To mitigate these risks, organisations across the rail industry have been implementing robust cybersecurity measures, including strong passwords, regular software updates, employee training on security best practices, network monitoring, data encryption, and the use of multi-factor authentication.

Over the past few months, we have been working with Costain to develop a multi-factor authentication solution for their employees to log onto the RISQS portal, as part of their Cyber Essentials Plus and ISO 27001 certifications.


Multi-factor authentication (MFA), also known as two-factor authentication (2FA) or multi-step verification, is a security process that requires users to provide two or more forms of identification before gaining access to an account or system.

The goal of MFA is to add an extra layer of security beyond the traditional username and password combination, which can be vulnerable to various cyber threats.

The MFA process we have developed will require a passcode to be sent via company email to the employee. This ensures only company employees can access the RISQS portal.

Please be advised that this change does not affect your access in any way. However, if you wish to discuss MFA access to the RISQS portal, please email us at

We are currently considering how to integrate multi-factor authentication as standard when the new RISQS portal goes live in 2024. More details will be shared when available.