HomeResourcesWhitepapers › Rail & Railways
Whitepaper · 10 pages · Free

IRIS Certification: The 6 Most Common Audit Failures in Rail and Railway Organisations

IRIS certification failure in rail supply chain organisations concentrates in six areas that reflect the railway-specific requirements that go far beyond ISO 9001. RAMS analysis is the most significant gap for organisations entering the rail sector from other industries. This whitepaper analyses each failure and the preparation programme.

Published May 2026·Rail & Railways·IRIS ISO/TS 22163 Rail Quality Management

Why IRIS Certification Is More Demanding Than ISO 9001

IRIS — the Business Management System Standard for the Railway Sector (ISO/TS 22163) — extends ISO 9001 with rail-specific requirements covering project management, RAMS (Reliability, Availability, Maintainability, Safety), maintenance management and supply chain control. Organisations from non-rail sectors entering the rail supply chain consistently underestimate the depth of these additional requirements.

IRISInternational Railway Industry Standard — required by major rail primes including Alstom, Siemens Mobility, Hitachi Rail and CRRC for their supply chains
UNIFEUnion of the European Railway Industries — governs IRIS certification and the IRIS database
RAMSReliability, Availability, Maintainability and Safety — the engineering discipline required by IRIS that most non-rail suppliers have not previously implemented
Download the complete whitepaper
All 10 pages — free, instant access.
No spam. No sales calls. We will email you a copy for reference.

The Six Most Common IRIS Certification Failures

  1. RAMS requirements not addressed. ISO/TS 22163 Clause 8.3.3 requires RAMS analysis for products and systems delivered to railway operators. Suppliers from non-rail sectors — electronics manufacturers, engineering component suppliers, software developers — typically have no RAMS capability. RAMS analysis requires IEC 62278-aligned methodology and specific documentation distinct from standard product risk assessment.
  2. Project management programme inadequate. ISO/TS 22163 Clause 8.1 requires a project management programme covering all product realisation projects from customer requirement through delivery. The IRIS project management requirements are more prescriptive than ISO 9001 — requiring specific lifecycle management, milestone review processes and project risk management aligned with rail prime contractor methodologies.
  3. Maintenance management programme absent or incomplete. For suppliers of systems or components requiring maintenance during operational life, ISO/TS 22163 Clause 8.5.5 requires a maintenance management programme covering maintenance planning, maintenance instructions, spare parts management and feedback of maintenance experience into design improvement.
  4. Supply chain control not extended to sub-tier suppliers. ISO/TS 22163 requires relevant requirements to be flowed to the organisation's own supply chain. For rail suppliers, this includes IRIS requirements being flowed to critical sub-tier suppliers and supplier performance monitored against rail-relevant quality criteria.
  5. Configuration management not at IRIS standard. Rail product configuration management must cover the full product lifecycle from design through disposal — managing variants, modifications and the documentation defining each product configuration. Configuration management adequate for short-lifecycle products is insufficient for rail products with operational lives of 30 to 40 years.
  6. Internal audit not covering ISO/TS 22163 specific clauses. An ISO 9001 internal audit programme extended with ISO/TS 22163 references without auditors specifically trained in rail-sector requirements systematically misses RAMS, maintenance management, project management and configuration management requirements.

RAMS — Why It Is the Most Significant Gap

RAMS analysis is the requirement that most consistently prevents non-rail suppliers from achieving first-time IRIS certification. RAMS — Reliability, Availability, Maintainability and Safety — is an engineering discipline with a specific methodology (IEC 62278 for railway RAMS) and specific output documentation that is entirely distinct from standard product design risk assessment.

A RAMS analysis for a safety-related railway component requires: reliability modelling (FMEA extended with failure rate data and mission profiles), availability calculations (using reliability block diagrams or Petri net models), maintainability analysis (mean time to repair, maintenance interval optimisation), and safety analysis (hazard identification, risk assessment and safety integrity level assignment). This cannot be produced by extending a standard FMEA — it requires specialist RAMS engineering capability.

IRIS / ISO/TS 22163 Certification Readiness
RAMS analysis capability established — trained resource and IEC 62278-aligned methodology
Project management programme covers all product realisation projects to IRIS milestone requirements
Maintenance management programme operational for products/systems with in-service maintenance obligations
Supply chain control includes IRIS flow-down requirements to critical sub-tier suppliers
Configuration management covers full product lifecycle including variant and modification management
Internal audit covers all ISO/TS 22163 specific clauses with rail-competent auditors
Pursuing IRIS / ISO/TS 22163 certification?

Rail quality specialists. Certification programme proposal within 48 hours.

Get a Proposal →WhatsApp
About AjaCertX
AjaCertX is a specialist compliance, certification and assurance partner serving the rail and railway sector. Our Rail Assurance practice delivers IRIS / ISO/TS 22163 certification support, OT cyber security programmes and business continuity planning for rolling stock manufacturers and rail suppliers.
WhatsAppConnect