Psychosocial Risk Resource
ISO 45003 guidance for psychosocial risk
Understand how ISO 45003 extends ISO 45001 and complements WHS legal duties when managing psychosocial hazards. Last updated 2 October 2025.
Why this matters
Boards often ask whether ISO 45003 certification exists. It doesn't — the standard provides guidance only, but it can strengthen your WHS management system and due-diligence evidence. See BSI: ISO 45003 — your questions answered.
How we validate
This guide is mapped against ISO 45003:2021 clauses and Safe Work Australia's model Code so it aligns with regulator expectations.
Download the assessment template or see the four-step assessment.
Direct answer: what is ISO 45003?
ISO 45003 is an international guidance standard for managing psychosocial risk within an ISO 45001 occupational health and safety management system. It helps organisations identify, assess, control, and monitor psychological health and safety risks, but it does not create a standalone certification pathway and does not replace WHS legal duties.
How ISO 45003 fits beside WHS law
ISO 45003:2021 is guidance that supports organisations implementing ISO 45001. It offers direction on identifying, assessing, and controlling psychosocial risks but does not include requirements or create a certification pathway. See BSI and Standards Australia AS/NZS ISO 45003:2021.
- Legal duties remain: PCBUs must comply with WHS Acts, Regulations, and approved Codes such as those in WA, NSW, and QLD, regardless of ISO adoption.
- ISO 45001 linkage: ISO 45003 aligns with clauses on hazard identification (6.1), support (7), operation (8), and performance evaluation (9), helping integrate psychosocial elements into existing systems.
- Evidence boost: Mapping ISO activities to WHS duties strengthens due-diligence reporting to boards and regulators.
Where ISO 45003 helps most
- Building a psychosocial risk framework when your ISO 45001 system is mature but light on mental-health content.
- Embedding worker participation and consultation requirements into procedures and leadership behaviours.
- Documenting support resources (EAP, clinical support, peer programs) within your management system.
- Setting measurable objectives and KPIs beyond lag indicators.
Map ISO 45003 to the Echo assessment workflow
Clause 6 — Planning
Use the psychosocial risk assessment to document context, interested parties, and risk criteria. ISO 45003 emphasises considering the work environment, organisational culture, and specific worker characteristics.
Clause 8 — Operation
Controls should sit within operational procedures: roster design, workload management, training, emergency response, and recovery protocols. Echo's action tracking keeps Clause 8 documented with owners, timelines, and evidence.
Clause 9 — Performance evaluation
ISO 45003 expects monitoring of psychological-health indicators and worker feedback. Echo analytics, toolbox talk feedback, and health metrics feed the verification log in our template.
Clause 10 — Improvement
Capture incidents, nonconformities, and improvement opportunities. Use Echo's evidence pack to brief executives and close the loop with workers.
When ISO 45003 is not enough on its own
Because it is guidance only, ISO 45003 cannot replace jurisdictional requirements. Regulators expect compliance with WHS laws and approved Codes such as those in WA, NSW, and QLD. Use ISO 45003 to strengthen governance, but always map back to legal requirements captured in our compliance summary and the WA Code.
Implementation checklist
- Gap-assess your ISO 45001 documentation against ISO 45003 clauses.
- Update leadership, consultation, and support procedures with psychosocial specifics.
- Integrate psychosocial KPIs into performance reviews and board reporting.
- Ensure workers understand support services and escalation pathways.
- Link incident investigations to psychosocial root causes.
Resources to operationalise ISO 45003
- Psychosocial risk assessment — document hazards, controls, and verification aligned to ISO 45003 clauses 6–10.
- Jurisdiction compliance summary — cross-check ISO-driven processes against WA, NSW, and QLD legal duties.
- Sector playbooks — apply ISO guidance to real controls for mining, construction, and healthcare teams.
Frequently asked questions
Can we get certified to ISO 45003?
No. ISO 45003 is guidance only. Certification remains against ISO 45001, with psychosocial elements embedded into that system.
Do regulators expect ISO 45003 compliance?
Regulators expect compliance with WHS Acts, Regulations, and approved Codes. ISO 45003 provides recognised good practice to demonstrate due diligence but is not mandatory.
How does Echo support ISO 45003 implementation?
Echo maps worker voice data, actions, and verification logs to the four-step risk process and can tag evidence to ISO 45001/45003 clauses for audits.