RIW System Access Rules for Network Operators
The Rail Industry Worker (RIW) Program provides an online competency and safety management system for Australian rail workers and operators (RIW System). The RIW System is owned and endorsed by the Australasian Railway Association (ARA) and operated by Metro Trains Australia Pty Ltd (MTA).
These Rules set out terms and conditions that apply to use of the RIW System by Rail transport operators that are authorised participants in the RIW Program (Network Operators) who hold a Network Manager user permission to access the RIW System.
Network Operators are granted access to the RIW System for the purpose of accessing or uploading information to the extent necessary for the purposes of:
- Processing RIW card applications;
- Safety, workforce and work site planning, procuring resources, training and reporting for the Network Operator;
- Competency and safety management;
- Breach management;
- Managing any safety related regulatory claims, investigations or issues; or
- Enabling other entities that are used by the Network Operator to verify competencies for pre-qualification of suppliers and workforce management,
(collectively the Permitted Purpose).
Examples of Permitted Purpose activities may include:
- The administration of the Network Operator’s RIW account, for example, changing contact details and granting additional logins;
- Viewing information stored on the RIW System (RIW Information) including job roles, competencies and medical status;
- Viewing RIW’s swipe history;
- Placing and lifting blocks on RIWs; and
- Creating projects for assignment to Contractors in Charge for activities within the Network Operator’s network.
Network Operators must comply with these Rules, including to protect the RIW Information. Network Operators will be responsible for ensuring that each user who accesses the RIW System on their behalf complies with these Rules. Without limitation such Network Operators must:
- Implement, practices, procedures and systems to ensure that their authorised users comply with these Rules (including by revoking access to the RIW System in the event of a breach);
- Regularly monitor and assess privacy and security measures in place regarding access to and use of the RIW System by their authorised users; and
- On at least an annual basis, audit compliance with these Rules by their authorised users.
All actions taken by users of the RIW System are logged and will be subject to audit to ensure compliance with these Rules and other terms and conditions that apply to the RIW Program. In addition, Network Operators who have Employer Administrators who upload:
- Health assessments to the RIW System are subject to audit by the Chief Medical Officer of the relevant rail transport operator (Chief Medical Officer), MTA and the RIW Service Desk for quality assurance; and
- (tatements of Attainment, Certificates of Achievement, Certificates of Completion or other evidence that a training competency or qualification has been obtained (Training Records) to the RIW System are subject to audit by the Australian Skills Quality Authority (ASQA), MTA and the RIW Service Desk for quality assurance.
By accessing, logging on to or using the RIW System you agree to be bound by the terms set out below. If you do not agree to these terms, please log out of the RIW System immediately.
Security of the RIW System
- Keep your user login and password confidential and not share your user login or password with any other person (you will be responsible for any action on the RIW System using your login);
- Not use the user login and password of another user;
- Ensure your user profile includes your full name and a specific email address for reporting purposes, rather than a generic name or email address (e.g. Employer Admin1);
- Ensure the physical security of the devices you use to access the RIW System at all times, especially if you are using a laptop or other portable device;
- If any device you use to access the RIW System is affected by any network or security concerns, including suspected virus activity or any network security bypass, disconnect that device from the RIW System until the issue is resolved;
Confidentiality and use of RIW Information
- Use appropriate technical and organisational measures to protect RIW Information against misuse, interference and loss and against unauthorised access, use, modification or disclosure;
- Keep all RIW Information confidential at all times and not use RIW Information for any other purpose other than the Permitted Purpose or as required by any laws or regulations;
- Not copy, remove, store, use, or disclose RIW Information outside the RIW System, except for the Permitted Purpose or as required by any laws or regulations;
- Take reasonable steps to ensure that any information you enter or upload to the RIW System is accurate, complete, up-to-date, relevant and is not false or misleading;
- Not intentionally or recklessly enter or upload new RIW Information that is, or alter or delete existing RIW Information so that it becomes, inaccurate, incomplete, out-of-date, irrelevant, false, or misleading;
- Promptly notify the RIW Service Desk if you become aware that any information in the RIW System is inaccurate, incomplete, out-of-date, irrelevant, false or misleading;
- Promptly notify the RIW Service Desk of any breach or suspected breach of these terms or if you become aware of or suspect any data breach or unauthorised disclosure or access in respect of any RIW Information and provide all reasonable information, updates and assistance to assist the RIW Service Desk and MTA in respect of investigating, assessing, reporting and remediating the incident;
- Comply with any additional instruction or direction given by MTA in relation to your access to or use of the RIW System, including to ensure that action items arising from audits conducted by the Chief Medical Officer, ASQA, MTA or RIW Service Desk are completed and closed by the due date;
- Indemnify MTA for any costs and expenses incurred by MTA in investigating and remedying any breach of these terms (including costs and expenses incurred by MTA in the restoration of any affected RIW Information, which for the avoidance of doubt, would include any RIW Information that has been deleted, misrepresented or falsified);
Rules review and amendment
- MTA and the ARA may review these terms and in the event that any changes to these terms are proposed by MTA and the ARA, then MTA will notify all Network Operators 30 days prior to the change taking effect.
I agree to these terms as a condition of my participation in the RIW Program. I understand that MTA or the ARA may suspend, block or revoke my access to the RIW System if I fail to comply with these terms.