In the rail supply chain, RISQS tends to appear as a line in someone else’s process. A prime’s onboarding checklist. A buyer’s tender requirements. A framework condition that sits there like a tripwire.
That’s why organisations often start a RISQS accreditation push with decent intent and then lose momentum. Not because they don’t care, but because it’s competing with live delivery, tight access windows, changing programmes and the daily grind of getting people and kit where they need to be.
The cost isn’t the initial effort. The cost is when you end up doing the same work again six months later because nothing actually stuck.
Why RISQS work slips in rail businesses
A lot of companies approach RISQS as “a project we need to finish”. Rail delivery doesn’t really allow that mindset. If controls aren’t embedded, they get dropped the moment a possession overruns or a resource goes sick and you’re re-planning at midnight.
The typical pressure points are very predictable:
It becomes a documentation exercise.
You can build a neat set of procedures and still be exposed if site reality doesn’t match. Rail assurance is fundamentally about traceability. Buyers want confidence you can show competence, supervision, change control and learning in a way that holds up under scrutiny.
Ownership sits in the wrong place.
RISQS often lands with quality or H&S because it “sounds like compliance”. But it lives or dies in operations. If supervisors, project managers and those mobilising work aren’t bought in, the system stays office-bound.
Scope is chosen with ambition rather than evidence in mind.
Rail punishes over-claiming. If you include an activity in scope, you’re expected to evidence competence and control around it, even if you only deliver it occasionally. That’s where costs balloon and timelines drift.
Evidence relies on heroics.
Some businesses can scramble together an evidence pack once. The problem is maintaining it while delivering rail jobs. If your system depends on a last-minute document hunt, you’ll repeat the panic every time.
Subcontractors sit outside the system.
Rail supply chains are layered and flexible labour is common. But if you can’t show how subcontractors are approved, briefed, supervised and recorded consistently, you’re carrying risk you can’t explain away.
What “doing it properly” looks like in practice
This is where a lot of advice becomes abstract. In reality, “properly” usually means boring, operational discipline:
- a scope that reflects what you genuinely deliver and can evidence
- role requirements and competence controls that supervisors can apply on night shifts
- job files that are structured so you can trace briefings, risks, approvals and change without detective work
- document control that prevents “wrong version on site” problems
- a repeatable way to onboard and oversee subcontractors so they don’t become a blind spot
- a simple method for recording deviations and decisions when plans change mid-shift
You’re not trying to create bureaucracy. You’re trying to make sure the business can explain itself when a rail buyer asks “how do you control this?”
Where RISQS consultants earn their keep
The best use of RISQS consultants isn’t writing policies. It’s helping you avoid building something that looks compliant but collapses under delivery pressure.
Good support tends to focus on:
- challenging scope early, before you commit to evidencing things you can’t sustain
- translating rail audit expectations into controls that fit the way you actually work
- making competence management practical, not aspirational
- designing evidence structures that are maintainable during live projects
- pressure-testing readiness against real job files, not idealised processes
The weak version of consultancy delivers a pretty folder structure. The strong version changes how work is controlled and recorded on the jobs that matter.
A simple test that stops you wasting effort
If you want to know whether your RISQS work is embedded or just “in progress”, pick one recent rail job and try to evidence it end-to-end:
- who was competent for each key activity
- what briefings took place
- what approvals were needed
- what changed during delivery, and how that change was controlled
- what records exist to prove the above
If you can do that without a week of chasing, you’re building something you can keep. If you can’t, the risk isn’t the audit. The risk is that you’re one busy period away from starting again.
