Seguridad y salud

ISO 45003 — Psychosocial Risk Management

The first international standard specifically addressing psychological health at work. We help organisations identify, assess and control psychosocial risks within their occupational health and safety management system (ISO 45001), before they turn into absenteeism, turnover or employment disputes.

StandardISO 45003:2021
Estimated duration3–5 months
ScopeAny organisation with its own workforce

ISO 45003:2021 is the first international guide that specifically addresses the management of psychosocial risks in the workplace. Published in 2021, it complements ISO 45001 by providing detailed guidance on factors such as work overload, lack of autonomy, harassment, remote-work isolation and dysfunctional leadership. This is not an optional add-on: in Spain, the Law on Occupational Risk Prevention (LPRL) and Royal Decree 39/1997 already require the assessment of psychosocial hazards; ISO 45003 provides the most robust technical framework for fulfilling that obligation.

The 2025–2026 context reinforces the urgency. The Spanish Labour Inspectorate (ITSS) has increased enforcement activity on psychosocial risks, absenteeism due to mental health conditions now exceeds musculoskeletal-related sick leave in many sectors, and the forthcoming ISO 45001:2027 revision will incorporate ISO 45003 requirements as a core part of certification rather than as voluntary guidance. Organisations that act now will avoid the pressure of a rushed transition during the 2027–2030 period.

Summum Calidad has been supporting organisations in Castilla y León and the Canary Islands in implementing occupational health and safety management systems since 2007. With close to 200 ISO certifications accompanied, our team combines normative rigour with a thorough understanding of the reality faced by Spanish SMEs: small teams, limited resources and a need for tangible results without unnecessary bureaucracy. We accompany you through the full cycle; where certification is sought, it is issued by an independent accredited body (AENOR, BSI, SGS or others).

The ISO 45003 process.

The process · four stages
01

Psychosocial assessment

We apply validated questionnaires (ISTAS21/CoPsoQ or other instruments recognised by the INSST) and conduct interviews with line managers and employee representatives. The output is a psychosocial risk map showing exposure levels by functional unit.

02

Action plan design

We prioritise risk factors by likelihood and impact and design preventive and corrective measures: workload redistribution, improvement of leadership practices, anti-harassment protocols, adjustments to remote-work arrangements and psychological support channels.

03

Integration into the OHSMS

We document psychosocial risk controls within the existing or in-progress ISO 45001 system: updated policy, periodic assessment procedures, monitoring indicators and training for line managers.

04

Monitoring and continual improvement

We review the effectiveness of measures at 6 and 12 months using absenteeism, turnover and workplace climate indicators. We prepare the organisation so that the next ISO 45001 audit (or its future 2027 revision) finds the psychosocial block fully covered.

What is included

What ISO 45003 includes.

The operational detail: what we deliver as part of the work and what we keep alive afterwards.

  • Initial assessment with validated questionnaire

    Psychosocial evaluation using an INSST-recognised methodology, adapted to the size and sector of the organisation.

  • Risk report by unit and workforce group

    Detailed exposure map for psychosocial factors: workload, control, social support, rewards and work–life conflict.

  • Prioritised action plan

    Organisational, leadership and communication measures ranked by impact and implementation cost.

  • Documentary integration into ISO 45001

    Update of the policy, the risk assessment procedure and system planning to incorporate the psychosocial dimension.

  • Training for team managers

    Practical session for middle managers: recognising warning signs, handling difficult conversations and applying first-level measures.

  • 12-month follow-up report

    Review of key indicators (absenteeism, turnover, climate) and recommendations for adjustments ahead of the next external audit.

Frequently asked questions about ISO 45003.

Is ISO 45003 mandatory in Spain?

ISO 45003 itself is voluntary, but the obligation to assess and manage psychosocial risks derives directly from the Law on Occupational Risk Prevention (Law 31/1995) and the Prevention Services Regulation (RD 39/1997). ISO 45003 is the most comprehensive technical framework for fulfilling that obligation in a way that can be demonstrated to the Labour Inspectorate.

Can ISO 45003 be implemented without having ISO 45001?

Yes. The standard can be applied independently, although it is designed to be integrated into an ISO 45001 system. In organisations that do not yet have ISO 45001, we use the ISO 45003 process as a starting point to build both systems simultaneously and efficiently.

What is the difference between a standard psychosocial assessment and applying ISO 45003?

A standard psychosocial evaluation produces a diagnosis but does not always include a management system that ensures continual improvement. ISO 45003 adds the full cycle: identification, assessment, documented controls, effectiveness review and audit readiness. It is the difference between taking a snapshot and managing the problem systematically.

What is happening with ISO 45001 in 2027 and how does it affect psychosocial risks?

The forthcoming ISO 45001:2027 revision (expected publication in March 2027, with transition until 2030) will incorporate ISO 45003 requirements as a core part of the standard. This means that organisations certified to ISO 45001 will need to demonstrate systematic management of psychosocial risks to maintain their certification. Implementing ISO 45003 now is the natural preparation for that transition.

How long does implementation take?

For organisations of between 20 and 250 people, the full process — from assessment through documentary integration to the first review — typically takes 3 to 5 months. The timeline depends on the complexity of the organisational structure, the number of work sites and whether an ISO 45001 system is already in place.