UK Health And Safety Policy: What Employers Must Include

If you run a small business in the UK, a health and safety policy isn’t just a nice-to-have. It’s your playbook for keeping people safe, managing risk and showing you’re on top of your legal duties.

The good news? Your policy doesn’t have to be complicated. With a clear structure and a few practical steps, you can put something in place that actually works day to day – not just a document that sits on a shelf.

In this guide, we’ll explain when a health and safety policy is legally required, what it should contain, and how to draft one that fits your business. We’ll also share a simple checklist to help you stay compliant from day one.

What Is A Health And Safety Policy For Small Business?

A health and safety policy is a short document that sets out how your business manages health and safety risks. It typically covers three things:

• Your statement of intent (your commitment to keep people safe)
• Who’s responsible for what (owners, managers, supervisors)
• How you’ll do it (your arrangements, procedures and controls)

Think of it as your roadmap. It tells your team what standards you expect, how to report an issue, and the practical measures you’ll take to prevent accidents and ill health. It sits alongside your risk assessments and day-to-day procedures like induction, training, first aid and incident reporting.

Importantly, your policy should reflect what actually happens in your business. If it says you’ll do weekly checks or certain training, make sure those things happen – or update the policy so it’s realistic and accurate.

If you want a broader overview of setting up and managing workplace safety, you can look at our guidance on Health And Safety In The Workplace.

Do Small Businesses Need One Under UK Law?

Under the Health and Safety at Work etc. Act 1974 (HSWA), every employer must ensure, so far as is reasonably practicable, the health, safety and welfare of employees and others affected by their work. The Management of Health and Safety at Work Regulations 1999 require you to assess risks and put in place appropriate measures.

The specific rule on policies is straightforward:

• If you have five or more employees, you must have a written health and safety policy and bring it to your employees’ attention.
• If you have fewer than five employees, the law does not require it to be written – but having one is still strongly recommended. It makes compliance easier to manage and evidence.

Beyond the headline duty, several other regulations may apply depending on your activities, such as:

• Regulatory Reform (Fire Safety) Order 2005 – fire risk assessment and controls
• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) – reporting certain incidents to the HSE
• Control of Substances Hazardous to Health Regulations 2002 (COSHH) – handling chemicals, fumes, dusts and other hazardous substances
• Provision and Use of Work Equipment Regulations 1998 (PUWER) – safe work equipment and maintenance
• Manual Handling Operations Regulations 1992 – lifting and carrying risks
• Health and Safety (First-Aid) Regulations 1981 – first aid equipment and appointed persons
• Health and Safety (Display Screen Equipment) Regulations 1992 – for desk-based roles using screens
• Working Time Regulations – working hours, rest breaks and night work rules

Most employers also need Employers’ Liability (Compulsory Insurance) under the Employers’ Liability (Compulsory Insurance) Act 1969. If that applies to you, make sure your cover is in place and the certificate is displayed. There’s more detail in our guide to Employers’ Liability Insurance.

How To Write Your Health And Safety Policy (Step-By-Step)

Your policy doesn’t need to be long. Two to four pages is common for small businesses. What matters is clarity and relevance. Here’s a simple approach.

1) Draft A Short Statement Of Intent

This is your commitment from the top – usually signed by the owner or a director. In plain English, state that you’ll provide a safe and healthy workplace, comply with the law, prevent injury and ill health, consult with staff, and continually improve. Include the date and a review cycle (e.g. annually).

2) Assign Responsibilities

Set out who is responsible for what. For example:

• Owner/Director – overall responsibility for health and safety and resourcing
• Manager/Supervisor – day-to-day implementation, checks and training
• Employees – follow procedures, report hazards and incidents
• Competent Person – who provides competent advice (in-house or external)

If you have a safety lead or competent person, name them. If responsibilities change with staff turnover, use role titles rather than individual names and keep a separate list of current post-holders.

3) Describe Your Arrangements

This is the practical “how we do things here” section. Keep it specific to your operations, not generic. Common headings include:

• Risk assessments (how and when you do them)
• Safe systems of work (key procedures for higher-risk activities)
• Training and induction (what’s covered, when, and how you record it)
• Consultation (how you involve staff and gather feedback)
• First aid (equipment, appointed persons and how to summon help)
• Fire safety (alarms, extinguishers, evacuation and drills)
• Accident/near-miss reporting and investigation
• Equipment safety (maintenance, inspections and PUWER checks)
• Hazardous substances (COSHH assessments and controls)
• Contractors and visitors (rules and site safety briefings)
• Welfare and ergonomics (DSE, manual handling and facilities)
• Monitoring and review (how you check the system is working)

4) Keep It Integrated With Your Employment Documents

Your policy should align with your people processes. For example, new starters should be introduced to health and safety during onboarding and sign an Employment Contract that clearly sets out conduct expectations. Many businesses keep health and safety procedures within their Staff Handbook and then cross-reference the headline policy so staff can find everything in one place.

If you need to introduce a standalone document that sits alongside your core contracts and handbook, we can help prepare a tailored Workplace Policy that fits your industry and risk profile.

5) Make It Easy To Use

Use clear language, bullet points and short sections. Include checklists and forms your team will actually use (e.g. daily checks, accident forms). Store it somewhere accessible (a shared drive or intranet) and make sure managers know how to apply it day to day.

6) Review It Regularly

Set a review date (at least annually) and also review after any significant change: new equipment, a move to new premises, a serious incident, or growth in headcount. Keep a version history so you can evidence continuous improvement if the HSE or your insurer ever asks.

What To Include: Controls, Training, Reporting And Records

To make your policy practical, cover these core building blocks. They’re the areas small businesses are most often judged on if something goes wrong.

Risk Assessments And Controls

You must assess the risks in your business and reduce them “so far as reasonably practicable”. Your policy should explain:

• How you identify hazards (walkthroughs, staff feedback, incident data)
• How you evaluate risks (likelihood and severity)
• How you decide control measures (eliminate, substitute, engineer, administrate, PPE)
• Who signs off controls, how you implement them, and how often you re-check

Make sure there’s a clear link to your written risk assessments and any safe systems of work. If you introduce technology like cameras to manage risks, remember that audio recording can raise privacy issues – see our guidance on CCTV With Audio to avoid compliance traps.

Training And Competence

Set out how you’ll ensure everyone is competent to do their job safely. Your policy should explain the training you provide, when refreshers happen, and how you record attendance. This may include:

• Health and safety induction for all new starters
• Job-specific training (e.g. equipment use, manual handling, COSHH)
• Fire safety and evacuation
• First aid awareness or appointed person training
• Supervisor/manager training so leaders can spot and manage risks

Keep an easy log (an LMS export, signed sheets or HR system notes). If it’s not recorded, it’s hard to prove.

Consultation And Communication

The law expects you to consult workers on health and safety. Your policy should cover how you do that – toolbox talks, team meetings, safety reps, or suggestion channels. Also reference how you’ll communicate: safety posters, policies, and signage.

Where you rely on digital channels or collect personal data as part of safety processes (for example, incident forms or wearable tech), make sure your Privacy Policy covers these data uses and retention periods.

Accident Reporting And Investigation

Explain how employees report accidents, near misses and hazards, who investigates, and how you fix issues. Include when you’ll report under RIDDOR, and where the accident book is kept. Make near-miss reporting easy – it’s one of the best tools for preventing future incidents.

Fire Safety, First Aid And Emergency Procedures

Set out your emergency plans: who’s responsible for evacuations, where assembly points are, and how you run drills. Confirm your first aid equipment, appointed persons, and how to call the emergency services. For multi-occupancy buildings, coordinate your plan with the landlord or other tenants.

Equipment And Premises

Outline how you maintain equipment, conduct PUWER inspections, and keep records. If contractors work on your site, explain how you vet their competence and brief them on your rules. For vehicles or mobile workers, address driving safety, fatigue management and lone working.

Working Hours And Wellbeing

Your policy can also signpost your approach to fatigue and working time – for example, how you schedule shifts and ensure rest breaks are observed under the Working Time Regulations. Consider how you manage stress risks and support mental health, especially in high-pressure or customer-facing roles.

Record-Keeping

Briefly list the records you keep and where they live: risk assessments, maintenance logs, training records, accident investigations, RIDDOR reports, fire drills and checks. Good records help you spot trends and demonstrate compliance to insurers and regulators.

Common Mistakes To Avoid And Practical Tips

Health and safety doesn’t have to be bureaucratic. Avoid these common pitfalls and your policy will be useful, not just compliant.

Mistake 1: Copy-Pasting A Generic Template

Templates can be a starting point, but a copied policy that doesn’t reflect your actual risks and processes can be worse than none at all. If it says you do weekly checks and you don’t, you’ve just created a gap. Tailor it to your operations and keep it lean.

Mistake 2: Writing It And Forgetting It

No one benefits from a document that only appears at audit time. Build your policy into everyday routines – inductions, manager checklists, and team meetings. If you’re curating your people policies in one place, make sure the Staff Handbook links clearly to your health and safety section and that managers apply it consistently.

Mistake 3: No Clear Responsibilities

When everyone owns health and safety, no one does. Assign named roles or role titles for checks, training, maintenance and reporting. Cover deputies for leave or sickness so nothing gets missed.

Mistake 4: Overlooking Insurance And Legal Basics

Don’t forget the compliance building blocks: suitable insurance cover, a visible employers’ liability certificate, the latest HSE law poster, and clear reporting lines for incidents. If you’re hiring, make sure your Employment Contract supports your safety rules (for example, drug and alcohol requirements, use of PPE, and training obligations).

Mistake 5: Forgetting Privacy And Surveillance Rules

If you use CCTV or biometrics to manage safety or access, ensure you’re compliant with data protection rules. Avoid audio recording unless you have a strong legal basis and appropriate notices – see our guidance on CCTV With Audio. Be clear in your Privacy Policy about what you collect and why.

Mistake 6: Not Training Supervisors

Supervisors make or break safety culture. Don’t stop at basic inductions – give your team leaders the skills to spot hazards, coach safe behaviours and investigate incidents effectively.

Practical Tips To Make It Stick

• Start small: focus on your top five risks and get those controls right first.
• Keep it visible: a one-page summary by the clock-in point can reinforce the essentials.
• Use plain English: write for your team, not the regulator.
• Measure something: a simple monthly dashboard (incidents, near misses, training completed) helps you improve.
• Involve your team: ask what slows them down or feels risky – they’ll know where the real issues are.
• Align your documents: make sure your Staff Handbook and Workplace Policy match your health and safety approach, so managers aren’t working from conflicting rules.

Key Takeaways

• Most small employers must have a written health and safety policy. Even if you have fewer than five employees, a clear, tailored policy makes compliance easier and safer.
• Keep it simple and practical: a short statement of intent, defined responsibilities, and arrangements that reflect how you actually manage risks.
• Cover the essentials: risk assessments, training and competence, consultation, accident reporting (including RIDDOR), emergency plans, equipment and premises checks, and record-keeping.
• Integrate safety into your people processes. Make sure your Employment Contract, Staff Handbook and any Workplace Policy support your health and safety rules and enforcement.
• Don’t overlook related legal duties like fire safety, first aid, insurance, and Working Time Regulations.
• Be mindful of privacy if you use monitoring or CCTV; make sure your Privacy Policy and practices are compliant.
• Review your policy regularly and keep good records – they’re essential for demonstrating compliance and learning from incidents.

If you’d like help drafting a health and safety policy that actually fits your business – or aligning it with your employment documents and processes – you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.