RIW System Access Rules for Training Providers

The Rail Industry Worker (RIW) Program provides an online competency and safety management system for Australian rail workers and operators (RIW System).  The RIW System is owned and endorsed by the Australasian Railway Association (ARA) and operated by Metro Trains Australia Pty Ltd (MTA).

These Rules set out terms and conditions that apply to use of the RIW System by:

1. Registered Training Organisations (RTOs); and
2. Rail transport operators and other organisations that are authorised participants in the RIW Program (RIW Participants) that are hold an Australian Skills Quality Authority (ASQA) registration and as a result hold a training provider user permission to access the RIW System,

(collectively Training Provider Users). 

Training Provider Users are granted access to the RIW System for the purpose of accessing or uploading Statements of Attainment, Certificates of Achievement, Certificates of Completion or other evidence that a training competency or qualification has been obtained (Training Records) for RIWs to demonstrate that a RIW has obtained a relevant qualification or competency as required by the:

1. Standards for Registered Training Organisations (RTOs) 2015; made under subsection 185(1) and subsection 186(1) of the National Vocational Education and Training Regulator Act 2011 (Standard); and
2. Business rules requirements determined by rail transport operators and the National Rail Industry Worker Governance Committee (NRIWGC) for national requirements (the current business rules for individual competencies are located at: https://businessrules.riw.net.au/ (Business Rules)),

(the Permitted Purpose).

Training Provider Users and RIW Participants must comply with these Rules, including to protect information stored on the RIW System (RIW Information).  Training Provider Users and RIW Participants will be responsible for ensuring that each user who accesses the RIW System on their behalf complies with these Rules.  Without limitation such Training Provider Users and RIW Participants must:

1. Implement, practices, procedures and systems to ensure that their authorised users comply with these Rules (including by revoking access to the RIW System in the event of a breach);
2. Regularly monitor and assess privacy and security measures in place regarding access to and use of the RIW System by their authorised users; and
3. On at least an annual basis, audit compliance with these Rules by their authorised users.

All actions taken by users of the RIW System are logged and will be subject to audit to ensure compliance with these Rules and other terms and conditions that apply to the RIW Program.  In addition, Training Provider Users who upload Training Records to the RIW System are subject to audit by ASQA, MTA and the RIW Service Desk for quality assurance.

By accessing, logging on to or using the RIW System you agree to be bound by the terms set out below. If you do not agree to these terms, please log out of the RIW System immediately.

You must:

Security of the RIW System

1. Keep your user login and password confidential and not share your user login or password with any other person (you are responsible for any action on the RIW System using your login);[1]
2. Not use the user login and password of another user;
3. Ensure your user profile includes your full name and a specific email address for reporting purposes, rather than a generic name or email address (e.g. RTO Admin1);
4. Ensure the physical security of the devices you use to access the RIW System at all times, especially if you are using a laptop or other portable device;
5. If any device you use to access the RIW System is affected by any network or security concerns, including suspected virus activity or any network security bypass, disconnect that device from the RIW System until the issue is resolved;

Confidentiality and use of RIW Information

6. Use appropriate technical and organisational measures to protect RIW Information against misuse, interference and loss and against unauthorised access, use, modification or disclosure;
7. Keep all RIW Information confidential at all times and not use RIW Information for any other purpose other than the Permitted Purpose or as required by any laws or regulations;
8. Not copy, remove, store, use, or disclose RIW Information outside the RIW System, except for the Permitted Purpose or as required by any laws or regulations;

Information Quality

9. Take reasonable steps to ensure that any information you enter or upload to the RIW System is accurate, complete, up-to-date, relevant and is not false or misleading;
10. Not intentionally or recklessly enter or upload new RIW Information that is, or alter or delete existing RIW Information so that it becomes, inaccurate, incomplete, out-of-date, irrelevant, false, or misleading;
11. Promptly notify the RIW Service Desk if you become aware that any information in the RIW System is inaccurate, incomplete, out-of-date, irrelevant, false or misleading;

Training and Competency Requirements

12. Comply with the Standard and Business Rules and ensure that all training assessments for RIWs are conducted in accordance with the Standard and Business Rules;
13. Ensure that the evidence for a Training Record complies with the requirements set out in the Standard and Business Rules;
14. Advise the RIW prior to undertaking the training assessment that the Training Record will be uploaded to the RIW System;
15. Only upload Training Records to the RIW System as follows:
    1. If you are an RTO, Training Records that you have issued in your capacity as an RTO; or
    2. If you are a Training Provider User who is not an RTO, Training Records only for your Primary and Associated Employees using the RIW Participant Employer Administration user permission;  
16. Comply with all instructions and complete all mandatory information identified in the RIW System for the purposes of entering a new Training Record;
17. In completing the Training Record information in the RIW System, ensure that:
    1. The date that the training assessment was conducted is listed as the competency award date in the RIW System; and
    2. The expiry date of the competency is in accordance with the Standard or Business Rule;
18. Ensure that all relevant documents related to the Training Record are uploaded to the RIW System;[2]  
19. Not complete an RIW service request ‘RTO Request to Delete Training Record File’ at the request of an RIW or RIW Participant unless the request is to deal with a competency that has been uploaded in error;

Compliance management

20. Promptly notify the RIW Service Desk of any breach or suspected breach of these terms or if you become aware of or suspect any data breach or unauthorised disclosure or access in respect of any RIW Information and provide all reasonable information, updates and assistance to assist the RIW Service Desk and MTA in respect of investigating, assessing, reporting and remediating the incident;
21. Comply with any additional instruction or direction given by MTA in relation to your access to or use of the RIW System, including to ensure that action items arising from audits conducted by ASQA, MTA or RIW Service Desk are completed and closed by the due date;
22. If you are an RTO, not perform any other services in connection with the RIW Program other than undertaking training assessments and uploading Training Records for RIWs (for example, you must not use the RIW System for offering services such as completing identification checks for RIWs or ordering RIW cards for RIWs);
23. If an RTO is also an RIW Participant and has an Employer Administrator user account, only use this account for the purpose of managing your own Primary Employees;
24. Not hold an Employer Administrator user account for another RIW Participant that is not a related entity of the RTO;
25. Indemnify MTA for any costs and expenses incurred by MTA in investigating and remedying any breach of these terms (including costs and expenses incurred by MTA in the restoration of any affected RIW Information, which for the avoidance of doubt, would include any RIW Information that has been deleted, misrepresented or falsified);

Rules Review and Amendment

26. MTA, the ARA and ASQA may review these terms and in the event that any changes to these terms are proposed by MTA, the ARA or ASQA, then MTA will notify all RTOs, Training Provider Users and RIW Participants 30 days prior to the change taking effect.

Declaration

I agree to these terms as a condition of my participation in the RIW Program.  I understand that MTA, the ARA or ASQA may suspend, block or revoke my access to the RIW System if I fail to comply with these terms.

---

[1] To update RTO details regarding the organisation please see the RIW Service Request for ‘RTO Management’ and select the relevant sub-category.

[2] The competency will not be valid until the relevant documents have been uploaded in the RIW System.  Until then, any previous competency will apply when determining the RIW’s competency or role validity.