Standards: Where CIRIA Holds Up, and Where the Sector Needs to Push Further
Post 3 of 3 — a series on how the UXO sector can improve, written for clients and commissioners.
The first two posts in this series argued, in light of the Plymouth Southway find on 29 April, that clients should be commissioning assurance rather than reports, and that independent peer review deserves to be a more routine feature of how UXO risk assessments are produced. Both of those arguments sit inside, rather than outside, the existing standards framework. This final post looks at that framework directly: what it does well, where it is beginning to show its age, and what commissioners can reasonably ask the sector to push further on.
The principal piece of UK guidance for land-based UXO risk management is CIRIA C785, Unexploded Ordnance (UXO) Risk Management Guide for Land-Based Projects, published in 2019 as the successor to CIRIA C681 (2009). For marine projects the relevant document is CIRIA C754. This post is mostly concerned with C785, because the Plymouth find sits squarely inside its scope.
It is worth saying at the outset that C785 is a serious document. It sets out a stage-gated risk management process, aligns explicitly with HSE expectations and the ALARP principle, and gives clients, designers and contractors a shared vocabulary for talking about UXO risk. Before C681 and C785, the UK construction industry's approach to UXO was inconsistent and, in places, ad hoc. The current framework is the reason that approach is now the exception rather than the rule.
The framework's strengths sit in three places.
The first is the staged approach. C785's progression from preliminary risk assessment, through detailed risk assessment, to mitigation strategy and on-site implementation is logical and gives the client clear decision points. At each stage the question is whether the residual risk, in light of what is now known, justifies further investigation or mitigation. That structure protects both the client (from over-specification early) and the public (from under-specification late).
The second is alignment with HSE law. UXO risk does not sit in a regulatory vacuum. The Construction (Design and Management) Regulations 2015 already place duties on clients, designers and principal contractors in relation to foreseeable hazards, and UXO is a foreseeable hazard on many UK sites. C785 connects the technical methodology to those duties in a way that makes the legal exposure clear.
The third is the document's restraint. C785 stops short of being prescriptive about which sources, which sensors, or which thresholds a consultancy must use. That looks like a weakness but is, on balance, a strength: the evidence base for UXO risk has improved materially since 2009, and a more prescriptive document would already be obsolete. The trade-off is that quality varies between providers, and the framework relies on professional judgement to do work that a more rule-bound system would do automatically.
That last point leads naturally to where the framework is showing its age, and where there is room to push further.
The most obvious gap is the absence of a statutory accreditation regime for UXO consultancies in the UK. Individual ordnance specialists may hold relevant military qualifications and continuing professional development; consultancies may be members of trade bodies or hold CHAS, SSIP and ISO accreditations relevant to construction generally. None of that amounts to a sector-specific licence to practise. A commissioner choosing between two UXO consultancies cannot, today, point to a single accreditation that distinguishes a competent provider from an incompetent one. Other safety-critical disciplines have moved further on this, and the UXO sector would benefit from doing the same.
The second gap is data. Each new UXO desk study in a heavily bombed UK city largely rebuilds, from primary sources, a body of historical bombing data that has already been rebuilt many times by other consultancies for adjacent sites. There is no shared, version-controlled, sector-wide reference dataset against which individual studies can be reconciled. A commissioner buying two desk studies for adjacent sites a year apart, from two different providers, can reasonably end up with two different historical pictures. Investment in a sector-level data infrastructure — whether industry-led, regulator-led, or a hybrid — would reduce duplication and improve consistency at the same time.
The third gap is reporting consistency. CIRIA C785 specifies what a risk assessment should do, but not what it should look like. Section structures, residual risk descriptors, and the way recommendations are written vary materially between providers. This makes it harder than it should be for a commissioner to compare two reports, or for a contractor inheriting a project mid-flight to read a report quickly and act on it. A standard reporting schema — at the level of section headings, residual risk taxonomy, and recommendation format — would not constrain professional judgement, but it would make that judgement more legible to the people downstream of it.
The fourth gap, and the one most likely to grow, concerns advances in geophysical interpretation that have moved faster than the guidance. Machine-learning approaches to anomaly classification in magnetometer and EM data are now in commercial use; CIRIA C785 predates their mainstream adoption. The sector will need a route by which new techniques are formally evaluated, validated against ground-truth, and either incorporated into guidance or explicitly excluded. Without that, the gap between what the better consultancies do and what the guidance expects will continue to widen.
For commissioners, none of this changes what to ask for tomorrow morning. C785 is the right reference point, and a consultancy that cannot demonstrate compliance with its stage-gated process is already disqualified. The opportunity is to ask, in addition, how each consultancy goes beyond the C785 baseline: what their internal QA looks like, whether they accept independent peer review, what their data-sharing posture is, and how they evaluate new geophysical techniques. The answers vary widely, and they tell you more than the report ever will.
The Southway find did what UXO finds usually do: it confirmed that the response system in the UK works, and reminded everyone that the prevention system has further to go. The work for the sector, and for the clients who fund it, is upstream of the cordon. Better assurance, more peer review, and a standards framework that keeps moving — none of these are exotic asks. They are the conditions under which incidents like Plymouth become rarer, smaller and less disruptive over time.
Series: Post 1 — Client assurance · Post 2 — Peer review · Post 3 — Standards (this post).