RISQS Membership Conference 2022

On Monday 16 May 2022 we hosted the RISQS Membership Conference 2022, our first in person meeting after the Covid-19 pandemic.

The day provided insightful sessions on many key industry topics including Cyber Security, Sustainable Rail, Network Rail’s Procurement, Modern Slavery, Supporting Rail Suppliers, Learning from accidents and many more.

Notable speakers on the day included: 

  • Paul McLaughlin, Chief Commercial Officer, RSSB
  • David Clarke, Technical Director, RIA
  • Rupert Lown, Chief Health and Safety Officer, Network Rail
  • James Brewer, Head of Rail Supply Chains, BEIS
  • Catherine Westoby, Net Zero Business Engagement Lead, BEIS
  • Emma Taylor, Head of Digital Safety, RazorSecure
  • George Davies, Director of Sustainable Development, RSSB
  • Claire Dove CBE, Crown Representative, VCSE
  • Phil Smith, Scheme Manager, RSSB
  • Daniel Scully, Chief Operating Officer, Gangmasters and Labour Abuse
  • Allan Spence, Director of Regulator Liaison, Network Rail
  • Tony Howard, Director of Assurance, RSSB, and
  • Daljinder Chatta, Commercial Director, Network Rail.

RISQS’ Code of conduct has been updated

We have updated our auditor Code of Conduct process to ensure auditors follow the new Hybrid auditing model that launched on 2nd May 2022.

The code of conduct also confirms criteria for the location of audit and the correct procedure for any changes.

Full details can be found on the RISQS website under scheme documentation SD001.

For more information, contact Scott.McCormick@rssb.co.uk.

Hybrid working – RISQS’ way forward

At the RISQS Committee meeting on 11 January 2022, the Hybrid Audit approach was signed off as a sensible way forward. The launch of hybrid auditing took place on the 2 of May 2022

Current government guidance has changed to being able to return to workplaces or locations. RISQS Buyers & Suppliers were informed in February 2022.

Updates have been made to the RISQS website and platform regarding the scheme documentation.

For more information on our new hybrid working model, contact scheme.manager@risqs.org.

Rail Safety and Standards Board (RSSB) updates the RICCL

What’s changed?

Network Rail Standard NR/L2/SCO/302 module 2 has provided the scope requirement for the CDM module as:

Scope - This module specifies the requirement for supplier qualification. It applies to:

  1. Network Rail employees contracting a supplier safety critical work
  2. Suppliers who undertake activities defined with the Construction Design and Management Regulations 2015.

Why has it changed?

The requirement was implemented following concerns raised within Network Rail that a large proportion of the rail industry supply chain were not operating in compliance with the CDM Regulations. 

As a result, the scope was separated from the ‘Industry Minimum Requirements (IMR)’ into Module 1 ‘Core’ and Module 2 ‘CDM’ to ensure all suppliers who discharge duties under the Regulations undertake an assurance audit due to the increased risk the services present.

To support and meet the expectations of Network Rail and all other key Stakeholders and Buyers in the rail industry, RSSB have changed the status of any verifiable RICCL code that’s falls within the scope of the CDM Regulations to ‘auditable’.

As the audit requirement will impact some suppliers for the first time, it is RSSB intention to introduce a six-month compliance date. This will provide suppliers time to either streamline their services, to meet their actual capabilities (that is to say remove the code from their offering) or prepare for an audit for the CORE and CDM module.

On the confirmed compliance date (which will be announced shortly), suppliers with RICCL that have changed from verifiable to auditable will fall into the following categories: 

  1. Audit required: Organisations who do not have a live auditable module in place (i.e., no sentinel module or have no auditable codes), will need to prepare and book in a first-time audit with the Scheduling team if they wish to continue to hold the newly changed RICCL after the compliance date.
  2. RICCL to show Live: Suppliers who have undertaken the CDM module and showing as live on the portal, the newly changed codes will be added to your current profile alongside all other live codes. A CDM audit will only be required at your next renewal audit date.
  3. RICCL held on account as unqualified: For suppliers who have been audited previously (i.e., CORE and Sentinel), but have not undertaken the CDM module, the codes will be added to your account but shown as unqualified. All other codes that have been audited will remain live and a CDM audit will only be generated for your next renewal audit date. Should a supplier need the codes prior to a renewal date, an out of turn audit can be requested.

The RICCL can be accessed here.

Do you know the most recent regulations around CDM (2015)?

What is changing?

To support the railway industry supply chain, RSSB have released the latest version of RICCL. This will provide a confirmation of which services fall within the remit of the CDM Regulations and therefore require an audit against the CDM modules as prescribed by the standard NR/L2/SCO/302 module 2.

Please note: the CDM regulation is required by law, please ensure that you are up to date with all the regulations.

What happened next?

Since 20 April 2022, there has been a change to the CDM compliance questions. The new requirements are as follows:

Question 591 will require all suppliers to answer:

Does your organisation discharge ‘Client’ duties under the Construction (Design and Management) Regulations 2015?

This will be a ‘yes’ or ‘no’ answer requirement with all ‘yes’ answers generating the CDM module to assess the Suppliers capabilities to discharge duties as a client.

Only for Suppliers who have selected a CDM RICCL and a CDM Activity (see appendix A)

Suppliers who have selected CDM applicable codes and associated activities will need to confirm their CDM status within QID 592, which will read:

Please confirm which duties you discharge under the Construction (Design and Management) Regulations 2015.

Suppliers will receive the following duties on a drop-down menu:

  • Principal Contractor
  • Principal Designer
  • Designer and Contractor.

The applicable status will need to be selected should this question be raised as part of the CDM services you have chosen.

What does this change mean for me?

You should have by now logged into the RISQS portal to review the required questions and answers to maintain compliance. If you have yet to do this, please do so as soon as possible.

Who to contact for help?

Our team remain ready to help and support you if needed. Contact our support team by emailing info@risqs.org.

Top 3 areas suppliers fail their audits

We have been asked many times – what are the reasons suppliers fail their audits?

We’ve round up the top three areas and the reasons that cause suppliers to fail their audits. Be sure to read and understand them.

Top three major areas of non-conformances (2021-2022)

  • Core 7.3 Alcohol & Drug Arrangements

Reason 1: The company could not demonstrate that the required 5% unannounced drugs and alcohol screening had been carried out in the previous 12 months.

Reason 2: At the time of audit, the company had not carried out a risk-based programme of random testing for their personnel and no current “For Cause” contract with a RISQS approved supplier.

Reason 3: The company did not have arrangements for the management of alcohol and drugs and For Cause arrangements were not in place.

  • Core 8.1 Monitoring

Reason 1: The company had failed to close out the major non-conformance within last years' report. The company also received a Major NC within their ISO audit report for failure to address findings raised in their previous audit. 

Reason 2: The Minor non-conformance raised in last years' RISQS audit was not registered in the company’s NCR register in 2020 or 2021. As such no action has been taken to address the non-conformance resulting in a Major NC being raised against protocol requirement 8.1e. 

Reason 3: The company have also failed in the identification, tracking and the close out of corrective actions and/or improvement plans. Protocol requirement 8.1 iii.

  • Core 3.1 Organisation & Sub Contractor Management 

Reason 1: The company could not demonstrate a list of qualified organisations containing sufficient and appropriate information to aid selection for contract – several suppliers had no supporting evidence.

Reason 2: The company could not demonstrate a review periodically of organisations’ qualifications (annually as a minimum) – several suppliers had not been verified for qualifications or competence.

Reason 3: The company could not demonstrate a mechanism for supply chain auditing.

For more information on how to make the most out of your audits, email scheme.manager@risqs.org.