Health and safety management

Strategic risk chapter

2. Our view of the risk

Components

What the risk Is and who It affects

SMS underpin safe railway operations. They determine how effectively dutyholders identify, assess and control risks in a complex environment involving passengers, staff, contractors and the wider public. Operating a railway is inherently complex and high risk, and without an effective SMS, consequences can include harm, operational failure, reputational damage, loss of public confidence, and regulatory action.

Why SMS matters

Managing SMS risk is critical to maintaining safe outcomes, legal compliance and organisational resilience. Where SMS arrangements are weak, poorly implemented or inadequately assured, dutyholders lose effective control of safety risk, particularly during operational pressure or organisational change. This increases the likelihood of harm, regulatory non compliance and enforcement action.

SMS maturity has a direct impact on safety and operational performance. When systems are inconsistently applied or poorly assured, risks escalate across:

Operational decision making. Frontline safety-critical tasks. Supplier and contractor activities. Asset integrity and maintenance. Organisational change.

These risks affect all rail sectors (mainline, non-mainline and heritage) each facing different pressures but connected by the same requirement: a mature, resilient SMS capable of preventing harm and adapting to routine and emergent risks.

Current SMS maturity and what we see across the sector

ORR uses inspections, audits and risk intelligence (including RAIB reports, industry data and risk profiling) to identify systemic weaknesses and target regulatory activity. Findings are benchmarked against RM3 to assess maturity and improvement needs. Non-compliance may lead to enforcement.

Industry-wide SMS maturity remains largely at the “Standardised” level, with pockets of Predictable performance. This indicates structured processes exist but are not consistently applied. Refer to the Appendix for detailed industry performance broken down by sector.

ORR regularly identify cross-industry weaknesses in the following SMS areas:

  • Fatigue risk management (underdeveloped)
  • Outdated or inconsistent risk assessments
  • Weaknesses in change control (operational, organisational, engineering)
  • Variable competence management
  • Inconsistent assurance and audit practice
  • Gaps in asset integrity processes
  • Inconsistent contractor and supplier oversight

These weaknesses reduce both safety and resilience, particularly during operational pressure, resource constraints or organisational change.

Case study: Management of contractors (ad-hoc maturity)

Evidence from inspections of a train operator and infrastructure manager identified Ad hoc maturity in arrangements for the management of contractors at station locations. Although processes for contractor access and control existed, roles and responsibilities, particularly for Work Access Permit (WAP) issuing, were not clearly defined or consistently understood. Permits were issued off site, and there was limited assurance that contractors had been appropriately signed in or briefed on site specific risks.

There were weak interfaces between estate management, permit issuers, frontline station staff, and contractors. Information about the nature and risk profile of the work was not consistently shared, and contractor risk assessments were generic, insufficiently reviewed, and not updated when circumstances changed. This resulted in work being authorised under inappropriate arrangements and without effective challenge or escalation.

Long standing supplier relationships were managed informally, with limited structured oversight, monitoring, or routine engagement. This contributed to complacency in contractor assurance, heavy reliance on third parties to manage risk, and unclear supervision arrangements. Overall, control of risk relied on individual judgement rather than demonstrable system assurance, increasing vulnerability to incident and regulatory intervention.

ORR engaged with the duty holder to test contractor management arrangements and seek assurance that responsibilities for contractor access, permitting and supervision were clearly defined and consistently applied. Follow up activity focused on improving the quality of risk assessment, strengthening oversight of suppliers, and ensuring more effective assurance where work is commissioned and delivered at station locations.

Forward-looking risk: emerging trends and pressures

Cost and resourcing pressures continue to influence dutyholders’ ability to maintain SMS effectiveness, affecting the quality of risk assessments, fatigue management, assurance and monitoring. These pressures increase vulnerability and reduce organisational resilience.

Industry change (GBR transition) introduces additional risk such as unclear responsibilities, changing interfaces, and the need to maintain SMS integrity during organisational restructuring. While consolidation under GBR presents opportunities to improve consistency and assurance, it also requires careful management to ensure clear accountability across both the emerging GBR SMS and individual Train Operator SMSs.

ORR is supporting the transition through dedicated regulatory activity, including safety certification and authorisation work to be undertaken during the 2025–2027 period. This includes engagement on a total of eight safety certificate and authorisation applications, providing structured challenge and assurance to support a controlled transition while maintaining effective management of health and safety risk.

RM3 learning and ORR Risk profiling show recurring issues across cultural maturity, assurance and change management. Without improvement, these weaknesses restrict system-wide learning and limit the ability to respond to new hazards.

ORR’s view is that strengthening SMS maturity remains essential for navigating both present and future risk pressures. Dutyholders must ensure their SMS is ready for future reform and organisational change, not only today’s operational demands.