A policy is a broad principle which aligns with your organisation's purpose and strategic direction. It describes your legal and moral commitment. A policy can often easily be stated on one side of a sheet of paper. It’s not about details. Just search online for ‘health and safety policy’ to get examples from other organisations. Your policy must be in writing.
In fact, regardless of whether you are aiming for ISO 45001 certification or not, UK law says that every business must have a policy for managing health and safety. If you have five or more employees, it has to be in writing. Clause 5.2 of ISO 45001 details how the policy statement should be set out.
As described in supporting ISO documentation; a procedure is a ‘specified way to carry out an activity or a process’ and a process is a ‘set of interrelated or interacting activities which transforms inputs into outputs’.
It could be said that a process is what happens, procedures describe how it happens.
A work instruction is more detailed still and dictates exactly how a certain task should be performed.
It’s worth mentioning the term 'process approach' here. It’s regarded as one of the pillars of management systems. It’s a way of managing your activities as a system of processes, rather than as people, products and departments. It means you take a holistic view, rather than taking a ‘silo mentality’. A process approach involves establishing effective and efficient processes that are consistently followed and improved upon. It’s the basis for most management standards.
There is no one size fits all for processes and procedures. These should be bespoke to each individual organisation based on context, scope and size.