Guide

A lone working policy
people actually follow

The sections every UK lone working policy needs, the clauses auditors look for, and the habits that keep it off the shelf and in daily use.

What a policy is for

The risk assessment decides what protects lone workers; the policy is the promise about how the organisation behaves — who is covered, what workers must do, what managers must do, and what happens when something goes wrong. Auditors, commissioners and insurers ask for it by name, and in sectors like care and housing it's routinely a contract condition.

A good one fits in a few pages. The failure mode isn't brevity — it's vagueness: policies that say 'staff should take reasonable precautions' without ever defining a check-in interval or naming who answers an alarm at 2am.

The sections that must exist

Scope and definitions: who counts as a lone worker here, including part-time patterns like early openers and late finishers. Responsibilities: what the employer provides (assessment, equipment, training, monitoring), what workers must do (use the system, check in, report near-misses), and what managers own (responding, reviewing, enforcing).

Working arrangements: the check-in regime by risk level, the tasks banned from lone working, dynamic risk assessment on arrival, and communication requirements — including what happens in signal blackspots. Emergency procedures: exactly what a worker does in trouble, and exactly what the organisation does when an alarm fires or a check-in is missed, with named roles and time limits rather than good intentions.

The escalation clause — where policies pass or fail

Write the escalation path as a numbered sequence with timings: missed check-in → automated prompt within X minutes → buddy contact attempt → supervisor → incident response / emergency services, each step time-boxed and logged. If your lone-worker platform automates this, the policy should say so and name it — 'escalation is managed and evidenced through Vygard' is a sentence auditors like, because the audit trail exists without anyone compiling it.

Training, culture and review

Commit in the policy to induction training, periodic refreshers and a quarterly escalation test — a fire drill for lone working. Ban the workarounds explicitly: no self-authorised skipping of check-ins, no 'I texted my partner instead'. And schedule review annually or after any incident, with the system's own data — missed check-ins, alarm activations, response times — as an input.

Culture is the multiplier. If checking in is treated as surveillance, workers will resent it; if it's framed and used as the organisation having your back at 6am on a remote site, they'll defend it. The policy sets that tone.

Frequently asked questions

Is a lone working policy legally required in the UK?
Not by name — but the duty to assess and control lone-working risk is legal, and a written policy is the accepted way to demonstrate it. Many contracts and frameworks require one explicitly.
How long should a lone working policy be?
Typically three to six pages. Long enough to define scope, responsibilities, check-in rules and escalation precisely; short enough that workers actually read it at induction.
How does a lone-worker app fit into the policy?
Name the system, state that its use is mandatory for defined roles, and reference its check-in and escalation configuration as the operational detail. The policy states the rules; the platform enforces and evidences them.

Last updated 2026-07-17

Ready to see it on your data?

Self-serve the live demo or book a 30-minute call with our team.