RIS-2708-RST. Rail Industry Standard Freight Technical Committee Audit Protocol. Rail Industry Standard. Issue One: March 2015
Size: px
Start display at page:

Download "RIS-2708-RST. Rail Industry Standard Freight Technical Committee Audit Protocol. Rail Industry Standard. Issue One: March 2015"

Transcription

1 RIS Published by: Block 2 Angel Square 1 Torrens Street London EC1V 1NY Copyright [2015] Rail Safety and Standards Board Limited RIS-2708-RST Issue One: March 2015

2 Issue record Issue Date Comments One March 2015 Original document produced at request of Freight Technical Committee based on their Business Standard BS005 and Commission Regulation (EU) number 445/2011. Superseded or replaced documents Supply This does not supersede or replace any other Railway Group documents. The authoritative version of this document is available at Uncontrolled copies of this document can be obtained from Communications,, Block 2, Angel Square, 1 Torrens Street, London EC1V 1NY, telephone or enquirydesk@rssb.co.uk. Other Standards and associated documents can also be viewed at Page 2 of 57

3 Contents Section Description Page Part 1 Introduction Purpose of this document Application of this document Health and safety responsibilities The structure of this document Copyright Approval and authorisation of this document 4 Part 2 Requirements for auditing Audit protocols Auditing Completion of audit 6 Appendices Appendix A Audit Protocol Sheets 8 Appendix B Audit Summary Sheet 53 Appendix C Non-Conformance Report form 54 Appendix D Observation record sheet 55 Definitions 56 References 57 Page 3 of 57

4 Part 1 Introduction 1.1 Purpose of this document This document is a standard for an audit protocol provided by the Freight Technical Committee (FTC), for the rail industry to use if they so choose to do so This document is of specific application to wagon Entities in Charge of Maintenance (ECMs) embraced by Commission Regulation number 445/2011 and provides Appendices as an audit protocol. This document can be used by ECMs for internal audit, for audit of their suppliers, or for others to audit ECMs. 1.2 Application of this document A member of may choose to adopt all or part of this document through internal procedures or contract conditions. Where this is the case the member of will specify the nature and extent of the application Therefore specific compliance requirements and dates have not been specified since these will be the subject of internal procedures or contract conditions. 1.3 Health and safety responsibilities Users of documents published by are reminded of the need to consider their own responsibilities to ensure health and safety at work and their own duties under health and safety legislation. does not warrant that compliance with all or any documents published by is sufficient in itself to ensure safe systems of work or operation or to satisfy such responsibilities or duties. 1.4 The structure of this document This document is set out as a series of requirements, in some cases followed by relevant guidance. The guidance is indicated by prefixing the paragraph number with the letter G. 1.5 Copyright Copyright in the Railway Group documents is owned by Rail Safety and Standards Board Limited. All rights are hereby reserved. No Railway Group document (in whole or in part) may be reproduced, stored in a retrieval system, or transmitted, in any form or means, without the prior written permission of Rail Safety and Standards Board Limited, or as expressly permitted by law members are granted copyright licence in accordance with the Constitution Agreement relating to Rail Safety and Standards Board Limited In circumstances where Rail Safety and Standards Board Limited has granted a particular person or organisation permission to copy extracts from Railway Group documents, Rail Safety and Standards Board Limited accepts no responsibility for, nor any liability in connection with, the use of such extracts, or any claims arising there from. This disclaimer applies to all forms of media in which extracts from Railway Group documents may be reproduced. 1.6 Approval and authorisation of this document The content of this document was endorsed by the Freight Technical Committee on 27 November The content of this document was approved by Rolling Stock Standards Committee on 16 January This document was authorised by on 30 January Page 4 of 57

5 Part 2 Requirements for auditing 2.1 Audit protocols The 14 audit protocols prepared by the FTC are set out in Appendix A. They are: a) A.1 Management function. b) A.2 Maintenance development function. c) A.3 Fleet maintenance management function. d) A.4 Maintenance delivery function. e) A.5 Competence. f) A.6 Standards, procedures and document control. g) A.7 Contracts and interfaces. h) A.8 Engineering change. i) A.9 Risk assessment. j) A.10 Audit and compliance. k) A.11 Materials procurement and management. l) A.12 Site assessment. m) A.13 Vehicle condition audit. n) A.14 Holistic audit questions Each individual audit protocol shall be used as stipulated by the audit commissioner or as agreed between auditor and auditee, selecting the relevant protocols as appropriate. Clauses 2.1.3, and set out the purpose and scenarios under which the different protocols are to be used The first four audit protocols are for the four ECM functions as defined in EU Regulation 445/2011 on a system of certification of ECMs for freight wagons. G G The EU Regulation 445/2011 of 10 May 2011 on a system of certification of Entities in Charge of Maintenance (ECM) for freight wagons describes how companies can undertake the ECM management function and / or the maintenance development function and / or the fleet management function and / or the maintenance delivery function, or any combination of these. It is possible, therefore, for only one of the first four protocols to be applicable to a specific company. In practice in GB the usual situations are for an ECM to cover all four functions, or for an ECM to cover the first three with maintenance delivery being contracted to a second company The audit protocols A.5 to A.11 are topic-specific assessments of company processes and procedures. These protocols are able to be used alone or in conjunction with any of the four ECM function protocols in A.1 to A Protocols A.12 and A.13 are for physical site assessment of the facilities and product audit of wagons. Appendix A.14 gives example questions to investigate relationships and communications across boundaries to establish that the ECM arrangements are holistically robust. Page 5 of 57

6 2.2 Auditing The auditor shall be suitably qualified, independent and experienced to make a valid judgement as to whether the auditee demonstrates knowledge, practices, processes, facilities, records, equipment and procedures to adequately comply with each of the questions asked The audit commissioner shall consider the size, scope and nature of the operation concerned and the level of safety risk involved to decide on the breadth and depth of the audit sample required. These criteria shall be specified to the auditor During the audit the auditor shall decide, for each audit question considered, whether the auditee has demonstrated adequate compliance taking account of the criteria specified by the audit commissioner. G The auditor should continue to probe and ask questions, and seek evidence, until in their professional opinion they are able to decide compliance or otherwise If adequate compliance has not been demonstrated the auditor shall either: a) Stop the audit and inform the auditee, if the auditor decides that the non-compliance leads to an immediate unacceptable safety risk. Or b) Issue a Non-Conformance Report (NCR). The auditor shall decide whether the NCR is of a major or minor nature, and agree timescales for rectification. G G It is anticipated that if the auditor has to stop the audit, as shown in a), consideration will be given to alerting the industry to the problem found by using the NIR-online system described in GE/RT8250. The definitions of major and minor NCR are given in the Definitions section The auditor shall complete the NCR form shown in Appendix C for each non-compliance found The auditor shall issue an observation if they decide that the risk is acceptable but that improvements could or should still be made The auditor shall complete the observation form shown in Appendix D for each observation made. 2.3 Completion of audit At the end of the audit the auditor and auditee shall have a close out meeting. If any NCRs are issued then a timescale to close each NCR shall be recorded. G It is preferable for the timescale to be agreed at the meeting The audit findings, including any observations of the auditor shall be made at the close out meeting The results of the audit shall be recorded and the auditor shall complete an audit summary sheet, as shown in Appendix B. Page 6 of 57

7 2.3.4 The audit summary sheet shall be updated by the auditor when any major NCRs are closed out, and again when all the minor NCRs (if any) are closed out. G The summary sheet should be made available on request to all railway industry companies represented at FTC with a legitimate interest in the outcomes of the audit. Page 7 of 57

8 Appendix A Audit Protocol Sheets A.1 Management function Commission Regulation 445/2011 Annex III Requirement Possibly Evidenced By / Notes Evidence Considered Compliant? 1. Leadership commitment to the development and implementation of the maintenance system of the organisation and to the continuous improvement of its effectiveness. 1.1 The organisation must have procedures for: (a) (b) (c) (d) (e) (f) (g) establishing a maintenance policy appropriate to the organisation s type and extent of service and approved by the organisation s chief executive or his or her representative; ensuring that safety targets are established, in line with the legal framework and consistent with an organisation s type, extent and relevant risks; assessing its overall safety performance in relation to its corporate safety targets; developing plans and procedures for reaching its safety targets; ensuring the availability of the resources needed to perform all processes to comply with the requirements of this Annex; identifying and managing the impact of other management activities on the maintenance system; ensuring that senior management is aware of the results of performance monitoring and audits and takes overall responsibility for the implementation of changes to the maintenance system; Maintenance Policy Document. Organisation Chart, job descriptions etc. Organisation Chart, job descriptions etc. Page 8 of 57

9 (h) ensuring that staff and staff representatives are adequately represented and consulted in defining, developing, monitoring and reviewing the safety aspects of all related processes that may involve staff. 2. Risk assessment a structured approach to assess risk associated with the maintenance of freight wagons, including those directly arising from operational processes and the activities of other organisations or persons, and to identify the appropriate risk control measures. 2.1 The organisation must have procedures for: (a) (b) analysing risk relevant to the extent of operations carried out by the organisation, including the risk arising from defects and construction non-conformities or malfunctions throughout the lifecycle; evaluating the risk referred to in point (a); Procedures / sample risk assessments. (c) developing and putting in place risk control measures. 2.2 The organisation must have procedures and arrangements in place to recognise the need and commitment to collaborate with keepers, railway undertakings, infrastructure managers, or other interested parties. 2.3 The organisation must have risk assessment procedures to manage changes in equipment, procedures, organisation, staffing or interfaces, and to apply Commission Regulation (EC) No. 352/2009 which established a 'common safety method on risk evaluation and assessment' (CSM RA). Commission Implementing Regulation (EU) No 402/2013 establishes a revised common safety method for risk evaluation and assessment. The revised CSM RA has been in force since 23 May 2013 (meaning it can be used from that date), and will apply from 21 May 2015 (meaning that it must be used from that date), at which time Commission Regulation (EC) No. 352/2009 is repealed. 2.4 When assessing risk, an organisation must have procedures to take into account the need to determine, provide and sustain an appropriate working environment which conforms to Union and national legislation, in particular EU Workplace Health and Safety Directive 89/391/EEC. Meetings / day-to-day communications. Engineering and other change procedures. The Health and Safety at Work Act applies in the UK. Page 9 of 57

10 3. Monitoring a structured approach to ensure that risk control measures are in place, working correctly and achieving the organisation s objectives. 3.1 The organisation must have a procedure to regularly collect, monitor and analyse relevant safety data, to apply Commission Regulation (EU) No 1078/2012 which establishes a common safety method for monitoring. This includes: (a) (b) (c) (d) the performance of relevant processes; the results of processes (including all contracted services and products); the effectiveness of risk control arrangements; information on experience, malfunctions, defects and repairs arising from day-to-day operation and maintenance. 3.2 The organisation must have procedures to ensure that accidents, incidents, near-misses and other dangerous occurrences are reported, logged, investigated and analysed. 3.3 For a periodic review of all processes, the organisation must have an internal auditing system which is independent, impartial and acts in a transparent way. This system must have procedures in place to: (a) (b) (c) (d) develop an internal audit plan, which can be revised depending on the results of previous audits and monitoring of performance; analyse and evaluate the results of the audits; propose and implement specific corrective measures / actions; verify the effectiveness of previous measures / actions. Safety defect reporting and monitoring procedures and processes. Monitoring, investigation and NIR processes. Audit procedure and plans. Sample audits and follow-up. Page 10 of 57

11 4. Continuous improvement a structured approach to analyse the information gathered through regular monitoring, auditing, or other relevant sources and to use the results to learn and to adopt preventive or corrective measures in order to maintain or improve the level of safety. 4.1 The organisation must have procedures to ensure that: (a) (b) (c) (d) (e) (f) (g) identified shortcomings are rectified; new developments that improve safety are implemented; internal audit findings are used to bring about improvement in the system; preventive or corrective actions are implemented, when needed, to ensure compliance of the railway system with standards and other requirements throughout the lifecycle of equipment and operations; relevant information relating to the investigation and causes of accidents, incidents, near-misses and other dangerous occurrences is used to learn and, where necessary, to adopt measures in order to improve the level of safety; relevant recommendations from the national safety authority, from the national investigation body and from industry or internal investigations are evaluated and implemented if appropriate; relevant reports / information from railway undertakings / infrastructure managers and keepers or other relevant sources are considered and taken into account. Process for Monitoring of Railway Group Standards, legislative changes etc. NIR review. Review of RAIB reports etc. Internal investigations. Page 11 of 57

12 5. Structure and responsibility a structured approach to define the responsibilities of individuals and teams for secure delivery of the organisation s safety objectives. 5.1 The organisation must have procedures to allocate responsibilities for all relevant processes throughout the organisation. 5.2 The organisation must have procedures to clearly define safety-related areas of responsibility and the distribution of responsibilities to specific functions associated with them as well as their interfaces. These include the procedures indicated above between the organisation and the keepers and, where appropriate, railway undertakings and infrastructure managers. 5.3 The organisation must have procedures to ensure that staff with delegated responsibilities within the organisation have the authority, competence and appropriate resources to perform their functions. Responsibility and competence should be coherent and compatible with the given role, and delegation must be in writing. 5.4 The organisation must have procedures to ensure the coordination of activities related to relevant processes across the organisation. 5.5 The organisation must have procedures to hold those with a role in the management of safety accountable for their performance. Procedures, job descriptions, competence management process. Procedures. Performance monitoring process. 6. Competence management a structured approach to ensure that employees have the competences required in order to achieve the organisation s objectives safely, effectively and efficiently in all circumstances. 6.1 The organisation must set up a competence management system providing for: (a) (b) the identification of posts with responsibility for performing within the system all the processes necessary for compliance with the requirements of this Annex; the identification of posts involving safety tasks; Competence management procedure and processes. (c) the allocation of staff with the appropriate competence to relevant tasks. 6.2 Within the organisation s competence management system, there must be procedures to manage the competence of staff, including at least: Page 12 of 57

13 (a) (b) (c) (d) (e) (f) (g) identification of the knowledge, skills and experience required for safetyrelated tasks as appropriate for the responsibilities; selection principles, including basic educational level, mental aptitude and physical fitness; initial training and qualification or certification of acquired competence and skills; assurance that all staff are aware of the relevance and importance of their activities and how they contribute to the achievement of safety objectives; ongoing training and periodical updating of existing knowledge and skills; periodic checks of competence, mental aptitude and physical fitness where appropriate; special measures in the case of accidents / incidents or long absences from work, as required. Competence management procedure and its application. Drugs and alcohol and fatigue policies. Human Resources processes. 7. Information a structured approach to ensure that important information is available to those making judgments and decisions at all levels of the organisation. 7.1 The organisation must have procedures to define reporting channels to ensure that, within the entity itself and in its dealings with other actors, including infrastructure managers, railways undertakings and keepers, information on all relevant processes is duly exchanged and submitted to the person having the right role both within its own organisation and in other organisations, in a prompt and clear way. Do procedures and processes include requirements for information flow across boundaries with other organisations? 7.2 To ensure an adequate exchange of information, the organisation must have procedures: (a) for the receipt and processing of specific information; Document control (b) for the identification, generation and dissemination of specific procedure etc. information; (c) for making available reliable and up-to-date information. Page 13 of 57

14 7.3 The organisation must have procedures to ensure that key operational information is: (a) (b) (c) (d) (e) (f) (g) (h) relevant and valid; accurate; complete; appropriately updated; controlled; consistent and easy to understand (including the language used); made known to staff before it is applied; easily accessible to staff, with copies provided to them where required. 7.4 The requirements set out in points 7.1, 7.2 and 7.3 apply in particular to the following operational information: (a) (b) checks of the accuracy and completeness of national vehicle registers regarding the identification (including means) and registration of the freight wagons maintained by the organisation; maintenance documentation; (c) (d) (e) (f) (g) information on support provided to keepers and, where appropriate, to other parties, including railway undertakings / infrastructure managers; information on the qualification of staff and subsequent supervision during maintenance development; information on operations (including mileage, type and extent of activities, incidents / accidents) and requests of railway undertakings, keepers and infrastructure managers; records of maintenance performed, including information on deficiencies detected during inspections and corrective actions taken by railway undertakings or by infrastructure managers such as inspections and monitoring undertaken before the departure of the train or en route; release to service and return to operation; Page 14 of 57

15 (h) maintenance orders; (i) technical information to be provided to railway undertakings / infrastructure managers and keepers for maintenance instructions; (j) (k) emergency information concerning situations where the safe state of running is impaired, which may consist of: (i) the imposition of restrictions of use or specific operating conditions for the freight wagons maintained by the organisation or other vehicles of the same series even if maintained by other entities in charge of maintenance, whereby this information should also be shared with all involved parties; (ii) urgent information on safety-related issues identified during maintenance, such as deficiencies detected in a component common to several types or series of vehicles; all relevant information / data needed to submit the annual maintenance report to the certification body and to the relevant customers (including keepers), whereby this report must also be made available upon request to national safety authorities. 8. Documentation a structured approach to ensure the traceability of all relevant information. 8.1 The organisation must have adequate procedures in place to ensure that all relevant processes are duly documented. 8.2 The organisation must have adequate procedures in place to: (a) (b) (c) regularly monitor and update all relevant documentation; format, generate, distribute and control changes to all relevant documentation; receive, collect and archive all relevant documentation. Document control procedure. 9. Contracting activities a structured approach to ensure that subcontracted activities are managed appropriately in order for the organisation s objectives to be achieved. Page 15 of 57

16 9.1 The organisation must have procedures in place to ensure that safety related products and services are identified. 9.2 When making use of contractors and / or suppliers for safety related products and services, the organisation must have procedures in place to verify at the time of selection that: (a) (b) contractors, subcontractors and suppliers are competent; contractors, subcontractors and suppliers have a maintenance and management system that is adequate and documented. 9.3 The organisation must have a procedure to define the requirements that such contractors and suppliers have to meet. 9.4 The organisation must have procedures to monitor the awareness of suppliers and/or contractors of risk they entail to the organisation s operations. 9.5 When the maintenance / management system of a contractor or supplier is certified, the monitoring process described in point 3 may be limited to the results of the contracted operational processes referred to in point 3.1(b). 9.6 At least the basic principles for the following processes must be clearly defined, known and allocated in the contract between the contracting parties: Supplier approval and contract letting procedure / processes. (a) responsibilities and tasks relating to railway safety issues; Are these items (b) (c) obligations relating to the transfer of relevant information between both parties; the traceability of safety-related documents. covered in sample contract specifications? Page 16 of 57

17 A.2 Maintenance development function Commission Regulation 445/2011 Annex III Requirement 1. The organisation must have a procedure to identify and manage all maintenance activities affecting safety and safety-critical components. Possibly Evidenced By / Notes Evidence Considered Compliant? 2. The organisation must have procedures to guarantee conformity with the essential requirements for interoperability, including updates throughout the lifecycle, by: (a) ensuring compliance with the specifications related to the basic parameters for interoperability as set out in the relevant technical specifications for interoperability (TSIs); (b) verifying in all circumstances the consistency of the maintenance file with the authorisation of placing-in-service (including any national safety authority requirements), the declarations of conformity to TSIs, the declarations of verification, and the technical file; (c) managing any substitution in the course of maintenance in compliance with the requirements of the Directive 2008/57/EC and the relevant TSIs; (d) identifying the need for risk assessment regarding the potential impact of the substitution in question on the safety of the railway system; (e) managing the configuration of all technical changes affecting the system integrity of the vehicle. 3. The organisation must have a procedure to design and to support the implementation of maintenance facilities, equipment and tools specifically developed and required for maintenance delivery. The organisation must have a procedure to check that these facilities, equipment and tools are used, stored and maintained according to their maintenance schedule and in conformity with their maintenance requirements. 4. When freight wagons start operations, the organisation must have procedures to: Page 17 of 57

18 Commission Regulation 445/2011 Annex III Requirement (a) obtain the initial documentation and to collect sufficient information on planned operations; Possibly Evidenced By / Notes Evidence Considered Compliant? (b) analyse the initial documentation and to provide the first maintenance file, also taking into account the obligations contained in any associated guarantees; (c) ensure that the implementation of the first maintenance file is done correctly. 5. To keep the maintenance file updated throughout the lifecycle of a freight wagon, the organisation must have procedures to: (a) collect at least the relevant information in relation to: (i) the type and extent of operations effectively performed, including, but not limited to, operational incidents with a potential to affect the safety integrity of the freight wagon; (ii) the type and extent of operations planned; (iii) the maintenance effectively performed; (b) define the need for updates, taking into account the limit values for interoperability; (c) make proposals for and approve changes and their implementation, with a view to a decision based on clear criteria, taking into account the findings from risk assessment; Engineering change procedure. (d) ensure that the implementation of changes is done correctly. 6. When the competence management process is applied to the maintenance development function, at least the following activities affecting safety must be taken into account: (a) assessment of the significance of changes for the maintenance file and proposed substitutions in the course of maintenance; Page 18 of 57

19 Commission Regulation 445/2011 Annex III Requirement (b) engineering disciplines required for managing the establishment and the changes of maintenance file and the development, assessment, validation and approval of substitutions in the course of maintenance; Possibly Evidenced By / Notes Competence management system. Evidence Considered Compliant? (c) joining techniques (including welding and bonding), brake systems, wheel sets and draw gear, non-destructive testing techniques and maintenance activities on specific components of freight wagons for the transport of dangerous goods such as tanks and valves. 7. When the documentation process is applied to the maintenance development function, the traceability of at least the following elements needs to be guaranteed: (a) the documentation relating to the development, assessment, validation and approval of a substitution in the course of maintenance; (b) the configuration of vehicles, including, but not limited to, components related to safety; (c) records of the maintenance performed; (d) (e) (f) (g) results of studies concerning return on experience; all the successive versions of the maintenance file, including risk assessment; reports on the competence and supervision of maintenance delivery and fleet maintenance management; technical information to be provided to support keepers, railway undertakings and infrastructure managers. Page 19 of 57

20 A.3 Fleet maintenance management function Commission Regulation 445/2011 Annex III Requirement 1. The organisation must have a procedure to check the competence, availability and capability of the entity responsible for maintenance delivery before placing maintenance orders. This requires that the maintenance workshops are duly qualified to decide upon the requirements for technical competences in the maintenance delivery function. Possibly Evidenced By / Notes Supplier Approval Procedure (or equivalent review process if maintenance is in house ). Evidence Considered Compliant? 2. The organisation must have a procedure for the composition of the work package and for the issue and release of the maintenance order. 3. The organisation must have a procedure to send freight wagons for maintenance in due time. 4. The organisation must have a procedure to manage the removal of freight wagons from operation for maintenance or when defects have been identified. 5. The organisation must have a procedure to define the necessary control measures applied to the maintenance delivered and the release to service of the freight wagons. 6. The organisation must have a procedure to issue a notice to return to operation, taking into account the release to service documentation. 7. When the competence management (CM) process is applied to the fleet maintenance management function, at least the return to operation must be taken into account. Supplier approval Procedure or Competence management procedure if maintenance is in house. 8. When the information process is applied to the fleet maintenance management function, at least the following elements need to be provided to the maintenance delivery function: Page 20 of 57

21 Commission Regulation 445/2011 Annex III Requirement (a) (b) (c) (d) (e) applicable rules and technical specifications; the maintenance plan for each freight wagon; a list of spare parts, including a sufficiently detailed technical description of each part to allow like-for-like replacement with the same guarantees; a list of materials, including a sufficiently detailed description of their use and the necessary health and safety information; a dossier that defines the specifications for activities affecting safety and contains intervention and in-use restrictions for components; Possibly Evidenced By / Notes Are these items all included in the contract / documentation formally provided to the organisation carrying out the maintenance delivery function? Evidence Considered Compliant? (f) a list of components or systems subject to legal requirements and a list of these requirements (including brake reservoirs and tanks for the transport of dangerous goods); (g) all additional relevant information related to safety according to the risk assessment performed by the organisation. 9. When the information process is applied to the fleet maintenance management function, at least the return to operation, including restrictions on use relevant to users (railway undertakings and infrastructure managers), needs to be communicated to interested parties. 10. When the documentation process is applied to the fleet maintenance management function, at least the following elements need to be recorded: (a) maintenance orders; (b) return to operation, including restrictions on use relevant to railway undertakings and infrastructure managers. Page 21 of 57

22 A.4 Maintenance delivery function Commission Regulation 445/2011 Annex III Requirement 1. The organisation must have procedures to: Possibly Evidenced By / Notes Evidence Considered Compliant? (a) check the completeness and appropriateness of the information delivered by the fleet maintenance management function in relation to the activities ordered; Is internal review undertaken at commencement of contract or work package? (b) control the use of the required, relevant maintenance documents and other standards applicable to the delivery of maintenance services in accordance with maintenance orders; Document control process. (c) (d) ensure that all relevant maintenance specifications in the maintenance orders are available to all involved staff (eg they are contained in internal working instructions); ensure that all relevant maintenance specifications, as defined in applicable regulations and specified standards contained in the maintenance orders, are available to all involved staff (eg they are contained in internal working instructions). Process control documentation / job cards, information, instructions etc. issued to staff undertaking the work. 2. The organisation must have procedures to ensure that: (a) (b) components (including spare parts) and materials are used as specified in the maintenance orders and supplier documentation; components and materials are stored, handled and transported in a manner that prevents wear and damage and as specified in the maintenance orders and supplier documentation; Materials ordering, supply, management and storage procedures and processes. (c) all components and materials, including those provided by the customer, comply with relevant national and international rules as well as with the requirements of relevant maintenance orders. Possibly an unreasonable requirement, particularly for Page 22 of 57

23 Commission Regulation 445/2011 Annex III Requirement Possibly Evidenced By / Notes customer supplied or specified items. Evidence Considered Compliant? 3. The organisation must have procedures to determine, identify, provide, record and keep available suitable and adequate facilities, equipment and tools to enable it to deliver the maintenance services in accordance with maintenance orders and other applicable specifications, ensuring: (a) the safe delivery of maintenance, including the health and safety of maintenance staff; (b) ergonomics and health protection, also including the interfaces between users and information technology systems or diagnostic equipment. 4. Where necessary to ensure valid results, the organisation must have procedures to ensure that its measuring equipment is: (a) calibrated or verified at specified intervals, or prior to use, against international, national or industrial measurement standards where no such standards exist, the basis used for calibration or verification must be recorded; (b) adjusted or re-adjusted as necessary; (c) identified to enable the calibration status to be determined; (d) (e) safeguarded from adjustments that would invalidate the measurement result; protected from damage and deterioration during handling, maintenance and storage. 5. The organisation must have procedures to ensure that all facilities, equipment and tools are correctly used, calibrated, preserved and maintained in accordance with documented procedures. Page 23 of 57

24 Commission Regulation 445/2011 Annex III Requirement 6. The organisation must have procedures to check that the performed maintenance tasks are in accordance with the maintenance orders and to issue the notice to release to service that includes eventual restrictions of use. Possibly Evidenced By / Notes Evidence Considered Compliant? 7. When the risk assessment process (in particular point 2.4 of section I) is applied to the maintenance delivery function, the working environment includes not only the workshops where maintenance is done but also the tracks outside the workshop buildings and all places where maintenance activities are performed. Health and Safety at Work Act applies in the UK. 8. When the competence management process is applied to the maintenance delivery function, at least the following activities affecting safety must be taken into account: (a) (b) (c) joining techniques (including welding and bonding); non-destructive testing; final vehicle testing and release to service; Competence management procedure and processes. (d) (e) maintenance activities on brake systems, wheel sets and draw gear and maintenance activities on specific components of freight wagons for the transport of dangerous goods, for example tanks and valves; other identified specialist areas affecting safety. 9. When the information process is applied to the maintenance delivery function, at least the following elements must be provided to the fleet maintenance management and maintenance development functions: (a) works performed in accordance with the maintenance orders; sign off and audit (b) any possible fault or defect regarding safety which is identified by the processes. organisation; (c) the release to service. Page 24 of 57

25 Commission Regulation 445/2011 Annex III Requirement 10. When the documentation process is applied to the maintenance delivery function, at least the following elements must be recorded: Possibly Evidenced By / Notes Evidence Considered Compliant? (a) clear identification of all facilities, equipment and tools related to activities affecting safety; (b) all maintenance works performed, including personnel, tools, equipment, spare parts and materials used and taking into account: (i) relevant national rules where the organisation is established; Eg Railway Group Standards. (ii) requirements laid down in the maintenance orders, including requirements regarding records; (ii) final testing and decision regarding release to service; (c) the control measures required by maintenance orders and the release to service; (d) the results of calibration and verification, whereby, for computer software used in the monitoring and measurement of specified requirements, the ability of the software to perform the desired task must be confirmed prior to initial use and reconfirmed as necessary; (e) the validity of the previous measuring results when a measuring instrument is found not to conform to requirements. Page 25 of 57

26 A.5 Competence Where competence requirements are shown in A.1 to A.4, then the following protocol is available for use (note that questions A.5.3 and A.5.4 are specific to only one function). Competence management a structured approach to ensure that employees have the competences required in order to achieve the organisation s objectives safely, effectively and efficiently in all circumstances. Ref No. Question Comments Compliant? 5.1 Does the organisation have a competence management system and how does this: a) Identify posts that have responsibilities for undertaking the requirements of Annex III? b) Identify posts involving safety related tasks? c) Ensure that work is only undertaken by staff having the appropriate competencies for the relevant tasks? d) Relate to personal safety and that of others? 5.2 How does the competence management system: a) Identify the knowledge, skills and experience required for the various safety related tasks? b) Have selection principles, including basic educational level, mental aptitude and physical fitness? c) Identify initial training and/or qualification? d) Assess/recognise acquired competence and skills? e) Make staff aware of the relevance and importance of their activities and how they contribute to the achievement of safety objectives? Page 26 of 57

27 f) Make staff aware of the limitations of their competence? g) Achieve on-going assessment with additional briefing, training or periodical updating of existing knowledge and skills? h) Undertake periodic checks of competence, mental aptitude and physical fitness where appropriate? i) Undertake special briefing/ training measures in the case of accidents / incidents or long absences from work, as required? 5.3 Additionally, for the Maintenance Development Function (internal or contracted in) does the competence management system: a) Ensure that staff are competent to undertake assessment of engineering change and any proposed substitutions in the course of maintenance? b) Ensure that staff have the appropriate engineering disciplines required for managing the establishment and the changes of maintenance file and the development, assessment, validation and approval of substitutions in the course of maintenance? c) Ensure that staff have appropriate engineering disciplines and relevant experience for the design, maintenance and understanding of: d) Cover joining techniques (including welding and bonding)? e) Cover brake systems? f) Cover wheel sets? g) Cover draw gear? Page 27 of 57

28 h) Cover non-destructive testing techniques? i) Cover maintenance activities on specific components of freight wagons, including where applicable for the transport of dangerous goods such as tanks and valves? 5.4 Additionally, for the Maintenance Delivery Function (internal or contracted in) does the competence management system: a) Ensure that staff have appropriate engineering competence for undertaking tasks involving: b) Joining techniques (including welding and bonding)? c) Brake systems? d) Wheel sets? e) Draw gear? f) Non-destructive testing techniques? g) Maintenance activities on specific components of freight wagons, including where applicable for the transport of dangerous goods such as tanks and valves? h) Other identified specialist areas affecting safety? i) Ensure that staff are aware of the need for assessment of engineering change and any proposed substitutions in the course of maintenance? Page 28 of 57

29 A.6 Standards, Procedures and Document Control Where document requirements are shown in A.1 to A.4, then the following protocol is available for use: Industry and company standards, and other semi-quasi sources, along with other processes and procedures is core to engineering activities to ensure minimum standards are met, and best practise applied. Ref No. Question Comments Compliant? 6.1 Does the organisation have a structured approach to document and standards control and the traceability of documents? How are revisions managed and cascaded? 6.2 How is important information communicated to staff involved in the decision making processes in the organisation? Is the information accessible to end users in all parts of the organisation including outstations? 6.3 Does the organisation have processes for the communication of relevant information internally and to its suppliers and customers? Does the company have procedures for circulation of relevant information to the point of use within the organisation and externally? 6.4 Are there mechanisms for acknowledgement or confirmation of receipt for important information relating to safety, for example NIRs and safety bulletins? 6.5 Do the organisation s processes ensure that communication of important safety information occurs in a timely manner? 6.6 Does the organisation have processes or procedures that ensure key operational information is distributed in a timely manner to assure its relevance at point of use? 6.7 Is the information distributed in a format that ensures it is retrievable and clearly understood by the end user? Page 29 of 57

30 6.8 Is the control and change managed effectively? 6.9 Does the organisation have systems in place to ensure that the NVR data is updated to reflect correct status of its wagons and ECM assigned to its wagons? Does the company understand its legal obligations in respect of the information contained in the NVR? 6.10 In respect of maintenance documentation, does the organisation have a structured approach to the issue, amendment and receipt of pertinent relevant maintenance documentation? 6.11 Does the organisation have effective processes for setting up and administering maintenance orders? 6.12 Does the organisation have adequate processes for the creation, capture and management of records of maintenance performed? 6.13 Does the organisation have effective processes for the management of records of information on deficiencies detected during inspections and corrective actions taken by transport undertakings or by infrastructure managers such as inspections and monitoring undertaken before the departure of the train or en route? (or example monitoring of red / green card issued) Does the organisation have robust documented processes for releasing the vehicle after maintenance / repair? 6.15 Does the organisation have adequate documented processes for deferring work and / or releasing the vehicle with restrictions if applicable? Page 30 of 57

31 A.7 Contracts and Interfaces Where contractual requirements are found in A.1 to A.4, then the following protocol is available for use. This section of the audit is to check the management of the contract by the ECM, not the performance of the contractor. Ref No. Question Comments Compliant? 7.1 Does the organisation identify all situations where safety related products and services are provided by contractors and is this decision made by a competent person? 7.2 Does the organisation have a documented, adequate and robust process to assess and approve contractors, subcontractors and suppliers before use and does the supplier approval procedure at least establish that adequate arrangements are in place to satisfy all requirements found in A.1 to A.4 as relevant to the intended scope of supply including, but not limited to organisation, facilities, management systems, staff competence and fitness? 7.3 Has the organisation adequately defined details of the scope of supply, specification and requirements to contractors, subcontractors and suppliers? (Note: this must also include clear definition of the following: a) Clear agreement of responsibilities and tasks relating to railway safety issues. b) obligations relating to the transfer of relevant information between both parties. c) the traceability of safety related documents.) 7.4 Is the performance and effectiveness of the supplier / contractor routinely monitored to confirm: a) The performance of relevant processes? Page 31 of 57

32 b) The results of processes? c) The effectiveness of risk control arrangements? d) Information on experience, malfunctions, defects and repairs arising? 7.5 Does the organisation monitor the awareness of suppliers / contractors to risks that may be imported to its operations? 7.6 Are there periodic formal contract reviews between the organisation and its suppliers / contractors? Page 32 of 57

33 A.8 Engineering Change Where Engineering Change requirements are shown in A.1 to A.4, then the following protocol is available for use applicable to the function being audited. Engineering Change documents how change particularly to safety critical services and systems are managed. Risks from change needs to be identified and thought through to ensure safety levels are not compromised. Ref No. Question Comments Compliant? 8.1 Does an effective procedure exist to consider and approve engineering change? 8.2 Does the engineering change procedure cover the potential for requirement to comply with Interoperability Directive (for example TSI, NoBo, DeBo, AsBo) requirements? 8.3 Does the engineering change procedure make reference to the CSM RA (EC/352/2009 and EC/402/2013)? 8.4 Does the Engineering Change Procedure embrace maintenance policy or plan changes as well as physical engineering change? 8.5 Are Engineering Changes developed, assessed and approved by personnel with adequate competence? 8.6 Does the organisation have procedures in place to recognise the changes to standards, for example TSI and RGS? 8.7 Is there a process for communication of such changes to relevant people and departments, and evidence of receipt of such changes? 8.8 How does the organisation determine if changes to conformity affect them, and communication of such changes? 8.9 How are such changes to risk communicated through the organisation? 8.10 Is there an understanding of the impact of changes of existing maintenance documents? Page 33 of 57

34 8.11 If there are changes to the maintenance files what are the processes that exist to approve and implement the change? 8.12 If there are amendments to technical instructions how are these approved and implemented? 8.13 Is there a periodic review of the maintenance file? 8.14 Is there a robust process for updating the maintenance file to reflect changes throughout the vehicle life cycle? 8.15 Is the configuration of vehicles (especially for safety related components) traceable in the maintenance file? 8.16 Is there a robust process for amending the technical file to reflect changes throughout the vehicle life cycle? Page 34 of 57

35 A.9 Risk Assessment Where risk assessment requirements are shown in A.1 to A.4, then the following protocol is available for use. Note that A.9.10 is specific to Maintenance Delivery function only. Risk assessment a structured approach to assess risks associated with the maintenance of vehicles, including those directly arising from operational processes and the activities of other organisations or persons, and to identify the appropriate risk control measures. Ref No. Question Comments Compliant? 9.1 Does the organisation have a policy or procedure in place setting out the strategy for risk identification and assessment and does this meet the requirements of the CSM RA (EC/352/2009 and EC/402/2013)? 9.2 Does this encompass risks arising from defects and construction non-conformities and malfunctions throughout the lifecycle? 9.3 Does the organisation have procedures for developing and putting in place risk control measures? 9.4 Is it evident that the organisation recognises the need and has the commitment to collaborate with keepers, railway undertakings, infrastructure managers or other interested parties? 9.5 Does the organisation have robust processes or procedures to manage changes to: a) Organisation? b) Engineering change to vehicles, including introduction of new vehicles and maintenance specification change? c) Equipment? d) Procedures? e) Staffing? Page 35 of 57

Similar documents
2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback