There are so many regulations and tasks that safety managers have to juggle.  Managing policies tends to fall to the bottom of the list, but it’s arguably one of the most critical tasks.

Yet, when OSHA or an Auditor comes knocking, policies are among the first things they want to see.  And they had better be up to date and organized.

If managing policies in your safety department has you feeling frazzled, I have some tips to make the process seamless.


There are a few crucial parts you need to have in place before you begin managing policies in your department.

  • You want to have written policies where they’re required by regulation.
  • For areas with high-frequency incident rates or non-compliance, you should have a written policy.
  • Everything else falls under either a JHA, JSA, or SOP (check out this article on what the difference is).
  • Everyone who falls within the scope of the policy needs to have easy access to it.


Safety Managers can tend to go policy crazy, writing one for every subpart of the regulations.  Not only does this make the job harder, but it also sends the wrong message to the employees.

The goal of the Safety Department is to influence your team to reduce the risks they’re taking.  Policies are one way to do that.

Best practices and safe work practices can be communicated through Standard Operating Procedures.  They don’t necessarily need a formal policy.

Take off that Safety Police hat.  Only put written policies in place when regulations require it.  Or for high-frequency rates in specific areas.

Step one is to read the regulation and determine if a formal written policy is required.


If you currently don’t have a policy management process in place, you will want to do a little pre-work.

  1. Create a list of every regulation that applies to your organization.
  2. Does it require a written policy?  Cross off all those that don’t.
  3. Add to that list every company-specific policy you have.
  4. Next to each one, write in the date that the policy was last updated.


It’s a best practice when managing policies that you review and update them periodically.  It’s also expected by auditors and OSHA. But what does periodically mean?

Some will tell you they need to be reviewed annually.  This is not true unless the regulation specifies it.  Most of the time, you get to determine what periodically means.

You can choose to do it every one, two, or three years.  As long as you have a process in place and a system to track when updates are due.

Technically you can do it less frequently than every three years.  But you run the risk of an OSHA inspector not liking that. Keep it no more than 3 years to stay safe.


Managing policies can be broken down into a repeatable flowchart.  These 10 steps take the considerable task of managing policies and break it down.

Using your list of policies as a guide. Every month pick a new policy and run it through these steps.  Making it a monthly process spreads out this tedious task of managing policies.  It becomes a habit and the way you run your department.

You will never worry again when OSHA comes knocking.  Because you will be confident that your policies are always up to date.


There are several ways that you can give access to your safety policies.  Both the management team and employees need to get to them.  The most common method is creating a shared drive or folder on your computer network.

The problem with shared drives is that they may not be easily accessible to employees.

I know what you’re thinking – the employees never read them anyway.

However, if you’re holding the employees accountable to the company’s policies, they need to be able to access them.  And they shouldn’t need computer skills to do that.

This is why managing policies in a paper format works best.  Every policy can be written and maintained in its own policy binder.  If someone is looking for a specific topic, there isn’t any searching for it.  They can grab the policy binder right off the shelf.

**Pro Tip**

Pro Tip – don’t keep your policy binders locked up in your office.  Put them outside your office where anyone can grab them and look something up at any time.  This eliminates interruptions or the excuse that they couldn’t get to the policy.

Along with access to the policies, they need to be easy to use too.  Check out this article on How to Write Policies for Ease of Use.


Although having hard copy policies in binders makes them more accessible. You also want to keep a digital copy.  This will help with version control.

During audits or lawsuits, there may be the need to know the exact policy at a specific period of time.  

In fact, I had a 12-year-old worker’s comp injury that required me to show company policies in the lawsuit.  Showing current policies would have hurt our case.  Instead, with version control, I could produce the policy as it was written 12 years prior.

This is an extreme case, but it highlights the importance of versioning.

You don’t need complicated software to do this.  Simply save your current version of the policy in a separate “Archive” folder with the date.  Use the document protection features in Microsoft Word.  This will add an extra layer of confidence to this method.

Another idea is to use the Review Feature in Microsoft Word.  This will show the changes made from one version to the next.  Then save the “red-lined” protected version of the policy in your archive folder.


When publishing your new or updated policy, you must notify everyone affected.  Don’t add extra work to yourself and over-complicate this step.

Notification can be done in the form of an email, posting, or notice in the company newsletter.  Better yet, do all three.

There’s no need to gather a bunch of signatures.  Instead, save copies of how you communicated the policy update in your archive folder.

The only time you want to get signatures on a policy update is when there’s a change in process.  When you’re making a significant change in the policy or the procedures, you want to take this extra step.  Have everyone affected sign an acknowledgment statement.

But most monthly updates won’t need this extra step.

Want to know more about managing policies in safety?  Read this article about launching safety programs they will actually follow.

Take Action

Put your policy updates into a repeatable monthly process.  It has many more benefits than just getting the work done.  Regular safety processes, like policy updates, build engagement, and safety culture.  Especially when you involve employees and managers.

It becomes how you do business.

Start with creating a list and choose one policy you’ll update next month.  Stop doing your policy updates in chunks.  You will see more benefits from doing one policy at a time.

Now It’s Your Turn

How many current safety policies do you have in place?  Is it possible you have too many? 

Comment below and keep this conversation going.  Tell me how you manage your policies.

Subscribe on your favorite Podcast App

Hi, I'm Brye (rhymes with sky)!  I am a self-proclaimed safety geek with two decades of general industry safety experience.  Specializing in bringing safety programs to a world-class level and building a safety culture, I have trained and coached many safety managers, just like you, on how to effectively manage workplace safety in the real world.   I would love to help you too.

Get started with my weekly newsletters: