Buyers FAQs
-
How can RISQS assist my organisation with procuring products or services?
RISQS is the entry point for suppliers to the rail industry. Buyers of products and services throughout the GB rail industry use RSSB RISQS as its supplier qualification service and, post-February 2025, as a Dynamic Market. In short, we help suppliers sell into the GB rail industry by providing an open, fair, and transparent way for them to be formally recognised as capable providers of products and services.
This means we support Network Rail, Transport for London, Transport for Wales, passenger and freight operating companies, rolling stock organisations, main infrastructure contractors, and many other buying organisations in the management of supply chain risk.
The scheme embraces rail’s qualification arrangements. RISQS is industry-owned and sponsored by a committee of representatives from across the rail industry. This reports into the RSSB Board. RSSB provides a range of services to support operational delivery of the scheme. -
Can any organisation be a RISQS buyer?Not necessarily, a request must be made to the info@risqs.org, stating why your organisation needs buyer status, this will be reviewed by the Scheme Manager and you will be advised. The Scheme Management Organisation need to make sure that buyer level access will be used for legitimate procurement activity, also sometimes Supplier Patron level of access is more appropriate.
-
What are the rules for being a Buyer?The rules on buyer access can be found on the scheme document: RISQSSD-005 – Buyer Terms & Conditions.
-
How much does buyer membership cost?
Membership fees are £7,854 +VAT.
Membership runs for a calendar year from the date your organisation joins.
From 06/04/25 Buyer membership will cost £8027 + VAT
For more information on pricing from 06/04/25 please click here
-
Why is my initial password no longer working?
When you first log into the portal you will be required to change your password, after this the initial password sent to you by the portal will no longer work.
Passwords must have a minimum of eight letters and contain at least one upper case letter and one number.
-
What are RICCL codes?
RICCL stands for Railway Industry Commodity Classification List. It is a flexible list that contains all the commodities (products and services) that are purchased for the railway. Each supplier on the portal will have selected the RICCL codes relevant to the products and services they wish to supply. RISQS uses RICCL codes, as this is based on an ISO that details how a rail system should be broken down into its constituent parts.
Each RICCL code has a pre-determined risk level. For a full list, please visit the RSSB website. There are various ways of navigating the RICCL. The easiest is by typing in the product(s) or service(s) and, once selected, the risk level ‘auditable or verification’ can be seen.Auditable: Selecting a code with the auditable risk level will require your organisation to undergo and pass a RISQS audit before being qualified to provide a product(s) or service(s) to railway industry buyers under the RISQS scheme.
Verification: Verification codes do not require a RISQS audit and on passing the verification process your registration is complete. -
How long does the supplier verification process take?
Your supplier may already be in RISQS, they may be already fully or partly compliant, our customer service team will review a verification response within 48 hours of submission.
If your supplier is new to RISQS they will need to provide information about their organisation; most organisations fill in their information over a few days, but it can be done in a few hours, and they can also assign specific requirements to different members of staff. Once they have submitted their completed requirements for assessment, they will be verified and published within 3 working days. If they need to provide more information they will be notified by email.
Your supplier will also need to select RICCL codes for the products and services applicable to their organisation, some of the RICCL codes will have additional verification or auditable requirements.
-
What kinds of information do supplier organisations need to provide?
Suppliers need to provide a range of information about their company, such as: information about their management team, their insurance policies, their management systems arrangements, their competence management, and their financial information.
Most importantly, they will be asked to select the products and services they wish to provide to buyers in the industry. See a guide to the products and services.
-
How do I know if my supplier needs an audit?
Each RICCL code has a pre-determined risk level, click on the interactive RICCL for a full list, there are various ways of navigating the RICCL the easiest is by typing in the product or service, once selected the risk level ‘auditable or verification’ can be seen.
Where the RICCL code has a risk level of V (verification), this code will be given once all compliance information is completed and verified, where it is A (auditable) this requires your supplier to undertake an audit. Your supplier will only be searchable against this RICCL code once they have successfully undergone the relevant audit.
-
Can I ask suppliers to complete a PAS91 questionnaire via the RISQS system?In the Shortlisted Supplier Questions tool, you can create a PAS91, using the PAS91 Question Template, and invite your suppliers to complete it. Answers provided for RISQS compliance questions will be pre-populated minimising the burden to your suppliers.
-
How many users can I have for the RISQS portal?
You can have as many users on the portal as you like. However, your organisation is required to ensure that access is only given to existing employees, and that users be kept up to date in line with the requirements in the Buyer Terms and Conditions.
-
Who should be our main contact?
It is important to appoint the right person within your organisation to be the main contact in RISQS. This individual will receive notifications from the system and communications such as RISQS newsletters, information on audit failure of suppliers, HSQE bulletins from Infrastructure Managers.
The main contact will receive notifications when action is required by your organisation to update requirements in advance. Failure to keep the main contact information up to date could mean that your organisation will not receive the system prompts. This could lead to non-compliance and your organisation not being searchable for new procurement activity.
The main point of contact is the first person our customer services team contact for any issues with your account. Additionally, from time-to-time RISQS issue information such as e-newsletters, minutes of Supplier and Buyer Consultation Meetings, up-coming platform changes etc. to the designated main contact.
-
What should I do if I want to ask my suppliers questions not included in RISQS?You can create Supplier Surveys using the Shortlisted Supplier Questions tool (SSQ) to ask suppliers for any additional information that you require. When you publish your survey, you can invite specific suppliers, or all the suppliers from your different supplier lists, to complete your survey. This information can be viewed in the portal or downloaded.
-
Can I get an alert if the status of one of my key suppliers’ changes?Yes, when you are logged into the portal you can set up as many different supplier lists as you wish. For each supplier list, you can set up email alerts for when a supplier status has changed, their membership has expired, there financial score has increased or decreased, they have updated information, added or dropped RICCL codes, gone out of business and failed or passed an audit.
-
Is training available for my users?
Yes, there is a range of online training material available both on the RISQS website, and videos within the portal, these videos can be found near the top right-hand side of the screen (a blue box), these videos are specific to that page.
On becoming a buyer, you will be sent communications to confirm all users and training requirements.
Further training can be requested by an e-mail to info@risqs.org.
-
Does RISQS enable my company to be a Sentinel Sponsor?
Companies that indicate their need to be a Sentinel Sponsor within their RISQS Supplier profile (infrastructure access section) will be required to undergo an audit. The audit will be against the Industry Minimum Requirements (IMR) and any additional audit modules (Sentinel) that are triggered by these profile answers.
A successful audit of the IMR and Sentinel modules will be communicated to Sentinel, allowing the company to become or remain a Sentinel Sponsor.
-
How long will it take for RISQS to catch-up when legislation changes?RISQS has been developed in a way that allows for rapid updates. Legislation changes that impact the process or audits will need to follow a sign-off route before any changes are made. However, because the system is designed to accommodate change, the updates can be incorporated well before the changes come into force, ensuring that constant compliance is always possible.
-
How can I change the scheme?
Some of our Protocols and Scheme Rules are driven by the Infrastructure Managers’ requirements for access and safety around the track. There are other protocols that have been created for use by others, which you can input to, and you can also make suggested changes through the Consultation groups to the RICCL and Infrastructure Manager standards.
-
What additional benefits are there from Supplier / Supplier Patron?
As a Supplier an organisation can demonstrate through compliance (verification and /or audit) that they have the processes and procedures to supply their chosen products / services.
As Supplier Patron in addition an organisation gains access to search and identify other verified suppliers by their products and services, or company name.
As a Buyer organisation the scheme will publish notices to maintain compliance with relevant procurement legislation (as per Q16), their users have access to review compliance information including audit reports, get notifications of all audit failures. Buyers can create bespoke lists of organisations to ask Supplier Specific Questions (SSQs) either for ongoing assurance requirements or pre-qualification for a tender process. There are further additional benefits within the benchmarking functionality where a buyer can select a group of suppliers using RICCL codes or lists, then review and compare against the verification question set.
-
My supplier is showing as ‘Limited Scope’ does this mean I cannot use them?
Firstly, you need to determine what the limited scope is referring to. Limited scope may simply mean that your supplier has added additional auditable RICCL codes which may or may not be relevant to you.
To find out, go into the RICCL codes section, change the status to ‘status = Not OK’ and press apply, the list product or services the organisation has not been audited against allowing you to review and make a decision.
-
How do I view all the RICCL codes available?On the RISQS portal, there is a commodity list, and this has an interactive RICCL search function. There are various ways of navigating the RICCL. The easiest is by typing in the product(s) or service(s) your organisation supplies. Alternatively, there is a .pdf version of the RICCL here.
-
How do I view my suppliers’ documents, for example insurance certificates?Logon to the portal and select your supplier. The verification section contains a list of all the requirements. To the right-hand side you can select view requirement, there will be a list of items relevant to the requirement which you can select and see the details. Where there is a blue symbol you can open the actual document provided.
-
I’ve received an email informing me a supplier has failed an audit, how do I see the details?Logon to the portal and select your supplier. Within the audit section you will see high level information on all the audits for that supplier (type, modules audited, results etc). You can download the audit report and get full details of the audit including all NCRs raised.
Logon to the portal and select your supplier, within the audit section will be a high level of all that suppliers audits (type, modules audited, results etc), you can download the audit report and get full details of the audit including all NCRs raised.