Occupational Work Health And Safety (WHS) Obligations In Australia

Keeping people safe at work isn’t just the right thing to do - it’s the law. As a small business owner in Australia, you have clear duties under workplace health and safety (WHS) laws. Getting WHS right protects your team, reduces downtime and claims, and helps you build a business customers and staff trust.

If WHS feels complex, don’t stress. With a simple plan, the right policies and practical habits, you can meet your legal obligations without drowning in paperwork. This guide walks you through what WHS means for small businesses, who’s responsible, the key steps to get set up, and the core documents and policies you should have in place.

What Is Occupational Work Health And Safety (And Why It Matters To Your Business)?

Occupational work health and safety - often called WHS or OHS - is the legal framework that requires businesses to provide a safe workplace and manage risks to health. It covers physical risks (like slips and manual handling), as well as psychosocial risks (like stress, bullying and fatigue).

In most Australian states and territories, WHS laws are based on the model Work Health and Safety Act and Regulations. There are also Safe Work Codes of Practice that set out practical ways to meet your duties. Victoria and Western Australia have similar laws using different terminology, but your core obligations are the same: identify hazards, manage risks, consult workers, provide training and supervision, and monitor and review safety over time.

Why it matters: serious incidents can lead to significant fines, enforceable undertakings, prosecution, business interruption and reputational damage. On the positive side, a safe workplace increases productivity, helps you attract talent, and can reduce insurance premiums over time.

Who Is Responsible For WHS In A Small Business?

Under WHS laws, the “person conducting a business or undertaking” (PCBU) - usually the business owner or company - is primarily responsible for safety. Officers of a company (like directors) must also exercise “due diligence” to ensure the business complies. Managers and supervisors have responsibilities for the work they control, and workers must take reasonable care for themselves and others.

Put simply, you can’t outsource safety. You’re expected to proactively manage risks, not just react after something goes wrong. This includes contractors, labour hire workers and volunteers while they’re working for your business.

Your legal obligations sit alongside a broader duty of care to provide a safe system of work. That duty extends to both physical and psychological safety. If you ignore known hazards, or fail to train and supervise appropriately, you increase the risk of harm and legal liability.

Step-By-Step: Setting Up WHS In Your Workplace

WHS doesn’t have to be complicated. Use these practical steps to get your system up and running - and keep it working as your business grows.

1) Identify Your Risks

• Walk through your workplace and list hazards (e.g. slips, electrical risks, manual handling, machinery, vehicles, heat, chemicals, working alone, fatigue).
• Include non-physical risks like stress, high workloads, conflict, poor change management, or exposure to aggression from customers.
• Ask your team what worries them - worker consultation is required and often reveals issues you can’t see from your desk.

2) Assess And Control Those Risks

• For each hazard, consider how likely it is to harm someone and how serious the harm could be.
• Choose controls using the hierarchy of controls: eliminate the hazard where possible; otherwise substitute, isolate, or use engineering controls; then administrative controls and PPE as a last resort.
• Document what you’re doing and why. Keep it simple and practical.

3) Put Clear Procedures And Policies In Place

• Create short, plain-English procedures for the work that presents risk (e.g. manual handling, using equipment, working at height, dealing with aggressive customers, fatigue management).
• Include an emergency plan (e.g. fire, medical emergency, evacuation, violent incidents) and make sure everyone knows it.
• Use targeted policies for known risk areas such as a Mobile Phone Policy for driving or high-risk tasks, and a drug and alcohol policy grounded in fair process and any applicable drug testing rules.

4) Train, Supervise And Induct

• Provide a structured induction before anyone starts work. Cover key risks, PPE, incident reporting, and your emergency plan.
• Offer role-specific training and keep training records. Supervise new starters closely until they’re competent.
• Refresh training after changes (new equipment, new processes) and at reasonable intervals.

5) Consult With Workers And Keep Records

• Consultation is mandatory. Hold toolbox talks, safety meetings or quick check-ins and encourage feedback.
• Keep records of risk assessments, inductions, training, maintenance, incidents and corrective actions. Good records help you improve - and demonstrate compliance if regulators ask.

6) Prepare For Incidents And Notifiable Events

• Have a simple incident reporting process and investigate near-misses (they’re warning signs).
• Know what’s “notifiable” in your state or territory (e.g. serious injury, dangerous incidents). If a notifiable incident occurs, preserve the site and notify the regulator promptly.
• Support injured workers and manage return-to-work in line with workers compensation requirements.

7) Manage Contractors, Visitors And Off‑Site Work

• Share safety information with contractors and ensure everyone knows who is responsible for what. Request proof of competencies and insurance where relevant.
• If people work remotely or alone, address communication, fatigue, ergonomics and emergency response in your risk controls.

8) Review Regularly

• Set a schedule to review risks, procedures and training (e.g. quarterly).
• After any incident or major change, reassess and update your controls.

What Policies, Contracts And Records Should You Put In Place?

Strong paperwork won’t keep people safe on its own - but it does make your system clear, consistent and defensible. Most small businesses should consider the following:

• WHS Policy: A short statement of your commitment, responsibilities, consultation approach and how you’ll review safety.
• Risk Register: A living list of hazards, risk ratings and controls.
• Safe Work Procedures: One-page, step-by-step guides for higher-risk tasks or equipment.
• Emergency Plan: Evacuation procedures, first aid arrangements, contact details and training schedule.
• Incident Report And Investigation Forms: Make it easy for workers to report and for you to track corrective actions.
• Employment Contract: Set expectations around safety responsibilities, PPE, compliance with policies and reporting obligations.
• Workplace Policies (Staff Handbook): Bundle practical policies like bullying and harassment, discrimination, fatigue, PPE and consultation into a single, accessible handbook. This is also where you can include processes for harassment and discrimination claims.
• Drug And Alcohol Policy: Clarify when testing applies, privacy and support pathways, consistent with any legal guidelines for testing.
• Mobile Phone And Device Policy: Manage distraction and vehicle use with a practical Mobile Phone Policy.
• Privacy Policy: If you collect any personal or health information (e.g. injury reports, fit notes, emergency contacts), you should explain how you collect, store and use that data in a compliant Privacy Policy.
• Contractor Agreements: Include safety obligations, site rules, evidence of competencies and incident reporting requirements.
• Training And Induction Records: Keep evidence of who was trained on what and when.

Not every business needs every policy on day one. Start with the essentials (WHS Policy, risk register, core procedures, induction and emergency plan), then add targeted policies where risks require it.

Technology, Privacy And Monitoring: Doing Safety The Right Way

Technology can support safety - but there are legal boundaries. If you plan to use cameras, tracking or call monitoring as part of your WHS system, make sure you comply with surveillance, workplace and privacy laws.

Workplace Cameras And Surveillance

Security cameras can deter violence, help investigate incidents and protect property. However, camera use is regulated and, in many cases, you must notify workers and follow specific consent and signage rules. Before installing, check what’s permitted where you operate and review whether cameras are legal in the workplace for your situation. Always limit surveillance to what’s reasonably necessary for safety and security, and avoid monitoring in areas where people reasonably expect privacy.

Recording Calls For Safety And Training

Recording calls (for de-escalation training, incident evidence or quality control) is also regulated. Laws differ by state and territory, but generally you’ll need to inform participants and, in some cases, obtain consent. Build compliance into your call flows and privacy notices by aligning with business call recording laws.

Handling Sensitive Information

WHS often involves collecting sensitive data - incident details, medical certificates, return-to-work plans. Treat this information carefully, restrict access, and document your approach in a clear Privacy Policy. Make sure staff know how to handle and store records appropriately. Only collect what you need for a lawful purpose (like safety management or insurance).

Psychosocial Safety And Respectful Workplaces

Psychosocial hazards are now expressly recognised in WHS frameworks. Poor culture, bullying or excessive workloads can cause psychological harm just as seriously as a physical hazard. Ensure your team knows how to report concerns, managers are trained to respond early, and your policies address support, investigation and outcomes. If a complaint arises, follow fair process and your obligations around workplace harassment and discrimination.

Consultation And Speaking Up

A strong speak‑up culture helps you identify risks early. Larger companies may need a formal whistleblower framework under the Corporations Act, but even smaller businesses benefit from clear reporting channels and protections. Consider whether a simple escalation pathway is enough, or if you need a formal Whistleblower Policy to suit your industry and risk profile.

Key Takeaways

• WHS applies to every small business in Australia - you must proactively manage risks to both physical and mental health and safety.
• The business (as PCBU) holds primary responsibility, and company officers must exercise due diligence to ensure compliance.
• A practical WHS system covers risk identification, controls, training, consultation, incident response and regular reviews.
• Put core documents in place early: a WHS Policy, risk register, safe work procedures, induction and emergency plan, plus targeted policies like a Mobile Phone Policy, drug and alcohol rules and a clear Privacy Policy.
• When using cameras, call recordings or monitoring to support safety, follow surveillance and privacy laws - and keep it reasonable and transparent.
• Psychosocial hazards matter: build a respectful culture, act early on issues, and follow proper processes for harassment or discrimination complaints.
• If you’re unsure how to tailor WHS to your business, getting advice early will save time, reduce risk and help you meet your obligations confidently.

If you’d like a consultation on setting up WHS for your small business in Australia, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.