Health and Safety Policy | Arinite

Legal Requirements, Essential Content, and Best Practice for Workplace Safety Policies

A written health and safety policy is a legal requirement for UK organisations with five or more employees under Section 2(3) of the Health and Safety at Work Act 1974. But a compliant policy is more than a document. It is the foundation of your health and safety management system and a key piece of evidence during inspections, Health and Safety Audits, and investigations. This comprehensive guide explains what your policy must contain, how to develop an effective policy, and how International Health and Safety Consultants help organisations create policies that stand up to scrutiny.

Introduction: The Foundation of Health and Safety Management

A health and safety policy sets out your organisation's commitment to protecting workers and others affected by your activities. It defines who is responsible for what and explains how health and safety is managed in practice. Without a clear policy, health and safety becomes ad hoc and inconsistent.

The legal requirement is clear. Section 2(3) of the Health and Safety at Work Act 1974 requires every employer with five or more employees to prepare and keep revised a written statement of their general policy with respect to the health and safety at work of their employees. This policy must also describe the organisation and arrangements for carrying out that policy.

Beyond legal compliance, an effective health and safety policy provides the framework for systematic safety management. It demonstrates board-level commitment, establishes clear accountability, and provides the foundation for training, auditing, and continuous improvement. During Health and Safety Audits and regulatory inspections, the policy is typically the first document reviewed.

The UK Health and Safety Executive (HSE) carried out over 13,200 workplace inspections in 2024/25, a 47% increase on previous years. Failure to have a suitable and sufficient health and safety policy is a common enforcement issue. This guide explains how to develop a policy that meets legal requirements and supports effective safety management.

Legal Requirements for Health and Safety Policies

Understanding the legal framework helps organisations appreciate what their policy must achieve and why it matters.

Section 2(3) Health and Safety at Work Act 1974

Section 2(3) of the Health and Safety at Work Act 1974 creates the primary obligation for written health and safety policies in the UK. The requirement applies to all employers with five or more employees. The policy must be a written document, not just verbal understanding or informal practice.

The Act requires the policy to set out the general statement of the employer's policy with respect to health and safety, the organisation for carrying out that policy (who is responsible for what), and the arrangements for carrying out that policy (how health and safety is managed in practice).

Employers must bring the policy to the notice of all employees. This means actively communicating the policy, not just making it available somewhere. The policy must also be kept revised, meaning it should be updated when circumstances change.

Management of Health and Safety at Work Regulations 1999

The Management of Health and Safety at Work Regulations 1999 support and extend the policy requirement. Regulation 5 requires employers with five or more employees to record the significant findings of risk assessments and any group of employees identified as being especially at risk.

More broadly, the regulations require employers to plan, organise, control, monitor, and review their health and safety management system. The health and safety policy provides the framework for this systematic approach, documenting how the organisation intends to meet its legal duties.

Consequences of Non-Compliance

Failure to have a suitable and sufficient health and safety policy can result in enforcement action by the HSE or local authority. Improvement notices may require organisations to develop adequate policies within specified timescales. In serious cases, prohibition notices may stop work activities until compliance is achieved.

Where non-compliance contributes to an accident or ill health, the absence of a proper policy becomes evidence of systemic failure. This can significantly increase penalties in prosecution cases and expose directors to personal liability under Section 37 of the Act.

The Three Core Elements of a Health and Safety Policy

Every compliant health and safety policy must include three distinct elements. Each serves a different purpose, and all three must be present and properly developed.

Part 1: Statement of Intent

The statement of intent sets out the organisation's overall commitment to health and safety and compliance with legislation. This is the visible demonstration of leadership commitment that the HSE expects to see.

The statement should confirm the organisation's commitment to complying with the Health and Safety at Work Act 1974 and all other relevant health and safety legislation. It should acknowledge the organisation's duty to protect employees, contractors, visitors, and others who may be affected by its activities.

The statement must be signed by a senior person with authority to commit the organisation, typically the Managing Director, Chief Executive, or equivalent. This signature demonstrates board-level ownership and personal accountability for health and safety.

While the statement of intent is often relatively brief, it carries significant weight. It is the public declaration of the organisation's approach to health and safety and sets the tone for everything that follows.

Part 2: Organisation

The organisation section defines who is responsible for what. It clearly identifies health and safety responsibilities at all levels of the organisation, from board level through to individual employees.

This section should specify the responsibilities of directors and senior managers for strategic leadership and resource allocation, line managers and supervisors for implementation within their areas, employees for following procedures and reporting hazards, and any specialist or appointed health and safety roles.

Clear organisation ensures that good intentions expressed in the statement of intent are translated into effective action. Without defined responsibilities, health and safety tasks may fall between gaps or be assumed to be someone else's job.

The organisation section should reflect the actual management structure of the organisation. Generic templates that do not match your real structure are immediately obvious to auditors and inspectors.

Part 3: Arrangements

The arrangements section explains how health and safety is managed in practice. It describes the systems and procedures that implement the policy commitments and discharge the defined responsibilities.

Typical content includes risk assessment processes explaining how hazards are identified and risks controlled, emergency procedures covering fire, first aid, and other emergencies, consultation and communication arrangements for engaging with employees on health and safety matters, training and supervision arrangements ensuring competence, and monitoring, inspection, and review processes for checking that systems work.

Where detailed procedures exist in separate documents, the arrangements section should clearly signpost where they can be found. The policy does not need to contain every procedure in detail, but it must provide a clear overview and enable readers to find more detailed guidance.

The arrangements section is typically the longest part of the policy and requires the most regular updating as procedures change and develop.

What Your Health and Safety Policy Demonstrates

A properly written health and safety policy serves multiple purposes beyond legal compliance. It demonstrates important characteristics to various stakeholders.

Board-Level Commitment

The signed statement of intent demonstrates that health and safety responsibilities are taken seriously at the highest level of the organisation. This is not just about compliance. It signals organisational culture and priorities.

Directors who sign health and safety policies accept personal accountability. This creates a powerful driver for ensuring that the policy commitments are actually delivered in practice.

Systematic Management

A comprehensive policy demonstrates that the organisation has a formal system for managing health and safety. This systematic approach is what distinguishes compliant organisations from those that rely on luck or informal practice.

Health and Safety Consultants look for evidence that policies translate into action. A well-written policy that clearly describes implemented arrangements demonstrates genuine management, not just paperwork.

Clear Accountability

The organisation section demonstrates that clear arrangements exist for managing workplace risks. Everyone knows their responsibilities. Gaps and overlaps are identified and addressed.

During incident investigations, clear accountability enables rapid identification of what went wrong and who should have done what. This supports learning and prevents recurrence.

Consideration for Others

A comprehensive policy demonstrates that contractors, visitors, and third parties are properly considered. This is important for organisations that host others on their premises or whose activities affect people beyond their direct employees.

Many client audits specifically check how contractors are managed. A policy that clearly addresses contractor arrangements demonstrates professional practice.

Professional Standards

The overall quality of the policy demonstrates that the organisation operates to recognised professional standards. Generic templates downloaded from the internet signal a tick-box approach. Bespoke policies written by Health and Safety Consultants signal genuine commitment.

International Policy Requirements

Organisations operating internationally must understand how policy requirements vary between jurisdictions. While the UK has specific requirements under Section 2(3), other countries have their own frameworks.

European Union

EU member states implement the Framework Directive 89/391/EEC through national legislation. Article 6 requires employers to develop a coherent overall prevention policy. However, the specific requirement for a written policy document varies between member states.

France requires the Document Unique d'Évaluation des Risques Professionnels (DUERP), which serves a similar purpose to the UK health and safety policy but with specific content requirements. Germany requires safety documentation under the Arbeitsschutzgesetz but structures requirements differently from the UK.

United States

OSHA does not mandate a written health and safety policy for all employers in the way that UK law does. However, many OSHA standards require specific written programmes for particular hazards. Additionally, many states have their own requirements.

Most US organisations develop safety policies as best practice even where not legally required. These typically follow different conventions from UK policies, reflecting the prescriptive nature of OSHA standards.

International Standards

ISO 45001 requires organisations to establish, implement, and maintain an occupational health and safety policy. Clause 5.2 specifies what the policy must include, including commitment to prevention, compliance, and continual improvement.

For multinational organisations, ISO 45001 provides a useful framework for developing globally consistent policies while ensuring local legal compliance. The standard's policy requirements align with but do not exactly replicate UK statutory requirements.

Global Policy Approach

Global Health and Safety Consultants typically help multinational organisations develop a global health and safety policy that establishes consistent principles and standards across all operations. Local policies or annexes then address specific jurisdictional requirements.

This approach ensures consistency in commitment and approach while satisfying the specific legal requirements that apply in each country where the organisation operates.

Common Mistakes in Health and Safety Policies

Many health and safety policies fail to meet their potential because of common mistakes that are easily avoided.

Using Generic Templates

Generic health and safety policy templates downloaded from the internet are immediately recognisable to experienced auditors and inspectors. They signal a tick-box approach to compliance rather than genuine management.

More importantly, generic templates do not reflect your specific activities, risks, or management structure. A policy that does not match your organisation is not a suitable policy, regardless of how professional it looks.

Failing to Keep Policies Updated

The legal requirement to keep the policy revised is often neglected. Policies written years ago may reference departed staff, superseded procedures, or outdated legislation. This undermines credibility and may indicate that the policy is not actually used.

Policies should be reviewed at least annually and updated whenever significant changes occur, such as restructuring, new activities, or legislative changes.

Not Communicating the Policy

A policy that exists but is not communicated fails to meet legal requirements. The requirement to bring the policy to the notice of all employees means active communication, not just filing the policy somewhere accessible.

Employees should receive the policy as part of induction, and any significant changes should be communicated. Many organisations include policy acknowledgement in training records.

Disconnection from Practice

The most fundamental mistake is having a policy that does not reflect reality. A policy that describes ideal arrangements but does not match actual practice creates legal exposure rather than protection.

During investigations, gaps between policy and practice are readily identified. A policy claiming robust risk assessment processes when none exist makes the position worse, not better.

Excessive Length or Complexity

Some policies try to include everything, becoming unwieldy documents that nobody reads. Effective policies are clear and concise, with detailed procedures in separate referenced documents rather than embedded in the policy itself.

When to Review and Update Your Policy

Health and safety policies require regular review and updating to remain effective and compliant.

Annual Review

At minimum, policies should be reviewed annually to confirm they remain accurate and appropriate. This review should check that the statement of intent remains valid, that the organisation section reflects current structure and personnel, that arrangements sections describe actual current practice, and that references to legislation remain accurate.

Trigger Events

Certain events should trigger immediate policy review regardless of the scheduled annual review. These include significant changes to organisational structure or management, new activities, locations, or equipment introducing new risks, incidents or near misses revealing policy gaps, legislative changes affecting your activities, and findings from Health and Safety Audits or inspections.

Continuous Improvement

The best organisations treat their policy as a living document that improves over time. Lessons learned from incidents, audits, and day-to-day operations should feed into policy development, making arrangements progressively more effective.

How Policies Support Audits and Tenders

Beyond legal compliance, health and safety policies deliver significant commercial benefits.

Client Audits

Many clients conduct health and safety audits of their suppliers and contractors. The health and safety policy is typically the first document requested. A well-written, bespoke policy demonstrates professionalism and commitment.

Auditors assess whether the policy is appropriate for the organisation's activities and risks, whether it demonstrates genuine management commitment, and whether it provides a framework for effective safety management. Generic templates fail these tests.

Tender Submissions

Contract tenders frequently require evidence of health and safety competence. The health and safety policy is often a mandatory submission document. Strong policies support successful tender outcomes.

Prequalification schemes such as CHAS, SafeContractor, and Constructionline assess health and safety policies as part of their evaluation. A compliant, professional policy is essential for achieving and maintaining accreditation.

Regulatory Inspections

During HSE or local authority inspections, the health and safety policy is typically requested early in the process. A suitable and sufficient policy demonstrates organised management and may influence the inspector's overall assessment of the organisation.

Policies that are clearly outdated, generic, or disconnected from practice raise red flags that may prompt more detailed investigation.

How Arinite Develops Health and Safety Policies

Arinite develops bespoke health and safety policies that meet legal requirements, reflect how your organisation actually operates, and stand up to scrutiny during audits and inspections.

Our IOSH Chartered Health and Safety Consultants write policies that are fully compliant with UK legislation and HSE guidance, bespoke to your organisation rather than generic templates, suitable for offices, multi-site operations, and higher-risk workplaces, and designed to support audits, inspections, and tenders.

Your health and safety policy forms part of a wider Health and Safety Policy and Procedures Manual. This manual meets all legal requirements, acts as a working practical document rather than shelfware, provides clear guidance for employees and managers, supports training, audits, and inspections, and demonstrates good practice to clients, contractors, and partners.

We do not just write policies. We build defensible health and safety foundations. Your policy will reflect your activities and risks, your management structure, and your workforce and working arrangements.

For international organisations, our Global Health and Safety Consultants develop global policy frameworks that establish consistent standards across all operations while ensuring compliance with local requirements in each jurisdiction.

Health and Safety Consultants and Software platforms enable ongoing policy management, tracking review dates, managing updates, and ensuring that policies remain current as circumstances change.

If you are unsure whether your current policy is suitable and sufficient, the fastest way to find out is a professional review. Contact Arinite today for a free Gap Analysis Call. Call +44 (0)20 7947 9581 or visit www.arinite.com/health-safety-policy.

Frequently Asked Questions

Is a health and safety policy a legal requirement?

Yes. Under Section 2(3) of the Health and Safety at Work Act 1974, all UK employers with five or more employees must have a written health and safety policy. The policy must set out the general statement of intent, organisation, and arrangements for health and safety.

What should a health and safety policy include?

A compliant health and safety policy must include three elements: a statement of intent signed by senior management, an organisation section defining responsibilities at all levels, and an arrangements section explaining how health and safety is managed in practice.

Who is responsible for the health and safety policy?

The employer is legally responsible for having a suitable and sufficient health and safety policy. In practice, senior management must demonstrate commitment by signing the statement of intent. Day-to-day management of the policy may be delegated but ultimate responsibility remains with the employer.

How often should a health and safety policy be reviewed?

Policies should be reviewed at least annually and updated whenever significant changes occur, such as organisational restructuring, new activities or risks, legislative changes, or findings from audits or incidents.

Can we use a template health and safety policy?

Generic templates are not recommended. While templates may meet basic legal requirements, they do not reflect your specific activities, risks, and management structure. Auditors and inspectors readily identify generic templates, which signal a tick-box approach rather than genuine management.

Do contractors and visitors need to be covered by the policy?

Yes. Your policy should address how you manage risks to contractors, visitors, and others who may be affected by your activities. Many client audits specifically check contractor management arrangements.

Will a health and safety policy help during audits and inspections?

Yes. The policy is typically the first document requested during Health and Safety Audits and regulatory inspections. A well-written, bespoke policy demonstrates professionalism and organised management. Generic or outdated policies raise concerns.

Do small businesses really need a health and safety policy?

Organisations with fewer than five employees are not legally required to have a written policy under UK law. However, having a policy is strongly recommended as best practice and may be required for tender submissions or contractor accreditation.

Does my health and safety policy need to be signed?

Yes. The statement of intent should be signed by a senior person with authority to commit the organisation, such as the Managing Director or Chief Executive. This demonstrates board-level commitment and personal accountability.

What is the difference between a health and safety policy and a risk assessment?

A health and safety policy sets out the overall framework for managing health and safety, including commitment, responsibilities, and arrangements. Risk assessments are specific evaluations of particular hazards and activities. Risk assessments implement the arrangements described in the policy.