Workplace Harassment training methodology
How NureComp's harassment programme maps to the Worker Protection (Amendment of Equality Act 2010) Act 2023, the Employment Rights Act 2025 (effective 1 October 2026) and the EHRC eight-step framework. This document is the audit-defensible explanation of the training's shape.
Self-authored v1.0 — pending UK employment law solicitor review per Doc 22 §B.1 and EHRC-experienced compliance practitioner review per Doc 31 §5.3. Sign-off names appear here once review completes.
1. Statutory anchor
Section 40A of the Equality Act 2010 (as inserted by the Worker Protection Act 2023, in force from 26 October 2024) places a proactive duty on employers to take reasonable steps to prevent sexual harassment of employees in the course of their employment.
The Employment Rights Act 2025, effective 1 October 2026, makes two material amendments:
- “Reasonable steps” becomes “all reasonable steps” — every reasonable preventative step that was open to the employer must have been taken; the defence bar moves up materially.
- Third-party harassment liability — employers become liable for harassment of staff by clients, customers, suppliers, visitors and the public, across all protected characteristics (not only sexual harassment).
From 6 April 2026, disclosures about sexual harassment qualify as protected disclosures under whistleblowing law. NureComp surfaces this protection in survey introductions and provides an explicit formal-disclosure route the learner controls.
2. EHRC eight-step framework — section-by-section mapping
Until secondary regulations land (expected 2027), the EHRC eight-step framework is the working benchmark for “all reasonable steps”. Every NureComp customer's evidence pack section 2 maps directly to these eight steps.
| EHRC step | What it requires | NureComp artefact |
|---|---|---|
| 1. Anti-harassment policy | Clear definitions, examples, reporting routes, confidentiality, consequences. | Policy registry; signed acknowledgement audit-logged. |
| 2. Engaged staff | Surveys, focus groups, exit interviews to understand the risk landscape. | Workplace Risk Survey (10-question, aggregate-only). |
| 3. Risk assessment | Documented, site-specific, role-specific, third-party-specific, reviewed annually. | Risk surface map from survey + sites + third-parties tables. |
| 4. Reporting channels | Multiple, accessible routes (manager, HR, anonymous, external). | Reporting-channel register + audit log of reports raised. |
| 5. Train your staff | All staff regular refresher; additional manager training; sector scenarios. | Core module + 6 role overlays + 8 sector overlays + final assessment. |
| 6. Action when harassment happens | Investigation, communication, support. | Action plan tracker (customer-operated, NureComp-logged). |
| 7. Third-party harassment | Assess third-party risks; take steps to reduce. | Third-parties register + briefing tracker + contract-clause checklist. |
| 8. Monitor and evaluate | Review effectiveness, update steps based on findings. | Annual programme-review trigger + evidence-pack regeneration. |
3. Role-mapping algorithm
For each learner, the platform reads their workforce profile (Doc 30 §3.1) and assigns:
- The core foundations module (always)
- Manager overlay if
is_manager - Public-facing overlay if
is_public_facing - Contractor-handling overlay if
is_contractor_handling - Lone-worker overlay if
is_lone_worker - Night-shift overlay if
works_night_shift - One sector overlay based on learner's
sector_id - The final scenario assessment (always)
A receptionist at a law firm gets foundations + public-facing + professional services sector + assessment (~60 min). A night warehouse supervisor at a logistics company gets foundations + manager + lone worker + night shift + general sector + assessment (~95 min). Incumbents send both the same 40-minute module.
4. Privacy posture
Harassment survey responses are aggregate-only by default (Doc 30 §7.6). Individual responses are never visible to customer admins. Results surface only after 5+ responses in a cohort. Learners are told this before they answer the first question.
Reflections (Doc 26 §5) are visible to the learner only. Admin opt-in to org-wide reflection visibility changes the learner-facing prompt to disclose.
5. Sensitive-content design
- Sensitive-content warnings at the start of modules that discuss specific scenarios
- Pause and resume affordance prominent — learners may need to step away
- Support resources at the end of every module (Samaritans, Rape Crisis, ACAS, sector bodies)
- Trauma-aware tone — acknowledges learners may be survivors
- Non-judgmental of bystanders and victims; clear about perpetrator responsibility
6. Renewal cadence
Annual renewal by default. Customer admins can re-launch the Workplace Risk Survey within a cycle if a material incident occurs. Refresher cycle starts ~30 days before the renewal anniversary.
7. Content review chain
Required reviewers per Doc 31 §5.3 before general availability:
- UK employment law solicitor (regulatory accuracy)
- EHRC-experienced compliance practitioner (operational accuracy)
- Sector-specific reviewer for at least the heaviest-risk sectors (hospitality, healthcare, education)
8. What this methodology does NOT cover
- Investigation procedure operations (customer-operated; NureComp tracks the action plan)
- Clinical or counselling support (signposted only; not provided)
- Northern Ireland (current statutes apply to England, Scotland, Wales only)
- Secondary regulations expected 2027 (will be incorporated once published)
See also: Article 4 methodology · CPD methodology · Privacy policy