IT reliability


The risk that, due to delays in the implementation of the migration strategy, a lack of expertise and a lack of capacity, our IT systems will not satisfy the operational and IT security requirements, as a result of which we are unable to achieve our strategic goals or guarantee the continuity of our services.


To run our timetable and deliver our service to our customers, reliable IT systems are needed. IT is an increasingly important and critical factor in the management of our operations, in particular in the provision of information for our passengers. To facilitate this, it is important that old IT systems are replaced and that current and new IT systems run on a stable, efficient and scalable IT infrastructure. Otherwise, this could lead to operational disruptions. We are dependent for this to some extent on the performance of our suppliers. Cyber risks are also becoming more of a threat as IT is used increasingly in applications aboard trains, in the infrastructure and so forth. The rail sector is becoming more digital in nature and therefore more vulnerable to cyber risks.


NS is carrying out the Head Start (Voorsprong) project, which should safeguard the continuity of IT within NS. Furthermore, various older business applications are still running within NS. The decision has been made to replace these rather than improve them. We have set up separate programmes for highly critical systems. The Resilient (Weerbaar) programme is our answer to the increased cyber risk. In that regard, we are identifying the IT risks in the travel chain. Portfolio management has been set up within IT to improve the focus in the IT project portfolio and the allocation of scarce resources. This will help achieve the IT objectives and keep the costs under control.

Risk control trend

Many applications have been transferred to a stable IT platform thanks to the Head Start project. Upgrading old applications to satisfy current and future wishes is not going as fast as we would like. Portfolio management within IT has helped improve priority setting and the overall management of IT projects and programmes. NS is highly dependent on suppliers. Cyber risks are also increasing. The overall level of control is the same.

Residual risk

Medium. The current risk profile does not yet match the desired risk profile.