No specific model is imposed by law. ERA however recommends to apply the auditing principles set out in ISO 19011.
National safety authorities can enforce the compliance with any safety regulatory requirement using supervision, including the implementation of risk control measures issued from the risk assessment of the railway undertakings and infrastructure managers. Therefore enforcement measures such as limitation of validity of safety certificate/authorisation or revocation/suspension of current safety certificates/ authorisations are possible.
The CSM on Monitoring is addressed to railway undertakings, infrastructure managers and entities in charge of maintenance (ECMs) and describes the harmonised process to be applied for the monitoring of their safety management system (for railway undertakings and infrastructure managers) and maintenance system (for ECMs) whereas the CSM on Supervision is addressed exclusively to the national safety authorities and describes the harmonised process to be set out to oversee the safety performance of the railway undertakings and infrastructure managers.
Yes. Additional inspections could originate from a state program (national standards), complaints, new risk areas, change of priority because of change of risk area etc.
One of the key principles of the supervision regime is targeting those activities which the national safety authority believes give rise to the most serious risks or where the hazards are least well-controlled and setting priorities for those activities. This also includes scrutiny for less serious non-compliance (i.e. issues) to safety management system requirements. Focusing on key issues is therefore antagonistic with the approach of supervising all aspects of a safety management system without any targeting or prioritisation.