Health and Safety Online Training | Legally Compliant, Documented & Auditable

Most businesses shopping for health and safety online training are looking for the same things: a broad course library, a recognised logo, and a completion certificate they can show an auditor. Those things matter. But they are not, on their own, what the law requires — and the gap between a completed course and a legally defensible training record is exactly where employers get caught out.

This page explains what UK law actually demands, why online delivery can satisfy that demand, and how to build the documentation structure that closes the audit gap.

---

What Does UK Law Actually Require from Health and Safety Training? (Reg 13 Explained)

The statutory duty sits in Regulation 13 of the Management of Health and Safety at Work Regulations 1999. It contains three distinct obligations that most course catalogues quietly ignore.

Capability-matching. Reg 13(1) requires every employer, when entrusting tasks to employees, to take into account their capabilities as regards health and safety (reg 13(1)). This is not a box-tick; it is a judgement call. A generic induction module may satisfy part of the duty for a low-risk office role, but the same module alone will not satisfy it for a maintenance operative working at height. The training must match the person's role, competency level, and risk exposure — not just their employment status.

Trigger-based training. Reg 13(2) requires adequate training on recruitment and whenever an employee is exposed to new or increased risks — including a change of responsibilities, new or changed work equipment, new technology, or a new or changed system of work (reg 13(2)). That means an annual all-staff refresher, while useful, does not fulfil the duty if an employee was promoted, moved to a new site, or handed unfamiliar equipment six months ago.

Periodic refresh, working hours, and risk-adaptation. Reg 13(3) requires training to be repeated periodically where appropriate, adapted to account of any new or changed risks, and — critically — it must take place during working hours (reg 13(3)). Asking staff to complete modules in their own time does not satisfy this requirement.

What reg 13 does not specify: a fixed refresher interval. Phrases like "every 3 years" are good-practice guidance from industry bodies, not a statutory minimum. The legal test is whether the training remains adequate in light of current risks and any changes to the employee's role.

---

Why Online Delivery Satisfies the Legal Standard — and Where It Falls Short Without Documentation

The law is format-neutral. Reg 13 sets an adequacy standard and a capability-matching requirement; it does not prescribe classroom delivery, an approved provider, or a minimum contact time. An online module that accurately covers the relevant hazards for a specific role, delivered during working hours and assessed for understanding, can satisfy reg 13 just as a classroom course can.

Where online training routinely fails is not in delivery — it is in documentation. Employers can demonstrate a certificate was issued; they cannot always demonstrate that the right person completed the right content for the right role, that their prior competency was considered, or that refresh triggers have been tracked. That is the audit gap.

The solution is not a better course. It is a documentation platform that links each training record to the employee's role, their identified risk exposure, and the date the next review is due.

---

Core Topics a Compliant Health and Safety Online Training Programme Must Cover

No single regulation mandates a fixed list of topics, but the capability-matching duty in reg 13(1) means your programme must cover the hazards each role is actually exposed to. As a baseline, a core programme for most UK workplaces should address:

Topic	Why It Belongs
Health and safety law fundamentals	Employees need to understand their own duties
Risk assessment principles	Underpins reg 13's capability requirement
Manual handling	Persistent high-frequency injury category
Fire safety and emergency procedures	Site-specific element must supplement online module
Display screen equipment (DSE)	Relevant for any screen-based role
Slip, trip and fall prevention	Leading cause of workplace injury across sectors
Stress, mental health and wellbeing	Increasing regulatory and insurer scrutiny
Accident reporting and near-miss procedures	Evidence of a functioning safety culture
Role-specific hazards	Determined by the reg 13 Training Needs Matrix — see below

A programme that stops at the first eight columns without completing the ninth has delivered training. It has not satisfied reg 13(1).

---

How to Map Training to Roles and Risk: The Reg 13 Training Needs Matrix

This is the unique asset competitors do not provide. Download and adapt the template below to map every employee's training assignment to the specific obligations in reg 13.

Reg 13 Training Needs Matrix — Template

Employee Name	Job Role	Identified Risk Exposure	Training Topic Assigned	Delivery Format	Date Completed	Renewal Due	Competency Sign-Off	Notes
[Name]	[Role title]	[Risk category: e.g. manual handling / DSE / working at height]	[Module title + version]	Online / Blended / Classroom	[DD/MM/YYYY]	[DD/MM/YYYY]	[Line manager initials + date]	[Trigger: new starter / role change / new equipment / periodic review]

Column guidance:

• Identified Risk Exposure — drawn from the role's risk assessment, not assumed from job title alone.
• Delivery Format — note if an online module is supplemented by a practical sign-off; this is the blended approach reg 13(1) often requires for higher-risk roles.
• Renewal Due — set based on risk level and any known forthcoming changes; do not default to a fixed interval without reviewing the role's risk profile.
• Competency Sign-Off — the field that distinguishes a documented capability assessment from a course completion. A line manager or supervisor confirms the individual can apply the training to their actual tasks.
• Notes/Trigger — recording why training was assigned at this point is the evidence that you responded to the reg 13(2) triggers, not just ran a calendar refresh.

To use this template: copy the matrix into your HR or H&S management system, or request the Ramsdocs-formatted version from your account manager. Every completed row becomes a row in your audit trail.

---

Worked Example: Three Roles, One Platform, One Audit Trail

Scenario: Brightfield Facilities Management — 12 employees, three new starters onboarded in the same week.

Brightfield uses an online training platform linked to Ramsdocs for documentation. Three new starters join on the same date: Anita (office administrator), Dev (maintenance operative), and Rosa (warehouse picker). All three trigger reg 13(2)(a) — training on recruitment.

The HR manager does not assign the same programme to all three. Instead, she runs the Reg 13 Training Needs Matrix for each role.

Anita — Office Administrator

• Risk exposure: DSE, stress, fire evacuation, slips and trips.
• Assigned modules: H&S law fundamentals, DSE assessment, fire safety awareness, mental health awareness.
• Delivery: fully online, completed during induction week (working hours — reg 13(3)(c) satisfied).
• Competency sign-off: line manager confirms Anita has completed her own DSE self-assessment for her workstation.
• Renewal trigger: set to review if role changes or new equipment introduced (reg 13(2)(b)(ii)).

Dev — Maintenance Operative

• Risk exposure: working at height, manual handling, electrical awareness, lone working.
• Assigned modules: H&S law fundamentals, manual handling, working at height awareness, electrical safety awareness.
• Delivery: online modules + practical sign-off by supervisor for ladder use and lone-working protocol.
• Competency sign-off: supervisor witnesses and signs off practical ladder check before Dev works unsupervised.
• Matrix note: the online module alone does not satisfy reg 13(1) for working at height — the blended approach is recorded explicitly.

Rosa — Warehouse Picker

• Risk exposure: manual handling, forklift awareness (pedestrian), fire evacuation, slips and trips.
• Assigned modules: H&S law fundamentals, manual handling, pedestrian safety in vehicle operating areas, fire safety awareness.
• Delivery: online modules + site induction walk completed with warehouse manager.
• Competency sign-off: warehouse manager signs off site induction checklist, stored against Rosa's record.

All three records are stored in Ramsdocs with: module title and version number, completion date, competency sign-off, and next review date. When an HSE inspector or insurer asks for training evidence, the HR manager exports a single report showing not just that training happened, but that it was matched to each individual's role and risk exposure — which is what reg 13(1) requires.

---

What 'Accredited' Really Means — and How to Evaluate Provider Credentials Without Being Misled by Logos

Accreditation is not a legal requirement. Reg 13 requires training to be adequate — it does not require it to carry a specific badge. Schemes run by organisations such as IOSH, RoSPA, NEBOSH, and the CPD Certification Service are industry quality marks, not statutory approvals. A course carrying none of those logos can still satisfy reg 13; a course carrying all of them can still fail to if it is not matched to the employee's role and risk exposure.

That said, accreditation is a reasonable quality signal. When evaluating a provider, ask:

• Does the content reflect current UK legislation? Ask for the last content review date and the regulatory basis for each module.
• Is assessment meaningful? A pass/fail quiz at the end of a module does not constitute a capability assessment under reg 13(1), but it is better than no assessment. Look for scenario-based questions that test application, not just recall.
• Can you export records in an auditable format? Completion data locked inside a provider's portal is not accessible when you need it. You need exportable records you can store against each employee's file.
• Does the provider update content when legislation changes? If they cannot tell you how quickly modules are revised after a regulatory change, that is a risk to your reg 13(3)(b) obligation to adapt training to new or changed risks.
• Is SCORM or API integration available? If you run an LMS or H&S management platform, seamless record transfer removes the manual re-entry risk.

---

Storing and Evidencing Completion: The Audit-Trail Gap Most Employers Miss

A certificate of completion is the starting point, not the finish line. The following checklist covers what a defensible training record actually requires.

Training Evidence Checklist

• Completion certificate stored against the individual employee record (not in a shared folder or the provider's portal alone)
• Module title and version number recorded — if content is updated and a re-take is required, you need to know which version each employee completed
• Date completed and time spent — evidences that training took place during working hours (reg 13(3)(c))
• Assessment result — score and pass threshold, retained with the record
• Line manager or assessor sign-off — confirms capability was assessed, not just content consumed; this is the field that addresses reg 13(1)
• Training trigger recorded — new starter, role change, new equipment, periodic review, or risk change (maps to reg 13(2) triggers)
• Next review date logged — with automated reminder if your platform supports it
• Accessible audit trail — records retrievable within a defined timeframe for HSE or insurer inspection without manual reconstruction

If any of these fields are missing, your training programme may be delivering value to employees but it is not building the evidence base that reg 13 demands.

---

How Ramsdocs Integrates Online Training Records into Your Wider H&S Documentation

Ramsdocs is a documentation platform, not a course library. That distinction matters. Where a standalone training provider gives you completion data, Ramsdocs links that data to the broader H&S record for each employee and site: their risk assessments, their method statements, their induction records, and their RAMS sign-offs.

The practical result is that when a role changes — triggering reg 13(2)(b)(i) — the platform flags that a new training needs review is due before the employee is assigned to revised tasks. When an HSE inspector arrives or an insurer requests evidence, a single report covers not just training completion but the capability-matching logic behind each assignment.

Ramsdocs does not replace a competent person reviewing and approving training decisions. It ensures that the records those decisions produce are stored, structured, and retrievable.

---

Frequently Asked Questions

Is online health and safety training legally recognised in the UK? The law does not specify a delivery format. Reg 13 requires training to be adequate and to take into account employee capabilities — online delivery can satisfy both conditions provided the content is appropriate to the role, assessment is meaningful, and training takes place during working hours.

What health and safety training are employers legally required to provide? Reg 13(2) requires adequate training on recruitment and whenever employees are exposed to new or increased risks — including a change of responsibilities, new or changed work equipment, new technology, or a changed system of work. The specific topics depend on the hazards relevant to each role.

How does online H&S training help meet obligations under reg 13? It provides a scalable, consistent delivery mechanism for the content obligation. The capability-matching and documentation obligations still require a structured training needs matrix, a competency sign-off process, and an auditable record system.

How do you choose an accredited health and safety online training provider? Check that content is current, assessment is scenario-based, records are exportable, and the provider has a process for updating modules when legislation changes. Accreditation logos from industry bodies are a useful quality signal but are not a legal requirement for reg 13 compliance.

How can employers track and evidence completion of online H&S training? Store completion certificates against individual employee records with module version, assessment result, line-manager sign-off, training trigger, and next review date. Records should be retrievable for HSE or insurer inspection without manual reconstruction.

How often should health and safety training be refreshed or renewed? Reg 13(3)(a) requires training to be repeated periodically where appropriate. There is no statutory fixed interval. Good-practice guidance from industry bodies suggests intervals based on risk level; what matters legally is that training remains adequate in light of current risks and any changes to the employee's role or work environment.

Does training have to happen during working hours? Yes. Reg 13(3)(c) explicitly requires training to take place during working hours. Asking employees to complete online modules in their own time does not satisfy this requirement.

---

The Reg 13 Training Needs Matrix, Training Evidence Checklist, and worked scenario on this page are starting-point tools. They must be reviewed and adapted to your specific workplace, workforce, and risk profile by a competent person before use. Nothing on this page constitutes legal advice or guarantees regulatory compliance. Ramsdocs documentation is designed to support — not replace — site-specific review by a qualified H&S practitioner.