Skip to main content


Frequently asked questions

Got questions? We’ll try to answer them.

Buyers FAQ

RISQS is the entry point for suppliers to the rail industry. Buyers of products and services throughout the GB rail industry use RSSB RISQS as its supplier qualification service. In short, we help suppliers sell into the GB rail industry by providing an open, fair and transparent way for them to be formally recognised as capable providers of products and services.

This means we support Network Rail, Transport for London, Transport for Wales, passenger and freight operating companies, rolling stock organisations, main infrastructure contractors and many other buying organisations in the management of supply chain risk.

The scheme embraces rail's qualification arrangements. RISQS is industry-owned, sponsored by a committee of representatives from across the rail industry. This reports into the RSSB Board. The RSSB provides a range of services to support operational delivery of the scheme.

Not necessarily, a request must be made to the, stating why your organisation needs buyer status, this will be reviewed by the Scheme Manager and you will be advised. The Scheme Management Organisation need to make sure that buyer level access will be used for legitimate procurement activity, also sometimes Supplier Patron level of access is more appropriate.

The rules on buyer access can be found on the scheme document: RISQSSD-005 – Buyer Terms & Conditions.

Membership fees are £6800 + VAT.
Membership runs for a calendar year from the date your organisation joins

When you first logged into the portal you were required to change your password, after this the initial password sent to you by the portal will no longer work.

Passwords must have a minimum of 8 letters and contain at least one upper case letter and one number

RICCL stands for Railway Industry Commodity Classification List, it is a flexible list that contains all the commodities (products and services) that are purchased for the Railway. Each supplier on the portal will have selected the RICCL codes relevant to the products and services they wish to supply. Enhanced RISQS uses RICCL codes instead of the previous RISQS coding system as this is based on an ISO that details how a rail system should be broken down into its constituent parts.

Your supplier may already be in RISQS, they may be already fully or partly compliant, our customer service team will review a verification response within 48 hours of submission.

If your supplier is new to RISQS they will need to provide information about their organisation; most organisations fill in their information over a few days, but it can be done in a few hours, and they can also assign specific requirements to different members of staff. Once they have submitted their completed requirements for assessment, they
will be verified and published within 3 working days. If they need to provide more information they will be notified by email.

Your supplier will also need to select RICCL codes for the products and services applicable to their organisation, some of the RICCL codes will have additional verification or auditable requirements.

Supplier organisations will need to provide a range of information about their company, things like, their management, insurances, their management systems arrangements, competence management and financial information. Most importantly the products and services their wish to provide to the industry.

Each RICCL code has a pre-determined risk level, click on the interactive RICCL for a full list, there are various ways of navigating the RICCL the easiest is by typing in the product or service, once selected the risk level ‘auditable or verification’ can be seen.

Where the RICCL code has a risk level of V (verification), this code will be given once all compliance information is completed and verified, where it is A (auditable) this requires your supplier to undertake an audit. Your supplier will only be searchable against this RICCL code once they have successfully undergone the relevant audit.

In the Shortlisted Supplier Questions tool, you can create a PAS91, using the PAS91 Question Template, and invite your suppliers to complete it. Where the questions have already been provided for RISQS compliance these will be pre-populated minimising the burden to your suppliers

You can have as many users on the portal as you like. However, your organisation will have one administrator user who can add and delete users for your organisation.

It is important that user information is kept up to date, the named ‘main contact’ will be used to contact the organisation. The Buyer must ensure all users are deleted as and when they leave your organisation, this is to ensure that the do not have continued access to your information and your suppliers information.

It is important that you appoint the right person within your organisation to be the main contact in RISQS, as this person will get notifications from the system and communications such as RISQS newsletters, information on audit failure of suppliers, HSQE bulletins from Infrastructure Managers.

The main contact will receive notifications when action is required by your organisation to update requirements in advance. Failure to update this information could mean that your organisation will not receive the system prompts and could lead to non-compliance and your organisation not being searchable for new procurement activity.

The customer services team use the main point of contact as the first person they contact for any issues with your account. RISQS from time to time issue information such as e-newsletters, minutes of Supplier and Buyer Consultation Meetings, up-coming platform changes etc. These will go to the ’main contact’

You can create Supplier Surveys using the Shortlisted Supplier Questions tool (SSQ) to ask suppliers for any additional information that you require. When you publish your survey, you can invite specific suppliers, or all the suppliers from your different supplier lists, to complete your survey. This information can be viewed in the portal or downloaded.

Yes, when you are logged into the portal you can set up as many different supplier lists as you wish. For each supplier list, you can set up email alerts for when a supplier status has changed, their membership has expired, there financial score has increased or decreased, they have updated information, added or dropped RICCL codes, gone out of business and failed or passed an audit.

Yes, there is a range of online training material available both on the RISQS website, and videos within the portal, these videos can be found near the top right-hand side of the screen (a blue box), these videos are specific to that page.
On becoming a buyer, you will be sent communications to confirm all users and training requirements.

Further training can be requested by an e-mail to

The RISQS scheme can be used by Buyer members for contracts that are over the EU thresholds and the scheme can be used to assist them maintain compliance to the Regulations, providing they understand their specific responsibilities as an organisation.

RISQS publishes Qualification System Notices (QSNs) in the Official Journal of the European Union (OJEU) on behalf of its Buyer members, which allows organisations that are classed as Utilities under the Utilities Contracts Regulations 2016 to compile tender lists for over-threshold contracts directly from the RISQS system, without issuing any further calls for competition. The rules differ for Buyer organisations covered by the Public Contracts Regulations 2016, in that they need to publish Notices in OJEU for each over-threshold contract. They can and do direct interested suppliers to RISQS and use the system to compile their tender lists. The RISQS system contains guidance around its use and EU procurement law, however, this is a complex area and Buyer members should ensure they have access to specialist advice.

Companies that indicate their need to be a Sentinel Sponsor within their RISQS Supplier profile (infrastructure access section) will be required to undergo an audit. The audit will be against the Industry Minimum Requirements (IMR) and any additional audit modules (Sentinel) that are triggered by these profile answers.

A successful audit of the IMR and Sentinel modules will be communicated to Sentinel, allowing the company to become or remain a Sentinel Sponsor

The enhanced RISQS system has been developed in a way that allows for rapid updates. Legislation changes that impact on the process or audits will need to follow a sign-off route before any changes are made to the system. However, because the system is designed to accommodate change, the updates can be incorporated well before the changes come into force, ensuring constant compliance is always possible.

As a buyer you will be invited to attend the Buyer Consultation Group, invites will be sent to the primary point of contact. This group can, on consensus, request that an agenda items be taken to the RISQS Committee for further review.

The Benchmarking Tool was added to the scheme, as a result of a Buyer led working

As a Supplier an organisation can demonstrate through compliance (verification and /or audit) that they have the processes and procedures to supply their chosen products / services.

As Supplier Patron in addition an organisation gains access to search and identify other verified suppliers by their products and services, or company name.

As a Buyer organisation the scheme will publish notices to maintain compliance with relevant procurement legislation (as per Q16), their users have access to review compliance information including audit reports, get notifications of all audit failures. Buyers can create bespoke lists of organisations to ask Supplier Specific Questions (SSQs) either for ongoing assurance requirements or pre-qualification for a tender process. There are further additional benefits within the benchmarking functionality where a buyer can select a group of suppliers using RICCL codes or lists, then review and compare against the verification question set.

Firstly, you need to determine what the limited scope is referring to; limited scope may simply mean that your supplier has added additional auditable RICCL codes which may / may not be relevant to you.

To find out, go into the RICCL codes section, change the status to ‘status = Not OK’ and press apply, the list product or services the organisation has not been audited against allowing you to review and make a decision.

On the RISQS website there is a section on the RICCL, there is a commodity list which is an interactive RICCL search function, or there is a downloadable Products and Services RICCL Brochure in pdf format.

RISQS publishes Qualification System Notices (QSNs) in the Official Journal of the European Union (OJEU) on behalf of its Buyer members, including Network Rail and TfL, which allows organisations that are classed as Utilities under the Utilities Contracts Regulations 2016 to compile tender lists for over-threshold contracts directly from the RISQS system, without issuing any further calls for competition. See the buyers section for more information.

Logon to the portal and select your supplier, within the verification section is a list of all the requirements, to the right hand side you can select view requirement, there will be a list of items relevant to the requirement which you can select and see the details where there is a blue symbol you can open the actual document provided.

Logon to the portal and select your supplier, within the audit section will be a high level of all that suppliers audits (type, modules audited, results etc), you can download the audit report and get full details of the audit including all NCRs raised.

If you can’t find the answer you’re looking for, contact our help desk on 0800 4101 300 or email You can ask them to add your question to our FAQ, too.

Keep up with the industry

Sign up to the RISQS mailing list for the latest rail industry news and member updates.