Fire Risk Assessment Malaysia: FRA Guide for Factory and Premises Owners

BOMBA shows up for your fire certificate inspection. The officer asks to see your fire risk assessment. You hand over a document from 2019 that lists "general fire risks" in three paragraphs with no floor plans, no risk ratings, and no action items. The officer shakes his head. Your fire certificate renewal is delayed. Your insurer is notified. And you realise that the piece of paper you thought was a fire risk assessment is nothing close to what's actually required.

This guide walks you through what a proper fire risk assessment looks like in Malaysia, who needs one, what the process involves, and how it connects to your BOMBA compliance and insurance coverage.

This guide covers:

• What a fire risk assessment (FRA) is and why it's required
• Legal basis for FRA in Malaysia
• The 5-step FRA process
• Common fire hazards by premises type
• What BOMBA inspectors look for regarding FRA
• How FRA connects to fire insurance and IAR
• When to review and update your FRA
• Common FRA mistakes and how to avoid them

What Is a Fire Risk Assessment?

A fire risk assessment (FRA) is a systematic evaluation of your premises to identify fire hazards, determine who is at risk, evaluate the adequacy of existing fire safety measures, and recommend improvements where needed. It's not a one-page checklist. It's a structured document that forms the basis of your entire fire safety strategy.

FRA Component	What It Covers	Why It Matters
Fire hazard identification	Sources of ignition, fuel sources, and oxygen sources in the premises	You can't control a risk you haven't identified
People at risk	Workers, visitors, contractors, nearby premises occupants	Determines evacuation planning and fire safety measures needed
Existing controls evaluation	Current fire detection, suppression, compartmentation, and evacuation measures	Identifies gaps between what you have and what you need
Risk rating	Likelihood × consequence for each identified fire risk	Prioritises which risks need immediate action
Action plan	Specific improvements needed, responsible person, target completion date	Turns assessment into action; demonstrates due diligence

The FRA is a living document. It's not something you commission once and file away. It must be reviewed regularly and updated whenever your premises, operations, or occupancy changes.

Legal Basis for FRA in Malaysia

Legislation	FRA Requirement	Who It Applies To
Fire Services Act 1988 (Act 341)	Premises owners must ensure fire safety measures are in place; FRA is the mechanism to determine what's needed	All designated premises requiring fire certificate
UBBL 1984 (Uniform Building By-Laws)	Fire safety requirements for building design, compartmentation, and means of escape	All buildings regulated under UBBL
OSHA 1994 (Section 15)	Employer must assess workplace risks including fire; FRA is part of the general duty to provide a safe workplace	All workplaces
CIMAH 1996	Safety report must include fire and explosion risk assessment for major hazard installations	MHI and NMHI facilities

In practice, BOMBA expects premises with fire certificates to have a documented FRA. During BOMBA inspections, officers may ask to see your fire risk assessment as evidence that you've systematically evaluated fire risks and taken appropriate measures. A missing or outdated FRA is a red flag.

The 5-Step FRA Process

Step 1: Identify Fire Hazards

Walk through every area of your premises and identify the three elements of the fire triangle: ignition sources, fuel sources, and oxygen sources.

Fire Triangle Element	Common Sources in Factories	Common Sources in Commercial Premises
Ignition sources	Hot work (welding, cutting), electrical faults, overheated machinery, static electricity, hot surfaces, smoking	Electrical faults, cooking equipment, lighting fixtures, heating systems, arson
Fuel sources	Flammable liquids, solvents, oil, gas, combustible dust, raw materials, packaging, timber pallets	Paper, furniture, textiles, stored goods, plastics, waste accumulation
Oxygen sources	Natural ventilation, forced ventilation systems, oxidising chemicals, oxygen cylinders	Air conditioning systems, natural ventilation, open windows

Step 2: Identify People at Risk

People Category	Special Considerations
Workers in the immediate area	Most exposed; need clear evacuation routes and fire training
Workers in adjacent areas	May not be aware of fire in another zone; need fire alarm coverage
Night shift workers	Fewer people on site; reduced detection and response capability
Visitors and contractors	Unfamiliar with layout and exits; need sign-in and induction on fire procedures
Persons with disabilities	May need assisted evacuation; personal emergency evacuation plans (PEEPs)
Occupants of neighbouring premises	Fire can spread; your FRA should consider impact on neighbours

Step 3: Evaluate Existing Fire Safety Measures

Assess whether your current fire safety measures are adequate to control the identified risks.

Fire Safety Category	What to Evaluate	Standard to Check Against
Fire detection	Smoke detectors, heat detectors, manual call points, fire alarm panel	UBBL requirements, MS 1539 (fire alarm systems)
Fire suppression	Sprinkler system, fire extinguishers, hose reels, gas suppression	UBBL, NFPA standards, fire extinguisher requirements
Compartmentation	Fire walls, fire doors, fire stops around penetrations, compartment integrity	UBBL fire resistance ratings
Means of escape	Exit routes, exit signage, emergency lighting, travel distances, exit width	UBBL maximum travel distances, exit capacity calculations
Housekeeping	Waste management, storage of flammables, electrical maintenance, escape route clearance	General fire safety best practices
Emergency planning	ERP, fire drills, staff training, assembly points	OSHA 1994, Fire Services Act 1988

Step 4: Rate the Risk and Create an Action Plan

For each identified fire hazard, rate the risk using a simple likelihood × consequence matrix.

Risk Rating	Meaning	Action Required
High	Fire is likely to occur and consequences could be severe (death, major property loss)	Immediate action required; consider stopping the activity until controls are in place
Medium	Fire is possible and consequences could be significant	Action within defined timeframe (days to weeks); additional controls needed
Low	Fire is unlikely and consequences are limited	Maintain current controls; monitor and review periodically

Every "High" and "Medium" risk must have a specific action item with a responsible person and target date. This action plan is what turns the FRA from an academic exercise into actual fire safety improvement.

Step 5: Record, Review, and Update

FRA Record Requirement	Details
Documentation	FRA must be in writing with floor plans, risk ratings, and action plan
Assessor	Record who conducted the FRA and their qualifications
Date	Date of assessment and date of next scheduled review
Review frequency	At least annually, or whenever significant changes occur
Triggers for early review	Fire incident, near-miss, change of use, building modification, new processes or materials introduced
Retention	Keep all FRA records including superseded versions for at least 5 years

Common Fire Risks by Premises Type

Premises Type	Top Fire Risks	Key FRA Focus Areas
Manufacturing factory	Hot work, electrical faults, flammable materials storage, machinery overheating, combustible dust	Hot work controls, electrical maintenance, flammable storage segregation, dust extraction
Chemical plant	Flammable chemical storage, process reactions, static discharge, vapour release	Chemical compatibility, ventilation, gas detection, explosion-proof equipment
Food factory	Cooking equipment, oil fryers, flour/sugar dust, electrical faults in cold rooms	Kitchen suppression systems, dust control, electrical maintenance in wet environments
Warehouse	High-rack storage, packaging materials, forklift charging areas, arson	Sprinkler design for high racks, aisle width for fire brigade access, perimeter security
Data centre	Electrical systems, UPS battery rooms, cable fires, HVAC failures	Gas suppression systems, cable management, battery room ventilation, early detection
Commercial office building	Electrical faults, smoking, kitchen areas, server rooms, waste accumulation	Electrical inspection, means of escape, fire door integrity, tenant coordination

Connection Between FRA and Insurance

Your fire risk assessment directly affects two key insurance products: Fire Insurance and Industrial All Risks (IAR). Insurers care about your FRA because it shows whether you understand and manage your fire risks.

How FRA Affects Insurance

FRA Factor	Impact on Insurance
Comprehensive FRA with action plan	Demonstrates proactive fire risk management; supports favourable underwriting terms
FRA action items completed	Shows continuous improvement; evidence of due diligence in claim situations
No FRA or outdated FRA	Red flag during risk surveys; may result in higher premiums or coverage conditions
FRA identifies high risks but no action taken	Worse than no FRA. You knew about the risk and did nothing. This undermines your defence in claims.
Risk survey recommendations align with FRA	When insurer's risk surveyor visits, a good FRA shows you're already managing the risks they're concerned about

FRA and Claims

Scenario	Without FRA	With FRA
Electrical fire in factory	No documented risk assessment. Adjuster asks what fire prevention measures were in place. No evidence of systematic approach.	FRA documented electrical fire risks, recommended thermographic survey, and action was completed. Despite fire, employer can show due diligence.
Fire spreads due to compromised fire door	Adjuster finds fire doors wedged open. No FRA means no evidence that compartmentation was ever assessed.	FRA identified fire door integrity as an action item. Monthly checks documented. If a door was recently compromised, the FRA shows it was normally managed.

Here's the critical point: an FRA that identifies a fire risk but shows no corrective action is worse than having no FRA at all. If your FRA says "electrical wiring in Section B is deteriorated and poses fire risk" and you didn't fix it, you've documented your own negligence. Always follow through on FRA action items.

Who Should Conduct the FRA?

Premises Type	Who Should Conduct FRA	Notes
Small low-risk premises	Can be done in-house by a competent person (e.g., SHO or trained safety officer)	Person must understand fire safety principles and the premises
Manufacturing factory	Qualified fire safety consultant or in-house SHO with fire safety training	Complex premises with multiple hazards need deeper expertise
Chemical plant / MHI	Specialist fire safety engineer or OKMH (Competent Person for Major Hazards)	CIMAH requires specific competency for fire and explosion risk assessment
Large commercial building	Fire safety consultant with building fire safety experience	Must understand UBBL requirements, means of escape calculations

Common FRA Mistakes

Mistake	Why It's a Problem	How to Fix It
Generic template with no site-specific details	Doesn't reflect actual risks in your premises; useless during BOMBA inspection	Walk the premises physically; assess each area individually
FRA done once and never updated	Premises change over time; FRA from 5 years ago doesn't reflect current risks	Annual review minimum; immediate review after any significant change
Action items identified but never completed	Documents your own negligence; worse than no FRA	Assign responsible person with deadline; track completion; escalate overdue items
Only assessed production floor, ignored offices and utility areas	Fires in electrical rooms, server rooms, and storage areas cause major damage	FRA must cover every area including utility rooms, switch rooms, and external storage
Didn't consider night shift or low-occupancy periods	Fire detection and response may be inadequate outside normal hours	Assess fire safety during all operating scenarios including night shift and holidays
No floor plans in the FRA	Hard to locate hazards or verify evacuation routes without visual reference	Include annotated floor plans showing hazard locations, fire equipment, and escape routes

FRA Compliance Checklist

Item	Status
FRA conducted by a competent person within the last 12 months	☐
All areas of premises assessed (including utility rooms, external storage, roof)	☐
Fire hazards identified: ignition sources, fuel sources, oxygen sources	☐
People at risk identified (including night shift, visitors, neighbours)	☐
Existing fire safety measures evaluated and rated	☐
Risk ratings assigned (high/medium/low) for each hazard	☐
Action plan with responsible person and target dates for all high/medium risks	☐
All overdue action items escalated and tracked	☐
Annotated floor plans included in FRA document	☐
FRA findings communicated to all staff	☐
Next review date scheduled	☐
Fire insurance or IAR in place with adequate sum insured	☐

FAQ

Is a fire risk assessment legally required in Malaysia?

Yes. Under OSHA 1994, employers must assess workplace risks including fire. The Fire Services Act 1988 requires fire safety measures for designated premises. A fire risk assessment is the systematic method to determine what fire safety measures are needed. BOMBA inspectors may ask to see it during fire certificate inspections.

How often should a fire risk assessment be updated?

At least annually. You should also update it immediately after any significant change: building modifications, new processes or materials, change of use, fire incident, or near-miss. An FRA from 5 years ago doesn't reflect your current risks and won't satisfy BOMBA or your insurer.

Can I do the fire risk assessment myself?

For small, low-risk premises, a competent in-house person can conduct the FRA. For factories, chemical plants, and large commercial buildings, engage a qualified fire safety consultant. The assessor must understand fire safety principles, your premises type, and the relevant Malaysian regulations.

Does my fire risk assessment affect fire insurance premiums?

Indirectly, yes. When your insurer's risk surveyor visits, a well-documented FRA with completed action items demonstrates proactive fire risk management. This supports favourable underwriting terms. A missing or poor FRA, or unactioned recommendations, may result in premium loading or additional policy conditions.

What's the difference between FRA and HIRARC?

HIRARC is a general workplace risk assessment covering all hazards (falls, machinery, chemicals, noise, etc.). FRA is specifically focused on fire risks. Your HIRARC should identify fire as a hazard, but the FRA goes much deeper into fire-specific issues like compartmentation, detection systems, means of escape, and fire suppression adequacy.

What happens if BOMBA finds my fire risk assessment is inadequate?

BOMBA may issue directions to improve your fire safety measures, delay your fire certificate renewal, or in serious cases, issue a closure notice. An inadequate FRA suggests you don't understand your fire risks, which undermines confidence in your overall fire safety management.

Should the FRA include floor plans?

Yes. Annotated floor plans are an important part of a proper FRA. They show the location of fire hazards, fire detection and suppression equipment, escape routes, fire exits, and assembly points. Floor plans make the FRA practical and actionable rather than abstract.

Does an FRA cover business interruption risk?

A standard FRA focuses on life safety and property protection. But the findings inform business continuity planning. If your FRA identifies that a fire in the electrical switchroom could shut down the entire factory, that's directly relevant to your business interruption insurance assessment.

Foundation Conclusion

A fire risk assessment is the foundation of everything else in fire safety: your fire prevention measures, your detection and suppression systems, your evacuation plan, and your BOMBA fire certificate. Without a proper FRA, you're guessing at your fire risks instead of managing them.

A well-documented FRA also supports your fire insurance and IAR coverage by demonstrating that you take fire risk seriously. When a claim arises, the difference between "we assessed and managed our fire risks" and "we had no idea" can be significant.

Talk to our risk specialists about fire insurance coverage for your premises

Disclaimer: This article provides general guidance based on current regulations and official agency information as of March 2026. Regulations may be amended. Always verify current requirements with the relevant agency or qualified professionals before making compliance decisions.