I received a couple of questions after my last post - "Start ups - When should you "kit up" with Policies, Ethics and Compliance" - asking what basic policies a company should start with?
This is tricky to answer because there isn't a one size fits all approach to this. Each organisation's risks, size and geographical footprint will impact the approach they take. If you have a handful of employees for example, you really don't need an all singing all dancing Code of Conduct but by the time you get to 50 employees, you should have considered it.
Before I list the policies, there are a few top tips I wanted to share for any organisation starting to think about building their policies.
Ensure they reflect your organisation - people often copy things they have
seen before, but make your policies relevant to your brand.
Once you get to a certain size, you should absolutely have a solicitor review your policies - I recommend 50 employees as a rough guide.
Review regularly - I would suggest yearly to make sure they are still relevant and in keeping with current legislation.
Apply good housekeeping - do not have different versions of the same policy in circulation or different policies with conflicting guidance on what is acceptable.
Make them easy to find - There is no point having policies that an employee can't find in their time of need.
POLICIES TO THINK ABOUT
Here is a list of policies you could consider: (A quick caveat from me; I do not know your organisation so please do not use this as a tick list.)
Health and Safety Policy
Every business must have a health and safety policy, but if you have 5 or more employees, it must be a written policy. It should include your commitment to managing health and safety and detail who is responsible for specific actions. You will need to think about how accidents will be reported, what should be done if there is a fire and the specific risks relevant to your business e.g. how you eliminate or reduce the risks of hazards. The Health and Safety Executive Website provides a wealth of information.
Data Protection and IT Security Policy
Data Protection is about ensuring people can trust that you use their data fairly and responsibly. If your organisation collects an individual's information for any reason you need to comply. This is set out in the Data Protection Act 2018, alongside GDPR. You are required to take a risk-based approach and be able to justify how and why you use data. This is regulated by the Information Commissioner’s Office in the UK and their website provides a lot of useful information. This is often combined with an IT Security policy, but they can be separate. An IT Security Policy should set out the IT security and data protection standards required and include topics such as password management, acceptable use and remote access. Your organisation's cyber security is so important. The risks of cyber attacks, data and intellectual property thefts can be high. Having controls and a strong policy in place should help to protect you. The International Organisation for Standardisation sets out a standard specifically for information security management (ISO27001)
Disciplinary and Grievance Policy
Some organisations combine these, whilst others have them as separate. You should set out how you will deal with critical issues and help demonstrate that you are a fair employer. You should consider the ACAS Code of Practice on Disciplinary and Grievance Procedures. The ACAS website is a great tool for both employees and employers.
Equality, Diversity and Inclusion Policy
This policy is not a legal requirement but the Equality Act of 2010 recommends you implement an Equality Policy. If you don't have one, it will be looked upon unfavourably by a tribunal should you receive a claim of discrimination. This policy should show your organisation’s commitment to the principle of equality of opportunity in the workplace by ensuring fair treatment and preventing discrimination.
This should set out the rules for how employees can claim and be reimbursed for reasonable and authorised expenses whist doing business. You should set out your expectations of your employees incurring any business expense and any manager approving such claim.
Payment and Refund Policy
A payment policy sets out what type of payment you are able to take and when that payment is made. Your refund policy helps protect you from refund fraud which can be a big source of loss for your organisation. It also ensures you comply with consumer rights.
Anti-Bribery and Anti-Corruption Policy
The penalty for company directors if found guilty of a Bribery Act offence, is unlimited fines and up to 10 years imprisonment. You may feel that this can't be relevant to you, but as an employer, you are responsible for the actions not only of your employees, but any 3rd party (contractor, agent, supplier etc) who is acting on your behalf, whether or not you know about the action they are taking. Having a detailed policy will help protect you.
One of the things 2020 has shown is that organisations that were geared up for homeworking where it was already possible, have fared a lot better than those that had always been against it. Having a policy which sets out when and why your employees can work from home, technology support, your expectations in terms of availability (does the employee have to work the business core hours or is this adjusted for the circumstances?) and managing a work/life balance is helpful. There should be criteria included for assessing whether the homeworking arrangement will be practical, effective and meet business needs.
Maternity / Paternity / Adoption / Shared Parental Leave / Carers Leave / Fertility Support / Sickness / Study Leave / Flexible Working Policies
Big moments in your people's lives will impact your organisation, whether you require cover because they won't be working for a period of time or just that an individual requires extra support or flexibility. Understanding what your obligations are and then thinking about any additional support you want to offer is important. How an organisation responds to an employee in their time of need, impacts morale and productivity. These are just some policies for you to consider that could impact your employees. You don't necessarily need separate ones for each of these topics.
Employee Handbook / Code of Conduct
Having a handbook or a code of conduct can help promote your organisation's ethics by clarifying your mission, values and principles. This sets the tone of what your culture is and your people's behaviour. A great handbook / Code of Conduct shows the company is committed to acting ethically which demonstrates your leadership's stance. The detail should should touch every part of your organisation. There is a long list of topics that could be included in a Code of Conduct and this really does need to be tailored to your organisation.
If you are interested in finding out more information, or wish to discuss any point, please do get in touch.