How Health and Safety Management Systems Work

The main components of a Health and Safety Management System (HSMS) include both policy – a ‘mission statement’ for health and safety that provides a mechanism for management control and accountability – and arrangements for implementation, monitoring (including audit) and continual improvement.

Formalising these arrangements removes the potential arbitrariness of processes developed by a few individuals and helps to support a management culture that can involve the whole workforce.

A HSMS can prioritise the planning, organising, control, monitoring and review of measures to protect people from work risks. It’ll help allocate the correct resources, achieving effectiveness and efficiency.

Whatever management model is used, it’s likely to be based on the principle of plan, do, check and act (PDCA – also known as the ‘Deming cycle’). Numerous types of management system are based upon this principle, notably ISO 45001 and HSG65.

Following is a breakdown of what each section should cover (based on HSG 65).


  • Think about where you are now and where you need to be.
  • Determine Policy
    • Say what you want to achieve, who will be responsible for what, how you will achieve your aims, and how you will measure your success. You may need to write down this policy and your plan to deliver it.
    • Decide how you will measure performance. Think about ways to do this that go beyond looking at accident figures; look for leading indicators as well as lagging indicators. These are also called active and reactive indicators.
    • Consider fire and other emergencies. Co-operate with anyone who shares your workplace and co-ordinate plans with them.
    • Remember to plan for changes and identify any specific legal requirements that apply to you.


  • Identify your risk profile
    • Assess the risks, identify what could cause harm in the workplace, who it could harm and how, and what you will do to manage the risk.
    • Decide what the priorities are and identify the biggest risks.
  • Organise your activities to deliver your plan.
    • Involve workers and communicate, so that everyone is clear on what is needed and can discuss issues – develop positive attitudes and behaviours.
    • Provide adequate resources, including competent advice where needed.
  • Implement your plan
    • Decide on the preventive and protective measures needed and put them in place.
    • Provide the right tools and equipment to do the job and keep them maintained.
    • Train and instruct, to ensure everyone is competent to carry out their work.
    • Supervise to make sure that arrangements are followed.


  • Measure your performance
    • Make sure that your plan has been implemented – ‘paperwork’ on its own is not a good performance measure.
    • Assess how well the risks are being controlled and if you are achieving your aims. In some circumstances formal audits may be useful.
  • Investigate the causes of accidents, incidents or near misses


  • Review your performance
  • Learn from accidents and incidents, ill-health data, errors and relevant experience, including from other organisations.
    • Revisit plans, policy documents and risk assessments to see if they need updating.
    • Take action on lessons learned, including from audit and inspection report

The Health and Safety at Work Act requires…

“…every employer to prepare and as often as may be appropriate revise a written statement of his general policy with respect to the health and safety at work of his employees and the organisation and arrangements for the time being in force for carrying out that policy, and to bring the statement and any revision of it to the notice of all of his employees.”

The Management of Health and Safety at Work Regulations requires employers to…

“…make appropriate arrangements for the effective planning, organisation, control, monitoring and review of their preventative and protective measures.”

Many organisations divide their health and safety documentation into three main sections:

  1. Written Statement (the What)
  2. Organisation (the Who)
  3. Arrangements (the How)

Organisation means people and their responsibilities. Arrangements means systems and procedures.

The organisation and arrangements sections are further sub-divided, according to the characteristics of the business.

Written Statement

If the total number of employees in an undertaking is five or more, the employer must prepare a written policy statement.

The safety policy requirement is intended to make employers think carefully about the nature of the hazards in the workplace, and about what precautions are necessary to make the workplace safe and healthy for their employees.

The statement is also intended to increase employees’ awareness of the employer’s policy and arrangements for safety. Employers are required to bring the statement to the notice of all their employees. The statement should set out the employer’s aims and objectives for improving health and safety at work and the organisation and arrangements in force for achieving those objectives.

As working conditions continually change and new hazards arise and control measures alter, employers are required to keep their policy up to date. Revisions are necessary if systems, procedures or responsible persons change. Any revisions to the statement must also be brought to the notice of employees.

The purpose of the safety policy statement is to set out the employer’s aims and objectives for improving health and safety at work after a careful consideration of the nature of the workplace hazards and the appropriate controls.

The written statement of policy should be shaped by the organisations: general intentions; approach and objectives (or vision); and the criteria and principles upon which it bases its action.

The safety policy statement should, as a minimum, include commitments to:

  • the prevention of occupational injuries and ill health
  • compliance with applicable legal requirements, and other relevant standards
  • continual improvement in health and safety management and performance
  • provide a framework for setting and reviewing health and safety objectives

Better safety policy statements will attempt to capture the organisations basic philosophy for the management of health and safety and explain its importance relative to other organisational objectives, e.g.:

“Prevention is not only better, but cheaper than cure. There is no necessary conflict between humanitarianism and commercial considerations. Profits and safety are not in competition. On the contrary, safety is good business.”

“The identification, assessment and control of health and safety and other risks is a managerial responsibility and of equal importance to production and quality.”

In addition, the health and safety policy should be:

  • appropriate to the nature and scale of organisation’s health and safety risks
  • documented, implemented and maintained
  • signed by the chief executive officer / managing director and dated
  • communicated to all persons working under the control of the organisation
  • available to all other interested parties
  • periodically reviewed to ensure that it remains relevant and appropriate to the organisation


Every employee in an organisation has legal and operational responsibilities to contribute towards the effective management of health and safety. Leadership is the key to building an effective health and safety management system and developing a positive safety culture, and a top down approach is essential.

A senior board member should take direct responsibility for championing and co-ordinating the efforts. All directors and senior managers should actively support the development of the safety management system and be visible in practically demonstrating their commitment.

Managers at all levels should communicate the key values of the policy through their actions and all operational staff should ‘buy in’ to the importance of health and safety management in the organisation.

In terms of practical allocation of roles and responsibilities it may be easier to recognise that everyone employed by the organisation is an employee and therefore has the same basic responsibilities; and that additional responsibilities are added as a result of seniority in the management structure or as a consequence of being appointed to a role with specific safety responsibilities.

All Employees

All employees have to:

  • take reasonable care of their own health and safety and the health and safety of others who may be affected by their work
  • cooperate with supervisors and managers on health and safety matters
  • properly use and not interfere with anything provided to safeguard their health and safety
  • report all health and safety concerns to an appropriate person

Supervisors and Managers

In addition to the basic employee’s responsibilities supervisors and managers may well have responsibility for specific groups of workers or specific parts of the workplace.

Additional responsibilities may include ensuring that:

  • risk assessments are current and effective
  • employees are working in accordance with safe systems of work
  • the workplace is kept clean and tidy and free of obstructions
  • adequate supplies of personal protective equipment (PPE) are available
  • accidents and near misses are reported and properly investigated

Directors / Senior Management Team

The senior management team is responsible for:

  • Establishing effective ‘downward’ communication systems and management structures
  • Considering health and safety implications of all business decisions
  • Setting targets for improving the organisations health and safety performance
  • Regularly reviewing the organisations health and safety performance at board level
  • Making provision for adequate resources, including competent health and safety advice

Health and Safety Advisor / Manager

The role needs to be clearly defined, particularly regarding its advisory and management responsibilities. This may vary greatly depending on the size of the organisation and its hazard profile. Examples of typical responsibilities include:

  • advising the board or senior management on strategic health and safety issues
  • formulating and developing specific aspects of the health and safety management system, e.g. the practical arrangements for risk assessment
  • day-to-day implementation and monitoring of policy and plans including accident and incident investigation, reporting and analysis
  • reviewing performance and auditing of the health and safety management system


First aiders’ specific duties may include:

  • Provision of first aid treatment to employees
  • Recording of all treatment given
  • Liaison with emergency services
  • Maintenance of first aid kit / first aid room

Fire Warden / Marshall

A fire warden may be allocated a range of duties relating to periodic checks of fire precautions or actions in case of fire, such as:

  • Sweeping an allocated area, encouraging people to leave via the nearest fire escape route and proceed to the assembly point
  • turning off equipment and closing doors and windows as they go
  • Informing the person in charge of the evacuation that their area is clear

Performance Management

To enable effective performance management, it is important that allocated responsibilities are clearly defined, understood and accepted, and able to be monitored objectively. People with specific responsibilities for health and safety should be held accountable. This may involve the use of existing personnel systems such as:

  • individual job descriptions containing references to health and safety responsibilities
  • performance review and appraisal systems measuring and rewarding individual performance in health and safety activities
  • disciplinary procedures for acting upon serious failures in health and safety performance


The breadth and depth of the systems and procedures contained in the arrangements section should be proportionate to the size of the organisation and its hazard profile. A typical arrangements section should include procedures for the effective planning, organising, control, monitoring and review of the following:

Health and safety risk management

  • Identification of hazards and risk
  • Specifying preventive and protective measures
  • Action planning with priorities and responsibilities
  • Periodic review

Consultation with employees

  • Trade union safety representatives and safety committees
  • Representatives of Employee Safety
  • Other arrangements for consultation

Safe plant and equipment

  • Purchasing of new equipment
  • Preventative maintenance
  • Defect reporting

Safe handling and use of substances

  • Purchasing of hazardous substances
  • Undertaking COSHH assessments
  • Informing employees
  • Reviewing assessments

Information, instruction and supervision

  • Provision of relevant health and safety information
  • Supervision and training of new recruits and young workers

Competency for tasks and training

  • Induction training
  • Job specific training
  • Training records

Accidents, first aid and work related ill health

  • Undertaking health surveillance
  • Health surveillance records
  • First aid equipment stored
  • Appointed person / first-aider
  • Record keeping and reporting under RIDDOR


  • Proactive monitoring of work conditions and working practices
  • Investigation of accidents and work related sickness

 Emergency procedures

  • Fire risk assessments
  • Checks of escape routes, fire extinguishers and alarms
  • Evacuation drills

Set out below is what a HSMS might look like diagrammatically (based on ISO 45001).


Keeping it current

It is important that the HSMS is reviewed in order to keep it up to date. The circumstances that would prompt a review are:

  • The structure of an organisation changes
  • Introduction of new processes and/or technology
  • New shift patterns
  • Contracting work out
  • A change in company premises and/or expansion requiring the acquisition of additional premises
  • Changes in legislation/ACOP’s/Guidance
  • Results of health and safety audits
  • Findings from accident/incident investigations
  • Results of risk assessments
  • Following enforcement action
  • Following consultation with staff
  • Requested by a third party (such as insurers)
  • After a period of time has elapsed since the last review