Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI

Epidemiology · Reference

What is epidemiological risk assessment?

Risk assessment is the structured process of estimating the probability and severity of harm to a population from a hazard. In public health it combines hazard identification, exposure assessment and risk characterisation to inform decisions about protecting health.

The components of a risk assessment

A standard framework breaks risk assessment into four steps. Hazard identification asks whether an agent or exposure can cause harm. Hazard (or dose–response) characterisation describes the relationship between the level of exposure and the probability or severity of effect. Exposure assessment estimates how much of an agent a population is actually exposed to, and to whom. Risk characterisation integrates these to estimate the overall risk, with its uncertainties. This structure is widely used in environmental and food-safety contexts and is adapted for infectious-disease and other public-health hazards.

Hazard, exposure and risk

A key distinction is between a hazard — something with the potential to cause harm — and the risk — the probability that harm actually occurs given exposure. A hazard poses little population risk if exposure is negligible, while even a modest hazard can carry substantial risk if exposure is widespread. Exposure links the two: the extent, route and duration of contact between a population and the hazard. Epidemiological measures of risk, such as relative risk, quantify how much more (or less) likely an outcome is in an exposed group than an unexposed one.

Risk assessment and risk management

Risk assessment is usually distinguished from risk management and risk communication. Assessment is the analytical, evidence-based estimation of risk; management is the policy process of deciding what, if anything, to do about it; and communication is the exchange of information about risk with affected populations and stakeholders. Keeping assessment separate from management is intended to protect the scientific estimate from being shaped by what would be convenient to conclude, a principle emphasised by bodies such as the World Health Organization and national food- and environmental-safety agencies.

Methods and uncertainty

Risk assessments draw on epidemiological studies, surveillance data, laboratory and toxicological evidence, and mathematical models. A central feature is the explicit treatment of uncertainty and variability — uncertainty being limited knowledge, variability being genuine differences across a population. Good practice characterises both, states assumptions transparently, and avoids overstating precision. As a research and standards activity, risk assessment values reproducible methods and clear documentation so that estimates can be scrutinised, updated as evidence changes, and compared across hazards.

Key facts

At a glance

  • Definition: Estimating likelihood and severity of harm to a population
  • Four steps: Hazard ID, hazard/dose-response, exposure, characterisation
  • Hazard vs: Potential to harm vs risk (probability harm occurs)
  • Separate from: Risk management and risk communication
  • Handles: Uncertainty and variability explicitly

Common questions

FAQ

What is the difference between a hazard and a risk?+

A hazard is something with the potential to cause harm, whereas risk is the probability that harm actually occurs given the level of exposure. A serious hazard may carry little risk if almost no one is exposed, while a modest hazard can pose substantial risk if exposure is widespread.

What are the steps in a risk assessment?+

A common framework has four steps: hazard identification, hazard or dose-response characterisation, exposure assessment, and risk characterisation. Together they move from "can this cause harm?" to "how much harm, to whom, and with what certainty?"

Why is risk assessment kept separate from risk management?+

Separating the scientific estimation of risk from the policy decision about how to respond is intended to keep the assessment objective, so that the estimate is not shaped by what would be convenient to decide. Communication of the risk is treated as a further, distinct activity.

Going deeper

Related on CASRAI

Sources

The step most authors miss

Doing CRediT right? Don’t stop at the statement.

A CRediT statement credits you inside one paper. The recognition CRediT was built for happens when those roles are tied to you, persistently. Sign in with your ORCID — free — and claim your CRediT contributions on casrai.org, the home of the standard. They become a verified, portable part of your identity, not a line that disappears into one PDF.

Free: claim your contributions, then export a journal-ready CRediT statement, schema.org structured data, JATS XML, CSV or BibTeX — and preview your public profile. A membership publishes that profile publicly and verifies the journals you serve.

Sign in with ORCID — free Why this matters →

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →