ISO 45003 Audit Checklist

When the International Organization for Standardization (ISO) published the first edition of the ISO 45003 in June 2021, many organizations wanted to know how to gain certification. The ISO Technical Committee ISO/TC 283 provides a standard that includes guidance on creating compliant frameworks to help companies of all sizes manage worker psychological risk better. 

The standard expands on the existing ISO 45001:2018, which sets out guidelines and requirements for occupational health and safety (OHS) management. If you’re already 45001-certified, preparing for internal and eventual external ISO 45003 audits is essential.

Understanding ISO 45003 Audits

Companies are steadily realizing the importance and severity of different mental health conditions, how essential it is to understand psychological hazards in the workplace, and the need for ISO 45003:2021 compliance. Before this standard, there was no guiding global standard for organizations to use to create their psychological health and safety frameworks. Thankfully, companies now have guidelines to help develop appropriate systems, allowing for internal and external ISO 45003 audits.

An ISO 45003 audit will work similarly to an ISO 45001:2018 audit by comparing the company’s health and safety standards against supplied frameworks and guidelines to check for compliance with the standard. If previous ISO 45003 audits have been conducted, the auditor will also determine if previous nonconformities have been rectified.

ISO 45003 Compliance Checklist

Understanding the guidelines and recommendations of the standard is a vital first step. With that groundwork, it is time to work through the ISO 45003 checklist.

1. The Organization’s Context

The organization’s context pertains to internal and external issues, stakeholders’ needs and expectations, and the scope of OHS. Regarding an audit, this means that the organization has:

1. Identified the internal and external psychological health and safety issues pertinent to its unique position, vision, and strategic direction.
2. Understood which parties are affected by and which impact psychological health and safety management and examined everyone’s needs, expectations, and legal obligations.
3. Measured the scope of the psychological health and safety management system and found what it addresses and relevant issues. The company knows the needs and expectations of all parties and aligns the system with the company’s vision, objectives, and business components.
4. Outlined the guidelines, processes, and relevant actions for each potential psychological health and safety management framework stage.
5. Entrusted the roles and responsibilities for each area and stage of the management system to relevant individuals and provided them with actionable instructions on implementation and success measurement. The organization also recognizes the need for adjustment and knows how to make appropriate changes.

2. Participation of Leadership and Workers

Implementing ISO 45003 successfully requires every employee — from workers to leadership — to understand their roles and responsibilities. Active participation is essential, meaning:

1. Top management understands the guidelines and requirements of ISO 45003 and takes responsibility for effectively implementing the company’s integration of the standard.
2. The organization has defined, outlined, and communicated its psychological health and safety policy, which is appropriate and relevant to mitigating mental health risks in its context.
3. The organization has outlined who is responsible for the decision-making and management of the various aspects of the psychological health and safety management system and its ultimate success.
4. Clearly defined processes and channels allow workers to provide input and feedback for improving ISO 45003 implementation.

3. ISO 45003 Implementation Planning

Companies need to ensure the ongoing development of objectives and planning to further the success of their psychological health and safety systems. This involves measuring and addressing risk and opportunity as well as devising methods to make ongoing improvements, meaning the company has:

1. Created relevant frameworks to identify and address risks affecting its psychological health and safety and potential possibilities for adaptation and improvement. These frameworks are adequately documented, assessed, and then turned into actionable OHS tasks.
2. Outlined clear psychological health and safety objectives and created implementation plans to execute them. Additionally, the company has identified and continues to highlight ways the system may need to adapt to remain effective with time.

4. Support Resources and Frameworks

To implement a psychological health and safety management system effectively, an organization must ensure its employees can access relevant tools and resources. It must also maintain documentation and record its implementation strategies and findings, meaning the company:

1. Has a keen understanding of the precise resources it and its employees require to outline, establish, implement, maintain, and improve its ISO 45003 compliance.
2. Reviews its resources and competencies regularly to ensure it provides adequate training to relevant staff to promote a psychologically healthy workplace.
3. Has established means to accurately measure and monitor the effectiveness of the psychological health and safety system to remain aware of what resources and support need improvement.
4. Provides effective communication channels and adapts this infrastructure to promote conformity across the company to ensure ongoing ISO 45003 compliance.
5. Understands and ensures all necessary documented information about the standard guidelines is organized and kept to provide during ISO 45003 audits.

5. Operation and Procedures

For the company to enjoy a viable system, all elements at each stage must be fully operational and have safeguards and emergency preparedness. To achieve certification, an organization needs:

1. A clearly set out system and process ensuring it meets the guidelines outlined in ISO 45003 and has its own Psychological Risk Intervention or similar process. Using this system, workers can identify and report psychological risk exposure or concerns.
2. A psychosocial emergency preparedness and response framework with which relevant parties are familiar. They also have impact assessment measures and system reviewing methods in place in case psychological or psychosocial emergencies occur.
3. A thoroughly planned and adequately resourced rehabilitation and return to work program for affected employees.

6. Performance and ISO 45003 Management Evaluation

Systems require evaluation and reviews to establish what works and where improvements can be made. Organizations must monitor and assess their psychological health and safety processes to improve them. Continual evaluation is an essential ISO 45003 checklist component, meaning companies must have:

1. Outlined which system elements require evaluation and established methods to monitor, measure, and analyze the relevant psychological health and safety management system. These methods allow the company to execute performance evaluations and act accordingly.
2. An agreed-upon formal structure for qualified internal auditors to evaluate the psychological health and safety management system during an internal audit program.
3. Management reviews to regularly monitor and evaluate the psychological health and safety management system. These evaluations should include means of agreeing upon areas of priority and improvement methods.

7. Improvement of ISO 45003 Compliance and Implementation

The company must be able to evaluate areas of noncompliance and analyze where it can enhance its psychological health and safety management system to better service the entire organization. Improvement measures mean the company can:

1. Identify and act on any relevant, related, and contributing areas of psychological risk management that require improvements to align with the company’s psychological risk goals.
2. Manage and make adjustments for improved ISO 45003 compliance in areas of noncompliance.
3. Prioritize and continually improve the psychological health and safety management system to ensure it is suitable and adequate for the company’s context. Communication between stakeholders is at the core, including promoting worker consultation and participation.

Increase Compliance With the National Association of Safety Professionals (NASP)

Ensuring your organization is prepared for an ISO 45003 audit means having the relevant knowledge, insights, and training. You can improve your understanding with this ISO 45003 audit checklist. Also, consider investing in the extensive NASP Certified Safety Manager (CSM) online course and the Safety Auditor Certificate (SAC) course online to further your training. At NASP, we offer ANAB-accredited certification programs and have years of experience assisting clients with workplace safety. We’re also IACET-accredited for Continuing Education Units.

For course offerings and to learn more, contact us online today or call us at 800-922-2219 to talk to a NASP representative about furthering your training and improving compliance. You can also view our professional development training offerings, including various online training courses, that provide a practical approach to workplace safety.

Register for our live Psychological Health & Safety Specialist Classroom course today!