RIW App for Access Controllers

This article provides an overview of the RIW App for Access Controllers and how to manage Rail Industry Workers on site.

An Access Controller is an individual in charge of swiping cardholders in and out of a work site. They can also check job roles and competencies to ensure site compliance, view work restrictions, as well as deny access to site.  This is done by scanning an RIW card using the RIW App via the QR code using the device camera, or Near Field Communication (NFC) by holding the card to the back of the device, where NFC is enabled on that device. 

Alternatively, if a cardholder does not have their card available, the Forgotten Card Function can be used.

Note: Access Controllers must be a Rail Industry Worker who is authorised to perform card checking. Refer to How does a company assign an Access Controller or Spot Checker?

This instruction applies to the following user roles: 

  • Access Controller


Download the RIW App

  • If using an iPhone, download the RIW App from the Apple iTunes Store here.  
  • If using an Android phone, download the RIW App from the Google Play Store here.  

Access Controller Authentication

When the RIW App is opened for the first time, the Access Controller must scan their own card to start using the RIW App. 


If a virtual RIW card is loaded on the Access Controllers device, then tap on Use Vircarda.  If a virtual RIW card is successfully loaded on the device, the Access Controller will automatically be taken to the Authenticate App screen (refer below).

If no virtual RIW card is available, then tap Scan your Card. By default the RIW App will open the camera to read the QR Code.  If so, present the card and the QR code will be read automatically. 

Alternatively, tap Contactless and hold the RIW card to the back of the device (if NFC is enabled on the device) to scan the card. This can take a few seconds to read.

To ensure access to cardholder data is secured, an Access Controller will then need to request an authentication code via email or SMS the first time they log into the RIW App.  The Access Controller can select which method they prefer to receive the notification; Email or SMS by switching the toggle and tapping Send.  An authentication code will be automatically sent to the contact details registered on the Access Controllers myRIW account.  If an Access Controller needs to update their contact details prior to authentication, please click on Update Details or refer to the RIW Knowledge Centre article How can a cardholder update their contact details in myRIW?


The authentication code will be sent to the Access Controller using their preferred method.  Enter the six-digit code into the Enter Code field and tap OK.

After the code has been entered, the Access Controller can select the Network they are working on from the drop down menu.

Then select the relevant Project, Site and/or Zone (as advised by your Employer, Contractor in Charge or Network). 

Once the requirements have been set, tap Proceed.

How to start a team and swipe out a team

To start a new team, tap on the Start Team icon.

To start a team, the Access Controller must first be swiped into the site.  The Access Controller's card details will appear.  Tap Proceed to continue.

Tap Confirm Swipe after you have confirmed the Employer you are working for and the job role you will be performing. 

By default, the corresponding Network Operator job role will be displayed at the top of the list. 
If no job role is selected, the valid Network Operator job role will apply. 
If no valid Network Operator job role is held by the Access Controller, then the role will be left blank.

The Access Controller can then start to add cardholders to their team by tapping Scan Card, and either using the camera to scan the QR code (default) or choosing Contactless to read the card using NFC (on an enabled device).

Once the card has been scanned, the cardholder's profile will appear. Review the cardholder's profile to ensure the correct job role and competencies are held by the cardholder by swiping across the menus on the top of the screen. The Access Controller should check all tabs before progressing.

To swipe the cardholder onto site, select the Employer (refer to 1 in the below screenshot) the cardholder is working for from the drop down menu (if applicable) and the Job Role the cardholder will predominately be performing from the drop down menu.  

By default, the corresponding Network Operator job role will be displayed at the top of the list. 
If no job role is selected, the valid Network Operator job role will apply. 
If no valid Network Operator job role is held, then the role will be left blank.

After you have confirmed that the cardholder holds the correct prerequisites and you feel they are fit for duty, tap Confirm swipe (refer to 2 in the screenshot below).

Deny swipe can also be used if the cardholder does not hold the correct competencies or is not fit for duty. See Deny / Restricted Access below for more information on denying swipes.

The Team will now begin to form.  To add another cardholder, follow the directions above by clicking on Scan Card.

To swipe out an individual from a site, select Current Team from the home screen.

Select the cardholder from the team you wish to swipe out and select Swipe Out of Site.

As an alternative to swipe ALL cardholders out of site, go back to the main screen and tap on Current Team to list all cardholders, then tap on Swipe Out All From Site.

To log out, tap on the three dots in the top right hand corner of the screen and tap Logout.  Tap OK to exit.

IMPORTANT: This step is critical at the end of every shift to ensure the Access Controller is completely removed from the site and can then start a completely new team on the next login.

Changing location of the workgroup

To change the location of the site the Access Controller is performing their role at, the Access Controller will need to swipe out all members of the current location (using the instructions above) before selecting Location.

Select the new Project, Site and/or Zone from the drop down menu, and then Proceed to continue.

Cardholders will then need to be swiped into the new Team and location as per the instructions above.

Checking job roles, competencies and information of a cardholder

To view a cardholder's profile (including your own) click on Start Team and then select the cardholder's profile you wish to view. You can tap on the headings or swipe across the screen.

To view the cardholder's profile information, select the Card tab at the top of the screen.

To view the cardholder's valid job roles, select the Job Roles tab at the top of the screen.

To view the cardholder's valid competencies such as National, Network, Employer, Project, Site or Zone, tap on the relevant Competencies tab at the top of the screen.

Deny / Restricted Access - Site requirements

If a site competency requirement has been set and the cardholder does not meet the site requirements, then the cardholder cannot be granted access to a site or project.  The RIW App will not allow access and the only option for the Access Controller is to select Deny Swipe or OK depending the device that you are using (Apple or Android).

In the event that the Access Controller deems that the cardholder is not fit for duty, they can deny the swipe.

To deny a swipe into a site or project, select Deny Swipe. From the drop down tab, select a reason that best defines why the cardholder has been denied access.

Deny / Restricted Access - Outside Working Hours

If working hour rules have been set for the site (refer to the RIW Knowledge Centre article How does a company configure site working hours rules?), and the cardholder does not meet these requirements, then the cardholder will be automatically denied access to the site with the following warning:

Working Hour Rules include maximum working hours over a defined period, minimum rest period between shifts and maximum mid-shift break.  If a site has working hour rules applied, then a cardholder may be denied access if their recorded swipe history exceeds the applied rules.

By default the RIW App will not allow access if working hour rules have been exceeded. The Access Controller can Deny Swipe, preventing the worker from accessing site, or Override Denied Swipe to allow the cardholder site access. 

Before overriding the denied swipe, the Access Controller should undertake a risk assessment to determine if the cardholder is truly fatigued (as per the site requirements), or whether a case of forgetting to swipe out from a previous site is involved.  


The RIW System will record a "Risk Assessed Swipe In" event where an override option is chosen.

Cardholder blocks

If a cardholder holds a National Block on their profile, their profile will immediately flag the cardholder as blocked. This person cannot be granted access

If a cardholder holds a Network Block on their profile, and the Network they are trying to access isn’t the network where the block was placed, the Access Controller may permit them entry only if the non-blocked Network permits it.  

IMPORTANT: The Access Controller must check with the relevant Network Operator prior to permitting entry for cardholders with blocks on their profile.

How to award competencies

To award a competency to a cardholder, refer to How does an Access Controller award a competency on the RIW App?

Perform a Spot Check as an Access Controller

To conduct a spot check on a cardholder, refer to How does an Access Controller perform a spot check on the RIW App?

Forgotten Card Function

If a cardholder has forgotten their card, an Access Controller is still able to read their profile by selecting Forgotten Card.

Enter the required fields; Surname, first initial and ether the Date Of Birth or RIW Number.


After entering the details select Find.

Select the cardholder's profile and read the required details by swiping as described earlier.

More Options

By tapping on the 3 dots in the top right corner of the RIW App, additional options will be presented.

  • Show card - displays the Access Controller's RIW card.
  • Swipe history - displays the swipe history of every swipe that has been completed as an Access Controller, including their own swipe history.  If the Access Controller taps on the Delete Swipes option from this screen, it will delete the swipe history from their device only.  Swipe history is always maintained in the RIW System.
  • Competency requirements  - allows an Access Controller too view project and site based competency and job role requirements for the Project and Site location the Access Controller is currently swiped into.
  • About the app - provides the version number of the RIW App.
  • Log out - swipes out the Access Controller out of the site, and logs them entirely out of the RIW App.  It is important for an Access Controller to log out at the end of their shift to ensure they can start a completely new team when they recommence work.



Article Link:


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.