Plan, Do, Check, Act: The HSE Framework for Managing Health and Safety

A practical guide to implementing the PDCA cycle for continuous improvement in workplace safety

Published by Arinite Health & Safety Consultants | February 2026 | 14 min read

Effective health and safety management is not a one-time task. It requires a systematic, ongoing approach that continuously identifies risks, implements controls, monitors performance, and makes improvements. The Health and Safety Executive (HSE) recommends the Plan, Do, Check, Act (PDCA) model as the framework for achieving this, and it forms the basis of their guidance in HSG65: Managing for Health and Safety.

The PDCA cycle, also known as the Deming cycle after quality management pioneer W. Edwards Deming, is a continuous improvement framework that has been applied successfully across business management for decades. When applied to health and safety, it provides a structured approach that balances both the systems and behavioural aspects of safety management. It treats health and safety as an integral part of good management, not as a separate bureaucratic exercise.

This guide explains each stage of the PDCA cycle, shows how to apply it in practice, and demonstrates how it aligns with international standards such as ISO 45001. Whether you are establishing a new safety management system or looking to improve an existing one, understanding PDCA is essential.

What Is Plan, Do, Check, Act?

Plan, Do, Check, Act is a four-stage cycle for continuous improvement. It provides a logical, systematic approach to managing any process, including health and safety. The cycle is iterative: once you complete the Act stage, you return to Plan and begin again, continually refining and improving your approach.

The four stages are:

Plan: Determine your policy, plan for implementation, and set objectives. Identify hazards, assess risks, and decide what controls are needed.

Do: Implement your plans. Put control measures in place, provide training, communicate with employees, and establish the systems and processes needed to manage safety.

Check: Monitor and measure performance. Conduct inspections, audits, and reviews to assess whether your plans are being implemented and whether they are effective.

Act: Review performance against objectives and take action to address any shortcomings. Learn from experience and make improvements for the next cycle.

The power of PDCA lies in its cyclical nature. It is not a linear process with a beginning and end. Instead, it creates a culture of continuous improvement where safety management evolves and strengthens over time.

Why PDCA Matters for Health and Safety

The PDCA approach delivers significant benefits for organisations:

Systematic management: PDCA provides a structured framework that ensures all aspects of safety management are addressed. It prevents the ad hoc, reactive approach that characterises poor safety management.

Continuous improvement: Rather than treating safety as a fixed set of procedures, PDCA drives ongoing enhancement. Each cycle builds on the previous one, progressively strengthening your safety performance.

Balance of systems and behaviours: Effective safety management requires both good systems (policies, procedures, risk assessments) and good behaviours (leadership, employee engagement, safety culture). PDCA addresses both.

Integration with business management: PDCA treats health and safety as part of normal business management, not as a separate function. This integration helps ensure that safety receives appropriate attention and resources.

Alignment with standards: The PDCA cycle is at the heart of ISO 45001 and other management system standards. Organisations using PDCA are well-positioned to achieve certification.

Learning from experience: PDCA creates mechanisms for learning from incidents, near misses, audits, and inspections. This learning is fed back into the cycle to prevent future problems.

Plan: Setting the Direction for Health and Safety

The Plan stage establishes the foundation for your health and safety management. It involves developing your policy, assessing risks, setting objectives, and planning how you will achieve them.

Health and Safety Policy

Your health and safety policy sets out your organisation's commitment to safety and how you intend to manage it. Under the Health and Safety at Work Act 1974, employers with five or more employees must have a written policy. An effective policy includes a general statement of intent signed by senior management, the organisation and arrangements for implementing the policy, and clear allocation of responsibilities at all levels.

Risk Assessment and Profiling

Understanding your risks is fundamental to planning. This involves identifying the hazards present in your workplace, assessing who might be harmed and how, evaluating the level of risk, and determining what control measures are needed. Risk assessment is a legal requirement under the Management of Health and Safety at Work Regulations 1999. The findings must be recorded for employers with five or more employees.

Setting Objectives and Targets

Effective planning includes setting measurable objectives for health and safety performance. These might include targets for reducing accident rates, improving training completion, achieving accreditation, or completing risk assessments. Objectives should be specific, measurable, achievable, relevant, and time-bound. They provide focus for your efforts and a basis for measuring success.

Planning for Implementation

Planning also involves determining how you will implement your safety arrangements. This includes:

• Allocating responsibilities and ensuring people understand their roles
• Determining the resources (people, time, budget) needed
• Identifying training requirements and how they will be met
• Establishing communication channels and consultation arrangements
• Developing procedures for specific activities and hazards
• Planning for emergencies and how they will be managed

Do: Delivering Effective Safety Management

The Do stage is about implementation. It involves putting your plans into action, establishing the management systems and processes needed, and ensuring that day-to-day activities are carried out safely.

Implementing Control Measures

The control measures identified during risk assessment must be put in place. This might include physical controls such as guards, ventilation, or barriers; procedural controls such as safe systems of work, permits, or method statements; and personal protective equipment where other controls are not sufficient. Follow the hierarchy of controls, prioritising elimination and substitution over administrative controls and PPE.

Providing Resources

Effective safety management requires adequate resources. This includes people with the competence and time to manage safety, equipment and materials needed for safe working, budget for training, equipment, and improvements, and access to competent advice when needed, whether internal or external.

Training and Competence

Everyone in the organisation needs the knowledge and skills to work safely. This includes induction training for new starters, job-specific training on hazards and controls, training for managers and supervisors on their responsibilities, and specialist training for high-risk activities. Training records should be maintained to demonstrate competence.

Communication and Consultation

Employees need to know about the hazards they face and the precautions they should take. Communication should be two-way: employers must share information with employees, and employees should be encouraged to raise concerns and report hazards. Consultation with employees is a legal requirement under the Safety Representatives and Safety Committees Regulations 1977 and the Health and Safety (Consultation with Employees) Regulations 1996.

Managing Contractors

If you use contractors, you must ensure they are competent and that their work does not create risks for your employees or others. This involves checking contractor competence before they start work, providing them with relevant information about site hazards, monitoring their work to ensure it is carried out safely, and coordinating activities to prevent conflicts between different workers.

Check: Monitoring and Measuring Performance

The Check stage involves monitoring and measuring your health and safety performance to determine whether your plans are being implemented and whether they are effective. Without systematic checking, you cannot know whether your safety management is working.

Active Monitoring

Active monitoring involves checking that your systems are working before things go wrong. It includes:

• Regular workplace inspections to check that controls are in place and being used
• Checking that risk assessments are current and control measures are implemented
• Monitoring compliance with procedures and safe systems of work
• Reviewing training records to ensure everyone has received required training
• Checking that equipment is properly maintained and inspected
• Conducting health surveillance where required by regulations

Reactive Monitoring

Reactive monitoring involves learning from things that have gone wrong. It includes:

• Investigating accidents, incidents, and near misses to identify root causes
• Analysing accident and ill health data to identify trends and patterns
• Reviewing complaints and concerns raised by employees
• Monitoring sickness absence for signs of work-related ill health
• Responding to enforcement action or improvement notices from regulators

Auditing

Periodic audits provide a more comprehensive assessment of your safety management system. Audits examine whether your policies, procedures, and systems are adequate, whether they are being followed, and whether they are achieving their objectives. The HSE recommends that larger organisations have formal procedures for auditing and reporting on health and safety performance. Audits can be conducted internally or by external auditors, depending on the level of independence and expertise required.

Reporting to Management

Monitoring data must be reported to those who can act on it. Management systems should ensure that the board or senior management receives both routine reports on safety performance and immediate reports on significant incidents or concerns. Effective reporting includes both preventive information (such as training completion and inspection results) and incident data (such as accident rates and near miss reports).

Act: Reviewing and Improving Performance

The Act stage completes the cycle by reviewing performance against objectives and taking action to address any shortcomings. It is also about learning from experience and making improvements for the next cycle.

Management Review

Regular management reviews should examine:

• Whether the health and safety policy reflects current priorities, plans, and targets
• Whether objectives have been achieved and, if not, why not
• Whether risk management and other systems have been working effectively
• What lessons can be learned from incidents, near misses, and audit findings
• Whether there have been changes (new processes, equipment, legislation) that require action
• What improvements should be made for the next period

Taking Corrective Action

Where monitoring and review identify shortcomings, corrective action must be taken. This might involve updating risk assessments and procedures, providing additional training, implementing new controls, allocating additional resources, or changing organisational structures or responsibilities. Corrective actions should be tracked to ensure they are completed, and their effectiveness should be verified.

Learning and Continuous Improvement

The Act stage is not just about fixing problems. It is about learning from experience and continuously improving your safety management. This includes learning from incidents and near misses, benchmarking against other organisations in your sector, keeping up with developments in good practice, responding to changes in legislation and guidance, and celebrating successes and recognising good performance. The improved approach then becomes the baseline for the next cycle, creating a spiral of continuous improvement rather than a static circle.

PDCA and International Standards

The PDCA cycle is recognised internationally as the foundation for effective management systems. ISO 45001, the international standard for occupational health and safety management systems, is explicitly built around the PDCA model. The standard requires organisations to plan their safety management system, implement and operate it, monitor and measure performance, and review and continually improve.

Organisations operating internationally benefit from using PDCA because it provides a consistent framework that can be applied across different countries and regulatory environments. While the specific legal requirements vary between jurisdictions, the PDCA approach ensures that the fundamental elements of effective safety management are in place everywhere.

For organisations seeking ISO 45001 certification, implementing PDCA as described in HSG65 provides an excellent foundation. The HSE's approach aligns closely with ISO 45001 requirements, making the transition to certification straightforward for organisations already following HSG65 guidance.

Practical Tips for Implementing PDCA

• Start where you are: you do not need to create a perfect system from scratch. Begin with your current arrangements and use PDCA to improve them incrementally
• Keep it proportionate: the complexity of your system should match the complexity of your risks. Small, low-risk organisations need simpler arrangements than large, high-hazard ones
• Involve employees: PDCA works best when employees are engaged throughout the cycle, from identifying hazards to suggesting improvements
• Document what matters: maintain records of your plans, actions, monitoring, and reviews. This provides evidence of your approach and helps identify trends over time
• Make it visible: share your objectives, progress, and performance with everyone in the organisation. Transparency builds commitment
• Be patient: continuous improvement takes time. Focus on making steady progress rather than expecting instant transformation
• Learn from others: benchmark against similar organisations and learn from their successes and failures
• Get help when needed: if you lack the internal expertise for effective PDCA, bring in external support

How Arinite Can Help

At Arinite, we help organisations implement effective health and safety management systems based on the PDCA model. Our team of Chartered (CMIOSH) consultants has over 500 years of combined experience, and we understand how to make PDCA work in practice across organisations of all sizes and industries.

Our services support every stage of the PDCA cycle:

• Plan: policy development, risk assessment, and safety management system design
• Do: implementation support, training, procedure development, and contractor management
• Check: audits, inspections, incident investigation, and performance monitoring
• Act: management reviews, corrective action tracking, and continuous improvement programmes

We also provide ISO 45001 implementation and certification support for organisations seeking formal accreditation of their management systems. With experience supporting over 1,500 UK businesses and operations in more than 50 countries, we understand how to apply PDCA effectively in diverse contexts. Our approach is practical, proportionate, and focused on what actually improves safety. We call it "Keeping It Simple."