This policy helps us decide whether we want to use a third-party to administer an authorisations regime on our behalf.


When we use third parties (PDF 342 KB)

It applies to all authorisation regimes we administer.1

For this policy, a third-party is a person or body separate to WorkSafe who performs certain powers and functions on our behalf. Consultants and contractors we employ are not considered a third-party in this policy.

This policy covers how we decide:

  • whether to use a third-party
  • which third-party we use.

You should read the Authorisations policy alongside this policy.

This policy doesn’t cover:

  • how we manage appeals and decisions to revoke a third-party’s powers and functions
  • situations where the regulations provide for us to take back the powers and functions of a third-party in the event of market failure.

How we decide whether to use a third-party

This section applies only when the regulations let us choose to use a third-party. The things we consider when deciding whether to use a third-party are as follows.

Whether we’re able to do so legally

We ensure that:

  • the regime’s regulations provide for us to use a third party.

Our capability and capacity

We make sure we understand:

  • the capability required for us to administer or provide assurance over the regime, including how it varies over time
  • our existing capability and any gaps in it
  • our ability to employ or engage staff or contractors, and
  • the cost and impact of delivering a regime ourselves.

The appropriateness of using a third-party and potential impacts on the regime’s integrity

We consider:

  • if using a third-party for that regime aligns with our regulatory approach
  • the advantages and disadvantages of using a third-party rather than performing the functions and powers ourselves
  • the potential impacts (negative and/or positive) on the integrity of the relevant authorisation and regime
  • how a third-party contributes effectively to our objectives, including regime-specific objectives, and
  • the regime-specific risks and risks associated with using a third-party, and whether we can eliminate, mitigate or accept these.

How we decide which third-party to use

This section applies where the regulations:

  • let us choose to use a third-party, or
  • say we must use a third-party.

We only use a particular third-party when they meet the requirements set out in the relevant regulations and they have, or are likely to have, the qualities below.

They have good integrity

We consider the third-party’s:

  • accreditation (where required)
  • ability to demonstrate that they can manage conflicts of interest to our satisfaction
  • historical and current conduct and culture, and
  • ability to act in a way that is fair, transparent, will promote health and safety, and be in the public interest.

They have a suitable knowledge base and systems

We consider the third-party’s:

  • experience and expertise to deliver the functions and exercise the powers, and
  • ability to demonstrate they have a sound technical understanding of:
    • the authorisation regime and regulations that govern it
    • the powers and functions they would assume, and
    • what’s required of them to fulfil those powers and functions.

They’re likely to be efficient and effective

We consider if the third-party can demonstrate that they have, or will have:

  • appropriate capacity in place to ensure efficient and effective delivery of the relevant functions in a timely manner
  • a documented quality assurance framework that ensures they provide a consistent quality of service and sound decision-making, and
  • documented processes and procedures, including how they:
    • intend to comply with the Privacy Act 2020
    • share information with us to support our interventions, for example, potential non-compliances
    • will manage complaints, challenges to their decisions, and abide by any appeals to WorkSafe, and
    • will update registers, if any.

They are, and are likely to remain, financially viable

We consider if the third-party:

  • can bear the costs of carrying out their functions and powers, and
  • has plans to manage significant business disruptions, for example, economic risks like a recession.

How we know that third parties are operating as expected

This section applies where the regulations:

  • let us choose to use a third-party, or
  • say we must use a third-party.

We monitor our third parties to ensure they’re operating in line with this policy. If they’re not, we’ll engage with them and consider all available options, applying the principles of natural justice. This could include removing their powers and functions.


1 In the event of conflict between the contents of this policy and specific regulations and/or a cabinet decision, the regulations or cabinet decision prevail.