Abstract: With the continuous growth of China's railway business, railway network security and information construction have developed rapidly. There are a wide variety and a large number of railway information systems. In order to ensure the orderly development, upgrading, and transformation of railway information systems during the 14th Five Year Plan period, it is necessary to carry out quality control throughout its whole lifecycle, identify various security risks generated throughout the whole process from project approval to abolishment, and ensure the smooth operation of railway business. This paper combined the Capability Maturity Model Integration (CMMI) and the whole lifecycle to construct a railway information system quality and risk assessment system from three dimensions: lifecycle, quality, and risk assessment process, analyzed and proposed a railway information system quality risk identification checklist, which could help quickly locate its safety risk points.