I've just finished some support for two companies who are tendering for work and some work repairing a 'health and safety policy' for another client.
The same erroneous questions come up, indicating that clients, and some health and safety consultants, sometimes don't have a clue:
Requirement 1: Are you accredited to ISO 9001?
The truthful answer which everyone should give is "No". What the client really means is
"Are you certified to ISO 9001?"
UKAS accredit certification bodies for different standards. The certification body then audits a company and, if all is well, certifies the company for whatever standard is appropriate. Look at your certificates; nowhere does it say that you are accredited.
See more about this in my blog on using non-UKAS certification bodies.
Requirement 2: How do you update your health and safety policy and how do you train employees on your health and safety policy?
This reflects a lack of understanding about what is meant by "policy". A health and safety policy is a short statement of intent and bullet points on what you will do. The HSE's template on this is a single page. Personally, I think that this is a bit short and policies I write are 2 to 4 pages long.
If you answer the question truthfully, you will say that you review your policy annually and update it if things change.
What the client is really asking is "How do your ensure that your health and safety system is up to date and addresses the issues at your company?"
And for that, you will need to say that you keep your register of legislation up to date, say by using external services like those provided by SSS, and you have a system for change management, so that when new equipment, processes or substances are introduced, the introduction is properly planned, assessments carried out and control measures put in place.
Example 3: Massive health and safety policy
This is really an extension of what I've said above. Not for the first time, I've been asked to rework a "health and safety policy" provided by a consultant. In this case it was 80 pages of close type. The client, unsurprisingly, found it unworkable.
Legally, there was nothing erroneous, but whoever wrote this had completely lost sight of how it was going to be implemented. What's more, it covered topics which were nothing to do with the client's operations. To me, that points to it being a standard document where word-search had been used to change the client name.
The new version covered the topics relevant to the client and was structured in a way that was focussed on implementation.