Checklist & Review Schedule
Your council must maintain an up-to-date set of core and recommended policies. Not all policies need reviewing at once — spreading reviews across the year ensures policies remain current without overwhelming meeting agendas. Councils must publish all statutory policies online; all others are recommended best practice.
Resources
A-Z Core Policies (statutory requirements)
-
Biodiversity Duty Policy
-
Code of Conduct
-
Complaints Policy
-
Data Protection Policy & Supporting Privacy Notices
-
Equality & Diversity Policy
-
Financial Regulations
-
Health & Safety Policy
-
IT Policy
-
Publication Scheme
-
Risk Management Policy & Risk Register
-
Standing Orders
The Risk Register & Risk Management
Councils must have a Risk Management Policy that sets out how risks are identified, assessed, monitored, and reported and a Risk Register that records the council’s key financial, operational, legal, and environmental risks. These documents form the policy framework that guides risk-related decision-making.
The Risk Management Policy explains:
-
who is responsible for managing risk
-
how risks are reviewed and reported
-
how controls and mitigations are identified
-
how the Risk Register is maintained
The Risk Register records:
-
the council’s significant risks
-
the likelihood and impact
-
controls in place
-
actions required and review dates
The operational work—such as inspections, reviews, and statutory checks—appears in the Risk & Statutory Checks section.
Resources
Health & Safety Policy
Councils must adopt a Health & Safety Policy that sets out their commitment to providing a safe environment for staff, contractors, volunteers, and the public. The policy explains the council’s responsibilities, how risks will be managed, and how compliance will be monitored. This is the governing document that underpins all H&S operations. Practical checks, inspections and statutory duties appear in the Risk & Statutory Checks section.
A Health & Safety Policy should cover:
-
roles and responsibilities (council, Clerk, staff, contractors)
-
the council’s approach to identifying and managing risks
-
how risk assessments will be carried out and reviewed
-
expectations for staff competence and training
-
how incidents, near misses and H&S concerns are reported
Resources
Data Protection & Privacy
A Data Protection Policy sets out how the council manages personal data. Privacy Notices explain to individuals how their data is used, who it is shared with, and how long it is kept. Councils need different Privacy Notices for:
-
Staff
-
Councillors
-
Residents / service users
-
Website visitors
-
Volunteers
A Privacy Notice must be given to data subjects and published online. A Privacy Policy is an internal governance document. Councils must have both.
Resources
FOI & Publication Scheme
Every council must adopt and publish a Publication Scheme setting out what information it makes routinely available. The Publication Scheme is a statutory requirement under the FOI Act 2000. It must be published on your website and updated when new information becomes routinely available.
Resources
Complaints vs Grievances
A Complaints Policy handles public complaints about council decision-making or conduct. Grievances and disciplinary matters relate to staff and must follow the NALC Model Contract and HR policies. Public complaints and staff HR matters require completely separate processes. Councils should never use the Complaints Policy for employment issues, or vice versa.
Resources
Equality & Diversity
Councils must comply with the Equality Act 2010 and ensure they do not discriminate in their decisions, employment practices, or service delivery. An Equality & Diversity Policy helps councillors and staff understand their legal responsibilities and demonstrates the council’s commitment to fairness and inclusion. Equality is a statutory requirement. Councils must consider the needs of people with protected characteristics in all decisions and show due regard through meeting conduct, communications, and staff management.
Resources