rail industry standard on supplier assurance - rssb iss 1.pdf · issue record issue date comments...

Rail Industry StandardRIS-2750-RSTIssue: OneDate: December 2017

Rail Industry Standard onSupplier Assurance

Synopsis

This document is a standard for thegeneration of supplier assuranceduring the procurement cycle forproducts and services, for use in the GBrail industry.

Copyright in the Railway Group documents is owned by RailSafety and Standards Board Limited. All rights are herebyreserved. No Railway Group document (in whole or in part)may be reproduced, stored in a retrieval system, ortransmitted, in any form or means, without the prior writtenpermission of Rail Safety and Standards Board Limited, or asexpressly permitted by law.

RSSB members are granted copyright licence in accordancewith the Constitution Agreement relating to Rail Safety andStandards Board Limited.

In circumstances where Rail Safety and Standards BoardLimited has granted a particular person or organisationpermission to copy extracts from Railway Group documents,Rail Safety and Standards Board Limited accepts noresponsibility for, nor any liability in connection with, the useof such extracts, or any claims arising therefrom. Thisdisclaimer applies to all forms of media in which extractsfrom Railway Group documents may be reproduced.

Published by RSSB

© Copyright 2017Rail Safety and Standards Board Limited

Uncontrolled when printed Supersedes RIS-2450-RST Iss 1 with effect from 02/12/2017

Issue Record

Issue Date Comments

One 02/12/2017 Original document. To provide supplier assurancerequirements and guidance for the procurementof products and services, for use in the GB railindustry.

This document will be updated when necessary by distribution of a completereplacement.

Superseded Documents

The following Rail Industry Standard is superseded, either in whole or in part asindicated:

Superseded documents Sections superseded Date whensections aresuperseded

RIS-2450-RST issue oneQualification of Suppliers ofSafety Critical EngineeringProducts and Services

All 02/12/2017

Supply

The authoritative version of this document is available at www.rssb.co.uk/railway-group-standards. Enquiries on this document can be forwarded to [email protected].


Rail Industry Standard on SupplierAssurance

of 55 RSSB


http://www.rssb.co.uk/railway-group-standards

http://www.rssb.co.uk/railway-group-standards

mailto:[email protected]

Contents

Section Description Page

Part 1 Purpose and Introduction 61.1 Purpose 61.2 Application of this document 61.3 Health and safety responsibilities 61.4 Structure of this document 61.5 Approval and Authorisation 7

Part 2 Supplier Assurance in the GB Rail Industry 82.1 General principles 82.2 Supplier assurance principles 92.3 Introduction to supplier assurance arrangements 12

Part 3 Requirements for Supplier Assurance 163.1 Introduction to supplier assurance arrangements 163.2 General principles 163.3 Determination of supplier assurance requirements 173.4 Assurance with procurement 20

Part 4 Supplier Assurance Schemes 294.1 Information for a supplier assurance scheme 294.2 Available information for products and services 294.3 Capability assessment 304.4 Buyer-supplier cooperation 324.5 Scheme governance 33

Appendices 35Appendix A Information on Aspects of Supplier Assurance 35Appendix B Procurement Risks 43

Acronyms and Abbreviations 50

Definitions 51

References 54



RSSB of 55


List of Figures

Figure 1: The assurance generator model 13

Figure 2: Determination of supplier assurance requirements 18

Figure 3: Capability assessment flowchart 31

Figure 4: First tier categorisation 36



of 55 RSSB


List of Tables

Table 1: Supplier assurance life cycle stages 14

Table 2: Procurement risks 44



RSSB of 55


Part 1 Purpose and Introduction

1.1 Purpose

1.1.1 This document is a standard for the generation of supplier assurance that can assistduty holders and those that supply to them, discharge their responsibilities and legalduties to ensure the control of risks associated with the procuring and supply ofproducts and services for use in the Great Britain (GB) rail industry.

1.1.2 This document sets out a framework and arrangements within which risks associatedwith procurement and the supply chain can be controlled through supplier assurancein an efficient and effective manner.

1.1.3 This document is intended to provide appropriate requirements and guidance forsupplier assurance that a buyer can incorporate into their wider procurementprocesses; it is not a procurement manual, per se.

1.1.4 The requirements and guidance within this document can be applied by a singlebuyer organisation, a corporate supplier assurance process covering severaldepartments or companies within a group or a supplier assurance scheme used bybuyers of products and services for use in the GB rail industry.

1.2 Application of this document

1.2.1 Compliance requirements and dates have not been specified since these will be thesubject of internal procedures or contract conditions.

1.2.2 The Standards Manual and the Railway Group Standards (RGS) Code do not currentlyprovide a formal process for deviating from a Rail Industry Standard (RIS). However, amember of RSSB, having adopted a RIS and wishing to deviate from its requirements,may request a Standards Committee to provide opinions and comments on theirproposed alternative to the requirement in the RIS. Requests for opinions andcomments should be submitted to RSSB by e-mail to [email protected] formulating a request, consideration should be given to the advice set out inthe ‘Guidance to applicants and members of Standards Committee on deviationapplications’, available from RSSB’s website.

1.3 Health and safety responsibilities

1.3.1 Users of documents published by RSSB are reminded of the need to consider theirown responsibilities to ensure health and safety at work and their own duties underhealth and safety legislation. RSSB does not warrant that compliance with all or anydocuments published by RSSB is sufficient in itself to ensure safe systems of work oroperation or to satisfy such responsibilities or duties.

1.4 Structure of this document

1.4.1 This document sets out a series of requirements that are sequentially numbered.



of 55 RSSB


1.4.2 This document also sets out the rationale for the requirement. The rationale explainswhy the requirement is needed and its purpose. Rationale clauses are prefixed by theletter 'G'.

1.4.3 Where relevant, guidance supporting the requirement is also set out in this documentby a series of sequentially numbered clauses and is identified by the letter 'G'.

1.5 Approval and Authorisation

1.5.1 The content of this document was approved by Rolling Stock Standards Committeeon 05 October 2017 .

1.5.2 This document was authorised by RSSB on 03 November 2017.



RSSB of 55


Part 2 Supplier Assurance in the GB Rail Industry

2.1 General principles

2.1.1 Legal background

Guidance

G 2.1.1.1 Each company buying within and supplying to the GB rail industry has its own dutyand responsibility (under the Health and Safety at Work etc Act 1974 (HASAW)) toundertake its activities safely.

G 2.1.1.2 The Management of Health and Safety at Work Regulations 1999 (MHSWR) places aduty on employers to assess and manage risks to their employees and others arisingfrom the work activities with which they are involved.

G 2.1.1.3 The Railways and Other Guided Transport Systems (Safety) Regulations 2006 (asamended) (‘ROGS’) requires ‘transport operators’ (infrastructure managers (IMs) andrailway undertakings (RUs)) to cooperate and manage safety.

G 2.1.1.4 Each RU and IM is required to have a Safety Management System (SMS) to identify,assess and control risks which arise from their own individual activities. ROGS 5(1)(d)places specific emphasis on the risks related with the:

a) Supply of maintenance and material, andb) Use of contractors.

G 2.1.1.5 ROGS clause 31 outlines the defence of due diligence and highlights the principle ofreasonableness as the basis by which this is considered.

G 2.1.1.6 Further guidance on The Railways and Other Guided Transport Systems (Safety)Regulations 2006 (ROGS) (as amended), A Guide to ROGS, is available on the Officeof Rail and Road (ORR) website.

G 2.1.1.7 EU Regulation 445/2011 concerning Entities in Charge of Maintenance (ECM)contains equivalent requirements to ROGS in terms of requiring ECMs to have adocumented maintenance system that includes use of contractors and / or suppliersfor safety related products and services.

G 2.1.1.8 Other legislation that can have an impact on supplier assurance within the GB railindustry include:

a) The Construction (Design and Management) Regulations 2015.b) The Utilities Contract Regulations 2016.c) The Railways (Interoperability) Regulations (RIR) 2011.d) The EU Common Safety Methods (CSM) on:

i) Risk Evaluation and Assessment (402/2013).ii) Monitoring (1178/2012).

G 2.1.1.9 There can be various other non-railway specific legislation that can have an impacton the purchase of products and services for use within the GB rail industry. It is notthe intention that this standard attempts to itemise all such legislation; it is



of 55 RSSB


ultimately the responsibility of the buyer to be aware of all legislation affecting theirbusiness.

2.1.2 Management systems

Guidance

G 2.1.2.1 HASAW requires that organisations have a defined safety policy, and MHSWRrequires organisations to undertake risk assessments; both of these imply that SMSsexist in order to discharge these duties.

G 2.1.2.2 Certain types of organisations within the GB rail industry are required to have definedSMSs covering specific topics, including processes to control the risks arising fromprocurement. These include transport undertakings (that is, IMs and RUs) as coveredby ROGS (see G 2.1.1.3) and ECMs (see G 2.1.1.7).

G 2.1.2.3 Other suppliers at various tiers within the supply chain can have a variety of businessmanagement systems (for example, ISO9001) to support their activity but mustultimately interface with the business management system of the end buyer in orderto supply within the GB rail industry.

2.2 Supplier assurance principles

2.2.1 Risk-based approach

Guidance

G 2.2.1.1 The legal framework outlined in section 2.1.1 emphasises a risk-based approach,based on the principles of practicality and reasonableness.

G 2.2.1.2 It is considered practical and reasonable that the extent of assurance required isrelated to the risk that is imported; hence, a higher burden of proof for products andservices which represent a higher risk to the buyer’s business.

G 2.2.1.3 There will be differing types of risks and therefore different types and extent ofintervention at different stages of the procurement process.

G 2.2.1.4 The risks involved in supplier assurance are not just safety risks. They also include, forexample:

a) Train performance risks.b) Sustainability risks.c) Environmental risks.d) Health risks.e) Contractual risks.f) Reputational risks.g) Financial risks.h) Product identification risks.i) Legislative risks.



RSSB of 55


2.2.2 Supplier assurance

Guidance

G 2.2.2.1 The definition of supplier assurance used in this document is: 'The arrangements,implemented by a customer organisation, necessary to establish that supplier(s) aresuitably competent, adequately resourced and can and do consistently deliver theirproducts to the customer’s specification.'

G 2.2.2.2 Procurement varies from simple activities such as purchasing stationery, through tomulti-stakeholder projects such as building a new railway (for example, Crossrail), andrecognising complex, multitier supply chains.

G 2.2.2.3 It is likely that the scale of the supplier assurance arrangements will be proportionallygreater for a larger procurement activity. However, a small-scale procurement activitycan still require greater supplier assurance arrangements if the product or servicebeing procured has a high-risk profile (see G 2.2.1.2).

G 2.2.2.4 This document applies to the process of buyers obtaining products and services fromsuppliers. There can be a separate requirement to assess the conformity of productsand whether they are suitable for use on railway infrastructure (for example theapproval of defined interoperability constituents under RIR 2011). This requirement isoutside the scope of this document. There can also be market restrictions that requirebespoke supplier assurance arrangements to be implemented, such as the number ofavailable suppliers or niche / obsolete products and services.

G 2.2.2.5 Notwithstanding G 2.2.2.4, it is important to recognise that change can beundertaken to products supplied and services undertaken and the consequent risk thisintroduces to the procurement process (for example, where the equipmentmanufacturer undertakes product improvement work or a supplier of cleaningservices uses a different chemical).

G 2.2.2.6 Throughout this document, ‘assurance arrangements’ is an expression used to referto the series of actions and controls that deliver supplier assurance. These includeassurance requirements and assurance interventions, as defined in 3.3.1.

G 2.2.2.7 Buyers in the GB rail industry will have requirements which their suppliers must meetwhen supplying, or when seeking eligibility to supply – some or all of these mayconstitute the assurance requirements. Efficiency of industry processes can becompromised when different buyers classify the same products and services withdifferent assurance requirements. This duplication can be eliminated by obtainingassurance through a common process, as defined in 3.3.1.

2.2.3 The meaning of ‘products’ and ‘services’

Guidance

G 2.2.3.1 ISO9000:2015 defines a product as being something produced without anytransaction necessarily taking place between the organisation (supplier) and thecustomer (buyer), whereas a service requires a degree of interaction between thesupplier and buyer in its delivery.



of 55 RSSB


G 2.2.3.2 Four generic product categories were previously defined by the ISO9000 series asfollows:

a) Services (for example, welding, site protection).b) Software (for example, computer program).c) Hardware (for example, mechanical part, switch).d) Processed materials (for example, steel, lubricant).

G 2.2.3.3 ROGS refers to maintenance, materials and contractors (see G 2.1.1.4). In the contextof this RIS, the terms ‘products’ and ‘services’ are generally used, as defined in G 2.2.2.1.

G 2.2.3.4 It can be useful to make the distinction between a service undertaken at a remotelocation and that done at the buyer’s premises. In the case of an IM (such as NetworkRail), the ‘buyer’s premises’ is the railway infrastructure itself and there are well-developed rules and processes for controlling contractor access to worksites.

2.2.4 Role of the buyer and the supplier

Guidance

G 2.2.4.1 The ‘buyer’ is considered to be the key actor in this document. A buyer can be anorganisation other than a transport undertaking, for example a manufacturer,infrastructure contractor or logistics / distributor organisation. It can be the case thata buyer is itself a small organisation but manages significant risk via contract.

G 2.2.4.2 For the purposes of this document a buyer is defined as a: 'Person or organisationactively involved in the procurement process and likely to apply/require levels ofassurance appropriate to their perceived exposure to risk'.

G 2.2.4.3 For the purposes of this document a supplier is defined as: 'The generic term for anyorganisation or individual that provides, supplies, or seeks to supply, products andservices. The word Contractor may be used to mean the same, particularly withregards to construction'.

G 2.2.4.4 Recognising the existence of multi-tiered supply chains, an organisation can be botha buyer and a supplier within the scope of this standard.

G 2.2.4.5 Supplier assurance can be managed up and down the supply chain by referring to thisdocument through contractual agreement.

G 2.2.4.6 Good two-way communications is considered essential to promote safe and efficientworking up and down the supply chain and to promote continuous improvementthrough learning from experience.

G 2.2.4.7 Under the CSM for monitoring, duty holders (RUs, IMs and ECMs) are required toensure that risk control measures implemented by their contractors are monitored,using contractual arrangements.



RSSB of 55


2.2.5 Collaboration

Guidance

G 2.2.5.1 Observations from the McNulty report (2011) on supply chain management withinthe GB rail industry reported that: 'Relationships are seldom truly collaborative andoften short term; and processes which fail to engage contractors early enough in theprogramme / project life-cycle thus limiting the contribution from contractors andinhibiting innovation'.

G 2.2.5.2 An overtly contractual relationship can result in delays and barriers to market forsolutions, products and processes which could potentially have the ability to deliverefficacy and efficiency benefits.

G 2.2.5.3 The GB rail industry seeks to encourage greater collaboration within the supply chain,enabling collaborative partnerships which deliver innovative and inspiring solutions,and a step change to the area where they are being proposed.

2.3 Introduction to supplier assurance arrangements

2.3.1 Background: The Supplier Assurance Framework Project (SAFP)

Guidance

G 2.3.1.1 As part of the drive to improve the efficiency and cost effectiveness of the GB railindustry, RSSB on behalf of the industry led the SAFP to optimise safety, quality andvalue for money within the field of supplier assurance.

G 2.3.1.2 The SAFP identified that significant savings may be made if the GB rail industrycollaborates on the provision of assurance arrangements, particularly by avoidingduplication of information requests and audits. Consequently, SAFP defined a set ofharmonised processes and interventions that can deliver meaningful assurance in themost effective way.

G 2.3.1.3 SAFP produced the RSSB publication 'Securing supplier assurance', which includesdefinitions of a number of terms relating to supplier assurance that are in commonusage. These definitions are used within this document.

G 2.3.1.4 The output of the work of SAFP is presented within this RIS-2750-RST, with additionalinformation, including the content of 'Securing supplier assurance', available in thesupplier assurance section of the RSSB website. Together, this provides a frameworkfor supplier assurance arrangements that industry can choose to adopt, either as anindividual buyer organisation or as a collaborative scheme to realise the efficiencybenefits identified by SAFP.

2.3.2 Supplier assurance life cycle

Guidance

G 2.3.2.1 SAFP identified that supplier assurance can generally be derived through acontinuous process, recognising the life cycle of growing maturity of relationships



of 55 RSSB


https://www.rssb.co.uk/Library/improving-industry-performance/2013-guidance-securing-supplier-assurance.pdf?web=1

https://www.rssb.co.uk/Library/improving-industry-performance/2013-guidance-securing-supplier-assurance.pdf?web=1

between buyers and suppliers according to the risk being addressed and the level ofassurance required.

G 2.3.2.2 Figure 1 has been developed to illustrate the buyer / supplier life cycle and has fivemain stages. Each stage represents an opportunity to progressively develop assuranceand confidence between buyers and suppliers over the course of a procurementrelationship through making appropriate and proportionate interventions.

Figure 1: The assurance generator model



RSSB of 55


Life cycle stage What assuranceis provided?

Buyer role Supplier role

1 Capabilityassessment

• Coreinformation

• Capabilitydemonstration

• Pre-qualification(inc. EU)

Proof of supplierstatus andcapabilities,compliance withlegislation andexistence ofmanagementsystems

Understand whatrequirementsthey have ofsuppliers andthen using onlythose supplierswho meet thoserequirements

Demonstrate,maintain anddevelop theircapabilities in linewith buyer’srequirements

2 Pre-tenderselection

• Buyer specific• Adds to but

does notduplicate

• Potential tomigrate tocore data

Detailedinformation tomaximise thelikelihood ofmaking the bestchoice of supplier

Use the availableinformation tomatch potentialsuppliers to thebusinessrequirement

Understand thebuyer’srequirements anddemonstratealignment andcompetence tosupply

3 Procurementprocess

• Matchingsupplier tocontract / job

• Capacityconfirmation

• Resourceconfirmation

Detailedmatching ofsuppliers’products andservices to thebuyer’srequirement.Planning forcontract deliveryof thoserequirements

Communicate tomake sureexpectations interms of therequirements areunderstood andthat there areclear andformalised termsof engagement.Manage therelationship andinterfacesappropriately

Prepare forcontract deliveryand thecontractualcommitment tosupply the buyer’srequirementsbased on agreedterms and sharedexpectations.Implementappropriateprocesses toensurecompliance



of 55 RSSB


Life cycle stage What assuranceis provided?

Buyer role Supplier role

4 Contract delivery

• Support /developrelationship

• Monitorconformanceandperformance

• Co-operationforimprovement

On-goingmonitoring andmanagement ofprogress towardsrequired outcome

Monitor andmanage supplierrelationship toensure successfuloutcome

Maintaincompliantperformance andfulfilcommitment,while providingfeedback to buyer

5 Post-contractreview

• Buyer led• Learning• Return on

experience

Lessons learntfrom experienceto enablecontinuousimprovement

To review,consider, recordand share lessonslearnt

To review,consider, recordand share lessonslearnt

Table 1: Supplier assurance life cycle stages

G 2.3.2.3 Table 1 expands on the assurance generator diagram and indicates the purpose andactions required to support the five stages.

G 2.3.2.4 Part 3 is aligned with the five stages of procurement (sections 3.4.1 to 3.4.5) and thecentral information hub (section 3.3), as outlined by the assurance generator, andincorporates the recommendations from SAFP. The intention of Part 3 is to bring theassurance generator to life by providing appropriate requirements and guidance thatreflect the potential diversity of supply chains within the GB rail industry and the riskprofile of products and services the industry procures. It is suitable for use by a singlebuyer organisation, a corporate supplier assurance process covering severaldepartments or companies within a group or a supplier assurance scheme used bybuyers of products and services for use in the GB rail industry.



RSSB of 55


Part 3 Requirements for Supplier Assurance

3.1 Introduction to supplier assurance arrangements

Guidance

G 3.1.1 The intention of Part 3 is that it contains requirements and guidance to implementand maintain supplier assurance within the procurement process.

G 3.1.2 The requirements are focussed on the supplier assurance aspects derived from theassurance generator. It is acknowledged that other aspects of procurement; forexample, financial / commercial considerations are important aspects for a buyer butthey are not otherwise considered here unless they are relevant to supplier assurance.

3.2 General principles

3.2.1 Risk-based approach

3.2.1.1 The supplier assurance arrangements for products and services ultimately for use inthe GB rail industry shall reflect the risk associated with those products and services.

Rationale

G 3.2.1.2 Recognising that resources are usually limited, this principle directs buyers to prioritisetheir assurance arrangements to ensure that those products and services procuredthat attract the greatest risk are given the most attention (see 2.2.1).

Guidance

G 3.2.1.3 It is considered good practice for a buyer’s processes for supplier assurance to besubject to internal audit and review according to the risk profile of the products and /or services concerned.

3.2.2 Competence

3.2.2.1 Competence criteria for personnel involved with determining and fulfilling theassurance arrangements for procured products and services shall include at least:

a) Technical knowledge of the product(s) concerned.b) Understanding of risk in the railway environment.

Rationale

G 3.2.2.2 Buyers’ procurement processes require input from a number of disciplines, includingengineering, assurance and finance. Dependent upon what is being procured and therisks identified, the balance of this input may vary; however, it is essential that thesedisciplines are recognised throughout the procurement process.



of 55 RSSB


Guidance

G 3.2.2.3 A.3 provides guidance over the types of competency requirements that can berelevant to supplier assurance and highlights the role of the supplier assurance co-ordinator.

3.2.3 Use of a scheme

3.2.3.1 When relying on aspects of supplier assurance provided by a scheme, buyers shallcheck the applicability of any information it uses.

Rationale

G 3.2.3.2 It is important that the information provided by the scheme matches the assurancerequirements (see 3.3) for the product or service concerned. Otherwise, the buyer maybe getting ‘false comfort’ by relying on the information provided.

Guidance

G 3.2.3.3 Within the context of this document, use of a scheme refers to either:

a) Third party scheme – an external approval such as ISO 9001:2015, IRIS, RISAS,RISQS provided by recognised international or GB rail industry arrangements,typically using independent, accredited certification bodies.

b) Second party scheme – a set of corporate supplier assurance arrangementswhereby the buyer is relying on a scheme run by its parent or a sister company(which may be international and / or non-rail specific).

G 3.2.3.4 Use of a scheme to provide assurance is typically dependent on the risk associatedwith the product and or service concerned; that is, the greater the risk, then the morepotential benefit of relying on a scheme.

G 3.2.3.5 ROGS 31(4) highlights the need to verify information provided by another, within thebounds of reasonableness.

G 3.2.3.6 A particularly important aspect is to check that the scheme information providedactually covers the product or service concerned; this can be typically found under the‘scope of certification’ or equivalent of any supplier approval documentation. G 3.4.1.5.3 sets out information that can be provided as part of an approval.

G 3.2.3.7 Part 4 provides guidance that buyers can use to evaluate the relative integrity of anyscheme that they may be relying upon as part of their assurance arrangements.

G 3.2.3.8 Competence considerations in support of a scheme are contained in A.3.4.

3.3 Determination of supplier assurance requirements

3.3.1 Introduction to determination of supplier assurance requirements

Guidance

G 3.3.1.1 The requirements in this section follow the sequence shown in Figure 2.



RSSB of 55


G 3.3.1.2 The sequence shown is broadly analogous to the Risk Management Process containedwithin the Common Safety Method for Risk Evaluation and Assessment (CSM-RA),Regulation 402/2013.

G 3.3.1.3 The requirements in this section are concerned with understanding the risks arisingfrom the products and services to be procured; the information generated covers partof the intent of the ‘Central Information Hub’ area of the assurance generator.

Figure 2: Determination of supplier assurance requirements

3.3.2 Product categorisation

3.3.2.1 Products and services that buyers procure shall be uniquely identified and clearlydescribed.

Rationale

G 3.3.2.2 Unambiguous identification and description of products and services avoidsconfusion / misunderstanding with suppliers.

Guidance

G 3.3.2.3 Traditionally, the GB rail industry made use of British Rail (BR) Catalogue Numbers toidentify components; in some locations, these numbers are still used.

G 3.3.2.4 A.1 provides details of the Railway Industry Commodity Classification List (RICCL),which is consistent with ISO EN81346 and which identifies all commodities procuredby the buyer for use on the GB rail industry.

G 3.3.2.5 The identification of the specification against which a product or services is procuredcan assist with its categorisation.

3.3.3 Risk evaluation

3.3.3.1 The risk profile for each type of product and service the buyer procures shall bedetermined.

Rationale

G 3.3.3.2 Determination of a risk profile for each type of product and service enablesappropriate assurance requirements to be identified.



of 55 RSSB


Guidance

G 3.3.3.3 The risk profile of a product or service is often focused on its safety criticality but canalso include different types of risk as set out in G 2.2.1.4.

G 3.3.3.4 Appendix B provides a template framework for risks that can arise throughout theprocurement cycle to assist with this evaluation.

G 3.3.3.5 Knowledge of the specification for, and the intended use of, the product / service canassist with the determination of the risk profile. The likelihood and consequence ofany change to the specification and use of the product / service can also influence therisk profile.

G 3.3.3.6 The intention of the process illustrated by Figure 2 is that the output from the riskanalysis supports the next stages; hence, the greater the risk is deemed to be, themore important it is that this (output) is documented in such a way as to support thedetermination of the consequent assurance requirements and interventions.

3.3.4 Assurance requirements

3.3.4.1 The assurance requirements for each type of product and service the buyer procuresshall be determined based on the risk profile for each product and service.

Rationale

G 3.3.4.2 By matching the assurance requirements to the risk profile the efficiency andeffectiveness of the buyer’s assurance resources can be maximised.

Guidance

G 3.3.4.3 Examples of assurance requirements for individual products or services can includecompliance with recognised standards / specifications or confirmation of competencefor specific tasks such as welding or non-destructive testing.

G 3.3.4.4 Assurance requirements can apply at different stages of the procurement life cycle.

3.3.5 Assurance interventions

3.3.5.1 Assurance interventions shall be based on the assurance requirements for each typeof product and service the buyer procures.

Rationale

G 3.3.5.2 By basing assurance interventions on the assurance requirements, this in turn ensuresthat such interventions are linked to the risk profile for the product(s) and service(s)concerned.

Guidance

G 3.3.5.3 Assurance interventions can include but not be limited to:

a) Reliance on assurance provided by a scheme.b) Assurances provided by the supplier (including self-certification).c) Remote evaluation of documentary evidence.



RSSB of 55


d) Audit / assessment at supplier's premises.e) Buyer supervision of a service delivered on a buyer's premises.f) Monitoring / measuring of supplier performance, for example, first article

inspection, delivery inspections, batch / sample checking.

G 3.3.5.4 Typically, assurance intervention activity is overseen by the assurance personnelwithin a company, possessing competency such as outlined in A.3.2. This can involvethe role of the supplier assurance coordinator.

3.4 Assurance with procurement

3.4.1 Capability assessment of suppliers

3.4.1.1 Introduction to capability assessment of suppliers

Guidance

G 3.4.1.1.1 The process of approving suppliers, as set out in this section, is considered separatefrom any specific contract to deliver particular products and services and covers stage1 of Figure 1.

G 3.4.1.1.2 Buyers may already have a list of approved suppliers based on previouslydemonstrated performance. In other cases, there may be a need for a specificexercise to identify suitable suppliers for a bespoke procurement contract. There canalso be new entrants who wish to provide to the GB rail industry market for the firsttime.

3.4.1.2 Information for approving suppliers

3.4.1.2.1 When inviting potential suppliers to demonstrate their capability, the assurancerequirements for the products and services concerned shall be provided, as set out in 3.3.4.

Rationale

G 3.4.1.2.2 Inviting potential suppliers to demonstrate their capability to supply in accordancewith the assurance requirements, set out in 3.3.4, provides an objective and consistentmethod of evaluation.

Guidance

G 3.4.1.2.3 It is considered reasonable to expect a buyer to provide such advice and informationas may be necessary to enable suppliers to meet defined assurance requirements.

G 3.4.1.2.4 Provision of the defined assurance requirements within the central information hub inthe assurance generator model is an efficient method of making such informationavailable.



of 55 RSSB


3.4.1.3 Potential suppliers' demonstration of capability

3.4.1.3.1 Potential suppliers shall be required to demonstrate their capability to supplyidentified products and services against the assurance requirements for thoseproducts and services.

Rationale

G 3.4.1.3.2 Demonstration of capability to supply against defined assurance requirements iscommensurate with a risk-based approach.

Guidance

G 3.4.1.3.3 Buyers can have other considerations for approving suppliers, including commercialand legal considerations that are not related to any assurance requirements. Theseare not considered to be part of this standard.

G 3.4.1.3.4 A supplier’s ability to manage specifications and any changes to the products and / orservices they supply can be an important factor when considering their capability.

G 3.4.1.3.5 It can be the case that there is only a limited number of suppliers – or even just asingle supplier – available for a particular product or service. This can lead to asituation whereby potential suppliers are not able to fully demonstrate theircapability against the assurance requirements at this stage of the process. In suchcircumstances the buyer may have to consider bespoke assurance arrangements thatbalance the risk profile of the product / service against the capability of thesupplier(s) in order to manage the relationship with the supplier going forward.

3.4.1.4 Information provided by potential suppliers

3.4.1.4.1 Information provided by potential suppliers as part of the approval process (includingany existing demonstrations of capability) shall be verified.

Rationale

G 3.4.1.4.2 According to the risk profile of the products and / or services, an informed judgementis required as to whether the supplied information is acceptable and does in factdemonstrate compliance with the assurance requirements. This is also consistent withthe principle outlined in ROGS 31(4).

Guidance

G 3.4.1.4.3 A risk-based prioritisation is considered reasonable to decide the degree ofverification required to supplement accepting information ‘as received’, such as self-declarations provided by the supplier.

G 3.4.1.4.4 Provision of registration, qualification and certification information by a supplierassurance scheme (see Part 4), can fulfil this requirement.

G 3.4.1.4.5 Bona fide registration, qualification and certification information typically includes aschedule or equivalent document that clearly states the scope of supply that has beenapproved. This can be cross-checked to ensure it covers the product(s) and / orservice(s) that are being considered.



RSSB of 55


3.4.1.5 Confirmation of supplier approval

3.4.1.5.1 The buyer shall confirm that a supplier has been approved to supply identifiedproducts and / or services, including any conditions of approval.

Rationale

G 3.4.1.5.2 Formal confirmation that a supplier has been approved provides the supplier with theunambiguous identification of their status with the buyer.

Guidance

G 3.4.1.5.3 Confirmation of approval can include:

a) Recording of a suitable attestation that a supplier meets the defined assurancerequirements.

b) A list of the products and services that the supplier is approved to supply, includingany conditions.

c) Identification of the type and frequency of assurance intervention to support theapproval.

d) Any expiry date or equivalent whereby the approval needs to be reviewed and re-confirmed.

G 3.4.1.5.4 A rating system (or equivalent) can be used to grade the degree of maturity and levelof supplier performance, which can then be linked to the extent of assuranceinterventions as the buyer supplier relationship develops. Typically, this might requirea higher degree of intervention initially, which can then be relaxed once confidencehas been established, leading towards the ideal of ‘supplier of good standing’ (orequivalent).

3.4.1.6 Maintenance of buyer records

3.4.1.6.1 The buyer shall maintain appropriate records that shall include at least:

a) The list of approved suppliers.b) Evidence in support of approval.c) Any amendments to each supplier’s approval.

Rationale

G 3.4.1.6.2 Maintenance of records of supplier approval both demonstrates due diligence in theapplication of the supplier assurance process and allows the buyer to justify itsdecisions in the event of a subsequent incident.

Guidance

G 3.4.1.6.3 A risk-based justification may be used to determine the appropriate level of evidencerequired to be retained. See G 2.2.1.2.

G 3.4.1.6.4 Conditions of approval can alter over time as a result of experience in using aparticular supplier or procuring a particular product or service (see 3.4.5).



of 55 RSSB


3.4.2 Pre-tender selection

3.4.2.1 Information for pre-tender selection

Guidance

G 3.4.2.1.1 This section considers how a number of suppliers may be selected (ideally from analready approved list) to bid for a specific contract to deliver particular products andservices. This covers stage 2 of Figure 1.

G 3.4.2.1.2 A key principle here is that the buyer’s assurance requirements for a specific contractadds to, but does not duplicate, the assurance information obtained during thesupplier approval process set out in 3.4.1.

G 3.4.2.1.3 The risks at this stage are not whether the supplier can supply the products orservices, but whether they will be able to produce the volume required or deliver theservice in a timely manner with continuity of supply. This can in turn place pressure onthe ability to deliver against the assurance requirements.

3.4.2.2 Buyer's assurance requirements

3.4.2.2.1 Available information for the product(s) and / or service(s) concerned shall be used todetermine the buyer’s assurance requirements for the specific contract.

Rationale

G 3.4.2.2.2 Use of pre-determined assurance requirements, based on a risk-based approach,ensures a consistent and appropriate approach.

Guidance

G 3.4.2.2.3 It is considered good practice for key performance indicators (KPIs) to be specifiedthat can be linked to assurance requirements and feed into monitoring of supplierperformance. This is explained further in A.2.

G 3.4.2.2.4 The CSM for monitoring requires that duty holders define quantitative or qualitativeindicators as part of their monitoring strategy and plan(s) – KPIs can meet thisrequirement.

3.4.2.3 Selection of potential suppliers

3.4.2.3.1 The assurance requirements for the product(s) and / or services(s) concerned shallform part of the selection process for potential suppliers.

Rationale

G 3.4.2.3.2 Selection of potential suppliers can be influenced by a variety of factors and can beheavily influenced by commercial considerations and cost in particular. The purposeof this requirement is to ensure that there is balance in the decision-making process.



RSSB of 55


Guidance

G 3.4.2.3.3 The pre-tender stage is typically used to narrow down a large group of potentialsuppliers to a smaller group of serious suppliers, who are then invited to submit a fullbid against a detailed tender document. Using assurance requirements as a criterionas part of this process can be an effective way of identifying those suppliers who arelikely to be able to submit a compliant detailed bid.

G 3.4.2.3.4 Part of this evaluation can determine the supplier’s degree of understanding of theassurance requirements.

3.4.3 Procurement process

3.4.3.1 Information for the procurement process

Guidance

G 3.4.3.1.1 This section, which covers stage 3 of Figure 1, considers the supplier assurancerequirements within the procurement process, from inviting formal bids (from a list ofpotential suppliers identified during stage 2) to placing the contract.

G 3.4.3.1.2 Risks at this stage include compliance with legislation, reputational risks aboutconfidentiality and fairness when dealing with suppliers, as well as commercial risksassociated with pricing, offset of risk and insurance cover and engineering risksassociated with identification of specifications, drawings and bill of materials.

G 3.4.3.1.3 Where framework agreements (or equivalent) are already in place, then selectingsuppliers off frameworks is part of ‘contract delivery’ (stage 4) – stages 1-3 wereundertaken when the framework agreement was originally sourced. For establishedcontracts, routine / call-off orders may be placed on the basis of ‘more of the same’(until such time as requirements change).

3.4.3.2 Use of pre-determined assurance requirements

3.4.3.2.1 Assurance requirements for the product(s) and / or service(s) concerned (as pre-determined in section 3.3.1) shall be used, as appropriate, as part of the contractaward criteria during the procurement process.

Rationale

G 3.4.3.2.2 Use of pre-determined assurance requirements provides objective rationale to judgeresponses and ultimately ties the supplier into the assurance arrangements.

Guidance

G 3.4.3.2.3 The use of pre-determined assurance requirements in the procurement phase istypically dependent of the scale and significance of the procurement activity and canapply at different stages of the process. For a simple purchase like paper towels therecan be little or no requirements; a complex project like re-signalling (and which can besubject to OEJU processes) is likely to require more rigorous assurance requirements.

G 3.4.3.2.4 By including or referring to the assurance requirements in the proposed terms andconditions under which the contract will run, this will ensure that they become an



of 55 RSSB


integral part of the contract. These can include requirements for the supplier to carryout appropriate assurance interventions down the supply chain to its sub-suppliers(see 2.2.4) and monitoring requirements during contract delivery.

3.4.3.3 Selection of suppliers

3.4.3.3.1 Selection of suppliers shall include consideration of their capability to deliver againstthe defined assurance requirements for the intended contract.

Rationale

G 3.4.3.3.2 This requirement ensures that selection of suppliers is influenced by factors affectingsupplier assurance (in particular the ability to deliver the product / services inaccordance with a defined specification) as well as the more typical commercialconsiderations such as price, delivery times and after-sales service. Review of tenderresponses against the defined assurance requirements ensures that all aspects of acontract can be fulfilled.

Guidance

G 3.4.3.3.3 It is considered good practice to verify data and information provided by suppliers toa degree commensurate with the risk profile of the product(s) (see G 3.2.3.5).

G 3.4.3.3.4 The ability to supply, in accordance with the assurance requirements for the contract,can be compromised if a supplier ‘over stretches’ themselves in order to win acontract, and then subsequently put themselves under undue pressure to deliver. Forexample, if the supplier does not have the full suite of resources to deliver, they may,for example, intend to recruit up to meet the contract and / or to fulfil other ordersthey are trying to deliver at the same time.

3.4.3.4 Contract award

3.4.3.4.1 Contract award shall be on the basis that the chosen supplier meets the pre-determined contract award criteria, including any relevant assurance requirements.

Rationale

G 3.4.3.4.2 Detailed matching of a supplier’s offer of supply to the assurance requirements forthe product(s) and / or service(s) concerned, enables key aspects of the contract to beconfirmed at the award stage.

Guidance

G 3.4.3.4.3 There is no guidance associated with this requirement.

3.4.4 Contract delivery

3.4.4.1 Planning for contract delivery

3.4.4.1.1 Planning for contract delivery shall ensure that the assurance requirements areunderstood and that there are clear and formalised terms of engagement formanaging the relationship and interfaces according to the scale of the contract.



RSSB of 55


Rationale

G 3.4.4.1.2 Careful management of contract implementation can ensure that all theundertakings given during negotiation are translated into a commitment to deliverthe defined assurance requirements for the product(s) and / or service(s) concernedduring the contract.

Guidance

G 3.4.4.1.3 The risks at this stage include product integrity against specification, compliance withall contract requirements, timeliness of delivery and relationship management.

G 3.4.4.1.4 Contract delivery can include measurement processes for any KPIs linked tomonitoring performance. This is explained further in A.2.

G 3.4.4.1.5 Where contract delivery involves the use of contractors working on site, the followinglist of controls are suggested to control the specific risks involved:

a) Ensure that the contractor has suitable and sufficient information and instructionsabout local hazards.

b) Provide the contractor with suitable induction to the workplace requirements.c) Ensure that the contractor has relevant risk assessments and method statements.d) Ensure that the contractor has agreed supervision and monitoring arrangements

with the buyer.

Note: This list is not exhaustive.

3.4.4.2 Monitoring of contract delivery

3.4.4.2.1 The buyer shall undertake monitoring, as appropriate, against the agreed contractualand assurance requirements.

Rationale

G 3.4.4.2.2 On-going monitoring and management of the contract can identify whether definedassurance requirements are being met and hence whether the risks associated withsafety-critical products are being effectively controlled.

Guidance

G 3.4.4.2.3 Monitoring of performance against KPIs, defined within the assurance arrangements,provides a structured methodology for subsequent review. This is explained further in A.2.

G 3.4.4.2.4 Analysis of data derived from KPIs can assist duty holders in meeting theirrequirements under the CSM for monitoring.

G 3.4.4.2.5 It is considered good practice for monitoring arrangements to provide opportunity fortwo-way communication, to promote proactive buyer-supplier collaboration. This caninclude supplier / sub-suppliers' communication channels, where appropriate.



of 55 RSSB


3.4.4.3 Management of issues during contract delivery

3.4.4.3.1 Where monitoring of contract delivery identifies any issues with maintainingassurance requirements, these shall be investigated and requirements amended,where necessary.

Rationale

G 3.4.4.3.2 Prompt and appropriate resolution of such difficulties can restore confidence in theassurance of supply, thereby maintaining control of risk for the product / service.

Guidance

G 3.4.4.3.3 Inability to meet assurance requirements can either be due to the supplier beingunable or unwilling to meet them, or the monitoring arrangements identifyingunforeseen or additional hazards (or a combination of these factors).

3.4.4.4 Incidents post-delivery

3.4.4.4.1 Incidents involving supplied products and / or services occurring post-delivery shall beinvestigated jointly between the buyer and the supplier and appropriate informationshared.

Rationale

G 3.4.4.4.2 Under the CSM for monitoring, duty holders are required to ensure that any relevantsafety-related information is exchanged between themselves and their suppliers, toenable any necessary corrective actions to ensure continuous achievement of thesafety performance of the railway system. Established GB rail industry processes(such as RIS-8250-RST) support this process.

Guidance

G 3.4.4.4.3 Such incidents can be graded according to severity and can, for example, be coveredby a warranty arrangement.

G 3.4.4.4.4 The process outlined in RIS-8250-RST is designed to alert the GB rail industry to high-risk incidents that have affected, or have the potential to affect, the safety of therunning railway (for example, a previously undetected failure mode which may bepresent in other examples of product already in service). Prompt sharing of relevant,safety-related information, whilst respecting issues such as confidentiality, can assistthis process.

G 3.4.4.4.5 Priority in the immediate aftermath of an incident occurring is to address any safety-critical issues, irrespective of commercial considerations. Exercises, such as productrecall, may cause difficulties in the short term but, in the longer term, an effectiveresponse has the potential to enhance a supplier’s reputation.

3.4.4.5 Periodic review of contract delivery performance

3.4.4.5.1 Buyers and suppliers shall undertake periodic review of contract delivery performance,as appropriate.



RSSB of 55


Rationale

G 3.4.4.5.2 Review of contract performance in terms of the delivery of the contracted product(s)and / or service(s) is typically undertaken for the following reasons:

a) The scope and the scale of the contract demands planned reviews either on aregular basis (for example, three-monthly) or to coincide with defined milestones.

b) Evidence from on-going monitoring and management of the contract indicatesthat suppliers are no longer able to continuously demonstrate that definedsupplier assurance requirements are being met. This could include issues arising asset out in 3.4.4.3 and 3.4.4.4, as well as, for example, issues in the supply chainbeyond the immediate supplier and cost pressures.

c) There are material changes to products and / or services. This could include, forexample, engineering change as a result of new technology, design changes,legislative changes and environmental changes.

Guidance

G 3.4.4.5.3 Additional information on performance feedback is provided in A.2.

3.4.5 Review and continuous improvement

3.4.5.1 At the end of each contract there shall be a review of the effectiveness of theassurance arrangements for the contract, as appropriate.

Rationale

G 3.4.5.2 By considering the effectiveness of the assurance arrangements for the product(s)and service(s) associated with the contract, this can identify the need to amend thosearrangements for any future contracts in the light of experience with the completedcontract. Alternatively, a review can identify what went well such that successfularrangements can be applied to other contracts.

Guidance

G 3.4.5.3 A post-contract review can enable both parties to consider, record and share lessonslearnt, thereby supporting change control processes to enable continuousimprovement and promote long-term, collaborative buyer-supplier relationships.

G 3.4.5.4 A risk-based justification may be used to determine the appropriate level of contractreview undertaken. See G 2.2.1.2.

G 3.4.5.5 The role of the supplier assurance co-ordinator (as set out in A.3.3) can assist withamending supplier assurance arrangements for any future contracts in the light ofexperience with completed contracts.



of 55 RSSB


Part 4 Supplier Assurance Schemes

4.1 Information for a supplier assurance scheme

Guidance

G 4.1.1 This section outlines good practice for supplier assurance schemes, using theterminology of the assurance generator.

G 4.1.2 The intention of this section is that it can be used as guidance by:

a) Scheme governance boards and management teams, when devising andimproving aspects of their scheme.

b) Buyers, when relying on aspects of supplier assurance provided by a scheme (asreferred to in 3.2.3).

4.2 Available information for products and services

4.2.1 Information to be provided

Guidance

G 4.2.1.1 For a scheme to be relied upon, information for products and services needs to beconsistent and pertinent for both buyers and suppliers.

G 4.2.1.2 A suggested list for the supplier assurance information for the products and services ascheme covers includes:

a) Identification of products and services using a defined commodity classificationstructure (as set out in A.1).

b) The risk profile of each product and service type listed.c) The defined supplier assurance requirements of each product and service type

listed.d) Recent history of any risk-related incidents occurring to products and services

covered by the scheme.e) Certification and performance information on suppliers.

G 4.2.1.3 Section 3.2 sets out a systematic methodology for the determination of supplierassurance requirements.

4.2.2 Access to information

Guidance

G 4.2.2.1 Making scheme information available allows buyers to make informed choicesregarding the products and services they procure, and the suppliers they procure themfrom, to support their own procurement activity.

G 4.2.2.2 By making information on issues such as risk-related incidents available centrally, thisallows a co-ordinated and efficient ‘do it once; do it well’ approach that avoids theneed for each buyer to undertake their own individual investigations (see 4.3'Capability Assessment').



RSSB of 55


G 4.2.2.3 Certain information can be commercially sensitive between buyer and supplier.Otherwise, sharing of information related to the efficiency and effectiveness ofsupplier assurance arrangements can enhance those arrangements through sustainedapplication of the assurance generator. This is explained further in A.2.

G 4.2.2.4 The information hub with the assurance generator is designed as a central recordsdepository for such information.

4.3 Capability assessment

4.3.1 Overview of capability assessment

Guidance

G 4.3.1.1 Capability assessment is the first stage of the assurance generator and its principle isshown in Figure 3; the intention is that the extent of its application is commensuratewith the risk profile of the product(s) and service(s) concerned.

G 4.3.1.2 Definitions for the three specific terms in Figure 3 are as follows:

a) The definition of registration is: 'A process provided to suppliers to enable them toregister their interest in becoming a supplier.'

b) The definition of qualification is: 'A process to determine whether or not asupplier, or potential supplier, meets a predetermined set of criteria.'

c) The definition of certification is: 'A formal process of issuing certificates (hard orsoft copy) that provides the holder with documentary evidence that a successfulassessment has taken place.'

G 4.3.1.3 An assessment is defined as 'A systematic and documented process for obtainingevidence and evaluating it objectively to determine the extent to which the criteriaare fulfilled. The assessment may lead to the issue of an approval, certificate or otherauthority enabling the assessed organisation to perform a role or supply a product.'



of 55 RSSB


Figure 3: Capability assessment flowchart

4.3.2 Core supplier information

Guidance

G 4.3.2.1 Core supplier information includes company details (name, address, etc) and factualinformation on the product(s) supplied or intended to be supplied, to enable a basicinformed choice. This is broadly analogous to the registration stage of the flowchartshown in Figure 3.

G 4.3.2.2 Data is only basic at this stage; hence, only a low level of assurance is provided. Thiscan, however, be sufficient for products with a low-risk profile such as paper towels.

4.3.3 Capability demonstration

Guidance

G 4.3.3.1 The capability demonstration is broadly analogous to the qualification andcertification stages of the flowchart shown in Figure 3.

G 4.3.3.2 Evaluating the capability of potential suppliers against predetermined assurancecriteria provides detailed, verified information to provide assurance for buyerscommensurate with the risk profile of the products and services involved.

G 4.3.3.3 Predetermined assurance criteria are part of the available information referred to in 4.2. The derivation of predetermined assurance criteria is more fully set out in 3.3.



RSSB of 55


4.3.3.1 Qualification stage

Guidance

G 4.3.3.1.1 Information provided by potential suppliers at the qualification stage can includeexamples / evidence of work done, competency records, recent contracts undertaken,together with details of any related approvals (for example, ISO9001:2015).

G 4.3.3.1.2 Qualification is often used when following EU procurement legislation requirements.Where there are specific requirements; for example, ensuring suppliers of clothing donot use child labour or other unsafe practices, the qualification stage would typicallyinclude these criteria.

G 4.3.3.1.3 Dependent on the level of risk involved, information gathered remotely at thequalification stage, with suitable verification, may be sufficient to provide assurancewithout the need for separate certification. This approach can be sufficient forproducts and services with a medium risk profile.

4.3.3.2 Certification stage

Guidance

G 4.3.3.2.1 Certification is a more rigorous process than registration or qualification and providesa much higher level of assurance. It is therefore most appropriate for products with ahigh-risk profile (for example, rails and wheelsets).

G 4.3.3.2.2 Certification can apply just to an assessment of an organisation’s managementsystem or, in addition, to an organisation’s production processes.

G 4.3.3.2.3 Successful management system certification provides evidence that a supplier hasthe management systems in place to give it the capability to comply with specifiedrequirements, but not that these requirements can or will be met.

G 4.3.3.2.4 The addition of successful process certification provides evidence that a supplier hasmanagement and production processes in place that both have the capability tocomply with specified requirements and proof that these processes actually work anddeliver the specified requirements.

G 4.3.3.2.5 Where suppliers are already delivering products and / or services against a contract,then an assessment (leading to certification), which includes witnessing thoseproducts and / or services being delivered, is a recommended assurance intervention(see 3.3.5) to provide (continued) assurance of compliant supplier performance.

4.4 Buyer-supplier cooperation

Guidance

G 4.4.1 Promotion of mutual buyer / supplier cooperation, including sharing of assurance-related information, supports longer-term, collaborative buyer-supplier relationships,leading to continuous improvement and sustainable development (see 2.2.5).

G 4.4.2 Good practice is to collaborate on key products and services; for example, throughsupply chain forums, user groups, scheme-led investigations and research. Such



of 55 RSSB


actions may be regarded as examples of buyers and suppliers assisting transportoperators to discharge their duty of cooperation in accordance with ROGS Regulation22.

G 4.4.3 Collaboration in response to safety-critical incidents associated with suppliedproducts and services (see 3.4.4.4), can both assist the immediate management ofthe incident and assist informed decision making thereafter, thereby supportingindustry efficiency and scheme confidence.

G 4.4.4 Sharing assurance-related information can highlight issues from experience whichmight not otherwise have been originally identified within the available informationfor the product(s) and / or service(s) concerned. This can be used to enhanceassurance arrangements within the scheme for the benefit of all users.

4.5 Scheme governance

Guidance

G 4.5.1 Scheme credibility can be greatly enhanced by the establishment and maintenanceof governance arrangements to oversee the integrity of the scheme and its operation.

G 4.5.2 Good practice in this area includes corporate governance principles (arising from theCadbury Report [1992]) and independence / impartiality controls required byinternational standards such as ISO17065.

G 4.5.3 Good practice activities include:

a) The rules by which the scheme operates are published and maintained andavailable to scheme stakeholders.

b) A representative Board (or equivalent) is constituted by the scheme to oversee itsgovernance.

c) Suggested representation for a governance board (or equivalent) includes:

i) End user duty holders (RUs, IMs and ECMs).ii) Major buyers (ROSCOs, infrastructure contractors and rolling stock

manufacturers).iii) Key suppliers (represented by trade associations, where appropriate).iv) Regulatory, governmental and industry bodies (RSSB, ORR etc).

d) The principal responsibilities for the governance board include:

i) Guiding and approving scheme policy.ii) Granting power to organisations to undertake defined roles in the supplier

assurance process.iii) Ensuring financial accountability, sustainability and stability.iv) Ultimate arbitration and ruling on appeals.v) Monitoring and amending in the light of performance feedback the supplier

assurance arrangements for the products and services covered by thescheme.

Note: Aspects of these responsibilities can be delegated to sub-boards /committees or other relevant monitoring mechanisms.



RSSB of 55


e) The principal aims and objectives of the governance board include at least thefollowing:

i) To ensure buyers and suppliers are supported and have confidence in thearrangements.

ii) To promote the arrangements and maximise their utilisation.iii) To ensure the arrangements are fair, open, equitable and transparent.iv) To seek continuous improvement and ongoing suitability of the

arrangements.



of 55 RSSB


Appendices

Appendix A Information on Aspects of Supplier Assurance

A.1 Commodity classification

A.1.1 A GB rail industry commodity classification listing (RICCL) has been created on behalfof RISQS. The RICCL is consistent with the requirements of ISO EN 81346, EN 15380and related standards.

A.1.2 The commodity classification structure, consistent with the EU railway system, sub-system division designed to facilitate interoperability, is shown in Figure 4.



RSSB of 55


http://www.risqs.org/explanation-of-riccl/

Figure 4: First tier categorisation



of 55 RSSB


A.1.3 The product categorisation structure complies with the following rules:

a) All critical products and services for use in the GB rail industry are included.b) Each class consists of all of its sub-classes. These are termed its ‘children’. Each

sub-class is a constituent of its class. This is termed the ‘parent’.c) Each class or sub-class occurs only once. If an anomaly is identified where one

product is the bridge between two sub-systems (for example, cab radios arephysically part of the train but they are also part of the signalling system), this isdealt with by forming a hybrid link between two parts for the structure, whichenables users to find the correct classification no matter what perspective theyuse.

d) No class (parent) is identical to any of its sub-classes (children).e) Only Latin upper-case letters from A to Z excluding 'I' and 'O' are used as

alphabetical data positions. For numerical data positions, Arabic numerals areused.

f) The number of subdivisions for any class is limited to a maximum of 10 sub-classes.

g) A 'miscellaneous' class or sub-class is not used. However, commodities that aretruly generic and part of two or more sub-systems are listed as generic.

h) Approval for the parent automatically confers approval for all of the children andsubsequent descendants.

i) Individual approval for all of the children does not automatically confer approvalfor the parent unless there are no special requirements for the assembly of thesub-components.

A.2 Performance feedback

A.2.1 Performance feedback overview

A.2.1.1 Supplier assurance arrangements can be perceived as ineffective if the performanceof suppliers does not meet expectations despite the suppliers being qualified /approved (for example if an incident occurs involving a supplier that has beenapproved). Proactive use of routine performance feedback can be used as part of aproactive strategy to address such issues.

A.2.2 Suggested approach for an individual buyer

A.2.2.1 The following process is suggested:

a) Supplier assurance arrangements are designed, or enhanced, to include facilitiesfor performance feedback.

b) Supplier assurance requirements define appropriate measures (KPIs) to begenerated and reviewed as part of the management of a contract. Examplesinclude, but are not limited to:

i) Internal rejection / re-work rates (for example, linked to critical ‘pass-fail’criteria during the production process as defined in the specification for theproduct).

ii) Customer rejections at point of delivery (this might include warranty claims).iii) Incidents involving supplied product and services in operational service (for

example, National Incident Reporting (NIR).



RSSB of 55


c) Feedback derived from the use of such KPIs is used to review and amend, asappropriate, the supplier assurance arrangements for each supplier according toperformance. This will normally be a reduction in assurance interventions wherethe measures indicate consistently high performance or, conversely, an increasedlevel of assurance intervention where the measures indicate that more support isrequired to assist a supplier in reaching the required performance levels.

d) Resources freed-up in a buyer’s supplier assurance department (throughidentification of high-performance suppliers) can be redeployed to supportsuppliers whose performance is less satisfactory. Initially, this resource can be usedto identify the causes of poor performance but subsequently it can be used tofacilitate initiatives that bring about performance improvement.

e) Notwithstanding any reduction in assurance interventions, it is important tomaintain measurement of performance; it can be the case that the performanceof a previously high-performing supplier can degrade, leading to a resumption of ahigher level of assurance intervention.

f) Over a sustained period of time, feedback can be used to revise and refine theassurance arrangements for products to maximise the efficiency and effectivenessof a buyer’s supplier assurance arrangements.

A.2.3 Suggested approach for a scheme

A.2.3.1 Adoption of the following principles is suggested to optimise supplier performancefeedback arrangements as part of a scheme:

a) The mechanism outlined in A.2.2 provides a suitable basis for schemeperformance metrics and feedback arrangements to be defined. The informationgenerated can be used as part of the information hub within the assurancegenerator model.

b) In addition to the information generated, as outlined in A.2.2, scheme users areencouraged to provide objective performance feedback (for example, descriptivestatements), which can be used to enhance the core information for suppliers andbuyers that subscribe to the scheme. This can include suppliers providingperformance information about buyers, as well as the more usual buyer feedbackabout suppliers.

c) The use of feedback information as part of the information hub is subject toconfidentiality controls and is only used for the purpose it was gathered; that is, tobring about improvement for the benefit of both suppliers and buyersparticipating in the scheme (that is, if performance feedback is used for negativepurposes it is likely to undermine the process and inhibit participation).

d) In the event of a difference of opinion between buyer and supplier over thevalidity of feedback information generated, the scheme can provide a resolutionfacility to ensure that only agreed information is used as part of the scheme.Otherwise, where there is agreement on supplied feedback information, suchinformation can be considered to be very reliable.

A.2.4 Benefits

A.2.4.1 Collecting performance feedback will enable the GB rail industry to:

a) Collect data to objectively measure the effectiveness of supplier assurancearrangements.



of 55 RSSB


b) Make the most efficient use of finite supplier assurance resources.c) Incentivise stakeholder participation through the potential to reduce supplier

assurance costs, improve performance and therefore reputation (leading to futurebusiness stability and growth).

A.2.4.2 Where performance feedback indicates consistent high standards from a supplier, itfollows that any supplier assurance activity undertaken routinely in the form ofassessments and audits is unlikely to improve performance and can therefore beconsidered to be adding little value. Removal of, or at least a reduction in, the supplierassurance activity has the advantage of freeing up resources, reducing costs, or both,for the supplier and the buyer. This creates a virtuous circle for both buyer andsupplier organisations.

A.2.4.3 Performance feedback can provide a measure of whether or not the supplierassurance arrangements themselves are working. In addition, performance indicatorsand appropriate reporting can enable the industry’s supplier assurance governingbodies to measure the effectiveness and rate of improvement of the arrangementsfor the GB rail industry as a whole.

A.3 Role competence

A.3.1 Role competence overview

A.3.1.1 The introduction section of the ORR’s Railway Safety Publication (RSP) 1 ‘Developingand Maintaining Staff Competence’, provides the following description ofcompetence: 'The ability to undertake responsibilities and to perform activities to arecognised standard on a regular basis. Competence is a combination of practical andthinking skills, experience and knowledge, and may include a willingness to undertakework activities in accordance with agreed standards, rules and procedures.Competence depends on the context and the environment in which the activity isperformed, and also on the working culture of the organisation. In the workenvironment the standard of competence is the standard of work expected to satisfy anumber of requirements, including business objectives as well as health and safetyrequirements'.

A.3.1.2 The RSSB guidance document ‘Engineering Excellence into Competence’ is aligned toRSP1 and contains good practice that can be used to develop a CompetenceManagement System in a workshop environment.

A.3.1.3 Both documents highlight the need to define competence standards (requirements)for roles that personnel undertake.

A.3.2 Competence requirements for supplier assurance personnel

A.3.2.1 The responsibilities for discharging the five stages of the assurance generator (as setout in Part 3) can be shared amongst a number of personnel within an organisation.Furthermore, it can be the case that these responsibilities are part of a wider role anindividual may have within the organisation (for example, the principal role of aworkshop supervisor is typically to allocate work and supervise staff; however, theymay also be required to inspect product quality).



RSSB of 55


A.3.2.2 It is suggested that, for each of the five stages of the assurance generator, thecompetence requirements are identified to job roles within the organisation (that is,who is responsible for doing what).

A.3.2.3 Once the competence requirements have been identified, as set out above, these canbe used as part of the ongoing process of competence management to ensure theimplementation of a consistent approach to the process of supplier assurance. Thiscan form the basis of the organisation demonstrating its competence for delivery ofproducts and services to the GB rail industry.

A.3.2.4 Technical knowledge of the products and services that an organisation provides is anessential component of the competence requirements for supplier assurance.However, it is not necessary for all personnel involved to be fully conversant with alltechnical aspects; rather, it is important that personnel are able to recognise the limitof their competence in this respect and have access to other personnel in theorganisation who do have the requisite competence.

A.3.2.5 The other essential element of supplier assurance competence is an appreciation ofthe management of risk, including:

a) An understanding of risk and risk assessment, to enable identification andmitigation of risks that may be introduced by the supplier’s products and services.

b) An understanding of relationship management, including the arrangements forgenerating performance feedback (as set out in A.2).

c) An understanding of procurement principles, including invitation to tender, tenderpreparation and negotiation, development of contracts, terms and conditions,contract reviews and contract variation processes.

d) Knowledge of the organisation’s management systems.e) Appreciation of supplier assurance arrangements, including their purpose and how

these are interpreted by their organisation to provide control measures.f) Appreciation of the GB rail industry and how and where an organisation and their

products / services fit into the supply chain.g) Knowledge of IT systems used in maintaining the organisation’s supplier

assurance arrangements and, in particular, the maintenance of the coreinformation within the supplier assurance arrangements.

h) Understanding of the organisation’s control measures for supplier assurance,including the requirements for audit and assessment, or other such interventionprogrammes that demonstrate performance.

i) Understanding of the arrangements for document control and maintenance ofrecords as applied to the organisation’s supplier assurance arrangements.

j) An understanding of performance measurement and how this may be applied.The use of KPIs or other such visible indicators that may be used in evidence ofsupplier assurance compliance plus supplier performance measurement (as set outin A.2).

k) An understanding of how customer specifications are reviewed to enabledeliverables to be compliant. Examples of evidence may include understandinghow quality plans are developed and used, or product development is introducedthrough contract and contract variation.



of 55 RSSB


A.3.2.6 Typically, these competences are shared amongst a range of personnel within anorganisation.

A.3.3 The role of the Supplier Assurance Co-ordinator (SAC)

A.3.3.1 Organisations involved in the GB rail industry supply chain usually have a person, orpersons, whose job includes either specifying (buyer) or complying with (buyer)assurance arrangements. This can include responsibility for making sure theorganisation’s own supply chain is compliant with assurance arrangements.

A.3.3.2 In order to ensure consistency in working with supplier assurance arrangements it issuggested that:

a) All organisations affected by supplier assurance in the GB rail industry nominatean employee within their organisation as their SAC.

b) SACs are assessed against the competence requirements for supplier assurancepersonnel, as set out in A.3.2.

c) SACs participate in supplier assurance networking and forums to ensure theirknowledge remains current and to promote consistency of approach.

A.3.3.3 Typical duties for a SAC are:

a) Ensuring their organisation achieves and maintains compliance with allappropriate supplier assurance arrangements that apply to their company usingprocesses such as internal audit.

b) Ensuring suppliers, service providers and contractors appointed by theirorganisation are compliant with all appropriate supplier assurance arrangementsthat apply to them.

c) Ensuring all members of their organisation have sufficient knowledge of supplierassurance arrangements to ensure they undertake their roles in a way which isconsistent with the appropriate requirements.

d) Contributing to the development of supplier assurance arrangements for their andthe industry’s benefit.

Note: These duties may be undertaken by one individual or shared as a roleamongst several within the organisation.

A.3.3.4 The adoption of the concept of an SAC is intended to:

a) Ensure consistent application of supplier assurance arrangements through up-to-date knowledge and understanding.

b) Improve the communication of supplier assurance requirements, knowledge andinformation.

c) Provide a focal point, point of contact and source of knowledge at local level in allaffected organisations.

d) Improve the efficiency and effectiveness of supplier assurance arrangementsthroughout the GB rail industry.

A.3.4 Competence considerations in support of a scheme

A.3.4.1 Consistent application of the requirements for supplier assurance, across multiplecompanies and organisation types, is a key factor to the success of any pan-industryscheme.



RSSB of 55


A.3.4.2 Roles involved with the application of supplier assurance arrangements within ascheme can include, but are not limited to:

a) Supplier assurance scheme providers.b) Audit / assessment bodies.c) IT / data management companies.d) Administrators.

A.3.4.3 Inclusion of the roles identified above, within the competence managementarrangements in support of a scheme, is considered to be essential if the supplierassurance arrangements within a scheme are to be delivered accurately andconsistently. This includes periodic monitoring and review. It is suggested that this isoverseen by a scheme’s governance body.



of 55 RSSB


Appendix B Procurement Risks

B.1 Procurement risks overview

B.1.1 Table 2 sets out a risk assessment template that can be used by a buyer as part oftheir supplier assurance processes.

B.1.2 The suggestion is that this table can be used to assess the risk for each different typeor group of products / services that the buyer procures. It is further suggested thatthis is prioritised towards those products / services with the higher risk profile. Thetable indicates whether a particular cause / threat is applicable to products, servicesor both.

B.1.3 The table does not attempt to list all conceivable risk scenarios. It is intended as ageneric template, listing a selection of reasonably credible risks that a user can thenadd to, to produce a robust risk assessment to suit their own procurement scenarios.

B.1.4 The table is configured around the assurance generator and, where appropriate, themitigation actions are linked to the content of this standard.

B.2 Recognised good practice from the CSM-RA

B.2.1 The CSM-RA defines a hazard as ‘a condition that could lead to an accident’. Hazardscan have a number of different causes. A robust and efficient approach to hazarddefinition is one where a clear distinction is made between hazards and causes. Thetable is therefore set out along these lines.

B.2.2 CSM-RA requires that hazards be classified. No classification is offered in this table;the reason for this is that the various hazards and causes identified can be differentfor each product / service considered (some may be not applicable at all). As a result,the classification of hazards can vary depending on which product / service is beingconsidered.

B.2.3 Further guidance on hazard identification and classification is given in GEGN8642.



RSSB of 55


Procurementhazard

Cause / threat Mitigation Products Services

Assurance Generator Stage 1: Capability Assessment

Risks profile ofproduct / servicenot adequatelyidentified /described

Buyer not competent to assess risk Procure or train for requiredcompetence (see A.3.2)

Yes Yes

Insufficient information (includingspecification for product / service)available to assess risk

Research information for product /service

Yes Yes

Assurancerequirements forproduct / servicedo not reflect riskprofile

Buyer not competent to applysupplier assurance principles

Procure or train for requiredcompetence (see A.3.2)

Yes Yes

Inappropriateregistration /approval ofsuppliers

Inadequate / insufficient informationprovided to potential supplier

Ensure suitable product / serviceinformation (see 4.2.1)

Yes Yes

Supplier response not adequatelyverified

Apply degree of verificationappropriate to risk (see 3.4.1.4)

Yes Yes

Inconsistent application of supplierassurance process

Brief / train for required competence Yes Yes

Assurance Generator Stage 2: Pre-tender assessment



of 55 RSSB


Procurementhazard


Inappropriatecriteria forsupplier selection

Available information for product /service does not cover specificcontract application

Research information for specificcontract

Yes Yes



Yes Yes

Potentialsuppliersidentified who donot have thecapacity for thework or thecompetencesrequired

Selection of suppliers does not use orplaces insufficient emphasis onassurance requirements

Effective supplier assessment prior tocontract (see 3.4.2.3)

Yes Yes

Limited selection of suppliersavailable (for example, due to a nicheproduct area)

Assurance arrangements may haveto balance the risk profile against thecapabilities of the supplier

Yes Yes

Potentialsuppliersidentified who donot understandhazards ofworkingenvironment

Hazards of working environment notfully understood by buyer

Research working environmenthazards for specific contract (see G 3.4.4.1.4)

Yes

Selection of suppliers does notconsider hazards of workingenvironment

Brief / train for required competence Yes

Assurance Generator Stage 3: Procurement process



RSSB of 55


Procurementhazard


Supplier selectedwho may not beable to deliver tothe fullrequirements ofthe contract

Buyer's specification incomplete, forexample:

• interfaces not clearly defined;• responsibilities not clearly defined;• required outcomes not clearly

defined

Effective internal contract reviewsand clear contract terms with supplier(see 3.4.3.3)

Yes Yes

Buyer not fully aware of what is beingpurchased and the associated risks


Buyer exposed tocommercial risk

Inappropriate pricing may createundue pressures

Offset of risk and insurance cover Yes Yes

Risks not offset in contract Effective contract terms backing offrisks

Yes Yes

Supplier not adequately insured Contract requirement Yes Yes

Buyer exposed tolegal risk

Buyer does not comply withlegislation, open to prosecution

Seek legal advice when drawing upterms and conditions

Yes Yes

Reputational risks aboutconfidentiality and fairness

Briefing / training to addressimpartiality, independence andconfidentiality when dealing withsuppliers

Yes Yes



of 55 RSSB


Procurementhazard


Assurance Generator Stage 4: Contract delivery

Product / servicenot delivered tospecification;workmanshipand / or contractmanagement notsatisfactory

Supplier's staff not competent todeliver product or services

Contract monitoring and review toidentify issues (see 3.4.4.2)

Yes Yes

Supplier does not understandspecification

Planning for contract delivery toconfirm understanding (see 3.4.4.1)

Yes Yes

Contract interpretations differbetween buyer and supplier

Yes Yes

Inappropriate use of sub-contractors / suppliers

Planning for contract delivery toconfirm use of sub-suppliers

Yes Yes

Supplier's staff changes - loss ofknowledge affects product quality


Yes Yes

Ineffective buyer monitoringprocesses


Poor quality control, for example:

• Mishandling of product;• Re-use of fasteners

Contract monitoring, auditing toidentify issues (see 3.4.4.2)

Yes



RSSB of 55


Procurementhazard


Disruption tocontract progressand delivery

Supplier's staff changes - loss ofknowledge affects timescales


Yes Yes

Supplier changes sub-supplier Yes

Supplier changes material used Yes

Changes tosupply ofproduct / service

Supplier changes design of product Ensure contract terms include processfor changes (variations); managechanges through contract review (see 3.4.4.5)

Yes

Supplier moves source of supply. Lossof implicit knowledge affects productquality

Yes Yes

Buyer changes delivery requirements Proactive contract communication Yes

Buyer's environment changes Yes Yes

Assurance Generator Stage 5: Post-contract review

Post-contractreview does nothappen or doesnot capturesupplierassurance issues

Buyer does not recognise value offeedback to the supplier assuranceprocess


Yes Yes

Buyer focussed on commercial-onlyaspects of contract

Brief / train for role of supplierassurance within procurement

Yes Yes



of 55 RSSB


Procurementhazard


Post-contractreview ineffective



Yes Yes

Buyer and / or supplier not open andhonest

Brief / train for value of long term ofbuyer / supplier cooperation (see 2.2.5)

Yes Yes

Table 2: Procurement risks



RSSB of 55


Acronyms and Abbreviations

BR British Rail

CSM Common Safety Method

ECM Entity in Charge of Maintenance.

HASAW Health and Safety at Work etc Act 1974

IM Infrastructure Manager.

IRIS International Railway Industry Standard

KPI Key Performance Indicator

MHSWR Management of Health and Safety at Work Regulations 1999

NIR National Incident Reporting

ORR Office of Rail and Road.

RICCL Railway Industry Commodity Classification List

RIR Railways (Interoperability) Regulations 2011.

RISAS Railway Industry Supplier Approval Scheme

RISQS Railway Industry Supplier Qualification Scheme

ROGS Railways and Other Guided Transport Systems (Safety) Regulations2006

ROSCO Rolling Stock Owning Company.

RU Railway Undertaking.

SAC Supplier Assurance Co-ordinator

SAFP Supplier Assurance Framework Project

SMS Safety Management System.



of 55 RSSB


Definitions

Assurance A positive declaration intended to give confidence.

Certification A formal process of issuing certificates (hard or soft copy) thatprovides the holder with documentary evidence that a successfulassessment has taken place. See also Management SystemCertification and Process Certification.

Competence The state, or quality, of being adequately qualified and skilled to beable to perform a specific act or task. Demonstrated personalattributes and demonstrated ability to apply knowledge and skills.

Competence ManagementSystem

A system that ensures that those undertaking work have, andcontinue to have, the competence required to do it. See ORRRailway Safety Publication 1 - Developing and Maintaining StaffCompetence http://www.rail-reg.gov.uk/upload/pdf/sf-dev-staff.pdf

Contract A binding agreement.

Customer The generic term for any organisation that purchases, or seeks topurchase products. The term is used to cover all of the following:end user, client, buyer, purchaser and procurer.

Governance The means by which authority is exercised. Undertaken by a bodyfor the purposes of bestowing authority, undertaking properadministration, achieving requisite performance and ensuringpropriety.

Infrastructure Manager(IM)

Any ‘body’ or undertaking that is responsible in particular forestablishing and maintaining railway infrastructure, or part thereof,as defined in article 3 of Directive 91/440/EEC, which may alsoinclude the management of infrastructure control and safetysystems. The functions of the infrastructure manager on a networkor part of a network may be allocated to different bodies orundertakings. Source: Article 3 (b) of Directive 2004/49/EC.

Interested parties Stakeholder, person or organization that can affect, be affected by,or perceive itself to be affected by a decision or activity.

Management SystemCertification

Management system certification provides assurance that thesupplier has put in place a management system that makes itcapable to comply with specified requirements. NB: This meansthat the certification provides a positive evaluation on thecapability of an organisation to comply with specifiedrequirements, not that the requirements have, or will be, met.

Process Set of interrelated or interacting activities that use inputs to deliveran intended result.

Process Certification Process certification provides assurance that the supplier hasprocesses put in place to comply with specified requirements. NB:This means that the certification also provides a positive



RSSB of 55


evaluation of the capability of the supplier to comply with specifiedrequirements, and assurance that those specified requirements aremet. In other words, the supplier is capable of complying withspecific requirements, and compliance is assured.

Product Output of an organization that can be produced without anytransaction taking place between the organization and thecustomer.

Product Approval A generic term for any process that is employed to determine aproduct’s suitability for use in a given application. Product approvalcan sometimes be a one-off approval of a new, or modified, item inorder to deem it acceptable for use or it can be a routine approvalto ensure continued conformance to specification or standard.

Product Certification The process of issuing certificates to provide confirmation andevidence of product approval.

Qualification Qualification is a process to determine whether or not a supplier, orpotential supplier, meets a pre-determined set of criteria.

Qualification Scheme Qualification schemes may be designed to meet the requirementsof the Utilities Contracts Regulations. Buying organisations whofall within these regulations may use compliant schemes to qualifytheir suppliers for the purpose of pre-tender selection, thusavoiding the need for individual calls for competition through theOfficial Journal of the European Union (OJEU); and repetitiveassessment.

Railway Undertaking (RU) Any private or public undertaking the principal business of which isto provide rail transport services for goods and/or passengers, witha requirement that the undertaking must ensure traction; this alsoincludes undertakings which provide traction only. Source: Article 3(a) of Directive 2004/49/EC.

Registration A process provided to suppliers to enable them to register theirinterest in becoming a supplier.

Safety Critical Refer to the ROGS definition in Regulation 23 http://www.rail-reg.gov. uk/upload/pdf/283.pdf (in particular paragraph 168 andthe definition of ‘safety critical’ work on page 62).

Service Output of an organization with at least one activity necessarilyperformed between the organization and the customer.

Supplier The generic term for any organisation or individual that provides,supplies, or seeks to supply, products and services. The wordContractor may be used to mean the same, particularly withregards to construction.

Supplier Assurance The arrangements, implemented by a customer organisation,necessary to establish that supplier(s) are suitably competent,adequately resourced and can consistently deliver their products tothe customer’s specification.



of 55 RSSB


Tender Sealed bid or offer document submitted in response to a requestfor tenders and containing detailed information on requirementsand terms associated with a potential contract.



RSSB of 55


References

The Standards Catalogue gives the current issue number and status of documents published byRSSB. This information is available from http://www.rssb.co.uk/railway-group-standards.co.uk.

RGSC 01 Railway Group Standards Code

RGSC 02 Standards Manual

Documents referenced in the text

Railway Group Standards

GEGN8642 Guidance on Hazard Identification and Classification

RSSB Documents

RIS-2450-RST Qualification of Suppliers of Safety Critical Engineering Productsand Services

RIS-8250-RST Reporting High Risk Defects

Other References

Cadbury Report (1992) Report of the Committee on Financial Aspects of CorporateGovernance, 01 December 1992

CDM The Construction (Design and Management) Regulations (CDM)2007 (as amended)

Commission Regulation(EU) No. 1078/2012

The Common Safety Methods (CSM) on Monitoring No.1078/2012

Commission Regulation(EU) No. 402/2013

The Common Safety Methods (CSM) on Risk Evaluation andAssessment No. 402/2013 (CSM-RA)

EU Regulation445/2011/EC on Entities inCharge of Maintenance(ECM)

A system of certification of entities in charge of maintenance forfreight wagons and amending Regulation (EC) No. 653/2007

HASAW Health and Safety at Work Act 1974

ISO 17000:2004 Conformity assessment - Vocabulary and general principles

ISO 9000:2015 Quality management systems - Fundamentals and vocabulary

ISO 9001:2015 Quality management systems - Requirements

ISO EN 81346 Industrial systems, installations and equipment and industrialproducts - Structuring principles and reference designations

McNulty report (2011) Realising the Potential of GB Rail: Report of the Rail Value forMoney Study - May 2011

MHSWR Management of Health and Safety at Work Regulations 1999



of 55 RSSB


http://www.rssb.co.uk/railway-group-standards.co.uk

RICCL Railway Industry Commodity Classification List

RIR 2011 The Railways (Interoperability) Regulations 2011 (as amended)

ROGS 2006 (as amended) The Railways and Other Guided Transport Systems (Safety)Regulations 2006 (as amended)

UCR The Utilities Contract Regulations 2006 (as amended)



RSSB of 55
