Suppliers FAQs
-
What is RISQS?
RISQS is the entry point for suppliers to the rail industry. Buyers of products and services throughout the GB rail industry use RSSB RISQS as its supplier qualification service. In short, we help suppliers sell into the GB rail industry by providing an open, fair and transparent way for them to be formally recognised as capable providers of products and services.
This means we support Network Rail, Transport for London, passenger and freight operating companies, rolling stock organisations, main infrastructure contractors and many other buying organisations in the management of supply chain risk.
The scheme embraces rail's qualification arrangements. RISQS is an industry scheme, sponsored by a committee of representatives from across the rail industry. The committee reports into the RSSB via internal governance arrangements, and RSSB provides a range of services to support operational delivery of the scheme.
-
How much does membership cost
Membership fees are based on the number of RICCL codes selected by organisation (see the table below). Membership runs for a calendar year from the date your organisation joins.
-
How much does an audit cost?The audit has a standard day rate charge and there is a guidance document on how to calculate your audit duration, this document is called RISQS-GD-004.
-
Do I have to register in RISQS?If you contract directly with either Network Rail or Transport for London, then you are required to register with RISQS.
-
What kind of information does my organisation need to provide?Your organisation will need to provide a range of information about your company, such as, information about your management team, insurance policies, your management systems arrangements, competence management and financial information. Most importantly you will be asked to select the products and services you wish to provide to buyers in the industry.
-
What are RICCL codes?
RICCL stands for Railway Industry Commodity Classification List, it is a flexible list that contains all the commodities (products and services) that are purchased for the railway. Each supplier on the portal will have selected the RICCL codes relevant to the products and services they wish to supply. RISQS uses RICCL codes as this is based on an ISO that details how a rail system should be broken down into its constituent parts.
Each RICCL code has a pre-determined risk level, for a full list, please visit the RSSB website. There are various ways of navigating the RICCL, the easiest is by typing in the product or service(s) and once selected, the risk level ‘auditable or verification’ can be seen.
Auditable; selecting a code with the auditable risk level will require your organisation to undergo and pass a RISQS audit before being qualified to provide product or service(s) to railway industry buyers under the RISQS scheme.
Verification; verification codes do not require a RISQS audit and on passing the verification process your registration is complete.
-
How does my organisation choose which ones to select?
The best way is to use the interactive RICCL search function. There are various ways of navigating the RICCL, the easiest is by typing in the product or service(s) your organisation supplies, or there is a downloadable Products and Services RICCL Brochure in pdf format.
For a full RICCL list, please visit the RSSB website. -
How long does the supplier verification process take?
Most organisations fill in their information over a few days, however it can be achieved in a few hours. To support the process you have the option to assign specific requirements to different members of your organisation.
Once you have submitted the individual completed requirements for assessment, they will be verified and published within three working days. If you are required to provide more information the customer service team will notify you by email.
Your will also need to select RICCL codes for the products and service(s) applicable to your organisation, some RICCL codes will have additional verification or auditable requirements.
-
How do I know if I need an audit?An audit is required if you have selected an auditable RICCL code. Higher-risk codes require auditing, and you can check the RICCL to see whether the codes you wish to supply are subject to an audit. You may also require an audit due to the location of your work. Organisations that work in specific areas of the railway infrastructure must be assessed to ensure that they meet the rules. If you require an audit, the system will add it to the audit scheduling system, and you will be contacted by Scheduling to arrange a date for your audit. The system will also generate an audit invoice. Where the RICCL code has a lower risk level of V (verification), this code will be given once all compliance information is completed and verified. Where it is A (auditable), this requires you to undertake an audit. You will only be searchable against this RICCL code once you have successfully undergone the relevant audit.
-
What happens if my organisation fails an audit?For all rules and guidance on audits please see RISQS-SD-004 – RISQS Terms for the Provision of Audits to Supplier Members.
-
How many users can I have for the RISQS portal?You can have as many users on the portal as you like. However, your organisation is required to ensure that access is only given to existing employees, and that users be kept up to date in line with the requirements in the Supplier Terms and Conditions.
-
Is training available for my users?
Yes, there is a range of online training material available both on the RISQS website, and videos within the portal. The videos can be found near the top right-hand side of the screen (a blue box) and are specific to that page.
Information on further training can be requested by sending an e-mail to info@risqs.org, these sessions will be online with multiple other suppliers.
-
How do I view all the RICCL codes available?On the RISQS portal, there is a commodity list, and this has an interactive RICCL search function. There are various ways of navigating the RICCL. The easiest is by typing in the product(s) or service(s) your organisation supplies. Alternatively, there is a .pdf version of the RICCL here.
-
Who should be our main contact?It is important to appoint the right person within your organisation to be the main contact in RISQS, as the main point of contact is the first person our customer services team contact for any issues with your account. This individual will receive notifications from the system, communications, such as RISQS newsletters, information on audit failure of suppliers, and HSQE bulletins from Infrastructure Managers. The main contact will receive advance system notifications when action needs to be taken by your organisation to update your information. Failure to keep the main contact information up to date could mean that your organisation will not receive the system prompts. This could lead to non-compliance and your organisation not being searchable for new procurement activity.
-
Does RISQS enable my company to be a Sentinel Sponsor?
Companies that indicate their need to be a Sentinel Sponsor within their RISQS Supplier profile (infrastructure access section) will be required to undergo an audit. The audit will be against the Core and any additional audit modules (Sentinel) that are triggered by these profile answers.
A successful audit of the Core and Sentinel modules will be communicated to Sentinel, allowing the company to become or remain a Sentinel Sponsor.
-
How can I support the future development of RISQS?
As a supplier you are represented by the Supplier Consultation Group. The elected members of this group meet and discuss proposed changes, the Chair and Vice Chair attend the committee meetings and put forward any scheme changes.
There is an election process every two years, this is communicated by the Scheme Manager to all suppliers. You will receive information about how to forward your name for election and the voting arrangements.
Discussion topic suggestions for this group can be emailed to consultation@risqs.org for review. Please include within the Subject Line ‘Supplier Consultation Group Suggestion’ and within the body of the email confirm that you consent to your details being shared with the Chair, Vice Chair and Group.
-
Can I be a RISQS buyer?Not necessarily, a request must be made to the info@risqs.org, stating why your organisation needs buyer status, this will be reviewed by the Scheme Manager and you will be advised accordingly. The Scheme Management Organisation need to make sure that buyer level access will be used for legitimate procurement activity, also sometimes Supplier Patron level access is more appropriate.
-
My Buyer advised I am as showing as ‘Limited Scope’ what does this mean?
First, you need to determine what the limited scope is referring to. Limited scope may simply mean that your organisation has added additional auditable RICCL codes which were not included in the scope of the last audit.
An out of turn audit is required before this status can be updated. However, you can advise your buyer which product or service(s) have not been audited allowing them to make an informed decision on how to proceed.
-
What are the rules for being a Supplier?The rules on Supplier and Supplier patron access can be found within the scheme documents: RISQS-SD-003 – Terms & Conditions for Supplier Membership of RISQS.
-
Why can my consultant not book my audit?Where we are contacted by a consultant to schedule your audit, we are asking that your organisation (either the main contact or audit contact) grant permission in writing for the consultant to book the audit on your behalf. As of 5 September 2020, consultants will not be allowed to attend audits and we need to ensure that the organisation have agreed and can attend the booked audit date.
-
Why can my consultant not attend my audit?
The new Network Rail standard NR/L2/SCO/302 – Supplier Qualification Requirements, includes the following clause:
‘6.4.2.2 The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present.’
RISQS are required to comply with. We have been advised that this means a consultant cannot attend the audit.
-
Why does Section 6.4.2.2 not say that my consultant cannot attend my audit?
Clause 6.4.2.2 of Network Rail’s new standard NR/L2/SCO/302 – Supplier Qualification Requirements states: ‘The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present.’
While this does not state a consultant cannot be in the room during the audit; additional guidance given by Network Rail at the Consultants and RISQS Working Group, the RISQS Committee and to our RISQS Scheme Manager is that consultants cannot attend the audit. Network Rail have issued a formal guidance note to RISQS to confirm that only employees of the organisation can attend.
-
Will the position on consultants not being permitted to attend audits change?All Infrastructure Managers want to know that personnel accessing the track are safe, and that involves having people in the company who understand how to manage and mitigate risk on a daily basis. If all knowledge comes from a consultant, that knowledge may not always be available, hence the stance on consultants being present at audit. The duty around safety lies with an employer, and we are striving to determine that the necessary knowledge, skills, and behaviours are apparent without external influence.
-
Legally, we are responsible for accessing competent support whether internal or external, so why can I not use a consultant?As a Network Rail Supplier Assurance Provider, RISQS are required to comply with the requirements of NR/L2/SCO/302 Supplier Qualification Requirements. Auditors, irrespective of which Supplier Assurance Provider they represent, will be required to ensure that this has been demonstrated at audit.
-
Why is RISQS mandating this?As a Network Rail Supplier Assurance Provider, RISQS are required to comply with the requirements of NR/L2/SCO/302 Supplier Qualification Requirements. Auditors, irrespective of which Supplier Assurance Provider they represent, will be required to ensure that this has been demonstrated at audit.
-
If I disagree with our external support not being permitted in the room, can this requirement be withdrawn?This is not simply a RISQS requirement, it is a mandatory section within NR/L2/SCO/302 that RISQS must demonstrate its compliance to. As such RISQS is not able to withdraw the requirement.
-
Why did my consultant not know about this change?
Although all consultant registered in RISQS were invited to participate in the Consultants Working Group, some did not respond and some declined to attend.
Clause 6.4.2.2 is a mandatory section within NR/L2/SCO/302. It is a requirement that you have access to the standards this was issued in as a draft in April 2020, and live in June 2020. RISQS must demonstrate its compliance to this and as such RISQS is not able to withdraw the requirement.