Dr Richard Dune 21-05-2026
List of Health and Social Care Policies and Procedures - ComplyPlus™ - The Mandatory Training Group UK -

List of Health and Social Care Policies and Procedures

Image by mohdizzuanbinroslan via Envato Elements

Build a practical policy framework that supports safer care, clearer staff responsibilities, evidence of governance, and inspection readiness in practice

Health and social care policies and procedures are not just documents to store for inspections. They are part of how providers translate legal duties, regulatory expectations, organisational values and day-to-day practice into clear instructions that staff can follow. When policies are current, accessible and properly embedded, they support safer care, stronger governance, clearer accountability and more reliable evidence for oversight and assurance.

The challenge is that many providers either have too few documents, too many overlapping documents, or policies that look professional but do not reflect how the service actually works. A policy library should not be a paperwork archive. It should be a practical governance framework that helps staff understand what is expected, when to escalate concerns, what evidence to keep and how risks should be managed.

In this blog, Dr Richard Dune explains what a practical list of health and social care policies and procedures should include, why these documents matter, how providers should decide what they need, and how to keep a policy framework current, usable and inspection-ready.

What is a list of health and social care policies and procedures?

A list of health and social care policies and procedures is a structured overview of the key documents a provider needs to run services safely, lawfully and consistently. It helps leaders, managers and staff see which documents exist, what each document covers, who owns it, when it was reviewed, and how it supports care delivery and evidence readiness.

It is best understood as a navigational hub, not a substitute for the documents themselves. The list helps providers organise the policy framework, but each policy or procedure still needs clear content, ownership, version control, and evidence of implementation.

In simple terms:

  • A policy sets out the organisation's position, expectations and rules

  • A procedure explains the steps staff should follow

  • A protocol may set out a defined response in a specific high-risk situation

  • A guideline may support judgment and good practice where some flexibility is needed.

For a fuller explanation of these distinctions, see MTG's guide to policies, procedures, protocols and guidelines.

Why do policies and procedures matter in health and social care?

Policies and procedures matter because health and social care providers work in high-risk, regulated environments. Poorly designed or poorly implemented documents can contribute to unsafe care, weak accountability, inconsistent practice and avoidable regulatory concerns.

A good policy framework supports:

  • Induction and onboarding

  • Staff supervision and appraisal

  • statutory and mandatory training

  • Audits and quality assurance

  • Incident reporting and learning

  • Complaints handling

  • Safeguarding escalation

  • Risk management

  • Governance reporting

  • Inspection and commissioner's evidence.

A document that is outdated, poorly written or unknown to staff gives false assurance. A useful document gives staff clarity and gives leaders evidence that standards are being implemented in practice.

Policies also matter because staff need consistency. In services where people work across shifts, locations, teams, roles, and service lines, clear documentation helps reduce variation. They explain what should happen when something is routine and when risk increases, or a situation becomes complex.

What legal and regulatory framework shapes health and social care policies?

There is no single law containing a universal master list of health and social care policies and procedures. Providers build their policy framework from several sources, including legislation, regulations, regulator expectations, contractual requirements, professional standards and service-specific risks.

Key frameworks may include:

  • Health and Social Care Act 2008

  • Health and Social Care Act 2008 (Regulated Activities) Regulations 2014

  • Care Act 2014

  • Mental Capacity Act 2005

  • Data Protection Act 2018

  • United Kingdom General Data Protection Regulation (UK GDPR)

  • Health and Safety at Work etc. Act 1974

  • Equality Act 2010

  • Human Rights Act 1998

  • safeguarding legislation and local safeguarding arrangements

  • Care Quality Commission registration and assessment expectations.

For a broader overview of legal duties, see MTG's guide to key health and social care legislation and regulations. This article does not repeat that legal analysis in detail. Instead, it focuses on how those duties should be reflected in a practical document framework.

What should be on a practical list of health and social care policies and procedures?

The exact list depends on the service type, regulated activities, size, workforce model, people supported and risk profile. A care home, domiciliary care provider, supported living service, general practice, dental practice, healthcare clinic and training organisation will share some core policy needs, but their full policy frameworks will not be identical.

Most providers should consider policy areas across governance, safeguarding, care delivery, workforce, health and safety, information governance and quality improvement.

Governance and leadership policies

Governance policies help providers show how the organisation is led, monitored and held accountable. Common documents include:

  • Governance and assurance policy

  • Risk management policy

  • Quality assurance policy

  • Audit policy or audit schedule

  • Incident reporting and learning procedure

  • Duty of candour policy

  • Complaints and concerns procedure

  • Whistleblowing or speaking-up policy

  • Business continuity plan

  • Document control and version management policy.

These documents should help leaders answer one core question: how do we know the service is safe, effective and improving?

Safeguarding and person-centred care policies

Safeguarding and person-centred care policies help protect people’s rights, dignity, safety and choices. Common documents include:

  • Safeguarding adults policy

  • Safeguarding children policy, where relevant

  • Mental Capacity Act and best-interests policy

  • Deprivation of liberty safeguards procedure, where applicable

  • Consent policy

  • Dignity, privacy and respect policy

  • Equality, diversity and inclusion policy

  • Human rights policy

  • Communication and accessible information policy

  • Person-centred care planning procedure.

These documents should connect directly to staff training, supervision, escalation routes and care planning.

Clinical and care delivery policies

Care delivery policies should reflect the actual services provided. Depending on the setting, this may include:

  • Medicines management policy

  • Infection prevention and control policy

  • Falls prevention procedure

  • Pressure ulcer prevention policy

  • Nutrition and hydration policy

  • Record-keeping policy

  • Care planning and review procedure

  • End-of-life care policy

  • Behaviour support or restrictive practice policy

  • Clinical tasks, or delegated healthcare procedures, are relevant.

High-risk areas need particular attention because weak policy implementation can lead directly to harm.

Workforce and organisational safety policies

Workforce policies help providers recruit, train, support and manage staff safely. Common documents include:

  • Recruitment and safer recruitment policy

  • Induction policy

  • Supervision and appraisal procedure

  • Learning and development policy

  • Statutory and mandatory training policy

  • Staff conduct policy

  • Disciplinary and grievance procedures

  • Equality at work and dignity at work policies

  • Health and safety policy

  • Fire safety procedure

  • Lone working policy

  • Moving and handling policy

  • First aid arrangements

  • Stress and well-being policy.

For training alignment, providers can review health and social care eLearning, online statutory and mandatory training and wider CPD-accredited online courses.

Information governance policies

Information governance policies are essential because health and social care providers handle sensitive personal information. Common documents include:

  • Data protection policy

  • Confidentiality policy

  • Records management policy

  • Information security policy

  • Subject access request procedure

  • Data breach procedure

  • Retention and disposal schedule

  • Acceptable use of information systems policy.

These documents should support lawful, secure and accurate information handling.

Quality improvement and learning policies

Quality improvement policies help providers move beyond incident response and embed learning into how the service works. Documents may include:

  • Continuous improvement policy

  • Lessons learned procedure

  • Audit action planning procedure

  • Service-user feedback process

  • Team learning and reflective practice procedure

  • Quality review or management review procedure.

These documents are especially useful when they connect to governance meetings, supervision, incident reviews, complaints and action tracking.

How should providers decide which policies they need?

The safest approach is to begin with the service scope and risk. Providers should ask:

  • What regulated activities do we provide?

  • Who do we support?

  • What care, treatment or support is delivered?

  • What risks are present in the service?

  • What information do we hold?

  • What workforce model do we use?

  • What do regulators, commissioners and insurers expect?

  • What incidents, complaints or audit findings have we seen?

  • Which policies are essential for frontline staff?

Many organisations go wrong by downloading generic templates, creating duplicate documents or keeping outdated policies that no longer reflect practice. A better approach is to create a controlled policy framework with named owners, review dates, staff acknowledgement, version control and links to training, audits and action plans.

Providers should also avoid copying a policy list from another service without checking relevance. A supported living provider, for example, may need strong policies around person-centred support, community access, safeguarding and tenancy-related boundaries. A nursing home may need more detailed clinical policies around medicines, nutrition, wounds, end-of-life care and infection control. A domiciliary care provider may need stronger lone working, a mobile workforce, access to records, and missed-call escalation procedures.

For providers seeking a more structured approach, ComplyPlus™ policies and procedures and ComplyPlus™ regulatory compliance management software can support document control, review workflows, governance oversight and evidence readiness.

How should providers keep policies usable?

A policy library should be clear, current, accessible and connected to practice. That usually means taking six practical steps.

1. Create one authoritative document for each topic

Avoid multiple versions circulating through email, shared drives and local folders. Staff should know where the current version is located. If local adaptations are needed, those should be controlled rather than informal.

2. Assign ownership and review dates

Every policy should have a named owner, an approval route, a review date, and triggers for interim review. Triggers may include changes in law, regulator guidance, incidents, complaints, audit findings, new services or changes in risk.

3. Link policies to real workflows

Policies should connect to forms, checklists, escalation routes, training requirements, supervision prompts and audit tools. A safeguarding policy, for example, should link to reporting routes, local authority contacts, recording expectations and escalation steps.

4. Use plain English

Staff need documents they can understand and apply. Overly legalistic wording can reduce compliance rather than improve it. The strongest policies explain responsibilities clearly and use practical headings.

5. Build audit trails

Providers should be able to show when policies were approved, reviewed, updated, communicated and acknowledged. This matters for inspections, commissioner assurance, complaints, incidents and internal governance.

6. Connect policies to training and competence

Policies tell staff what should happen. Training, supervision and competency checks help ensure it actually happens. A medicines policy, for example, should not sit separately from medicines training, competency sign-off, audits and error review.

Where independent recognition of learning matters, readers can also view The Mandatory Training Group’s CPD Certification Service provider profile.

How should policies support staff training and competence?

Policies are only useful if staff understand them and apply them correctly. A policy framework should therefore connect to induction, refresher learning, supervision, role-specific competence and leadership oversight.

For example:

  • Safeguarding policies should link to safeguarding training and escalation practice

  • Infection prevention policies should link to hand hygiene, cleaning and outbreak procedures

  • Medicine policies should link to competency assessment and audit

  • Data protection policies should link to confidentiality and record-keeping training

  • Moving and handling policies should link to practical assessment and safe equipment use

  • Complaints policies should link to communication, candour and learning.

This is where policy management and workforce development meet. Providers should not ask only whether a policy exists. They should ask whether staff understand what it means for their role.

Common mistakes providers make with policies and procedures

Clear, practical policies help providers turn compliance requirements into consistent day-to-day practice. 

Too many documents

Creating separate policies for every small issue can make the framework harder to manage. Sometimes, one well-structured document is better than several overlapping documents.

Poor version control

If staff use outdated documents, leaders cannot be confident that practice reflects current expectations. Version control should include document owner, approval date, review date and revision history.

Weak implementation

A policy that has not been read, discussed, trained on, embedded, or audited is unlikely to change behaviour.

Generic wording with no operational fit

Templates can help, but documents must reflect the provider’s actual structure, service model, escalation routes, staffing and risks.

No link to evidence

Policies should connect to audits, incident logs, complaints, supervision records, training compliance and improvement actions.

Trying to make one page do too much

This blog should remain a policy list and framework guide. Wider governance, legal duties and clinical governance are better covered in focused MTG guides on good governance in health and social care, clinical governance, and health and social care legislation.

FAQs about the list of health and social care policies and procedures

Below are some of the most frequently asked questions and answers regarding the list of health and social care policies and procedures.

Is there an official master list of care policies?

No. There is no single official list that every provider must copy. The required policy framework depends on service type, registration status, regulated activities, staffing, risks and the people supported.

What policies are usually essential for care providers?

Most providers need documents covering safeguarding, governance, risk, complaints, staffing, health and safety, infection prevention, medicines, records, data protection, mental capacity and person-centred care.

How often should policies be reviewed?

Policies should be reviewed on a defined cycle and sooner if laws, regulations, guidance, incidents, complaints, audit findings, or service changes require an update.

Do staff need to sign policies?

Staff acknowledgement can be useful for key policies, especially where the policy affects safety, safeguarding, data protection, medicines, conduct or role responsibilities.

Are procedures more important than policies?

They do different jobs. Policies set expectations, while procedures explain how to act. Staff usually need both clear expectations and practical steps.

Can generic templates be used?

Templates can be a starting point, but they must be adapted to the provider’s service model, workforce, risks, terminology and escalation arrangements.

What makes a policy inspection-ready?

A policy is inspection-ready when it is current, approved, accessible, understood, implemented and linked to training, audit, supervision and evidence.

Why does document control matter?

Document control prevents staff from using outdated or conflicting documents. It supports consistency, accountability, review and evidence readiness.

How should policies link to training?

Policies should inform induction, refresher learning, role-specific training, supervision and competency assessment. Training should help staff apply policies in real practice.

How can digital systems improve policy management?

Digital systems can support ownership, review dates, version control, staff acknowledgement, audit trails, reporting and evidence retrieval.

Most common health and social care policies and procedures

Policy and procedure area

Common documents to include

Why it matters

Evidence providers should keep

Governance and assurance

Governance, risk management, quality assurance, audit, duty of candour, business continuity, document control.

Shows how leaders monitor quality, manage risk, review performance and follow through on actions.

Governance minutes, audit reports, risk registers, action logs, policy review records and improvement evidence.

Safeguarding and protection

Safeguarding adults, safeguarding children, whistleblowing, speaking up, allegations, abuse prevention, escalation procedures.

Protects people from abuse, neglect, exploitation and improper treatment.

Safeguarding referrals, training records, supervision notes, incident reports, escalation records and learning reviews.

Person-centred care

Care planning, dignity and respect, consent, Mental Capacity Act, best interests, equality, diversity and inclusion, accessible information.

Ensures care reflects people’s needs, rights, preferences, communication needs and lawful decision-making.

Care plans, consent records, capacity assessments, best-interest decisions, communication plans and service-user feedback.

Clinical and care delivery

Medicines management, infection prevention and control, nutrition and hydration, falls prevention, pressure ulcer prevention, and end-of-life care.

Supports safe, consistent and evidence-based care delivery in high-risk areas.

Care records, medicines audits, infection control checks, nutrition records, risk assessments and clinical review notes.

Health and safety

Health and safety, fire safety, moving and handling, lone working, first aid, Control of Substances Hazardous to Health, and incident reporting.

Protects staff, people using services, visitors and others from foreseeable harm.

Risk assessments, fire checks, training records, equipment checks, incident logs and maintenance records.

Workforce and HR

Recruitment, safer recruitment, induction, supervision, appraisal, learning and development, statutory and mandatory training, disciplinary and grievance.

Ensures staff are suitable, trained, supervised and supported to work safely.

Recruitment files, Disclosure and Barring Service checks, induction records, training matrices, supervision records and appraisals.

Information governance

Data protection, confidentiality, records management, information security, subject access requests, retention and disposal.

Protects confidential information and supports lawful, accurate and secure record-keeping.

Privacy notices, access logs, breach records, retention schedules, staff training and information governance audits.

Complaints and feedback

Complaints policy, concerns procedure, compliments, service-user feedback, investigation and response process.

Shows that the provider listens, responds, learns and improves.

Complaint logs, response letters, investigation notes, feedback themes, action plans and evidence of change.

Quality improvement and learning

Incident learning, lessons learned, continuous improvement, audit action planning and reflective practice.

Turns problems, incidents and feedback into safer systems and better outcomes.

Learning logs, improvement plans, completed actions, team briefings, audit follow-ups and governance reports.

Service-specific policies

Dementia care, learning disability support, domiciliary care, supported living, clinical tasks, behaviour support, visiting or transport.

Ensures policies reflect the provider’s actual service model and risks.

Service-specific procedures, staff guidance, competency records, risk assessments and local implementation checks.

Conclusion

A strong list of health and social care policies and procedures is not about producing more paperwork. It is about creating a clear, usable framework that supports safe care, consistent practice, workforce accountability and evidence-ready governance.

Providers that keep their policy architecture focused, current and connected to training and assurance are usually in a stronger position than those relying on scattered templates, reactive updates or disconnected documents.

Strengthen your policy and compliance framework

The Mandatory Training Group supports regulated providers with policy, training and compliance resources. If you are reviewing your policy library, explore ComplyPlus™ policies and procedures, browse CPD-accredited online courses, and use our contact form to discuss your organisation’s needs.

List of Health and Social Care Policies and Procedures - ComplyPlus™ - The Mandatory Training Group UK -

Related Blogs

What is Good Governance in Health and Social Care?

What is Clinical Governance?

Differences Between Policies, Procedures, Protocols and Guidelines

Healthcare Policies and Procedures: ComplyPlus™

Adult Social Care Policies and Procedures: ComplyPlus™

List of Health and Social Care Policies and Procedures - ComplyPlus™ - The Mandatory Training Group UK -

Related Blogs

What is Good Governance in Health and Social Care?

What is Clinical Governance?

Differences Between Policies, Procedures, Protocols and Guidelines

Healthcare Policies and Procedures: ComplyPlus™

Adult Social Care Policies and Procedures: ComplyPlus™

About the author

Dr Richard Dune

Dr Richard Dune has over 25 years of experience across the National Health Service, private sector, academia, research, workforce development, governance and compliance. His work focuses on helping regulated organisations strengthen training, evidence readiness, digital compliance systems and safer practice across health and social care.

Dr Richard Dune blog on compliance and care leadership - ComplyPlus™ - The Mandatory Training Group UK -

List of Health and Social Care Policies and Procedures - ComplyPlus™ - The Mandatory Training Group UK -

Contact us

Complete the form below to start your ComplyPlusTM trial and

transform your regulatory compliance solutions.

 

Older Post Newer Post

0 comments

Leave a comment

Please note, comments must be approved before they are published