A Simple Guide to PoSH Compliance for First-Time Employers

We get this question asked a lot, especially when a company has not been briefed by their current POSH Advisors, or if they are doing this compliance for the first time. This confusion and ambiguity also leads to a lot of delay in making the decisions and at times, even making the right decisions, the timely as well as the qualitative one. 

If you are setting up PoSH compliance for the first time, feeling unsure is more common than most organisations admit. Founders and HR leaders often know that compliance is mandatory, but not what actually needs to be done, in what order, or to what level of detail.

This guide is meant to help you start—calmly, correctly, and without overcomplicating the process.

Where Do We Even Start?

Understanding What PoSH Compliance Really Involves

PoSH compliance is not a document, a training session, or a one-time exercise. It is a system that ensures your organisation is prepared to prevent, receive, and address complaints of sexual harassment in a fair and lawful manner.

It exists so that if a concern arises, the organisation is not reacting in panic, but responding with structure and clarity.

For organisations starting out, this usually means:

• Treating PoSH as a readiness exercise, not a reaction to an incident
• Thinking in terms of systems rather than isolated tasks
• Assigning clear internal ownership for implementation

Putting a PoSH Policy in Place

The PoSH policy is often the first place an employee looks when they feel unsure about what behaviour is acceptable or how they can seek support. It sets expectations and explains how the organisation will handle concerns.

A policy that is unclear, inaccessible, or never circulated does little to build trust.

For first-time compliance, this typically involves:

• Starting with a legally compliant model policy
• Getting it approved internally
• Circulating it to all employees through email or internal communication
• Making it accessible on an HRMS, intranet, or shared portal

We have written in detail about writing that POSH policy for the first time here. 

Constituting the Internal Committee (IC)

Once an organisation has ten or more employees, constituting an Internal Committee is a legal requirement. The IC is the body empowered to receive complaints and conduct enquiries under the law.

Even well-intentioned organisations cannot lawfully address a complaint without a properly constituted IC.

In practical terms, this means:

• Appointing a woman Presiding Officer in a senior role
• Including members committed to the cause of women
• Appointing one External Member with relevant expertise
• Issuing formal appointment letters or a board resolution
• Sharing IC member details internally so employees know whom to approach

Read in detail here as we share best practices for first time IC constitution. 

Orienting and Training the Internal Committee

Being part of an Internal Committee is not intuitive. IC members are required to follow specific timelines, maintain confidentiality, document proceedings correctly, and ensure fairness to all parties involved.

Without training, even experienced professionals can unintentionally make procedural errors.

At a minimum, organisations should:

• Conduct an IC orientation soon after constitution
• Ensure members understand enquiry flow and role boundaries
• Cover both legal obligations and behavioural sensitivities
• Refresh training periodically or when committee members change

Creating Employee Awareness

A PoSH system is only effective if employees understand how it works. Awareness ensures that employees know what constitutes sexual harassment, what does not, and how to raise a concern safely.

The intent is to create clarity, not fear.

Most organisations begin by:

• Conducting at least one awareness session annually
• Explaining reporting channels and the role of the IC
• Reinforcing confidentiality and non-retaliation
• Using simple, accessible language rather than legal terms

Setting Up Documentation and Record-Keeping

PoSH compliance is documentation-driven. Even in the absence of complaints, organisations must be able to demonstrate preparedness and due process.

Well-maintained records protect the organisation as well as the individuals involved.

This generally includes:

• Deciding how complaints will be received and recorded
• Ensuring records are stored securely with restricted access
• Avoiding shared or unsecured folders for sensitive information
• Maintaining records of trainings, appointments, and communications

Planning for Annual Compliance

PoSH compliance does not end once systems are set up. Every year, organisations are required to review their Internal Committee, conduct awareness activities, and submit an Annual Compliance Report to the relevant authority.

This is often where organisations realise that compliance is ongoing.

To stay on track:

• Track trainings and IC activities through the year
• Review IC composition annually
• Prepare in advance for annual reporting requirements
• Ensure disclosures are complete, not merely submitted

A Closing Thought

If this is your first year of PoSH compliance, you are not expected to have everything perfectly in place. What matters is that you begin with the right intent and build the fundamentals correctly.

A compliant organisation is not one that never faces a complaint—but one that knows exactly how to respond if it does.

Starting early, asking questions, and setting up the right systems is often the most responsible first step.