Hazard Identification Form (HIRARC) — Malaysia
HAZARD IDENTIFICATION, RISK ASSESSMENT AND RISK CONTROL (HIRARC) FORM
Occupational Safety and Health Act 1994 (OSHA 1994, Act 514) | DOSH HIRARC Guidelines 2008 | ISO 45001:2018
Company / Site: [Company Name]
Department / Work Area: [Department]
Assessment Date: [Assessment Date] | Next Review Date: [Review Date]
Assessor: [Assessor Name]
SECTION A: WORK ACTIVITY AND HAZARD IDENTIFICATION
Work Activity / Task: [Work Activity]
Type of Hazard: [Hazard Type]
Hazard Description:
[Hazard Description]
Potential Consequence if Harm Occurs: [Potential Consequence]
Existing Controls:
[Existing Controls]
SECTION B: RISK ASSESSMENT (DOSH HIRARC Risk Matrix)
Likelihood Score: [Likelihood]
Severity Score: [Severity]
Risk Level (Likelihood × Severity): [Risk Level]
Risk Level Key: Low (RPN 1–4) — monitor; Medium (5–12) — manage; High (13–24) — urgent action; Very High (25) — stop work.
SECTION C: ADDITIONAL RISK CONTROLS (Hierarchy of Controls)
[Additional Controls]
Responsible Person: [Responsible Person]
Target Completion Date: [Target Date]
Hierarchy of Controls reminder: (1) Elimination → (2) Substitution → (3) Engineering Controls → (4) Administrative Controls → (5) PPE
SECTION D: APPROVAL
Prepared by (SHO / Safety Officer): ____________________________
Name: [Assessor Name]
Date: [Assessment Date]
Reviewed and Approved by (Department Head / Management): ____________________________
Date: ____________________________
SHC Endorsement (if applicable): ____________________________
Date: ____________________________
Safety and Health Officer (Assessor)
________________
Signature
What Is a Hazard Identification Form (HIRARC) — Malaysia?
A Hazard Identification Form (HIRARC) in Malaysia captures the particulars required for the filing or submission it supports.
DOSH published the Guidelines for Hazard Identification, Risk Assessment and Risk Control (HIRARC Guidelines) in 2008, providing a standardised methodology for Malaysian employers to implement HIRARC across all industries. The HIRARC process follows three sequential stages: (1) Hazard Identification — identifying all hazards associated with each work activity, including physical hazards (machinery, noise, heat), chemical hazards (toxic substances, flammable materials under the USECHH Regulations 2000), biological hazards (bacteria, viruses), ergonomic hazards (manual handling, repetitive strain), and psychosocial hazards; (2) Risk Assessment — evaluating the likelihood of harm occurring and the severity of the potential harm to assign a Risk Priority Number (RPN) or risk level (Low, Medium, High, Very High); and (3) Risk Control — determining control measures in the hierarchy of controls: Elimination, Substitution, Engineering Controls, Administrative Controls, and Personal Protective Equipment (PPE).
For sites classified as Major Accident Hazard (MAH) sites under the Occupational Safety and Health (Control of Industrial Major Accident Hazards) Regulations 1996 (CIMAH Regulations 1996) — those storing quantities of hazardous substances above the threshold quantities in the CIMAH First Schedule — a formal Quantitative Risk Assessment (QRA) or Hazard and Operability Study (HAZOP) is required in addition to HIRARC. CIMAH-regulated sites include petroleum refineries, chemical plants, and liquefied gas storage facilities operated by companies such as PETRONAS, Shell, and ExxonMobil in Malaysia.
The HIRARC form is also a foundational document for ISO 45001:2018 Occupational Health and Safety Management System certification — the international standard administered in Malaysia by SIRIM QAS International Sdn Bhd — which requires documented risk assessment as a core element of the OSH management system.
The legal framework governing the Hazard Identification Form (HIRARC) — Malaysia in Malaysia draws on several key statutes and regulatory bodies. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Parties executing a Hazard Identification Form (HIRARC) — Malaysia in Malaysia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Employment Act 1955 (Act 265) sets the foundational requirements.
When Do You Need a Hazard Identification Form (HIRARC) — Malaysia?
A HIRARC Hazard Identification Form is required in Malaysia whenever an employer needs to systematically identify and control workplace hazards under the Occupational Safety and Health Act 1994.
A HIRARC Form is needed when a new workplace, work process, or piece of equipment is introduced — for example, a new production line, a new chemical substance, or a new construction method — and the employer must assess the associated risks before work begins under Section 15 of the OSHA 1994.
A HIRARC Form is required when a DOSH workplace inspection under Section 29 of the OSHA 1994 reveals that the employer's existing HIRARC documentation is outdated, incomplete, or does not address new hazards that have been introduced into the workplace.
A HIRARC Form is needed following any workplace accident, near-miss, or dangerous occurrence to investigate the root causes and document revised risk controls to prevent recurrence, as required by the OSH Management System Guidelines (MS 1722:2011) and ISO 45001.
A HIRARC Form is required for construction projects registered with the Construction Industry Development Board Malaysia (CIDB) under the Construction Industry Development Board Act 1994 (Act 520), as construction site safety plans must include hazard identification and risk assessment documentation for all significant construction activities.
A HIRARC Form is needed when an employer handles chemicals hazardous to health listed in the First Schedule to the Occupational Safety and Health (Use and Standards of Exposure of Chemicals Hazardous to Health) Regulations 2000 (USECHH Regulations 2000), as the Regulations require employers to identify chemical hazards and assess workers' exposure levels.
Parties in Malaysia should prepare a Hazard Identification Form (HIRARC) — Malaysia proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Hazard Identification Form (HIRARC) — Malaysia
A valid Malaysia HIRARC Hazard Identification Form must contain the following essential elements as recommended by the DOSH HIRARC Guidelines 2008.
Work Activity Description: A clear description of the specific work activity or task being assessed — for example, 'Operating a hydraulic press machine', 'Mixing chemical solvents in the paint bay', or 'Working at height on scaffolding'. Each distinct work activity should have a separate HIRARC entry.
Hazard Identification: A thorough list of all hazards associated with the work activity — including physical (noise above 85 dBA, heat, moving machinery parts), chemical (solvents, acids, dusts — cross-referenced with USECHH Regulations 2000 threshold values), biological (moulds, bacteria), ergonomic (repetitive lifting, awkward postures under DOSH Manual Handling Guidelines), and psychosocial hazards.
Potential Consequences: The type of harm that could result if the hazard causes an incident — for example, laceration, fracture, chemical burn, hearing loss, respiratory disease, or fatality.
Existing Controls: Controls already in place at the time of assessment — for example, machine guards, ventilation systems, existing PPE requirements, and safe work procedures (SWP).
Risk Assessment (Likelihood × Severity): A quantitative or semi-quantitative risk rating using the DOSH HIRARC risk matrix — multiplying the Likelihood score (1 Rare to 5 Almost Certain) by the Severity score (1 Insignificant to 5 Catastrophic) to produce a Risk Priority Number (RPN) indicating Low (1–4), Medium (5–12), High (13–24), or Very High (25) risk.
Additional Risk Controls: Proposed additional controls following the hierarchy — Elimination, Substitution, Engineering Controls (e.g. isolation, guarding), Administrative Controls (training, permits to work, rotation), and PPE — to reduce residual risk to as low as reasonably practicable (ALARP).
Responsible Person and Completion Date: The name of the person responsible for implementing each additional control measure and the target completion date, for monitoring and verification purposes.
Additional compliance elements for a Hazard Identification Form (HIRARC) — Malaysia used in Malaysia include: Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Forms-legal.com provides this template as a starting point for Malaysia-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Hazard Identification Form (HIRARC) — Malaysia (Malaysia) [Legal document template]. Forms Legal. https://forms-legal.com/malaysia/employment/forms/hazard-identification-form-malaysia
"Hazard Identification Form (HIRARC) — Malaysia (Malaysia)." Forms Legal, 2026, https://forms-legal.com/malaysia/employment/forms/hazard-identification-form-malaysia.
@misc{formslegal-hazard-identification-form-malaysia,
author = {{Forms Legal}},
title = {Hazard Identification Form (HIRARC) — Malaysia (Malaysia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/malaysia/employment/forms/hazard-identification-form-malaysia}},
note = {Free legal document template. Based on Employment Act 1955 (Act 265)}
}Frequently Asked Questions
HIRARC stands for Hazard Identification, Risk Assessment and Risk Control — the structured risk management methodology recommended by the Department of Occupational Safety and Health Malaysia (DOSH) under the Guidelines for Hazard Identification, Risk Assessment and Risk Control (HIRARC Guidelines 2008). While the OSHA 1994 (Act 514) does not use the specific term 'HIRARC' in its statutory text, HIRARC is the standard method by which employers demonstrate compliance with the general duty under Section 15 of the OSHA 1994 to ensure the safety and health of employees. DOSH inspectors expect employers to have current HIRARC documentation for all significant work activities. For ISO 45001:2018 certification — administered in Malaysia by SIRIM QAS International — documented risk assessment (effectively HIRARC) is a mandatory requirement of Clause 6.1.2. For CIMAH-regulated sites, a formal risk assessment is explicitly required by the CIMAH Regulations 1996.
The DOSH HIRARC Guidelines 2008 recommend using a risk matrix that multiplies two factors: Likelihood (the probability that the hazard will cause harm, scored 1 Rare to 5 Almost Certain) and Severity (the potential consequence if harm occurs, scored 1 Insignificant to 5 Catastrophic). The resulting Risk Priority Number (RPN) is categorised as: Low Risk (RPN 1–4) — acceptable risk, maintain current controls and monitor; Medium Risk (RPN 5–12) — manage by specifying responsibility and timeframe; High Risk (RPN 13–24) — senior management attention required, implement controls urgently; Very High Risk (RPN 25) — work must stop immediately until risk is reduced. The risk assessment must be reviewed when conditions change — for example, after a new machine is installed, after a near-miss, or at least annually as part of the OSH management system review. The DOSH HIRARC Guidelines 2008 are available from the DOSH website at dosh.gov.my.
Under Section 15 of the Occupational Safety and Health Act 1994 (OSHA 1994, Act 514), the employer bears the primary responsibility for identifying and controlling workplace hazards — and therefore for ensuring that HIRARC is conducted. In practice, HIRARC is conducted by a team that typically includes the Safety and Health Officer (SHO) appointed under the Occupational Safety and Health (Safety and Health Officer) Regulations 1997 (for workplaces with 100+ employees in scheduled industries), the departmental supervisor most familiar with the work activity, and, where applicable, an employee representative from the Safety and Health Committee (SHC) established under the OSH (Safety and Health Committee) Regulations 1996. For construction sites, the CIDB-registered contractor's safety officer and site supervisor participate. For CIMAH-regulated sites, specialist process safety engineers with Quantitative Risk Assessment expertise may conduct the formal hazard assessment.
The DOSH HIRARC Guidelines 2008 recommend that HIRARC assessments be reviewed whenever there are changes to work processes, equipment, materials, or the work environment that may introduce new hazards or alter the risk level of existing hazards. As a minimum, HIRARC assessments should be reviewed annually as part of the employer's OSH management system review. Additionally, HIRARC should be reviewed: after any workplace accident, dangerous occurrence, or near-miss involving the work activity assessed; when new equipment or chemicals are introduced; when work methods change; when the DOSH HIRARC Guidelines or relevant subsidiary regulations (e.g. USECHH 2000) are updated; and when new employees are assigned to the work activity. Under ISO 45001:2018 Clause 6.1.2, the organisation must evaluate its OSH risks as part of operational planning and control — making periodic HIRARC review a certification requirement for ISO 45001-certified organisations.
The DOSH HIRARC Guidelines 2008 and the ISO 45001:2018 standard both prescribe the hierarchy of controls as the framework for selecting risk control measures, from most to least effective: (1) Elimination — physically removing the hazard from the workplace entirely (e.g. replacing a toxic solvent with a water-based alternative); (2) Substitution — replacing the hazard with something less dangerous (e.g. substituting a hazardous chemical with a safer one under USECHH Regulations 2000); (3) Engineering Controls — isolating people from the hazard through machine guards, ventilation systems, noise enclosures, or interlocks; (4) Administrative Controls — changing how people work through safe work procedures, job rotation, training, permits to work, warning signs, and DOSH-approved training courses; (5) Personal Protective Equipment (PPE) — providing and enforcing the use of appropriate PPE such as safety helmets, safety boots, gloves, respirators, and hearing protection as a last resort or as a supplement to higher-level controls.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Health and Safety Policy (Malaysia)
A Malaysia Occupational Health and Safety Policy for employers under the Occupational Safety and Health Act 1994 (OSHA 1994, Act 514). Sets out the employer's safety obligations, hazard identification duties, accident reporting under Section 32 OSHA 1994, and OSH Committee requirements under OSH (Safety and Health Committee) Regulations 1996.
Workplace Accident Report Form (Malaysia)
A Malaysia Workplace Accident Report Form for employers to document workplace accidents, dangerous occurrences, and work-related injuries under the Occupational Safety and Health Act 1994 (OSHA 1994, Act 514) and the NADOPOD Regulations 2004. Supports DOSH Form JKKP 6 submission and SOCSO Employment Injury claims.
Contractor Safety Induction Form (Malaysia)
A Malaysia Contractor Safety Induction Form for principal employers to brief and document contractors' acknowledgement of site safety rules, hazards, emergency procedures, and OSHA 1994 obligations before commencing work on site. Complies with DOSH and CIDB construction safety requirements.