What is RISQS?
RISQS is the entry point for suppliers to the rail industry. Buyers of products and services throughout the GB rail industry use RSSB RISQS as its supplier qualification service. In short, we help suppliers sell into the GB rail industry by providing an open, fair and transparent way for them to be formally recognised as capable providers of products and services.
This means we support Network Rail, Transport for London, passenger and freight operating companies, rolling stock organisations, main infrastructure contractors and many other buying organisations in the management of supply chain risk.
The scheme embraces rail's qualification arrangements. RISQS is an industry scheme, sponsored by a committee of representatives from across the rail industry. The committee reports into the RSSB via internal governance arrangements, and RSSB provides a range of services to support operational delivery of the scheme.
How much does membership cost?
Membership fees are based on the number of RICCL codes selected by organisation (see the table below) and membership runs for a calendar year from the date your organisation joins.
|Number of RICCL Codes
|Supplier Patron Level
How much does an audit cost?
The audit has a standard day rate charge and there is a guidance document on how to calculate your audit duration, this document is called RISQS-GD-004
Do I have to register in RISQS?
If you contract directly with either Network Rail or Transport for London, then you are required to register with RISQS.
What kind of information does my organisation need to provide?
Your organisation will need to provide a range of information about your company, such as, information about your management team, insurance policies, your management systems arrangements, competence management and financial information. Most importantly you will be asked to select the products and services you wish to provide to buyers in the industry. See a guide to the products and services.
What are RICCL codes?
RICCL stands for Railway Industry Commodity Classification List, it is a flexible list that contains all the commodities (products and services) that are purchased for the Railway. Each supplier on the portal will have selected the RICCL codes relevant to the products and services they wish to supply. RISQS uses RICCL codes as this is based on an ISO that details how a rail system should be broken down into its constituent parts.
Each RICCL code has a pre-determined risk level, for a full list click on the interactive RICCL https://portal.risqs.org/ProductServices. There are various ways of navigating the RICCL, the easiest is by typing in the product or service/s and once selected, the risk level ‘auditable or verification’ can be seen.
Auditable; selecting a code with the auditable risk level will require your organisation to undergo and pass a RISQS audit before being qualified to provide product or service/s to railway industry buyers under the RISQS scheme.
Verification; verification codes do not require a RISQS audit and on passing the verification process your registration is complete.
How does my organisation choose which ones to select?
The best way is to use the interactive RICCL search function. There are various ways of navigating the RICCL, the easiest is by typing in the product or service/s your organisation supplies, or there is a downloadable Products and Services RICCL Brochure in pdf format.
How long does the supplier verification process take?
Most organisations fill in their information over a few days, however it can be achieved in a few hours, the option to assign specific requirements to different members of your organisation exists to support the process.
Once you have submitted the individual completed requirements for assessment, they will be verified and published within 3 working days. If you are required to provide more information the customer service team will notify you by email.
Your will also need to select RICCL codes for the products and services applicable to your organisation, some of the RICCL codes will have additional verification or auditable requirements.
How do I know if I need an audit?
An audit is required if you have selected an auditable RICCL code, higher risk codes require auditing and you can check on the RICCL whether the codes you wish to supply are subject to an audit. You may also require an audit due to the location of your work. Organisations that work in specific areas of the railway infrastructure must be assessed to ensure that they meet the rules.
If you require an audit the system will add it to the audit scheduling system, and you will be contacted by the audit provider to arrange a date for your audit. The system will also generate an audit invoice.
Where the RICCL code has a risk level of V (verification), this code will be given once all compliance information is completed and verified, where it is A (auditable) this requires you to undertake an audit. You will only be searchable against this RICCL code once you have successfully undergone the relevant audit.
What happens if my organisation fails an audit?
Can I complete a PAS91 questionnaire via the RISQS system?
In the Shortlisted Supplier Questions tool, you can create a PAS91, using the PAS91 Question Template, and complete it. Where the questions have already been provided for RISQS compliance these will be pre-populated minimising the burden to your organisation. You also have the option to print this
How many users can I have for the RISQS portal?
You can have as many users on the portal as you like. However, your organisation is required to ensure that access is only given to employees and that users be kept up to date in line with the requirements in the Supplier Terms and Conditions
Is training available for my users?
Yes, there is a range of online training material available both on the RISQS website, and videos within the portal. These videos can be found near the top right-hand side of the screen (a blue box) and are specific to that page.
Information on further training can be requested by sending an e-mail to email@example.com, these sessions will be online with multiple suppliers asking questions.
How do I view all the RICCL codes available?
On the RISQS website there is a section on the RICCL and there is a commodity list which has an interactive RICCL search function. There are various ways of navigating the RICCL, the easiest is by typing in the product or service/s your organisation supplies, or there is a downloadable Products and Services RICCL Brochure in pdf format.
Who should be our main contact?
It is important that you appoint the right person within your organisation to be the main contact in RISQS, as this person will get notifications from the system, communications, such as RISQS newsletters, information on audit failure of suppliers and HSQE bulletins from Infrastructure Managers.
The main contact will receive advance system notifications when action needs to be taken by your organisation to update your information. Failure to keep the main contact information up to date could mean that your organisation will not receive the system prompts, which could in turn lead to non-compliance and your organisation not being searchable for new procurement activity.
The customer services team use the main point of contact as the first person they contact for any issues with your account.
RISQS from time to time issue information such as e-newsletters, minutes of Supplier and Buyer Consultation Meetings, up-coming platform changes etc. These will all go to the designated main contact.
Does RISQS enable my company to be a Sentinel Sponsor?
Companies that indicate their need to be a Sentinel Sponsor within their RISQS Supplier profile (infrastructure access section) will be required to undergo an audit. The audit will be against the Core and any additional audit modules (Sentinel) that are triggered by
these profile answers.
A successful audit of the Core and Sentinel modules will be communicated to Sentinel, allowing the company to become or remain a Sentinel Sponsor.
How can I support the future development of RISQS?
As a supplier you are represented by the Supplier Consultation Group, within this group the elected members meet and discuss proposed changes, the Chair and Vice Chair attend the committee meetings and put forward any scheme changes.
There is an election process every two years, this will be communicated out by the Scheme Manager to all suppliers and will advise how you can put forward your name for election and the voting arrangements.
Discussion topic suggestions for this group can be emailed to firstname.lastname@example.org and will be forwarded to the group for review. Please include within the Subject Line ‘Supplier Consultation Group Suggestion’ and within the body of the email confirm that you consent to your details being shared with the Chair/ Vice Chair / Group.
Can I be a RISQS buyer?
Not necessarily, a request must be made to the email@example.com, stating why your organisation needs buyer status, this will be reviewed by the Scheme Manager and you will be advised. The Scheme Management Organisation need to make sure that buyer level access will be used for legitimate procurement activity, also sometimes Supplier Patron level of access is more appropriate.
My Buyer advised I am as showing as ‘Limited Scope’ what does this mean?
Firstly, you need to determine what the limited scope is referring to; limited scope may simply mean that your organisation has added additional auditable RICCL codes which were not included in the scope of the last audit.
An out of turn audit is required before this status can be updated, however you can advise your buyer which product or service/s have not been audited allowing them to make an informed decision on how to proceed.
What are the QSN numbers?
RISQS publishes Qualification System Notices (QSNs) in the Official Journal of the European Union (OJEU) on behalf of its Buyer members, including Network Rail and TfL, which allows organisations that are classed as Utilities under the Utilities Contracts Regulations 2016 to compile tender lists for over-threshold contracts directly from the RISQS system, without issuing any further calls for competition. A link to the QSNs is available on the RISQS website in the Buying section, Buying – Overview.
What are the rules for being a Supplier?
The rules on supplier and supplier patron access can be found on the www.risqs.org scheme document: RISQS-SD-0035 – Terms & Conditions for Supplier Membership of RISQS.
Why can my consultant not book my audit
Where we are contacted by a consultant to schedule your audit, we are asking that your organisation (either the main contact or audit contact) grant permission in writing for the consultant to book the audit on your behalf. As of 5th September 2020, Consultants will not be allowed to attend audits and we need to ensure that the organisation have agreed
and can attend the booked audit date.
Why can my consultant not attend my audit?
Within the new Network Rail standard NR/L2/SCO/302 – Supplier Qualification Requirements, there is a requirement ‘126.96.36.199 The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present; RISQS are required to comply with. We have been provided with guidance that this means a Consultant cannot attend the audit.
Section 188.8.131.52 does not say my consultant cannot attend my audit?
Whilst ‘184.108.40.206 The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present; does not
state ‘a consultant cannot be in the room during the audit’; additional guidance given by Network Rail at the Consultants and RISQS Working Group, the RISQS Committee and to myself as RISQS Scheme Manager and this was that Consultants cannot attend the
audit. Network Rail have issued a formal guidance / clarification note to RISQS to confirm that only employees of the organisation can attend.
Will ‘Consultants not allowed in audits’ change?
RISQS continues to facilitate working groups with RISQS Consultants to discuss what 220.127.116.11 means, proposals were presented to Network Rail and to the RISQS Committee as to how we can make the requirement work for differing type of consultant arrangements but maintaining the safety aspect which the standard is setting out to achieve, that the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present. This work is ongoing, Suppliers and Consultants are represented at all of the aforementioned Groups / meetings.
Under law we are responsible for accessing competent support whether internal or external, so why can I not use a consultant?
The requirements covered in questions 22 – 25 does not prevent any organisation from accessing competent support, it requires that your organisation can demonstrate that they have the ability to meet the requirements without the consultant being present.
At this moment in time the proposals that the Consultant and RISQS Working Group have put forward have not been accepted in full by Network Rail or the Committee. If your consultant is registered in RISQS they should have been invited to attend these meetings; please ask them to send an email to firstname.lastname@example.org and I will facilitate an update via the Consultants representative from the Supplier Consultation Group who is part of the review.
Why is RISQS mandating this?
RISQS are required as a Network Rail Supplier Assurance Provider to comply with the requirements of NR/L2/SCO/302 Supplier Qualification Requirements, auditors, irrespective of which Supplier Assurance Provider they represent, will be required to ensure has been demonstrated at audit.
I disagree with your proposal with regards to our external support not being in the room, can you withdraw this requirement?
This is not simply a RISQS proposal, it is a mandatory section within NR/L2/SCO/302 that RISQS must demonstrate its compliance to and as such RISQS is not able to withdraw the requirement.
Why did my Consultant not know about this change?
RISQS invited all Consultant that are registered in RISQS to be part of the Consultants Working Group, some did not respond and some declined to attend.
This is a mandatory section ‘18.104.22.168 The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present’ within NR/L2/SCO/302. It is a requirement that you have access to standards this was issued in April 2020 as draft, live in June 2020. that RISQS must demonstrate its compliance to and as such RISQS is not able to withdraw the requirement.