System Access Rules

RIW System Access Rules for Assessors

The Rail Industry Worker (RIW) Program provides an online competency and safety management system for Australian rail workers and operators (RIW System).  The RIW System is owned and endorsed by the Australasian Railway Association (ARA) and operated by Metro Trains Australia Pty Ltd (MTA).

These Rules set out terms and conditions that apply to use of the RIW System by:

  1. An employee or contractor of an RIW Participant (as defined below) who has been granted an Assessor login to the RIW System; and
  2. Rail transport operators and other organisations that are authorised participants in the RIW Program (RIW Participants) who hold an Assessor user permission to access the RIW System,

(collectively Assessor Users). 

Assessor Users are granted access to the RIW System for the purpose of reviewing evidence and performing Job Role Assessments for RIWs (Permitted Purpose).

Assessor Users and RIW Participants must comply with these Rules, including to protect information stored on the RIW System (RIW Information).  Assessor Users and RIW Participants will be responsible for ensuring that each user who accesses the RIW System on their behalf complies with these Rules.  Without limitation Assessor Users and RIW Participants must:

  1. Implement practices, procedures and systems to ensure that their authorised users comply with these Rules (including notifying the RIW Service Desk in the event of a breach);
  2. Regularly monitor and assess privacy and security measures in place regarding access to and use of the RIW System by their authorised users; and
  3. On at least an annual basis, audit compliance with these Rules by their authorised users.

All actions taken by users of the RIW System are logged and will be subject to audit to ensure compliance with these Rules and other terms and conditions that apply to the RIW Program. 

By accessing, logging on to or using the RIW System you agree to be bound by the terms set out below. If you do not agree to these terms, please log out of the RIW System immediately.

You must:

Security of the RIW System

  1. Keep your user login and password confidential and not share your user login or password with any other person (you will be responsible for any action on the RIW System using your login);
  2. Not use the user login and password of another user;
  3. Ensure your user profile includes your full name and a specific email address for reporting purposes, rather than a generic name or email address (e.g. Employer Admin1);
  4. Ensure the physical security of the devices you use to access the RIW System at all times, especially if you are using a laptop or other portable device;
  5. If any device you use to access the RIW System is affected by any network or security concerns, including suspected virus activity or any network security bypass, disconnect that device from the RIW System until the issue is resolved;

Confidentiality and use of RIW information

  1. Use appropriate technical and organisational measures to protect RIW Information against misuse, interference and loss and against unauthorised access, use, modification or disclosure;
  2. Keep all RIW Information confidential at all times and not use RIW Information for any other purpose other than the Permitted Purpose or as required by any laws or regulations;
  3. Not copy, remove, store, use, or disclose RIW Information outside the RIW System, except for the Permitted Purpose or as required by any laws or regulations;

Information quality

  1. Take reasonable steps to ensure that any information you enter or upload to the RIW System is accurate, complete, up-to-date, relevant and is not false or misleading;
  2. Not intentionally or recklessly enter or upload new RIW Information that is, or alter or delete existing RIW Information so that it becomes, inaccurate, incomplete, out-of-date, irrelevant, false, or misleading;
  3. Promptly notify the RIW Service Desk if you become aware that any information in the RIW System is inaccurate, incomplete, out-of-date, irrelevant, false or misleading;

Compliance management

  1. Promptly notify the RIW Service Desk of any breach or suspected breach of these terms or if you become aware of or suspect any data breach or unauthorised disclosure or access in respect of any RIW Information and provide all reasonable information, updates and assistance to assist the RIW Service Desk and MTA in respect of investigating, assessing, reporting and remediating the incident;
  2. Comply with any additional instruction or direction given by MTA in relation to your access to or use of the RIW System, including to ensure that action items arising from audits conducted by the Chief Medical Officer, Australian Skills Quality Authority, MTA or RIW Service Desk are completed and closed by the due date;
  3. Indemnify MTA for any costs and expenses incurred by MTA in investigating and remedying any breach of these terms (including costs and expenses incurred by MTA in the restoration of any affected RIW Information, which for the avoidance of doubt, would include any RIW Information that has been deleted, misrepresented or falsified);

Rules review and amendment

  1. MTA and the ARA may review these terms and in the event that any changes to these terms are proposed by MTA and the ARA, then MTA will notify all Assessor Users and RIW Participants 30 days prior to the change taking effect.


I agree to these terms as a condition of my participation in the RIW Program.  I understand that MTA or the ARA may suspend, block or revoke my access to the RIW System if I fail to comply with these terms.