Workplace Health And Safety Policy In The UK: What To Include And Compliance Tips

If you run a small business, it’s easy to think “health and safety” is mainly about hard hats, construction sites, or big corporate workplaces.

In reality, having a workplace health and safety policy matters for almost every UK business - whether you’ve got a café team on their feet all day, a warehouse crew lifting stock, or a remote-first business with staff working from laptops at home.

A good policy isn’t just a box-ticking exercise. It’s part of your legal foundations: it sets expectations, reduces risk, and helps you respond properly if something goes wrong.

Below, we’ll walk through what a workplace health and safety policy should include, which laws sit behind it, and how to keep it practical (so it actually gets followed).

Why Do Small Businesses Need A Workplace Health And Safety Policy?

A workplace health and safety policy is your written commitment to protecting your team and anyone affected by your work (customers, contractors, visitors, and members of the public).

For small businesses, a clear policy can be the difference between:

• a minor incident that’s handled quickly and properly, and
• a serious issue that turns into an HSE investigation, a claim, reputational damage, or ongoing staff problems.

Practically, your policy helps you:

• Clarify responsibilities (who does what, and who makes decisions).
• Reduce accidents and ill health by setting safer ways of working.
• Train and onboard staff consistently (especially if you’re hiring quickly).
• Show evidence of compliance if regulators, insurers, or clients ask questions.
• Protect your business by demonstrating you take “reasonable steps” to manage workplace risks.

If you’re building out your overall compliance framework, a workplace health and safety policy often sits alongside other core documents like an Employment Contract and broader workplace rules in a Staff Handbook.

Is A Workplace Health And Safety Policy A Legal Requirement In The UK?

In many cases, yes.

Under the Health and Safety at Work etc. Act 1974, you have a general duty to protect the health, safety and welfare at work of your employees (so far as is reasonably practicable). You also have duties to people affected by your business activities.

On top of that, the Management of Health and Safety at Work Regulations 1999 require employers to carry out suitable and sufficient risk assessments and put appropriate arrangements in place to plan, organise, control, monitor and review preventive and protective measures.

Do You Need A Written Policy If You Have Fewer Than 5 Employees?

This is where many small business owners get caught out.

Generally speaking, if you have 5 or more employees, you are expected to have a written health and safety policy.

If you have fewer than 5 employees, you may not be required to have it in writing - but you still have the underlying legal duties, and having a written policy is often one of the simplest ways to show you’re taking compliance seriously.

It’s also worth remembering you might need a written policy anyway due to:

• client/landlord onboarding requirements (common in commercial leases and supply arrangements)
• insurance conditions
• tender processes
• higher-risk work (e.g. machinery, hazardous substances, frequent public footfall)

For a broader overview of the legal duties that apply in day-to-day operations, it helps to keep your approach aligned with your overall Health and Safety in the Workplace obligations.

What Should A Workplace Health And Safety Policy Include?

A strong workplace health and safety policy should be clear, practical, and tailored to how your business actually operates. A generic template can be a starting point, but it often won’t match your real risks (which is exactly where problems arise).

Most UK workplace health and safety policies are built around three core parts:

• Statement of intent (your commitment to managing health and safety)
• Responsibilities (who is accountable for what)
• Arrangements (the procedures you follow in practice)

1) Statement Of Intent (Your Commitment)

This is typically a short, top-level statement confirming that you (as the business owner/director) take health and safety seriously and will:

• provide a safe working environment (so far as reasonably practicable)
• provide training and supervision where needed
• consult with employees about health and safety
• review and improve your controls regularly

It should be signed and dated by a senior person (for small businesses, often the founder/director) and reviewed periodically.

2) Responsibilities (Who Does What?)

This part should clearly allocate responsibility, for example:

• Business owner/director: overall responsibility, resourcing, approvals
• Managers/team leads: day-to-day supervision, enforcing safe systems
• Employees: following procedures, using PPE, reporting hazards
• First aiders/fire marshals: if applicable
• Contractors: compliance with site rules, permits, reporting

If you’re at the stage where you’re formalising how rules apply across the business, a broader Workplace Policy framework can help tie together behaviour standards, reporting pathways and training expectations (alongside health and safety).

3) Arrangements (Your Actual Procedures)

This is the “how we do it” section - and it’s the part most likely to be tested if there’s an incident.

What you include depends on your industry, but common arrangements in a business health and safety policy include:

• Risk assessments (how you identify hazards and control them)
• Training and induction (especially for new starters and role changes)
• Accident/incident reporting and investigation steps
• First aid arrangements (first aid kit location, responsible person, calling emergency services)
• Fire safety (alarms, evacuation routes, drills, assembly point)
• Manual handling guidance (lifting, carrying, repetitive movement)
• Work equipment safety (maintenance, checks, guarding, safe use)
• PPE (when it’s required, who provides it, how it’s replaced)
• Hazardous substances (storage, COSHH assessments, cleaning products)
• Workplace stress and mental health (support, reporting concerns, workload monitoring)
• Remote and hybrid working safety (home workstation set-up, DSE, reporting issues)
• Visitors and members of the public (sign-in/out, supervision, restricted areas)

If your team works on screens (which is most businesses now), it’s worth making your policy reflect your duties under the DSE rules, including workstation assessments and managing risks like repetitive strain injuries.

Don’t Forget: Data Protection If You’re Recording Incidents

Health and safety often involves collecting personal data - for example, accident forms, medical details, witness statements, or CCTV footage.

That means your health and safety processes should also align with UK GDPR and the Data Protection Act 2018. For many small businesses, this is where things get messy, because the operational team is focused on safety (rightly), but the paperwork can accidentally become non-compliant.

To stay on track, it helps to have your privacy compliance foundations sorted, such as a GDPR package that matches how you actually store, share and retain workplace records.

How Do You Stay Compliant (Without The Policy Just Sitting In A Drawer)?

Writing a workplace health and safety policy is a great start - but compliance is really about implementation.

Here are practical steps to make your policy “live” in the business.

Step 1: Match The Policy To Your Real Risks

A policy should reflect what your team actually does. A salon, a coffee shop, an office-based consultancy and a light manufacturing business will have completely different risk profiles.

Start with a risk assessment process that covers:

• your premises (layout, access, slips/trips, fire exits)
• your equipment (coffee machines, ladders, tools, machinery)
• your substances (cleaning products, chemicals, aerosols)
• your people (young workers, pregnant workers, lone workers)
• your working patterns (night work, high-pressure deadlines, long shifts)

Step 2: Train People On The “So What?”

Small teams move fast. People don’t read policies unless they understand why it matters.

Consider building short training into:

• onboarding (first day / first week)
• role changes (new responsibilities, new equipment)
• refresher points (e.g. every 6–12 months, or seasonally for busy periods)

Training doesn’t need to be complicated - but it should be documented.

Step 3: Make Reporting Easy (And Non-Intimidating)

A good policy encourages early reporting of hazards and near misses. The earlier you know about a problem, the easier it is to fix.

Your workplace health and safety policy should clearly explain:

• how to report hazards, near misses and incidents
• who reports go to
• what happens after a report is made (so staff know they’ll be heard)
• that staff won’t be penalised for raising genuine safety concerns

Step 4: Build It Into Your Day-To-Day Management

Compliance is easier when it’s part of normal operations, for example:

• include safety checks in opening/closing checklists
• add quick “safety moment” reminders in team meetings
• schedule recurring maintenance reminders for equipment
• review incidents and near misses (even minor ones) for patterns

Many businesses include these operational expectations inside their staff documentation, so it’s all in one place alongside conduct rules and procedures. That’s where a properly drafted Staff Handbook can be particularly useful.

Step 5: Review And Update Your Policy

Your policy should be reviewed:

• at least annually (as a general rule of thumb), and
• whenever something changes (new premises, new equipment, new processes, rapid hiring, a serious incident).

Outdated policies can be almost as risky as having no policy, because they create confusion about what should happen in practice.

Common Mistakes With A Business Health And Safety Policy (And How To Avoid Them)

Most small businesses don’t set out to get this wrong - it usually happens because you’re juggling a hundred priorities and trying to move fast.

Here are the most common issues we see.

Using A Generic Template That Doesn’t Fit Your Business

Templates often include irrelevant sections (or miss key risks entirely). If your policy doesn’t reflect reality, staff will ignore it - and if something goes wrong, it may not help you show you took reasonable steps to manage risk.

A better approach is using a template as a base, then tailoring it to your actual work activities, workplace layout, and staff structure.

Unclear Responsibilities (Everyone Assumes Someone Else Is Handling It)

In small businesses, roles overlap. That’s normal - but it’s also why responsibilities should be crystal clear.

If you have team leads, shift supervisors, or managers, specify exactly what they’re accountable for (e.g. daily checks, training sign-offs, reporting to the owner).

Forgetting Contractors And Visitors

Even if you only employ a few people, your business may interact with:

• delivery drivers
• freelancers and contractors
• cleaners or maintenance providers
• customers on-site

Your arrangements should cover how you manage risk for anyone affected by your business activities - not just direct employees.

Policies That Don’t Connect To Employment Documents

Your workplace health and safety policy doesn’t sit in isolation.

For example, if your policy requires staff to follow safety instructions and training, it’s helpful if your Employment Contract and staff rules reinforce expectations like compliance with policies and reporting hazards.

This helps you manage performance issues consistently if someone repeatedly refuses to follow safety procedures.

Overlooking Work-From-Home Risks

If you have remote or hybrid staff, don’t assume health and safety doesn’t apply.

Common risks include:

• poor workstation set-up (back/neck strain, repetitive strain injury)
• stress and overwork
• inadequate breaks
• lone working concerns

Your policy should explain what the business will do (and what staff must do) to manage these risks, including DSE processes and reporting issues early.

Key Takeaways

• A workplace health and safety policy is a practical risk-management tool for small businesses - not just a compliance document.
• UK law (including the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999) requires you to manage workplace risks, and many businesses need a written policy (especially with 5+ employees).
• Your policy should clearly cover: a statement of intent, responsibilities, and the day-to-day arrangements your business follows (risk assessments, training, incident reporting, fire safety, equipment safety, and more).
• To stay compliant, your policy needs to be implemented through onboarding, training, easy reporting, and regular review - otherwise it won’t protect your business in practice.
• Common mistakes include using generic templates, unclear responsibilities, ignoring contractors/visitors, and forgetting remote-working risks.
• Health and safety processes often involve personal data (accident forms, medical details), so make sure your approach also aligns with UK GDPR obligations.

This article is general information only and doesn’t constitute legal advice. If you’d like advice on your specific situation, get in touch with a qualified professional.

If you’d like help putting together a workplace health and safety policy that fits how your business actually operates (and ties in properly with your employment documents), you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.