Security Handbook for Small to

Medium Rail Transport

Operators

Volume 1
 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

This Rail Industry Safety and Standards Board (RISSB) product has been developed using input from rail experts from across the
Rail Industry. RISSB wishes to acknowledge the positive contribution of all subject matter experts and DG representatives who
participated in the development of this product.

The RISSB Development Group for this Guideline consisted of representatives from the following organisations:

Aurecon Group Department of Transport Victoria Jacobs Group (Australia) P/L

KiwiRail Marling Group Transport for NSW
VLine Corporation

Development of this Guideline was undertaken in accordance with RISSB’s accredited processes. It was approved by the
Development Group, endorsed by the Standing Committee, and approved for publication by the RISSB Board.

I commend this Standard to the Australasian rail industry as it represents industry good practice and has been developed
through a rigorous process.

Deb Spring
Exec. Chair / CEO
Rail Industry Safety and Standards Board

Notice to users
This RISSB product has been developed using input from rail experts from across the rail industry and represents good practice
for the industry. The reliance upon or manner of use of this RISSB product is the sole responsibility of the user who is to assess
whether it meets their organisation’s operational environment and risk profile.

Keeping guidelines up-to-date

To maintain their currency, Guidelines developed by RISSB are periodically reviewed, and new editions published when
required. Between editions, amendments can be issued.
It is important that readers assure themselves of that they are using a current RISSB Guideline. Information about RISSB
Guidelines, including amendments, can be found by visiting www.rissb.com.au.
RISSB welcomes suggestions for improvements and asks readers to notify us immediately of any apparent inaccuracies or
ambiguities, please contact us via email at [email protected] or write to Rail Industry Safety and Standards Board, PO Box
518, Spring Hill, QLD 4004, Australia.
RISSB product can be found at: http://www.rissb.com.au/products/.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 1

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Document control
Document title Version Date
Security Handbook for Small to Medium Rail Transport Operators - Volume 1 1.1 Dec 2019

Document history
Publication version Date Reason for and extent of changes
2009 Edition May 2009 Approved for issue by RISSB Board and ARA Executive
2020 Edition 23 June 2020 Revised Edition - Approved for issue by RISSB Board

Approval
Name Date
Rail Industry Safety and Standards Board

Copyright
© RISSB

All rights are reserved. No part of this work can be reproduced or copied in any form or by any means, electronic or mechanical,
including photocopying, without the written permission of RISSB, unless otherwise permitted under the Copyright Act 1968.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 2

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

References
Legislation
Rail Safety National Law (South Australia) Act 2012 Rail Safety National Law National Regulations 2012
Rail Safety National Law (NSW) No 8a Rail Safety (National Uniform Legislation) Act 2012 No 27 (NT)
Rail Safety (National Uniform Legislation) Regulations 2015 (NT) Rail Safety National Law (Tasmania) Act 2012 No 38
Rail Safety National Law Application Act 2013 No 22 (VIC) Rail Safety National Law (ACT) Act 2014
Rail Safety National Law (WA) Act 2015 Rail Safety National Law (WA) Regulations 2015
Rail Safety National Law (Queensland) Act 2017 Rail Safety National Law (Queensland) Regulation 2017
Commonwealth Places (Application Of Laws) Act 1970 Control of Weapons Act 1990 (Vic)
(Commonwealth)
Control of Weapons Regulations 2000 (Vic) Criminal Code Act 1995 (Commonwealth)
Drugs, Poisons and Controlled Substances Act 1981 (Vic) Environmental Planning and Assessment Amendment (Infrastructure
and Other Planning Reform) Act 2005 (NSW)
Evidence Act 2008 (1958) (Vic) Firearms Act 1996 (Vic)
Health and Safety in Employment Act 1992 (NZ) Information Act 2002 (NT)
Information Privacy and Data Protection Act 2014 (Vic) Information Privacy Act 2000 (Vic)
Injury Prevention, Rehabilitation, and Compensation Act 2001 (NZ) Intelligence Services Act 2001 (Commonwealth)
Justice Legislation Amendment (Terrorism) Act 2019 (NSW) Major Events (Crowd Management) Act 2004
Maritime Transport and Offshore Facilities Security Act 2003 Occupational Health and Safety (Commonwealth Employment) Act
(Commonwealth) 1991 (Commonwealth)
National Security Information Act (2004) Commonwealth Work Health and Safety Act 2011 (ACT)
Workplace Health and Safety Act 2011 (NSW) Occupational Health and Safety Act 2004 (Vic)
Work Health and Safety Law 2012 (SA) Occupational Safety and Health Act 1984 (WA)
Privacy Act 1988 (Commonwealth) Privacy and Data Protection Act 2014 (Vic)
Privacy and Personal Information Protection Act 1998 (NSW) Private Investigators and Security Guards Act 1974 (NZ)
Private Security Act (NT) Private Security Act 2004 (Vic)
Public Records Act 2002 (Qld) Rail Safety Act 1996 (SA)
Rail Safety Act 1997 (Tas) Rail Safety Act 1998 (WA)
Rail Safety Act 2006 & Rail Safety Regulations2006 (Vic) Railway Safety and Corridor Management Act 1992 (NZ)
Right to Information Act 2009 (Tas) Security and Investigation Agents Act 1995 (SA)
Security and Investigations Agents Act 2002 (Tas) Security and Related Activities (Control) Act 1996 (WA)
Security Industry Act 1997 (NSW) & Security Industry Amendment Act Security Industry Act 2003 (ACT)
2005 (NSW)
Security Legislation Amendment (Terrorism) Act 2002 Security of Critical Infrastructure Act 2019 (Commonwealth)
(Commonwealth)
Security Providers Act 1993 (Qld) Surveillance Devices Act (Workplace Privacy) Act 20061999 (Vic)
Surveillance Devices Act 1999 (Vic) Terrorism (Commonwealth Powers) Act 2002 (NSW)
Terrorism (Commonwealth Powers) Act 2002 (Qld) Terrorism (Commonwealth Powers) Act 2002 (SA)
Terrorism (Commonwealth Powers) Act 2002 (Tas) Terrorism (Commonwealth Powers) Act 2002 (WA)
Terrorism (Commonwealth Powers) Act 2003 (Vic) Terrorism (Community Protection) Act 2003 (Vic)
Terrorism (Community Protection) Amendment 2018 (Vic) Terrorism (Emergency Powers) Act 2003 (NT)
Terrorism (Police Powers) Act 2002 (NSW) Work Health Act (NT)
Workplace Health and Safety Act 2011 (Qld) Workplace Health and Safety Act 2012 (Tas)
Workplace Surveillance Act 2005 (NSW) Workplace Video Surveillance Act 1998 (NSW)

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 3

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Standards
AS/NZS 2201.1: 2007 Intruder alarm systems – Systems installed in AS 2201.5:2008 Intruder alarm systems – Alarm transmission systems
client’s premises
AS 3555.1: Building Elements – Testing and rating for intruder AS 3745:2010 Emergency control organisation and procedures for
resistance – Intruder-resistant panels buildings, structures and workplaces
AS 4145.1:2008 - Locksets – Glossary of terms AS 4485 Set:1997 – Security for health care facilities
AS 4145.2:2008 - Locksets – Mechanical locksets for doors in buildings AS 4806:2008 Set
AS 4811: 2006 - Employment Screening AS 5039:2003 – Security screen doors and security window grills
AS 5040:2003 – Installation of security screen doors and windows AS 5041:2003 – Methods of test – Security screen doors and window
grills
AS 7770 – Rail Cyber Security AS 8000:2003 - Corporate Governance – Good governance principles
AS/ISO 27799:2011 - Information security management in health using AS/ISO/IEC 27001 and 27002 IT Security Set: 2015 – Information
ISO/IEC 27002 technology - Security techniques
AS/ISO/IEC 27013:2017- Information technology - Security techniques AS ISO/IEC 27035 Set2017- Information technology - Security
- Guidance on the integrated implementation of ISO/IEC 27001 and techniques - Information security incident management
ISO/IEC 20000-1
AS/ISO/IEC 27002:2015- Information technology - Security techniques AS/NSZ ISO/IEC 11770 Security Set: 2008 – Information technology –
- Code of practice for information security controls Security techniques – Key management
AS/NZS 1170.2:1170.2:2002 – Structural Design Actions – Part 2: Wind AS/NZS IS O/IEC 9798 Set:2008- Security for health care facilities -
Actions General requirements Information technology - Security techniques
AS/NZS ISO/IEC 17799:2005 Information technology – Code of practice AS/NZS ISO/IEC 17799:2006 - Information technology - Security
for information security management techniques - Code of practice for information security management
AS/NZS ISO/IEC 18028:2008 - Information technology - Security AS/NZS ISO/IEC 27005:2012 – Information technology - Security
techniques - IT network security - Network security management techniques - Information security risk management (ISO/IEC
27005:2011, MOD)
AS/NZS ISO/IEC 27011:2017 – Information technology - Security AS/NZS ISO/IEC:2005 – Information technology – Security techniques
techniques - Code of practice for information security controls based – information security management systems - Requirements
on ISO/IEC 27002 for telecommunications organizations
HB 158 – Delivering assurance based on AS/NZS ISO 31001 HB 167:2006 - Security risk management
HB 171:2003 – Guidelines for the management of IT evidence HB 231:2004 - Information security risk management
HB 240 Guidelines for managing risk in outsourcing HB 324:2008 - Lexicon of key terms used in security
HB 327 – Communicating and Consulting about Risk HB 328:2009 - Mailroom security
HB 436 – Risk Management Guidelines – Companion to AS/NZS ISO ISO 31000:2018: Risk management Guidelines
31001
ISO Guide 73 – Risk Management – Vocabulary Protective Security Policy Framework (Commonwealth)
SRMBOK RMIA 2008 Victorian Protective Data Security Standard (VPDSS)

Other
A National Approach to Closed Circuit Television – National Code of ANZCTC – National Guidelines for Protecting Critical Infrastructure
Practice for CCTV Systems for the Mass Passenger Transport Sector for from Terrorism 2015
Counter Terrorism (COAG July 2006)
ANZCTC – Hostile Vehicles Guidelines for Crowded Places 2017 ANZCTC – National Counter-Terrorism Plan 2017
ANZCTC – Australia’s Strategy for Protecting Crowded Places from ANZCTC – Active Offender Guidelines for Crowded Places 2017
Terrorism 2017
ANZCTC – Improvised Explosives Devices (IED) Guidelines for Crowded ANZCTC – Chemical Weapon Guidelines for Crowded Places 2017
Places 2017
ASIO Mass Passenger Transport Systems Risk Context Statement June Attorney-General’s Department (2005) National Counter-Terrorism
2014 Plan, Canberra: CoA
Attorney General’s Department (2017) National Counter-Terrorism Attorney General’s Department - Protective Security Policy
Plan Framework (Critical Infrastructure Protection)
Attorney General’s Department Critical Infrastructure Resilience Attorney-General’s Department – Managing the Insider Threat to
Strategy Plan 2015 your business – A personnel security handbook
Attorney-General’s Department - Physical Security Management Australian Government – COMCOVER – Better Practice Guide – Risk
Protocol 2011 Management 2008
Australian Government- Cyber Security Strategy 2009 Australian Government - Improvised Explosive Device (IED) Guidelines
For Places Of Mass Gathering

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 4

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Other
Australian Government - Investigation Standards (AGIS) 2012 Australian Government – Organisational resilience – Critical
Infrastructure 2011
Australian Government – Physical security Management Guidelines – Australia’s Counter Terrorism Strategy 2015
Physical Security of ASIS International – ASIS ORM.1-2017 – Security
and Resilience in Organizations and their Supply Chain – Requirements
with Guidance
Building Code of Australia Centre for the Protection of National Infrastructure – Security
Lighting: Guidance for Security Managers 2015
Queensland Police Service - Crime Prevention Through Environmental Commonwealth Attorney-General’s Department (2005)
Design (CPTED) Guideline (Parts A and B) Commonwealth Protective Security Manual, Canberra: CoA
CPNI UK – Door Security 2013 CPNI UK – CCTV for CNI Perimeter Security 2014
CPNI UK – Integrated Security Guide for Hostile Vehicle Mitigation 2nd CPNI UK – Integrated Security Guide for Hostile Vehicle Mitigation
Edition 2014 2nd Edition 2014
CPNI UK - Levels 1 and 2 Operational requirements for Hostile Vehicle CPNI UK – Protecting against Terrorism 3rd Edition 2010
Mitigation 2010
Crowded-places-security-audit Dept of Home Affairs – National Surface Transport Security Strategy
Dept of Home Affairs – National Code of Practice for CCTV Systems for Department of Infrastructure - National Policy Framework for Land
mass passenger transport sector for counter-terrorism Transport Technology
Department of Transport CPNI (SIDOS) UK – Security in Design of Dr Miles Jakeman – Citadel Group Limited - Australia – Guide to
Stations 2012 SRMBOK RMIA – Physical Security Specifications and Postures
Handling and Transporting Cash – Security Risks – General Guide 2014 HM Government UK – Protecting Crowded Places – Design and
Technical Issues 2014
Home Office Scientific Development Branch UK – CCTV Operational ICT equipment, systems, and facilities 2011
Requirements Manual 2009
Information Privacy Principles Instruction (SA) Inter-Governmental Agreement for Surface Transport Security
International Union of Railways – Station Security for Station Business National Critical Infrastructure Resilience Strategy July 2016
National Guidelines For The Protection Of Places Of Mass Gathering National Guidelines for Protecting Critical Infrastructure from
From Terrorism September 2010 Terrorism
Protecting Crowded Places from Terrorism 2017
Risk Management Institute of Australia (RMIA) – Security Risk RISSB Security Handbook Vol 1 - Managing Security Related Risks in
Management Body of Knowledge Rail Organisations
RISSB Code of Practice – Rail Cyber Security in Rollingstock RISSB Code of Practice – Rail Cyber Security in Train Control
RISSB Guideline – Implementation of AS 7770 State Government of Victoria – Guide to Develop CCTV for Public
Safety in Victoria
Transport and Infrastructure Senior Official Committee, A national Trusted Information Sharing Network for Critical Infrastructure
approach to close circuit television, national code of practice for CCTV Protection – Defence in Depth 2008
systems for the mass passenger transport for counter-terrorism
USA MTI – The Challenge of Protecting Transit and Passenger Rail – US Department of Transport – Transit Security Design Considerations
Understanding how Security works against Terrorism 2004
UFC 4-022.02 – Selection and Application of Vehicle Barriers 2009 UFC 4-010-01 – DoD Minimum Antiterrorism Standards for Buildings
Victorian Critical Infrastructure Resilience Strategy July 2016 Victorian Ministerial Guidelines for Critical Infrastructure Resilience

Hazard table

Hazard number Hazard Section addressing

3.2 A breach of security All sections

3.3 Harm to an organisation All sections

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 5

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Contents
1 Introduction ................................................................................................................... 7
1.1 Background ..................................................................................................... 7
1.2 Structure and Application ................................................................................ 7
1.3 Purpose........................................................................................................... 8
1.4 Terminology .................................................................................................... 8
2 Roles and Responsibilities ............................................................................................ 8
2.1 Developing the Security Risk Management Program (SRMP) ......................... 8
3 Security Risk Management ......................................................................................... 10
3.1 Overview ....................................................................................................... 10
3.2 Integrated Safety, Security and Emergency Risk Management ..................... 10
3.3 Risk Assessment ........................................................................................... 10
4 Rail Transport Security Risk Management Strategies ................................................. 18
4.1 Rail Transport System Characteristics........................................................... 18
4.2 Security Principles ......................................................................................... 18
4.3 Personal Security .......................................................................................... 21
4.4 Physical Security ........................................................................................... 29
4.5 Operational Security ...................................................................................... 34
4.6 Information Management and Electronic Security ......................................... 38
4.7 Incident Reporting and Recording ................................................................. 41
4.8 Privacy .......................................................................................................... 42
5 Security Exercises ...................................................................................................... 43
5.1 Rationale for Security Exercises .................................................................... 43
5.2 Progression of Exercise Program Development ............................................ 43
5.3 Categories of Exercises ................................................................................ 44
5.4 Steps in Process ........................................................................................... 45
6 Annexes ...................................................................................................................... 48
6.1 List of Annexes.............................................................................................. 48

Annexes
Annexe A Glossary of Security and Emergency Risk Management Terms .................... 49
Annexe B Example Security Risk Management Program Roles & Responsibilities Matrix52
Annexe C Example Security Threat Alert Level System ................................................. 53

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 6

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

1 Introduction
1.1 Background
It is an unfortunate fact today that our rail transport systems face challenges in protecting passengers,
staff, information, physical assets, and their reputations, from security related risks. There are also
regulatory obligations that introduce specific requirements with respect to security.
International tragedies involving rail have highlighted the potential scale of risks faced by the industry.
The country’s rail transportation systems are essential services, yet they are designed to be accessible,
and their very function is to concentrate passenger and/or freight flows in ways that can create
vulnerabilities for threats sources, such as criminals and terrorists to exploit. Prospects of defending
against each of these vulnerabilities through traditional means, such as guards, guns, and gates, are
dim. The rail transportation system is simply too large, and the threats faced too diverse and ever
changing for such blanket approaches to work. While the likelihood of a terrorist attack on rail
operations in Australia or New Zealand is much lower than the probability of being impacted by
localised threats, the rail industry considers that it has the responsibility to ensure that its operations
are as safe as possible. The industry agrees that while operations vary significantly, the identification
and management of security related risks should be undertaken in accordance with a consistent
framework.
Rail transport operators (RTOs) have an obligation to manage all safety and security risks so far as is
reasonably practicable (SFAIRP) in accordance with the Rail Safety National Law and Regulations.
Each accredited organisation is required to have a safety management system of which security
management forms a part.
The railway safety and security risk profile can best be achieved through security systems and programs
that integrate with all aspects of operations and are deliberately designed to deter security threat
sources, taking a risk-based approach.
This Handbook has been developed to support small to medium operators, whether they transport
people or freight or both, with meeting their regulatory and corporate objectives with respect to
security risk management. Larger RTOs have established and mature security systems which are
commensurate with their levels of risk. However, the underlying principles would apply across the rail
industry.

1.2 Structure and Application

This Handbook has been developed to assist smaller to medium sized RTOs with effectively managing
security related risks. It should be read in conjunction with Handbook 2, which provide guidance in the
implementation of security strategies.
This Handbook recommends a more bespoke framework for the application of security risk
management in the Australian and New Zealand rail industries, to support less-complex operations. It is
a fluid document that will be monitored and refined in order to maintain international best practice for
transport security.
This Handbook is subordinate to any relevant legislation or regulation concerning rail transport security.
It is recognised that differences in RTOs will necessarily introduce variations in the risk profiles of those
using this Handbook. This document has therefore been designed to be used as the basis for developing
and implementing security policy, procedures, systems, and practices, which are contextually relevant
to individual RTOs, within a consistent framework.
Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 7

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Notwithstanding regulatory, corporate, and moral obligations inherent within security risk
management, strategies that are introduced should be compatible with operational requirements. RTOs
may adapt the instructions and templates associated with this Handbook to suit their own local
operating conditions and risk profiles.
This Handbook does not replace specialist advice from external agencies, and operators should seek
additional support from competent persons as required.

1.3 Purpose
This Handbook provides a framework and methodology for managing safety and security related risks in
RTOs. It embraces the wide range of threats to which the rail transport systems are potentially exposed,
including those related to issue motivated groups (IMGs) and terrorism.
The objectives of this Handbook are to:
(a) encourage clear definition of security roles and responsibilities within RTOs;
(b) establish a framework for the consistent application of security risk management principles
that could be integrated with the rail industries safety and emergency risk management
systems;
(c) provide guidance for RTOs in developing a security risk management plan (SRMP) to
manage risks to so far as is reasonably practicable (SFAIRP).

1.4 Terminology
It is important to understand that some terms in common usage have special meaning within the
context of security risk management. For the purposes of this Handbook, terms will have the meaning
described in the Glossary of Security Terms at Annexe A, or as referenced in the following documents:
(a) ISO 31000:2018 Risk Management Guidelines.
(b) HB 167:2006 - Security risk management.
(c) Glossary of Terms (which can be viewed on the RISSB web site at www.rissb.com.au).

2 Roles and Responsibilities

2.1 Developing the Security Risk Management Program (SRMP)
An RTO should develop and implement a structured SRMP which formalises the commitment of senior
management to understanding and responding to security related risks. The SRMP should have clearly
defined management authority, and well developed and documented policies and procedures designed
to minimise misunderstandings and confusion in the field.
Responsibility for the operation of the SRMP should be assigned to one person. It is highly
recommended that where circumstances allow, a full-time person be appointed to coordinate the
SRMP. However, if a full-time security management position cannot be established, a senior executive
level manager should be assigned security management responsibilities as a distinct function amongst
other responsibilities.
The person assigned security management responsibility should apply security risk management
principles when developing components of the security risk management plan. The Security Risk
Management Book of Knowledge provides 12 principles for adoption:
Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 8

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(a) Commitment.
(b) Organisational wide security and risk policies.
(c) Link strategy, planning and delivery.
(d) Establish and manage to agreed risk thresholds.
(e) People security.
(f) Physical and environmental security.
(g) Operational security management.
(h) Business continuity and resilience.
(i) Testing.
(j) Measure and review.
(k) Document control.
(l) Assurance.
From these, a number of important functions can be considered, such as:
(a) developing plans and policies;
(b) managing a structured program of safety and security risk assessments;
(c) developing and managing incident reporting systems;
(d) communicating and promoting the SRMP through awareness strategies, including the need
for exercising plans;
(e) referring security incidents for investigation;
(f) coordinating incident and emergency response; and
(g) periodically reviewing and auditing the SRMP.
In recognition of system-to-system variations in RTOs, this Handbook uses the term “security
coordinator” to refer to the person with delegated responsibility for the SRMP. It is, however,
acknowledged that no single staffing recommendation is adequate for all RTOs, as each RTO’s SRMP
should be developed and evolve to address local conditions, risks, and resources.
Depending on the size and resources of the RTO, the “security coordinator” may be the
director/manager of safety, with support from in-house or competent external specialists.
For smaller operations, the CEO, director of safety, the safety risk manager, or the facilities manager
may incorporate these activities into their duties, supported by a committee comprised of management
and operating personnel, and coordinated with local emergency services representatives.
Whatever organisational structure is established by the RTO it is recommended that the security
coordinator:
(a) reports directly to the RTO’s CEO or equivalent position;
(b) receives an appropriately resourced budget for security activities;
(c) ensures that the governing body have to up to date information regarding security
activities;
(d) has clear and unambiguous terms of reference and level of authority.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 9

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

3 Security Risk Management

3.1 Overview
Security risk management entails a continuous process of managing risk through a series of actions,
including setting strategic goals and objectives, identifying and assessing risks, evaluating options to
reduce identified risks by reducing likelihood and/or mitigating their impact, selecting actions to be
undertaken by management, as well as implementing and monitoring those actions.
Setting strategic goals, objectives, and constraints is a key first step in implementing effective security
risk management and helps to ensure that management decisions are focused on achieving a strategic
purpose while minimising risk. These decisions should take place in the context of a RTOs SRMP that
includes objectives that are clear, concise, and measurable, and outcomes that are justified and
appropriate.

3.2 Integrated Safety, Security and Emergency Risk Management

A RTOs safety, security, and emergency management planning should not be prepared in isolation from
each other. Each of these systems are interrelated in how they prevent, prepare, respond, and recover
from risk events. Accordingly, it should be well understood that any protective plan must consider a
broad scope of requirements to achieve a seamless, robust, and integrated system.
Notwithstanding, in making an integrated model work, commitment and involvement of the senior staff
is required.
Figure 1 provides an example context statement of how an integrated risk management model can be
communicated in the SRMP’s strategic planning phase.

3.3 Risk Assessment

Risk assessment is a critical element of a risk management system. It aids decision makers to identify
and evaluate potential risks so that controls can be designed and implemented to prevent or mitigate
the effects of the risks. Risk assessment is a qualitative and/or quantitative determination of the
likelihood of an adverse risk event occurring and the impact or severity of its consequences.
The suggested methodology for undertaking a risk assessment process is defined in ISO 31000 and
Handbook 167 – Security Risk Management. A methodical process of applying ISO 31000 to a security
risk assessment is illustrated in Figure 2. An example security risk management framework for
conducting a security risk assessment, known as RAILRISK, is documented in Security Handbook Vol 2.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 10

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

The ABC Railway Company, through its Safety, Security and Emergency
Management Systems, will continually plan to reduce or eliminate safety and
Intention
security risks. This will lead to the creation and maintenance of a safer
Statement environment by identifying, analysing, assessing risks and recommending
treatment options.

This process will be guided by the application of integrated safety, security and
emergency risk management strategies –
• Prevention (Safety and Security Incident Mitigation);
Reference • Preparedness (Plans, Policies, Procedures & System Review);
Response (Emergency Planning) and Recovery (Welfare and Continuity of
Operations.)

The ABC Railway Company use a consultative and multi- disciplinary approach to
most efficiently utilise the skills, expertise and local know ledge of all
participants involved.
Specialists may be co-opted by management if their knowledge, experience and
skills are required at any stage. Communication with all stakeholders will be
Process enhanced through regular meetings, the distribution of minutes and information
and awareness forums.
The process will employ Handbooks described in ISO 31000 – Risk Management
and any other legislated requirements, Codes of Practice and company
directives.

The ABC Railway Company s Safety & Security Coordinator recognises that this
process may lead to suggested risk treatments that may affect or be affected by
Impact social, political, economic and/or the environment aspects of the rail
transportation system. All risk treatment options will be considered irrespective
of the perceived constraints.

The ABC Railway Company s TOR are:

• Develop an effective and efficient integrated safety, security and emergency
risk management structure.
Terms of
• Identify credible safety hazards and security threats that could impact the
Reference company and the rail transportation system that it operates within, and
ensure adequate prevention, preparedness, response and recovery
procedures are implemented.

The integrated safety, security and emergency risk management plans and their
Revision
accompanying procedures will be continually monitored and reviewed. Results
Statement will be recorded, and actions implemented as necessary.

Figure 1 – Example context statement (Integrated safety, security & emergency risk management plan)

Security planning used to identify and manage risks and assist decision making by:

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 11

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(a) applying appropriate controls effectively and consistently as part of the entity’s existing risk
management arrangements;
(b) adapting to change while safeguarding the delivery of business and services;
(c) improving resilience to threats, vulnerabilities, and challenges;
(d) driving protective security performance improvements.
Requirements:
(a) Security goals and strategic objectives of the entity, including how security risk
management intersects with and supports broader business objectives and priorities.
(b) Threats, risks, and vulnerabilities that impact the protection of an entity’s people,
information, and assets.
(c) Organisation’s tolerance to security risks.
(d) Maturity of the entity’s capability to manage security risks.
(e) Organisation’s strategies to implement risk management, maintain a positive risk and
safety culture.

Figure 2 – Extract from HB167 – Security risk management

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 12

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

When considering risk management, RTOs should ensure that they are working towards the
demonstration of managing risk so far as is reasonably practicable.
Notwithstanding the ISO 31000 model, the assessment process in simple terms seeks to determine the
following five elements:

3.3.1 What Needs to be Protected?

It is recommended that all RTOs actively manage their security related risks. The first stage in the risk
management process as defined in the International Standard for Risk Management (ISO 31000) is to
establish the contexts within which risks will be identified, assessed, and treated.
RTOs must take account of the current terrorism threat context and the risk posed to crowded places.
Future security planning should seek to protect, and mitigate security risks, in the public facing areas of
an RTO's business. The context is more than asset protection. Where possible/ appropriate, RTO's
should seek to align security planning with the Australian Strategy for the Protection of Crowded Places
from Terrorism.
Strategic context.
The Australian Government has identified our nations rail transport systems as critical infrastructure.
This means that if the system were destroyed, degraded or rendered unavailable for an extended
period, the consequence of this loss would significantly impact on the social or economic well-being of
the nation, or affect Australia’s ability to conduct national defence and ensure national security.
Accordingly, RTOs should consider this important issue in the conduct of their security risk assessments.
Organisational context.
From an organisational perspective, each RTO should conduct an asset criticality assessment. A
criticality assessment evaluates and prioritises assets and functions in terms of specific criteria, such as
their importance to public safety and the economy, as a basis for identifying which structures or
processes are relatively more important to protect from a threat source (e.g. terrorist attack). For
example, a rail operator that transports high consequence dangerous goods (HCDG) should consider the
minimum requirements for the security of these products in their operational context. RTO’s should also
include the vulnerability of crowded places when considering context, as appropriate.
Risk management context:
(a) Criticality:
i. Step 1. Develop a worksheet of candidate critical assets (i.e. infrastructure, facilities,
equipment, information, services, personnel) that enable the RTO to achieve its
mission.
ii. Step 2. Establish critical asset factors – factors that describe the characteristics of
assets that would result in significant negative impact to the operator given their loss
following an adverse risk event (i.e. economic impact, symbolic importance,
functional importance). The assets in a rail transportation system work in a variety of
settings and are diverse in types. The protection of public facing assets may be best
viewed separately - There are different dynamics in play and there is the promotion
of partnerships to provide optimum security mitigation.
iii. Step 3. Assign quantitative values (i.e. categories) to each factor to the overall
mission of the RTO.
iv. Step 4. Apply the factors to the list of candidate assets to develop a criticality score.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 13

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

v. Step 5. Prioritise assets based upon their criticality scores. RTO executive/officials
review rankings to determine their reasonableness and to establish a threshold for
the assets considered most critical.
(b) Minimum standards. Establish if there are any minimum standards of protection detailed in
Legislation, Australian Standards, Codes of Practice, etc and use these requirements in your
context for assessment. Other resources are listed at the rear of this Handbook.
(c) Other resources. RTOs should monitor and maintain an understanding of the full range of
contexts within which security related risks need to be managed within their operations. It
should be noted that while there will be some overlaps there will most likely be contextual
variations between the various aspects of RO operations, even for a small operator.

3.3.2 Who or What Threat Sources Do I Need to Protect the Critical Assets
From?
This is where we identify the potential risks from sources of threat and hazards.
(a) Step 1. Develop a list of threats and hazards (i.e. bomb threat, explosion, arson, fire, theft
of information, sabotage, CBR incident, etc) that might be used by a threat source (e.g.,
terrorist, criminal, disgruntle employee).
(b) Step 2. Evaluate the potential that a particular threat or hazard would be used against the
RO assets (against the National Terrorism Threat System (NTTS):

Figure 4 National Terrorism Threat System Levels

(c) Step 3. Evaluate the attractiveness of asset targets based on the potential for casualties,
potential for economic disruption, or symbolic importance.
(d) Step 4. Define risk event scenarios (based on target asset, type of threat or hazard, and
mode of delivery); the information will be used in subsequent assessment components.

3.3.3 What Makes It Likely that a Threat Source or Hazard May Succeed in
Causing Harm?
This is where we determine the RTOs vulnerabilities (that is those factors that exist that a threat source
could exploit to cause harm, e.g., asset exposure, ineffective countermeasures, etc).
(a) Step 1. Develop a six-point rating scale to determine the probability of a successful attack
(refer Security Handbook Volume 2). Using the rating scale to provide an evaluation score
against the following three elements:
i. Pre-impact planning.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 14

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

ii. Staff and public awareness.

iii. Security controls. Evaluate your controls by determining if the protective measures
incorporate a layered approach using the following strategies, including methods
such as the security principles described in Section 4.
(b) Step 2. Using the calculated element ratings, develop an overall threat vulnerability rating
that represents the relative opportunity of an attack being attempted and successfully
carried out. RTOs should consider staff training and awareness when considering these
strategies.

3.3.4 What Will Be the Impact to the Assets if the Threat Source Is
Successful with An Attack?
This is where we determine the consequences.
(a) Step 1. Use the critical asset factors identified earlier to rate the effect of the threat (risk
event) on each assets mission.
(b) Step 2. Once each asset has been rated, calculate a total overall impact level – how each
asset’s mission is affected based upon the extent to which it would be destroyed, damaged,
or rendered unavailable. Consider the impact on people, property, information, operations,
reputation, environment and litigation, and the criticality of these. This could also include
industrial relations or other employee relations issues.

3.3.5 What Can Be Done to Minimise Asset Exposure to Harm?

This is where we determine appropriate and cost-effective risk mitigation treatments (controls).
(a) Step 1. Using the risk context information, determine where the current plans do not
comply with any minimum standards of protection detailed in legislation, Australian
Standards, Code of Practice or company policies.
(b) Step 2. In order of priority, determine those assets most critical to the mission, and select
various treatment options. RTOs should assign priorities in consultation with all relevant
stakeholders.
(c) Step 3. Determine the most appropriate and cost-effective treatment options and prepare
a treatment plan. RTOs may also want to consider partnership arrangements, such as
those described in the crowded places strategy.

Enabling better Implementing

Building stronger information effective Increasing
partnerships sharing and protective resilience
guidance security

Figure 5 – Extract from the Crowded Places Strategy

i. Notwithstanding regulatory obligations, RTOs should consider ISO 31000 and HB167
when considering selecting the most appropriate option [to treat risks] involves
balancing the costs of implementing each option against the benefits derived from it.
In general, the cost of managing risks needs to be commensurate with the benefits
obtained. When making such cost versus benefit judgements the context should be

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 15

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

taken into account. It is important to consider all direct and indirect costs and
benefits whether tangible or intangible, are measured in financial or other terms.
ii. In determining the most appropriate treatments, RTOs should have regard to the
layered Security-in-Depth principle, ensuring that protection of any potential target
is not reliant on only one security strategy. Rail transportation security can best be
achieved through coherent security systems that are well integrated with rail system
operations and are deliberately designed to deter a threat source even as they
selectively guard against and prepare for an attack on the system. Layered security
systems in particular, characterised by an interleaved and concentric set of security
features, have the greatest potential to deter and protect. Layered systems cannot
be breached by the defeat of a single security feature – such as a gate or guard; as
each layer provides backup for others, so that impermeability of individual layers is
not required. Moreover, the interleaved layers can confound the would-be attacker.
Calculating the odds of breaching a multi-tiered system of defence is far more
difficult than calculating the odds of defeating a single, perimeter protection. Figure
6 illustrates an example of featured layered security systems in a passenger rail
environment.
iii. Security threat alert system. RTOs should principally implement security controls that
are commensurate with the level of threat. Therefore, RTOs should establish a
“security alert system” that employs “incremental levels” of security controls, which
allow the escalation or de-escalation of the level of security in response to changes in
the level of threat. The decision to change to a higher or lower security alert level
should have regard to the National Counter-Terrorism Alert Levels, as well as
industry and locally applicable threat assessments. hyper provides an example of a
security alert level system, with suggested actions against each designated level.
(d) Step 4. Obtain authority and funding for the treatment plan, and then implement the plan.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 16

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Figure 6 - Example layered security system in a passenger rail environment

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 17

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

4 Rail Transport Security Risk Management Strategies

4.1 Rail Transport System Characteristics
Several common characteristics of rail transportation systems make it likely that certain kinds of
security risk management strategies will be most suitable. Security risk management strategies should
be suited to the systems to be secured and defended.
RTOs should consider whether the contents of Australia’s Strategy for protecting crowded places when
considering security risk management strategies, are applicable to their operations.
In addition, RTOs should consult with their State/Territory police organisation when considering how to
manage security related threats and risks.
Rail transportation systems are principally designed and organised for the efficient, convenient, and
expeditious movement of large volumes of people and/or freight, and therefore, should have a high
degree of user access; hence, railway stations are public places, open by necessity.
A range of factors can shape how targets are selected. In most cases, the location itself is not the
target—it is the high volume and concentration of people that makes a crowded place attractive to
attack. While some crowded places have other attractive features, any location that concentrates large
crowds could be an attractive target1.
Sound security risk management strategies can deter an attack, increase the likelihood of an attacker
being detected and intercepted, keep casualties and disruptions to a minimum, and reduce panic and
reassure passengers in a crisis.
What the characteristics of the rail transportation system suggest is the need for a coherent and
systematic approach to security. In particular, such an approach should be shaped by:
(a) well-designed, layered security systems;
(b) an emphasis on adaptability, multi-use (i.e. shared with safety, emergency management
and other operational systems), and exploitation of existing capabilities;
(c) broad-based and innovative thinking on security threats and responses.

4.2 Security Principles

Rail transport security can best be achieved through well-designed security systems that are integrated
with transport operations. The concept of a layered system, in which multiple security features are
connected and provide backup for one another, offers a particular advantage. Perfect execution by each
element in the system is not crucial, as other elements can compensate for human, technological, or
other shortcomings. Likewise, enhancements to one element can boost performance of the system as a
whole. Such systems cannot be breached by defeating a single layer, and because an attacker will find it
difficult in defeating multiple layers, such a system can deter as well as impede potential attacks.
D3R is employed to identify and manage security risks, by providing treatment measures to assist and
deter the security risk from occurring, detecting the incident as quickly and as early as possible, and
then to delay the incident for as long as possible. This will also allow sufficient time for resources to
arrive and manage the incident. See Figure 7.

1
Australia’s Strategy for Protecting Crowded Places

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 18

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Figure 7 - D3R Principle

The principle is applied as follows:

(a) DETER - Measures implemented that adversaries perceive as too difficult or needing special
tools and training to defeat, via, for example, barriers and access control, guards, public
visibility.
(b) DETECT – Measures implemented to determine if an unauthorised action is occurring or
has occurred, via, for example, security guards, CCTV alarms public visibility. The ability to
expose or reveal an attack before it takes place through the use of guards, staff, CCTV or
alarm systems for conducting surveillance. Establish forced entry delay at key points and
make best use of natural surveillance. Include current and historic risk ratings, as well as
intelligence.
(c) DELAY – Measures implemented to impede an adversary or slow the progress of a
detrimental event to allow a response before agency information or assets are
compromised, via, for example, barrier and access controls and swipe cards.
(d) RESPOND – Measures taken once an agency is aware of an attack or event, to prevent,
resist or mitigate the attack or event, via, for example, enacting local procedures, alerting
authorities and law enforcement as required.
(e) RECOVER - Measures taken to restore operations to normal following an incident, via, for
example, enactment of business continuity and/or recovery plans.
Defence in Depth is the term used to describe effective physical security of an asset by multi-layering
the different protection measures. The loss of any one layer of the multiple layers will not significantly
reduce the security of the asset.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 19

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Figure 8 - Example of a layered Security-In-Depth Principle

Figure 8 illustrates the concept of a layered security-in-depth principle. The principle of ‘Defence in
Depth’ is fundamental to facilities. The concept places the most critical asset(s) in the centre of
concentric levels of increasingly stringent security measures. For example, a rail transport facility’s
operations control room should not be placed next to the building’s reception area. Instead, where
feasible, it should be located deeper within the building so that to reach the control room, an intruder
would have to penetrate numerous rings of protection, such as a fence at the property line, a locked
interior door, an alert receptionist, an elevator with a control key floor button, and a locked door to the
control room itself.
Each ‘ring’ represents a change in one or more of the security controls outlined with the Security
Philosophy, such as a security management process (e.g. visitor access), a physical barrier (e.g. door,
wall) or a technical solution (e.g. access control, CCTV through which an intruder must pass prior to
achieving their goal).
This can also be known as the ‘onion’ skin principle in which multiple layers of security must be peeled
back in order to breach the security of the protected asset. Each layer provides a further protective
barrier or delay, adding to the overall protection afforded to the asset contained within the centre. Each
layer performs a function in supporting the overall protective security strategy and are therefore
dependent on one another.
Figure 8 illustrates an alternate security-in-depth approach that also encompasses a layered approach
to not only the prevention and preparedness elements, but to the response and recovery elements also.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 20

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Core Assets

Intrusion detection systems, Electrical/ Mechanical door locks, CCTV, Biometric

Restricted access control systems, Smart cards

Alert, Well trained employees, Pre and post trip vehicle inspection procedures,
Interior Locks/ sensors for carriages, Emergency Communication (Help point, Radio),
GPS, Onboard CCTV, Incident response procedures.

Lighting, Visibility, Employee identification checks, Visual screening of

Exterior passengers, Carry-on baggage for anomalies.

Lighting, Fences, Bollards, Walls, Intrusion detection sensors, Mixed-use space to

Perimeter promote pedestrian traffic, Local law enforcement, Security Guard patrols.

Figure 9 - Example of an alternate Security-In-Depth Layered Principle

RTOs should ensure that a layered approach is adopted when implementing protective security
measures of their assets.

4.3 Personal Security

4.3.1 Personnel Security and Pre-employment Screening
Since it is possible for threats to come from within an organisation (such as disgruntled employees) as
well as from outside, RTOs should adopt hiring and employment termination practices that contribute
to the security of their organisation and associated operations.
Notwithstanding industrial and related issues, RTOs should develop and implement a policy and
associated procedures to ensure that appropriate pre-employment screening and periodic ongoing
employee screening occurs, in particular, for employees and contractors that occupy positions of trust
(POT).
It is recommended that Pre-employment background screening be performed as a means of verifying
applicant data prior to hiring. This may be included as part of an identification credential program
initiated by the RTOs administration.
Suggested security measures Include:
(a) mandatory and recommended pre-employment checks applied to provide a level of
assurance about the individual's suitability to access Australian government resources;
(b) entity-specific checks to mitigate security threats applicable to the entity that are not
addressed by minimum pre-employment screening:

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 21

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

i. Pre-employment screening is to apply to all designated POT (e.g., front-line

operations, control centres, maintenance, and security) as a minimum. Non-
designated positions should be included where the RTO consider necessary.
ii. Establishing a waiver policy to handle hiring prior to completion of background
screening for non-designated POT. No exemptions to pre-employment background
checks involving designated POT should be permitted.
iii. Developing criteria for evaluating background reports of employees. Policies should
be in place to determine whether the RTO will employ someone with a less than
perfect background. Acceptable past event (e.g. youthful offences, non-violent
crimes, arrests without prosecutions) should be defined.
iv. Developing appropriate security practices for voluntary and involuntary termination
of employees. Issues include how the employee’s company identification is
recovered, how the security staff are notified, and how credentials are revoked.
v. Any decision on employment or on discipline or termination of a current employee,
as a result of information generated by the background checks should be reviewed
for consistency and endorsed by recruiting and employment, security and
labour/employment agreements.
vi. Background reports by their nature are sensitive and confidential, and under Privacy
law must be restricted to those individuals who are directly involved in the hiring
process.
Levels of screening.
The Attorney-General's Department recommends that entities conduct and finalise pre-employment
and entity-specific screening after the conclusion of the merit selection process but prior to an offer of
employment or contract. Where checks are not completed prior to engagement, it is recommended
that entities make the employment or contract conditional on satisfying the required checks within a
reasonable timeframe.
Completing screening prior to engagement is particularly important for positions that have been
identified as requiring a security clearance. If an individual is found to be unsuitable as part of the pre-
employment and entity-specific screening, entities must not seek a security clearance for the individual.
Tables 1 and 2 provide details of pre-employment screening as described in the protective security
policy framework (PSPF).
Pre-employment screening can include many layers of investigation and types of screening:
(a) Identification check. Will confirm the identity of the person and typically includes the
employee presenting a 140-point check.
(b) Employment check. Will confirm that the employees CV/resume verifies their previous job
history (has no unexplained gaps), start dates, end dates, salary, responsibilities, reason for
leaving, rehire status, and comments from last and one former employer.
(c) Character checks. At least two professional references and two-character references.
(d) Education check. Will confirm attendance dates, degree/diploma/certificate received, and
area of study.
(e) Criminal history check. Candidates for employment should provide a criminal history
certificate. Application can be made online at any police station and will need to select a
“National Names Index” check, as the required option. As a guide, a person who has been
convicted in the past 10 years OR found guilty (without conviction) in the past 5 years of an

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 22

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

indictable offence, MAY in the opinion of an employer, make the person unsuitable to
occupy a POT. This process can also be carried out through a private provider.
(f) Driver’s licence check. Verification of valid license, class/type, issue/expiration date,
personal identifying information.
(g) Professional accreditation/licence check. Will confirm whether an applicant has the
required credentials or licences, types of licence, whether valid, dates issued, state and
licensing/registration authority, restrictions on the licence, etc.
(h) Medical assessment. Ensures compliance with medical requirements of certain jobs.
(i) Immigration and naturalisation check. Verifies proof or Australian permanent residency.
Candidates will be required to provide:
i. an Australian birth certificate; or
ii. a certificate of Australian citizenship; or
iii. evidence of resident status from Australian Immigration authorities.
iv. if you are from New Zealand (NZ), you are required to supply a copy of your NZ
passport and a copy of the visa page clearly showing the Immigration Australia stamp
with the date of arrival in Australia certified by an acceptable referee.
Authority to work check.
If the candidate for employment is not an Australian citizen or permanent resident, a copy of applicants
current passport, certified by an acceptable referee, can check the applicants migration status, duration
of visa and entitlement to work in Australia with the Department of Home Affairs VIVO Check online.
Credit history check.
Will show the applicant’s ability to manage their finances responsibly.
Each RTO should establish screening policies that specify the level and frequency of screening required
of each position and employment circumstance. Figure 10 illustrates a sample of a screening matrix that
includes types of screening and the positions for which the screening could apply. RTOs should consider
whether the investigations will be done in-house or by a third-party vendor.
In developing the screening policies, RTOs should consider whether it is mandatory to require
contractors and suppliers of temporary staff to certify that their personnel meet defined probity
requirements (e.g. employment of private security).
Criminal history

Drivers License

Credit history
Identification

accreditation
Employment

Immigration
Professional

Authority to
Education
Character

/Licence
Medical

work

New employees X X X X X X X X X
(Non-designated)

New employees X X X X X X X X X
(POT)

Periodic (POT) X X X X X X X X X X
Contractors & X X X X X
vendors
Figure 10 - Example Pre-Employment Background Screening Matrix

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 23

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Table 1 - Mandatory pre-employment screening checks2

Screening check Rationale

Identity check An identity check helps to establish confidence in a person's identity and provides entities
with a level of assurance about the prospective employee.
The Attorney-General's Department recommends that the identity of all new personnel
be verified to at least Level of Assurance 3 of the National Identity Proofing Guidelines.
Level of Assurance 3 checks include:
• the uniqueness of the identity in the intended context
• the claimed identity is legitimate
• the operation of the identity in the community over time
• the linkage between the identity and the person claiming the identity
• the identity is not known to be used fraudulently.
The core PSPF requirement for eligibility and suitability of personnel mandates that
entities verify the person's identification documents with the issuing authority by using
the Document Verification Service for the Australian issued primary identification
documents.
Eligibility to work in This check confirms whether a person is eligible to work in Australia. This requires
Australia confirming that a person holds Australian citizenship, or if the person is not an Australian
citizen, confirming that they have a valid work visa. For information see the Migration
Act 1958.
Further eligibility conditions, including requirements relating to Australian citizenship, are
covered in the Public Service Act 1999 and in the enabling legislation of many entities.

Table 2 - Recommended pre-employment screening checks

Screening check Rationale

Integrity & reliability checks
Employment history check An employment history check identifies whether there are unexplained gaps or
anomalies in employment. A person might not disclose periods of employment if they
have had their employment terminated or anticipate an adverse referee report. A
history of short periods of employment may indicate poor reliability.
Employment history information may be available from human resources areas of large
employers. Alternatively, reference checks or other previous employers may provide
corroborating evidence.
The Attorney-General's Department recommends checking the employment history of
all new personnel for a period of at least 5 years, where applicable.

Residential history check A residential history check helps to substantiate the person's identity in the community.
All personnel need to provide supporting evidence of their current permanent
residential address.
The Attorney-General's Department recommends checking residential history for all
new personnel for a period of at least 5 years. It is recommended that entities make an
assessment of whether the person's explanation about periods of residency for which
they cannot provide supporting documents is reasonable.

Referee checks A referee check helps entities engage people of the appropriate quality, suitability, and
integrity.
The Attorney-General's Department recommends conducting professional referee
checks covering a period of at least the last 3 months.
A referee check may address:

2
Protective Security Policy Framework - Personnel (Table 2)

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 24

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Screening check Rationale

any substantiated complaints about the person's behaviour
information about any action, investigation or inquiry concerning the person's
character, competence or conduct any security related factors that might reflect on the
person's integrity and reliability.

National police check A national police check, commonly referred to as a criminal history or police records
check, involves processing an individual's biographic details (such as name and date of
birth) to determine if the name of that individual matches any others who may have
previous criminal convictions. It is important that entities conducting a national police
check are clear about what convictions would preclude a person from employment.
The Spent Convictions Scheme outlined in Part VIIC of the Crimes Act 1914,requires that
entities request a 'no exclusion' national police check, unless the entity is covered by an
exclusion under the Act.
A Commonwealth 'no exclusion' national police check provides a record of
Commonwealth convictions for the preceding 10 years, or until there is a gap of 10
years between convictions, whichever is the longer. However, convictions reported by
each state or territory will depend on their relevant spent convictions schemes.
For information, see the Australian Federal Police (AFP) website National Police Checks
and the Office of the Australian Information Commissioner Spent Conviction Scheme
Fact Sheet.

Credit history check A credit history check establishes whether the person has a history of financial defaults,
is in a difficult financial situation, or if there are concerns about the person's finances.
The Attorney-General's Department recommends checking a person's credit history. A
credit history check may be requested from an accredited financial credit check
organisation. A number of private organizations can provide credit history checks on a
fee-for-service basis.

Qualification check A qualification check verifies a person's qualifications with the issuing authority.
The Attorney-General's Department recommends verifying declared academic
qualifications with the issuing authorities, including universities, technical colleges or
schools, as well as any professional associations or memberships that are required.

Conflict-of-interest check A conflict-of-interest declaration identifies conflicts, real or perceived, between a

person's employment and their private, professional, or business interests that could
improperly influence the performance of their official duties and thus their ability to
safeguard Australian Government resources. A conflict can be brought by (and not
limited to) financial particulars, secondary employment, and associations.
The Attorney-General's Department recommends that entities have a conflict-of-
interest policy, that guides staff on what could be perceived as a conflict of interest and
when and how to report a conflict. Based on their risk assessment, entities are
encouraged to consider whether all personnel, not just contractors, complete a conflict-
of-interest declaration. For advice, see the APSC publication Conflicts of interest.
Entity specific checks The Attorney-General's Department recommends entities identify checks needed to
mitigate additional entity personnel security risks where not addressed by the
recommended minimum pre-employment screening checks. Additional screening
checks are entity specific and are separate from the security clearance process.
The Attorney-General's Department recommends entities seek separate advice from
the Australian Public Service Commission, the Australian Human Rights Commission or
independent legal advice about the suitability and use of any proposed entity specific
checks. Some examples of entity specific checks include drug and alcohol testing,
detailed financial probity checks and psychological assessments. For advice, see the
APSC publication Conditions of engagement.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 25

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

4.3.2 Security Awareness and Training

Staff awareness.
By necessity, rail transportation systems have a high degree of user access. Hence, arguably, the most
important security risk management strategy is vigilance on the part of the RO’s staff. Frontline RO
employees are the eyes and ears of every rail transportation system.
RTOs and their maintenance and service delivery employees and contractors, with the appropriate
training, can be crucial in deterring, diffusing and responding to serious security incidents occurring on-
board trains and within stations and facilities.
To this end, RTOs should promote awareness and encourage familiarity with the spectrum of threats.
Procedures, training and reinforcement is to be provided to all employees to make sure that they
understand what constitutes an unusual event and what they should do upon observing one. RTOs
should develop internal procedures for handling reports of unusual activity or objects and should
encourage their enforcement.
These procedures, when integrated into day-to-day operations, may have other benefits as well.
Improved internal coordination and reports from the field may encourage better system housekeeping
and more responsive maintenance practices for quality of life issues, such as burned-out or broken light
bulbs and overgrown shrubbery.
To receive maximum benefit, consistency in the SRMP’s approach to security and awareness is critical. It
hurts the program when managers speak passionately about the importance of security and then fail to
deliver support and encouragement to employees who report incidents meeting the SRMP’s criteria
that are later revealed to be of little or no consequence.
Security awareness programs may vary from basic reinforcement of policy and procedure through to
one-to-one communication, to more complex strategies involving the ways to identify suspicious items
and persons, and how to respond to events once they occur. For example, a simple staff training
strategy for assessing unattended items is known as the HOT or NOT technique. Figure 11 depicts a
wallet size card that could be distributed to RO employees, that explains the HOT or NOT technique.

HOT or NOT technique

Applying the HOT or NOT test is a simple way of the After you’ve asked yourself the HOT or NOT questions and
possible danger from an unattended item. All property you believe that the package is suspicious (HOT):
found should be treated as an ‘’unattended item” - and • Notify management.
therefore possible suspicious – until the HOT or NOT
• Call 000 and ask for the police.
principle is applied.
• Do not touch or remove the item.
If you are concerned about a package or substance you
• Clear the vicinity.
should ask yourself the following simple questions prior to
making a decision about an item. • Secure the area.

H – is the item hidden?

O – is the item obviously suspicious?
T – is the item typical of items usually found in that area?
YES + YES + NO = HOT
Figure 11 - Hot or Not Technique

Additional tools available include the 4C’s – Confirm, Clear, Cordon and Control. Figure 12 shows the
approach to be taken.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 26

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Figure 12 - The 4 C’s

In planning security awareness and training, RTOs should consider the need for programs to be run for
staff at the following times:
(a) Pre-employment.
(b) Induction.
(c) Arrival in a new work area.
(d) Routinely at appropriate intervals.
(e) Policy / procedure changes.
(f) Changes to risk profile.
(g) Post-incident.
(h) Exit interview (e.g. Reinforcing confidentiality that extends post-termination).
Public awareness. RTOs operating in the mass transit environment should also initiate public awareness
programs through the use of signage and announcements to encourage users of the rail transportation
system to alert rail transport staff or police, if they observe suspicious packages, persons, or behaviour.
As at 20 current threat priorities have been identified as:
(a) IED, (including placed IED;
(b) PBIED and VBIED;
(c) active armed offender;
(d) hostile vehicle;
(e) hostile reconnaissance;
(f) sabotage;
(g) bomb threat;
(h) chemical, biological, or radiological (CBR).

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 27

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Safety culture. It is important that RTOs develop a positive safety culture across all aspects of the
business with demonstration of a set of security values, shared by everyone in an organisation, that
determine how people are expected to think about and approach security. Getting security culture right
will help develop a “security” conscious workforce and promote the desired security behaviours you
want from staff.

4.3.3 Credentials and Credentialising Identification Cards

An identity card system can cover physical and logical identification and authorised access for
individuals. Use of an identity card system includes establishing a secure ID, background checks and
credentialing, enrolment, data management and procedures.
Credentials are physical objects used to gain admission at entrances or other access points, such as
identification cards, badges and card keys, etc. In consultation with stakeholders, RTOs should develop
and implement a policy and related procedures applicable to the production and issue of a photo
credential identity card.
The credential will signify that an individual’s qualifications have been assessed and validated, and that
applicable pre-employment screening checks have been deemed suitable for the occupants designated
position.
Whether the credential is a simple card or badge with a photo presented for sight identification or
offers other technology, such as “smart card” that can be used to gain physical entry to secure areas or
to gain virtual access to computer networks, is another consideration for each RTO.
RTOs should ensure that all personnel nominated in their identity card policy, are issued with an
appropriate credential photo identification card.
The credential can work on several levels. Security workers may visually inspect credentials using
graphic, colours, photos, and text to help identify personnel and their access to restricted or secure
areas. The credential may electronically identify the holder to the security system, which checks a
database to ensure the credential holder has the required clearance. There may also be additional
personal information about the cardholder on the credential or in a central database, including
biometric data or a personal identification number (PIN) that must be entered at a reader.
The credential can also identify the issue and management of rail workers qualification credentials that
may also determine whether the holder should be granted access to buildings, facilities, secured areas,
or computer networks.
Prior to issuing an identification card/credential, the RTO should verify:
(a) that the intended recipient is an employee, or other duly authorised person;
(b) is the person named on the card;
(c) has been subject to the applicable level of pre-employment screening for the
occupant’s position; and
(d) that all details are correct.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 28

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

4.4 Physical Security

4.4.1 Locking and Key Control
General outline
An effective lock and key issuance and control system is essential to the safeguarding of property and
controlling access. In consultation with stakeholders, RTOs should follow these Handbooks relating to
control of locks and keys, key control officer’s responsibilities, records requirements, issue and control
procedures, and lost keys.
The determination of locking and keying systems may require specialist advice, and should always
include consideration of the entire environment within which the lock is to be used (e.g. structural
integrity of the wall, frame, and door / gate; alternate access points such as via the ceiling; interface to
electronic access control; and weather / environmental conditions).
It should be noted that a variety of keying systems of differing levels of security will most likely be
appropriate for each RO. For example, it is unlikely to be necessary to utilise a comparatively expensive
restricted key profile on staff lockers, whereas a key cabinet holding a range of keys to sensitive areas
would best be protected by a key that is not readily duplicated without the relevant authority.
Key control officer
A key control officer (KCO) is to be appointed in writing for every RO facility having control over its own
locking system. The KCO is to be responsible for the supply of locks and their storage, the handling of
keys, records management, investigation of lost keys, and ensuring receipts are signed for all keys
issued and turned in, and the overall supervision of the RTOs key program at each of its facilities.
Record requirements
The KCO is to maintain a Lock and Key Register that includes the following minimum records:
(a) Locks by number.
(b) The location of each lock.
(c) The combination (if applicable) in a sealed envelope.
(d) Date of last combination change or core change.
(e) Keys by number.
(f) Location of each key (both un-issued keys in storage and issued keys).
(g) Type of key combination of each key.
(h) A record, by name, of people to whom each key was issued.
(i) A record of all keys not accounted for.
(j) List of personnel who can authorise the production of duplicate restricted profile keys.
(k) Details of locksmith who manages any of the facility’s restricted profile key systems.
(l) Records of destruction of keys no longer required.
Issue and control procedures
Keys to sensitive facilities and equipment storage areas should be a Restricted Profile that requires
authority to duplicate. Keys that provide access to less sensitive areas should still be stamped “DO NOT
DUPLICATE”, prior to issue as a control strategy. Issuance of keys and coded cards is to be kept to a

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 29

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

minimum and take place under constant key control supervision by the KCO. The following
requirements should apply:
(a) Keys, coded cards, and mechanical code (combination) locks should only be accessible
to those persons whose official duties require access to them.
(b) Combinations to mechanical code locks should be changed following the discharge,
suspension, or reassignment of any person having knowledge of the combinations or at
least every six months.
(c) Keys that are not issued should be stored in a locked container that has been approved
by the Security Coordinator.
(d) Access lists for persons authorised to draw keys should be maintained in the key
storage container.
(e) Key containers should be checked periodically, and all keys accounted for by
documented bi-annual inventories.
(f) Keys should be retrieved from personnel who are transferred, discharged, suspended,
or retire, and the employees’ security codes should be immediately removed from
electronic access systems. Depending on the circumstances, it may also be necessary
to consider additional measures, such as changing locks when a disgruntled employee
leaves.
(g) Periodic re-keying of locks to secure areas should be considered to address key
attrition problems.
(h) Key control systems should be inspected regularly, and malfunctioning equipment
repaired or replaced.
At the time of installation of any new locks, or the re-keying of any cylinder, the RTO is to ensure that
any keys delivered at that time correctly operate the relevant locks. The RTO is to also:
(a) verify the number and markings on the keys received match the requirements;
(b) update the key register;
(c) verify that any existing master keys applicable to the locks operate them correctly.
Where the RTO maintains its own key cutting facilities, the RTO is to ensure that all key cutting codes
and blanks are stored in a suitable secure enclosure (e.g. safe). Special consideration should be given to
the protective security requirements on the room housing the key cutting equipment.
Lost and unaccounted-for keys and electronic access cards
When the results of the key inventories and inspections reveal that there are lost keys or access cards,
the KCO will:
(a) report the loss of unaccounted-for keys/access cards to the security coordinator,
together with a list of the areas to which the keys provide access. Codes for lost access
cards will be removed from the facility’s access control system;
(b) in coordination with the security coordinator and the facility’s manager, determine the
extent to which locks should be recoded, changed, or otherwise modified to prevent
compromise of existing safeguards.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 30

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

4.4.2 Access Management

Access management comprises of policies, procedures, personnel, and physical components that
provide control and awareness of assets and activities in and around facilities and restricted areas.
Access management controls WHO should be permitted access to facilities and restricted areas; WHERE
they can access (e.g., rail yard facilities, control rooms, utility areas within stations and terminals); and
when they can access these areas (e.g. certain days of the week or shifts). In addition to controlling
passage in and out of facilities or areas, determining who belongs and who does not, access
management includes the ability to observe and track movement in and out of controlled areas.
Access for various combinations of persons and assets, is dependent on the needs and restrictions
established by each RO including sign on and off procedures for contractors and suppliers;
Basic principles of access management include:
(a) limiting the number of access points;
(b) identifying and dedicating secure areas;
(c) providing transition areas between secure and non-secure areas;
(d) minimising interference with the movement of passengers and system operations;
(e) not interfering with fire protection and life safety systems;
(f) incorporating design considerations for persons with disabilities;
(g) layering of security systems;
(h) using protective measures addressing all risk management phases – prevention
(mitigation), preparedness, response, and recovery; and
(i) providing an audit trail and/or transaction reporting capability where required.
In developing risk treatments, RTOs should identify their assets and areas of their property/facilities
that must be controlled. They can then make decisions about who will be given access to those assets
and areas. From there they can decide how different access management tools – such as intrusion
detection and surveillance – can work together as a part of an integrated protective security system.
Access control. Access control is the ability to determine who can or cannot enter specific fields, areas
or access particular assets or information. It is the fundamental principle of access management, and an
important aspect of an effective SRMP. Access control relies on a combination of physical elements
(barriers, portals, credentials) and policies (asset classification, credentialing) to operate properly.
Access prohibition. It is important to draw the distinction between access control and access
prohibition. In access prohibition, the focus is on excluding unauthorised persons, whereas with access
control, the degree of resistance to unauthorised entry is lower. For example, a mechanical lockset with
its associated key provides a degree of access control, whereas a single person turnstile fitted with a
biometric reader may provide effective access prohibition.
In consultation with stakeholders, the RTO is to develop and implement a policy and related procedures
applicable to access management. The objectives of access management and the RO’s mission are not
always compatible with each other. The purpose of access management is to control and limit access,
while public rail transportation requires unrestricted public access to much of the system. Furthermore,
rail transportation systems serve mobile populations that contain mobile assets that are difficult to
monitor and to secure.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 31

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

It may be appropriate to create a range of areas that reflect the differing requirements applicable to the
RTO. These spaces or areas may be used to define public and private space, i.e. where certain people
may or may not enter. (e.g. Highly restricted area – operational staff only; Restricted area – authorised
staff and escorted visitors; Operational area – staff and authorised visitors; Common area – staff and
visitors; Public area.)
Notwithstanding the range of areas as may be defined in the access management policy and
procedures, RTOs should ensure clearly defined transitions from public to semi-public to private space
by using signage, landscaping or other operationally appropriate border definition strategies, as well as
using appropriate protective security measures to support the requirements. Where appropriate,
signage should be used to reinforce the areas, and transition points between the areas.

4.4.3 Fencing and Gates

Fencing
In considering security risk management strategies, fencing may be an appropriate element in
establishing a Security-in-Depth strategy for some assets. Perimeter fences define the physical limits of
a facility or controlled area; provide a physical and psychological deterrent to unauthorised entry;
channel and control the flow of personnel and vehicles through designated portals; facilitate effective
utilisation of the security force; provide control capability for persons and vehicles through designated
entrances; and enhance detection and apprehension of intruders.
Fencing can range from high-security grill type fencing to cost-effective chain-link fencing. If the security
threat is lower or if aesthetics are a high priority, ornamental fencing can also be used if it is properly
designed to prevent scaling. In determining the application of fencing, the security coordinator is to
identify the objectives in using this strategy, so that a clearly defined set of requirements for the fence
can be prepared. For example, the requirements for fencing will be different for fencing intended to
“minimise casual access”, as opposed to “prohibit access without use of substantial force”.
Although low-level risks may be controlled with a perimeter fence, fences alone will not stop a
determined intruder or a moving vehicle attack and will resist impact only if reinforcements are added.
To control identified risks, RTOs should enhance the effectiveness of fencing with lighting, CCTV, fence
sensors to detect climbers or cutting actions, and/or augmented by security force personnel. A fence
that is not protected with intrusion-detection equipment may be vulnerable to attack and unauthorised
access if it is not under constant surveillance by security personnel.
Gates
The number of perimeter gates designated for active use is to be kept to the absolute minimum
required for operations. RTOs should take into account sufficient entrances to accommodate peak flow
of both pedestrian and vehicular traffic, emergency vehicle access, maintenance, and operational
factors in making decisions relating to fencing, as well as adequate lighting at egress and ingress points.
Unattended and inactive gates should be securely locked at all times and have adequate lighting &
surveillance coverage to deter attempts at tampering during night hours.
In preparing specifications or instructions for fencing and gates, the RO is to have regard to the relevant
standards.
Intruder detection and alarm systems
There are a range of alarm systems that may be appropriate for consideration in managing security
related risks. The critical consideration in deploying any alarm system is the nature and timeliness of
the response that will follow the activation of the alarm.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 32

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

An intruder detection and alarm system (IDAS) is a combination of integrated electronic components,
including sensors, control units, transmission lines, and monitoring units, that detect one or more types
of intrusion into an area protected by the IDAS.
IDASs can be useful throughout rail transportation system operations, allowing security personnel to
monitor the movements of authorised people in restricted-access areas and to alert security personnel
of potential breaches by unauthorised persons. Pairing IDAS with remote surveillance technology
enables event-triggered surveillance.
The determination of IDAS requirements may require specialist advice, and must always include
consideration of:
(a) the objectives for the IDAS (e.g. detect attempted intrusion; detect changes at a given
point; detect changes near a given point; detect movement within a given space;
confirm movement within a given space; warn intruder; repel intruder; annunciate
remotely);
(b) remoteness of the location;
(c) interface requirements (e.g. electronic access control);
(d) weather and environmental conditions (e.g. Electromagnetic or radio frequency
interference);
(e) communication options (e.g. PSTN telephone line, network, radio, mobile telephone
network);
(f) the nature of the likely threat source (e.g. sophistication, resources, knowledge).
Where the IDAS is to be deployed in a critical or sensitive area, consideration should be given to using
parallel or redundant communications paths for the alarm signal, e.g. PSTN telephone line and cellular
telephone network).
Duress and assistance call alarms should be installed in a manner that makes them easy to activate, but
immune from accidental activation.
All staff and contractors that may be required to operate alarms should receive appropriate training and
should be encouraged to participate in regular testing of the alarm.
All staff and contractors that may be required to respond to alarms should receive specialist training in
relation to performing alarm response duties.
Where the RTO contracts off-site monitoring and alarm response, the Security Coordinator is to ensure
that clearly defined contracts for the relevant services are in place and reviewed annually.

4.4.4 Lighting
Lighting increases visibility in and around rail transportation systems, facilities, installations, and makes
it more difficult for intruders to enter a facility undetected. It is beneficial in almost all environments,
especially those that receive little natural light or are used at night.
RTOs should consider lighting requirements when installing and updating other security risk
management sub- systems, particularly those that utilise surveillance and intrusion detection. In
accordance with crime prevention through environmental design (CPTED) principles, lighting can also be
used to create greater levels of comfort for customers and staff present in rail transportation facilities.
Types of lighting should also be considered – fluorescent, LED, or sodium, taking into account the
desired outcome for each environment.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 33

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

4.5 Operational Security

4.5.1 Closed Circuit TV (CCTV)
The deployment of remote CCTV surveillance systems can expand the areas in and around a rail
transportation system’s facilities monitored by security personnel. CCTV surveillance systems may
include fixed cameras and pan/ tilt/zoom cameras that security personnel can remotely control, and
often include video/digital recording systems. In addition, the visible presence of surveillance in an area
can serve as a deterrent to potential intruders who believe they are being observed.
RTOs may wish to consider the use of body worn cameras for staff whose roles include in-field security.
Where an RTO deploys CCTV as a risk treatment option, the security coordinator is to develop and
implement a policy and associated procedures to support the operation of the systems.
In deploying and operating the CCTV system, the RTO is to do so in accordance with company policy,
and other standards and regulations as applicable.

4.5.2 Security Officers, Patrols, Alarm Response

RTOs should determine any requirements for in-house and/or contracted security personnel on the
basis of the likely contribution to risk mitigation, staff, and public expectations, the RO’s own
contractual obligations, and other requirements.
Any use of contract or in-house security personnel is to be supported by clearly defined policies,
procedures, and assignment instructions (refer AS 4421).
The duties to be performed by security personnel will vary significantly. In general, security personnel
are responsible for carrying out access management policies and procedures, and for overseeing and
operating the access control systems used. Functions performed by security personnel can include:
(a) identification checks - visually inspecting badges, credentials, or other forms of
identification;
(b) entry-point screening – visually inspecting bags and parcels, vehicles, operating metal
detectors and x-ray machines, etc;
(c) monitoring security systems – monitoring surveillance cameras, digital video, intrusion
detection, and other security systems;
(d) patrols – patrols can be conducted on foot or in a vehicle. As a minimum, security
patrols should cover the following areas:
i. Restricted areas.
ii. Vehicle parking areas.
iii. Communications areas.
iv. Rail yards.
v. Stations and terminals.
vi. Main power supply.
vii. Lighting controls.
viii. Perimeter access points.
ix. Operation control rooms and inter-modal access areas.
(e) response – responding to alarms or unauthorised entry;

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 34

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(f) communications – contacting police and emergency response personnel.

RTOs should ensure, that the legal basis for each of the duties to be performed by security personnel,
are clearly defined.
RTOs should also ensure that the RTO satisfies its obligations pursuant to the relevant security industry
legislation applicable in all areas of its operations.
Where the RO considers the use of contract security personnel, the RTO is to ensure that guard
requirements, responsibilities, and qualification criteria are established and considered in the decision
to employ a contract guard force. Clearly defined contracts for the relevant services should be
established and reviewed annually.

4.5.3 Emergency Management

It should be well understood that any protective plan must consider a broad scope of requirements to
achieve a seamless, robust, and integrated risk management system. Accordingly, a RTO’s protective
security and emergency management arrangements should not be prepared in isolation of each other.
Emergencies have the potential to affect everyone at some time. In order for RTOs to meet their moral,
legal and administrative responsibilities, emergency planning should be included to address response
and recovery contingencies in the event of an adverse incident. In meeting this obligation and providing
an appropriate duty- of-care, RTOs should be well prepared to handle most emergencies that may arise.
What is an emergency?
The Emergency Risk Management Handbook defines an emergency as follows - “An event, actual or
imminent, which endangers or threatens to endanger life, property or the environment, and which
requires a significant and coordinated response. In the ERM context for critical infrastructure, it is an
event that extends an organisation beyond routine processes”.
What is emergency management?
In simple terms, emergency management is the process of mitigating, preparing for, responding to and
recovering from an adverse incident. Emergency management is a dynamic process. Planning, though
critical, is not the only component. Training, conducting drills, testing equipment and coordinating
activities with stakeholders and external emergency services are important functions. Implementation
of an emergency management program facilitates the following business functions:
(a) Help the RTO fulfil its moral responsibilities to protect its assets.
(b) Maintain compliance with regulatory requirements detailed in safety legislation,
standards and RTO departmental policies.
(c) Enhance the RTO’s ability to recover from lost assets or business interruption.
(d) Reduce exposure to civil or criminal liability in the event of an incident.
(e) Enhance the RTO’s image and credibility with employees, government and the public.
Comprehensive risk management approach.
This is a four-phase process that encompasses strategies for:
(a) mitigation;
(b) preparedness;
(c) response; and

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 35

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(d) recovery
Mitigation
This is about maintaining sustained and often permanent actions that reduces exposure to, probability
of, or potential loss of assets from threatening or hazardous events. They tend to focus on where and
how to design built environment and also include staff education and community awareness programs.
Preparedness
Preparedness includes those arrangements that will ensure the full and effective utilisation of all
resources and services for response and recovery. It is simply and activity of preparing for an emergency
before it occurs. It encompasses those actions taken before an adverse incident occurs, namely planning
and organising, equipping and training personnel, and setting up exercises to deal with those
emergencies that cannot be avoided or mitigated entirely. Obviously, it is important to not just plan, but
to prepare as well. The key to effective emergency management is being ready to provide a rapid
emergency response. Being ready includes:
(a) the implementation of a structured emergency management planning and response
system and resources, including clear and unambiguous lines of command, control and
communication;
(b) training for the emergency planning committee (EPC) and emergency control
organisation (ECO) personnel;
(c) conduct of exercises and drills to test response and recovery procedures;
(d) logistics to provide suitable resources for supporting the emergency management
system.
Response
Response planning includes the actions taken to minimise the effects of impeding or actual
emergencies. It involves saving lives, reducing injury and suffering, and preventing further damage.
Trained and equipped personnel will be required to deal with any emergency situation. This part of the
plan deals with the implementation of the short-term effects of the event. Response can include, but is
not limited to:
(a) incident identification;
(b) emergency notifications;
(c) activation and deployment of the ECO; and
(d) the evacuation of personnel.
Recovery
Recovery planning is the enabling and supporting process that allows individuals, groups and the
communities of groups to attain a proper level functioning, through the provision of information,
specialist services and resources. It is also the physical process of reconstruction. It encompasses both
near-term and long-term actions taken to return the organisation to a pre-emergency level of
operations or, in some cases, to a new level of operation during recovery. It can include, but is not
limited to:
(a) activating continuity of operations or business continuity plans (resumption of mission,
provision of personnel services such as welfare, health and counselling, etc);
(b) setting up emergency relocation sites; and

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 36

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(c) reconstitution or restoring operations at the original or a new permanent location

(inclusive of restoration of C3, restoration of essential services, repair, replace, salvage,
reconstruction, renovation, and relocation activities.
Planning priorities
In the event of an emergency, the following priorities are listed in order of importance:
(a) Protect human life.
(b) Prevent or minimise human injury.
(c) Reduce the exposure of assets.
(d) Optimise loss control for assets where exposure cannot be reduced.
(e) Restore normal operations as quickly as possible.
The first two priorities involve the persons affected by the emergency, and the following time-tested
principles should be applied to their care:
(a) Evacuation and shelter. All persons not needed in disaster operations should be
moved to safe places.
(b) Personal protection. Those persons who must remain in a threatened area should be
well protected as possible given the nature of the threat.
(c) Rescue and relief. Persons exposed to the emergency who may be injured should be
given the necessary support and assistance.
(d) Design safety. Anything that increases the likelihood of personal injury based on the
nature of the emergency and the character of the RO should be identified and
eliminated from the facility or system as applicable in advance.
(e) Training. Persons who will deal with the emergency, such as the EPC and ECO, should
be well trained so that they do not increase their exposure through ignorance or
ineptitude.
All hazards approach
The all hazards approach identifies all credible emergencies that may adversely affect the RTO’s assets,
the environment and core outputs and functions. The emergencies for which plans may be developed
can be grouped into three major threat categories:
(a) Natural. Natural threats include all weather-related emergencies, such as storms, floods,
earthquakes and bush fires.
(b) Human (either internal or external). Human threats are deliberate adverse actions and
events, which include terrorist activities, arson, civil disorders and hostage situations.
(c) Accidental. Accidental threats are non-deliberate adverse events, which can range from
hazardous material spills to telecommunications and computer outages.
Emergency response plans
The various types of emergencies make planning for every conceivable contingency impossible;
however, general planning and resource allocation is feasible.
Each RTO’s EPC should identify the possible emergencies that they might face and translate these into
procedures. Examples would include:

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 37

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(a) fire (Facility and rollingstock);

(b) bomb threat;
(c) explosion;
(d) hazmat spillage;
(e) major accident (derailment, collision, etc);
(f) workplace violence;
(g) civil disorder.

Situation Colour code

Fire/smoke Code Red

Medical emergency Code Blue

Bomb Threat Code Purple

Infrastructure and other internal emergencies Code Yellow

Personal threat Code Black

External emergency Code Brown

Evacuation Code Orange

Figure 13 - Standard emergency colour codes (AS:3475)

The all-hazards approach to emergency planning recognises that the requirements in various response
plans will be similar regardless of whether the plan deals with a natural, human or accidental threat
incident. For example, an evacuation plan is necessary despite whether the need for the plan is
prompted by a fire, bomb threat, or HAZMAT spill.
All agencies approach
An emergency in a rail transportation environment will likely have the potential to effect broader
elements of the local environment by impacting the surrounding community, and in extreme cases,
impact upon the RTO enterprise strategically or on the community as a whole at both State and
National levels, as would be the case in the event of a terrorist incident. Hence, the implementation
of an emergency management system should take into account all affected stakeholders in both the
RTO and other sectors through the implementation of mutually agreed arrangements.

4.6 Information Management and Electronic Security

4.6.1 Establishing Information Management Policy
Most information for which RTOs have responsibility for poses no threat to rail transportation security.
In the wrong hands, however, some kinds of information could be dangerously misused by individuals or
groups intending to inflict harm on the rail transportation system, its users, employees, or the general
public. This information should be protected from inappropriate intentional disclosure (for example, in
response to an external email request from a person without the need-to-know, or by a disgruntled
employee) and from unintentional disclosure (for example, when unprotected sensitive information is
stolen from a RTO employee).
Accordingly, RTOs should develop policies and procedures for ensuring sensitive information does not
fall into the wrong hands, while maintaining corporate accountability and ensuring management
efficiency. All RTOs should establish and use comprehensive sensitive information management policies.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 38

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

As a guide, two primary elements that should be the foundation for any information management policy
are:
(a) how to identify sensitive information that must be protected; and
(b) how to control access to sensitive information responsibly.
By establishing appropriate policies in each of these two areas, RTOs can improve rail transportation
security, while minimising administrative burden and maintaining appropriate accountability to the
organisation, and in some cases, the public.
Identifying sensitive information
RTOs generate an enormous number of electronic and paper documents every year. Most of this
information requires no specific protection. For example, project-related documents for a simple
installation or track modification project would likely not require any sort of special management. RTOs
should be aware that arbitrary and unnecessary restrictions on non-sensitive information increase
bureaucracy and may jeopardise legitimate efforts to protect sensitive information. A sub-set of RTOs
documents, however, can potentially be misused by someone intending to cause harm. Access to this
information should be controlled.
For most RTOs, information likely to be considered sensitive if it is useful for:
(a) selecting a target for a threat; and/or
(b) planning and executing an attack.
Information likely to be found in an RTO that meet these criteria includes the following:
(a) Risk assessment reports. This type of data provides detailed information about the RO’s
security vulnerabilities. Such data is used in planning for the protection against associated
security risks and potential threats.
(b) Emergency response plans. These materials provide detailed information about a RTO’s
protocols for responding to and recovering from a range of safety and security incidents.
These plans contain sensitive information that could be used by a threat source in planning
their attacks that injure emergency responders or disrupt their efforts.
(c) Other sensitive information. Visual and textual architectural and engineering data are vital
to understanding the core operations and structural components of rail transportation
infrastructure. This information may include building or structural plans, schematic
drawings and diagrams, security system plans, and threat analysis related to design or
security of critical infrastructure – all of which may be of interest to a threat source and
could be dangerously misused by someone intending to cause harm. Such information is
created and retained for many reasons, including use as emergency reference during the
construction and reconstruction of rail transportation infrastructure. As part of these
processes, design documents are often copied and distributed for use by architects,
contractors, inspectors, third party reviewers, and others – all of whom need access to
blueprints, engineering schematics, and other technical documents to be able to safely and
effectively fulfil their responsibilities.

When considering information management, RTOs should also consider the impacts of
Cyber Security, both for documentation and for any relevant technology (or safety critical)
systems.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 39

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

4.6.2 How RTOs Can Determine Which Information to Protect

To help ensure the information protection efforts they undertake are effective, efficient, and defensible,
RTOs should use consistent, objective, and documented procedures for identifying sensitive
information. Scrutinising all information based on a general set of questions can be an effective tool for
ensuring consistent decision making. RTOs may wish to consider the following questions as they
develop their own decision-making tools:
(a) Could this information be used to aid in selecting a target for an attack, and/or for planning
and executing an attack?
(b) Is this information available from other sources (e.g., via the internet or a simple visual
inspection of a facility)?
(c) Is this information regularly distributed outside the RTO?
(d) Will disclosure of this information create potential for loss of life or economic harm?
(e) Does this information reveal any security features or vulnerabilities?
(f) Is this information critical to continuity of operations?
(g) Does the RTO keep track of the number of existing copies of the information (documents)
and the location of these copies?
(h) Does this information require special software or other devices to be read and understood?
How readily available is the software?
(i) Are there safety critical industrial control systems in use (refer AS 7770 – Cyber Security)?
(j) Can the information be sanitised to remove sensitive information?
(k) Is the information classified under national security designations?
(l) Is the information subject to legislated protection (e.g. protection of counter-terrorism
information – Terrorism Community Protection Act 2003 – VIC).

4.6.3 Controlling Access to Sensitive Information

Once a decision is made that information is considered sensitive, RTOs should ensure that appropriate
information management practices are in place to assure its protection. Individuals or groups seeking
sensitive information for inappropriate purpose may try to use official channels, such as freedom of
information requests to obtain copies; alternatively, they may obtain it by stealing it from the desk of a
careless employee or through a disgruntled worker.
RTOs can guard against these and other scenarios by establishing a straightforward and easy-to-
implement set of procedures that become an ongoing part of document creation, storage, distribution,
use, and destruction.
Following are five practical steps that RTO’s should include in their Information Management Policy.
Each step should be customised to fit the needs of individual RTOs:
(a) Step 1 – Create a committee or working party for setting information management
policy. The RTO should consider creating a committee or working party that can guide
the overall development and implementation of information management policies,
such as how to identify sensitive information and how to protect it. The committee or
working party should include organisation wide representation and may also have
third-party participation from groups directly affected by policies it establishes. It
would be responsible for tasking the security coordinator in establishing and
Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 40

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

documenting procedures, ensuring procedures are adhered to, monitoring their

effectiveness, and modifying approaches as necessary.
(b) Step 2 – Review and Identify RTOs Sensitive Information. RTOs should review all the
information they produce and/or control to determine which sensitive information
may require protection. For most RTOs, this list will include SRMPs, security risk
assessments, emergency response plans, as well as information related to selected
infrastructure or other facilities. As they identify sensitive information, organisations
may wish to prioritise it according to its sensitivity relative to other information.
Information should be protected at a level commensurate with the risk posed by its
possible misuse.
(c) Step 3 – Establish a single point of contact for managing sensitive Information. To
avoid inadvertent dissemination of sensitive information, RTOs should promote
consistent handling and ensure adequate monitoring of potentially suspicious
activities. A single internal point of contact should have day-to-day responsibility for
the management of sensitive information issues, including identification of sensitive
information, documentation and protocols, handling of information requests, and
dealings with the media.
(d) Step 4 – Identify sensitive information handling protocols. Clear and documented
organisation-wide protocols should be established for handling sensitive information in
both paper and electronic formats. Protocols may address, but not necessarily be
limited to the following:
i. Information access – Identification of individuals that have a legitimate need-to-
know and need-to-hold sensitive information.
ii. Information markings – Sensitive information should be conspicuously marked with
clear warnings that inform holders about the degree of protection required.
iii. Information storage and accountability – Appropriate custodial responsibilities
should be established for storing information and tracking its use. The more sensitive
the information, the more secure storage should be.
iv. Information requests – Procedures for establishing requests for sensitive
information should be established and be consistent with information disclosure
laws in relevant legislation (e.g., freedom of information, privacy, National security,
counterterrorism).
• Step 5 – Educate RTO Staff about sensitive information. Ultimately, physical protection
of sensitive information should be the responsibility of every component and
employee of the RTO. Education is critical to ensuring they understand and follow
established procedures.
RTOs may wish to vary the level of protection accorded to individual documents depending on their
sensitivity. Polices should, however, always be consistent in the degree of protection they afford to
different types of information.

4.7 Incident Reporting and Recording

RTOs should establish and maintain procedures for reporting and recording security incidents. The
process should be aligned with the Rail Safety National Law for prescribed incidents and notifiable
occurrences.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 41

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

RTOs should also be aware of additional reporting obligations such as data breach. The incident
reporting policy and procedures should require that all defined incidents be reported in a timely
manner.
Where the RO has regulatory obligations with respect to incident reporting, the RO is to ensure that
those obligations are able to be fully satisfied through the incident reporting policy and procedures.
Freedom of information and privacy related legislation should be considered when developing policies
and procedures.
The RTO should use a standardised system of incident classifications.

4.8 Privacy
RTO should develop and implement any additional policies and procedures that may be required to
ensure that security related information (including video recordings) is stored and handled in
accordance with relevant privacy principles. In satisfying its obligations under privacy principles, the RTO
is obliged to communicate certain aspects of its approaches to protecting information. The RTO is to
ensure that appropriate communication strategies are developed and implemented. Such strategies
may, for example, include signage, notations on forms, statements on security related web sites, or
specific emails to staff.
In preparing communications in relation to privacy provisions, the RTO should have regard to exclusion
provisions within the privacy principles with respect to a person accessing information about
themselves where such access to that information may affect the privacy of another person, or impact
on an investigation or prosecution.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 42

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

5 Security Exercises
5.1 Rationale for Security Exercises
Rail transportation systems are vulnerable to a range of security events that may result in an emergency
situation. The conduct of security exercises allows RTOs to practice and test their developed security
and emergency response plans. In turn, a well conducted and evaluated exercise will reveal
inconsistencies, highlight deficiencies in resources, determine the organisations ability to coordinate
their response capabilities with other agencies, and emphasise the need for any additional training.
RTOs may wish to refer to the Australian Disaster Resilience Handbook 3 - Managing Exercises.
Going directly into a real emergency operation without practicing in exercise involves substantial risks.
For example, many participants may not know or thoroughly understand what their emergency
responsibilities are or how these responsibilities relate to activities performed for other elements of the
response. Equipment may not function as expected, and procedures may not be as effective as
anticipated. Such risks, when thoughtfully considered, will be unacceptable to most RTOs.
Accordingly, RTOs should develop a broad spectrum of exercise activity, so that functional emergency
response and recovery capability to security incidents can be realistically assessed and improved. If well
designed and executed, security and emergency exercises are an effective means of:
(a) testing and validating policies, plans, procedures, training, equipment, and interagency
agreements;
(b) clarifying and training personnel in roles and responsibilities;
(c) demonstrating mastery of standard operating procedures, communications, equipment,
and public information dissemination;
(d) improving interoperability with other agencies in command, control, and coordination;
(e) identifying gaps in resources;
(f) improving individual performance; and
(g) identifying specific actions that should be taken to improve the response capability.
Many RTOs are providers of mass public transit services, hence, conducting exercises demonstrates the
RTOs responsibility and commitment to:
(a) ensure customer and employee safety and security at all times;
(b) train employees so that they know what to do when an emergency occurs;
(c) recognise that they are part of the emergency response effort; and
(d) correct gaps and vulnerabilities in the system.
Some State and Territories mandate annual exercise programs.
RTOs should make every effort in coordinating their exercise programs with local emergency services
and seek guidance and involvement, including lessons learned.

5.2 Progression of Exercise Program Development

The progression of an exercise program is a cycle process (refer Figure 14). Within the cycle, targeted
areas of focus are identified. For example, target areas may include the use of communications
equipment and systems across multiple jurisdictions, the integration of rail transportation resources

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 43

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

into the incident command system established by local responders, and the performance of specific
types of activities in the rail transportation environment (e.g., station, terminal, and rolling stock
evacuations, procedures for train hijackings, and procedures for managing suspicious packages in
stations, terminals, installations and rolling stock).

Developmen
t

Improvemen
t

Exercis
es
Figure 14 – Exercise development cycle

Next, response plans, policies, procedures, immediate actions, and job aids are developed, or existing
documents are reviewed, in these focus areas. Training is then provided, or the quality of existing
training assessed. Then, over the course of the cycle, increasingly complex types of exercises are
conducted to assess and reinforce critical activities within the target areas of focus. Each exercise is
evaluated, and results are incorporated into the planning development cycle.

5.3 Categories of Exercises

There are two specific categories of exercises that can be further divided into various types of activities:
(a) Category 1 – Discussion-based exercises. This category is normally the starting point. This
category tends to focus on policy-oriented issues. In conducting discussion-based exercises,
facilitators and/or presenters usually lead the discussions, helping to keep participants on
track and ensure that objectives are met. They include:
i. seminars;
ii. workshops;
iii. tabletops; and
iv. games.
(b) Category 2 – Operations-based exercises. This category of exercise is used to validate
plans, policies, agreements, and procedures solidified in discussion-based exercises. These
exercises may involve single or multiple agencies or jurisdictions.
Figure 15 illustrates the category of exercises, their objectives, predicted effort and recommended
frequencies.
RTOs will be generally expected to commence their exercise programs with seminars, workshops, and
tabletop exercises. Games may be used by the executive management to test decision-making
capabilities under stressful conditions. They are inexpensive and can be implemented relatively quickly.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 44

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Following this, RTOs should then conduct drills, functional exercises and full-scale exercises with
emergency response agencies.

Type of Category of Objectives Level of effort Recommended

activity exercise
Seminar Discussions based Assessing the adequacy Low Ongoing as part of
of and familiarity with training
the participant’s policies,
Workshop plans, procedures, 2 times a year

Tabletop resources, and inter- Medium Once a Year

agency relationships
Game As needed
Drill Operations based Expert observation and Medium-High Twice a year
assessment of three
Functional levels of performance: Once a year
Exercise
* Task.
Full-Scale Multi- * Organisations High Once every 3 years
Agency Exercise discipline / functional (unless regulated
level. otherwise)
* Mission level.
Figure 15 – Examples Exercise Types

5.4 Steps in Process

Create an organisation.
To establish the exercise program, the RTOs safety and security coordinator should first work within the
RO to develop and recommend an appropriate organisational structure for managing the program.
There are many approaches in developing response organisations, for example:
(a) larger organisation with resources devoted to exercising generally employ full-time exercise
coordinators to manage the program, supported by part-time personnel from other areas
of the organisation (e.g., training, safety and security, operations, maintenance
departments, consultants, and members of local response agencies);
(b) medium-sized organisation with limited resources may assign exercise functions as an
additional task to an existing position in their organisation. This assignment may go to a
senior member of the training, safety, or security departments or may go to a senior
manager in operations. Consultant support is also often available for specific exercises, and
an organised committee consisting of local responders may also support the effort;
(c) small organisations may not have senior managers available to coordinate a progressive
exercise program, even on a part-time basis. Small organisations may need to use
consultants to prepare these programs, and these organisations should coordinate closely
with local responders. Small organisations may offer the use of their assets to support
emergency exercises, and work with larger organisations and local emergency responders
to achieve their exercise objectives.
Establish a program foundation
Once the program organisation is created and personnel requirements have been established, a
foundation should be created for the program that defines the program’s functions and activities.
Typically, this foundation has the following components:

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 45

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

(a) Exercise program. The company’s exercise organisation should formalise its program and
receive endorsement and approval from the organisation’s executive.
(b) Need assessment and focus area. The exercise coordinator, supported by the RTOs
personnel, consultants, and members of local emergency response agencies, should
conduct a careful review of the threat assessments conducted by the RO; existing
emergency response plans, training, and emergency response experience. Based on this
review, the coordinator should identify focus areas that will guide the RTOs exercise
program.
Create realistic expectations
Table 3 illustrates and example exercise program for a large RTO. However, this type of progressive
exercise program can only be implemented with considerable commitment from the RTOs senior
executive management. The “Number of Participants” and “Cost” columns have been left blank in this
example due to the significant scope of variation that would exist between large organisations and
smaller organisations with less ambitious programs.
Whatever the size of the RTO, if the executive leadership recognise the associated costs with
implementing a progressive exercise program, and supports them, then the program will have a strong
foundation for accomplishing its objectives. Where management supports the participation of
exercises programs developed in cooperation with local emergency response agencies, there may be
scope to piggy-back on the resources expended by these agencies (risk sharing).
If the senior management does not have the resources to commit to the program, with full access to the
costs and activity information, informed decisions cannot be made regarding ways in which to cut
expenses and remove exercise activities.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 46

 Security Handbook for Small to
Medium Rail Transport Operators
Volume 1

Table 3 – Example progressive exercise program

Type of Required materials Situation addresses Proposed No of Costs RO POL FB AS DHS HAZ ME PW Other
exercise dates participants
Seminar Agenda Overview of RTOs exercise JAN # $ * *
PowerPoint presentation program
Workshop Agenda Planning for tabletop FEB # $ * *
Action list
Tabletop Agenda Improvised Explosive Device MAR # $ * * * * * * * *
Exercise package (IED) detonated in Railway
After action report station or terminal
Corrective action plan
Game Agenda Agenda 48-hour # $ *
Exercise package power-
After action report failure
Corrective action plan
Drill Agenda Evacuation of RTO building, MAY/NOV # $ * * * * *
Exercise package facility or workplace with
After action report suspicious package
Corrective action plan
Functional Agenda Bomb threat in Railway SEPT # $ * * * * * * * *
exercise Exercise package Station or terminal (annually)
After action report
Corrective action plan
Full Agenda Explosive detonation in NOV every # $ * * * * * * * * *
exercise Exercise package metropolitan subway system three years
After action report
Corrective action plan

Legend:
RTO Rail transport operator POL Police FB Fire brigade
AS Ambulance service DHS Department of Human Services HAZ HAZMAT response
ME Media PW Public works (utilities companies) Other Contractors, vendors, shared facility tenants, volunteer organisations (e.g. SES)
* Participants

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 47

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

6 Annexes
6.1 List of Annexes
Annexe A Glossary of Security and Emergency Risk Management Terms
Annexe B Activity Matrix
Annexe C Example Security Threat Alert Level System

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 48

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Annexe A Glossary of Security and Emergency Risk

Management Terms
Term Definition Source

Compromise (or The full range of means by which harm could be caused to official information, PSPF
misuse) especially loss, damage, corruption or disclosure, whether deliberate or accidental
Community A group of people with a commonality of association, generally defined by Attorney Generals
location, shared experience, or function. Department (Cwth)
– ERM Handbook
Consequence Outcome of an event affecting objectives ISO 31000:2018
Critical A service, facility, or a group of services or facilities, the loss of which will have Attorney Generals
infrastructure severe adverse effects on the physical, social, economic or environmental well- Department (Cwth)
being or safety of the community – ERM Handbook
Delphi technique The use of a group of knowledgeable individuals to arrive independently at an Attorney Generals
estimate of the outcome of an uncertain situation. Department
(Cwth)– ERM
Handbook
Emergency An event, actual or imminent, which endangers or threatens to endanger life, Attorney Generals
property, or the environment, and which requires a significant and coordinated Department (Cwth)
response. In the ERM context for critical infrastructure, it is an event that extends – ERM Handbook
an organisation beyond routine processes.
Emergency risk A systematic process that produces a range of risk treatments that reduce the Attorney Generals
management (ERM) likelihood or consequences of events. Department (Cwth)
– ERM Handbook
Enabling resource Expertise, staff, finance or other support or aid that makes risk treatments Attorney Generals
possible. Department (Cwth)
– ERM Handbook
Environment Conditions or influences comprising built, natural, and social elements, which Attorney Generals
surround or interact with stakeholders and communities Department (Cwth)
– ERM Handbook
Essential service An indispensable supply or activity. The various Australian jurisdictions have a Attorney Generals
range of legislative instruments in place to either define or constitute essential Department (Cwth)
services, their roles, and responsibilities.
Event Occurrence of a particular set of circumstances ISO 31000:2018
Exposure The degree to which a resource is open to, or attracts, harm PSPF
Hazard A source of potential harm – a hazard might include a threat PSPF
Incident reporting A scheme whereby security incidents are reported to a central point in the PSPF
agency, usually the agency security adviser – this enables the agency to collect
statistics on its security vulnerabilities.
Information The term “information” within this context refers to the protection of any form of
security information, including:
• documents and papers;
• data;
• software or systems and networks on which information;
• is stored, processed; or communicated;
• intellectual information (knowledge) acquired by individuals;
• physical items from which information.
Likelihood Change of something happening ISO 31000:2018

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 49

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Term Definition Source

Loss Any negative consequences, financial or otherwise PSPF

Need-to-know The principle that the availability of official information should be limited to those PSPF
principle who need to use or access the information to do their work
Personal Information or an opinion, whether true or not, and whether recorded in a Privacy Act 1988
information material form or not, about an individual whose identity is apparent, or can
reasonably be ascertained, from the information or opinion.
Personnel security A procedural system implemented to ensure that only those people whose work PSPF
responsibilities require them to access official information and official resources
have such access – this is done by limiting the number of people who have access
to those who and demonstrate a need to know and whose eligibility has been
determined after a comprehensive evaluation of their history, attitudes, values
and behaviour
Physical security The part of protective security concerned with the provision and maintenance of PSPF
a safe and secure environment for the protection of agency employees and
clients, physical measures designed to prevent unauthorised access to official
resources and to detect and respond to intruders.
Preparedness Measures to ensure that communities and organisations are capable of coping Attorney Generals
with the effects of emergencies Department (Cwth)
– ERM Handbook
Prevention Measures to eliminate or reduce the likelihood or consequences of an event. This Attorney Generals
also includes reducing the severity or intensity of an event so that it does not Department (Cwth)
become an emergency. – ERM Handbook
Privacy People have a right to expect – that personal information held about them is Privacy Act 1988
accurate and available for their inspection, that if it is not accurate then that it be
subject to amendment, and that the information is properly safeguarded and
protected – they must also be kept fully informed of the uses to which this
information may be put
Protective security The total concept of information, personnel, physical, and information technology PSPF
and telecommunications security
Residual risk Remaining after implementation of risk treatment ISO 31000:2018
Resilience The ability to maintain function. Factors contributing to resilience include existing Attorney Generals
control measures, duplicated or redundant assets or systems, knowledge of Department (Cwth)
alternatives and the ability to implement them. – ERM Handbook
Response Measures taken in anticipation of, during and immediately after, emergencies to Attorney Generals
ensure the adverse consequences are minimised. Department (Cwth)
– ERM Handbook
Risk analysis Process to comprehend the nature of risk and to determine the level of risk ISO 31000:2018
Risk assessment The overall process of risk identification, risk analysis, and risk evaluation. ISO 31000:2018
Risk avoidance A decision not to become involved in, or to withdraw from, a risk. ISO 31000:2018
Risk criteria Terms of reference by which the significance of risk is assessed. ISO 31000:2018
Risk evaluation Process of comparing the results of risk analysis with risk criteria to determine ISO 31000:2018
whether the risk and/or its magnitude is acceptable or tolerable.
Risk identification Process of finding, recognizing, and describing risks ISO 31000:2018
Risk management Coordinated activities to direct and control an organisation with regard to risk. ISO 31000:2018
Risk reduction Actions taken to lessen the likelihood, negative consequences, or both, associated ISO 31000:2018
with a risk.
Risk sharing Sharing with another party the burden of loss or benefit of gain from a particular ISO 31000:2018
risk.

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 50

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Term Definition Source

Risk treatment Process to modify risk. ISO 31000:2018

Robustness The ability of critical infrastructure to withstand, or recover from, and event. Attorney Generals
Department (Cwth)
– ERM Handbook
Security incident A security breach, violation, contact or approach from those seeking unauthorised Security Incident
access to official resources, or any other occurrence that results in negative
consequences.
Security approach An unsolicited encounter with people or organisations who seek to obtain, PSPF
through unauthorised means, non- national security (e.g., sensitive ARO data)
information for which they do not have a need to know – contract with security
contact.
Security breach An accidental or unintentional failure to observe the requirements for handling PSPF
official resources – see also security violation.
Note: In the context of a rail organisation (RO), the term “official resources” refers
to those assets either an owned, leased or shared by the RO its operational
functions. The resource may be a tangible item (e.g. credential) or an intangible
item (known information).
Security contact An unsolicited encounter with people or organisations whose purpose is to obtain PSPF
national security information they do not have a need to know – contrast with
security approach.
Security violation A deliberate action that leads, or could lead, to the loss, damage, corruption or PSPF
disclosure of official resources
– see also security breach.
Note: In the context of a rail organisation (RO), the term “official resources” refers
to those assets either an owned, leased or shared by the RO to perform its
operational functions. The resource may be a tangible item (e.g. Credential) or an
intangible item (known information).
Source of risk A real or perceived event, situation, or condition with a real or perceived potential Attorney Generals
to cause harm or loss to stakeholders, communities or the environment. Department (Cwth)
– ERM Handbook
Stakeholders Those people and organisations who may affect, or be affected by, or perceive Attorney Generals
themselves to be affected by a decision, activity, or risk. Department (Cwth)
– ERM Handbook
Substitutability The characteristics of a resource that allows it to act or serve in place of another. Attorney Generals
For example, it may be possible to use other equipment or expertise when local Department (Cwth)
resources are unavailable. – ERM Handbook
Susceptibility The degree of exposure to loss. Attorney Generals
Department (Cwth)
– ERM Handbook
Threat A source of harm that is deliberate or has intent to do harm PSPF
Threat assessment Evaluation and assessment of the intentions of people who could pose a hazard to PSPF
a resource or function, how they might cause harm, and their ability to carry out
their intentions – threats must be assessed to determine what potential exists for
them to actually cause harm.
Vulnerability The susceptibility of stakeholders, communities, and the environment to Attorney Generals
consequences of events and their resilience to the loss of services or facilities. Department (Cwth)
– ERM Handbook

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 51

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Annexe B Example Security Risk Management Program Roles &

Responsibilities Matrix

Rail transportation system

Item Task

Executive management

Human resources
Safety & security
Maintenance

Engineering
Operations

Training
Security risk management program A A C P C C C
Organisational structure A A C P C C S
Human resources A C C P C C C
Operating environment A A C P C C C
Current security threat level condition A S C P C C C
Capabilities and practices A A C P C C C
Management of the security management A A S P S S S
plan
Division of security responsibilities A A C P C C C
Job-specific security responsibilities C A S P S S S
Protective measures S S S P S S S
Training S S S P S S S
Day-to-day activities S S S P S S S
Security risk assessment C P P P C P S
Security review, testing, and audit C P C S S S S
Reports A P S S S S S
Security information flow A P S S S S S
etc

Note: Derived from US Department of Transportation FTA-MA-26-5019-03-01 -Table 5

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 52

 Security Handbook for
Small to Medium Rail
Transport Operators
Volume 1

Annexe C Example Security Threat Alert Level System

Table 4 - Example safer railways protective security measures/ actions (Level 1)

There is no specific threat to the rail transportation system from terrorist or IMGs. RTOs should operate in
accordance with their relevant state or territory railway safety management regulations, workplace health and
safety duty of care legislation, and responsible levels of protective security.

Measure 1 – Security planning Develop and implement protective security and emergency response plans for
each Safer Railways security level. Identify continuity of rail system operations
and recovery measures for essential services such as power, gas, water, HVAC,
etc. The security planning process should include annual risk assessments
followed by refining and exercising as appropriate pre-planned measures. Seek
technical expertise where necessary.
Inspect existing security measures to ensure that they are functioning as intended
– lighting, fences, locks, CCTV, intruder alarm systems, access control, key
control, monitoring stations and response systems, security guards, signposting,
etc. Ensure that all emergency equipment, such as firefighting, and
communications and warning systems are well maintained, and evacuation drills
are practiced. Ensure that HVAC plant rooms, PABX, sub-stations, computer
rooms, workshops, control rooms, are secured or have controlled access.
Establish local and regional partnerships with police, emergency response
authorities and other agencies to ensure expedient dissemination and
communication of relevant threat information.
Measure 2 – Maintenance Ensure preventative maintenance and inspections are maintained to all critical
systems.
Perform regular check of power supplies and back-up systems.
Measure 3 – Information Identify all paper and electronic documents essential for recovery actions
management and continuity of rail system operations – then list and make backups to hold
Measure 4 – Brief and train off-site.
Managers and supervisors are to ensure that all employees are briefed and
personnel familiar with local safety, security, and emergency plans. This is to occur at
recruitment, induction and annually, or when changes to plans occur. ARTOs are
to ensure that contractors and any licensed tenants/vendors are included in the
awareness training process. Train staff to be alert and vigilant in identifying
unattended items, suspicious persons, and vehicles, and how to report such
incidents.
Ensure contract security guards have well defined assignment
instructions in accordance with AS 4421 as a minimum.
Measure 5 - Movement/storage No restriction on movement. Managed in accordance with railway safety
of dangerous goods or management systems and defined legislation and regulations.
prescribed chemicals

Security Handbook for Small to Medium Rail Transport Operator Volume 1

RISSB ABN 58 105 001 465 Page 53

 ABN 58 105 001 465

For information regarding the development of RISSB products contact:

Rail Industry Safety and Standards Board

Brisbane Office
Level 4, 15 Astor Terrace
Brisbane, QLD, 4000

Melbourne Office
Level 4, 580 Collins Street,
Melbourne, Vic 3000

PO Box 518
Spring Hill, QLD, 4004

T +61 7 3724 000

E [email protected]

ISBN Enter ISBN.