing. A visible commitment to safety builds trust, boosts morale, and reinforces a culture where safety is a shared priority.

From a management perspective, risk assessments provide a clear record of hazards and control measures, supporting accountability and smooth compliance with regulatory requirements. They act as a reference during audits, inspections, or following any incidents, showing that safety is systematically managed rather than left to chance.

Moreover, data centre risk assessments inform smarter operational decisions. By pinpointing the areas of greatest risk, organisations can prioritise resources, schedule maintenance effectively, develop targeted training, and integrate safety considerations into broader business strategies - making risk management a core part of data centre operations.

Why is it important to assess health and safety risks?

The latest report from the Uptime Institute highlights that while the most severe data centre outages have declined (now only around 10% are classified as serious) incidents remain common, with roughly 54% of operators reporting an event in the past three years. This reinforces that health and safety, alongside operational risk management, must remain a priority to protect staff, equipment, and operational continuity.

Power system failures continue to be the leading cause of major incidents, accounting for approximately 45% of outages, most frequently involving UPS systems and power distribution equipment. Cooling and network-related failures also contribute significant risks, especially in higher-density environments, where lapses in safety procedures can endanger personnel.

Human factors are a major contributor, responsible for around 70% of significant incidents. Of these, roughly 85% result from gaps in procedures, documentation, or training, underlining the importance of structured health and safety risk assessments to minimise hazards and support safe, reliable operations.

How RED supports effective data centre risk assessments

RED brings over 20 years of data centre expertise, delivering more than 1050 projects worldwide. Our multidisciplinary approach mirrors the complexity of modern facilities.

As Construction Design and Management Principal Designers and Advisors, we lead on health and safety across every stage of a project. Design for Safety assessments and HAZOP reviews identify risks early, covering construction, operation, and maintenance.

Our site services include due diligence audits, single points of failure analysis, condition surveys, and resilience reviews. For operational facilities, we support lifecycle works, plant replacements, upgrades, and construction projects - all underpinned by thorough data centre risk assessment.

RED combines sustainability and compliance expertise to ensure alignment with ISO 50001, ISO/IEC 27001, EN 50600, and Uptime Institute Tier standards, integrating safety alongside operational, environmental, and security considerations.

Through commissioning management, we test systems under real-world conditions, confirming that risk controls operate effectively before handover.

Contact RED today to discuss how we can support your data centre's health, safety, and operational resilience through comprehensive risk assessment.