For a start, I don't have one.

When auditors ask I just point them to the law, and then to what we do better.

If they get toey ( gotta earn that audit fee somehow) I'll give them a copy of the employment agreement which provides for things like health insurance.

Always have to remember the more policies you have the more strands there are to the rope that will hang you. And as safety practitioners what do we do first - eliminate!

Personal pet hate. I once reviewed almost 200 policies for a government ministry as part of a supplier review. There were probably really only 4 or 5 different policies there. The rest were boiler plate nonsense.
David Provan wrote a good article about his experience in changing this here https://safetydifferently.com/safety-policy-from-compliance-to-desire-driven/ and I have done something very similar in the past - link the policy to your specific organisational approach and make it meaningful, if you're going to have one.
You need to be careful with this series @Simon Lawrence. This is how my book started and mutated into something a lot more time consuming!

I totally agree with this but we are faced with a culture from pre-qualification companies who, if not able to tick the "Safety Policy Box" (or insert any other policy box) then you will fail your audit. I know this implicitly because of the significant number of pre-qual audits we do. One pre-qual company demanded that we address "Workers must not intentionally misuse or damage personal protective equipment provided to them" in our policy on PPE which was only written to keep them happy. When challenged with I'm sorry auditor person, we just don't employ staff who do this, we hire adults. We found out this wasn't sufficient and to pass the audit we had to comply with the request. If the client company who uses this pre-qualification company needs us to address this then the company needing the pre-qualification needs to address its worker's attitude not have us write nonsense policies.

We are a company that tries like hell to avoid policies that are not embedded in daily activity i.e in a JSA or similar. For example, say for simplicity sake "work at height" is the risk our policy which is the control measure is "must be trained & wear a harness" (it's simplified here its not our full control measure). This way we clearly communicate company "policy" and the staff see it every day it is not a piece of forgotten wallpaper.

Sadly the road forward is obscenely complicated and onerous safety systems not for worker protection but compliance with other companies' perception of safety through policy. Typically the companies driving this behavior have no direct relationship with your business activities and flatly no interest in them but to only ensure you have a "Policy" and said box can be ticked and the bill can be sent. I applaud inspiration in safety systems but currently, Policy Beige is the only option.

Is part of the problem that even the government/regulator thinks it is simply a copy/paste task to tick the box? MBIE through the Business.co.nz website even has a "Policy Builder" that with a few clicks of a mouse can "write" you a policy on anything from Health and Wellbeing to Leave and Holidays...

Also, it seems increasing that no-one actually understands the difference between a policy and a procedure. I've lost count of the number of times a senior manager/induction company has asked for (or told someone to write) a policy on things like working at height, fatigue management, confined spaces or [enter your favourite activity here].

Policy = governance commitment = we'll keep people safe by following the law in so far as it's reasonably practicable for us to do so.

Procedure - operational steps taken. Sometimes they're imaginary. Sometimes they're aligned with reality.

Either way, as Andrew said, the value of the paperwork is dependent on the actions applied.

I agree that they are rarely read. From an Aviation SMS perspective, they are part of our regulatory documentation, and supposed to be read by all. There are specific elements that must be included, such as leadership commitment, acceptance of and support to auditors etc. Its partly to create a commitment to hold personnel to at audit and mainly (in my mind at least) a mechanism to hang a out your shingle and declare what type of organisation you are striving to be. In my last company, the statement was part of induction, included in the individuaks' skills record and tested as part of their bi-annual regulatory assessments. I think they should be easy to break down into SMART statements that are demonstrable individually and as a whole...

Some good thoughts, however, I'd just like to reinforce what Rachael https://forum.safeguard.co.nz/profile/530/rachael says above: My post is aimed specifically at the traditional "Safety Policy Statements". This is typically a one-page signed statement making rather vacuous value statements about safety. It is mostly framed and sits in the reception area. Fairly safe from people who would throw their coffee dregs at it.

For as long as I can remember, the word policy has been confused with, and synonymous with procedures. "The principal requires a copy of your safety policy". This seems to mean "your procedure manual". As Rachael says, a policy is NOT a procedure. For example, you may have a policy of equal employment opportunities as a general aim, but procedures may describe in detail how recruitment and retention is conducted to achieve this.

So I want to be at pains to emphasise I support procedures. Manuals are fine as long as you don't inflate them. I'm also in favour of policies. But you don't need to publish policies to have them admired. Because they mean nothing without action. In this brave new world, we have identified virtue signalling for what it is, (weasel). That's why my post on this http://public.safetybase.co.nz/safety-policy-statements-youre-committed-to-what/ suggests that if we have a wishy washy Safety Policy Statement, we deserve to be interrogated.

Andrew, I didn't give you a like for this. As an ex-auditor, I worry about people like you. Just play the smoke and mirrors game, there's a good fella. Auditors have a hard enough life without common sense creeping in

Andrew, I didn't give you a like for this old chap. As an ex-auditor, I worry about people like you. Just play the smoke and mirrors game — Simon Lawrence

I take a philosophical approach to audits. Just like a prostate exam.
- you know it has to be done
- the discomfort is more mental that actual
- and you remain grateful you arent the one doing the probing

I think they can have some value when they workplace-specific and not a generic statement copied from an ancient H&S manual (from a completely different industry). Some of the best ones I have seen are those developed by health and safety committees / safety teams, and in the past I have used this as a starter exercise when providing support to newly formed H&S committees. Personally I think that a policy statement developed by workers, in their own words, can be far more meaningful than a collection of generic management-speak safety statements.

It doesn't help when everyone just meekly accepts the requirement without questioning the purpose or usefulness, and nobody wants to take the risk of failing an audit. And one of the biggest root causes of the failure of the ACC WSMP accreditation system was the unconscious collusion of auditors and auditees to focus overly much on management systems documentation rather than what was happening in the real world.

Nailed in in three sentences. Documentation is only useful when:
Purposeful,
Designed for the user (not the audit), and
Focussed on work as done, not imagined.

The very fact that so many of these policy statements are all so much alike speaks to the tendency of auditors to focus overly much on a rigid checklist of what is required to be mentioned.

Nailed in in three sentences. Documentation is only useful when:
Purposeful,
Designed for the user (not the audit), and
Focussed on work as done, not imagined. — Rachael

And that is also what has lead us to where we are now - H&S policies which:

• Have a purpose, which is passing the audit,
• Are designed for the user, who is the auditor,
• Are focused on work as done, which is the checklist of requirements the auditor is looking for.

:wink:

Ahhhh - SNAP. :rofl:

I think you hit it on the head there. IF the policy is written by the accountable executive, and not merely a copy/paste exercise, then it will be useful as it forms the basis of the risk management process (the context in ISO31000 speak). It should be the driver of your company's safety goals and objectives.

The problem is, executives and professionals alike just treat it like a tick-box exercise, and then it loses its usefulness

It also doesn't help that so few executives truly understand risk or know where to start when writing policies and prefer to avoid having to think about it (especially when so many of their compliance people think and communicate in jargon-laden detail rather than high level concepts and principles) - thus the tendency to copy and paste.