This page provides general information only and is not legal advice. Obligations vary by jurisdiction. Consult your WHS regulator or a qualified professional for advice specific to your situation.
ISO 45003 is the first international standard specifically focused on managing psychosocial health and safety at work. Published in June 2021, it provides a structured framework for identifying, assessing, and controlling psychosocial risks within an occupational health and safety management system.
If you’ve seen “ISO 45003 aligned” on a product, service, or tool and wanted to know what that actually means, this guide explains it clearly.
The basics: what ISO 45003 is and isn’t
ISO 45003 is a guidance standard, not a requirements standard. That distinction matters:
A requirements standard (like ISO 45001 for general occupational health and safety) specifies what an organisation must do, and can be independently certified.
A guidance standard like ISO 45003 describes how to approach something (in this case, managing psychosocial risk) without mandating a specific method. You cannot be “certified to ISO 45003” in the same way you can be certified to ISO 45001.
What ISO 45003 does provide:
- A framework for identifying psychosocial hazards (how work is organised, the social environment of work, and the physical/environmental context)
- Guidance on assessing and prioritising the risks those hazards create
- Examples of control measures, including work design changes, leadership development, and organisational structure improvements
- A framework for monitoring and continuous improvement aligned with the Plan-Do-Check-Act (PDCA) cycle
ISO 45003 is designed to work inside an existing occupational health and safety management system, ideally one based on ISO 45001. But organisations without ISO 45001 can still benefit from ISO 45003 as a framework.
How ISO 45003 relates to Australian and New Zealand legislation
ISO 45003 is not Australian or New Zealand law. But it is closely aligned with both countries’ legislative obligations, and regulators in both countries have referenced it as a best practice framework.
In Australia
The Model Code of Practice: Managing Psychosocial Hazards at Work (2022) follows the same four-stage risk management cycle (identify, assess, control, review) that ISO 45003 describes. Victoria’s Occupational Health and Safety (Psychological Health) Regulations 2025 also align with ISO 45003’s emphasis on higher-order controls, such as redesigning work, improving management practice, and adjusting workloads, over lower-order approaches like awareness training.
Using a tool or process that is ISO 45003 aligned gives you a defensible foundation: you’re applying internationally recognised best practice to a legislatively required obligation. It won’t guarantee you’ll never face regulatory scrutiny, but it demonstrates you took a structured, evidence-based approach.
In New Zealand
WorkSafe NZ’s guidance on managing psychosocial risks at work references ISO 45003 as a relevant framework. The HSWA’s core obligation to eliminate or minimise psychosocial hazards so far as is reasonably practicable aligns directly with ISO 45003’s risk management cycle.
What does ISO 45003 say about psychosocial hazards?
ISO 45003 organises psychosocial hazards into three principal areas:
How work is organised
Factors in the design and management of work: job demands, job control (autonomy), role clarity, work hours, and job security. This is the structural dimension. It covers how the work itself is set up and whether it creates conditions for sustained stress.
Social factors at work
Interpersonal relationships, management behaviour, workplace culture, organisational justice (perceptions of fairness), support from colleagues and supervisors, exposure to violence, harassment and bullying. This is the relational dimension: the quality of the human environment in which work happens.
Work environment and organisational context
Physical conditions, remote or isolated work, exposure to traumatic content or situations, and how the organisation manages change. This is the contextual dimension: the setting in which work occurs.
ISO 45003 emphasises that these hazards rarely exist in isolation. A high-demand role with strong social support and good management might be manageable. The same role with poor support and perceived unfairness becomes a significant risk. Effective psychosocial risk management looks at hazards in combination, not just individually.
What does “ISO 45003 aligned” mean on a product or service?
When Clearhead describes the Psychosocial Risk Pulse Tool as “ISO 45003 aligned,” it means:
- The 18 psychosocial factors measured by the tool correspond to the hazard categories described in ISO 45003, including all three principal areas (work organisation, social factors, and environment)
- The measurement approach (monthly monitoring, with frequency/intensity/duration data) aligns with ISO 45003’s emphasis on ongoing, systemic risk identification rather than point-in-time assessments
- The reporting structure supports the ISO 45003 risk management cycle, giving you the data needed for identification and assessment, with outputs that inform control decisions
- Engagement with employees through the check-in process supports ISO 45003’s emphasis on worker participation and consultation in psychosocial risk management
It does not mean Clearhead holds an ISO 45003 certification (which, as noted above, is not how guidance standards work), and it does not mean the tool alone satisfies every element of an ISO 45003-aligned management system.
Do you need to implement ISO 45003 to be legally compliant?
No, not directly. ISO 45003 is voluntary. Australian and New Zealand legislation does not mandate ISO 45003 compliance.
What the legislation requires is that you have a system for identifying, assessing, controlling, and reviewing psychosocial risks. ISO 45003 is the most widely recognised framework for what that system should look like. Following it provides a defensible basis for your approach, demonstrating to regulators, to workers, and to your own board that you applied internationally recognised best practice.
Think of it the way you might think about accounting standards: GAAP or IFRS aren’t legally required for private companies, but following them is the recognised way to demonstrate financial competence. ISO 45003 plays a similar role for psychosocial risk management.
ISO 45003 vs ISO 45001 — what’s the difference?
| ISO 45001 | ISO 45003 | |
|---|---|---|
| Type | Requirements standard | Guidance standard |
| Scope | All workplace hazards (physical, chemical, ergonomic, psychosocial) | Psychosocial risks specifically |
| Certification | Yes. Organisations can be independently certified. | No. Certification not applicable. |
| Relationship | The primary OH&S management standard | Extends ISO 45001 for psychological health |
| Can be used alone? | Yes | Yes, as a standalone psychosocial framework |
If you already have ISO 45001 certification, ISO 45003 extends your system to address psychosocial risks properly. If you don’t have ISO 45001, you can still use ISO 45003 as a standalone framework for psychosocial risk management.