Control assurance is a critical component of the risk management element of an operator’s SMS providing evidence that all reasonably practicable safety control measures are in place to manage operational safety risks.

Under RSNL operators are required to specify the control measures they use to manage the safety risks associated with their rail operations and to have control assurance procedures in place for monitoring, reviewing and revising the adequacy of those controls.

When done well it provides risk owners, duty holders and (when required) ONRSR, with assurance that all reasonably practicable safety control measures are in place and working effectively to manage operational safety risks.

Regulatory activities conducted by ONRSR have identified inconsistent or inadequate control assurance practices by operators across all sectors of the rail industry. Weaknesses identified include a lack of robust, rail safety-focussed internal audit programs within operator organisations and a lack of risk-based monitoring of safety controls implemented by rail safety workers (e.g. worksite protection planning and right of way procedures).

RTOs can address a number of the issues ONRSR has identified by establishing a control assurance strategy. This is a plan developed to clearly outline what assurance activities will be undertaken to assess if the risk controls are working as they should. Essentially a control assurance strategy defines how evidence of risk control effectiveness will be collected, who will do this, when it will be done, and how it will be reported. There are many examples of control assurance strategies (such as the three lines of defence model) and RTOs should consider a strategy that is appropriate for their railway operations and governance structure.

The complexity of the assurance strategy should reflect the complexity of the railway operations. It would generally not be feasible or practical to “obtain assurance” at all times for all controls, so the strategy should give priority to activities that represent the greatest risk.

The assurance strategy should be supported and implemented throughout all levels of the organisation to allow senior management to monitor and review the key risks and key controls within the organisation and take appropriate and decisive corrective action when necessary.

The information from control assurance activities can be recorded in various ways, such as inspection or audit reports, corrective action registers, SMS review records, maintenance inspection records and investigation reports.

A summary of the results of assurance activities should be reported to senior management and can be reported annually as part of the RTO’s safety performance report to ONRSR.

An initial focus in addressing this issue has been on bringing together a national workgroup of subject matter experts from each of the ONRSR offices around the country. The group has since been working on measuring rail transport operators’ effectiveness in relation to control assurance by examining their overall capability, the systems they have in place and their processes for implementing them. The data collection effort will inform some initial benchmarking and development of targeted education packages for industry. Ultimately this intelligence will establish a means by which ONRSR can measure an operator’s ongoing performance in relation to control assurance. In time ONRSR aims to be in a position to set a standard for what is expected of operators’ safety management systems about control assurance.

ONRSR has developed a program of regulatory activities to examine RTO’s understanding and implementation of control assurance processes. The program is aimed at gaining an insight into any gaps in RTO’s knowledge, systems or implementation of control assurance and may inform additional regulatory responses from ONRSR, such as education. Additionally, ONRSR may ask an RTO to provide evidence that rail safety risk controls are effective:

  1. Following a rail safety occurrence
  2. During or after an ONRSR activity
  3. After a change has been implemented
Last updated: Sep 14, 2021, 2:57:26 PM