← Insights

Policy

The health and safety policy in three parts

July 2026 · 7 min read

Every organisation of any size gets asked for it sooner or later: a client doing supplier due diligence, an insurer at renewal, a new starter on day one who has to sign to say they have read it. The health and safety policy is usually the first safety document anyone outside the business ever sees, and in the UK a business with five or more employees is generally expected to hold one in writing. It sets the tone for everything else - if the policy is thin, whoever is reading it assumes the rest of the safety management is thin too.

And yet it is, by a wide margin, the most badly written document in most safety files.

Why most policy templates fail

Search for a health and safety policy template and two kinds of document turn up, and both fail for the same underlying reason: nobody involved actually described how the business works.

A policy that works is neither of those. It is short where it should be short, specific where it should be specific, and written so that someone new to the business can read it and understand how safety actually happens there. The structure that gets this right, and the one most guidance points to, has three distinct parts, each doing a different job.

Part 1: the Statement of Intent

The Statement of Intent is the shortest part and the one that matters most to a first-time reader. It is a page, not five pages, and it says plainly what the organisation commits to: managing risk properly, resourcing safety, involving the workforce, reviewing performance, complying with the law that applies to the work. Written in plain language, not legal boilerplate.

The part that makes it real is the signature. Signed and dated by the most senior person in the business, not delegated to a manager three levels down. A signed intent statement on the wall or the notice board says, unambiguously, that this is a leadership commitment and not a document someone in the office produced to tick a box. Give it a next-review date too, so it does not quietly go stale.

Part 2: Organisation and Responsibilities

The second part answers a single question: who is responsible for what. Not in the abstract - by role. The employer holds overall responsibility. Managers and supervisors are responsible for the day-to-day application of the policy in their area. Every employee has responsibilities too, however junior, and the policy should say so in specific terms rather than a vague "everyone must take care". The policy should also name where competent health and safety advice comes from, and how the workforce is consulted - a committee, a representative, a regular meeting, whatever the business actually does.

Most safety failures are not a missing rule. They are a responsibility nobody quite owned, because the policy never said whose job it was.

This is the part that stops safety falling between roles. When something goes wrong and the question is "whose job was this", a well-written Organisation section already has the answer, and everyone in the business already knew it before the incident happened.

Part 3: Arrangements - where it becomes real

Arrangements is the longest part and the one that exposes a generic policy instantly, because it has to describe how the specific business actually operates, not how businesses in general operate. Each topic gets its own short section, plain and practical rather than legalistic:

A generic Arrangements section reads like a definition from a textbook. A real one reads like an instruction: what the business actually does, who does it, and how often. If a new employee could read the Arrangements section and know what to do the first time they encounter a hazardous substance or need to report a near miss, it is doing its job. If it could apply equally to any business in any sector, it is not.

Making it live

A policy that sits in a folder is not a policy, it is a liability waiting to be discovered at the worst possible moment. Getting it live takes four steps: sign Part 1 properly, brief the whole document to the team rather than emailing a link nobody opens, put it somewhere people actually see it - notice board, intranet, induction pack - and keep a simple version log with a review date, so the policy is visibly a living document rather than a one-time exercise.

None of that works if the underlying document is boilerplate the business does not recognise as its own. Original wording, written to be edited rather than untangled, with a worked example alongside the blank version so it is obvious what "finished" looks like, closes the gap between having a policy and having one that actually describes the business.

A health and safety policy in original wording

The classic three parts done properly - a signed Statement of Intent, an Organisation part that names who is responsible, and 14 practical Arrangements sections - with a full worked example. Editable Word, no boilerplate to untangle.

Get the H&S Policy on Etsy

Never miss a guide

New articles and templates, straight to your inbox. Plus a free tool to start.

By subscribing you consent to receive emails from Axiom. Your address is stored with Kit, our email provider, and never shared. Unsubscribe any time via the link in every email. Privacy policy.