Polarisk

Guide · Psychosocial risk

ISO 45003 explained: managing psychosocial risk at work

ISO 45003 is the international standard for managing psychological health and safety at work. It gives employers a practical way to identify psychosocial hazards, assess the risk they create, and put controls in place.

By Dr Kirath Sidhu, registered occupational health doctor. Reviewed 7 July 2026.

It is guidance, not a certificate. You cannot be certified to ISO 45003 the way you can to ISO 45001. It sits alongside your legal duty to protect staff from work-related stress, and it gives you a recognised method for meeting that duty. This guide explains what it covers, what good control looks like, and where to start.

What ISO 45003 is, and what it is not

ISO 45003 was published in 2021 as guidance for managing psychosocial risk within an occupational health and safety management system. It describes the hazards to look for, how to assess them, and the kinds of controls that work.

The psychosocial areas to assess

ISO 45003 groups psychosocial hazards into how work is organised, the social factors at work, and the work environment. In practice, these are the areas to look at.

Workload and job demands. Too much or too little work, time pressure, and how demands are monitored.
Job control. How much say people have over how their work is done.
Manager and peer support. Whether managers are equipped to recognise and support psychosocial risk.
Role clarity. Whether people know what they are accountable for.
Workplace relationships. Including the prevention and resolution of bullying and harassment.
Change management. Whether major changes are assessed for their psychosocial impact.
Recognition and fairness. Whether recognition and decisions are consistent and seen as fair.
Work environment and exposure. Including remote, isolated, frontline and trauma-exposed work.
Governance and process. Whether you assess psychosocial risk on a set cycle, with a confidential channel to raise concerns. This is the backbone a regulator looks for first.

What good control looks like

ISO 45003 is less about a single survey and more about a process you can repeat and evidence. Good practice looks like this: assess psychosocial risk at work-unit level so no individual is identified, act on the highest risks first, and review on a cycle so you can show whether the controls worked. A one-off survey that sits in a drawer does not meet the intent. A documented cycle does.

How it connects to your legal duty

Where to start

See where your organisation stands against ISO 45003 and your local duty in about two minutes. No sign-up, and nothing about any individual employee.

Take the readiness check   See what an Assessment includes

Frequently asked questions

Is ISO 45003 mandatory?

No. ISO 45003 is guidance. What is mandatory is your local duty to manage psychosocial risk, which exists under UK health and safety law, Australian work health and safety law, and equivalents elsewhere. ISO 45003 is a recognised way to meet that duty.

Can you be certified to ISO 45003?

Not on its own. Unlike ISO 45001, ISO 45003 is a guidance standard with no pass or fail audit. Some bodies verify alignment with it, usually alongside an ISO 45001 audit.

Who should run a psychosocial risk assessment?

The duty sits with the employer. Many providers can run a survey. The question is who reads the results. A registered occupational health doctor can read the pattern clinically and sign off a defensible report, which a software-only survey cannot.

How often should we reassess?

On a set cycle, and after any significant change. An annual cycle is common, so you can show whether the controls you put in place actually moved the risk.

KS
Dr Kirath Sidhu is a registered occupational health doctor and the founder of Polarisk, which delivers physician-signed psychosocial-risk compliance assessments. Polarisk assessments are read and signed by a registered occupational health doctor in your jurisdiction.