Written by Policy Pros, UK Policy Writing Specialists at Policy Pros
Last reviewed:
Expert Policy and Procedure Writers
Welcome to Policy Pros, your trusted expert policy writers for UK businesses, non-profits and government bodies. With years of experience in the field, we have the expertise and knowledge to create comprehensive policies and procedures that meet the unique needs of each of our clients. Our policy and procedure writing services are comprehensive, and we can write your documents from scratch or review and update your existing policies to ensure that they are up to date and in compliance with the latest regulations. Our policy and procedure documents start from as little as £55, making our services affordable for businesses of all sizes.
Comprehensive Categorised List of UK Business Policies
Every UK business needs a robust set of policies and procedures, but knowing which documents are legally required and which represent best practice can be a challenge. The following categorised list sets out the key policies that UK organisations should have in place, alongside the specific regulations that drive each requirement. Whether you are a sole trader expanding your team or a large enterprise, this reference guide will help you understand your obligations and identify any gaps. For tailored policy document bundles, please explore our packages.
Human Resources (HR) Policies
| Policy | Status | Key Regulation |
|---|---|---|
| Written Statement of Employment Particulars | Legally Mandatory (all employees from day one) | Employment Rights Act 1996, s.1 |
| Equal Opportunities and Anti-Discrimination Policy | Legally Mandatory | Equality Act 2010 |
| Disciplinary and Grievance Procedures | Legally Mandatory | Employment Rights Act 1996; ACAS Code of Practice |
| Whistleblowing (Public Interest Disclosure) Policy | Legally Mandatory (prescribed sectors) | Public Interest Disclosure Act 1998 |
| Family Leave Policies (Maternity, Paternity, Shared Parental, Adoption) | Legally Mandatory | Employment Rights Act 1996; Maternity and Parental Leave Regulations 1999 |
| Flexible Working Policy | Legally Mandatory (right to request from day one, 2024) | Employment Relations (Flexible Working) Act 2023 |
| Absence and Sickness Policy | Best Practice | Employment Rights Act 1996; SSP Regulations |
| Recruitment and Selection Policy | Best Practice | Equality Act 2010 |
| Redundancy Policy | Best Practice (consultation is mandatory) | Employment Rights Act 1996, s.135-s.165 |
| Staff Handbook | Best Practice | ACAS Guidance |
HR policies form the backbone of any compliant workplace. Under the Employment Rights Act 1996, employers must provide a written statement of employment particulars from the first day of employment. The Equality Act 2010 places a positive duty on employers to prevent discrimination on grounds of protected characteristics. For more on HR documentation, see our guide to policies every company should have.
Health and Safety Policies
| Policy | Status | Key Regulation |
|---|---|---|
| Health and Safety Policy (written) | Legally Mandatory (5+ employees) | Health and Safety at Work Act 1974, s.2(3) |
| Risk Assessment Records | Legally Mandatory (5+ employees) | Management of Health and Safety at Work Regulations 1999, reg.3 |
| Fire Risk Assessment | Legally Mandatory | Regulatory Reform (Fire Safety) Order 2005 |
| First Aid Policy | Legally Mandatory | Health and Safety (First-Aid) Regulations 1981 |
| Display Screen Equipment (DSE) Policy | Legally Mandatory (where DSE users exist) | Health and Safety (Display Screen Equipment) Regulations 1992 |
| COSHH Assessment Records | Legally Mandatory (where applicable) | Control of Substances Hazardous to Health Regulations 2002 |
| Lone Working Policy | Best Practice | Health and Safety at Work Act 1974; Management Regulations 1999 |
| Manual Handling Policy | Legally Mandatory (where applicable) | Manual Handling Operations Regulations 1992 |
| Accident and Incident Reporting | Legally Mandatory | RIDDOR 2013 |
The Health and Safety at Work Act 1974 is the cornerstone of UK workplace health and safety legislation. Employers with five or more employees must have a written health and safety policy, and all employers must conduct suitable and sufficient risk assessments under the Management of Health and Safety at Work Regulations 1999. Failure to comply can result in HSE enforcement action, improvement notices and, in severe cases, criminal prosecution.
IT, Data Protection and Cyber Security Policies
| Policy | Status | Key Regulation |
|---|---|---|
| Data Protection / Privacy Policy | Legally Mandatory | UK GDPR; Data Protection Act 2018 |
| Privacy Notice (External) | Legally Mandatory | UK GDPR, Articles 13 & 14 |
| Subject Access Request Procedure | Legally Mandatory | UK GDPR, Article 15 |
| Data Breach Notification Procedure | Legally Mandatory | UK GDPR, Article 33 |
| Information Security Policy | Best Practice (mandatory in regulated sectors) | UK GDPR, Article 32; Cyber Essentials (NCSC) |
| Acceptable Use Policy | Best Practice | Computer Misuse Act 1990; UK GDPR |
| Bring Your Own Device (BYOD) Policy | Best Practice | UK GDPR; Cyber Essentials |
| Data Retention and Disposal Policy | Legally Mandatory | UK GDPR, Article 5(1)(e) |
| Disaster Recovery / Business Continuity | Best Practice (mandatory in regulated sectors) | ISO 22301; NIS Regulations 2018 |
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 impose strict obligations on any organisation that processes personal data. Organisations must be able to demonstrate accountability through documented policies. The ICO has the power to issue fines of up to £17.5 million or 4% of annual global turnover for serious breaches.
Financial and Governance Policies
| Policy | Status | Key Regulation |
|---|---|---|
| Anti-Bribery and Corruption Policy | Legally Mandatory (adequate procedures defence) | Bribery Act 2010, s.7 |
| Anti-Money Laundering (AML) Policy | Legally Mandatory (regulated sectors) | Proceeds of Crime Act 2002; Money Laundering Regulations 2017 |
| Modern Slavery Statement | Legally Mandatory (turnover £36m+) | Modern Slavery Act 2015, s.54 |
| Expenses Policy | Best Practice | HMRC Guidance; Companies Act 2006 |
| Fraud Prevention Policy | Best Practice | Fraud Act 2006 |
| Conflicts of Interest Policy | Best Practice (mandatory for charities) | Companies Act 2006; Charities Act 2011 |
Good governance demands clear financial policies. The Bribery Act 2010 requires commercial organisations to have adequate procedures to prevent bribery, and the Modern Slavery Act 2015 requires qualifying organisations to publish an annual statement. Charities must also address conflicts of interest under Charity Commission guidance.
Sector-Specific Policies
| Policy | Status | Key Regulation / Standard |
|---|---|---|
| Safeguarding Policy | Legally Mandatory (education, health, social care) | Children Act 2004; Care Act 2014 |
| Clinical Governance Policy | Legally Mandatory (healthcare) | CQC Fundamental Standards; Health and Social Care Act 2008 |
| Environmental Policy | Best Practice (mandatory for EMAS/ISO 14001) | Environmental Protection Act 1990; EMAS Regulation |
| Social Value Policy | Best Practice (mandatory for public sector contracts above threshold) | Public Services (Social Value) Act 2012 |
| Quality Management Policy | Best Practice | ISO 9001 |
Organisations operating in regulated sectors such as healthcare, education and financial services face additional policy requirements driven by sector-specific regulators including the CQC, Ofsted and the FCA.
Minimum Policy Requirements by Business Size
Not every business needs every policy from day one. However, as your organisation grows, your legal obligations increase. Below is a summary of the minimum policy requirements at key thresholds.
All Employers (Including Those With Fewer Than Five Employees)
- Written statement of employment particulars (from day one of employment)
- Compliance with the Equality Act 2010 (even without a formal policy, obligations apply)
- Employer's liability insurance certificate displayed
- UK GDPR compliance including a privacy notice if processing personal data
- Health and safety risk assessments (must be conducted, but recording not mandatory below five employees)
Five or More Employees
- Written health and safety policy statement, as required by the Health and Safety at Work Act 1974, s.2(3)
- Recorded risk assessment findings under the Management of Health and Safety at Work Regulations 1999
- Documented disciplinary and grievance procedures (recommended from the outset, essential at this stage)
Organisations With 250 or More Employees
- Gender pay gap reporting (Equality Act 2010 (Specific Duties and Public Authorities) Regulations 2017)
- Tax strategy publication (Finance Act 2016, Schedule 19, for qualifying groups)
- Trade union consultation obligations become more complex
Organisations With Turnover Above £36 Million
- Modern Slavery Act 2015 statement published annually
Which Regulations Require Which Specific Policies
Understanding the regulatory landscape is essential. The following summary maps the most significant pieces of UK legislation to the specific policies they demand.
Health and Safety at Work Act 1974: Written health and safety policy (5+ employees), risk assessments, safe systems of work, training records, incident reporting procedures.
Equality Act 2010: Equal opportunities policy, reasonable adjustments procedure, anti-harassment and bullying policy, recruitment and selection procedures, pay gap reporting (250+ employees).
UK GDPR and Data Protection Act 2018: Data protection policy, privacy notices, data breach procedure, subject access request procedure, data retention schedule, data protection impact assessment process, records of processing activities.
Employment Rights Act 1996: Written statement of employment particulars, disciplinary and grievance procedures, redundancy consultation process, family leave policies, flexible working request procedure.
Bribery Act 2010: Anti-bribery and corruption policy with adequate procedures, gifts and hospitality register, due diligence procedures for third parties.
Modern Slavery Act 2015: Modern slavery and human trafficking statement (annual), supply chain due diligence procedures.
For organisations that are unsure where to start, our policy document bundles provide a cost-effective way to ensure coverage across all essential areas. If you already have policies in place but need them reviewed or updated, our policy and procedure writing services include a thorough review and gap analysis.
Why Choose Policy Pros
We pride ourselves on providing high-quality work that is tailored to your specific needs. Our team understands the regulatory framework across all major sectors, and we write every document in clear, accessible language. We can write your documents from scratch or review and update your existing policies to ensure compliance with the latest regulations. Do not just take our word for it — read our testimonials from satisfied clients who have experienced the value of our services firsthand.
“I had the absolute pleasure of working with Jo from Policy Pros, and I can’t say enough good things about her and the company.” Kitty ZW
Whether you need a single policy or a comprehensive set of documents, we are here to help. Explore our guide to policies every company should have for further reading, or get in touch to discuss your requirements.
