What Is A Health And Safety Policy In The UK?

If you employ people in the UK, you’re responsible for their health, safety and welfare at work. A health and safety policy is the foundation of how you meet that duty day-to-day.

In this guide, we’ll explain what a health and safety policy is, when you must have one, what it should include, and how to implement it effectively without drowning in paperwork. Get your legal foundations right now and you’ll protect your team and your business as you grow.

What Is A Health And Safety Policy?

A health and safety (H&S) policy is your business’s written commitment and plan for keeping people safe at work. It sets your overall aims, clarifies who is responsible for what, and describes the practical arrangements and procedures you’ll follow to prevent accidents and ill health.

Under the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999, every employer must manage risks to workers and others. A written policy is legally required if you employ five or more people, but even micro-businesses benefit from having one in place from day one.

Think of it as the roadmap linking your risk assessments to the real-world actions your team takes. It’s also a key part of your wider health and safety in the workplace programme, alongside training, supervision and ongoing monitoring.

Do Small UK Businesses Need A Health & Safety Policy?

Short answer: yes. If you have five or more employees, you must have a written H&S policy. If you have fewer than five, you still need to manage health and safety risks-writing it down is strongly recommended because it helps you stay consistent and demonstrate compliance.

Beyond the headline requirement, there are other important legal duties your policy should help you meet, such as:

• Carrying out and recording suitable and sufficient risk assessments (Management of Health and Safety at Work Regulations 1999).
• Consulting employees on health and safety matters (Safety Representatives and Safety Committees Regulations 1977 / Health and Safety (Consultation with Employees) Regulations 1996).
• Reporting certain work-related injuries, diseases and dangerous occurrences (RIDDOR 2013).
• Controlling exposure to hazardous substances (COSHH 2002), ensuring safe equipment (PUWER 1998), and managing work at height, manual handling and DSE risks.
• Providing adequate first aid (Health and Safety (First-Aid) Regulations 1981) and fire safety arrangements (Regulatory Reform (Fire Safety) Order 2005).

Insurers, clients and prospective hires also expect to see a sensible, up-to-date policy. If an incident happens, it’s one of the first documents investigators will ask for-so getting it right is both a legal and a practical necessity.

Don’t forget your insurance obligations. Most employers must carry Employers’ Liability Insurance, and your policy should reflect how you manage risk to keep premiums under control.

What Should A Health And Safety Policy Include?

UK guidance expects your health and safety policy document to cover three core parts. Keep it clear, tailored to your operations and proportionate to your risks.

1) Statement Of Intent (Your Policy Statement)

This is your signed, dated commitment-usually from the most senior person-that your business will manage health and safety and comply with the law. It should be concise and set measurable aims such as reducing incidents, delivering training, and reviewing performance annually.

• Example aims: “We will identify significant risks through regular risk assessments,” “We will provide appropriate training and supervision,” “We will review this policy every 12 months or after major changes.”
• Signature and date: Signed by the owner, MD or a director to show leadership ownership.

2) Responsibilities (Who Does What)

Spell out the responsibilities at each level so there’s no ambiguity. This section should clarify both legal accountability and day-to-day tasks.

• Senior management: Provide resources, set culture, monitor performance, sign off on risk controls.
• Line managers/supervisors: Implement procedures, conduct/toolbox talks, check competence, report and investigate incidents.
• Employees: Take reasonable care, follow procedures, use PPE, report hazards and near misses.
• Competent person: Identify who provides competent advice (internal or external) as required by law.
• Contractors and visitors: Outline how you manage third parties on site.

3) Arrangements (How You Manage Key Risks)

This is the practical, operational heart of your policy. It links your risk assessments to procedures people can follow. Common topics to cover include:

• Risk assessment: Method, frequency, roles and where records are kept.
• Training and competence: Induction, refresher, specialist licences (e.g. forklift), and how you record completion.
• Consultation: Safety meetings, reps, how staff raise concerns.
• Incident reporting and investigation: Reporting lines, RIDDOR triggers, corrective actions and learning reviews.
• First aid and emergencies: First aider coverage, kits, signage, evacuation and fire safety arrangements.
• Safe equipment and maintenance: Selection, PUWER checks, lockout/tagout, calibration and servicing.
• Hazardous substances (COSHH): Inventory, storage, SDS access, control measures and health surveillance if needed.
• Manual handling and ergonomics: Handling aids, techniques, and task design to reduce musculoskeletal risk.
• Display Screen Equipment (DSE): Assessments for office/remote workers, eyesight tests and equipment setup.
• Work at height and confined spaces (if relevant): Permits to work, rescue plans and supervision.
• PPE: When it’s required, how it’s issued, maintained and replaced.
• Driving for work: Driver checks, fatigue management, business insurance and vehicle safety.
• Contractors and visitors: Inductions, permits, supervision, and cooperation/coordination duties.
• Remote and hybrid work: Risk controls at home or off-site, lone working arrangements and communication.
• Wellbeing and stress: Workload management, mental health signposting and support routes.

Keep this section practical, not theoretical. Include any relevant template checklists, permits or forms in an appendix or reference where they are stored.

How To Create And Implement H&S Policies And Procedures

Good policies don’t sit on a shelf. Here’s a simple, workable approach for small businesses.

Step 1: Understand Your Risks

Start with sensible risk assessments. Identify your activities, who could be harmed, how badly, and what you’ll do to control the risk. Focus first on higher-risk activities and update assessments if the work changes or after incidents.

Step 2: Draft A Policy That Fits Your Business

Use the three-part structure above and keep it clear and specific to what you actually do. Avoid generic templates that don’t reflect your operations-investigators quickly spot boilerplate.

Integrate your policy with key employment documents so obligations are consistent. For example, reference it in your Staff Handbook and align safety duties and conduct standards in each Employment Contract. Where you rely on rules or disciplinary steps, make sure your Workplace Policy framework is up to date.

Step 3: Consult Your Team

Consultation is a legal requirement and it makes your policy better. Ask employees and safety reps where things go wrong in practice and how to fix them. Co-design procedures with the people who actually do the work.

Step 4: Train And Communicate

Launch the policy with a short briefing and make it easy to access. Train people on the specific procedures that apply to their roles, not just the policy headline. Keep training records-if it isn’t recorded, it didn’t happen.

Build competence over time: inductions for new starters, refreshers for existing staff, and specialist training where needed. Your training approach should also reflect your duty to provide adequate information, instruction and supervision under the law.

Step 5: Embed And Monitor

Regularly check how the policy works in practice. Supervisors should do quick, positive checks (e.g. observing safe manual handling or correct PPE). Track near-misses, incidents and audit findings and use them to improve controls.

When incidents occur, follow your investigation procedure and, if necessary, carry out a fair workplace investigation to understand root causes and meet employment law obligations.

Step 6: Review And Update

Review at least annually, and sooner if you introduce new equipment or processes, move premises, or after a serious incident. Update version control and communicate changes. Keep retired versions for your records.

How Health And Safety Links To HR, Data And Contracts

Health and safety doesn’t sit in a silo-it connects with HR processes, data protection and your contracts. Joining the dots now avoids conflicts later.

HR And Conduct

Safety expectations should be reflected in job descriptions, inductions and performance management. Where behaviour creates serious risk (for example, working under the influence, violent conduct or wilful breaches), this may amount to gross misconduct. Your policy and procedures should tie into your disciplinary process so you can act lawfully and fairly if needed.

Health Records And GDPR

H&S records (accident books, training records, health surveillance, DSE assessments) contain personal data-and sometimes special category health data-so you must handle them appropriately under the UK GDPR and Data Protection Act 2018. Make sure your Privacy Policy covers employee data and you have a lawful basis and retention schedule for each record type. Limit access strictly to those who need it, and keep data secure.

Contractors And Supply Chain

If you use contractors, you still have duties to coordinate and cooperate to manage risks. Set expectations up front in a clear Contractors Agreement and ensure inductions, competence checks and permits are in place before work starts. Your policy should state how you’ll manage contractor safety day-to-day.

Insurance And Notifications

Your insurer may require evidence of training, maintenance and incident investigations to process claims. Keep clean records and be ready to show how your policy operates in practice. For serious incidents, consider internal escalation procedures so the right people assess RIDDOR reporting thresholds promptly.

Common Pitfalls And How To Avoid Them

Most safety policies fail not because they’re missing a paragraph, but because they’re not lived. Here are common mistakes and how to steer clear.

• Copying generic templates: A policy that doesn’t reflect your work can be worse than none. Tailor it to your actual tasks, equipment and sites.
• Unclear responsibilities: If everyone owns it, no one owns it. Name roles and duties clearly and provide cover for absences.
• Policy without procedures: A high-level statement won’t keep people safe. Write short, practical procedures and train people on them.
• No consultation: Frontline staff often see risks managers miss. Make consultation regular and meaningful.
• Paper over practice: If what’s on paper doesn’t match reality, the business risks enforcement action. Align processes to your policy and fix gaps quickly.
• Forgetting remote workers: Home and field-based work still creates risks-address DSE, lone working, driving and wellbeing.
• Poor records: If training, maintenance or inspections aren’t recorded, you’ll struggle to evidence compliance. Keep simple, consistent records.
• Slow or unfair response to incidents: Have a clear process to preserve evidence, investigate, and (where necessary) manage suspension or adjustments in line with your employee suspension procedures and HR obligations.

If this feels like a lot, don’t stress-most small businesses can cover their key risks with a concise policy and a handful of well-targeted procedures. It’s about being practical and consistent, not creating a manual the size of a novel.

Practical Examples: What Good Looks Like

To bring this to life, here are quick examples of proportionate arrangements for common small-business risks.

Retail Or Cafe

• Slips and trips: Clear spills promptly, non-slip mats behind counters, tidy cabling, weekly housekeeping checks.
• Manual handling: Trolleys for deliveries, two-person lifts for heavy items, simple lifting technique poster and brief training.
• Knife and hot surface safety: Safe storage, cut-resistant gloves where appropriate, heat-resistant gloves near ovens/grills.
• Fire safety: Extinguishers, alarm tests, staff drills, waste removal routine, clear fire exits.
• Young workers: Additional supervision and restricted tasks where required by law.

Office-Based Or Hybrid Team

• DSE: Self-assessments for office and home set-ups, ergonomic chairs, monitor risers and eyesight tests offered.
• Stress and workload: One-to-ones, clear objectives and access to support, training for managers to spot signs early.
• Lone working and travel: Check-in protocols, emergency contacts and incident reporting for out-of-hours events.

Light Workshop Or Trades

• Equipment safety (PUWER): Pre-use checks, maintenance log, guarding in place, lockout/tagout for servicing.
• COSHH: Inventory of substances, safe storage, ventilation and PPE, with task-specific controls.
• Work at height: Use of podium steps or mobile towers, trained users only, three points of contact, no standing on chairs.

How Enforcement Works (And Why A Good Policy Helps)

Health and safety is enforced by the HSE and local authorities. Inspectors can visit, require documents, issue improvement or prohibition notices, and prosecute serious breaches. Fines can be significant and directors can be personally liable in some cases.

A clear, implemented policy won’t eliminate risk, but it shows you’re taking reasonable steps. It helps your team act consistently, reduces the chance of incidents and supports your defence if something goes wrong.

It also strengthens your culture. When people see leadership taking safety seriously-resourcing training, fixing hazards quickly-they’re far more likely to speak up and follow procedures.

Key Takeaways

• A health and safety policy sets your intent, clarifies responsibilities and explains how you’ll control risks. It’s required in writing if you have five or more employees and strongly recommended for all employers.
• Base your policy on your real risks and link it to practical procedures-risk assessments, training, incident reporting, first aid, fire safety, PPE, equipment checks and contractor controls.
• Integrate safety with HR and data protection. Align your policy with your Staff Handbook, Employment Contract terms and Privacy Policy, and keep good records.
• Consult your team, train people on role-specific procedures, monitor how things work in practice and review at least annually or after changes/incidents.
• Avoid generic templates-keep it proportionate, specific and workable. Use clear responsibilities, simple checklists and consistent record-keeping to evidence compliance.
• Plan for incidents with fair processes that align with your disciplinary rules and, where needed, a documented workplace investigation approach.
• Don’t overlook contractors-set expectations in your Contractors Agreement and coordinate safety on site.

If you’d like help drafting a clear, tailored health and safety policy-and aligning it with your employment and privacy documents-our team can help. You can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.