The One Policy Requirement
Before embarking on writing safety policies it is imperative to know that you are only legislated to have one policy that your workers read, and that is the policy on Health and Safety. You aren't required by the government to have any other policies besides this potentially one page document, period. Having said that, this approach is completely impractical and your company can likely not work in their industry without comprehensive policies on topics related to your industry. You might be saying, "But what about the right to refuse unsafe work? What about Hazard Identification?" You're correct that this information is necessary to be disseminated to your workers, but there is no legislation to say that it needs to be in a policy format. It is simply easier in policy format and there a lot of reasons it's the preferred method of dissemination.
On top of your legislated requirement for a health and safety policy you may also have industry requirements for policies that determine your eligibility for a COR and you may even have client requirements that determine your eligibility to work at a job site. It can be quite frustrating to have a policy that has been audited and passed COR requirements only to be forced to amend your policy to comply with ISNetworld or Complyworks requirements. We often see companies writing dummy policies that their workers don't read just to ensure that these registries approve their policies. We've tried to close this loophole by making it as easy as possible to submit your policy contents and worker compliance from SafetySync into tools like ISNetworld.
These industry and registry requirements are the reason why you need to have policies that cover topics beyond the initial health and safety policy.
With that out of the way we're going to look into the Government's requirements for writing a health and safety policy as their requirements are a good template to use with the rest of your safety policies. Having consistency in the format of your policies is important for comprehension and retention by your workers and it makes your annual review of your policies all that more simple.
Writing Your First Policy
We'll start with the Canadian Government's own Policy on Occupational Safety and Health. Their policy is broken down into parts which we'll discuss below.
Above we can see that the objective is short and simple. In your objective statement you can also include business cases for the policy depending on the topic: downtime avoidance, customer satisfaction, etc. Think of this section as the WHY.
The policy statement is a simple declaration. If you're creating a policy on the right to refuse unsafe worker your statement might read something like: ABC Company is committed to ensuring all worker's have the right to refuse unsafe work in a non-confrontational environment without fear of reprisal. This is the WHAT.
Application is typically used as the scope in many organizations, but the intention is to define who the policy is applicable to. In SafetySync, individual policies are assigned by job role so the application is defined within our software without the need for an application statement. If you aren't using a policy management tool, you will want to include the application statement for audit purposes. This is the WHO.
Requirements (usually defined as responsibilities) refers to responsibilities of individual departments within your organization. This is typically simplified as employees, supervisors, and employer. Depending on the topic, you might need to include members of the public(visitors) and/or contractors. This is the HOW.
Monitoring is an interesting section and we don't see it very often even though our customers have uploaded near 100,000 policies. I think it's very important as it details the accountability of the company to enforce the policy. It can be seen as a definition of the KPI(Key Performance Indicators) to measure the effectiveness of the policy. If you're working on a Right to Refuse Unsafe Work policy the monitoring section could include how the company will investigate all uses of the Right and ensure policy guidelines are being followed without the need for a worker initiated investigation. I would consider this another HOW statement but related to the enforcement.
In the case of the Health and Safety Policy there is a mandate from the government that all employers with over 5 workers have a policy. There is also likely to be an audit requirement from any industry associations your company may belong to and policies on certain topics may be required to receive a COR(Certificate of Recognition). Posting links to these regulations or requirements can help with future updates(ensuring you know where to look for changes) and ensuring workers have access to the sources of the policy contents.
Often times the Safety Manager at a company is the person any enquiries are to be directed to, but you may have responsibilities divvied up between members of your safety team. I would recommend not placing the name of a person in this section as if they leave the company or change roles you will have to go through all your policies and ensure the contact person is updated. It's best if you place a Job Title in this area. In SafetySync we allow you to include the name of a person, but if they ever leave the company you can automatically update policies they are the contact person for to someone else. A comment/feedback tool is also built into SafetySync so that workers can leave private feedback on the contents of the policy and your safety team can adjust the policy as needed or talk to the worker about the concerns. It's a big surprise for auditors who audit our customers to see that they have such a system available for their workers.
Demonstrating Management Commitment
While you don't see this on the Government's Policy on Occupational Safety and Health we believe it is imperative to demonstrate management's commitment to the safety of their workers. This can be done by signing the policy statement to show that management has personally approved of this policy. This is really only needed on the main health and safety policy and doesn't need to be on every single policy that your company writes. (We see a lot of companies with management sign-off on every single policy.)
Another way to demonstrate management commitment is to have regular communication from management to their workers on the company's commitment to safety(this is COR requirement). Our customers use our safety bulletin tool to satisfy this requirement. It's also very useful for letting your workers know if you've made major changes to your policies.
Updating A Policy
On top of your yearly review of your policies it's important to track revision history of your policies for audit purposes. This can be done in newer versions of Microsoft Word or Google Docs, but if you've ever tried to read the history of a revised doc it can look something like this:
While comprehensive, it can be a little difficult to decipher what is going on. Your company might employ a file versioning system on a network share like such:
I think we've all seen how complex that can get too.
In SafetySync anytime you make a change to a policy we store the previous version as is and you can leave a note on what exactly was changed in the process. Should a major change occur, you can reset compliance for all workers who have previously read it and require them to read the new version.
Even as awesome as you can be at writing your policies, the knowledge transfer from you to your workers is only as good as the tool you use to disseminate those policies. Ideally this is software that is built for managing and deploying policies, but if it's not I recommend ensuring that your system is built for collaboration and that it can easily be accessed by others to help share the workload of managing policies. We've seen company policies numbering in the hundreds and before these customers came to SafetySync I can't imagine the issues they faced trying to manage these in network shares at their company, let alone the editing versions for the safety team and the read only versions that their workers read. There is software to manage policies but I recommend doing your research. Policy management software isn't something people think to Google, but the customers who have found us and use our policy tool never go back to their old methods.