RailCorp should undertake risk assessments of each of its activities as follows:
(a) identify the features of the system, subsystem or activities that are to be risk assessed and managed, to determine what makes the system work in terms of equipment, infrastructure and human factors;
(b) identify all hazards that may exist within the particular system, subsystem or activity, whether it is a driver safety system, passenger safety system, engineering design system, train maintenance system or involves human factors or performance;
(c) identify what controls are in place to eliminate or minimise the risks associated with any identified hazard;
(d) test the validity of the controls to ensure that the risk is eliminated or reduced to an acceptable level and, if not, institute additional or further control measures;
(e) specify, in safety documentation, the level of any residual risk;
(f) in the case of low probability, high consequence risks retain the services of an independent verifier of the risk assessments and controls to certify that all risks of such potentially catastrophic accidents have either been eliminated, or controlled to the extent identified by the independent expert;
(g) the Board of RailCorp certify that it regards any residual risk of a high consequence, low probability accident as acceptable, notwithstanding the severity of the consequences, by reason of the cost of further measures to control the risk; and
(h) provide to ITSRR records of the processes of hazard identification, risk assessment, risk control, independent verification and certification, and any Board certification relating to any high consequence, low probability accident.

Recommendation 34