Safety & Security

Compliance is the prerequisite to any activity we perform, whether in day-to-day operations, maintenance, or administrative support functions. All the processes, procedures, task instructions, and standards must be fully compliant with applicable regulations (FRA, OSHA, NORAC, DOT), and it is our responsibility to ensure that any changes in relevant laws and standards are communicated and implemented promptly. This includes the establishment of appropriate governance processes for monitoring compliance levels and a comprehensive audit program.

In the first two years (2022–2023), we will conduct an independent review of all company practices and procedures and take corrective action to address any observed gaps. Additionally, any remaining safety-critical activities – from asset inspection procedures to staff competence assessments – will move to a digital record environment. This shift will enhance our ability to automatically track compliance and flag expirations or instances of non-compliance.

While compliance with legal and regulatory standards is critical, it also represents a minimum baseline achievement. In year three (2024) of this business plan, KCS strives to exceed baseline compliance in identified areas through the implementation of a best-in-class competence management system.

Risk Management in the context of our strategic plan refers to the process by which we (1) assess the condition of the operation relative to our defined risk tolerance, and (2) take appropriate action to mitigate that risk to within acceptable range.

Commencing in year one, KCS is developing a robust risk register that will serve as a dynamic and evolving working document to guide decisions about resource prioritization with the goal of reducing risk to an acceptable level.

The process of building a robust risk register starts with constructing a single risk framework to allow for the promotion and demotion of risks across the register(s), spanning from departmental to strategic sub-registers. With a common set of definitions and standards in place, we will develop a set of risk tools that include tactical to operational risk management plans.

A risk register is a dynamic business tool rather than a static exercise, and we will cascade the registers to all relevant members of the organization. Periodic review is essential for obtaining feedback, assigning ownership, and documenting the appropriate action or response.

We will design a business reporting system in year one, which we expect will be launched and embedded in years two and three. This system will feed the risk registers and allow for all near-miss events and hazards to be identified and mitigated.

In turn, KCS will establish regular review meetings throughout different levels of the organization to maximize and emphasize the collective responsibility and individual accountability for risk management activities.

Because risk management does not equate to risk elimination, a robust risk management system must also include a defined investigation process. This important process must include an impartial system of checks and balances to verify the accuracy of the findings and recommendations and to effectively manage threats and errors.

While some portions of our workforce are governed by federal Hours of Service regulations that limit the number of hours worked and mandate rest periods, our entire operation would benefit from the introduction of a comprehensive fatigue risk management system for Hours-of-Service and non-Hours-of-Service personnel alike. KCS will be working with industry and labor partners, together with specialists in fatigue management, to lay the groundwork for its introduction of a robust fatigue risk management system.

While taking many forms, Human Factors in our safety context involves developing an understanding of the interconnectivity between the liveware, hardware, and software components of our operating environment and how those relationships impact behavior. Integrating human factors with our strategic planning will be an important step in maturing the safety culture and better understanding the true “system” nature of our operations.

The first step to integrating the concept of human factors into the KCS safety culture will be to better understand how people make decisions and perform cognitively complex functions in demanding, real-world situations. This includes situations affected by time constraints, uncertainty, high stakes, team and organizational challenges, unstable conditions, and varying amounts of experience.

We will begin by conducting incident reviews through the foregoing lens with the ultimate goal of procedure development that integrates human factors principles. When used appropriately, automated processes are an effective tool in reducing the human risk factors that are inherent in certain tasks. This does not necessarily mean removing people from the process, but rather helping individuals focus their time, effort, and attention on those portions of their job in which the human element is critical to achieving the desired outcome safely.

Where the human element is critical to achieving the desired outcome safely, KCS will introduce human factors test planning that specifically targets ergonomic, user-centered design and Human-Machine Interfaces, and integrate these principles into project- and change-management activities.

Drawing from wider industry best practice, we will also introduce training and maintenance resource management concepts (T/MRM) to reduce the incidence of human error, improve situational awareness, and better equip our workforce to make informed and desired decisions in stressful situations.

At the appropriate point during the safety business plan, targeted by the end of 2023, KCS intends to develop a specific human factors expertise.

An effective safety system should also include an Assurance component. Assurance is the process by which an organization assesses the extent to which its policies, procedures, and practices are driving desired behaviors and outcomes. There are a variety of means by which an organization can confirm that it is “walking the walk,” including performing systematic effectiveness audits; analyzing threat and error coding; developing, monitoring, and analyzing leading (as opposed to lagging) indicator metrics; and verifying compliance with applicable laws, regulations, and related legal obligations.

Finally, equipping appropriate members of the business with effective change management processes and tools is not only important for overall system safety, but also as part of a truly integrated assurance process. The KCS assurance program will be embedded in a safety system structure based on the ISO 45001 international occupational health and safety management system standard.

Promoting a safe environment for our employees and passengers includes a focus on security. While the MBTA maintains primary accountability for the security of the commuter rail network, KCS still has an important role to play.

The deployment of robust access-control features is a core element of securing company assets and facilities. KCS will perform a systematic review of existing access controls and, where appropriate, deploy technological solutions to monitor and control asset access, condition and personnel rights. As the railroad environment transitions to an increasingly digital one, the importance of integrating cybersecurity, data protection protocols, and resiliency into our overall strategy – in all areas of the business – is critical for maintaining safety, ensuring business continuity, and safeguarding protected information.

While written response plans and procedures are an important foundation for any type of security and/or emergency response strategy, conducting response drills is a beneficial addition to the effectiveness of overall response preparedness. KCS will conduct security response drills to provide relevant personnel with practical response experience while at the same time determining whether there are opportunities for increased optimization. By the end of 2023, it is our intention to develop our emergency response expertise to consolidate accountability for planning, preparing for, and facilitating our response to operational, safety, and security incidents.