Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A Health and Safety Policy is a formal written document in which an organization commits to protecting employees, contractors, and visitors from workplace hazards. It establishes who is responsible for safety at every level of the organization, how hazards are identified and controlled, what training is required, and how incidents and near misses are reported and investigated. Unlike an informal set of safety rules, a written policy creates a documented compliance baseline that regulators, insurers, and courts can measure the organization against β and in most jurisdictions, it is a statutory requirement for any employer above a defined size threshold.
Operating without a written health and safety policy exposes your business on three simultaneous fronts. Regulators β OSHA in the US, the HSE in the UK, and equivalent bodies in Canada and Australia β can issue citations, financial penalties, and Improvement Notices to any employer who cannot produce a written policy during an inspection. Insurers use the absence of a documented safety program as grounds to reduce or deny liability claims. And in a personal injury lawsuit, the first thing plaintiff's counsel requests is evidence that you identified the hazard, assigned someone to control it, and trained your employees β all of which a properly completed policy documents. This template gives you a compliant, audit-ready starting point in hours rather than days, structured around the sections regulators actually check.
| If your situation is⦠| Use this template |
|---|---|
| General office or service-based business | Health and Safety Policy |
| Construction, trades, or high-hazard industrial site | Construction Safety Plan |
| Documenting how to respond to a specific type of emergency | Emergency Response Plan |
| Identifying and rating individual workplace hazards | Risk Assessment Template |
| Recording and tracking workplace injuries and illnesses | Incident Report Form |
| Communicating safety rules to new employees on day one | Employee Onboarding Checklist |
| Documenting COVID-19 or infectious disease controls | Workplace Health and Safety Procedure |
Why it matters: When a regulator investigates an incident, the first question is who was responsible for safety oversight. A policy that assigns duties to a 'department' rather than a named role produces no one accountable.
Fix: Name a specific individual as Safety Officer and list their direct responsibilities. Update the name whenever the role changes hands β do not wait for the annual review.
Why it matters: A clause like 'employees should wear appropriate PPE' is unenforceable and will not satisfy an OSHA inspector or defend an employer in a personal injury claim.
Fix: Map every PPE requirement to the task and location where it applies, with the applicable standard (e.g., ANSI Z87.1 for eye protection) and the consequence for non-compliance.
Why it matters: Regulators treat a post-incident failure to reassess as evidence of systemic non-compliance β it converts a single incident into a pattern and elevates any financial penalty.
Fix: Add a mandatory trigger to your incident reporting process: every OSHA-recordable incident requires a risk assessment review within 5 working days of the investigation closing.
Why it matters: In an injury claim or regulatory inspection, an employer who cannot prove employees received and read the policy cannot rely on it as a defense.
Fix: Require a dated signature from every employee confirming they have received, read, and understood the policy. Store acknowledgments in each employee's personnel file.
Why it matters: An undated review clause reliably produces a policy that is not updated for years. Outdated policies that reference superseded regulations are worse than no policy in some enforcement contexts.
Fix: Enter a specific calendar date β 'this policy will be reviewed by [NAME] by [DATE]' β and assign it as a recurring calendar task on the day of signing.
Why it matters: OSHA's multi-employer citation policy holds host employers responsible for contractor safety on their premises. A scope that excludes contractors leaves a significant compliance and liability gap.
Fix: Extend the policy scope explicitly to all contractors and temporary workers, and require them to sign a contractor safety acknowledgment before commencing work on site.
Enter the company's legal name, primary site address, and the name and title of the executive signing the policy. Date the document and add a wet or electronic signature line.
π‘ The signing executive should be the highest available authority β CEO or Managing Director β not an HR coordinator. Regulator-facing documents carry more weight with C-suite signatures.
Specify every physical location and type of work covered. If contractors regularly work on your premises, name them explicitly or use a class description like 'all contractors engaged by [COMPANY NAME].'
π‘ If your policy will be shared with clients or main contractors for pre-qualification, confirm their scope requirements before finalizing β some require specific contractor management language.
Replace every '[TITLE]' placeholder with a real name or a named role that is always filled. For each responsibility, note the frequency β 'monthly site inspections' not 'regular inspections.'
π‘ Create a one-page RACI chart as an appendix. It makes accountability visible to both regulators and employees and is easy to update when roles change.
Walk each work area and list the top hazards relevant to your industry β slips and trips for offices, manual handling for warehouses, chemical exposure for labs. Link each hazard to its control measure.
π‘ Use the Business in a Box Risk Assessment Form as Appendix A to capture hazard ratings before populating this section β the assessment outputs feed directly into section 4 and 5.
For each mandatory PPE item, name the task or location where it applies, the minimum standard (e.g., EN 166 for eye protection), and the inspection and replacement schedule.
π‘ Photograph your work areas and annotate required PPE at entry points β a visual reference dramatically improves day-to-day compliance compared to text alone.
List every mandatory training module, its frequency, and who delivers it. Add a sign-off sheet as an appendix for employees to confirm they have received and understood each module.
π‘ Store signed training acknowledgments in each employee's HR file β OSHA and equivalent regulators can request these going back 3β5 years.
Enter current first-aider names, first-aid kit locations, assembly points, and emergency services numbers. Verify every entry against your current site layout before publishing.
π‘ Post a laminated one-page emergency summary in every work area β this section of the policy is the source document for those summaries.
Enter a specific review date no more than 12 months from the signing date. Distribute the policy to all staff, collect signed acknowledgments, and post a copy in a visible location.
π‘ Schedule the review date in your calendar the day you sign the policy β policies that miss their review date are the first thing noted in a regulatory inspection.
A health and safety policy is a formal written document in which an organization states its commitment to protecting employees, contractors, and visitors from workplace hazards. It defines who is responsible for safety, how hazards are identified and controlled, what training is required, and how incidents are reported. In most jurisdictions, a written policy is a legal requirement once an employer reaches a defined size threshold β typically 5 employees in the UK and 10 or more employees for certain OSHA standards in the US.
In most jurisdictions, yes β once an employer reaches a defined size threshold. In the UK, the Health and Safety at Work Act 1974 requires a written policy for employers with 5 or more employees. In the US, OSHA's General Duty Clause requires all employers to provide a safe workplace, and several OSHA standards mandate written safety programs for specific hazards regardless of company size. In Canada and Australia, equivalent provincial and state legislation impose similar obligations. Consider consulting a safety professional to confirm the specific requirements in your jurisdiction.
A complete policy includes a signed employer commitment statement, defined scope, named roles and responsibilities, hazard identification and risk assessment procedures, a hierarchy-of-controls framework, PPE requirements by task, mandatory training schedule, incident and near-miss reporting procedures, emergency response steps, and a dated review schedule. Missing any of these creates gaps that regulators and insurers identify immediately during an audit.
At minimum, annually. An immediate review is also required after any OSHA-recordable or equivalent serious incident, a significant near miss, the introduction of new equipment or substances, changes to relevant regulations, or a material change to operations or headcount. A policy reviewed on a fixed annual schedule with a named owner is far more likely to stay current than one reviewed 'as needed.'
The employer bears primary legal responsibility, but the obligation cascades through the organization. Senior leadership sets the commitment; managers and supervisors enforce day-to-day compliance; a designated safety officer manages inspections, training, and records; and all employees are responsible for following procedures and reporting hazards. A policy that assigns safety responsibility only to a single department is incomplete and will not withstand regulatory scrutiny.
A health and safety policy states the organization's commitment, structure, and procedures at a high level β it is the governing document. A risk assessment is a task- or site-specific analysis identifying particular hazards, rating their likelihood and severity, and documenting chosen control measures. Risk assessments are typically referenced in the policy as required outputs and stored as appendices or supporting documents.
While a physical signature is not always a statutory requirement, a named, dated senior-management signature is considered best practice and is expected by regulators, auditors, and insurers. It demonstrates active employer commitment rather than a policy produced to tick a box. Unsigned policies regularly draw adverse comment in OSHA inspections and HSE audits.
Yes β a structured template covers the required sections and ensures you do not miss legally mandated elements. The key is populating it with your specific hazards, named responsible individuals, and site-specific procedures rather than leaving placeholder language in place. A template with generic content offers less regulatory protection than a fully customized document.
In the US, OSHA can issue citations and financial penalties under the General Duty Clause. In the UK, the HSE can issue Improvement Notices, Prohibition Notices, and prosecute under the Health and Safety at Work Act. Beyond regulatory penalties, the absence of a written policy significantly weakens an employer's position in any personal injury claim, because it signals the employer did not take reasonable steps to identify and control workplace risks.
An emergency response plan is a detailed, step-by-step operational document for specific crisis scenarios β fire, chemical spill, medical emergency, or natural disaster. A health and safety policy references emergency procedures at a high level and provides the governance framework. Both documents are needed; the policy is the umbrella, and the emergency plan is the actionable drill guide.
An incident report form captures the facts of a specific event β date, location, individuals involved, injuries, and immediate actions taken. A health and safety policy establishes the requirement to complete incident reports and defines the reporting timeline and escalation path. The form is the record; the policy is the system that produces it.
An employee handbook covers the full range of workplace policies β conduct, leave, benefits, and general expectations. A health and safety policy is a standalone regulatory document with specific legal standing that should be signed separately. Embedding it inside a handbook without a standalone acknowledgment can weaken its enforceability in a regulatory context.
A risk assessment template documents the specific hazards, likelihood ratings, and control measures for a defined task or work area. A health and safety policy mandates that risk assessments be conducted and establishes who owns them and how often they are reviewed. Risk assessments are the evidence; the policy is the requirement.
Fall protection, scaffolding inspection, confined space entry, and tool-specific PPE requirements are mandated by OSHA 1926 and require documented site-specific procedures beyond a generic policy.
Machine guarding, lockout/tagout procedures, chemical handling under OSHA's Hazard Communication Standard, and noise exposure monitoring require dedicated policy sections and supporting SOPs.
Bloodborne pathogen exposure control, sharps handling, patient-handling ergonomics, and infection control protocols are regulated separately and must be cross-referenced in the main policy.
DSE (display screen equipment) assessments, ergonomic workstation standards, lone-worker procedures, and fire evacuation planning are the primary focus for white-collar environments.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small and medium businesses in low-to-medium hazard environments such as offices, retail, and professional services | Free | 2β4 hours to complete and distribute |
| Template + professional review | Businesses in higher-hazard industries, those preparing for a regulatory inspection, or companies with contractors on site | $300β$800 for a safety consultant review | 1β3 days |
| Custom drafted | High-hazard industries such as construction, manufacturing, or healthcare where OSHA or equivalent standards mandate multiple written programs | $1,500β$5,000+ for a full safety management system | 2β6 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever PlanΒ Β·Β No credit card required
