RISQS Newsletter - May 2022
RISQS Membership Conference 2022
On Monday 16th May 2022 we hosted the RISQS Membership Conference 2022, our first in person meeting after the Covid-19 pandemic.
The day provided insightful sessions on many key industry topics including Cyber Security, Sustainable Rail, Network Rail’s Procurement, Modern Slavery, Supporting Rail Suppliers, Learning from accidents and many more.
Notable speakers on the day included:
- Paul McLaughlin, Chief Commercial Officer, RSSB
- David Clarke, Technical Director, RIA
- Rupert Lown, Chief Health and Safety Officer, Network Rail
- James Brewer, Head of Rail Supply Chains, BEIS
- Catherine Westoby, Net Zero Business Engagement Lead, BEIS
- Emma Taylor, Head of Digital Safety, RazorSecure
- George Davies, Director of Sustainable Development, RSSB
- Claire Dove CBE, Crown Representative, VCSE
- Phil Smith, Scheme Manager, RSSB
- Daniel Scully, Chief Operating Officer, Gangmasters and Labour Abuse
- Allan Spence, Director of Regulator Liaison, Network Rail
- Tony Howard, Director of Assurance, RSSB, and
- Daljinder Chatta, Commercial Director, Network Rail.
RISQS’ Code of conduct has been updated
We have updated our auditor Code of Conduct process to ensure auditors follow the new Hybrid auditing model that launched on 2nd May 2022.
The code of conduct also confirms criteria for the location of audit and the correct procedure for any changes.
Full details can be found on the RISQS.org website under scheme documentation SD001.
For more information, contact Scott.McCormick@rssb.co.uk.
Hybrid working – RISQS’ way forward
At RISQS Committee on 11th January 2022, the Hybrid Audit approach was signed off as a sensible way forward. The launch of hybrid auditing took place on the 2nd of May 2022
Current government guidance has changed to being able to return to workplaces/locations as of now. RISQS Buyers & Suppliers were informed in February 2022.
Updates have been made to the RISQS website and platform regarding the scheme documentation.
For more information on our new hybrid working model, contact email@example.com.
Rail Safety and Standards Board (RSSB) updates the RICCL
Network Rail Standard NR/L2/SCO/302 module 2 has provided the scope requirement for the CDM module as:
This module specifies the requirement for supplier qualification.
It applies to:
- a) Network Rail employees contracting a supplier safety critical work
- b) Suppliers who undertake activates defined with the Construction Design and Management Regulations 2015.
Why has it changed?
The requirement was implemented following concerns raised within Network Rail that a large proportion of the rail industry supply chain were not operating in compliance with the CDM Regulations.
As a result of these concerns, the scope was separated from the ‘Industry Minimum Requirements (IMR)’ into Module 1 ‘Core’ and Module 2 ‘CDM’ to ensure all Suppliers who discharge duties under the Regulations undertake an assurance audit due to the increased risk the services present.
To support and meet the expectations of Network Rail and all other key Stakeholders and Buyers in the rail industry, the RSSB have changed the status of any verifiable RICCL code that’s falls within the scope of the CDM Regulations to ‘auditable’.
As the audit requirement will impact some suppliers for the first time, it is the intention of the RSSB to introduce a 6-month compliance date to allow suppliers time to either streamline their services, to meet their actual capabilities (that is to say remove the code from their offering) or prepare for an audit for the CORE and CDM module.
On the confirmed compliance date (will be announced shortly), suppliers with RICCL that have changed from verifiable to auditable will fall into the following categories:
- Audit required: For organisations who do not have a live auditable module in place (i.e., no sentinel module or have no auditable codes), they will need to prepare for a first-time audit and book in with the Scheduling team if they wish to continue to hold the newly changed RICCL after the compliance date.
- RICCL to show Live: Suppliers who have undertaken the CDM module and showing as live on the portal, the newly changed codes will be added to your current profile alongside all other live codes. A CDM audit will only be required at your next renewal audit date.
- RICCL held on account as unqualified: For suppliers who have been audited previously (i.e., CORE and Sentinel), but have not undertaken the CDM module, the codes will be added to your account but shown as unqualified. All other codes that have been audited will remain live and a CDM audit will only be generated for your next renewal audit date. Should a supplier need the codes prior to a renewal date, an out of turn audit can be requested.
The RICCL can be accessed via the RISQS portal otherwise it can be accessed via the RSSB website here.
Do you know the most recent regulations around CDM (2015)?
What is changing?
Following on from the RICCL story above, to support the railway industry supply chain, the Rail Safety and Standards Board (RSSB) have released the latest version of the Railway Industry Commodity Classification List (RICCL) which will provide a confirmation of which services fall within the remit of the CDM Regulations and therefore require an audit against the CDM modules as prescribed by the standard NR/L2/SCO/302 module 2.
Please note: the CDM regulation is required by law, please ensure that you are up to date with all the regulations.
What happened next?
Since 20th April 2022, there has been a change to the CDM compliance questions. The new requirements are as follows:
Question 591 will require all suppliers to answer:
Does your organisation discharge ‘Client’ duties under the Construction (Design and Management) Regulations 2015?
This will be a ‘yes’ or ‘no’ answer requirement with all ‘yes’ answers generating the CDM module to assess the Suppliers capabilities to discharge duties as a client.
Only for Suppliers who have selected a CDM RICCL and a CDM Activity (see appendix A)
For those suppliers who have selected CDM applicable codes and associated activities they will need to confirm their CDM status within QID 592, which will read:
Please confirm which duties you discharge under the Construction (Design and Management) Regulations 2015.
Suppliers will receive the following duties on a drop-down menu:
- Principal Contractor
- Principal Designer
- Designer and Contractor.
The applicable status will need to be selected should this question be raised as part of the CDM services you have chosen.
What does this change mean for me?
You should have by now logged into the RISQS portal to review the required questions and answers to maintain compliance. If you have yet to do this, please do this as soon as possible.
Who to contact for help?
Our information team remain ready to help and support you if needed.
Contact our support team by emailing firstname.lastname@example.org.
Top 3 areas suppliers fail their audits
We have been asked many times – what are the reasons suppliers fail their audits?
We’ve taken the liberty to round up the top three areas and their reasons that often cause suppliers to fail their audits.
Be sure to read and understand them so that your organisation does not fall foul of the rules too.
Top 3 major areas of non-conformances (2021-2022)
Core 7.3 Alcohol & Drug Arrangements
Reason 1: The company could not demonstrate that the required 5% unannounced drugs and alcohol screening had been carried out in the previous 12 months.
Reason 2: At the time of audit, the company had not carried out a risk-based programme of random testing for their personnel and no current “For Cause” contract with a RISQS approved supplier.
Reason 3: The company did not have arrangements for the management of alcohol and drugs and For Cause arrangements were not in place.
Core 8.1 Monitoring
Reason 1: The company had failed to close out the major non-conformance within last years' report, the company also received a Major NC within their ISO audit report for failure to address findings raised in their previous audit.
Reason 2: The Minor non-conformance raised in last years' RISQS audit was not registered in the company’s NCR register in 2020 or 2021 as such no action has been taken to address the non-conformance resulting in a Major NC being raised against protocol requirement 8.1e.
Reason 3: The company have also failed in the identification, tracking and the close out of corrective actions and/or improvement plans. Protocol requirement 8.1 iii
Core 3.1 Organisation & Sub Contractor Management
Reason 1: The company could not demonstrate a list of qualified organisations containing sufficient and appropriate information to aid selection for contract – several suppliers had no supporting evidence.
Reason 2: The company could not demonstrate a review periodically of organisations’ qualifications (annually as a minimum) – several suppliers had not been verified for qualifications or competence.
Reason 3: The company could not demonstrate a mechanism for supply chain auditing.
For more information on how to make the most out of your audits, email email@example.com.
Keep up with the industry
Sign up to the RISQS mailing list for the latest rail industry news and member updates.