Tuesday, August 26, 2025

Safety Message – Risk registers

Specific requirements of a risk register (RSNLNR Schedule 1 Clause 16) include:

• a listing of the risks to safety
• details of the assessment of those risks
• a description of any elimination or risk control measures
• systems and procedures to ensure, so far as is reasonably practicable, the details in the register are current.

Other requirements under the RSNL that relate to risk registers include:

• section 99(d): having a safety management system which provides for the comprehensive and systematic assessment of any identified risks; and
• section 100: sets out requirements concerning conducting an assessment for identified risks including:
  • examining and analysing each identified risk
  • using appropriate methodologies to assess risks
  • keeping a detailed record of all aspects of the assessment process including reasons for accepting certain controls measures and rejecting others.

Through regulatory activities and interactions, ONRSR has observed both good and poor practice regarding risk management and risk registers. In this safety message, we highlight a non-exhaustive list of poor practices regarding using, updating and managing risk registers and how to avoid them, along with helpful guidance material. While the following poor practices are interrelated, for simplicity, they are discussed under the following topics:

• Relying on only the risk register
• Missing information, reasons and justification
• Risk registers not updated.

Relying on only the risk register

ONRSR does not mandate what type of system or form (e.g. spreadsheets, enterprise risk management systems, bespoke software, hard copy format) your risk register takes. The only requirement is that your risk register meets all relevant requirements of the RSNL and RSNL National Regulations. However, from regulatory activities and interactions, ONRSR has observed that some operators use a standard spreadsheet, such as Excel, as their risk register. While spreadsheets can be made suitable as your risk register, if used incorrectly, they can also be problematic. This is because risk management obligations under the RSNL require detailed assessments and reasons, and such information is difficult, if not impossible, to fit within a single cell, or even multiple cells, of a spreadsheet.

To ensure your risk register continues to meet the requirements of the RSNL, good practice includes:

• Using your risk register as a central point to capture and record higher level information.
• Referencing or adding links within your risk register to information located elsewhere in your SMS – for example, references/links to other spreadsheets, documents, apps, software, drawings, diagrams, reports, risk assessments, folders, files, consultant reports, and design reports. These referenced documents / assessments can then help demonstrate compliance with additional requirements under the RSNL, for example:
  • detailed risk assessments calculating the nature, likelihood, magnitude and severity of the risks
  • reasons for accepting and rejecting controls
  • assessment methodologies which may be contained in other apps, software or spreadsheets
  • controls used or adopted, including how they work and who is responsible.

Missing information, reasons and justificiations

Operators’ risk registers often don’t contain critical information, or have unclear reasons and justification within their risk register– for example:

• blank cells with no information
• missing information such as a ‘consequence’ score but no explanation of how that score was calculated
• vague or unclear reasoning such as a ‘likelihood’ score of ‘4’ becomes ‘2’ with implementation of control ‘XYZ’ but no explanation how the control will reduce the risk
• missing justification such as a control is ‘rejected’ but no explanation as to why it was rejected, and no reference to where further details or information can be found

As mentioned above, risk registers must contain all relevant information as per the requirements of the RSNL [viz. RSNLNR Schedule 1 Clause 16, section 99(d), section 100]. How each operator chooses to meet these requirements is a decision for each operator based on the scope, nature and risks of their railway operations. However, from ONRSR’s regulatory activities and interactions, we offer the following non-exhaustive list of good practices:

• Risk registers that are integrated and logical – for example, they provide a coherent ‘story’ making it clear to the reader how risks have been identified, assessed and controlled.

• Take into consideration related risk factors, causes and contributory factors. For example, consideration of the impacts of individual factors such as miscommunication and fatigue-related risks to safety (see Regulation 29 of the RSNL National Regulations).

• Uniform or consistent methods are used to categorise or classify identified risks to safety e.g. consistent ways of categorising or classifying hazards, incidents, causes and contributory factors as well as controls.

• Fields or cells are complete and have an adequate explanation – avoid using ‘for consideration’ or ‘n/a’ unless you also list additional information and justification.

• Controls match the risks – for example, it is clear how controls listed will be effective in mitigating the risks.

• Reasons for accepting or rejecting controls are adequate (do not write ‘not possible’ without further explanation or justification).

• Available and suitable controls are considered (list all suitable and available controls in your risk register to demonstrate your compliance with section 46 of the RSNL). This includes controls such as engineering or isolation controls that are higher on the hierarchy of controls.
• Reference additional information to help justify the reasons, statements or justifications provided in your risk register.

Risk registers not updated

Despite being a central repository for risk information, risk registers are often not reviewed or updated.

To ensure risk registers remain current, good practice includes:

• Updating your risk register when making changes to your railway operations.
• Ensuring your management of change process includes updating your risk register – see ONRSR’s safety message – management of change.
• Using the risk management process and your risk register to help drive changes to your railway operations, such as adding or implementing new controls.

Key documents and actions

You are encouraged to review your SMS, particularly your risk register, to ensure the good practices listed in this safety message are considered. Implementing these good practices can have additional benefits such as:

• more effective use of your risk register (rather than it ‘sitting on a shelf’)
• more efficient and effective implementation of controls (your risk register and risk assessment process help drive the implementation and review of controls)
• better use of resources, including targeting them to highest risk and priority areas.

Guidance material that can assist includes:

• ONRSR Guideline Meaning of duty to ensure safety so far as is reasonably practicable

• ONRSR Safety Management System Guideline

• Safety Message: Risk assessments undertaken as administrative tasks

• Safety Message – Management of Change

• RISSB Hazard Register