Risk management

Rail travel is one of the safest forms of mobility. NS seeks to continue to improve safety by means of the control of the safety risks and continuous improvement of safety performance. We have made great progress in all areas. In the area of cyber (see risk 7), more work is needed to reach the desired maturity and further manage the risks.

We implemented the technical and organisational measures in response to the major railway incidents (derailment and collision) in 2020 according to plan. Measures include adjusting the maintenance regime of trains and temporary speed restrictions when passing a number of unguarded level crossings.

In the field of security and social safety, NS has implemented organisational improvements and we are affiliated with the relevant government agencies. Terrorism situations are regularly practised. In addition, a programme to improve the monitoring of NS property has been initiated.

We also have a dashboard for NS as a whole, covering the key risks and issues regarding compliance plus an overview of all relevant KPIs.

In addition, we provide training courses in all parts of the company to keep our employees’ knowledge of legislation and regulations up-to-date.

NS has a nationwide programme to improve existing social behaviour on the shop floor. The NS Code of Conduct serves as the guiding document for this programme.

Studies have taken place to understand changing travel behaviour, and we update passenger forecasts with greater regularity.

Such insights are used to:

Win back passengers with an offering that matches the new travel behaviour.

Attract new passengers by means of campaigns and improvements in the offering and services (e.g. increasing the supply of chain services, improvement of the App, new functionalities for business customers).

These insights are used whenever possible when making investments and any adjustments to services.

A dedicated team has been set up to drive the transformation and develop savings initiatives for direct and indirect employees. In this, we work together with social partners and employees. Investment plans are adjusted and put on hold if possible. We periodically reassess forecasts and monitor progress.

In Germany, the restructuring processes in North-Rhine Westphalia and Baden-Württemberg have come to an end, but the risk of claims and lengthy proceedings remains. The other franchises will be continued and, insofar as they are loss-making, modified.

Franchises will be terminated in the United Kingdom, which involves financial risks upon closure.

We discuss these matters within the Medium Term process together with ProRail and the Ministry of Infrastructure and Water Management.

The most important critical systems in train logistics control have been replaced. We will largely replace the major operational legacy systems, including the travel information system and Data Warehouse systems, by mid-2022 and 2023. Business continuity agreements with suppliers have been tightened.

In order to mitigate the IT capacity shortage, external staff will be replaced by in-house staff where possible and junior staff will be trained internally to a higher level of knowledge. The transformation plan is being implemented, among other things, through Agile working with extra attention being paid to retaining technical talent.

Based on a roadmap, cybersecurity will be further strengthened, both in terms of process by means of governance and policy, and substantively in the case of IT and operational technology (OT) on and around the trains. This is becoming increasingly important given the growing cyber threat and the designation of NS as a provider of an essential service.

Cyber risk analyses were conducted for example on the operational fleet and ransomware vulnerability.

NS participated in the creation of the ‘roadmap Vitaal’, which was drawn up under the leadership of the Ministry of Infrastructure and Water Management, and NS drew up an implementation plan for the Networks and Information Systems (Security) Act (WBNI). This will further shape the protection of vital mobility processes.

Awareness campaign concerning secure working from home and extra alertness internal IT security monitoring.

A phishing campaign has started and will continue for years to come.

Every NS employee has been given a secure laptop that can be used to work from home.

Access management has been tightened.

As a result of incidents, improvement actions have been taken on, for example, the website www.ns.nl.

Supported by a Transformation Team, NS is working in a structured manner on cost savings, behavioural change and improved result-oriented strategies so that we can work together more decisively and respond more quickly to changes. We also promote advancement and retraining so that people remain employable and flexible in the changing context.

Regular measurements among employees to be able to take targeted measures.

Measures for safe and healthy home working (physical and mental).

Development and support of managers.

Stimulating movement and physical fitness.

Accessible supply of preventive coaching.

Targeted approach per target group to improve labour potential.

Strategic personnel plan per position.

Labour market campaign.

Focus on retention.

Scaling up training capacity.