How to Write a Health and Safety Policy

A written health and safety policy is a legal requirement for most UK businesses. It's not just a box-ticking exercise — it's your public statement of commitment to protecting people and the framework that guides your entire health and safety management system.

If you employ 5 or more people, you must have a written health and safety policy. This comprehensive guide will walk you through exactly how to create one that meets legal requirements and actually works for your business.

Do you have a written health and safety policy?

Let's check if you're meeting your legal requirements.

What is a health and safety policy?

A health and safety policy is a formal written statement that explains your approach to managing health and safety in your organisation. It must contain three distinct parts:

Statement of Intent — Your commitment to health and safety
Organisation — Who is responsible for what
Arrangements — How you'll implement the policy in practice

Think of it as your business's health and safety constitution. It sets out your intentions (statement), your governance structure (organisation), and your operating procedures (arrangements).

Key Point

The policy isn't just a document to satisfy inspectors. It's a practical tool that communicates expectations, clarifies responsibilities, and guides decision-making on health and safety matters throughout your organisation.

The legal requirement

Section 2(3) of the Health and Safety at Work Act 1974 states:

"Except in such cases as may be prescribed, it shall be the duty of every employer to prepare and as often as may be appropriate revise a written statement of his general policy with respect to the health and safety at work of his employees and the organisation and arrangements for the time being in force for carrying out that policy, and to bring the statement and any revision of it to the notice of all of his employees."

In plain English, you must:

Prepare a written statement covering policy, organisation, and arrangements
Revise it when necessary (when your business changes)
Communicate it to all employees (they must know what it says)

Who needs a written policy?

5 or more employees: Written policy is mandatory
Fewer than 5 employees: Written policy is not legally required, but you must still have arrangements in place (you just don't have to write them down)

Note:

"Employees" includes full-time, part-time, temporary, and fixed-term contract staff. It doesn't include genuine self-employed contractors, but if you regularly engage people and exercise control over how they work, they may count as employees for this purpose.

Getting started

Before you begin writing, gather the information you'll need:

Information to collect

Your organisation structure
- Who manages what areas of the business?
- Who supervises different teams or locations?
- Who makes decisions on health and safety matters?
Your current arrangements
- What risk assessments have you conducted?
- What training do employees receive?
- How do you handle accidents and emergencies?
- What inspections or checks do you carry out?
- What safety equipment or procedures are in place?
Regulatory context
- What specific regulations apply to your sector?
- Are there industry-specific requirements? (e.g., construction, healthcare, food)
- Do you have regulatory inspection reports to review?
Consultation requirements
- Do you have safety representatives or a safety committee?
- How do employees raise concerns?
- How do you consult on changes?

Tip:

Don't try to write the policy in isolation. Talk to managers, supervisors, and employees. They know what actually happens day-to-day and can help ensure the policy reflects reality, not aspiration.

Choose the right approach

DIY vs Professional Support

Write It Yourself

•Suitable for simple, low-risk businesses
•You understand your business best
•Cost-effective if you have time and knowledge
•Requires understanding of legal requirements
•Need to ensure nothing is missed
•Can use templates as starting point

Professional Consultant

•Better for complex or high-risk operations
•Ensures legal compliance and completeness
•Brings sector-specific knowledge
•Saves time and reduces errors
•May cost £500-£2,000+ depending on complexity
•Still requires your input for accuracy

Bottom line: Many businesses use a middle path: start with a quality template, customise it thoroughly to your business, then have a consultant review it for compliance and completeness. This balances cost, quality, and ownership.

Part 1: Statement of Intent

The Statement of Intent is your public commitment to health and safety. It should be signed by the most senior person in your organisation (CEO, Managing Director, or proprietor) and be visible to all employees.

What to include

Your statement should address:

Commitment to health and safety
- Clear statement that health and safety is a priority
- Recognition that it's a legal and moral duty
- Commitment to continuous improvement
General aims
- Providing safe working conditions
- Preventing accidents and ill health
- Consulting with employees
- Providing training and supervision
Leadership accountability
- Statement that ultimate responsibility lies with senior management
- Commitment to resource allocation
- Expectation that all employees will cooperate
Signature and date
- Signed by the most senior person
- Dated (shows when commitment was made)
- Should be reviewed and re-signed periodically

Example Statement of Intent

Here's a model structure you can adapt:

STATEMENT OF INTENT

[Company Name] recognises its legal and moral duty to provide a safe and healthy working environment for all employees, contractors, visitors, and others who may be affected by our activities.

Our commitment:

We are committed to:

Preventing accidents, injuries, and work-related ill health
Providing adequate resources, training, and supervision to maintain safe working conditions
Identifying and controlling workplace hazards through regular risk assessment
Consulting with employees on health and safety matters
Continuously improving our health and safety performance

Responsibilities:

The Board of Directors/Senior Management accepts overall responsibility for health and safety. However, health and safety is everyone's responsibility, and we expect all employees to cooperate with our arrangements and take reasonable care of themselves and others.

Resources:

We will provide sufficient resources, including competent advice, to implement this policy effectively. We will review our arrangements regularly to ensure they remain appropriate and effective.

Policy review:

This policy will be reviewed at least annually or following significant changes to our organisation or activities.

Signed: _________________________ Date: _________________

[Name], [Job Title]

Key Point

The Statement of Intent should be concise (one or two pages maximum) and written in clear, direct language. Avoid jargon and overly legalistic wording. It's a public commitment that everyone should understand.

Common mistakes in the Statement

Too generic: Copying a template word-for-word without any reference to your specific business or sector.

Too long: Rambling statements that try to cover detailed arrangements belong in Part 3, not the Statement of Intent.

Unsigned or undated: The signature and date demonstrate leadership commitment. Without them, the statement has no authority.

Never reviewed: A statement signed 10 years ago suggests health and safety isn't actively managed. Review and re-sign at least every 2-3 years.

Part 2: Organisation

The Organisation section identifies who is responsible for what. It should clearly define the health and safety roles and responsibilities throughout your organisation, from senior management down to individual employees.

Key principle: Clear accountability

Every health and safety duty must have a named person or role responsible for it. Vague statements like "managers are responsible for safety" aren't enough — you need to specify which manager is responsible for which aspect.

What to include

Senior management responsibilities

Define what your directors, partners, or senior management team are responsible for:

Overall leadership and resource allocation
Approving policy and reviewing performance
Ensuring competent health and safety advice is available
Setting strategic direction and priorities

Example:

The Managing Director is responsible for:

Overall implementation of this health and safety policy

Ensuring adequate resources (financial, human, time) are allocated to health and safety

Reviewing health and safety performance quarterly

Ensuring competent health and safety advice is available

Approving significant changes to working methods or equipment

Middle management responsibilities

If you have department managers, area managers, or similar roles:

Day-to-day implementation of policy in their areas
Conducting risk assessments
Ensuring employees are trained and supervised
Monitoring compliance
Reporting hazards, incidents, and concerns

Example:

Operations Manager is responsible for:

Conducting and reviewing risk assessments for all warehouse operations

Ensuring all warehouse staff receive appropriate training and supervision

Implementing safe systems of work and monitoring compliance

Investigating accidents and near misses in the warehouse

Conducting monthly workplace inspections

Supervisors and team leaders

Those with direct supervision of workers:

Ensuring safe working practices are followed
Providing on-the-job instruction and supervision
Identifying hazards and reporting them
Ensuring equipment is maintained
Setting a good example

Example:

Supervisors and Team Leaders are responsible for:

Ensuring employees under their supervision follow safe working procedures

Providing practical instruction and on-the-job training

Conducting daily workplace checks and reporting defects

Investigating minor incidents and near misses

Ensuring personal protective equipment is used correctly

Specialist health and safety roles

If you have designated health and safety personnel:

Example:

Health and Safety Coordinator is responsible for:

Providing competent health and safety advice to management

Developing and updating risk assessments and safe working procedures

Coordinating training programs

Maintaining health and safety records and documentation

Conducting workplace inspections and audits

Liaising with external advisors and regulators

Employee responsibilities

All employees have duties under Section 7 of the Health and Safety at Work Act 1974:

Example:

All Employees are responsible for:

Taking reasonable care of their own health and safety and that of others affected by their actions

Cooperating with management on health and safety matters

Following training, instructions, and safe working procedures

Using equipment and personal protective equipment correctly

Reporting hazards, defects, accidents, and near misses immediately

Not interfering with or misusing anything provided for health and safety

Specialist advisers (if applicable)

If you use external consultants, occupational health providers, or safety advisers:

Example:

External Health and Safety Consultant [Name/Company] provides:

Competent health and safety advice when specialist knowledge is required

Annual review of risk assessments and policy

Training on specific topics (e.g., working at height, COSHH)

Support with regulatory compliance and interpretation

Organisation chart

For larger organisations, include an organisational chart showing the health and safety reporting structure. This visualises who reports to whom on safety matters.

Note:

The organisation section should reflect your actual structure. If you're a small business with a flat hierarchy, a simple list of responsibilities is fine. If you're a larger organisation with multiple departments and layers, you'll need more detail to ensure nothing falls through the gaps.

Common mistakes in the Organisation section

Too vague: "Managers are responsible for health and safety" doesn't specify which manager or which aspects.

Doesn't match reality: Naming someone who doesn't actually have the authority, knowledge, or time to fulfil the role.

Copying from a template: Using generic job titles that don't exist in your organisation (e.g., "Site Safety Officer" when you don't have one).

Forgetting employee responsibilities: Focusing only on management duties and not clarifying what employees are expected to do.

No provision for competent advice: Failing to identify who provides competent health and safety knowledge, especially if no one internal is qualified.

Part 3: Arrangements

The Arrangements section is the most detailed part of your policy. It describes the practical measures you have in place to manage health and safety — your systems, procedures, and processes.

This section should cover:

1. Risk assessment

Describe your approach to identifying hazards and assessing risks:

Example:

Risk Assessment

We conduct systematic risk assessments for all work activities, premises, and processes. Risk assessments are:

Conducted using the HSE 5-step approach

Carried out by competent persons (managers with IOSH Managing Safely training or external consultant)

Documented using our standard risk assessment template

Reviewed annually or following accidents, changes to work activities, or when new hazards are identified

Communicated to all affected employees through team briefings and displayed in work areas

Specific risk assessments are conducted for:

General workplace hazards (slips, trips, falls, manual handling, DSE)

Fire safety (in accordance with Regulatory Reform (Fire Safety) Order 2005)

Hazardous substances (COSHH assessments for cleaning chemicals and materials)

New and expectant mothers (when employees notify us of pregnancy)

Young workers (under 18 years)

Risk assessment records are maintained by the Health and Safety Coordinator and available to all employees on the staff intranet.

2. Consultation with employees

How you involve employees in health and safety matters:

Example:

Consultation

We consult with employees on health and safety through:

Monthly health and safety committee meetings (representatives from each department)

Team briefings where managers discuss relevant risks and controls

Annual employee survey on health and safety concerns

Open-door policy for employees to raise concerns with their supervisor or the H&S Coordinator

Employees are consulted before introducing new equipment, substances, or working methods that may affect their health and safety. Safety representatives have the right to inspect the workplace and investigate accidents.

3. Training

Your approach to ensuring employees are competent:

Example:

Training

All employees receive:

Health and safety induction on their first day, covering fire procedures, first aid, accident reporting, and general workplace risks

Job-specific training before starting tasks (e.g., forklift operation, manual handling, use of chemicals)

Refresher training annually or when procedures change

Additional training when taking on new responsibilities

Training records are maintained for each employee. Managers identify training needs through risk assessment and performance review.

Specialist training is provided for:

Forklift operators (accredited external course, renewed every 3 years)

First aiders (HSE-approved First Aid at Work course, renewed every 3 years)

Fire wardens (annual fire safety training and evacuation drills)

4. Accident and incident reporting

How you record and investigate accidents, near misses, and work-related ill health:

Example:

Accident and Incident Reporting

All accidents, incidents, near misses, and cases of work-related ill health must be reported immediately to the employee's supervisor.

Minor injuries are recorded in the accident book (kept in the office)

Serious injuries are reported to the Managing Director and Health and Safety Coordinator immediately

RIDDOR-reportable incidents (specified injuries, over 7-day injuries, dangerous occurrences, occupational diseases) are reported to HSE within required timescales by the H&S Coordinator

All accidents are investigated by the relevant manager to identify causes and prevent recurrence

Investigation findings are reviewed by senior management and actions tracked to completion

Accident statistics are reviewed quarterly to identify trends and inform risk assessment reviews.

5. Emergency procedures

Your arrangements for fire, first aid, and other emergencies:

Example:

Fire Safety

Fire risk assessment reviewed annually by external fire safety consultant

Fire evacuation plan displayed in all areas

Fire drills conducted every 6 months

Fire alarm tested weekly (Mondays 9am)

Fire extinguishers and emergency lighting inspected annually by contractor

Fire exits and escape routes kept clear at all times

Fire wardens appointed for each area (names displayed on notice boards)

First Aid

4 qualified First Aiders (names and locations displayed on notice boards)

First aid boxes located in reception, warehouse, workshop, and kitchen

First aid boxes checked monthly by appointed person

First aid needs assessment reviewed annually

6. Workplace safety

Your arrangements for maintaining a safe work environment:

Example:

Workplace Inspections

Daily visual checks by supervisors (hazards, housekeeping, equipment condition)

Monthly formal inspections using checklist (conducted by department managers, records kept)

Annual comprehensive inspection by Health and Safety Coordinator or external consultant

Maintenance

All equipment maintained according to manufacturers' recommendations

Defects reported immediately via defect reporting system

Portable electrical equipment tested annually (PAT testing)

Fixed electrical installation tested every 5 years (EICR)

Lifting equipment (forklift, pallet trucks) inspected every 6 months (LOLER)

7. Specific hazard controls

Address the significant hazards specific to your business:

Example sections might include:

Working at height — ladder inspections, scaffold contracts, fall prevention
Manual handling — training, equipment (trolleys, hoists), lifting procedures
Hazardous substances (COSHH) — chemical register, storage, COSHH assessments, PPE
Noise and vibration — assessments, hearing protection zones, health surveillance
Lone working — check-in procedures, personal alarms, risk assessments
Display screen equipment — DSE assessments, eye tests, workstation setup guidance
Workplace transport — forklift rules, pedestrian walkways, speed limits, maintenance
Contractors — permit to work system, induction, coordination of activities

Tip:

Don't try to cover every conceivable hazard in detail. Focus on the significant risks in your workplace. A manufacturing business will need detailed machinery safety arrangements but can cover office risks briefly. A small office business can have minimal arrangements for many categories but should detail DSE and fire safety.

8. Health surveillance (if applicable)

If you have exposures requiring health monitoring:

Example:

Health Surveillance

Employees exposed to significant health risks are enrolled in health surveillance programs:

Noise-induced hearing loss: Annual audiometry for employees in designated hearing protection zones

Hand-arm vibration syndrome: Annual questionnaire and assessment for employees regularly using vibrating tools

Occupational asthma: Respiratory health questionnaires for employees handling certain chemicals

Health surveillance is arranged through our occupational health provider [Name]. Results are reviewed by management and used to assess effectiveness of controls.

9. Personal protective equipment (PPE)

Your policy on provision, use, and maintenance of PPE:

Example:

Personal Protective Equipment (PPE)

Where risks cannot be adequately controlled by other means, appropriate PPE is provided free of charge to employees.

Risk assessments identify where PPE is required

Employees are trained in correct use, limitations, and care of PPE

PPE must be worn in designated areas (signage indicates requirements)

Supervisors monitor compliance and address non-use

Damaged or worn PPE must be reported and will be replaced immediately

PPE is stored correctly when not in use

PPE provided includes: [safety footwear, high-visibility clothing, hearing protection, eye protection, gloves, respiratory protection — as applicable to your business]

10. Monitoring and review

How you check the policy is working and keep it current:

Example:

Monitoring and Review

The effectiveness of this policy is monitored through:

Quarterly health and safety performance reports to senior management

Annual policy review by Managing Director and H&S Coordinator

Workplace inspections and audits

Accident and incident investigations

Employee feedback and consultation

External compliance audits (annually)

This policy will be reviewed:

At least annually

Following significant changes to our organisation, activities, or premises

After serious accidents or near misses

Following regulatory changes or new guidance

When monitoring indicates deficiencies

Any amendments will be communicated to all employees within one month.

Key Point

The Arrangements section should describe what you actually do, not what you wish you did. If you identify gaps while writing this section, create an action plan to fill them — don't just write aspirational arrangements that don't reflect reality.

Length and format

How long should the policy be?

There's no prescribed length, but typical policies are:

Small, low-risk business (e.g., office, shop): 5-15 pages total
Medium-sized business with moderate risks: 15-30 pages
Larger or high-risk operation: 30-50+ pages

Note:

Quality and clarity matter more than length. A concise 10-page policy that accurately describes your arrangements and is read by employees is far better than a 50-page generic document that sits unread in a file.

Format considerations:

Use clear headings and numbering for easy reference
Plain language — avoid jargon and overly technical terms where possible
Bullet points for lists and key points (easier to scan than dense paragraphs)
Consistent formatting throughout (fonts, spacing, style)
Version control — include version number, date of issue, and review date on front page
Accessible — available in formats employees can access (printed, PDF, intranet)

Common mistakes to avoid

1. Generic template with minimal customisation

The mistake: Downloading a template, changing the company name, and assuming you're done.

Why it's a problem: Generic policies don't reflect your actual organisation, risks, or arrangements. They're obvious to inspectors and useless to employees.

The fix: Use templates as a starting point, but customise every section to reflect your specific business, structure, hazards, and procedures. Remove sections that don't apply; expand sections that are critical to your operations.

2. Writing what you think should exist, not what does

The mistake: Describing ideal arrangements that aren't actually in place (e.g., "monthly safety inspections" when you've never done one).

Why it's a problem: Creates a paper trail of failure. If an incident occurs and your policy promises monthly inspections but you have no records of them, this is evidence of poor management and breach of policy.

The fix: Be honest. Describe your actual arrangements. If they're inadequate, acknowledge the gap and create an action plan to improve — don't pretend everything is perfect.

3. Never reviewing or updating

The mistake: Writing the policy once (often when first required or for a tender) and never looking at it again.

Why it's a problem: Your organisation changes (new locations, equipment, processes, people). An outdated policy doesn't reflect current arrangements and provides false assurance.

The fix: Review at least annually. Set a calendar reminder. Review immediately when significant changes occur. Document each review with date and any amendments made.

4. Not communicating it to employees

The mistake: Completing the policy and filing it, without telling employees it exists or what it says.

Why it's a problem: Section 2(3) HSWA 1974 requires you to bring the policy to the notice of employees. If they don't know about it, you're not complying, and the policy can't guide behaviour.

The fix: Induct new employees on the policy. Display the Statement of Intent in prominent locations. Make the full policy accessible (printed copies in break rooms, PDF on intranet). Discuss relevant sections in team briefings.

5. Over-complicating simple situations

The mistake: A small business with low risks producing a 40-page policy that tries to cover every conceivable scenario in exhaustive detail.

Why it's a problem: Wastes time, creates unnecessary burden, and results in an unreadable document that's ignored.

The fix: Be proportionate. If you're a small office with minimal risks, a concise policy covering the basics is sufficient. Focus effort on having clear, practical arrangements rather than voluminous documentation.

6. Failing to link policy to practice

The mistake: Policy sits in isolation, with no connection to risk assessments, training, or day-to-day operations.

Why it's a problem: The policy is supposed to be the framework for your health and safety management. If it's disconnected from reality, it serves no purpose.

The fix: Reference the policy in training and induction. Use it as the basis for risk assessments and procedures. Refer to it when making decisions. Make it a living document that guides action, not a compliance artifact.

7. No ownership or accountability

The mistake: No one is clearly responsible for maintaining the policy or ensuring it's implemented.

Why it's a problem: Without ownership, the policy isn't kept current, gaps aren't addressed, and implementation drifts.

The fix: Assign clear responsibility for policy maintenance (usually senior management or H&S Coordinator). Include policy review as a standing agenda item in management meetings. Track implementation through audits or inspections.

Warning(anonymised)

Prosecution for outdated policy

The Situation

A medium-sized manufacturing company had a health and safety policy written 8 years earlier by a consultant. The company had since expanded to new premises, introduced new machinery, and changed their management structure. Following a serious accident involving machinery not mentioned in the policy, HSE prosecuted.

What Went Wrong

✗Policy described old premises layout and machinery that was no longer in use
✗Named managers who no longer worked for the company
✗Didn't mention new processes or associated hazards introduced in last 5 years
✗Arrangements described (e.g., weekly inspections, quarterly safety meetings) weren't actually happening
✗No review dates or version control on policy document
✗Employees weren't aware of the policy or where to find it

Outcome

The company was prosecuted under Section 2 and Section 33 of HSWA 1974 for failing to maintain a current policy and failing to implement stated arrangements. Fine of £200,000 plus costs of £45,000. The court stated the policy was 'a work of fiction' that bore no relation to current operations, demonstrating systematic failure of health and safety management.

Key Lesson

Your policy must be a current, accurate reflection of your organisation and arrangements. Set a mandatory annual review. Update immediately when your business changes. Ensure someone senior owns the policy and is accountable for keeping it relevant. An outdated policy is evidence of neglect, not evidence of compliance.

DIY vs hiring a professional

When you can write it yourself

You can reasonably write your own policy if:

You're a small business with straightforward, low-risk activities
You have a good understanding of health and safety law and your duties
You have time to research and write carefully
You're willing to use quality templates and guidance as a starting point
You can identify your risks and current arrangements accurately

Recommended approach:

Take a short health and safety training course (e.g., IOSH Working Safely or Managing Safely)
Use HSE templates and guidance specific to your sector
Adapt carefully to reflect your actual situation
Have someone external review it (another business owner, trade association, or consultant)
Budget for this: 10-20 hours of your time + any training costs

When to hire a professional

Consider professional help if:

You have complex operations or high-risk activities (manufacturing, construction, chemicals)
You're not confident identifying all applicable legal requirements
You've had regulatory inspections or enforcement action
You employ more than 20-30 people across multiple sites
You work in a highly regulated sector (healthcare, education, care homes)
You don't have time to research and write thoroughly

What to expect:

Cost: £500-£2,000+ depending on complexity and size
Process: Consultant will interview managers, inspect premises, review existing arrangements, draft policy, review with you
Time: 2-6 weeks from initial contact to final document
Ongoing: Many consultants offer annual review services (£200-£500/year)

What you'll still need to do:

Even with a consultant, you must:

Provide accurate information about your organisation and activities
Review and approve the draft (don't just sign off without reading)
Implement the arrangements described (consultant can write it, but you must do it)
Maintain and review the policy regularly

DIY vs Professional

Do It Yourself

•Lower upfront cost (time, not money)
•You understand your business best
•Ensures you deeply understand your duties
•Full control over content and style
•Risk of missing legal requirements
•May lack sector-specific knowledge

Professional Consultant

•Ensures legal compliance and completeness
•Sector-specific expertise and templates
•Saves significant time
•Provides credibility with clients/regulators
•Higher upfront cost
•Still requires your active input and review

Bottom line: Many small to medium businesses use a hybrid: they draft the policy themselves using quality templates and guidance, then pay for a consultant to review and identify gaps. This balances cost, learning, and quality assurance. Budget £300-£800 for a review-only service.

Reviewing and updating your policy

A health and safety policy is never "finished." It must be reviewed regularly and updated when necessary.

When to review

Mandatory review triggers:

At least annually — set a calendar reminder for the anniversary of the last review
Following significant changes:
- New premises or substantial alterations
- New equipment, machinery, or technology
- Changes to work processes or materials used
- Organisational restructuring (new managers, changed reporting lines)
- Significant changes to workforce size or composition
After serious incidents — accidents, near misses, or occupational ill-health cases
Following regulatory changes — new laws, updated guidance, or industry standards
After enforcement action — HSE notices, prosecution, or warning letters
When audit or inspection reveals gaps — internal reviews, client audits, or external assessments

Warning:

Many prosecutions cite failure to update the policy after changes to the business. Courts view this as evidence of inadequate management and disregard for health and safety. Don't let your policy become a historical document.

How to conduct a review

Schedule it: Book time in the diary for senior management and relevant managers
Compare policy to reality:
- Does the organisation chart reflect current management?
- Are named individuals still in those roles?
- Do the arrangements described actually happen?
Check for changes:
- New risks or activities not covered?
- Regulations updated since last review?
- Industry guidance changed?
Review performance:
- What incidents occurred? What does this reveal?
- Are arrangements effective or just documented?
- Employee feedback on policy clarity or gaps?
Update and communicate:
- Make necessary amendments
- Update version number and review date
- Communicate changes to all employees

Document the review

Keep a simple review log:

Review Date	Reviewed By	Changes Made	Next Review Due
15/01/2024	J. Smith (MD), A. Jones (H&S)	Updated organisation chart following appointment of new Operations Manager. Added section on new CNC machinery.	15/01/2025
22/03/2024	J. Smith	Minor amendment to fire warden names following retirement of B. Green	15/01/2025

Communicating your policy

Writing the policy is only half the job. Section 2(3) HSWA 1974 requires you to bring it to the notice of employees. Here's how:

Initial communication

New employees: Include policy review in induction on first day. Explain where to find full policy. Provide summary of key responsibilities.
Existing employees when policy is first issued: Team meetings to introduce policy. Email with link to full document. Summary handout of key points.
Display: Post the Statement of Intent in prominent locations (break rooms, notice boards, entry areas).

Ongoing accessibility

Physical copies: Available in accessible locations (office, break room, reception)
Digital access: PDF on intranet, staff portal, or shared drive (ensure all employees can access)
Summary cards: Wallet-sized cards with key emergency contacts and responsibilities
Onboarding materials: Policy included in staff handbook or induction pack

Reinforcement

Reference in training: "As stated in our health and safety policy..."
Team briefings: Discuss relevant sections when addressing specific risks
Performance reviews: Manager and employee responsibilities include compliance with policy
Incident investigations: Review policy to see if it was followed and if it's adequate

Tip:

Don't just hand out the policy and assume people will read 30 pages. Create a one-page summary highlighting key points: who to report accidents to, who is responsible for what, where to find key information. Use this for induction and as a quick reference.

Frequently asked questions

No, the legal requirement for a written policy only applies to employers with 5 or more employees. However, you still have the same health and safety duties (risk assessment, safe systems of work, training, etc.) — you just don't have to write them down. Many small employers choose to create a simple written policy anyway as it helps clarify responsibilities and demonstrates good practice to clients or regulators.

There's no set length. It should be long enough to cover your organisation, responsibilities, and arrangements adequately, but not so long that it becomes unreadable. A small, low-risk business might have a 5-10 page policy. A larger or higher-risk operation might need 30-50 pages. Quality, clarity, and accuracy matter far more than length.

Templates are an excellent starting point, but you must customise them thoroughly to reflect your specific business, organisation structure, risks, and arrangements. A generic template with just the company name changed is not compliant. Use HSE templates or reputable sector-specific templates, then adapt every section to match your reality.

The Statement of Intent must be signed by the most senior person in your organisation — the person with ultimate responsibility for the business. This could be the CEO, Managing Director, proprietor, or in a partnership, the senior partner. If it's a charity or trust, the Chair of Trustees typically signs. The signature demonstrates leadership commitment and accountability.

The law says 'as often as may be appropriate' without specifying a frequency. Best practice is at least annually, and immediately following significant changes to your organisation, activities, or premises. Many businesses conduct formal annual reviews and ad-hoc reviews when changes occur. Document each review with date and any amendments made.

You need one overarching health and safety policy for the organisation. However, if you have multiple sites with different operations, you might have site-specific appendices that detail local arrangements. The Statement of Intent and overall organisation typically apply across the business, but arrangements can be tailored to different sites or activities within the main policy document.

If you employ 5 or more people and don't have a written policy, you're in breach of Section 2(3) of the Health and Safety at Work Act 1974. An HSE inspector can issue an improvement notice requiring you to produce one. Persistent failure or failure in conjunction with other breaches can lead to prosecution and unlimited fines. More importantly, without a policy, you lack the framework for managing health and safety effectively.

Your Statement of Intent and overall approach can be general, but your Arrangements section should reference specific regulations that apply to your business (e.g., COSHH, LOLER, PUWER, Fire Safety Order). This demonstrates you understand your specific legal duties. However, avoid lengthy quotes from regulations — reference them and explain how you comply in practical terms.

Yes, and you should encourage this. Consultation with employees is a legal requirement and good practice. If employees identify gaps, unclear responsibilities, or impractical arrangements, you should consider their input seriously. While management has ultimate responsibility for the policy's content, employee feedback improves quality and increases buy-in.

The policy must be available to all employees and should be shown to HSE inspectors on request. There's no legal requirement to publish it to the general public, though some organisations do (e.g., on their website as evidence of good practice). Clients or contractors may request a copy to assess your capability. You can refuse unreasonable requests but should share with legitimate stakeholders.

Get Your Template

Health & Safety Policy Template

Save hours of work with our professionally written, fully customisable template. Includes all three required sections with example text and guidance notes.

✓ Word format - easy to edit
✓ Compliant with UK law
✓ Guidance notes throughout
✓ Example text for all sections

Coming soon - join our mailing list to be notified when templates are available.

Next steps

To create your health and safety policy:

Understand the requirement — Three parts: Statement of Intent, Organisation, Arrangements
Gather information — Your current organisation structure and arrangements
Write the Statement of Intent — One to two pages, signed by senior management
Define the Organisation — Clear responsibilities for every level from directors to employees
Document Arrangements — What you actually do to manage each significant risk area
Be specific and honest — Reflect reality, not aspiration; identify gaps and plan to address them
Review carefully — Check it matches your actual business before finalizing
Communicate — Bring it to the notice of all employees through induction, display, and accessibility
Implement — Ensure the arrangements you've documented actually happen
Review regularly — At least annually and whenever your business changes significantly

Need a professionally written health and safety policy tailored to your business? Our consultants can interview your team, inspect your premises, and create a comprehensive, compliant policy that reflects your actual operations and meets all legal requirements.

Speak to a professional

Related articles:

Useful tools: