If your pond is toxic, you treat the water, not the fish. So how easy is it for organisations to implement serious changes to work environments with ISO 45003, and what advice would they give to others bringing the new standard into their business?
Work just isn’t working. Although the link between workplace absence and poor mental wellbeing is widely known – 12.7% of UK sickness absence days are attributed to mental health conditions (Mental Health Foundation, 2022) – surging levels of poor at-work wellbeing suggests too little is being done about it. In 2021 it wasn’t coronavirus that caused the most lost work in the UK, but deteriorating mental health, which accounted for 19% of all lost working time (GoodShape, 2022).
Not only were mental health troubles the most common cause of lost working time in almost every industry measured, with absences being three times longer than for COVID-related reasons, but
the data also found one very arresting statistic: 54% of employees that have two or more mental health-related absences will go on to quit their jobs entirely (GoodShape, 2022).
What staff are clearly suffering from is the impact of rising ‘psychosocial risks’ – that is, the very way work is organised, defined as everything from social factors at work to aspects of the work environment, and the risk this presents. Rising levels of working from home, for example, has caused a 42% decline in people’s overall mental health as well as rising levels of burnout due to the blurring of home and work life (Qualtrics, 2022).
Peter Kelly, a GB Health and Safety Executive (HSE) senior psychologist and IOSH Council member, says it’s the environment staff are having to work in that’s to blame: ‘If staff are a fish in a pond and they’re all getting ill, getting them to be more resilient isn’t the answer, because it’s the water that’s toxic,’ he says. ‘The answer that’s needed is an approach that looks at the environment – for example, the processes, procedures and policies people are working under, and what systems need to be in place to support them and change their toxic working environments.’
The good news is that such a framework now exists – ISO 45003. It builds on ISO 45001 on managing health and safety risks in the workplace. Already in development before the pandemic, ISO 45003 was finally released last summer. Because of the pandemic and the growing emphasis on mental wellbeing at work, its guidelines for managing psychological health and safety at work are free to read on the ISO website. So now that it’s available, how are companies implementing it, and how are they finding the process? Also, what advice can they give others?
Regulations: What is ISO 45003?
ISO 45001 relates to an organisation’s responsibility to protect its employees’ ‘physical and psychological health’ and ‘to prevent work-related injury and ill health to workers’. However, more specific risks from psychosocial hazards are increasingly becoming apparent. ISO 45003 therefore enables organisations to prevent work-related injury and ill health for its workers – and other interested parties – and to promote wellbeing at work.
Devil in the detail
‘The elephant in the room is definitely the detail,’ says Dr Ivan Williams, IOSH policy development manager. ‘Central to ISO 45003 is how psychological wellbeing is measured in organisations. We feel awareness still needs to be raised about the term “psychosocial risk” and the guidance needs to be more accessible for SMEs,’ he says. ‘As part of the international working group that created the guidance, we are conscious about the need to effectively reach out to SMEs on this subject. We expect future plans to come together and produce further guidance on this soon,
and hence close the existing gap.’
Kate Field, global head of health, safety and wellbeing for BSI, says: ‘Organisations think that activities focused on wellbeing are the same as managing psychosocial risk, but they’re not.
‘What the guidance wants people to identify is not what makes people feel better, or more robust, but the way doing work does harm to people. In other words, an organisational-level approach to risk
However, while some argue the guidance might appear daunting to the uninitiated, the consensus seems to be that ISO 45003 walks organisations through it in a very systematic way. ‘It bridges the gap between HR and OH [occupational health], and elements traditionally the preserve of OH are couched in a more structural manner,’ says Andrew Packer CMIOSH, director of EHS excellence at GlaxoSmithKline firm Haleon.
‘What it provides is structure,’ he adds. ‘It forces OH officers to review and put in place an architecture for identifying, reviewing and improving on factors that could create poor mental health. Having ISO 45001 is not a prerequisite, but the beauty of ISO 45003 is that it leverages this by emphasising how mental health relates to policies companies might already have in place. Done in isolation, you’d probably have to construct all your guidelines from scratch.’
‘Organisations think that activities focused on wellbeing are the same as managing psychosocial risk, but they’re not’
Bridging the gaps
Because ISO 45003 takes an occupational management system-based approach to managing psychosocial risk, many organisations appear to be adopting a gap‑analysis workflow – assessing where there might be elements of existing policy and procedure that omit psychological risk, and then bolstering them accordingly.
Hayley Farrell is wellbeing manager at EMCOR UK, which last October became the world’s first organisation to be certified by BSI for implementing ISO 45003. She says: ‘ISO 45001 was already in place, therefore we integrated ISO 45003 into our existing health and safety management system, ensuring we encapsulated psychological health and safety.’
‘ISO 45003 is an important pillar of our wellbeing strategy. This psychosocial risk-based approach required us to identify workplace hazards such as how work is organised, social factors at work and the working environment, equipment and hazardous tasks.
‘This preventative approach enables us to implement wellbeing interventions to control and mitigate these hazards. This process involved the consultation with and participation of employees
to identify needs and expectations. As a result, agile processes and policies have been created to ensure hazards are regularly reviewed.’
Top tips: Introducing ISO 45003 in your business
Ruth Pott says: ‘I’d do the process with the safety team, and make sure HR is involved. As and when ISO 45003 becomes a standard, get third-party sign-off.’
Nicci Kingdon says: ‘Use what you already have. If you already have a management system for ISO 45001, you only need to add a few more questions to make it compliant with ISO 45003. But build in measurement – BAM Nuttall wants me to go back in six months to test if things they said would happen have been applied.’
Hayley Farrell says: ‘Work through each clause, identifying gaps in policies, procedures and/or existing management system, and then develop an action plan to close these gaps by integrating the ISO 45003 requirement in your organisation’s working practices. Include a timeline, identify accountable persons and state measurement of success to keep track of progress. Most importantly, organisational policy and procedure needs to be felt at the front and translated into actual action.’
Kate Field says: ‘Remember, ISO 45003 is about the water, not the fish. Adding a few plants around the edges, a water feature and some eco-friendly fish food (ie, wellbeing initiatives) is not sorting out the toxic water.’
Hayley says EMCOR UK consulted internally with staff on ‘previously taboo subjects – such as how employees can approach managers if they think their workloads are too much.’ The business also created a new wellbeing conversation framework for mental health risks in the workplace.
She says: ‘This framework provides a platform for employees to raise concerns without fear of retribution. A new mental health risks in the workplace policy was developed and existing policies and procedures revised ensuring they included psychological health, safety and wellbeing aspects. Working collaboratively across departments was paramount to the adoption of ISO 45003.’
EMCOR UK chose BSI to independently audit its OH management system to make sure the business would ‘do what we say we’re going to do’. Hayley says ISO 45003 demonstrates leadership commitment to employee health, safety and wellbeing. ‘Every company’s wellbeing strategy will differ, the key considerations in the adoption process is creating structure around how the organisation discharges psychological health and safety and that this structure is adhered to.’
According to Andrew, one element that requires emphasis is what he calls the ‘emergency management piece’. He says: ‘This is different, because it focuses on how companies do measurement, and so this puts emphasis on things such as taking regular pulse surveys to provide monitoring data to plan for emergency management.
‘These can be things like how happy people are feeling right now, to whether they have a good work/life balance. This is how OH can start to see whether people thrive or not to different stresses, and how certain approaches – and people – can be targeted.’ (See panel, right.)
Nicci Kingdon, a consultant at Shirley Parsons, is an expert in interpreting ISO 45003 for clients implementing the guidelines, and says ‘most systems allow for ISO 45003 to fit into it,’ adding: ‘It might simply be that a policy area needs an extra clause added.’ Beyond this though, she says there is an educational process needed. ‘The wording around this area might be new to people, but it shouldn’t be a massive undertaking unless a company isn’t doing a scrap of anything around mental health.’
Structure is key
Nicci has recently worked with civil engineering firm BAM Nuttall. Although its final roll-out is on hold while the company also completes a big transformation programme, BAM has now done most of the preparation work for ISO 45003 as Ruth Pott, its head of workplace wellbeing, explains.
‘ISO 45003 puts a structure in place that we can audit against,’ she says. ‘In all honestly, there wasn’t much that needed doing as we are already ISO 45001 and Investors in People accredited. Additions included HR policies now taking into account a broader spectrum of wellbeing issues, setting wellbeing objectives, creating new reporting templates and formalising how we share wellbeing with the business.’
She adds: ‘We’ve also looked at areas for improvement – such as covering incidents and what corrective actions are taken. We’ve woven in empathic leadership training too and implementing reflective practices. Benefits are also being tied in.’
Practical measures: Gauging mental health: tools
According to ISO 45003, data collection is critical to the measurement and comparison over time of organisation-wide levels of psychological health and safety management.
Andrew Packer says: ‘A problem with work-related mental health is that some people thrive on stress while others do not. Anonymous data creates an overall picture of mental health, while deeper measurement allows managers to find trends, and pockets of people for whom their workload is causing heightened mental ill health.’
Numerous tools exist to help achieve this:
- HSE has an online Stress Indicator Tool, which allows companies to survey staff and understand different risk profiles. Questions are centred around six key areas of work known to be the causes of poor mental health, including demand, control and support. Results can be compared to management standards.
- The Warwick-Edinburgh Mental Wellbeing Scale, a questionnaire for measuring mental wellbeing, was developed by researchers at Warwick and Edinburgh Universities. It can be found at: bit.ly/Warwick-Edinburgh
Critics may argue that new audit trails alone don’t create real, cultural change – and it’s this that is really needed to make psychological health and safety a success. This is a valid point as a key part of ISO 45003 is board-level ownership. But those who are implementing the guidelines reject this view, saying the focus on policy does put the sorts of wellbeing wheels in motion that will percolate through an organisation.
‘For us it’s not all about checking paperwork,’ says BSI’s Kate. ‘Our auditors interview top management and others to see if policies and process are actually being brought to live in the organisation. That is what drives cultural change – just having a policy signed by the CEO simply won’t cut it. We also want to see clear evidence that top management and everyone in the organisation understands that ISO 45003 is about psychosocial risk management, not just wellbeing in general.’
‘The wording around ISO 45003 might be new to people, but implementing it shouldn’t be a massive undertaking’
The benefits of risk awareness
Once implemented, the benefits of ISO 45003 should be plain for all to see – that organisations have a codified approach to how work is designed, social factors at work and the work environment, equipment and hazardous tasks; one that prioritises psychological health, safety and wellbeing, and puts it in the same category as physical health and safety.
‘Our organisation is now just so much more aware,’ says Hayley. ‘We have a mental health charter that aligns with Business In The Community’s mental health commitments; and we’re doing risk assessments to identify any systemic psychosocial risk that drives control measures. This is not just within our wellbeing strategy, but from an enterprise level as well. Psychosocial risks are also included in our enterprise risk register owned by our executive leadership team.’
To ensure that implementing ISO 45003 is successful, most seem to agree on the need for early top-level buy-in. ‘While ISO 45003 will bring about cultural change, leadership buy-in from the outset – around understanding the case for wellbeing, about presenteeism, and how mental health and wellbeing impacts health and safety – is what needs recognising first,’ says Ruth. ‘Wellbeing massively impacts safety, and wellbeing isn’t fluffy. People bring problems to work, so if work itself is also a problem, that’s when things can start to unravel. Buy-in has to be tackled first before even attempting to implement ISO 45003.’
Business has undoubtedly been slow in tackling mental wellbeing at work. But, with other organisations beginning the process of implementing ISO 45003, conversations about what constitutes good (and safe) work design should start to spread. ‘The principles around protecting good wellbeing are all there; it’s formulaic, and it’s step-by-step,’ says Ruth. ‘When done, it’s massively powerful.’
IOSH’s ‘Catch the Wave’ campaign, which sets high standards in business for the treatment of the workforce: iosh.com/businesses/iosh-for-business/catch-the-wave
Deloitte. (2020) Poor mental health costs UK employers up to £45 billion a year. (accessed 26 April 2022).
Deloitte. (2021) Half of UK millennials and Gen Zs feel stressed most of the time. (accessed 26 April 2022).
GoodShape. (2021) Poor mental health is UK's top reason for time off work in 2021. (accessed 26 April 2022).
Mental Health Foundation. (2022a) Mental health in the workplace. (accessed 26 April 2022).
Mental Health Foundation. (2022b) Mental health statistics: mental health at work. (accessed 26 April 2022).