RIW System Access Rules for Administrator Users

The Rail Industry Worker (RIW) Program provides an online competency and safety management system for Australian rail workers and operators (RIW System).  The RIW System is owned and endorsed by the Australasian Railway Association (ARA) and operated by Metro Trains Australia Pty Ltd (MTA).

These Rules set out terms and conditions that apply to use of the RIW System by:

1. An employee or contractor of an RIW Participant (as defined below) who has been granted an Employer Admin, Employer Admin (No Payment), Employer Admin (Read Only), Advanced Project Admin, Project Admin and/or Site Admin access login to the RIW System to administer the account on behalf of an RIW Participant (Employer Admin) or a project or site managed by an RIW Participant; and
2. Rail transport operators and other organisations that are authorised participants in the RIW Program (RIW Participants) who hold an Employer Admin, Employer Admin (No Payment), Employer Admin (Read Only), Advanced Project Admin, Project Admin or Site Admin user permission to access the RIW System,

(collectively Administrator Users). 

Administrator Users are granted access to the RIW System for the purpose of accessing or uploading information for their RIW Participant or to RIWs who are:

1. the primary or main employees (Primary Employees) of their RIW Participant;
2. the secondary or associated employees (Associated Employees) of their RIW Participant; or
3. connected via swiping on to the project or site managed by their RIW Participant,

(collectively the Permitted Purpose).

Examples of Permitted Purpose activities may include:

1. The initial registration of the RIW Participant in the RIW System;
2. The administration of the RIW Participant’s RIW account, for example, changing contact details;
3. The initiation of employment and association requests for RIWs;
4. Uploading information for the Primary and Associated Employees of their RIW Participant, for example, competencies and medical reports;
5. Adding job roles to demonstrate competence; and
6. Paying for RIW Cardholders subscriptions.

Administrator Users and RIW Participants must comply with these Rules, including to protect information stored on the RIW System (RIW Information).  Administrator Users and RIW Participants will be responsible for ensuring that each user who accesses the RIW System on their behalf complies with these Rules.  Without limitation  Administrator Users and RIW Participants must:

1. Implement practices, procedures and systems to ensure that their authorised users comply with these Rules (including by revoking access to the RIW System in the event of a breach);
2. Regularly monitor and assess privacy and security measures in place regarding access to and use of the RIW System by their authorised users; and
3. On at least an annual basis, audit compliance with these Rules by their authorised users.

All actions taken by users of the RIW System are logged and will be subject to audit to ensure compliance with these Rules and other terms and conditions that apply to the RIW Program.  In addition, Administrator Users who upload:

1. Health assessments to the RIW System are subject to audit by the Chief Medical Officer of the relevant rail transport operator (Chief Medical Officer), MTA and the RIW Service Desk for quality assurance; and
2. Statements of Attainment, Certificates of Achievement, Certificates of Completion or other evidence that a training competency or qualification has been obtained (Training Records) to the RIW System are subject to audit by the Australian Skills Quality Authority (ASQA), MTA and the RIW Service Desk for quality assurance.

By accessing, logging on to or using the RIW System you agree to be bound by the terms set out below. If you do not agree to these terms, please log out of the RIW System immediately.

You must:

Security of the RIW System

1. Keep your user login and password confidential and not share your user login or password with any other person (you will be responsible for any action on the RIW System using your login);
2. Not use the user login and password of another user;
3. Ensure your user profile includes your full name and a specific email address for reporting purposes, rather than a generic name or email address (e.g. Employer Admin1);
4. Ensure the physical security of the devices you use to access the RIW System at all times, especially if you are using a laptop or other portable device;
5. If any device you use to access the RIW System is affected by any network or security concerns, including suspected virus activity or any network security bypass, disconnect that device from the RIW System until the issue is resolved;

Confidentiality and use of RIW Information

6. Use appropriate technical and organisational measures to protect RIW Information against misuse, interference and loss and against unauthorised access, use, modification or disclosure;
7. Keep all RIW Information confidential at all times and not use RIW Information for any other purpose other than the Permitted Purpose or as required by any laws or regulations;
8. Not copy, remove, store, use, or disclose RIW Information outside the RIW System, except for the Permitted Purpose or as required by any laws or regulations;

Information Quality

9. Take reasonable steps to ensure that any information you enter or upload to the RIW System is accurate, complete, up-to-date, relevant and is not false or misleading;
10. Not intentionally or recklessly enter or upload new RIW Information that is, or alter or delete existing RIW Information so that it becomes, inaccurate, incomplete, out-of-date, irrelevant, false, or misleading;
11. Promptly notify the RIW Service Desk if you become aware that any information in the RIW System is inaccurate, incomplete, out-of-date, irrelevant, false or misleading;
12. Verify with the Authorised Health Professional (AHP) that the rail safety worker health assessment and drug and alcohol assessment is legitimate and accurate in all respects;
13. Verify with the Registered Training Organisation (RTO) that the Training Record is legitimate and accurate in all respects;

Compliance management

14. Promptly notify the RIW Service Desk of any breach or suspected breach of these terms or if you become aware of or suspect any data breach or unauthorised disclosure or access in respect of any RIW Information and provide all reasonable information, updates and assistance to assist the RIW Service Desk and MTA in respect of investigating, assessing, reporting and remediating the incident;
15. Comply with any additional instruction or direction given by MTA in relation to your access to or use of the RIW System, including to ensure that action items arising from audits conducted by the Chief Medical Officer, ASQA, MTA or RIW Service Desk are completed and closed by the due date;
16. Indemnify MTA for any costs and expenses incurred by MTA in investigating and remedying any breach of these terms (including costs and expenses incurred by MTA in the restoration of any affected RIW Information, which for the avoidance of doubt, would include any RIW Information that has been deleted, misrepresented or falsified);

Rules Review and Amendment

17. MTA and the ARA may review these terms and in the event that any changes to these terms are proposed by MTA and the ARA, then MTA will notify all Administrator Users and RIW Participants 30 days prior to the change taking effect.

Declaration

I agree to these terms as a condition of my participation in the RIW Program.  I understand that MTA or the ARA may suspend, block or revoke my access to the RIW System if I fail to comply with these terms.