This article provides an overview of the RIW App for Access Controllers and how to manage Rail Industry Workers on site.

An Access Controller is an individual in charge of swiping cardholders in and out of a work site. They can also check job roles and competencies to ensure site compliance, view work restrictions, as well as deny access to site.  This is done by scanning an RIW card using the RIW App via the QR code using the device camera, or Near Field Communication (NFC) by holding the card to the back of the device, where NFC is enabled on that device. 

Alternatively, if a cardholder does not have their card available, the Forgotten Card Function can be used.

Note: Access Controllers must be a Rail Industry Worker who is authorised to perform card checking. Refer to How does a company assign an Access Controller or Spot Checker?

This instruction applies to the following user roles: 

• Access Controller

TABLE OF CONTENTS

• Download the RIW App
• Access Controller Authentication
• How to start a team and swipe out a team
• Changing location of the workgroup
• Checking job roles, competencies and information of a cardholder
• Deny / Restricted Access - Site requirements
• Deny / Restricted Access - Outside Working Hours
• Cardholder blocks
• How to award competencies
• Perform a Spot Check as an Access Controller
• Forgotten Card Function
• More Options

Download the RIW App

• If using an iPhone, download the RIW App from the Apple iTunes Store here.  
• If using an Android phone, download the RIW App from the Google Play Store here.  

Access Controller Authentication

When the RIW App is opened for the first time, the Access Controller must scan their own card to start using the RIW App. 

If a virtual RIW card is loaded on the Access Controllers device, then tap on Use Vircarda.  If a virtual RIW card is successfully loaded on the device, the Access Controller will automatically be taken to the Authenticate App screen (refer below).

If no virtual RIW card is available, then tap Scan your Card. By default the RIW App will open the camera to read the QR Code.  If so, present the card and the QR code will be read automatically. 

Alternatively, tap Contactless and hold the RIW card to the back of the device (if NFC is enabled on the device) to scan the card. This can take a few seconds to read.

To ensure access to cardholder data is secured, an Access Controller will then need to request an authentication code via email or SMS the first time they log into the RIW App.  The Access Controller can select which method they prefer to receive the notification; Email or SMS by switching the toggle and tapping Send.  An authentication code will be automatically sent to the contact details registered on the Access Controllers myRIW account.  If an Access Controller needs to update their contact details prior to authentication, please click on Update Details or refer to the RIW Knowledge Centre article How can a cardholder update their contact details in myRIW?

The authentication code will be sent to the Access Controller using their preferred method.  Enter the six-digit code into the Enter Code field and tap OK.

After the code has been entered, the Access Controller can select the Network they are working on from the drop down menu.

Then select the relevant Project, Site and/or Zone (as advised by your Employer, Contractor in Charge or Network). 

Once the requirements have been set, tap Proceed.

How to start a team and swipe out a team

To start a new team, tap on the Start Team icon.

To start a team, the Access Controller must first be swiped into the site.  The Access Controller's card details will appear.  Tap Proceed to continue.

Tap Confirm Swipe after you have confirmed the Employer you are working for and the job role you will be performing. 

By default, the corresponding Network Operator job role will be displayed at the top of the list. 
If no job role is selected, the valid Network Operator job role will apply. 
If no valid Network Operator job role is held by the Access Controller, then the role will be left blank.

The Access Controller can then start to add cardholders to their team by tapping Scan Card, and either using the camera to scan the QR code (default) or choosing Contactless to read the card using NFC (on an enabled device).

Once the card has been scanned, the cardholder's profile will appear. Review the cardholder's profile to ensure the correct job role and competencies are held by the cardholder by swiping across the menus on the top of the screen. The Access Controller should check all tabs before progressing.

To swipe the cardholder onto site, select the Employer (refer to 1 in the below screenshot) the cardholder is working for from the drop down menu (if applicable) and the Job Role the cardholder will predominately be performing from the drop down menu.  

By default, the corresponding Network Operator job role will be displayed at the top of the list. 
If no job role is selected, the valid Network Operator job role will apply. 
If no valid Network Operator job role is held, then the role will be left blank.

After you have confirmed that the cardholder holds the correct prerequisites and you feel they are fit for duty, tap Confirm swipe (refer to 2 in the screenshot below).

Deny swipe can also be used if the cardholder does not hold the correct competencies or is not fit for duty. See Deny / Restricted Access below for more information on denying swipes.

The Team will now begin to form.  To add another cardholder, follow the directions above by clicking on Scan Card.

To swipe out an individual from a site, select Current Team from the home screen.

Select the cardholder from the team you wish to swipe out and select Swipe Out of Site.

As an alternative to swipe ALL cardholders out of site, go back to the main screen and tap on Current Team to list all cardholders, then tap on Swipe Out All From Site.

To log out, tap on the three dots in the top right hand corner of the screen and tap Logout.  Tap OK to exit.

IMPORTANT: This step is critical at the end of every shift to ensure the Access Controller is completely removed from the site and can then start a completely new team on the next login.

Changing location of the workgroup

To change the location of the site the Access Controller is performing their role at, the Access Controller will need to swipe out all members of the current location (using the instructions above) before selecting Location.

Select the new Project, Site and/or Zone from the drop down menu, and then Proceed to continue.

Cardholders will then need to be swiped into the new Team and location as per the instructions above.

Checking job roles, competencies and information of a cardholder

To view a cardholder's profile (including your own) click on Start Team and then select the cardholder's profile you wish to view. You can tap on the headings or swipe across the screen.

To view the cardholder's profile information, select the Card tab at the top of the screen.

To view the cardholder's valid job roles, select the Job Roles tab at the top of the screen.

To view the cardholder's valid competencies such as National, Network, Employer, Project, Site or Zone, tap on the relevant Competencies tab at the top of the screen.

Deny / Restricted Access - Site requirements

If a site competency requirement has been set and the cardholder does not meet the site requirements, then the cardholder cannot be granted access to a site or project.  The RIW App will not allow access and the only option for the Access Controller is to select Deny Swipe or OK depending the device that you are using (Apple or Android).

In the event that the Access Controller deems that the cardholder is not fit for duty, they can deny the swipe.

To deny a swipe into a site or project, select Deny Swipe. From the drop down tab, select a reason that best defines why the cardholder has been denied access.

Deny / Restricted Access - Outside Working Hours

If working hour rules have been set for the site (refer to the RIW Knowledge Centre article How does a company configure site working hours rules?), and the cardholder does not meet these requirements, then the cardholder will be automatically denied access to the site with the following warning:

Working Hour Rules include maximum working hours over a defined period, minimum rest period between shifts and maximum mid-shift break.  If a site has working hour rules applied, then a cardholder may be denied access if their recorded swipe history exceeds the applied rules.

By default the RIW App will not allow access if working hour rules have been exceeded. The Access Controller can Deny Swipe, preventing the worker from accessing site, or Override Denied Swipe to allow the cardholder site access. 

Before overriding the denied swipe, the Access Controller should undertake a risk assessment to determine if the cardholder is truly fatigued (as per the site requirements), or whether a case of forgetting to swipe out from a previous site is involved.  

The RIW System will record a "Risk Assessed Swipe In" event where an override option is chosen.

Cardholder blocks

If a cardholder holds a National Block on their profile, their profile will immediately flag the cardholder as blocked. This person cannot be granted access. 

If a cardholder holds a Network Block on their profile, and the Network they are trying to access isn’t the network where the block was placed, the Access Controller may permit them entry only if the non-blocked Network permits it.  

IMPORTANT: The Access Controller must check with the relevant Network Operator prior to permitting entry for cardholders with blocks on their profile.

How to award competencies

To award a competency to a cardholder, refer to How does an Access Controller award a competency on the RIW App?

Perform a Spot Check as an Access Controller

To conduct a spot check on a cardholder, refer to How does an Access Controller perform a spot check on the RIW App?

Forgotten Card Function

If a cardholder has forgotten their card, an Access Controller is still able to read their profile by selecting Forgotten Card.

Enter the required fields; Surname, first initial and ether the Date Of Birth or RIW Number.

After entering the details select Find.

Select the cardholder's profile and read the required details by swiping as described earlier.

More Options

By tapping on the 3 dots in the top right corner of the RIW App, additional options will be presented.

• Show card - displays the Access Controller's RIW card.
• Swipe history - displays the swipe history of every swipe that has been completed as an Access Controller, including their own swipe history.  If the Access Controller taps on the Delete Swipes option from this screen, it will delete the swipe history from their device only.  Swipe history is always maintained in the RIW System.
• Competency requirements  - allows an Access Controller too view project and site based competency and job role requirements for the Project and Site location the Access Controller is currently swiped into.
• About the app - provides the version number of the RIW App.
• Log out - swipes out the Access Controller out of the site, and logs them entirely out of the RIW App.  It is important for an Access Controller to log out at the end of their shift to ensure they can start a completely new team when they recommence work.

Article Link:

https://support.riw.net.au/support/solutions/articles/51000031507

An Access Controller is a Rail Industry Worker who has been nominated by their organisation to scan a Rail Industry Worker Card (physical or virtual) to:

• Check in and verify a Rail Industry Worker to ensure they have the appropriate, current and valid competencies to undertake work before entering a site.
• View work restrictions, blocks or suspensions associated with a Rail Industry Worker and deny access to site.
• View job roles associated with a Rail Industry Worker.
• Award site-based competencies and view pending competencies.
• Change site locations for teams or individual Rail Industry Workers.
• View shift history of a Rail Industry Worker to support fitness for duty and site working hour rules.

They perform this role by scanning a worker's RIW card using the RIW App or Web Card Reader.  

An Access Controller could be a Track Force Protection Coordinator, Protection Officer, Site Supervisor, or other supervisory role.

Article Link:

https://support.riw.net.au/support/solutions/articles/51000031580

There could be a number of reasons why a cardholder cannot access a site using their RIW card. 

• The cardholder may not have a Primary Employer or a current subscription.  Both of these are required for an RIW card to be active.

• The cardholder may be missing a required job role or competency. Please check that all required job roles or competencies on the RIW profile are valid, and have been uploaded to the correct competencies required by for the job role/s. Employer Administrators can view RIW cardholder profiles via the RIW system. RIW cardholders can view their profile via their myRIW account.

• The cardholder could be missing a site specific job role or competency required for that particular site. Please check with the Network Operator or Contractor in Charge for specific site requirements.

• The RIW cardholder may have a site, National or Network block placed on their profile. Please contact the relevant Network Operator or Contractor in Charge for assistance in this matter.

RIW Knowledge Centre Article Link:

https://support.riw.net.au/support/solutions/articles/51000029864

When a cardholder swipes into a site they become automatically and temporarily linked to the Network and the Contractor in Charge of the assigned project or site.  This linkage exists until the cardholder swipes onto another Project and/or Network. 

Minimal view-only functionality exists for linked cardholders, although the Contractor in Charge can add competencies and job roles to the cardholder while that link exists.

For more information, please refer to What are the different types of cardholder relationships in the RIW System?

If ongoing visibility is required, an association request should be sent by a company to a cardholder. Please refer to How does a company send an association request to a cardholder? if this is required.

Note: If a company sends an association request to a Rail Industry Worker and the worker has not accepted the association request, if they swipe into a site managed by the company, ongoing association will be automatically granted. The Rail Industry Worker can end the association at any time.

Article Link:

https://support.riw.net.au/support/solutions/articles/51000030129

RIW cardholders have a maximum allowance of 200 times in which they can use the forgotten card function when swiping in to site with an Access Controller. This may occur when a cardholder is unable to present their physical or virtual RIW card to the Access Controller. This allowance is reset every 12 months.

If the maximum allowance is exceeded, then the following message will appear on the Access Controller's RIW App when attempting to use the forgotten card function.

RIW cardholders should be encouraged to carry their physical RIW card or to install their virtual RIW card on their smart device.

NOTE: There is a 14 day grace period after a RIW card is first created for a cardholder, during which any number of cardless swipes can be performed. This will ensure a cardholder can access site while waiting for their card to be manufactured and posted. After 14 days, the counter commences for 200 uses.

If a cardholder has lost their card, please refer them to:

• I have lost my card. What should I do?

If a cardholder would like to install a virtual RIW card, please refer them to:

• How does a company order a physical or virtual RIW card?
• What is a virtual RIW card?

RIW Knowledge Centre Article Link:

https://support.riw.net.au/support/solutions/articles/51000047847

When arriving at a site, Access Controllers can swipe a cardholder's physical or virtual RIW card using the RIW App on their mobile device. 

The RIW App will display the valid job roles and competencies contained on the RIW cardholders profile, as well as details of any restrictions or outstanding competencies and job roles.

For more information, please refer to the RIW Knowledge Centre article RIW App for Access Controllers and RIW App for Spot Checkers.

RIW Knowledge Centre Article Link:

https://support.riw.net.au/support/solutions/articles/51000030897

Access Controllers or Spot Checkers may work in areas of poor connectivity where using the RIW App (connected to the internet) may not be possible. In this case, there are a range of approaches to read cards as follows:

Muster somewhere with internet connectivity using the RIW App 

Many users, if expecting to work at least part of the shift in connectivity “black spots” can muster somewhere with internet connectivity. The card checker swipes in each worker’s card using the RIW App on their mobile phone – physical or virtual cards (both are equally fine).

If the team then move to an area where there is no internet connectivity, any of the swiped-in worker's cards can be re-accessed simply by scanning the card again (this works for both physical and virtual cards). This retrieves the cardholder record from the app’s cache. It also confirms to the card checker WHEN the record was last synced with the RIW database. 

Any card checks being performed offline are still logged in the RIW App, and when internet connectivity is re-established, these checks and swipes get transferred to the main RIW database.

A similar approach can be done by using the RIW App to scan the QR code on the worker’s card image. This scans the workers' details into the main RIW system (if logged in to the main application) in order to collect details of the crew that are expected to start work. This can work well if the card checker will meet their crew in an area without internet connectivity and knows who will be in their team. They can then swipe in the worker's in an area of no internet connectivity using the cached records to enable this.

Using the RIW App offline

Near-Field Communication (NFC) is the technology used for all sorts of payments using your phone etc.

RIW cards are smart cards – i.e. they have an encrypted, contactless chip stored within the plastic – so they can be securely authenticated and read using the RIW App. If the card checker’s phone has NFC capabilities (and almost ALL do), the phone can be turned into a smartcard reader using NFC. This directly and securely reads the data from the card chip. This does not need any internet connectivity - so you can check people’s physical smart cards using NFC anywhere. Therefore no mustering is required.

However this will not work with virtual cards as they do not have a chip.

RIW Knowledge Centre Article Link:

https://support.riw.net.au/support/solutions/articles/51000120927

There are four methods that can be used to swipe / read a physical or virtual RIW card or visitor pass:

• RIW App (Android or iOS) 
• Web Card Reader
• PAC Reader (i.e. turnstiles and boom gates) 
• Kiosk or Tablet 

RIW App (Android or iOS) 

The RIW App allows an Access Controller to manage the workforce on site. Functions include the ability to check cardholders and visitors into site, start teams, view job roles and competencies, as well as awarding competencies such as tool box talks etc. The RIW App can be downloaded from the relevant App store. 

Web Card Reader

The Web Card Reader provides a modern and flexible addition to the RIW App. It allows an Access Controller to login and swipe visitor and cardholder cards, select and award competencies (including pending competencies) and perform spot checks. A Spot Checker can also log in with competency and swipe functionality disabled. Team features as seen in the Android and iOS apps are not available.

The web card reader runs in a browser. It is accessed via the Web Card Reader link on the RIW login screen at https://app.riw.net.au/, or direct at https://cardchecker.riw.net.au/. An active and stable internet connection must be available to use this application. For more information please refer to How to use the Web Card Reader.

PAC Reader (i.e. turnstiles and boom gates)

On some sites, a Physical Access Control (PAC) Reader may be used as part of enabling cardholders to be checked/swiped upon entering a turnstile or physical barrier. A PAC reader can be used as access control on sites and has the ability to be configured in site requirements. The PAC reader requires constant internet connection and power to allow cardholder's to swipe in/out of turnstiles/physical barriers.

Configuration is required and an installation guide is available for sites looking to use this option. Please contact the RIW Service Desk for more information.

Kiosk or Tablet 

The RIW System also integrates with RIW enabled Kiosks and Tablets for automated self-swiping of cardholders (no requirement for an Access Controller to physically swipe cardholders or visitors into site).  For more information about this, please refer to our RIW Knowledge Centre on Kiosks & Tablets.

Article link:

https://support.riw.net.au/support/solutions/articles/51000150258

This article details how an Access Controller can award a competency to a Rail Industry Worker on the RIW App.

This instruction applies to the following user roles:

• Access Controller

1	After logging in to the RIW App, tap on Award Competencies on the home screen.  The Access Controller can only award a competency that is permitted to be awarded via the RIW App.
2	Select the competency Category from the drop down list, which could be project induction, site induction or zone induction.
3	Select the required Competency from the drop down list. Tap Done.
4	Scan the RIW card of the Rail Industry Worker you wish to issue the competency.
5	When the Rail Industry Worker's profile appears, tap Award where no evidence is required to be loaded (see next step if evidence is required).
6	Tap Add Evidence if evidence is required to support the competency award. The RIW App will then give the Access Controller access to their camera to upload a photo of the evidence. Such evidence could include a pre-start, site induction , toolbox delivery record etc. After the evidence has been added click Award.
7	The competency is now awarded.   Continue to add competencies to other cardholders in your team by repeating these steps.

Article link:

https://support.riw.net.au/support/solutions/articles/51000316118