ClearCut.tools
Health & Safety5 April 20265 min read

Health and Safety Policy: What It Must Include (UK 2024 Guide)

Everything UK small business owners need to know about writing a health and safety policy. Covers legal requirements, the 3-part structure, who signs it, and how often to review.

If you employ five or more people in the UK, you are legally required to have a written health and safety policy. Failure to have one — or having one that is inadequate — can result in improvement notices, fines, and personal liability for directors and senior managers.

This guide explains exactly what a compliant health and safety policy must include and how to write one that works in practice, not just on paper.

The Legal Requirement

Section 2(3) of the Health and Safety at Work etc. Act 1974 requires every employer with five or more employees to prepare, and bring to employees' attention, a written statement of general policy on health and safety at work. This must include the organisation and arrangements for carrying out that policy.

If you employ fewer than five people, you are not legally required to write it down — but you still need to have a policy in practice. Many small businesses choose to document it anyway as evidence of compliance.

The Three-Part Structure

The HSE specifies that a health and safety policy must cover three distinct areas. These are often called the three parts of the policy.

Part 1: The Statement of Intent. This is a general statement of your commitment to health and safety. It sets out the business's aims — to provide a safe working environment, to comply with legislation, to consult with employees, and to review performance. It should be signed and dated by the most senior person in the organisation, typically the managing director or owner. The signature demonstrates personal commitment and accountability at the highest level.

Part 2: Organisation. This section explains who is responsible for health and safety within the business and what their responsibilities are. It names specific individuals, not just job titles. It covers the chain of responsibility from the owner or director down to supervisors and individual workers. It also identifies any appointed persons, competent persons, and fire marshals. Employees need to know exactly who to report a concern or incident to.

Part 3: Arrangements. This is the most detailed part. It describes the specific procedures and systems you have in place for managing health and safety risks. It covers areas such as:

  • Risk assessment process
  • Accident reporting and investigation
  • First aid provision
  • Fire safety and emergency procedures
  • Training and induction
  • Control of substances hazardous to health (COSHH)
  • Manual handling
  • Display screen equipment (DSE)
  • Contractor management
  • Personal protective equipment

The arrangements section should be specific to your business. A generic template that does not reflect your actual workplace will not be suitable and sufficient.

Try the Health & Safety Policy Generator - free, instant results.

Open tool

Who Should Sign It?

The statement of intent must be signed by the most senior person responsible for the business — the owner, managing director, or CEO. This is not a formality. It creates a clear line of accountability and demonstrates to employees, enforcement officers, and insurers that health and safety has board-level commitment.

The policy should include the date of signing. When the policy is reviewed and updated, it must be re-signed and re-dated.

How Often Should the Policy Be Reviewed?

The law does not specify a fixed review interval, but "suitable and sufficient" implies keeping the policy current. As a minimum:

  • Review it at least once a year
  • Review it whenever there is a significant change in the business — new premises, new processes, significant change in workforce size, or a new type of risk
  • Review it after any accident or near-miss that suggests the current arrangements were inadequate
  • Review it when relevant legislation changes

Note the review date on the document itself and assign a named person responsibility for triggering the review.

Bringing It to Employees' Attention

The Act requires that you bring the policy to the attention of all employees. Handing someone a document on their first day and asking them to sign a form is not sufficient on its own. Employees should understand the policy, know where to find it, and be told when it is updated.

Common approaches include including it in the induction pack, posting it on a notice board, sharing it via an internal communications system, and reviewing it verbally during team meetings.

Common Mistakes to Avoid

Using an unmodified template. A policy that refers to "the company name" in brackets, or describes roles that do not exist in your business, signals that it has not been reviewed. HSE inspectors and employment tribunals look for evidence that the policy reflects the actual organisation.

Not updating it after changes. A policy signed five years ago that still names a manager who left the business three years ago is not fit for purpose.

Separating the policy from the risk assessments. The policy should reference your risk assessments and the two documents should be consistent with each other.

Try the Health & Safety Policy Generator - free, instant results.

Open tool

Related Tools

Health & Safety Policy Generator
Generate a full health and safety policy document for your business using AI.
Risk Assessment Generator
Generate a complete risk assessment for any activity or workplace using AI.
Back to all guides