This is why RISQS will verify supplier scheme members’ information via both the portal and the in-person audits undertaken each year.

The supplier verification process is undertaken by RISQS team members to quality-check information uploaded by suppliers. Those requirements can also have an expiry date, which means if the current document becomes expired, it will lead to suppliers becoming invisible to potential buyers on the RISQS portal. 

Each month, the RISQS team undertakes a communication exercise with suppliers to chase on expired requirements. 

Currently, there are over 50 requirement types causing suppliers to be non-compliant. However, the most common requirements are as follows.

Top 5 requirement expirations within the RISQS portal

1. Insurance

Working in the rail industry involves various risks, including accidents, damages, and liabilities. RISQS needs to provide assurances to buyers that suppliers have the correct insurance documents, which play a crucial role in mitigating risks, fulfilling contractual obligations, and maintaining trust and credibility within the rail industry ecosystem.

2. Financial information

RISQS requires suppliers to provide financial information as part of supplier assurance. This helps rail companies assess risk, ensure supply chain resilience, fulfil contractual obligations, mitigate risks, comply with regulations, and enhance confidence among stakeholders. 

3. Slavery

Many rail customers, including governments, corporations, and public entities, have procurement policies that prohibit the use of slave labour in their supply chains. This is why RISQS will verify that the supplier’s supply chains and operations are free from any form of forced labour or exploitation. 

4. Data protection

Implementing robust data protection policies demonstrates a commitment to protecting customer privacy and security. As suppliers often handle sensitive information about their customers, including personal and financial data, RISQS will verify that companies have the correct data protection policies in place to help ensure that this information is handled securely and responsibly, reducing the risk of data breaches, identity theft, and fraud. 

5. Contract references (case studies)

References provide a means for rail industry suppliers to verify the reputation and reliability of potential business partners. By contacting references, suppliers can gain insights into the quality of products or services offered, as well as the supplier’s track record for delivery, customer service, and adherence to quality standards. 

We would advise industry suppliers to revisit their supplier portal and check when requirements are due to expire so they can avoid falling into a non-compliant status.

Non-compliance status January 2022 to January 2024

As mentioned earlier, the RISQS team carries out a monthly assessment of non-compliant suppliers due to expired or incorrect requirements.

Over the past 2 years, as you can see in the graph below, the number of non-compliant suppliers has dropped significantly due to the efforts made by the team to chase, remind, and encourage suppliers to keep their portal up to date.


There were peaks in both April 2022 and April 2023. This is due to suppliers having an annual requirement to go back into their portal and reconfirm what duties they undertake under the CDM regulations. 

We would, therefore, encourage all suppliers to make a note in March to look into this on April 1 so they can avoid falling into a non-conformance status. 

Supplier document control—what to do next

To avoid falling into a non-compliant status, it’s imperative to ensure requirements are always kept up to date.

This role could be assigned to an individual who has responsibility to periodically review your company’s portal. Documents, such as insurances, usually have a specified validity date on them, so adding reminders into calendars to update records can also help to prevent expirations. 

The complete list of either missing or incorrect requirements uploaded by suppliers, causing non-conformance issues, is as follows:

  • insurances
  • financial information
  • slavery
  • data protection
  • contract references (case studies)
  • carbon management
  • group information
  • calibration
  • company information
  • human rights
  • bribery, corruption, and fraud
  • standards and specifications
  • community engagement
  • competency management
  • health and safety management contact details 
  • economy
  • supporting information — quality
  • equality
  • social issues
  • supply chain management
  • environmental management contact details 
  • prosecutions and convictions
  • supply chain management contact details
  • corporate social responsibility contact details
  • sustainability
  • quality control
  • sustainable procurement
  • financial auditor or accountant 
  • human resources
  • supporting information — corporate social responsibility
  • quality management contact details 
  • health and safety management system
  • infrastructure access 
  • locations
  • management team
  • audit contact details
  • business contact details
  • environmental management system 
  • business relations
  • principal contractor licence/principal contractor certificate 
  • quality management system
  • CDM client holders
  • CDM duty holders
  • CE/UKCA marking
  • security industry authority licence
  • ATLAS membership
  • waste disposal
  • unmanned aerial vehicles 
  • LEIA membership
  • NSAR track safety training.

The RISQS team reviews non-compliant companies each month and send communications to those affected to request that appropriate action is taken. If you do receive one of those communications, it is in your interest to act swiftly. Remember, non-compliant companies will not be visible to buyers on the RISQS portal. 

For any questions related to the RISQS scheme, please contact