How I Use the Lone Working Risk Assessment Template in Pilla

Understanding What's Required of You

A lone working risk assessment identifies the risks faced by staff who work alone or out of earshot of others, and what measures are in place to keep them safe. A lone worker is anyone who works without direct supervision or nearby colleagues, even for a short period. That includes cleaners who open up early, chefs who prep alone, managers who close and lock up, and anyone whose role puts them in an isolated situation at any point during the day.

In the UK, the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999 require employers to assess risks to lone workers. But regardless of where you operate, if any of your staff work alone at any point, you need one. The risks are specific: delayed response to emergencies, vulnerability to violence, inability to get help if injured, and increased exposure to hazards without a colleague nearby to spot problems.

I've run a health and safety consultancy advising businesses across multiple industries, and lone working is consistently the assessment people push back on. "We don't really have lone workers" is something I've heard dozens of times, usually from businesses where the general manager locks up alone five nights a week. If someone is working without a colleague within earshot, they're a lone worker. Full stop.

The person best placed to complete this is the site manager or whoever oversees the day-to-day running of the location. They know the layout, the team structure, the shift patterns, and the real risks their staff face. I'd set a reminder to review it at least once a year, or sooner if you change shift patterns, have an incident, or bring in new staff who work alone.

Setting It Up as a Work Activity

I've built a lone working risk assessment template in Pilla covering the 13 sections below. It gives you a structured starting point, but depending on how your business operates, you may need to add extra items to cover risks specific to your setup.

When you create the work activity, tag it (e.g. "Lone Working Risk Assessment"). Tags make it easy to find and filter later, and they're what Poppi uses to track completion across different risk assessment types in automated reports.

You've got two options. Create it as a one-off work form, complete it, and manually create a new one when it's due for review. Or set it up as a recurring yearly work schedule, and Pilla will create the next one automatically. I'd recommend the recurring option. In my experience, the "I'll remember to create a new one" approach fails almost every time.

1. Who Is at Risk of Lone Working?

Which roles and when: List every staff role that could end up working alone, and describe the circumstances. I want to see who opens up, who closes, who works in isolated areas, and who covers quiet periods. Even short periods count. Cleaners arriving before others, chefs prepping early, managers locking up, delivery drivers, anyone working in a separate part of the building.

What risks they face: Describe the specific risks these lone workers are exposed to. These vary by role and situation. A cleaner working alone at 6am faces different risks to a manager closing up at midnight. I'm looking for delayed emergency response, inability to get help if injured, vulnerability to intruders, and the psychological impact of working in isolation.

What good answers look like:

Which roles and when: "Cleaners work alone from 6am to 8am before the rest of the team arrives. The General Manager locks up alone after the last staff member leaves, typically between 11pm and midnight. Kitchen Porters sometimes work alone in the basement storage area."

What risks they face: "Cleaners face slip and trip risks with no one nearby to help if injured. The General Manager is vulnerable to intruders during lock-up and has no immediate assistance if something goes wrong. Kitchen Porters working in the basement are out of earshot and could be injured by heavy stock with no one aware."

Common mistakes I see:

"Only the General Manager stays late, so we don't have lone workers." Think beyond closing time. I worked with a restaurant group where nobody had considered the cleaners at all. Three people, alone across three sites, every morning. That's lone working.

"It's only for a short time, so they're not really alone." Duration doesn't change the risk. If someone falls and breaks their ankle at 6:05am, it doesn't matter that the rest of the team arrives at 8.

2. Monitoring Wellbeing and Contact

How you monitor: Tell me about the communication and monitoring systems you have in place for lone workers. CCTV coverage, check-in/check-out procedures (call, text, app), whether lone workers carry a mobile phone or have access to a landline, whether they're part of a team group chat. The key question is: would you know quickly if something went wrong?

Procedure for missed check-ins: Describe what happens step by step if a lone worker doesn't check in when expected. Who follows up? How quickly? What escalation steps are in place? A check-in system only works if someone is actively monitoring it and knows exactly what to do when a check-in is missed.

What good answers look like:

How you monitor: "Lone workers text the General Manager when they start and finish their shift. CCTV monitors the main areas and recordings are accessible remotely. All staff have the manager's number and emergency contact numbers saved in their phone."

Missed check-in procedure: "If a lone worker doesn't check in within 15 minutes of their expected time, the manager calls them. If no answer after two attempts, the manager contacts the emergency contact on file and, if necessary, attends the site in person."

Common mistakes I see:

"We tell them to call if there's a problem." That's reactive. If someone is unconscious on the floor, they can't call anyone. I need to see proactive check-in/check-out procedures so you know something is wrong before the worker has to tell you.

"We rely on workers using their own phones." Phones die, break, and get left at home. There needs to be a backup method for contact.

3. Training for Lone Workers

Tasks they carry out: List the specific tasks your lone workers complete while working alone. Not just their core role. Everything they need to handle independently: accessing and securing the building, operating alarms, switching lighting and equipment on or off, handling deliveries, and dealing with unexpected situations.

How they're trained: Describe the training lone workers receive, both for their specific tasks and for the practicalities of working alone. I want to see induction training, written procedures, buddy shifts before someone works alone for the first time, refresher training, and how you confirm competence before leaving someone on their own.

What good answers look like:

Tasks: "Cleaners are expected to let themselves in, disarm the alarm, clean all public areas, restock supplies, and re-arm the alarm when finished. The General Manager is expected to cash up, secure all exits, set the alarm, and lock up."

Training: "All lone workers complete a buddy shift with an experienced colleague before working alone for the first time. Training covers alarm operation, key access, emergency procedures, and task-specific duties. Procedures are documented and accessible in the staff area. Training is refreshed annually or when procedures change."

Common mistakes I see:

"We show them on their first day, then assume they remember." Alarm codes, lock-up sequences, emergency procedures. These aren't things you demonstrate once and move on. I've seen cleaners locked inside buildings because nobody showed them the alarm panel properly.

"They can call if they forget something." If they're alone at 6am and the alarm is screaming, the last thing they need is to be searching for a phone number. Written procedures on the wall. Non-negotiable.

4. Health Conditions Awareness

What conditions could affect safety: Describe the types of health conditions that could put a lone worker at greater risk. This isn't about collecting medical records. It's about understanding which conditions matter when someone is working without nearby support. Epilepsy, diabetes, heart conditions, severe allergies, and mental health conditions can all increase risk when working alone.

How you stay informed: Describe the systems you have to gather and update relevant health information, while respecting privacy. I'm looking for health questionnaires during onboarding, regular one-to-one check-ins, return-to-work conversations after absence, and a culture where staff feel safe disclosing conditions that affect their safety.

What good answers look like:

What conditions: "Conditions such as epilepsy, diabetes, heart conditions, severe allergies, and anxiety or panic disorders could all increase risk for someone working alone, particularly if they need urgent medical attention and no one is nearby."

How you stay informed: "Staff complete a health questionnaire during onboarding and are encouraged to update their manager about any changes. We conduct regular one-to-one meetings where health and wellbeing are discussed. Return-to-work conversations after any absence include a check on whether the staff member is fit to work alone."

Common mistakes I see:

"We only ask about health conditions when they join." Health conditions change. Someone who was fine to work alone six months ago might not be now. Regular check-ins matter.

"We leave it to staff to tell us." Most won't unless you create the opportunity. I've had managers tell me they had no idea a team member was diabetic, after two years of that person opening up alone every Saturday. Build private, proactive conversations into your routine.

5. PPE and PPE Training

What PPE is needed: List the Personal Protective Equipment your lone workers need based on the tasks they carry out. This depends on the role. A cleaner working with chemicals needs different PPE to a Kitchen Porter handling heavy deliveries. Gloves, non-slip footwear, eye protection, high-visibility clothing, and any task-specific equipment.

How it's provided and trained: Describe how PPE is supplied, where it's stored, how it's maintained and replaced, and what training lone workers receive on when and how to use it. The key issue with lone workers is that there's nobody around to remind them. If PPE gets skipped when someone's alone, you'll never know about it.

What good answers look like:

What PPE: "Cleaners need rubber gloves and non-slip footwear when using cleaning chemicals and working on wet floors. Kitchen Porters need cut-resistant gloves when handling broken glass and non-slip shoes for wet areas."

How provided and trained: "PPE is issued during induction and replacements are available in the staff area. Staff are trained on when and how to use each item during their induction buddy shift. PPE condition is checked during monthly site inspections. Lone workers are reminded that PPE use is mandatory even when working alone."

Common mistakes I see:

"We provide PPE but don't enforce its use." When someone is alone, enforcement relies entirely on training and culture. If you've never explained why the gloves matter, don't be surprised when they sit in the box untouched.

"We gave training once." New PPE, new tasks, new chemicals. Refresher training is part of the deal.

6. High-Risk Tasks

What high-risk tasks: Identify any tasks that your lone workers might need to carry out, or might be tempted to carry out, that are higher risk when done alone. Working at height, using hazardous chemicals, operating heavy equipment, deep cleaning extraction systems, moving heavy stock, and any task where the consequences of an accident are worse without someone nearby.

What measures are in place: Describe the controls you have to prevent lone workers from doing high-risk tasks unsupervised, or to make those tasks safer where avoidance isn't possible. This might include outright bans on certain tasks when alone, rescheduling high-risk work to team hours, or specific procedures that reduce the risk.

What good answers look like:

What tasks: "Lone workers could encounter situations where they need to use a ladder to reach stock, handle chemical cleaning products, or move heavy deliveries. The General Manager sometimes needs to access the roof terrace to secure outdoor furniture."

Measures: "Lone workers are not permitted to use ladders, carry out deep cleaning with hazardous chemicals, or access the roof terrace when alone. These tasks are scheduled for team hours. A list of prohibited solo tasks is displayed in the staff area and covered during induction. If a task arises that a lone worker isn't sure about, they're instructed to leave it and report it."

Common mistakes I see:

"The team handles what needs doing, solo or not." This is exactly the attitude that leads to someone falling off a ladder at 6am with nobody around. High-risk tasks should never be done alone. Write the rule down and enforce it.

"We trust our workers' judgement." I don't doubt their intentions, but risk perception varies wildly between individuals. A written list of prohibited solo tasks is more reliable than personal judgement.

7. Violence and Challenging Behaviour

What risks they face: Describe the situations where your lone workers could face violence, aggression, or challenging behaviour from customers, members of the public, suppliers, or contractors. Lone workers are more vulnerable because there's no colleague nearby to intervene, witness, or deter. Late-night closing, early morning openings, handling complaints alone, refusing entry or service, dealing with intoxicated individuals.

What measures are in place: Tell me about conflict resolution and de-escalation training, physical barriers, CCTV with visible signage, panic buttons or personal alarms, procedures for when to disengage and call for help, and how incidents are reported and followed up.

What good answers look like:

What risks: "The General Manager closing alone is at risk from intruders or aggressive individuals trying to gain access. Cleaners working early morning could encounter rough sleepers or trespassers. Any staff member working alone who has to refuse service or deal with a complaint is more vulnerable without a colleague present."

Measures: "All staff who work alone receive conflict de-escalation training during induction. CCTV covers all entrances and is clearly signed. The General Manager has a personal alarm and is trained to lock internal doors during close-down. Staff are instructed never to confront or chase anyone, and to call the police if they feel threatened. All incidents are reported and reviewed."

Common mistakes I see:

"The threat is minimal, so no specific measures are needed." It only takes one incident. I worked with a business where a manager was confronted during lock-up by someone who'd been watching the building and knew the routine. They had no alarm, no training, and no procedure. Everything was reactive after that. Don't wait for your own version of that story.

"We've never had an incident, so we're fine." That's not a control. Proactive measures protect your staff and show duty of care before something happens.

8. Cash and High-Value Goods Handling

When they handle cash or valuables: Describe the situations where your lone workers handle cash, high-value stock, or have access to safes or tills. Cashing up at end of night, banking, receiving high-value deliveries, and any situation where a lone worker could be targeted because they're known to have access to money or goods.

What measures are in place: I want to see measures like moving cash handling to team hours where possible, using drop safes so lone workers don't hold large amounts, CCTV coverage of cash handling areas, varying banking routines, and clear procedures for what to do if confronted.

What good answers look like:

When: "The General Manager cashes up alone after closing. Early morning cleaners have access to the building but not to safes or tills. Occasionally a lone worker receives a delivery that includes high-value stock."

Measures: "Cash is deposited in a time-delay drop safe throughout the shift so the amount held at close is minimised. CCTV covers the office and till areas. Banking is done during daylight hours with a colleague, never alone. Staff are trained to hand over cash without resistance if confronted. High-value deliveries are scheduled for team hours where possible."

Common mistakes I see:

"We have procedures, but they're not always practical." If procedures are impractical, staff will skip them. That's not their fault. Redesign the process so it's both safe and workable. A procedure nobody follows is worse than no procedure at all, because it gives you a false sense of security.

9. Emergency Procedures

What emergencies they could face: Think beyond fire. Medical emergencies (their own or a customer's), break-ins, gas leaks, flooding, power failures, and any situation where the normal response of asking a colleague or evacuating together isn't available because they're alone.

How they're prepared: Describe how you make sure lone workers know exactly what to do in each type of emergency. Induction training, written procedures posted in visible locations, emergency contact lists, practice scenarios, and how you confirm that lone workers actually understand the procedures rather than just having been told once.

What good answers look like:

What emergencies: "Lone workers could face a fire, a personal injury with no one to help, a break-in or intruder, a gas leak, a power failure, or a medical emergency involving a customer or member of the public."

How prepared: "Emergency procedures are covered during induction and displayed on laminated cards near exits, in the kitchen, and by the alarm panel. Lone workers are talked through each scenario during their buddy shift. Emergency contact numbers are saved in their phone and posted on the staff noticeboard. Procedures are reviewed with staff after any incident or near-miss."

Common mistakes I see:

"They can figure it out or ask someone later." In an emergency, there is no later. A lone worker dealing with a gas leak at 6am needs to know exactly what to do before the situation arises. Not after.

10. First Aid Access

What first aid needs: Describe the types of injuries or medical needs your lone workers could face, given the tasks they carry out. A cleaner might suffer a chemical splash or a slip injury. A kitchen worker might get a burn or a cut. The difference from normal operations is that a lone worker may need to treat themselves, so the kit and their knowledge need to match the likely injuries.

How they access it: I want to know where first aid kits are located, what they contain, whether lone workers know where they are, and whether they've been trained to use them. Are kits accessible from all areas where lone workers operate? Who checks and restocks them? Do lone workers have basic first aid training?

What good answers look like:

What needs: "Cleaners could suffer chemical splashes, slips, or cuts. Kitchen staff working alone could suffer burns, cuts, or slip injuries. Any lone worker could have a medical episode such as a faint or allergic reaction."

How they access it: "First aid kits are located in the kitchen, behind the bar, and in the staff room. Each kit contains burns treatment, blue plasters, eyewash, and basic wound dressings. Kits are checked monthly by the duty manager. All lone workers receive basic first aid awareness training during induction, including how to treat burns, cuts, and when to call 999."

Common mistakes I see:

"Kits are available but often moved or half empty." A first aid kit is useless if it's missing supplies or buried in a cupboard. I've done site visits where the first aid kit was behind three boxes of printer paper in a back office. Assign responsibility for monthly checks and keep kits in fixed, visible locations.

11. After-Hours Lock-Up and Safe Arrival Home

Lock-up procedure: Describe the step-by-step procedure for lone workers who close and lock up after hours. Securing cash, checking all areas are clear, setting the alarm, locking exits, and where the lone worker goes from there. The procedure should minimise the time spent alone in a locked building and get the worker out safely.

Confirming safe arrival home: Your duty of care doesn't end when they leave the building. Describe how you confirm a lone worker has arrived home safely. Text check-ins, timed follow-ups if no message is received, and who is responsible for monitoring.

What good answers look like:

Lock-up: "The General Manager follows a written lock-up checklist: cash secured in the safe, all rooms checked and cleared, back door locked from inside, alarm set via front panel, front door locked from outside. The GM texts the Area Manager once they've left the building."

Safe arrival home: "Lone workers text the duty manager when they arrive home. If no text is received within 30 minutes of the expected time, the manager calls them. If there's no answer, the manager calls the emergency contact on file."

Common mistakes I see:

"They're adults, they can handle it." Duty of care extends to the journey home. A text check-in takes ten seconds and could make a genuine difference. I've worked with businesses where this was dismissed as patronising, right up until a staff member had their car break down at 1am on a country road and nobody knew.

12. Additional Control Measures

This is where you record any extra measures that aren't covered by the sections above. Every site is different, and this section makes sure your assessment captures the precautions specific to your environment.

I'd approach this by testing what it's actually like to work alone at your site. Walk through the building at the times your lone workers are there. Look for layout features that create blind spots or isolation risks. Consider whether you use lone worker apps or devices, and whether seasonal or temporary factors (building work, events, extended hours) change the risk profile.

What good answers look like:

"We use a lone worker app that sends automatic alerts if the worker doesn't respond to a check-in within a set time. The app includes GPS tracking and a panic button. We also conduct an annual walkthrough of the site at the times lone workers are present, to identify any hazards that only exist during those hours (e.g. poor lighting in the car park after dark)."

"Additional control: the back entrance is poorly lit after dark. We've installed motion-sensor lighting and the lone worker is instructed to use the front entrance only when arriving or leaving outside daylight hours."

Common mistakes I see:

"We meet regulations, so additional measures aren't needed." Meeting the legal minimum doesn't mean you've covered every risk at your specific site. Walk the building at the times your lone workers are there. You'll find something. I always do.

13. Monitoring Controls Day to Day

Describe how and when you check that your control measures are actually being followed, and how you review and update them over time. A risk assessment is only useful if the controls it describes are happening in practice. This section is about accountability and a review cycle.

I'm looking for who is responsible for monitoring compliance, how often spot checks happen, how incidents and near-misses feed back into the assessment, and when the whole thing is formally reviewed.

What good answers look like:

"The site manager conducts a monthly spot check during lone working hours to verify check-in procedures are being followed and that the lone worker has access to everything they need. Any incidents or near-misses involving lone workers are reviewed within 48 hours and the risk assessment is updated if needed. The full assessment is formally reviewed annually or after any significant change to operations, layout, or staffing."

Common mistakes I see:

"Set and forget." Controls evolve with your business. Staff change, layouts change, risks change. I've seen businesses running off a lone working assessment that was three managers and two refurbishments out of date. Build in regular reviews so your assessment stays relevant.

Automate the Follow-Up with Poppi

This is the part most people skip, and it's the part that matters most. I've seen hundreds of risk assessments completed once and never looked at again. They sit in a folder until an auditor asks for them, or until someone gets hurt. The problem isn't that people don't care. There's just no system reminding anyone to check.

Once your lone working risk assessment is set up as a work activity in Pilla, you can use Poppi Actions to set up a scheduled report that tells you when it was last completed. The report also shows how many incomplete instances exist since the last completion, so you can spot anything that was assigned but never finished.

I'd set this up to cover all your risk assessment types in a single rule. Tag your lone working risk assessment, fire risk assessment, kitchen risk assessment, and any others, then include all the tags in one rule. Poppi sends the report on whatever schedule you choose. I'd recommend monthly to start with. You can always change it.