Skip to content

HSE inspections up 47% - HSE carried out over 13,200 workplace inspections in 2024/25.

Blog/INTERNATIONAL H&S

What Is a Health and Safety Policy? Complete Guide for UK and Global Businesses

A
Arinite Health & Safety Consultants
April 28, 2026
21 min read
What Is a Health and Safety Policy? Complete Guide for UK and Global Businesses

A health and safety policy is the foundational document of every employer's legal duty to protect people at work. Under Section 2(3) of the Health and Safety at Work etc. Act 1974, every employer with five or more employees must prepare and keep up to date a written statement of their general policy with respect to the health and safety at work of their employees, and the organisation and arrangements for carrying out that policy. It must be brought to the attention of all employees. Failure to produce a compliant policy is a specific legal breach — and producing a generic, unsigned, or out-of-date document offers no meaningful protection in enforcement action or civil litigation. This guide answers the question "what is a health and safety policy?" across 12 essential dimensions, covering legal foundations, required content, common mistakes, and international equivalents.

Why a Health and Safety Policy Is More Than a Document

Before exploring what a health and safety policy must contain, it is worth understanding what it is actually for.

The policy is the employer's public commitment to managing health and safety — its statement of intent, its organisational structure for delivering that intent, and its practical arrangements for making it happen. It signals to employees, contractors, regulators, customers, and insurers how the organisation treats its responsibilities. It provides the framework within which all specific procedures, risk assessments, and training programmes operate.

When the HSE investigates a workplace incident, the health and safety policy is among the first documents examined. When procurement teams assess suppliers, the policy's currency and appropriateness directly affect contract award decisions. When employers' liability insurers assess claims, the quality of the policy influences their response.

A policy produced for compliance appearance — generic, unreviewed, filed away — provides no protection. A genuinely operational policy that guides daily management decisions is one of the most effective tools in workplace safety management.

Health and Safety Consultants develop policies that genuinely reflect how a business operates and its specific risk profile, rather than adapting generic templates that could belong to any employer in any sector.

A health and safety policy is a written document required by Section 2(3) of the Health and Safety at Work etc. Act 1974. For workplaces with five or more employees, employers must keep a written record of their health and safety policy, as well as consult with employees (or employee representatives) on relevant policies and associated health and safety arrangements.

The law does not prescribe a specific format, length, or template. What it requires is substance: that the document genuinely addresses the employer's approach to managing health and safety and how that approach is implemented in practice.

The policy must:

  • Be in writing
  • Be specific to the employer and their operations
  • Set out the general policy on health and safety at work
  • Describe the organisation responsible for implementing the policy
  • Describe the arrangements for putting the policy into practice
  • Be brought to the attention of all employees
  • Be kept up to date

The HSE's own guidance states clearly that the policy should tell employees about the organisation's commitment to managing health and safety and who is responsible for specific actions.

It is not sufficient to have a policy that was written once and filed. The duty is continuous: the policy must be maintained as an accurate and current reflection of how health and safety is actually managed.

2. Who Legally Needs a Written Health and Safety Policy

The written policy requirement under the Health and Safety at Work Act 1974 applies to employers with five or more employees. If you employ more than five people you must have a written health and safety policy.

However, the underlying duty to have a health and safety policy — even if not in writing — applies to every employer from the first employee. The written record requirement is simply the point at which the law mandates that the policy is formally documented.

Practical guidance for employers of fewer than five: Even if you do not employ five people, it is still good practice to make a written record of your assessment and policy statement. If you do not, it may later be difficult to demonstrate that you have fulfilled your duties under the HSWA.

In practice, virtually every business — regardless of size — benefits from a written policy. The policy forms part of the evidence base that demonstrates due diligence in the event of any enforcement action, civil claim, or procurement assessment.

The duty applies to all forms of employment regardless of contract type. Employers of full-time, part-time, temporary, agency, zero-hours, and remote workers are all covered. The nationality of employees and the nature of the work are irrelevant to the fundamental obligation.

3. The Three Essential Sections of a Health and Safety Policy

The HSE identifies three distinct sections that every health and safety policy must contain. Each serves a different purpose. All three are legally required components of a complete policy.

Section 1: Statement of Intent

The statement of intent is the employer's public commitment to health and safety. It sets out the organisation's goals and demonstrates that senior leadership takes health and safety seriously.

The statement of intent must be signed and dated by the most senior person in the organisation — the managing director, chief executive, or equivalent. An unsigned statement has no legal or practical force. A statement signed by someone who no longer holds that role must be updated.

Effective statements of intent include:

  • The organisation's commitment to protecting the health, safety, and welfare of employees and others
  • An acknowledgement that health and safety is a management priority alongside business performance
  • The organisation's commitment to compliance with applicable legislation
  • The commitment to continuous improvement in health and safety performance
  • The signature and date of the most senior person, confirming ownership

The statement should be written specifically for the organisation. Generic statements that could apply to any business signal to inspectors and assessors that the policy has not been genuinely adopted.

Section 2: Organisation

The organisation section specifies who is responsible for health and safety within the business — from the most senior level to individual employees.

This section must identify:

  • The senior manager or director with overall responsibility for health and safety
  • The competent person appointed under Regulation 7 of the Management of Health and Safety at Work Regulations 1999
  • Line managers and supervisors with specific health and safety responsibilities in their areas
  • The responsibilities of employees generally
  • Any specialist roles, such as fire marshals, first aiders, and safety representatives
  • How health and safety responsibilities are communicated and cascaded through the organisation

For businesses using an external Health and Safety Consultants arrangement to fulfil the competent person requirement, this section should identify the consultant and their role alongside internal management responsibilities.

The organisation section is the point at which policy connects to accountability. Without named individuals and defined responsibilities, the policy remains aspirational rather than operational.

Section 3: Arrangements

The arrangements section is the most detailed part of the policy. It describes the practical systems and procedures through which the organisation delivers its health and safety commitments.

Arrangements typically cover:

  • How risk assessments are conducted, reviewed, and recorded
  • Emergency procedures: evacuation, fire, first aid, and incident response
  • Arrangements for information, instruction, and training
  • Procedures for managing specific risks identified as relevant to the organisation (manual handling, DSE, COSHH, working at height, lone working, etc.)
  • Monitoring and review arrangements including inspections and audits
  • Incident and near-miss reporting and investigation
  • Consultation arrangements with employees
  • How contractors and visitors are managed
  • Maintenance and inspection of equipment and premises

The arrangements section must reflect how the business actually operates, not how it aspires to operate. An arrangements section that describes procedures that do not exist in practice is not a compliant document — and creates greater legal exposure by implying that specific controls exist when they do not.

4. What Distinguishes an Effective Policy from a Compliant One

Meeting the legal minimum is not the same as having an effective health and safety policy. The difference matters both practically and commercially.

Legal minimum: A written document with three sections, signed by a senior person, brought to employees' attention, and reviewed periodically.

Effective policy: A document that genuinely guides management decisions, is actively referenced in day-to-day operations, reflects the actual risk profile of the business, is understood by the managers who implement it, and provides the framework for all other health and safety activity.

The gap between compliant and effective is where most enforcement action focuses. An HSE inspector who finds that a policy exists but that its arrangements have never been implemented, that managers are unaware of their responsibilities, or that the organisation section names people who left the business three years ago will conclude that the policy is a paper exercise rather than a management tool.

Characteristics of genuinely effective policies include:

  • Specific to the business, its activities, its workforce, and its risk profile
  • Written in language that managers and employees can understand without specialist knowledge
  • Regularly reviewed and updated to reflect changes in the business or legislation
  • Referenced in induction training and management briefings
  • Used as the basis for all other health and safety documentation
  • Understood by the person whose signature it carries

5. The Review Obligation — When and Why the Policy Must Be Updated

Employers must also prepare and keep under review a safety policy and to bring it to the attention of his employees. The duty is continuous — not discharged by writing a policy once.

The policy must be reviewed and updated whenever:

The business changes significantly: New activities, new premises, new equipment, expansion into new markets, changes in workforce size or composition, and changes in organisational structure all require policy review.

Legislation changes: New regulations, HSE guidance updates, or court decisions that affect the organisation's health and safety obligations require the policy to be updated to reflect current legal requirements.

A significant incident occurs: Following any workplace accident, near miss, or dangerous occurrence, the policy arrangements should be reviewed to determine whether they contributed to or could have prevented the incident.

The policy becomes inaccurate: Named individuals leave the business, responsibilities change, or procedures are updated. An inaccurate policy creates confusion and reduces the credibility of the document.

At regular intervals as a minimum: Annual review is the widely accepted minimum frequency for most businesses. Higher-risk operations, or those in rapidly evolving regulatory environments, may require more frequent review.

A policy with a review date that has passed is, in regulatory terms, almost as problematic as no policy at all. It signals that the employer has failed to maintain oversight of their compliance obligations.

Health and Safety Consultants and Software solutions maintain document review schedules, sending alerts when key documents approach their review date and maintaining version history to demonstrate the review record.

6. How the Policy Connects to Other Health and Safety Documents

The health and safety policy is the apex document of the employer's health and safety management system. All other health and safety documentation flows from it and must be consistent with it.

Risk assessments implement the policy's commitment to identifying and controlling risks. The policy's arrangements section should describe how risk assessment is conducted and when it is carried out. Individual risk assessments provide the operational detail that the policy references.

Safe systems of work and procedures translate the policy's arrangements into the specific instructions that employees follow for particular tasks or in particular environments.

Emergency procedures implement the policy's emergency arrangements. The policy names the principles and responsibilities; emergency procedures provide the step-by-step instructions.

Training programmes deliver the information and competence that the policy identifies as necessary. Training records provide evidence that the policy's commitments have been fulfilled.

Inspection and audit records demonstrate that the monitoring arrangements described in the policy have been carried out. Independent Health and Safety Audits verify that the policy is being implemented effectively and identify where gaps exist between policy commitments and actual practice.

An organisation whose risk assessments, training programmes, and audit records are consistent with its policy demonstrates a coherent, genuinely managed health and safety system. One whose documentation is inconsistent or whose practice does not reflect its policy creates legal exposure at multiple points.

7. Common Mistakes That Undermine Policy Compliance

The most frequent policy failures are well-documented and consistent across sectors. Understanding them helps businesses avoid the gaps that inspectors and assessors identify most readily.

Generic templates without adaptation: A policy downloaded from the internet and used without modification will describe arrangements that do not reflect the actual business. It will name generic roles rather than specific individuals, describe procedures that may not exist, and omit the specific hazards of the actual workplace. Generic policies are identified immediately in regulatory inspection and provide no due diligence defence.

Unsigned or incorrectly signed statements: The statement of intent must be signed by the most senior person in the organisation. A policy signed by a health and safety manager, an office manager, or someone who no longer works at the business is non-compliant.

Out-of-date review dates: A policy that has not been reviewed within the expected period signals abandonment of the ongoing duty. Policies with expired review dates are among the most common findings in Health and Safety Audits.

Named individuals who have left: The organisation section must reflect current responsibilities. When named individuals leave, their successors must be identified and the policy updated.

Arrangements that describe non-existent procedures: Claiming that specific procedures exist — regular fire drills, quarterly inspections, specific training programmes — when they do not creates a worse legal position than acknowledging that they need to be implemented.

Failure to communicate the policy to employees: The legal duty is not only to write the policy but to bring it to employees' attention. A policy that is filed and never communicated is not a compliant one.

Disconnection from actual practice: A policy whose arrangements describe a different organisation from the one that actually operates — because it was written for a previous version of the business and never updated — undermines all other compliance activity.

8. Communicating the Policy to Employees

Employers must also prepare and keep under review a safety policy and to bring it to the attention of his employees. The communication duty is explicit and ongoing.

Effective communication approaches include:

Induction: Every new employee should receive a copy of the policy — or a meaningful summary — as part of their induction. They should understand its key commitments and their own responsibilities within it.

Accessibility: The policy should be available to all employees, whether through the staff intranet, a shared drive, physical display in the workplace, or individual copies. Employees should be able to access and reference it without barriers.

Briefing: For larger organisations, management briefings on the policy's content — particularly the organisation section identifying who is responsible for what — ensure that the document is understood, not merely distributed.

Regular reminders: Annual policy review creates a natural opportunity to remind all employees of the policy's content and any changes made.

Language accessibility: In workplaces where employees work in languages other than English, the policy should be available in languages that all employees can understand. This is particularly relevant for construction sites, food manufacturing, hospitality, and care sectors with diverse workforces.

For businesses with remote and hybrid workforces, digital distribution and acknowledgement systems — supported by Health and Safety Consultants and Software platforms — provide scalable and evidenced communication across dispersed teams.

9. The Policy in Tenders, Audits, and Regulatory Interactions

A current, appropriate health and safety policy is the first document requested in virtually every formal health and safety interaction.

HSE inspection: The HSE inspector will request the policy as a starting point. A current, signed, and well-structured policy demonstrates that health and safety is genuinely managed. An absent, outdated, or generic policy signals the opposite and triggers further investigation.

Local authority environmental health inspection: Environmental health officers conduct similar assessments in lower-risk premises. The policy is the foundational document of any compliance assessment.

Tender submissions: Procurement processes for public sector and major private sector contracts treat the health and safety policy as a standard requirement. A policy that is not current, not signed by the right person, or not appropriate for the business may eliminate the submission at the pre-qualification stage.

SSIP accreditation: Health and safety accreditation schemes including CHAS, SafeContractor, and Constructionline assess the health and safety policy as part of their assessment criteria. A non-compliant policy creates a barrier to accreditation.

Insurance assessment: Employers' liability and public liability insurers assess the quality of health and safety management in pricing and claims responses. The policy is a key indicator of the quality of management.

Civil litigation: In the event of a personal injury claim, the health and safety policy forms part of the evidence base for the employer's due diligence defence. An inadequate policy strengthens the claimant's case.

10. The Health and Safety Policy in an International Context

UK businesses operating internationally encounter requirements that parallel the health and safety policy obligation but differ in their specific content, format, and legal basis.

Netherlands: The RI&E (Risico-Inventarisatie en -Evaluatie) incorporates elements of risk assessment and prevention planning that function alongside the employer's working conditions policy (Arbobeleid). The Arbowet requires every employer to have a documented policy on working conditions.

France: The Plan de Prévention des Risques Professionnels is the French equivalent — a more prescriptive document than the UK policy, with specific required content about the organisation's prevention structure, objectives, and resources. The PAPRIPACT annual prevention programme supplements it for employers with 50 or more employees.

Germany: The Arbeitsschutzgesetz requires employers to document their health and safety management arrangements. DGUV sector-specific requirements impose additional documentation obligations through the Berufsgenossenschaften system.

Italy: The RSPP legislation requires a Documento di Valutazione dei Rischi (DVR) that combines risk assessment and management documentation. The designated RSPP is responsible for maintaining this documentation.

Spain: The Plan de Prevención de Riesgos Laborales under the LPRL is the Spanish equivalent, with prescribed content including the company's organisational structure, productive processes, prevention modality, and objectives.

ISO 45001: The international management system standard requires documented OH&S policy as a specific Clause 5.2 requirement. The policy must be appropriate to the organisation's purpose and context, provide a framework for objectives, include commitments to legal compliance and continual improvement, and be communicated, available, and maintained as documented information.

International Health and Safety Consultants help businesses develop policies that meet UK requirements for their home operations and equivalent documents for each international jurisdiction, ensuring that the policy framework is coherent across the group while meeting local legal obligations.

11. How to Get Your Health and Safety Policy Right

A genuinely effective health and safety policy requires more than filling in a template. It requires understanding of the business, its risk profile, its structure, and the regulatory requirements that apply to it.

Start with your risk assessment: The policy's arrangements section should reflect the specific hazards and control measures identified in the risk assessment. A policy written without reference to risk assessment will describe generic arrangements rather than those relevant to the actual business.

Use your organisational structure: The organisation section must name real people in real roles. The policy should reflect how your business actually manages responsibility, not how an ideal business might.

Write for your audience: The policy will be read by employees, managers, inspectors, and assessors. It should be written in plain English that all these audiences can understand. Technical jargon reduces comprehension and signals that the document was written for appearance rather than practical use.

Commission professional support: Health and Safety Consultants develop policies that are legally compliant, sector-specific, and genuinely operational. A professionally produced policy costs a fraction of the risk it mitigates.

Establish a review system: Build the review obligation into your compliance calendar. Annual review at minimum, triggered review whenever material changes occur. Health and Safety Consultants and Software solutions automate this scheduling.

Integrate it: Use the policy as the foundation for induction, training, management briefings, and all other health and safety activity. A policy that is referenced and used daily is the opposite of a policy that is filed and forgotten.

12. How Arinite Develops Health and Safety Policies

Arinite develops health and safety policies for UK and international businesses across all sectors, combining CMIOSH-qualified expertise with deep sector knowledge and integrated technology.

Sector-specific development: Policies developed from a genuine understanding of the sector's specific hazards, regulatory requirements, and workforce characteristics. A financial services firm's policy should not look like a construction company's. Arinite supports sectors including financial services, technology, retail, hospitality, healthcare, professional services, and construction.

Legally complete: Policies structured to meet Section 2(3) of the Health and Safety at Work Act 1974, with all three required sections correctly populated and appropriate to the business.

Named and signed: Policies that identify real individuals in real roles, signed by the appropriate senior person, and reviewed on a documented cycle.

Integrated with risk assessment: Policies developed alongside and consistent with the business's risk assessments, creating a coherent documentation framework rather than disconnected documents.

International policy frameworks: For businesses with international operations, Arinite develops policy documentation appropriate to each jurisdiction's requirements, including French Plan de Prévention, Dutch Arbobeleid, and ISO 45001-aligned policy documentation.

Technology-enabled maintenance: Health and Safety Consultants and Software solutions maintain policy documents in a managed system with version control, review scheduling, and employee acknowledgement tracking.

Independent audit: Health and Safety Audits verify that the policy remains current, appropriate, and consistent with actual practice — providing the independent evidence that tenders, insurers, and regulators require.

Supporting over 1,500 global businesses with a 95%+ client retention rate, Arinite's CMIOSH-qualified consultants produce policies that genuinely protect businesses and the people who work for them.

Frequently Asked Questions

What is a health and safety policy?

A health and safety policy is a written document required by Section 2(3) of the Health and Safety at Work etc. Act 1974. It sets out an employer's general approach to managing health and safety, who is responsible for it, and the practical arrangements through which the commitments are delivered. It must be written, signed by the most senior person, brought to employees' attention, and kept up to date.

Who needs a written health and safety policy?

Every employer with five or more employees is legally required to have a written health and safety policy. Employers with fewer than five employees have the same underlying duty but are not legally required to record it in writing, although doing so is strongly recommended as evidence of due diligence.

What are the three sections of a health and safety policy?

The HSE identifies three required sections: the statement of intent (the employer's commitment and goals), the organisation (who is responsible for what), and the arrangements (the practical systems and procedures for implementing the policy).

How often must a health and safety policy be reviewed?

The policy must be kept up to date. Annual review is standard practice. It must also be reviewed whenever significant business changes occur, following workplace incidents, or when relevant legislation changes. A policy with an expired review date is non-compliant.

Can I use a generic template for my health and safety policy?

Generic templates provide a useful starting structure but must be substantially adapted to reflect your specific business, its activities, its workforce, and its risk profile. An unadapted generic policy will not meet the "appropriate to the organisation" standard that the law requires and will not withstand regulatory scrutiny following an incident.

What happens if I do not have a health and safety policy?

Failure to produce a written health and safety policy when required (five or more employees) is a breach of the Health and Safety at Work Act 1974. This can result in HSE improvement notices, prosecution, and — critically — significantly increased liability in the event of a workplace accident or civil claim. Many procurement processes will also disqualify businesses without a current policy.

Does a health and safety policy need to be signed?

Yes. The statement of intent section of the policy must be signed and dated by the most senior person in the organisation. An unsigned policy does not demonstrate senior leadership ownership, which is a specific element of what the policy is intended to establish.

How does the health and safety policy differ internationally?

Each country has its own equivalent requirement. France requires a Plan de Prévention des Risques Professionnels. Spain requires a Plan de Prevención de Riesgos Laborales. The Netherlands requires an Arbobeleid. Germany requires documented management arrangements under the Arbeitsschutzgesetz. International Health and Safety Consultants help businesses meet these requirements across all their international operations.

Taking the Next Step

A health and safety policy is the legal foundation of every employer's compliance obligations and the most scrutinised document in any formal health and safety interaction. Getting it right — specific to your business, signed, current, and genuinely operational — is both a legal requirement and a commercial investment.

Assess your current position: Take our Health and Safety Quiz to evaluate whether your current policy meets the key requirements.

Get expert help: Book a free Gap Analysis Call with an Arinite consultant to review your policy, identify gaps, and understand what a professionally produced policy for your business would look like.

Commission your policy: Contact Arinite to learn how our Health and Safety Consultants develop sector-specific, legally complete health and safety policies for UK and global businesses.

Arinite provides professionally developed health and safety policies and comprehensive Health and Safety Consultants services to over 1,500 global businesses across the UK and 50+ countries. Key external resources: HSE health and safety policy guidance | Health and Safety at Work Act 1974 | British Safety Council | HSE OSHCR

Share this article
INTERNATIONAL H&S
A

Written by

Arinite Health & Safety Consultants

Health & Safety Expert at Arinite

More Articles

Related Articles

Health and Safety Training: 15 Essential Things Every UK and Global Business Must Know
INTERNATIONAL H&S

Health and Safety Training: 15 Essential Things Every UK and Global Business Must Know

April 26, 2026
1 min read
Health and Safety in Spain: LPRL Guide for UK and International Businesses
INTERNATIONAL H&S

Health and Safety in Spain: LPRL Guide for UK and International Businesses

April 26, 2026
1 min read
Health and Safety Inspection Guide: 12 Essential Steps for UK and Global Businesses
INTERNATIONAL H&S

Health and Safety Inspection Guide: 12 Essential Steps for UK and Global Businesses

April 24, 2026
1 min read
Free Resources

Health & Safety Factsheets

Download our comprehensive library of expert guides, checklists, and templates.

Browse Library
Get Professional Help

Need Expert H&S Advice?

Our qualified consultants are ready to support your specific business needs.

020 7947 9581Contact Us