What is RISQS?
RISQS is the entry point for suppliers to the rail industry. Buyers of products and services throughout the GB rail industry use RSSB RISQS as its supplier qualification service. In short, we help suppliers sell into the GB rail industry by providing an open, fair and transparent way for them to be formally recognised as capable providers of products and services.
This means we support Network Rail, Transport for London, passenger and freight operating companies, rolling stock organisations, main infrastructure contractors and many other buying organisations in the management of supply chain risk.
The scheme embraces rail's qualification arrangements. RISQS is an industry scheme, sponsored by a committee of representatives from across the rail industry. The committee reports into the RSSB via internal governance arrangements, and RSSB provides a range of services to support operational delivery of the scheme.
How much does membership cost
Membership fees are based on the number of RICCL codes selected by organisation (see the table below). Membership runs for a calendar year from the date your organisation joins.
How much does an audit cost?
Do I have to register in RISQS?If you contract directly with either Network Rail or Transport for London, then you are required to register with RISQS.
What kind of information does my organisation need to provide?Your organisation will need to provide a range of information about your company, such as, information about your management team, insurance policies, your management systems arrangements, competence management and financial information. Most importantly you will be asked to select the products and services you wish to provide to buyers in the industry. See a guide to the products and services.
What are RICCL codes?
RICCL stands for Railway Industry Commodity Classification List, it is a flexible list that contains all the commodities (products and services) that are purchased for the railway. Each supplier on the portal will have selected the RICCL codes relevant to the products and services they wish to supply. RISQS uses RICCL codes as this is based on an ISO that details how a rail system should be broken down into its constituent parts.
Each RICCL code has a pre-determined risk level, for a full list click on the interactive RICCL https://portal.risqs.org/ProductServices. There are various ways of navigating the RICCL, the easiest is by typing in the product or service(s) and once selected, the risk level ‘auditable or verification’ can be seen.
Auditable; selecting a code with the auditable risk level will require your organisation to undergo and pass a RISQS audit before being qualified to provide product or service(s) to railway industry buyers under the RISQS scheme.
Verification; verification codes do not require a RISQS audit and on passing the verification process your registration is complete.
How does my organisation choose which ones to select?
The best way is to use the interactive RICCL search function. There are various ways of navigating the RICCL, the easiest is by typing in the product or service(s) your organisation supplies, or there is a downloadable Products and Services RICCL Brochure in pdf format.
How long does the supplier verification process take?
Most organisations fill in their information over a few days, however it can be achieved in a few hours. To support the process you have the option to assign specific requirements to different members of your organisation.
Once you have submitted the individual completed requirements for assessment, they will be verified and published within three working days. If you are required to provide more information the customer service team will notify you by email.
Your will also need to select RICCL codes for the products and service(s) applicable to your organisation, some RICCL codes will have additional verification or auditable requirements.
How do I know if I need an audit?
An audit is required if you have selected an auditable RICCL code. Higher risk codes require auditing, and you can check the RICCL to see whether the codes you wish to supply are subject to an audit. You may also require an audit due to the location of your work. Organisations that work in specific areas of the railway infrastructure must be assessed to ensure that they meet the rules.
If you require an audit the system will add it to the audit scheduling system, and you will be contacted by the audit provider to arrange a date for your audit. The system will also generate an audit invoice.
Where the RICCL code has a risk level of V (verification), this code will be given once all compliance information is completed and verified. Where it is A (auditable) this requires you to undertake an audit. You will only be searchable against this RICCL code once you have successfully undergone the relevant audit.
What happens if my organisation fails an audit?
Can I complete a PAS91 questionnaire via the RISQS system?In the Shortlisted Supplier Questions tool, you can create and complete a PAS91, using the PAS91 Question Template. Answered already provided for RISQS compliance questions will be pre-populated minimising the burden to your organisation. You also have the option to print this.
How many users can I have for the RISQS portal?You can have as many users on the portal as you like. However, your organisation is required to ensure that access is only given to existing employees, and that users be kept up to date in line with the requirements in the Supplier Terms and Conditions.
Is training available for my users?
Yes, there is a range of online training material available both on the RISQS website, and videos within the portal. The videos can be found near the top right-hand side of the screen (a blue box) and are specific to that page.
Information on further training can be requested by sending an e-mail to firstname.lastname@example.org, these sessions will be online with multiple other suppliers.
How do I view all the RICCL codes available?On the RISQS website there is a section on the RICCL and there is a commodity list which has an interactive RICCL search function. There are various ways of navigating the RICCL, the easiest is by typing in the product or service(s) your organisation supplies, or there is a downloadable Products and Services RICCL Brochure in pdf format.
Who should be our main contact?
It is important to appoint the right person within your organisation to be the main contact in RISQS. This individual will receive notifications from the system, communications, such as RISQS newsletters, information on audit failure of suppliers and HSQE bulletins from Infrastructure Managers.
The main contact will receive advance system notifications when action needs to be taken by your organisation to update your information. Failure to keep the main contact information up to date could mean that your organisation will not receive the system prompts. This could lead to non-compliance and your organisation not being searchable for new procurement activity.
The main point of contact is the first person our customer services team contact for any issues with your account. Additionally, from time-to-time RISQS issue information such as e-newsletters, minutes of Supplier and Buyer Consultation Meetings, up-coming platform changes etc. to the designated main contact.
Does RISQS enable my company to be a Sentinel Sponsor?
Companies that indicate their need to be a Sentinel Sponsor within their RISQS Supplier profile (infrastructure access section) will be required to undergo an audit. The audit will be against the Core and any additional audit modules (Sentinel) that are triggered by these profile answers.
A successful audit of the Core and Sentinel modules will be communicated to Sentinel, allowing the company to become or remain a Sentinel Sponsor.
How can I support the future development of RISQS?
As a supplier you are represented by the Supplier Consultation Group. The elected members of this group meet and discuss proposed changes, the Chair and Vice Chair attend the committee meetings and put forward any scheme changes.
There is an election process every two years, this is communicated by the Scheme Manager to all suppliers. You will receive information about how to forward your name for election and the voting arrangements.
Discussion topic suggestions for this group can be emailed to email@example.com for review. Please include within the Subject Line ‘Supplier Consultation Group Suggestion’ and within the body of the email confirm that you consent to your details being shared with the Chair, Vice Chair and Group.
Can I be a RISQS buyer?Not necessarily, a request must be made to the firstname.lastname@example.org, stating why your organisation needs buyer status, this will be reviewed by the Scheme Manager and you will be advised accordingly. The Scheme Management Organisation need to make sure that buyer level access will be used for legitimate procurement activity, also sometimes Supplier Patron level access is more appropriate.
My Buyer advised I am as showing as ‘Limited Scope’ what does this mean?
First, you need to determine what the limited scope is referring to. Limited scope may simply mean that your organisation has added additional auditable RICCL codes which were not included in the scope of the last audit.
An out of turn audit is required before this status can be updated. However, you can advise your buyer which product or service(s) have not been audited allowing them to make an informed decision on how to proceed.
What are the QSN numbers?RISQS publishes Qualification System Notices (QSNs) in the Official Journal of the European Union (OJEU) on behalf of its Buyer members, including Network Rail and TfL. This allows organisations that are classed as Utilities under the Utilities Contracts Regulations 2016 to compile tender lists for over-threshold contracts directly from the RISQS system, without issuing any further calls for competition. A link to the QSNs is available on the RISQS website in the Buying section, Buying – Overview.
What are the rules for being a Supplier?The rules on supplier and supplier patron access can be found within the scheme documents: RISQS-SD-0035 – Terms & Conditions for Supplier Membership of RISQS.
Why can my consultant not book my audit?Where we are contacted by a consultant to schedule your audit, we are asking that your organisation (either the main contact or audit contact) grant permission in writing for the consultant to book the audit on your behalf. As of 5 September 2020, consultants will not be allowed to attend audits and we need to ensure that the organisation have agreed and can attend the booked audit date.
Why can my consultant not attend my audit?
The new Network Rail standard NR/L2/SCO/302 – Supplier Qualification Requirements, includes the following clause:
‘220.127.116.11 The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present.’
RISQS are required to comply with. We have been advised that this means a consultant cannot attend the audit.
Why does Section 18.104.22.168 not say that my consultant cannot attend my audit?
Clause 22.214.171.124 of Network Rail’s new standard NR/L2/SCO/302 – Supplier Qualification Requirements states: ‘The Supplier Assurance Provider shall confirm that where a supplier uses external consultancy to support their activities, the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present.’
While this does not state a consultant cannot be in the room during the audit; additional guidance given by Network Rail at the Consultants and RISQS Working Group, the RISQS Committee and to our RISQS Scheme Manager is that consultants cannot attend the audit. Network Rail have issued a formal guidance note to RISQS to confirm that only employees of the organisation can attend.
Will the position on consultants not being permitted to attend audits change?RISQS continues to facilitate working groups with RISQS Consultants to discuss what clause 126.96.36.199 means. Proposals were presented to Network Rail and the RISQS Committee as to how the requirement can work for different consultant arrangements while maintaining the safety aspect which the standard is setting out to achieve — that the supplier is able to demonstrate their ability to meet the requirements of this standard without the consultant present. This work is ongoing, suppliers and consultants are represented at all the aforementioned groups and meetings.
Legally, we are responsible for accessing competent support whether internal or external, so why can I not use a consultant?The requirements covered above does not prevent any organisation from accessing competent support. It requires for your organisation to demonstrate the ability to meet the requirements without the consultant being present.
At present the proposals put forward by the Consultant and RISQS Working Group have not been accepted in full by Network Rail or the Committee. However, if your consultant is registered in RISQS they should have been invited to attend these meetings. Please ask them to send an email to email@example.com and via the Consultants representative, we will facilitate an update from the Supplier Consultation Group who is part of the review.
Why is RISQS mandating this?As a Network Rail Supplier Assurance Provider, RISQS are required to comply with the requirements of NR/L2/SCO/302 Supplier Qualification Requirements. Auditors, irrespective of which Supplier Assurance Provider they represent, will be required to ensure has been demonstrated at audit.
If I disagree with our external support not being permitted in the room, can this requirement be withdrawn?This is not simply a RISQS requirement, it is a mandatory section within NR/L2/SCO/302 that RISQS must demonstrate its compliance to. As such RISQS is not able to withdraw the requirement.
Why did my consultant not know about this change?
Although all consultant registered in RISQS were invited to participate in the Consultants Working Group, some did not respond and some declined to attend.
Clause 188.8.131.52 is a mandatory section within NR/L2/SCO/302. It is a requirement that you have access to the standards this was issued in as a draft in April 2020, and live in June 2020. RISQS must demonstrate its compliance to this and as such RISQS is not able to withdraw the requirement.