Presentation is loading. Please wait.

Presentation is loading. Please wait.

Challenges and Successes of Independent Safety Assessment on New CBTC Railways Paul Cheeseman Technical Programme Delivery Ltd

Similar presentations


Presentation on theme: "Challenges and Successes of Independent Safety Assessment on New CBTC Railways Paul Cheeseman Technical Programme Delivery Ltd"— Presentation transcript:

1 Challenges and Successes of Independent Safety Assessment on New CBTC Railways Paul Cheeseman Technical Programme Delivery Ltd © TPD 2014

2 Overview  The scale of the problem.....  The ISA role  Acceptance into service Case study © TPD 2014 Cross acceptance + Reference system = Cost and time effective success!

3 © TPD 2014

4 Independent Assessment “Your organization must ensure that activities are reviewed by competent people who are not involved with the activities concerned.” iESM Principle © TPD 2014 Free download from

5 ISA – Project interface 1. Product / System / Project development, (design, build, test, etc.) 2. iESM activities (risk evaluation, risk control, safety argument, etc.) 3. Independent Assessment (checking and certification) © TPD 2014

6 Risk-based: “In this situation, with these assumptions, caveats and dependencies this is adequate” A judgement based on professional opinion, supported by objective evidence of process, inspection of output and compliance with standards Compliance-based: “This complies with the specified standard” A statement of fact where no judgement, risk assessment or test of reasonable practicability is necessary Assessment or Certification? © TPD 2014

7 Compliant, but hazards still exist © TP D 201 4

8 1. Applying standards  Before deciding that just referring to standards is enough, make sure that: :  They are acknowledged to represent good practice in the railway sector;  All of the risk associated with the hazard is covered by the standards;  The standards cover the specific application;  There are no obvious and straightforward ways of reducing risk further.  But standards seldom show which risks they are addressing (IEEE1474 is a notable exception) © TPD 2014

9 Acceptance into service © TPD 2014 “Your organization must demonstrate that risk has been controlled to an acceptable level.” “Your organization must support this demonstration with objective evidence.” iESM Principle Free download from

10 EN50129 CENELEC Scope of Safety Cases © TP D Wayside On board CBTC System GASC SASC

11 Generic features - GASC  A Wayside system (ZC) that implements a SIL4 trains management system (Movement Authority, safe trains separation, safe interface with SIL 4 Interlocking system).  An On-Board system (CC and tags) that implements a SIL4 ATP and localization system. © TPD 2014

12 So to the first specific application.. Chengdu Line 1 SASC: 1.Core CBTC with a subset of equipment and functions defined as iATPM (intermittent ATP mode). 2.Core CBTC with the communication between the trains and the wayside equipment defined as ATPM with limited AM. 3.Additional functionality leading to full AM CBTC with ATO © TPD 2014

13 Step #1 Cross Acceptance © TPD 2014 “Where a similar product has been found safe in a similar environment and approved for use in that environment, your organization may use that approval as evidence for the safety of new products and new applications of products but it must identify and allow for the differences between the products and between their environments.” iESM Principle CENELEC TR Free download from

14 © TPD 2014

15 Specific application differences  GA Safety-related Constraints (SRC)  GA functions not implemented  Site specific hazard identification focussing on:  Different train interfaces  Local products e.g. PSD, axle counter  Operator preferences (e.g. blue / dark signal aspect for CBTC, driver display)  Site specific verification and validation  Plus lessons learnt from DRACAS © TPD 2014

16 Chengdu Line 1 © TPD 2014 August 2011

17 Step #2 Reference System  A Reference System shall at least satisfy following:  it has already been proven in-use to have an acceptable safety level and would still qualify for acceptance;  it has similar functions and interfaces as system under assessment;  it is used under similar operational conditions as system under assessment;  it is used under similar environmental conditions as system under assessment. © TPD 2014 Free download from

18 CBTC roll out using reference system Specific Application Safety Case Chengdu Line 1 Generic Application Safety Case for core system Chengdu Line 2 Reference to CDL 1 plus specific application hazard management Xian Line 2 Hangzhou Line 1 Hangzhou Line 2 Zhengzhou Line 1 DRACAS data © TPD 2014 Cross Acceptance

19 The key issues for the assessment  Is a function generic or specific?  If its generic, are there any limitations (Safety-related Constraints)  If its specific, is it different to before?  If its different, does it matter?  If it matters, where is the evidence in SASC to demonstrate safety? © TPD 2014

20 Summary 1.Establish firm GA and reference baselines 2.Specify (target) application and environment 3.Identify key differences 4.Specify any technical, operational and procedures adaptations 5.Manage the risk associated with the differences 6.Produce a credible a safety argument 7.Goto 1 © TPD 2014


Download ppt "Challenges and Successes of Independent Safety Assessment on New CBTC Railways Paul Cheeseman Technical Programme Delivery Ltd"

Similar presentations


Ads by Google