Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
An Environmental, Health and Safety (EHS) Policy is a formal management document in which an organization's senior leadership commits to preventing environmental harm, protecting worker health, and maintaining safe working conditions across all operations. It assigns accountability from the executive level down to individual workers, identifies the legal and regulatory obligations the organization must meet, and establishes the framework for setting measurable EHS objectives and monitoring performance over time. The policy serves as the mandatory top-level document required by ISO 14001 (environmental management) and ISO 45001 (occupational health and safety) certification β and as the governance anchor for every procedure, record, and control in an integrated EHS management system.
Operating without a written EHS policy creates exposure on multiple fronts simultaneously. Regulators in most jurisdictions treat the absence of a documented safety policy as prima facie evidence of systemic non-compliance, which elevates penalty risk when incidents occur. ISO certification audits begin with the policy β no signed, current policy means no certification, and no certification means losing customers and contracts that require it. Insurers increasingly request EHS documentation as part of underwriting; a gap here can increase premiums or exclude coverage for workplace incidents. Beyond compliance, organizations without a written EHS framework experience higher incident rates because accountability is informal and objectives are unmeasured. This template gives you the ISO-aligned structure, the correct commitment language, and the section-by-section accountability framework to close all of those gaps β starting from a professionally drafted baseline rather than a blank page.
| If your situation is⦠| Use this template |
|---|---|
| Standalone workplace safety policy without environmental scope | Health and Safety Policy |
| Environmental management policy only, no occupational health component | Environmental Policy |
| Construction-specific safety plan with site-level hazard controls | Construction Safety Plan |
| Emergency response procedure as a standalone operational document | Emergency Response Plan |
| Chemical or hazardous materials handling program | Hazardous Materials Management Plan |
| Incident and accident reporting procedure to supplement the EHS policy | Incident Report Form |
| Return-to-work or injury management protocol | Return to Work Plan |
Why it matters: ISO 14001 clause 5.2 and ISO 45001 clause 5.2 specify exact commitment types the policy must contain. Generic language like 'we take safety seriously' does not satisfy them and triggers a nonconformance at certification audit.
Fix: Use the four required commitment verbs directly: prevent pollution, eliminate hazards, comply with legal obligations, and continually improve. Keep the language specific and auditable.
Why it matters: When a single person holds all accountability, line managers disengage from safety ownership. Incident rates typically increase when the EHS manager is absent or leaves.
Fix: Distribute accountability explicitly across the CEO, department managers, supervisors, and workers β each with distinct, documented responsibilities proportionate to their authority.
Why it matters: Unmeasured objectives cannot demonstrate continual improvement β the core requirement of both ISO 14001 and ISO 45001. Auditors will cite this as a nonconformance.
Fix: State every objective in the format: reduce [METRIC] from [BASELINE] to [TARGET] by [DATE]. If you lack baseline data, your first objective should be establishing the measurement system.
Why it matters: Regulators and insurers ask for drill records as evidence of preparedness. An undrilled emergency plan exposes the organization to regulatory penalty and insurance coverage disputes after an actual event.
Fix: Schedule at least one full emergency drill per year per site and one tabletop exercise mid-year. Record attendance, findings, and any corrective actions taken.
Why it matters: A policy referencing superseded regulations or describing processes that no longer exist is actively misleading during audits and can void insurance coverage if it creates a false impression of compliance.
Fix: Set a calendar trigger for annual policy review and assign a named owner to monitor regulatory changes. Document every revision with a version number and effective date.
Why it matters: ISO standards require the policy to demonstrate 'top management' commitment. A policy signed only by the EHS manager or safety officer is a straightforward major nonconformance at certification.
Fix: Obtain signature from the CEO, President, or Managing Director before distributing. If leadership changes, reissue with the new executive's signature within 30 days.
Replace the [FACILITY / ALL LOCATIONS] placeholder with the specific sites, business units, and activities the policy governs. State explicitly whether it covers contractors and temporary workers.
π‘ If your operations span multiple sites with different hazard profiles, add a brief annex listing site-specific applicability rather than trying to make the main policy text carry all the detail.
Review the four standard ISO commitment verbs β prevent, eliminate, comply, improve β and add any sector-specific obligations (e.g., tailings management for mining, food-safety intersection for food manufacturing).
π‘ Keep the commitments statement to one page. ISO 14001 and 45001 require it to be 'available to interested parties' β a concise, signed statement is far easier to share with customers and auditors than a dense legal block.
Replace all [ROLE] and [TITLE] placeholders with the actual job titles in your organization. Ensure every accountability has a single named role β not a committee or department.
π‘ Cross-reference your organization chart before finalizing. Assigning accountability to a title that no longer exists in the company creates an immediate audit finding.
Insert references or hyperlinks to your existing hazard identification register and risk assessment records. If these don't exist yet, use this step as the trigger to create them.
π‘ ISO auditors will ask to see the hazard register as evidence that the policy commitment is implemented β a policy with no supporting records is a documented nonconformance.
List the specific regulations, permits, and standards that apply to your operations in the legal compliance section. Include the authority, citation, and last review date.
π‘ Subscribe to a regulatory update service for your jurisdiction β even a basic email alert from the relevant environment or labor ministry prevents you from missing amendments.
Enter at least three EHS objectives with current baseline metrics, numeric targets, and target dates. Tie each to a KPI that can be tracked in your safety management system or a simple spreadsheet.
π‘ Choose objectives where you have data. Setting a target for lost-time injury frequency is meaningless if you haven't been recording near-misses β start by setting a near-miss reporting rate target first.
The EHS commitments statement must be signed by the most senior executive with operational authority β CEO, President, or Managing Director. A signature by an EHS manager alone does not satisfy ISO requirements for leadership commitment.
π‘ Reissue the policy with a new signature and date whenever it is materially revised, or at least annually. An undated or stale signature is one of the most common minor nonconformances in ISO surveillance audits.
Distribute the signed policy to all employees and post it in accessible locations β break rooms, site offices, onboarding portals. Retain acknowledgment records for audits.
π‘ Translate the policy into the primary languages spoken by your workforce. In multilingual workplaces, language barriers around safety obligations are both a compliance and a genuine injury-prevention issue.
An EHS policy is a formal statement of an organization's commitments to preventing environmental harm, protecting worker health, and maintaining safe working conditions. It assigns accountability across leadership and the workforce, references applicable legal obligations, and sets the framework for measurable EHS objectives. Under ISO 14001 and ISO 45001, a written, signed EHS policy is a mandatory prerequisite for certification.
In many jurisdictions, a written health and safety policy is a legal requirement for employers above a minimum employee threshold β for example, five or more employees under the UK Health and Safety at Work Act, and similar thresholds in Canadian provincial legislation. Environmental policy requirements are typically triggered by permit conditions or sector-specific regulations. Even where not explicitly mandated by statute, many B2B customers and insurers require a written EHS policy as a condition of doing business or obtaining coverage.
ISO 14001 is an environmental management system standard focused on reducing an organization's environmental impact β waste, emissions, water use, and pollution prevention. ISO 45001 is an occupational health and safety management system standard focused on eliminating workplace hazards and protecting worker health. Both require a written policy commitment as a core clause, and many organizations pursue integrated certification covering both standards simultaneously using a single EHS policy document.
Both ISO 14001 (clause 5.2) and ISO 45001 (clause 5.2) require the policy to be authorized by "top management" β meaning the most senior executive with operational authority, typically the CEO, President, or Managing Director. A signature by the EHS manager or operations manager alone does not satisfy this requirement and will be cited as a nonconformance at a certification audit.
Annual review is the standard practice and meets the expectations of ISO 14001 and ISO 45001 management review requirements. The policy should also be reviewed whenever there is a significant change in operations, a regulatory update affecting legal obligations, a serious incident, or a major organizational restructuring. Every revision should receive a new version number, effective date, and executive signature before reissue.
The EHS policy is the written commitment statement β it says what the organization promises to do. The EHS management system (EMS or OHSMS) is the full set of procedures, records, controls, and accountabilities that actually delivers on those commitments. ISO certification requires both: the policy provides the leadership mandate; the management system provides the operational evidence. An EHS policy without a supporting management system is a paper commitment with no enforcement mechanism.
Yes. The template is designed to scale β a 10-person manufacturing shop and a 500-person facility both need the same core policy elements. Smaller businesses should simplify the roles and responsibilities section to match their actual structure, focus legal compliance obligations on the handful of regulations most relevant to their operations, and set modest but measurable objectives. A lean, honest EHS policy that reflects real practice is more valuable β and more defensible β than an elaborate document that bears no resemblance to what happens on the floor.
Yes, and this should be stated explicitly in the policy's scope section. ISO 45001 specifically requires organizations to control EHS risks associated with contractors working on their premises or on their behalf. In most jurisdictions, the host employer retains legal exposure for contractor incidents on site. Requiring contractors to acknowledge the EHS policy as part of site induction is standard practice and provides documented evidence of due diligence.
The most common lagging indicators are lost-time injury frequency rate (LTIFR), total recordable incident rate (TRIR), and environmental non-compliance events. Leading indicators β which predict future performance β include near-miss reporting rate, safety observation completion rate, corrective action close-out time, and percentage of planned audits completed on schedule. ISO auditors and sophisticated insurers increasingly focus on leading indicators as evidence of a proactive safety culture.
A standalone health and safety policy covers occupational hazards and worker protection only, with no environmental compliance component. An EHS policy integrates both into a single ISO-aligned document. Organizations subject to environmental permits or pursuing ISO 14001 certification need the integrated EHS version; small offices with minimal environmental footprint may find a health-and-safety-only policy sufficient.
An Emergency Response Plan is an operational procedure document detailing exactly what to do during a fire, spill, or injury event. An EHS policy states the commitment to have and test such plans but does not itself contain the step-by-step response procedures. Both documents are required β the policy mandates the plan; the plan operationalizes it.
An Incident Report Form captures the facts of a specific workplace accident or near-miss after it occurs. An EHS policy establishes the organizational framework that requires incidents to be reported and investigated. The form is a record-keeping tool; the policy is the governance document that gives the reporting requirement its authority.
An employee handbook is a broad HR document covering employment conditions, conduct expectations, and company policies across many topics. An EHS policy is a stand-alone, ISO-auditable document focused exclusively on environmental and safety commitments. The handbook may reference the EHS policy, but cannot substitute for it in certification audits or regulatory inspections.
Machine guarding, chemical exposure limits, emissions permits, waste disposal records, and OSHA/EPA dual compliance requirements dominate the EHS agenda.
Multi-employer site coordination, fall protection, excavation safety, site-specific hazard assessments, and subcontractor prequalification requirements.
Bloodborne pathogen exposure controls, medical waste disposal, radiation safety, and ergonomic injury prevention for clinical staff.
Ergonomics, indoor air quality, mental health and psychosocial hazard obligations, and client-site visitor safety protocols.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small to mid-size businesses establishing a formal EHS policy for the first time or preparing for ISO pre-assessment | Free | 3β6 hours |
| Template + professional review | Organizations actively pursuing ISO 14001 or 45001 certification or operating in high-hazard regulated environments | $500β$2,000 for an EHS consultant or certification body gap assessment | 1β2 weeks |
| Custom drafted | Large multi-site operations, heavily regulated industries (chemical, mining, nuclear), or organizations with complex integrated management system requirements | $3,000β$15,000+ for a full EHS management system build-out | 4β12 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
