Table of Contents
Quick Answer
Psychosocial Risk Assessment PRisMA is a workplace risk assessment and management framework introduced by the Department of Occupational Safety and Health Malaysia through the Guidelines on Psychosocial Risk Assessment and Management at the Workplace 2024. It helps employers identify psychosocial hazards, assess workplace risk factors, prioritise control measures and prepare a psychosocial risk management action plan.
For Malaysian employers, PRisMA is important because workplace psychosocial risks are now part of occupational safety and health management. These risks may include excessive workload, lack of job control, poor support, unclear job roles, workplace conflict, bullying, harassment, discrimination, long working hours and poor work-life balance.
Key Takeaways:
- PRisMA stands for Psychosocial Risk Assessment and Management in the Workplace. It is a structured framework introduced by DOSH Malaysia to help employers assess and manage psychosocial risks at work.
- Psychosocial risks are workplace-related risks. They may include excessive workload, poor job control, lack of support, unclear roles, bullying, harassment, discrimination, long working hours and poor work-life balance.
- PRisMA is not a mental health diagnosis tool. It does not diagnose anxiety, depression or other medical conditions. It helps employers identify workplace factors that may affect employees’ psychological health and well-being.
- Employers in Malaysia should manage psychosocial risks as part of occupational safety and health. Under OSHA 1994, as amended, employers have a duty to assess and control safety and health risks at the workplace.
- The PRisMA process uses LEO26 and EPC23. LEO26 is used to identify psychosocial risk levels, while EPC23 helps employers review existing control measures and workplace practices.
- A Psychosocial Trained Person, or PTP, should assist with PRisMA. The PTP helps conduct the assessment, analyse results, prepare action plans, reassess risk and maintain proper records.
- PRisMA should be conducted by work unit. Different departments, branches or job groups may have different psychosocial risk levels, so each work unit should be assessed separately.
- Employers must follow up with action. A PRisMA assessment is only useful when the employer prepares and implements a practical action plan to reduce identified risks.
- Records should be properly maintained. PRisMA reports, assessment results and action plans should be kept for audit, review and continuous improvement purposes.
- PRisMA helps businesses improve both compliance and performance. When implemented properly, it can support employee well-being, reduce absenteeism, improve productivity, strengthen workplace culture and improve DOSH audit readiness.
What Is PRisMA?
PRisMA stands for Psychosocial Risk Assessment and Management in the Workplace. Under the DOSH 2024 guideline, PRisMA is designed to help employers screen, assess and manage psychosocial risks at work in a structured way.
It is not a mental health diagnosis tool. It is a workplace risk management tool. Its purpose is to identify workplace-related psychosocial risk factors and guide employers in taking suitable action. The DOSH guideline clearly states that PRisMA is not a clinical diagnostic tool and that non-work-related or personal factors need to be assessed separately.
In simple terms, PRisMA helps employers answer three important questions:
- Are employees exposed to psychosocial hazards at work?
- Which work units have higher psychosocial risk?
- What practical control measures should the employer implement?
Why Psychosocial Risk Assessment Matters in Malaysia
Psychosocial risks can affect both employees and organisations. According to the DOSH guideline, psychosocial risks may contribute to stress, burnout, anxiety, depression, reduced job satisfaction and even physical health issues. For organisations, unmanaged psychosocial risks may lead to reduced productivity, absenteeism, presenteeism, staff turnover and reputational damage.
This is why psychosocial risk assessment should not be treated as a human resource issue only. It should be integrated into the company’s occupational safety and health system.
For employers in Malaysia, this is especially relevant because OSHA 1994 now includes a clear duty to conduct and implement risk assessment. Section 18B requires employers, self-employed persons or principals to conduct risk assessments for safety and health risks affecting any person who may be affected by their undertaking at the workplace. If risk control is required, the control must be implemented.
Failure to comply with Section 18B may result in penalties under Section 19. The Act provides for a fine not exceeding RM500,000, imprisonment up to two years, or both.
Is PRisMA Mandatory?
The DOSH guideline states that it is to be adopted by employers and employees as a guide for the assessment and management of psychosocial risks in the workplace. It applies to places of work in Malaysia in accordance with OSHA 1994 and focuses on workplace-related psychosocial risks, not personal or non-work-related issues.
Employers should not wait until there is a serious complaint, resignation trend, burnout case, workplace conflict or mental health incident before taking action. The PRisMA guideline promotes a proactive approach, including employee surveys, job design review, risk mapping and policy review.
Common Psychosocial Hazards at Work
Psychosocial hazards are workplace factors that may affect employees’ psychological health, social well-being and work performance. DOSH lists examples such as excessive workload, unrealistic deadlines, poor communication, lack of social support, repetitive tasks, lack of autonomy, unclear roles, bullying, harassment, discrimination, long working hours, poor work-life balance and limited career development.
Common examples include:
- Excessive workload or unrealistic deadlines
- Long working hours or unpredictable shifts
- Lack of control over how work is performed
- Poor support from supervisors or colleagues
- Unclear job roles and responsibilities
- Bullying, harassment or discrimination
- Poor communication between departments
- Repetitive or monotonous tasks
- Limited career development opportunities
- Work-life imbalance
These issues may seem “soft” compared to machinery, chemicals or noise exposure, but they can still create real occupational health risks.
How PRisMA Works
The PRisMA process consists of six main components:
- Identify psychosocial hazards using LEO26
- Assess existing control measures using EPC23
- Prioritise risks by matching LEO26 and EPC23
- Manage risks according to risk prioritisation
- Reassess risk
- Keep proper records
This six-component process is shown in the DOSH guideline’s PRisMA process flow.
The process is usually carried out at work unit level. This means the organisation may assess different departments, sections, divisions, branches or work groups separately. The DOSH guideline states that all work units need to be assessed, including top management and middle management units. Each work unit requires a separate risk assessment report.
What Is LEO26?
LEO26 stands for Likelihood of Environment & Occupational Exposure Scale towards Psychosocial Risk in the Workplace. It is a 26-item screening tool used to assess how workplace environment and work activities may impact employee psychosocial health.
LEO26 helps identify risk levels based on key components such as:
- Job Control
- Work Demand
- Job Support
The purpose is to identify whether employees in a work unit are exposed to low or high psychosocial risk.
What Is EPC23?
EPC23 stands for Employer Practice Checklist. It is a 23-point checklist used to review existing employer control measures. The DOSH guideline explains that EPC23 guides employers in taking necessary actions based on LEO26 scores. It is required when the LEO26 score falls into the high-risk category.
In practice, EPC23 helps employers identify organisational gaps. For example, a company may discover that employees are facing high work demand because of unclear deadlines, insufficient manpower, poor communication or weak supervisor support.
What Is PRiMA Action Plan?
The PRiMA action plan is the risk management action plan used after risks have been identified and prioritised. The DOSH guideline describes the PRiMA table as a list of suggested actions for managing psychosocial risks. It is arranged according to the LEO26 components: Job Control, Work Demand and Job Support.
A good action plan should include:
- Identified psychosocial risk
- Affected department or work unit
- Existing control measures
- Recommended improvement actions
- Person in charge
- Implementation timeline
- Follow-up and reassessment date
Who Should Conduct PRisMA?
The DOSH guideline states that employers should appoint a Psychosocial Trained Person (PTP) to assist in conducting the PRisMA assessment. The PTP should undergo appropriate training and assist with identifying hazards, assessing controls, prioritising risk, managing risks, reassessing effectiveness, presenting findings and maintaining records.
The PTP must also maintain confidentiality and perform duties with integrity. This is important because psychosocial risk assessment may involve sensitive employee feedback, workplace complaints and internal management issues.
Employer Responsibilities Under PRisMA
Employers should not treat PRisMA as a one-time survey. It should be part of a continuous occupational safety and health improvement process.
Employer responsibilities include:
- Appointing a trained person to assist with PRisMA
- Informing employees about the purpose of the assessment
- Encouraging participation and honest feedback
- Protecting confidentiality
- Reviewing work unit results
- Preparing suitable control measures
- Implementing the action plan
- Reassessing risk after implementation
- Keeping proper records for audit and improvement
The DOSH guideline states that records must be kept by the employer for DOSH audit purposes and improvement for at least seven years or longer where applicable. It also highlights confidentiality under the Personal Data Protection Act 2010.
When Should Employers Reassess PRisMA?
Reassessment depends on risk level. According to the DOSH guideline, if any LEO26 component has a high-risk score, reassessment should be conducted after 12 months or when needed. If none of the components has a high-risk score, reassessment should be based on reactive criteria after two years or when needed.
Reactive triggers may include:
- High absenteeism
- High presenteeism
- High staff turnover
- Employee complaints
- Psychosocial-related reports or notifications
The DOSH guideline warns that a reactive approach can be detrimental to both employers and employees. A proactive approach is preferred.
How Employers Can Prepare for PRisMA
Before conducting PRisMA, employers should prepare internally. A rushed assessment may produce poor participation and unreliable results.
Recommended preparation steps:
- Identify work units to be assessed
- Appoint a suitable PTP
- Brief management and department heads
- Communicate clearly with employees
- Explain confidentiality and purpose
- Prepare survey and data collection method
- Review existing policies and controls
- Analyse results by work unit
- Prepare action plan
- Monitor and reassess effectiveness
The goal is not to blame employees or managers. The goal is to improve work design, work environment, communication, support and risk control.
PRisMA and HIRARC: What Is the Difference?
HIRARC focuses on hazard identification, risk assessment and risk control. It is commonly used for physical, chemical, biological, ergonomic and safety hazards. PRisMA applies similar risk management thinking to psychosocial hazards.
In other words, PRisMA can be treated as part of the broader workplace risk assessment system. It strengthens the organisation’s ability to manage risks that may not be visible during a normal workplace inspection.
For example, a machine hazard can be seen and measured. Psychosocial hazards may appear through workload patterns, employee feedback, absenteeism trends, complaints, conflict, turnover or poor support structures.
Benefits of PRisMA for Employers
A properly implemented PRisMA programme can help employers:
- Identify psychosocial risks before they escalate
- Improve workplace communication
- Reduce burnout and work-related stress
- Strengthen supervisor support
- Improve work design and workload planning
- Reduce absenteeism and turnover risks
- Improve employee morale and productivity
- Support OSHA 1994 risk assessment compliance
- Prepare better documentation for DOSH audit readiness
Most importantly, PRisMA moves workplace mental health from a reactive HR issue to a structured occupational health and safety process.
How Advanced HSE Solutions Can Help
Advanced HSE Solutions supports Malaysian employers with HSE consultancy, advisory, training, risk assessment and compliance solutions. For organisations preparing to implement PRisMA, a structured approach is important to ensure the assessment is properly planned, communicated, documented and followed by practical control actions.
Our team can assist with:
- PRisMA implementation planning
- Workplace psychosocial risk assessment support
- Work unit risk mapping
- Employer practice review
- Action plan preparation
- OSH documentation support
- HSE training and awareness
- Integration with existing OSH management systems
If your organisation wants to prepare for PRisMA, improve psychosocial risk management or strengthen OSHA 1994 compliance, contact Advanced HSE Solutions for professional guidance.
Conclusion
Psychosocial Risk Assessment PRisMA is an important development in Malaysia’s occupational safety and health landscape. It helps employers identify psychosocial hazards, assess risk levels, review existing controls and implement action plans to create safer and healthier workplaces.
For employers, the key message is clear: psychosocial risk should be managed systematically, not only after complaints or incidents occur. By implementing PRisMA, organisations can improve compliance, protect employee well-being and build a more resilient workplace.
FAQ Section for AEO
What is PRisMA in Malaysia?
PRisMA means Psychosocial Risk Assessment and Management in the Workplace. It is a DOSH Malaysia framework for identifying, assessing and managing workplace psychosocial risks such as workload, job control, support, bullying, harassment, long working hours and poor work-life balance.
Is PRisMA a mental health diagnosis?
No. PRisMA is not a clinical diagnostic tool. It is used to identify workplace psychosocial risk factors and guide employers in managing workplace-related psychosocial risks.
Who should conduct PRisMA?
Employers should appoint a Psychosocial Trained Person, or PTP, to assist with PRisMA assessment, risk prioritisation, action planning, reassessment and recordkeeping.
What are LEO26 and EPC23?
LEO26 is the PRisMA psychosocial risk assessment tool used to screen workplace psychosocial risks. EPC23 is the employer practice checklist used to assess existing control measures and guide risk management actions.
How often should PRisMA be reassessed?
If a work unit has a high-risk LEO26 score, reassessment should be conducted after 12 months or when needed. If there is no high-risk score, reassessment may be conducted after two years or when needed, depending on reactive criteria.
