Professional & Financial Services

Management consultancy: compliance checklist

Use this checklist to confirm your management consultancy, business advisory firm or head office (SIC division 70) meets its obligations. Work through each item and answer yes or no. If you answer no to any item, follow the linked guide before you proceed.

UK-wide
On this page
UK-wide

Related guides in Health & Safety

Use this checklist to confirm your management consultancy or head office meets its obligations. Work through each item and answer yes or no. If you answer no, follow the linked guide before you proceed.

Workplace health and safety is enforced by the Health and Safety Executive in Great Britain and by HSENI in Northern Ireland. PECR is enforced by the Information Commissioner's Office (ICO) UK-wide, with fines now aligned with UK GDPR levels.

Section 1 — Workplace and employment duties

These duties apply to every management consultancy and head office that employs people. Confirm each one.

  1. 1

    Have you written your risk assessments and put safe systems of work in place?

    Your general duty under the Health and Safety at Work etc. Act 1974 is to ensure, so far as is reasonably practicable, the health, safety and welfare of your people. Risk-assess display-screen equipment use, workstation ergonomics, stress and mental health, lone working and any client-site visits. If not, follow "Set up and run a safe management consultancy".

  2. 2

    Have you carried out your fire risk assessment?

    The responsible person must carry out a fire risk assessment and maintain fire-safety arrangements for your office premises under the fire-safety regime for your nation.

  3. 3

    Do you hold employers' liability insurance?

    Hold at least £5 million of cover once you employ anyone and display or make available the certificate.

  4. 4

    Do you meet your equality and data protection duties?

    Do not discriminate under the Equality Act 2010 (or separate NI equality law enforced by the ECNI); and comply with the UK GDPR and Data Protection Act 2018, registering with the ICO unless exempt.

Section 2 — PECR electronic-marketing duties

Complete this section if you market your services by email, text message or automated telephone calls.

  1. 1

    Do you have valid consent for your electronic marketing?

    You need prior consent for most electronic marketing to individual subscribers. The soft opt-in exception lets you email existing clients about similar services without consent, but only if all four conditions are met — including an easy opt-out in every message.

  2. 2

    Do you screen your telephone call lists against TPS and CTPS?

    Before making any live marketing calls, screen your call list against both the Telephone Preference Service (TPS) and Corporate TPS (CTPS) registers at least every 28 days. If you use automated calls, you need specific prior consent — general marketing consent is not enough.

If you answered no to anything

Work through the guide linked in that item. The spine guide sets out what to do for each duty. Start from the router if you are not sure which apply to you.

Official sources

Authoritative health and safety, data-protection and marketing guidance.