A psychosocial risk register gives you one place to manage psychosocial hazards the same way you manage any other WHS risk. You capture the hazard, the evidence, the risk rating, the controls, the actions, and the review cycle. Many organisations start with a general spreadsheet risk register because it feels quick and familiar. It often falls over when ownership changes, reviews slip, and evidence ends up scattered across folders.
ReFresh keeps the register alive as a system. ReFresh can act as your incident reporting software, your confidential intake channel, your survey system, your risk register, your control and evidence tracker, and your governance reporting layer. You get one connected workflow instead of six disconnected tools.
Regulatory and duty context across locations
Across Australia, the UK, Canada, and other mature WHS environments, the expectation stays consistent: identify hazards, assess risk, implement controls, consult workers, and keep records that show you did the work.
In Australia, Safe Work Australia states that a PCBU must eliminate psychosocial risks, or if that is not reasonably practicable, minimise them so far as is reasonably practicable.
In the Commonwealth jurisdiction, Comcare describes psychosocial hazards as aspects of work with the potential to cause psychological or physical harm, and points to the Managing Psychosocial Hazards at Work Code of Practice 2024, which identifies 17 psychosocial hazards.
In the UK, HSE states employers have a legal duty to protect workers from stress at work by doing a risk assessment and acting on it.
ISO 45003 provides a global management-system style approach for managing psychosocial risk within an OH&S management system based on ISO 45001.
What counts as a psychosocial hazard
A psychosocial hazard is anything about work that could cause psychological harm. Safe Work Australia lists common hazards including job demands, low job control, poor support, lack of role clarity, poor organisational change management, poor organisational justice, traumatic events or material, remote or isolated work, poor physical environment, violence and aggression, bullying, harassment, and conflict or poor workplace relationships.
Hazards can combine. Workload risk increases when people can't take breaks or can't access help. Build that reality into your ratings and controls.
What a psychosocial risk register includes
Use a structure that forces evidence, controls, owners, and review: date issue raised, hazard or situation, information sources, harm consequences, harm likelihood, level of risk, controls in place, adequacy of controls, further controls required, actioned by and comments, date completed, monitoring and review method, and review date.
Step-by-step: build the register
Step 1: Set scope, access, and confidentiality
Choose the level that matches operations: enterprise, site, function, or team. Keep personal case details out of the register. Use the register to track hazards and system controls.
Step 2: Standardise hazard categories and write hazards in workplace language
Start with consistent categories, then write each entry in operational terms: "Job demands" becomes "queue time targets plus overtime above 10 hours weekly". "Poor support" becomes "no supervisor coverage on late shift, escalations go unanswered".
Step 3: Identify hazards using evidence streams
Use at least three sources per entry: consultation outcomes, incident and complaint patterns, surveys and free-text themes, workload data (overtime, backlog, wait times), and HR trends (turnover, absence).
Step 4: Rate consequence and likelihood consistently
Use your existing risk matrix. Align consequence language to psychosocial harm so different leaders rate the same scenario similarly. HSE tells employers to assess stress risk like other work-related health and safety risks and to act on it.
Step 5: Choose controls that reduce exposure and prove they work
Avoid the "training only" trap. Start with work design and system controls, then add training and support. Safe Work Australia frames the duty as eliminating risk where reasonably practicable, otherwise minimising it so far as reasonably practicable.
Step 6: Turn controls into actions and close them out
A register only works when actions land. Owners need due dates and proof.
Step 7: Review, learn, and improve
Set a review cycle and also review when work changes: restructure, peak season, new systems, incident clusters, survey spikes. Safe Work Australia notes that hazards can interact and combine, which means risk levels can shift quickly.
Templates you can copy today
Template A: Psychosocial risk register headings (spreadsheet-ready)
Date issue raised | Hazard / situation | Information sources | Harm consequences | Harm likelihood | Level of risk | Controls in place | Adequacy | Further controls | Actioned by | Date completed | Monitor/review | Review date |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
15/01/2026 | High workload and unclear priorities within Customer Support during peak periods | Worker feedback survey, incident reports, absenteeism data, manager observations | Stress, burnout, reduced concentration, increased error rates, psychological injury | Likely | High | Informal workload discussions, EAP access, flexible start times | Partially adequate | Formal workload planning, clarify role priorities, regular check-ins, escalation pathway | HR Manager | 05/02/2026 | Monthly review using survey results, absenteeism, manager check-ins | 30/04/2026 |
Template B: Control adequacy scale
Rating | Description |
|---|---|
Effective | Controls formally documented, implemented as designed, consistently applied, evidence of risk reduction, scheduled monitoring and review. |
Partially effective | Documented or implemented but not consistently applied. Evidence of risk reduction limited or reactive. Improvement required. |
Not effective | Controls absent, informal, or not implemented. No evidence of risk reduction. Immediate corrective action required. |
Template C: Workshop prompts (60 minutes)
Where does workload spike, and what triggers it?
Where do people lose control over how they do the work?
Which roles face aggression, trauma exposure, or conflict?
What change landed recently, and where did communication break?
Where does role clarity fall apart and rework starts?
Common mistakes to avoid
Teams log "culture" instead of hazards. Use consistent hazard categories and clearer descriptions.
Teams rely on training as the fix. Force control evidence and effectiveness reviews.
Teams skip consultation. Link consultation records to risk assessments.
Teams lose the trail across tools. Keep incidents, surveys, risk assessments, controls, evidence, actions, and reviews connected.
Related reading
When the investigation becomes the hazard: what one IRC decision means for how organisations manage workplace investigations
Luke Giuseppin
April 8, 2026
One psychosocial complaint can trigger an organisation-wide review. A recent NSW decision confirms it.
Luke Giuseppin
April 1, 2026
The healthcare Code of Practice just landed in NSW. Here's what it means for psychosocial risk in aged care, disability, and health.
Harrison Kennedy
March 31, 2026