Policy writing

Foundation documents

Whether it’s for your own organisation or someone else’s, we look at the essential components to include in a safety and health policy. 


As a business develops, so will the manner in which it operates. Once it reaches a particular size, a written statement of commitments and controls for occupational safety and health is critical to making the workplace safe.

In many jurisdictions, it is also a legal requirement. In the UK, for example, s 2(3) of the Health and Safety at Work Act requires employers with five or more employees to have a written safety and health policy.

This should be specific to the business, reflecting its culture and how it operates. It can be tempting to adopt policies borrowed from other businesses or use generic templates, but these off-the-shelf documents will not necessarily fit your organisation.

The policy should reflect current expected standards, which is why it is important to review it regularly.

Smaller set-ups may have a combined environmental and health and safety policy but in larger organisations the document should comprise three distinct parts:

  • a policy statement of intent

  • organisational responsibilities

  • arrangements for fulfilling the statement of intent.

Statement of intent

The statement is usually a single page; it is signed and dated by the most senior person in the organisation, usually the chief executive or managing director. It outlines their personal commitment to safety and health in the organisation.

Depending on the size and nature of the buisness, this will include a commitment to: 

  • workplaces that are safe and without risk to health

  • provision of safe entry and exit

  • provision of safe plant and systems of work

  • safe use, handling and transport of hazardous substances

  • provision of information, instruction and supervision

  • provision of adequate welfare facilities

  • management of risk through risk assessment

  • health monitoring

  • arrangements to plan, organise, control, check and review performance

  • learning from events that do not go to plan

  • provision of emergency arrangements

  • engaging competent people for policy implementation

  • protection of non-employees, such as contractors, visitors and students

  • consultation with employees and union representatives.

For organisations in the UK, these reflect the fundamental principles of the Health and Safety at Work Act and the Management of Health and Safety at Work Regulations 1999.

It is important for individuals to take personal responsibility for themselves and those who might be affected by their actions and decisions, so the policy should include a benchmark for standards expected of employees. Finally, there should be a commitment to resource operations adequately so work can be undertaken safely and without risk to health.

Organisations with more developed safety models will have their own bespoke key performance indicators. They should include targets within the statement of intent, such as a percentage reduction in sickness absence or an improvement in OSH audit scores.

Organisational responsibilities

OSH-policy-writingThis section will specify responsibilities of defined job titles in managing safety and health.

Occasionally, the organisational structure described in the policy will not mirror the management structure. For example, a manager may be assigned OSH duties for which they report directly to the chief executive or managing director, though they report to a line manager for other tasks.

It is useful to think of the organisational responsibilities section as a job description for OSH duties in all significant posts.

Senior officers and directors have the greatest responsibility, in particular decision-making on strategic direction and allocation and use of resources. A board director should be allocated responsibility for ensuring the policy is followed.

Senior roles and those with clearly defined OSH responsibilities should be named. A managerial post whose remit includes maintenance, repair and contractors will have specific responsibilities and its own OSH job description in this section.

The more senior the position, the greater the responsibility. However, everyone has duties, so this must be made clear in a general statement of all employees’ duty to prioritise their own and others’ safety and health.

There should be a commitment to resource operations adequately so work can be undertaken safely and without risk to health

An organisational diagram should be included showing who makes OSH decisions and how to “escalate” problems for an answer. If the business is part of a group of companies, the section should explain the influence of the group centre.

As a business grows and changes, reporting structures may move or new roles be created. This section of the policy is critical for giving people a clear understanding of their roles. If there are significant changes, it must be adjusted at this point rather than delayed until the standard periodic review is published so that everyone understands what is expected of them.

Responsibility and accountability for a particular safe system should be determined and slotted into the organisational responsibilities section by asking the questions: Who does this? Who makes it happen? Who checks it? Using this approach, issues are less likely to fall into a grey area where assumptions are made on the ownership of tasks.


Louise-Hosking-director-of-Hosking-AssociatesThe arrangements section describes the processes for meeting the policy’s objectives and for complying with regulation. A paragraph is enough for each significant hazard and its controls. You can put them in alphabetical order for ease of reference.

Arrangements should reflect the manner in which an area is managed in practice rather than describe methods of management or processes the business is clearly unable to meet. But topics cannot be left out purely because they are too difficult to manage; these issues need attention separately from the policy drafting.

Findings from risk assessments, either newly created or revised, will also feed into the arrangements section.

If greater detail or direction is required for any hazard or process, such as contractor management or fire and emergency procedures, this becomes the subject of a separate policy or operating procedure, which should be referred to in the relevant paragraph.

Each organisation should fully own its policy, and have been part of its creation even if an OSH professional has created the framework

As OSH becomes more integrated into the business, further operating procedures will probably be developed, which can then be referred to in the arrangements. Organisations with multiple operating procedures or other relevant documents can list them in an appendix to the policy.

Forms, checklists and templates used to implement arrangements are part of the organisation’s safety management system. Like operating procedures, these can be noted, but need not be included in the policy. A list of forms, templates or standard letters can form another appendix, which should also describe how these are controlled and managed. A list of OSH legislation may be added as an appendix too.

If it becomes apparent that topics are being left out because they are too difficult to manage, it should be raised as an opportunity for improvement.

The Health and Safety Executive’s website carries information that organisations can use to develop their arrangements. It also offers a sample policy suitable for smaller businesses (bit.ly/1UvrN90).

Under review

The policy should be reviewed at least yearly but also whenever the organisational structure or business alters significantly, or if there is a change in legislation that affects how the enterprise operates.

The annual review should be an opportunity to pause and consider whether the policy has covered all significant eventualities in the preceding 12 months and whether it is exerting a positive influence on OSH performance.

It should also be a device to refine the arrangements, making them more personal to the business as OSH performance improves and safe working practices and controls become more consistent or embedded.

Once a new policy is developed or after a significant review, those it affects should be made aware of its contents. A statement on how this awareness is to be achieved should be included in the arrangements section. Most companies will put the whole policy on the intranet, but they should consider whether that is enough to familiarise staff with its contents. Picking a topic in planned rotation throughout the year and creating a toolbox talk around it is an interactive way to raise awareness.

The statement of intent should be displayed on the company notice board and be explained in staff inductions. It should also be published on the company website to communicate the organisation’s OSH commitments to all stakeholders.

A good policy with specific responsibilities and clear arrangements will reflect the personality of the organisation. If you are a consultant asked to create or overhaul a policy, avoid drafting immediately. Take time to understand what the organisation does and how it does it, especially if it is in a period of change. Involve the staff; each organisation should fully own its policy, and have been part of its creation even if an OSH professional has created the framework. The business should aim to reach a point where updates can be made without outside help.

In UK law, organisations with fewer than five staff need not have written OSH policies, but they must still provide workers and others with a safe place to work or visit. A simple strategy document based on policy principles can help to define a direction, even for smaller companies.

Creating a policy and subsequent reviews will take time if it is undertaken in the right way and in consultation with those they affect. But that will make it more likely to become a document of which the business can feel proud.



Louise Hosking CMIOSH, director, Hosking Associates


  • a list of osh legislation may

    Permalink Submitted by Karl on 27 February 2018 - 08:28 pm

    a list of osh legislation may be added! Of course it should be how do people know what legislation is being taken account of when the policy is written


Add new comment