Creating Safety Policies That Can Actually Be Measured

Most health and safety policies share a common defect: they cannot be audited. They contain worthy statements about commitment and responsibility, but nothing that can be objectively tested against reality. This isn’t an oversight – it’s a feature. A policy that cannot be measured cannot fail.

The typical arrangements section reads something like “managers are responsible for health and safety in their areas” or “risk assessments will be carried out as required.” These statements are legally meaningless. Responsible for what, specifically? Carried out by whom, when, and to what standard? The silence on these points suits everyone – until an incident occurs and nobody can demonstrate they actually did anything.

What the law requires

Section 2(3) of the Health and Safety at Work etc. Act 1974 requires employers to prepare a written statement covering three elements: general policy, organisation, and arrangements. The Management of Health and Safety at Work Regulations 1999 adds substance to this, requiring arrangements for effective planning, organisation, control, monitoring and review of preventive and protective measures. That word “monitoring” is critical. You cannot monitor something you have not defined. You cannot review something you cannot measure. If your policy contains no measurable standards, you have not met the requirement – you have simply produced a document.

How enforcement officers use policies

Guidance to enforcement officers on evaluating safety policies indicates that “Enforcing officers should use the policy statement by testing it out against the actual organisation provided to control health and safety within the company, and the procedures actually operating to minimise risks to health and safety.”

The policy is a tool for inspection. Officers will check whether named individuals understand their responsibilities and can demonstrate how they discharge them. A policy that consists of vague aspirations provides nothing to test – which means it provides no evidence of compliance either.

Building in measurable standards

Every policy arrangement should contain audit criteria from the outset. Consider a permit to work policy. A typical policy might state: “A competent manager will be appointed to oversee the permit system.”

A measurable policy would specify:

• A competent senior manager must be assigned responsibility and accountability for the permit to work system (the Permit System Manager)
• The Permit System Manager must be appointed in writing with signature authorisation verified
• The Permit System Manager must appear on the organisation’s Authorised Person List
• The Permit System Manager must complete specified training relevant to their responsibilities
• The Permit System Manager must be able to explain their responsibilities to an auditor and provide evidence of how they have met them

Each point can be checked. Documents can be scrutinised, individuals interviewed, evidence requested. The policy either works or it does not – and that determination can be made objectively.

A practical safety policy template structure

The following structure ensures every policy arrangement contains the elements necessary for measurement and audit:

1. Introduction – What the policy covers and why it exists.
2. When and where the policy applies – The scope: which locations, activities, and categories of worker are covered.
3. Individual appointments and responsibilities – Named roles with specific duties. Not “managers are responsible for safety” but “the Permit System Manager must verify that the permit work area and equipment are left in a safe condition before cancelling a permit.”
4. Competency criteria to undertake policy roles – What training, experience, qualifications, and authorisation each role requires. Competence must be defined before it can be verified.
5. How the policy is used – The procedures and processes that put the policy into action. This section contains the operational detail derived from regulations, approved codes of practice, and guidance.
6. How the policy is communicated – Methods for ensuring duty holders and affected workers know about the policy and their responsibilities under it.
7. How the policy is monitored – Split into three components: Senior management review of the policy. Active monitoring of policy activities (planned inspections, audits, observations). Reactive monitoring of policy activities (incident investigation, trend analysis)
8. Documentation relevant to the policy – Forms and records used to implement the policy, linked policies, retention periods, and document control arrangements.
9. Key standards applicable – The audit table. Each standard the organisation commits to, the legal basis for that standard, and the criteria by which compliance will be verified.

This final section is the critical element that most policies lack. It transforms the policy from a statement of intent into an auditable management tool.

The key standards table

For each standard in your policy, record:

• The standard itself (what the organisation commits to doing)
• The legal compliance basis (which regulation or approved code of practice requires it)
• The audit criteria (how compliance will be verified – document scrutiny, interview, observation)

This table becomes the audit checklist. During monitoring and review, each standard is tested: does documentary evidence exist? Can duty holders explain their responsibilities? Does observation confirm compliance? Where proof does not exist despite a policy requirement, non-compliance must be assumed and addressed.

Why this approach is rare

Measurable policies create accountability, and accountability is uncomfortable. A vague policy allows everyone to believe they are compliant without doing anything differently. A measurable policy forces the question: did you actually do this or not?
This explains why so many organisations prefer to purchase generic policies, why consultants sell elaborate frameworks with no testable outputs, and why the safety profession has largely abandoned practical measurement in favour of cultural programmes and maturity models that can never be falsified.

The irony is that measurable policies are easier to implement, not harder. When people know exactly what they must do and how compliance will be checked, they can actually do it. Vague responsibilities create confusion, duplication, and gaps. Clear standards create clarity.

Conclusion

A safety policy that cannot be measured serves only one purpose: to create the appearance of compliance without the substance. It protects the organisation from the accusation of having no policy at all, while providing no actual protection to workers.

The test is simple. Take any statement in your arrangements section and ask: how would an enforcement officer verify this? If the answer is unclear, the policy is defective. If your entire arrangements section fails this test, you do not have a functioning safety management system – you have paperwork.

A template to support the development of a measurable safety policy arrangement is available here:

➥ Download policy arrangement template (DOCX)