50% time elapsed – does that equal 50% complete?

Generic transition plan
Generic transition plan

15 March 2017 has been and gone, it marked the halfway point for transition to certification to the latest edition of ISO 9001. If the project plan to have all certified organisations transition to the 2015 edition by 15th September 2018 is half complete then where are we compared with the gantt chart or resource plan?

Aside from the early adopters who went for ‘First to be certified’ on the very same day the standard was published there appears to be a huge bow wave building up in front of the 3rd party certification tanker. Do all those responsible for managing the transition project in their organisation have a plan? Have they updated their personal competence to cover those significant changes that the 2015 edition brings? Do they have buy in from all those ‘top management’ in 9001 called upon to demonstrate leadership and commitment? If the answer to any one of these questions is ‘no’ then there is a serious risk they will not be in the club of 1 million plus holding a certificate on the 16th September 2018.

As with all resource constrained systems the problem will become: ‘How to deliver transition audits in the 6 month period leading up to September 15th 2018 for those late adopters?’

At s2a2s our recommendation is in two parts: Get started on making any changes needed to your systems to demonstrate compliance with the new requirements, and; engage with your current CB and start to work on a programme of visits to cover transition and book those assessment dates in the diary.

Change in the railway

Complex systems have inherent risk

Whichever one we think about – weather, eco-systems, financial markets or railways – each has hazards and risks that we are unable to control fully due to the number of factors involved and volume of activities that occur daily.

Changes to complex, man-made systems are managed to prevent catastrophic failures through formal and informal rules – and are captured in legislation and industry codes of practice. The UK rail industry has a long history of legislation and standards to control both railway operation and change management. Performance trends over recent years indicate a dramatic improvement in passenger safety. Indeed UK rail remains among the safest means of transport in Europe both in absolute terms and per kilometre travelled, according to the Office of Rail Regulation (ORR) and Eurostat data.

Sit up and take notice

So, how is ‘change’ changing? With evidence of improving performance, when the ORR announces changes to risk management across the UK rail system, it is time to listen. Since 2006 the Railway and Other Guided Transport Systems (Safety) Regulations 2006 (ROGS) have required dutyholders, including infrastructure managers such as Network Rail or railway undertakings such as train or freight operating companies, to develop and maintain safety management systems. These systems include controlled change management of rail operations and infrastructure and ROGS-required competent, independent persons to verify safety before placing into service. From 2013 ROGS amendments required dutyholders to apply a risk-based approach to assessing significance of technical (structural assets such as buildings, track, signalling, vehicles) and operational (timetable, staffing, ways of working) changes in accordance with their safety management system. The amendments allowed dutyholders to apply significance testing to determine the scrutiny level required. When dutyholders want to make a change they assess significance based on six criteria:

  • Failure consequence: realistically what could go wrong taking into account existing controls?

  • Novelty: how new is the proposed change for both the industry and the company?

  • Complexity of the change: how many sub-systems and groups are involved in the change?

  • Monitoring: how easy will it be to monitor the effect of the change throughout the asset lifecycle (including maintenance)?

  • Reversibility: how easy is it to revert to previous systems?

  • Additionality: how could this change interact with other recent (and not so recent) changes to the asset and operations involved?

    A different track

A change to a piece of track, for example, is rarely assessable on its own. The impact includes the track itself, perhaps buildings and civil structures along the line, signalling and train operations (speed and volume), passenger volumes and traffic at stations nearby. All of this falls under risk assessment and evaluation.

Similarly operational changes involving significant variations on staffing or ways of working might affect safety. Historically the railways have relied on large numbers of standards mandating prescriptive working methods, but they are moving towards a risk-based system. This in turn relies on trained and competent staff making judgements on safety, based on key principles. This represents a significant safety-related change and should be assessed using the common safety method (CSM). Where the proposer determines the change is significant, they have to manage it through:

  • a code(s) of practice comparing it with similar (reference) systems

  • explicit risk estimation.

In each case they must use an independent assessment body (AB) for whichever risk management method is used to evaluate their change management. They must also provide ‘an independent assessment of the correct application of the risk management process’ and a safety assessment report as evidence.

The AB role is a new requirement under ROGS and the underpinning EU Directive. The proposer must decide whether to accept the change as safe for entry into service “based on the safety assessment report provided by the assessment body”. The regulations require several pieces of evidence: z Change description – including the system it relates to. Used as the basis for significance testing, the results of which are also recorded.

  • System definition – key information describing the system being changed.

  • Hazards identified associated with the change and evaluation and assessment of their risk.

  • Risk control measures to be applied for each risk using one or more of the three management methods above.

  • A system hazard record maintained along with the system definition as the project progresses.

  • Evidence that risk management has been applied throughout the change project.

  • For significant risks, the AB report.

The proposer retains responsibility for system safety and decides whether the system change is safe to enter service based on the report.

Legal separation

Change proposers may use any support they require to manage change and ensure risks are kept in check. The railways use consultants to advise and independently assess compliance but the new AB role requires independence from the parties involved with change. The United Kingdom Accreditation Service (UKAS) programme for accreditation of ABs assesses legal separation, impartiality and independence. The initial pilot was open to accredited railway notified and designated bodies and was then extended to others. The accreditation regime for ABs came into force in May 2015 when the last 2013 ROGS amendments come into force and the ORR maintains a watching brief to ensure accreditation is effective and change management remains controlled. In the meantime, dutyholders are expected to use existing safety management systems to verify the safety of changes to vehicles and infrastructure.

Industry bodies such as ORR and the Rail Safety and Standards Board have produced guidance on implementing new requirements, and conformity assessment bodies are working with new and existing clients to explain the new requirements. The overarching aim for managing change in the complex UK railway system is for “a better railway for a better Britain” and “everyone home safe, every day”.

This article is adapted from ‘Managing Change’ – published in the November 2014 edition of IIRSM’s Insight magazine.