A List of Policies Every Company Should Have

Written by Joanne Hughes, Policy & Compliance Specialist at Policy Pros

Last reviewed: March 2026

Why Every UK Business Needs a Policy Framework

One of the most common questions we receive at Policy Pros is: "What policies does my business need?" The answer depends on your organisation's size, sector, and the regulations that apply to you, but every UK business — from a sole trader with employees to a large enterprise — needs a core set of documented policies and procedures.

Policies serve multiple purposes. They demonstrate compliance with UK legislation, protect your business from legal claims, provide clear guidance to employees on expected standards and procedures, and support your organisation's reputation with clients, investors, and supply chain partners. In regulated sectors such as healthcare, financial services, and education, policies are a condition of registration and inspection.

This guide provides a categorised master list of the policies every UK company should have, distinguishing between those that are legally required and those that are strongly recommended as best practice. Each section links to the relevant Policy Pros service page where you can find more detail or request a quote.

Human Resources Policies

Employment law in the United Kingdom is governed primarily by the Employment Rights Act 1996 (ERA 1996) and the Equality Act 2010. These statutes establish minimum standards that employers must meet, and documented HR policies are the primary mechanism for demonstrating compliance.

Legally required:

Written Statement of Employment Particulars — Required under section 1 of the ERA 1996 for all employees and workers from day one of employment. Must include key terms such as pay, hours, holiday entitlement, and notice periods.
Disciplinary and Grievance Procedures — While not strictly required to be in a standalone policy document, employers must inform employees of their disciplinary and grievance procedures. The ACAS Code of Practice sets out minimum standards. Failure to follow the Code can result in a 25 per cent uplift in tribunal compensation awards.
Health and Safety Policy — Required under the Health and Safety at Work etc. Act 1974 (HASAWA 1974) for all employers with five or more employees. Must be in writing and include a general policy statement, organisational arrangements, and specific procedures.

Strongly recommended:

Staff Handbook (consolidating all HR policies into an accessible reference document)
Equal Opportunities and Diversity Policy (supporting compliance with the Equality Act 2010)
Anti-Harassment and Bullying Policy
Annual Leave Policy
Sickness Absence Policy
Maternity, Paternity, and Shared Parental Leave Policies
Flexible Working Policy (particularly relevant following the Employment Relations (Flexible Working) Act 2023, which gives employees the right to request flexible working from day one)
Recruitment and Selection Policy
Probation Policy
Performance Management Policy
Termination of Employment Policy
Redundancy Policy

For a full range of HR policy documents, visit our human resources policies and procedures page.

Health and Safety Policies

The Health and Safety at Work etc. Act 1974 (HASAWA 1974) is the primary legislation governing workplace health and safety in the United Kingdom. It places a duty on employers to ensure, so far as is reasonably practicable, the health, safety, and welfare of all employees. Additional regulations under the Act create specific requirements for risk assessment, fire safety, manual handling, COSHH, and workplace conditions.

Legally required:

Health and Safety Policy — Required for all employers with five or more employees under HASAWA 1974.
Risk Assessments — Required under the Management of Health and Safety at Work Regulations 1999. Must be documented where the employer has five or more employees.
Fire Risk Assessment — Required under the Regulatory Reform (Fire Safety) Order 2005 for all non-domestic premises.
COSHH Assessments — Required under the Control of Substances Hazardous to Health Regulations 2002 where employees are exposed to hazardous substances.

Strongly recommended:

Accident and Incident Reporting Policy (including RIDDOR reporting procedures)
First Aid Policy
Manual Handling Policy
Display Screen Equipment (DSE) Policy
Lone Working Policy
Workplace Violence and Aggression Policy
Alcohol and Drugs Policy
Stress Management and Mental Health at Work Policy

Visit our health and safety policies and procedures page for more information.

IT and Data Protection Policies

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 require organisations that process personal data to implement appropriate technical and organisational measures to protect that data. Documented IT and data protection policies are a core component of demonstrating compliance to the Information Commissioner's Office (ICO).

Legally required:

Privacy Notice (Privacy Policy) — Required under Articles 13 and 14 of the UK GDPR. Must inform data subjects about the collection and use of their personal data.
Data Protection Policy — While the UK GDPR does not prescribe a specific policy document, Article 5(2) (the accountability principle) and Article 24 require documented evidence of compliance. A data protection policy is the standard mechanism for demonstrating this.

Strongly recommended:

Information Security Policy (aligned to ISO 27001 where applicable)
Acceptable Use Policy (covering use of company IT systems, email, and internet)
Password Management Policy
Remote Working and BYOD (Bring Your Own Device) Policy
Data Breach Response Policy and Procedure
Data Retention and Disposal Policy
Subject Access Request (SAR) Procedure
Cookie Policy (required under PECR 2003)
Social Media Policy
CCTV Policy

For more detail, visit our IT security policies page.

Financial and Anti-Fraud Policies

Financial governance policies protect the organisation from fraud, corruption, and regulatory penalties. Several UK statutes create specific obligations in this area.

Legally required (depending on sector and size):

Anti-Bribery Policy — The Bribery Act 2010 creates a corporate offence of failing to prevent bribery. Having adequate procedures in place (including a documented anti-bribery policy) is a statutory defence to this charge.
Anti-Money Laundering (AML) Policy — Required for organisations in the regulated sector under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Strongly recommended:

Anti-Fraud Policy
Criminal Finances Act 2017 / Tax Evasion Prevention Policy
Expenses Policy
Procurement and Purchasing Policy
Financial Controls and Authorisation Policy

Governance and Compliance Policies

Governance policies ensure that the organisation is managed with integrity, transparency, and accountability. They are particularly important for regulated businesses and those bidding for public or private sector contracts.

Legally required (depending on sector and size):

Modern Slavery Statement — Required under the Modern Slavery Act 2015 for organisations with a turnover of 36 million pounds or more.
Whistleblowing Policy — While not strictly required by statute for all employers, the Public Interest Disclosure Act 1998 protects workers who make qualifying disclosures. Having a documented whistleblowing policy is considered best practice and is expected by regulators in most sectors.

Strongly recommended:

Corporate Social Responsibility (CSR) Policy
Sustainability and Environmental Policy
ESG (Environmental, Social, and Governance) Policy
Conflicts of Interest Policy
Business Continuity and Disaster Recovery Policy
Corporate Governance Statement
Risk Management Policy
Quality Management Policy

Environmental Policies

The Environment Act 2021 and the Streamlined Energy and Carbon Reporting (SECR) regulations have increased the regulatory expectations on UK businesses regarding environmental management and reporting.

Strongly recommended:

Environmental Policy
Sustainability Policy
Net Zero and Carbon Reduction Policy
Waste Management Policy
Energy Management Policy
Sustainable Procurement Policy

How to Prioritise Your Policy Requirements

If you are starting from scratch or reviewing your existing documentation, we recommend the following approach:

Start with the legally required policies. These include the written statement of employment particulars, health and safety policy and risk assessments, privacy notice, and (where applicable) anti-bribery policy, AML policy, and modern slavery statement.
Add the core recommended policies. A staff handbook, data protection policy, disciplinary and grievance procedures, equality and diversity policy, and acceptable use policy should be in place for any employer.
Address sector-specific requirements. If you operate in a regulated sector (healthcare, financial services, education, construction), identify the additional policies required by your regulator or accreditation body.
Review and update annually. UK legislation changes frequently. Policies should be reviewed at least annually to ensure they remain compliant and reflect current working practices.

How Policy Pros Can Help

Policy Pros provides comprehensive policy and procedure writing services for UK businesses. Whether you need a single policy, a policy document bundle, or a complete organisational policy framework, our team will work with you to produce professional, legally compliant documentation tailored to your business.

Our policies are written in clear, professional English, referenced to current UK legislation, and designed to be practical working documents for your managers and staff. We offer standard, customised, and fully bespoke options to suit every budget and requirement.

Contact Policy Pros today to discuss your policy requirements and receive a no-obligation quote.