Lone Working Policy: What UK Employers Must Include And Why It Matters

If you run a small business, it’s easy to assume “lone working” only applies to security guards or remote field engineers.

But in reality, lone working happens everywhere - opening up a shop early, locking up after hours, driving to client sites, working from home, covering a quiet reception area, or handling call-outs when nobody else is on shift.

A clear, practical lone working policy helps you manage risk, meet your health and safety duties, and reduce the chances of an incident turning into a serious injury, a claim, or a regulator issue. It also gives your team confidence that you’re taking their safety seriously.

Below, we’ll break down what a lone working policy should cover, why it matters legally, and how to make it workable in day-to-day operations.

What Counts As Lone Working (And Why Employers Should Care)

Lone working is usually where someone is working:

• by themselves, without close or direct supervision; and/or
• in a situation where help may not be readily available if something goes wrong.

This can be a regular arrangement (like a night cleaner or a delivery driver), or occasional (like a manager being first in the office, or a staff member staying late to finish admin).

Common Lone Working Examples In Small Businesses

• Retail and hospitality: opening/closing alone, stockroom duties, taking out bins after hours
• Trades and home services: visiting private homes, working on-site with no colleagues nearby
• Healthcare and care services: home visits, lone clinical sessions, community outreach
• Office-based businesses: working late, working from home, travelling solo for meetings
• Warehousing/light industrial: being alone in parts of a premises, weekend shifts

Even if lone working is rare in your business, you still need to think about it. Incidents often happen during “edge case” situations - like when someone is alone, tired, or rushing to lock up.

Do You Need A Lone Working Policy Under UK Law?

There isn’t one single UK law that says “you must have a lone working policy”. But as an employer, you do have broad duties to protect your workers’ health, safety and welfare - and lone working is a foreseeable risk in many workplaces.

In practice, having a lone working policy is one of the simplest ways to show that you’re managing that risk properly and consistently.

The Legal Duties Behind Lone Working Policies

A lone working policy generally sits under your wider health and safety framework. In plain English, the key legal idea is:

• you should identify hazards, assess risk, and put in place sensible controls so people can work safely - including when they’re alone.

In the UK, these duties are typically framed by the Health and Safety at Work etc. Act 1974 (for example, the general duty to ensure, so far as is reasonably practicable, employees’ health, safety and welfare at work) and the Management of Health and Safety at Work Regulations 1999 (including suitable and sufficient risk assessments and arrangements for planning, organisation, control, monitoring and review of preventive and protective measures).

This is closely connected to your overall approach to Health And Safety, including risk assessments, training, reporting procedures, and ongoing review.

Why This Matters From A Business Risk Perspective

If something goes wrong during lone working, the questions you’ll be asked (internally and externally) are usually predictable:

• Did you know lone working was happening?
• Did you assess the risks?
• Did you have a clear process for check-ins, emergencies, and reporting?
• Were staff trained on what to do?
• Did you take action after near misses?

A well-written policy won’t prevent every incident - but it can prevent a lot of avoidable ones, and it can put you in a much stronger position if an incident is investigated.

What To Include In A Lone Working Policy (A Practical Checklist)

A good lone worker policy is not a generic document that sits in a folder. It should be written around your real risks and how your business actually operates.

Here’s what UK employers typically include in a workable lone working policy.

1) Clear Scope And Definitions

• What your business considers “lone working”
• Which roles, locations, and working patterns it covers
• Whether it applies to employees, workers, contractors, and agency staff

This avoids confusion, especially where lone working is occasional (for example, “closing alone” once a week).

2) Responsibilities (Who Does What)

Your policy should make it clear who is responsible for:

• completing and reviewing risk assessments (manager / business owner / H&S lead)
• authorising lone working (e.g. which tasks require approval)
• check-in monitoring (who receives the calls/messages)
• responding to missed check-ins and emergencies
• reporting hazards, near misses, and incidents (all staff)

This is also a good time to make sure your wider HR documentation lines up - for example, the rules around expected behaviour, reporting, and compliance are often set out in a Workplace Policy framework.

3) Lone Working Risk Assessment Approach

Your policy should explain the risk assessment process in plain language, including:

• hazards (violence, slips/trips, machinery, manual handling, medical issues, fatigue, fire, working at height, driving)
• who may be harmed and how
• risk controls you will use (see below)
• review triggers (new site, new task, incident, near miss, change in hours, pregnancy, health changes)

For many small businesses, this is the difference between a policy that “sounds nice” and a policy that actually reduces risk.

4) Controls: How You’ll Keep Lone Workers Safe

This is the heart of your lone working policy: the controls you put in place. Depending on your business, this might include:

• Buddy systems for higher-risk tasks (no lone working allowed)
• Check-in procedures (start-of-shift, periodic check-ins, end-of-shift confirmation)
• Escalation plans (what happens if someone misses a check-in)
• Safe travel rules (route planning, parking guidance, no risky areas at night where avoidable)
• Client/site visit controls (address verification, “where are you going” logs, leaving if unsafe)
• On-site security steps (locked doors, controlled entry, panic alarms, well-lit exits)
• Restrictions (no lone working for certain tasks, times, or sites)

Keep this part realistic. If you say you’ll do hourly check-ins but nobody has time to monitor them, the policy won’t be followed when you need it most.

5) Training, Supervision And Competence

Your policy should cover:

• induction training for lone working risks and procedures
• task-specific training (e.g. dealing with challenging customers, conflict de-escalation, first aid basics)
• how new starters will be supervised before lone working is permitted
• refresher training intervals

Also consider how your contracts and onboarding documents support this. For example, clear duties, rules, and expectations are often reinforced in an Employment Contract.

6) Emergency Procedures (Including Medical Emergencies)

Spell out what a lone worker should do if:

• they feel unsafe
• they are threatened or assaulted
• there is a fire or alarm
• they have an accident or sudden illness
• they witness a dangerous incident

Include practical details like:

• who to contact first
• when to call 999
• how to safely exit the premises
• what information to provide (location, nature of incident, whether anyone else is present)

7) Reporting, Incident Management And Review

Your policy should encourage staff to report:

• near misses
• hazards (for example, broken locks, poor lighting, aggressive repeat visitors)
• incidents (including verbal threats)

Then explain what you will do as the employer:

• record the report
• investigate
• update risk controls
• provide support to the worker (including wellbeing support where needed)
• review whether lone working should continue for that task/location

This continuous improvement loop is often what regulators look for - not perfection, but a sensible system that learns from problems.

Lone Working And Monitoring: CCTV, Check-Ins, Apps, And Data Protection

Many businesses rely on monitoring tools to keep lone workers safe - for example, CCTV at entrances, GPS on work vehicles, lone worker apps, or phone check-ins.

These can be great safety controls, but they also raise privacy and data protection considerations. You want to protect your workers while staying on the right side of UK GDPR and the Data Protection Act 2018.

CCTV And Workplace Cameras

If you use cameras as part of your lone working safety measures, make sure you’re clear on what’s allowed and what’s proportionate. The rules can vary depending on where cameras are placed and what they capture, so it’s worth checking the practical risks around CCTV in staff areas and customer-facing premises.

Audio Recording And Surveillance

Audio recording is generally more intrusive than video alone. If you’re considering CCTV with audio (for example, to protect lone staff at reception or in a shop), you’ll want to tread carefully and document your reasoning, because the compliance risks are higher. This is particularly relevant if your system can capture private conversations, so it’s worth understanding the practical issues around CCTV With Audio.

Call Recording And Safety Check-Ins

Some businesses record calls (for example, check-in calls, customer calls, or call centre interactions). If recordings are part of your lone working process, you should be transparent about that and set clear boundaries, as the rules around Recording Conversations can be misunderstood.

IT Systems, Remote Working, And Acceptable Use

For home-based lone workers, a lot of risk management is operational (ergonomics, mental wellbeing, clear check-ins) - but don’t forget information security. If people are working remotely and using company systems, it’s sensible to align lone working arrangements with an Acceptable Use Policy so expectations around devices, access, and reporting issues are clear.

Keep It Proportionate And Transparent

Whatever tool you use, the guiding principles are usually:

• Only collect what you need: don’t monitor “because you can”.
• Be transparent: tell staff what you monitor, why, and how long you keep data.
• Limit access: only the right people should see CCTV footage, location logs, or recordings.
• Review regularly: ensure the monitoring remains necessary and effective.

As a rule, monitoring should have a clear UK GDPR compliant basis and documentation behind it (for example, a lawful basis for processing, an up-to-date employee privacy notice, appropriate signage where relevant, and a data protection impact assessment (DPIA) where monitoring is likely to be high risk).

If you’re unsure, it’s best to get advice early - retrofitting compliance after a complaint is usually far more painful.

How To Roll Out Your Lone Working Policy So It Actually Works

Even a solid lone working policy can fall apart if it isn’t implemented properly. For small businesses, the goal is not to create paperwork - it’s to create a habit of safe working.

Step 1: Identify Where Lone Working Happens In Your Business

Start simple. List your roles and work patterns, and ask:

• When are people working alone?
• Where are they working alone (site, home, public spaces, client premises)?
• What are the realistic risks in those situations?

Step 2: Complete Or Update Risk Assessments

A policy should reflect your risk assessment findings - not replace them.

If your business has multiple sites or multiple types of lone working, consider doing task-based assessments (e.g. “closing the shop”, “home visits”, “late office work”) rather than one generic assessment.

Step 3: Decide What Controls You’ll Use

This is where you balance safety and practicality. For example:

• A simple “text-in/text-out” process might be enough for low-risk lone working.
• Higher-risk roles may need scheduled calls, a buddy system, or a lone worker alarm solution.
• Some tasks might be “no lone working allowed”, full stop.

Step 4: Train Your Team And Your Managers

Make sure staff understand:

• what the policy says
• how to use check-in processes
• how to report concerns
• what you expect them to do if they feel unsafe

Managers also need to understand the “why” - because if they treat lone working controls as optional, others will too.

Step 5: Review After Incidents, Near Misses, Or Business Changes

Your lone working policy shouldn’t be static. Review it if:

• you change premises
• you introduce new services (e.g. home visits)
• you extend opening hours
• there’s a report of violence, threats, or an injury
• you notice the check-in system isn’t being followed

This is also where good documentation helps - it’s much easier to show you acted responsibly if you can demonstrate review dates, updated controls, and training steps.

Key Takeaways

• A lone working policy helps you manage real workplace risk and demonstrates that you’re taking sensible steps to protect staff who work alone.
• You may not be “required” to have a specific policy by name, but your broader UK health and safety duties (including under the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999) mean you should assess lone working risks and put practical controls in place.
• A strong lone worker policy should clearly cover scope, responsibilities, risk assessment, safety controls (like check-ins), training, emergency procedures, and incident reporting.
• If you use CCTV, call recording, GPS tracking, or lone worker apps, make sure monitoring is transparent, proportionate, and supported by UK GDPR compliance steps (such as a lawful basis, appropriate notices/signage, and a DPIA where required).
• The best policy is the one that actually gets used - keep it practical, train your team, and review it when your business changes or incidents occur.

If you’d like help putting together a lone working policy (or tightening up your wider workplace policies and contracts), you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.