What Is ISO 45003?

The international standard for managing psychosocial risks.

Natalie Rouillon
Psychosocial Hazards & Safety
8 min read
What Is ISO 45003?

Share Resource

TL;DR

  • ISO 45003:2021 is the international standard for managing psychosocial risks as part of a workplace health and safety system
  • It is a guidance standard — following it is voluntary, but the legal obligation to manage psychosocial hazards under Australian WHS law is not
  • It extends ISO 45001 (the parent OH&S standard) specifically into psychological health and safety
  • It applies to every organisation size and sector, including small businesses
  • In Australia it is adopted as AS/NZS ISO 45003:2021 through Standards Australia

What Is ISO 45003?

ISO 45003:2021 is the world's first international standard dedicated to psychological health and safety at work. Published by the International Organisation for Standardisation (ISO) on 8 June 2021, it gives organisations a structured method for identifying, assessing, and managing psychosocial risks within their health and safety system.

Its full title is ISO 45003:2021 Occupational Health and Safety Management — Psychological Health and Safety at Work — Guidelines for Managing Psychosocial Risks. In Australia it is adopted as AS/NZS ISO 45003:2021 through Standards Australia.

The standard's core premise is simple: psychological harm caused by work conditions is just as real, and just as preventable, as physical injury.

How Is ISO 45003 Different From ISO 45001?

ISO 45003 is a companion to ISO 45001:2018, not a replacement for it. ISO 45001 sets the general requirements for an Occupational Health and Safety Management System (OH&SMS). ISO 45003 extends that system specifically into the psychological domain.

Feature ISO 45001:2018 ISO 45003:2021
Focus Occupational health and safety broadly Psychological health and safety specifically
Type Requirements standard Guidance standard
Certifiable? Yes No
Covers psychosocial hazards? Partially Yes — primary purpose

An organisation does not need to be ISO 45001-certified to benefit from ISO 45003.

Is ISO 45003 Mandatory in Australia?

ISO 45003 itself is not legally mandatory. It is a guidance standard with no official audit or regulatory penalty attached to it.

What is mandatory is managing psychosocial hazards under Australian WHS legislation. Every state and territory now requires PCBUs (Persons Conducting a Business or Undertaking) to identify, assess, and control psychosocial hazards using the same risk management process applied to physical hazards. Safe Work Australia's model Code of Practice on psychosocial hazards underpins most of this.

ISO 45003 does not replace that obligation. It provides the internationally recognised framework that helps organisations meet it, and demonstrates due diligence if a claim is ever made.

The practical answer: following ISO 45003 is voluntary. Following the law it helps you meet is not.

For a state-by-state breakdown, see Foremind's guide to psychosocial hazards legislation by state.

What Psychosocial Hazards Does ISO 45003 Cover?

ISO 45003 organises psychosocial hazards into three categories.

How work is organised

Excessive workload, unclear role expectations, conflicting demands, low job control, and underuse of skills. These are some of the most common sources of psychological harm in Australian workplaces, and they are typically the result of management decisions rather than individual behaviour.

Social factors at work

Bullying, harassment, discrimination, poor leadership support, and lack of recognition. For a closer look at one of the most prevalent hazards in this category, see Foremind's article on psychosocial hazards and bullying.

The work environment and hazardous tasks

Exposure to traumatic events or material, violence and aggression, remote or isolated work, and unsafe physical conditions that compound psychological stress.

ISO 45003 is explicit that these categories interact. A worker facing high job demands without management support faces compounding risk greater than either hazard alone.

Who Does ISO 45003 Apply To?

ISO 45003 applies to organisations of all sizes and in all sectors. The standard is written to be proportionate — a small business does not need a complex management system to apply it.

The roles that benefit most include WHS managers, People and Culture leads, HR teams, front-line managers, and business owners. ISO 45003 frames psychosocial risk management as a leadership responsibility, not a compliance function pushed to HR.

For small businesses, a practical starting point is a psychosocial risk assessment, a clear process for workers to raise concerns, and a regular review cycle.

How Does ISO 45003 Connect to Australian WHS Law?

Australian WHS legislation sets the legal floor. ISO 45003 provides the method for meeting it.

The Work Health and Safety Acts across most states and territories, supported by Safe Work Australia's Codes of Practice, define what employers must do. ISO 45003 reflects international best practice for how to do it systematically. Organisations that apply the standard's framework are better placed to demonstrate reasonable, documented action — which is what regulators and courts look for when a psychological injury claim is made.

Understanding employer duty of care obligations is the essential starting point before working through ISO 45003 implementation.

What Does ISO 45003 Require From Leaders?

Leadership commitment is not optional under ISO 45003. The standard is specific about what this means in practice.

Senior leaders must visibly engage with psychosocial risk, not just delegate it. They must protect workers from reprisals for raising concerns, provide the resources needed to manage risk, and communicate clearly how people who report hazards will be protected. Anonymous reporting and clear confidentiality commitments are practical mechanisms for meeting these requirements.

The standard is direct on one point: organisations where workers do not feel safe raising concerns will accumulate unaddressed hazards over time. Silence increases risk.

Leaders managing high-demand teams may find Foremind's guide to managing your team's mental health a useful companion resource.

How Do You Implement ISO 45003?

ISO 45003 follows the Plan-Do-Check-Act (PDCA) cycle used across all ISO management system standards.

Understand the context

Before identifying hazards, map the internal and external factors shaping psychosocial risk in your organisation: work contract types, workforce demographics, leadership structures, existing OH&S systems, and relevant industry pressures.

Identify psychosocial hazards

Conduct a systematic hazard identification process across all three ISO 45003 hazard categories. Worker consultation is essential here — workers have direct experience of the hazards they face. Tools such as psychosocial hazard surveys and anonymous incident reporting support this step.

Assess and control the risks

For each identified hazard, assess the likelihood and severity of harm, then implement controls in order of effectiveness. Prioritise eliminating or redesigning the hazard over individual-level responses. Poor role clarity is best fixed by redesigning roles, not by sending workers to resilience training.

Monitor, consult, and improve

Establish qualitative and quantitative measures to check whether controls are working. Review the process regularly, particularly after organisational changes or incidents. Worker participation continues throughout — not just during the initial identification phase.

What Are the Three Levels of Intervention?

ISO 45003 uses a three-level intervention model that helps organisations build layered controls rather than relying on a single response.

Primary: prevent the hazard

Organisational-level controls that eliminate or reduce psychosocial hazards at the source. Redesigning workloads, clarifying roles, improving management capability, and improving how change is communicated are all primary interventions. This is where the most durable risk reduction happens.

Secondary: build capability

Training managers to recognise early signs of distress, running psychosocial hazard awareness programs, and providing wellbeing support tools. Secondary interventions reduce the probability and severity of harm when hazards cannot be fully eliminated.

Tertiary: respond to harm

Support for workers after harm has occurred. An Employee Assistance Program, return-to-work programs, and critical incident response are all tertiary interventions.

ISO 45003 is clear that all three levels are necessary. Organisations that offer counselling without addressing the hazards driving people to use it are not managing psychosocial risk — they are managing the consequences of not managing it.

How Do You Measure Effectiveness?

ISO 45003 requires monitoring and measurement approaches to be developed in consultation with workers and to include both qualitative and quantitative indicators.

Useful quantitative measures include absenteeism rates, psychological injury compensation claims, EAP utilisation, and recurring psychosocial hazard survey results. Foremind's guide to employee absenteeism statistics provides useful context for benchmarking.

Qualitative measures include themes from anonymous incident reports, consultation session outcomes, and manager observations about team dynamics. Results must feed back into the planning phase — measurement is not a reporting exercise, it is an improvement input.

What Are the Benefits of Implementing ISO 45003?

Psychological injury compensation claims in Australia cost approximately two and a half times more than physical injury claims and involve significantly more time off work. Preventing even one serious claim more than offsets the investment in systematic psychosocial risk management.

Beyond compliance, organisations applying ISO 45003 consistently tend to see lower turnover, stronger engagement, and greater resilience during periods of change. The cost of poor mental health in the workplace extends well beyond compensation into productivity loss and reputational damage that are harder to quantify but equally real.

ISO 45003 also gives WHS managers, HR leads, and leadership teams a shared language for conversations about psychosocial risk — one that does not depend on any individual's interpretation of what counts as a hazard.

Foremind is an Australian platform built to help organisations manage psychosocial hazards and provide mental health support in one integrated system. To see how it works, visit the Foremind homepage.

Joel's image

Hello 👋 I’m Joel the founder of Foremind.
Are you ready for simplified support & compliance?

Book a demo

Latest insights

See all posts

Answers to the frequently asked questions.

Email us at enquiries@foremind.com.au and we'll get back to you  quickly with a response

Yes, we have culturally competent counsellors available, including those able to work with first nation and CALD employees.

Onshore on secure AWS Servers in Sydney Australia. All data is encrypted in transit and at rest and our entire team is located in Australia.

Employees can access our platform on any device (mobile, laptop, desktop, etc.) as long you have the website link - no need to download any app on devices. You wouldn’t need to enrol any of your staff individually.- When we do our onboarding, we ask for the first name, last name and email of all your employees, and send out an email invite to all them which will allow them to create their own individual account to access the platform. For new staff we can also invite them or provide you with a unique link to embed in your onboarding process, whichever is more convenient for you. We also kick things off with a launch webinar or video to make sure everyone is aware of Foremind and how to use it. We’ll also provide you with any collateral such as posters, QR codes, brochures etc. to help drive awareness and encourage people to create an account in the platform.

The support line is answered by our reception service 24/7. It is for urgent platform or session-related issues only (e.g. *“My counsellor didn’t show”*) or helping staff create an account.