Skip to content
PolicyBoard
← All posts

Policy Review Template: UK Framework and Checklist

Published 10 June 2026

A compliance lead at a small housing association pulls up the fire safety policy two weeks before an audit. It was "reviewed" in 2023 — there is a date in the footer. But there is no record of what was checked, who approved it, or whether anything actually changed. The audit asks for evidence of review. A date in a footer is not evidence.

A policy review template fixes that. It turns "we looked at it" into a documented, repeatable process: what the reviewer checked, what changed, who approved it, and when the next review is due. This guide gives you a reusable framework you can apply to any policy, in any sector — schools, GP practices, housing associations, councils, or charities — plus the specific things each review must confirm and the review cycles UK regulators expect.

What a Policy Review Template Actually Needs to Capture

A useful policy review template is not a form you fill in once. It is a record that proves the review happened and shows what it found. At a minimum it should capture:

  • Policy name and reference — the exact title and any internal reference number, so the review maps to a specific document in your register.
  • Version reviewed — which version you checked, so the audit trail links the review to the actual text.
  • Review date and reviewer — who did the review and when.
  • Statutory or regulatory basis — the legislation, regulation, or guidance the policy exists to satisfy (e.g. a CQC regulation, an Education Act section, a Health and Safety requirement).
  • What was checked — a short checklist confirming the policy is still accurate, legally current, and reflects actual practice.
  • Changes made — what was amended, or an explicit "no changes required" with a reason.
  • Approval — who approved the reviewed version and at what governance level (board, governing body, committee, or manager).
  • Next review date — driven by the policy's review cycle, not a guess.

The difference between a real review and a footer date is the middle three rows: what was checked, what changed, and who approved it. Those are the rows an inspector or auditor reads.

The Three Questions Every Policy Review Must Answer

Most policy reviews fail not because the reviewer is careless but because "review this policy" is too vague. Break it into three concrete questions:

1. Is it still legally accurate?

Has the underlying law, regulation, or guidance changed since the last review? This is where most policies decay silently. Legislation gets amended, guidance gets reissued, and regulators update their frameworks — but the policy sits unchanged because nobody mapped it to its source.

A worked example of how fast this moves: in March 2024 the DfE withdrew its standalone "Statutory Policies for Schools and Academy Trusts" publication and folded its content into the governance guides. A school whose policy review process pointed only at the old publication would have been checking against withdrawn guidance. Mapping each policy to its current source — and re-checking that source at review time — is the single most valuable habit a review process can build in.

2. Does it match what you actually do?

Inspectors weight policy-to-practice alignment heavily. A policy that describes a process nobody follows is worse than no policy, because it documents a gap. The review must confirm the written policy reflects current practice — and where practice has drifted, decide whether to fix the practice or update the policy.

3. Is it owned, dated, and findable?

Who owns the policy? When was it last approved, and by whom? Can a member of staff find the current version in under a minute? A policy that exists but cannot be located is functionally missing at the moment it matters.

A Reusable Policy Review Checklist

Use this as the body of your review template. Run every policy through it:

  1. Confirm the source. Identify the legislation, regulation, or guidance the policy satisfies. Check whether that source has changed since the last review.
  2. Check currency. Are all dates, named roles, contact details, and references still correct? Are any cited documents withdrawn or superseded?
  3. Check accuracy against practice. Does the policy describe what your organisation actually does? Interview the process owner if you are unsure.
  4. Check scope and completeness. Does it still cover everyone and everything it should? Have new activities, sites, or staff groups appeared that it does not address?
  5. Check readability. Can the people who must follow it understand it? A policy nobody reads is not a control.
  6. Record the outcome. Note changes made (or "no changes required"), the version number, and the reviewer.
  7. Route for approval. Send to the correct governance layer. Record who approved it and when.
  8. Set the next review date. Based on the policy's review cycle, not the calendar default.

A 40-policy register run through this checklist annually is a working compliance system. Run through it once and forgotten is theatre.

How Often to Review: What UK Regulators Expect

Review frequency is not one-size-fits-all. It depends on the sector and the specific policy. The most common cycles across UK regulated organisations:

  • Health and social care (CQC-regulated). CQC Regulation 17 (Good Governance) requires providers to "assess, monitor and improve the quality and safety of the services" and to "maintain securely an accurate, complete and contemporaneous record" of their governance. Outdated policies are routinely cited in inspection reports as evidence of a governance failing, so most providers review core policies at least annually and immediately when guidance changes.
  • Schools (Ofsted / DfE). The DfE governance guides recommend that governing bodies review statutory policies annually, with one notable exception: governing bodies "must also: agree on one or more equality objectives every 4 years, which must then be published." Safeguarding policies aligned to Keeping Children Safe in Education need annual review at minimum, and immediate review whenever KCSIE is reissued.
  • Charities. There is no fixed statutory review cycle for most charity policies, but regular review is widely treated as good governance. Time policy reviews to the trustee meeting cycle so changes are formally approved and minuted.
  • Housing associations and councils. Review cycles are usually set by the organisation's own governance framework and the relevant regulatory standards rather than a single statutory cadence — annual review of core compliance policies is the common baseline.

The practical rule that holds across every sector: a regulatory change is an immediate review trigger, not a "wait for the annual cycle" event. For a fuller multi-regulator breakdown of review frequencies, see our guide on how often UK policies should be reviewed.

Turning the Template Into a Schedule

A review template tells you how to review one policy. The harder problem is keeping forty review dates from slipping. A register with mixed review cycles produces dozens of due dates a year, and they do not arrive conveniently spaced.

Two things make this manageable:

  1. A single register that lists every policy, its source, owner, last-reviewed date, review cycle, and next-review date in one place. If you do not have one yet, our plain-English guide to policy management explains how the register sits at the centre of the whole process.
  2. A schedule built from the register, with reminders that fire well before each deadline — not on the day it is already overdue. The free Policy Review Schedule Generator takes your policies and last-reviewed dates and produces a colour-coded review schedule you can export to a calendar, so the next-review dates from your template stop living only in a spreadsheet nobody opens.

The template is the quality control for each review. The schedule is what makes sure the reviews actually happen. You need both. For context on where the review stage fits across the full policy journey — from drafting through approval, distribution, and eventual retirement — see the policy lifecycle management guide.

Frequently Asked Questions

What should a policy review include?

A policy review should confirm the policy is still legally accurate, matches actual practice, covers everyone and everything it should, and is owned and findable. It should record what was checked, what changed (or that no changes were needed), who approved the reviewed version, and when the next review is due.

How do you review a policy?

Map the policy to its legal or regulatory source and check whether that source has changed. Confirm the policy still reflects what your organisation actually does. Check dates, named roles, and references are current. Record the outcome, route it to the right governance layer for approval, and set the next review date based on the policy's review cycle.

How often should policies be reviewed?

It depends on the sector and the policy. Many UK regulated organisations review core compliance policies at least annually. Schools review statutory policies annually (equality objectives every four years). Any regulatory or legislative change should trigger an immediate review regardless of the scheduled cycle.

What is the difference between a policy review and a policy rewrite?

A review checks whether a policy is still fit for purpose and records the outcome — it may conclude that no changes are needed. A rewrite is what you do when the review finds the policy is out of date, inaccurate, or no longer matches practice. Most reviews should result in either confirmation or targeted amendments, not a full rewrite.

Who should approve a reviewed policy?

It depends on the policy and your governance structure. Safeguarding, finance, and major compliance policies typically need board, trustee, or governing-body approval. Operational policies can often be approved at committee or management level. Record the approver and the approval date in the review template so the audit trail is complete.

Sources

  • Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, Regulation 17
  • DfE: Maintained Schools Governance Guide
  • DfE: Keeping Children Safe in Education
  • Charity Governance Code

This guide is designed for UK compliance leads, governance officers, school business managers, and practice managers who need a repeatable way to review their policies. It is general guidance based on published regulations and DfE guidance — verify against the current rules for your sector and your own governance framework before relying on any review cycle. It is not legal advice.

Stop tracking policy reviews in spreadsheets

PolicyBoard automates review reminders, approval workflows, and compliance dashboards for UK regulated organisations.

No spam. Unsubscribe any time. Privacy policy

Related articles

Policy Tracking Software: What UK Compliance Teams Need

What to look for in policy tracking software as a small UK regulated organisation — the features that matter, and the enterprise extras you can safely skip.

Statutory Policies for Schools: UK Guide for 2026

What policies UK schools must have by law, what must be on the website, and how to keep them current — practical guidance for school business managers, MAT clerks, and governors.

Document Controlling: UK Compliance Officer's Guide

Document controlling for UK compliance officers — what it means, why it matters in regulated organisations, and how to do it without ISO certification.