Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk management in complex railway systems

Published byBrianne Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk management in complex railway systems"— Presentation transcript:

1 Risk management in complex railway systems
considering the human factor Presentation for the 19th International Railway Safety Conference Deutsche Bahn AG, Germany Fritz Schröder and Rüdiger Püttner Divisions TBS and TTZ 111 Båstad, September 2009

2 Table of contents 1. 1 Risk management in complex railway systems 2.
2 Quantification of the human factor 2. 3. 4. 5. 6. 7. 8.

3 Safety as the basic principle of railway systems
RESPONSIBILITY FOR SAFETY 1. Railway companies are required to ensure the safety of operating and the safety of construction and maintenance of their infrastructure, their vehicles and their equipment 2. Safety is the absence of indefensible risks (IEC 61508) Risk = frequency of occurrence x consequence The risk of suffering damages caused by railway systems has to be reduced to an acceptable level Which level is acceptable? 3. frequency of occurrence very high intolerable high middle undesirable low tolerable very low insignificant at zero inconsequential marginal critical catastrophic consequence 4. 5. 6. 7. 8.

4 Risk acceptance criteria (RAC)
Technical systems have to fail to the safe side RISK CATEGORY I: TECHNICAL SYSTEM 1. Requirement Technical systems have specific failure rates. With less than 10-9 failures per operating hour, signaling equipment generally procures the lowest failure rates. In individual cases it is possible to downscale even this failure rate. 2. 3. 4. Risk acceptance criteria (RAC) 5. RAC for technical systems are almost defined. 6. 7. Technical systems must fail to the safe side (fail-safe-principle). Is it necessary to consider the fallback system for assessment of the technical system? 8.

5 Rules have to comply with the users' requirements of quality
RISK CATEGORY II: RULES 1. Requirement Rules must give instructions: correctly, completely, understandably and currently. One single error may not cause a disaster. 2. 3. 4. 5. RAC RAC for rules only consist of general requirements. 6. 7. How can we ensure that the rules fulfill this demands? What does this mean to the author of this rules? 8.

6 Personnel has to comply with the operating requirements of railway systems
RISK CATEGORY III: HUMAN 1. Requirement Railway systems make high demands on the personnel: They have to pass qualifying examinations. They have to pass medical checkups. They have to prove their knowledge by passing exams. They have to show that they are able to realize their skills. 2. 3. 4. 5. RAC RAC for human factor have to be adapted on the basis of general values. 6. 7. What is the human error rate in spite of these requirements? Which influences have an effect on this error rate? How can we reduce this error rate? 8.

7 Comparison of safety levels
Common safety methods are a consistent way to evaluate railway systems COMMON SAFETY METHODS (CSM) DECREED BY EU 1. Observation of rules The railway system is safe if it complies with the laws, the TSI and other rules. It is a precondition that these rules are safe. 2. 3. 4. Comparison of safety levels The railway system is safe when its safety level is at least as high as the safety level of an established railway system. It is a precondition that this established system is accepted by the stakeholders 5. 6. 7. Risk assessment The railway system is safe when a risk assessment proves the compliance of the risk acceptance criteria (RAC). It is a precondition that RAC are already defined. 8.

8 Identification of potential risks
BASIC RISK CATEGORIES 1. To identify potential risks, it is necessary to analyze the three basic risk categories 2. Rules Human Technical system Technical system: Safety functions are executed by technical systems. Rules: Rules define how to operate technical systems. Human: Humans execute rule based safety functions by operating the technical system. Risks may result from each of the risk categories or from their interdependency 3. 4. 5. 6. 7. 8.

9 How can we reach an Europe-wide validity of common safety targets?
COMMON SAFETY TARGETS (CST) DECREED BY EU 1. CST If the railway companies would reach comparable safety levels AND if these safety levels would be broadly accepted, we could deduce the RAC from the accident statistics. 2. 3. 4. Overall view Rules Human Technical system Rules Human Technical system 5. 6. 7. The separate consideration of one risk category can not detect the general risk of a railway system. Therefore it is necessary to develop a method which allows an overall view. 8.

10 Inhaltsübersicht 1. 1 Risk management in complex railway systems 2.
2 Quantification of the human factor 2. 3. 4. 5. 6. 7. 8.

11 Combination of safety operations and safety functions
To quantify the effectiveness of a safety barrier its functional type should be considered Safety functions of technical systems quantification by RAMS-data quantification by using relevant databases / experience quantification by failure rates or probabilities Safety operations with operational functionalities classification by considering rules Combination of safety operations and safety functions demands a correlation of technical based rates and the safety related quantification of human actions Safety operations with human actions (usually executed by railway staff) classification by considering human factors

12 Human error probability
Human actions and human error probability What are the impacts? How do human characteristics and behaviour affect the human error probability? (human aspects) How do complex or innovative tasks affect the human error probability? (task aspects) How do error-promoting situations and factors affect the human error probability? (environmental aspects) How does stress affect the human error probability? Human Environment Task Human error probability Stress Fotos: Maximilian Lautenschläger Heiner Mülller-Elsner

13 Which aspects should be considered?
Human aspects staff fulfilling tasks should be adequately physically and mentally capable persons (physical properties) education and training (cognitive properties) social properties Task aspects described in operational rule books or scenarios existing and available rules simple but varying tasks Environmental aspects positive conditions reduce the human error probability Stress aspects monotony difficult environment too little or too much stress Fotos: Christian Bedeschinski

14 Consideration and calculation
Approach: How to quantify the impacts on human actions? This is a proposal for reduction/increasing factors for barriers realized by human actions: Three reduction factors: Existence = factor 0,1 Absence = factor 1 One increasing factor: Existence = factor 10 Human aspect Consideration and calculation Yes/existence E=0,1 No/absence E=1 Education and training E Yes/existence T=0,1 No/absence T=1 Simplicity of task T Yes/existence C=0,1 No/absence C=1 Good environmental conditions C Yes/existence S=10 No/absence S=1 Stress S Reduction factor: Fred = E · T · C · S Range: ≤ Fred ≤ 1 assumed initially staff is not able to perform any notable reduction on hazard rates (Fred i =1) The range is applicable together with reduction factors of technical systems (e.g. Fred of train control systems ≈10-7)

15 How to combine rule based human action & technical systems?
Execution of a safety barrier by both: rule based human action & technical systems Example: A diagnostic system recommends a safety operation, which has to be executed by staff: Onboard system triggers fire-alarm – staff stops the vehicle and initializes a rescue programme Approach: Estimation / calculation of the reduction factors Estimation of the safety related contributions and apportionment: Human action (rule based) Technical function Calculation of the resulting reduction factor Fred human Fred technical Fred res

16 Limitations of this approach Comparison with other analyses
can approximate only classifies uses “yes / no” decisions only Compared with other analyses Example train driver: train has to stop at “red” signal: Example dispatcher: approval of track occupancy Bubb, Heiner (ed.), „Ergonomy and traffic safety“, Presentation at the autumn conference 2000 in TU Munich, Herbert Utz publisher, 2000 Education and training Yes E= 0,1 Simplicity of task T= 0,1 Good environmental conditions C= 0,1 Stress No S= 1 F red = 10-3 F red = 10-3 Hinzen, Albrecht „The influence of human error on the safety of railways “, VIA - RWTH Aachen, book 48, 1993 Education and training Yes E= 0,1 Simplicity of task T= 0,1 Good environmental conditions C= 0,1 Stress No S= 1 F red = 10-3 F red = 10 -3

17 A pragmatic approach to quantify human safety functions to mitigate hazard rates
Thank You!

18 Backup

19 Different barriers in an event tree (1)
Safety functions/operations can be understood as barriers in event trees which determine accident rates Example of an event tree (excerpt of project ROSA [1]) EXCERPT Loss of train integrity Barrier: mainte-nance of RS Loss of parts/sepa-ration of train Accident to person caused by RS in motion Damage of casing of train (both part of trains) Person falls out of train NF: (self-) rescue of person Barrier: prevention of falling of person Barrier: closure of dangerous zone Accident Rear-end collision Barrier: human attention TD NF: single coach train Div. neutralizing factors Initial hazard Barrier Neutralizing factor Situation, explanation Accident Other branches [1] ROSA CCA, DB AG/TU Dresden, 2008

20 Div. neutralizing factors
Different barriers in an event tree (2) Example of an event tree (excerpt of project ROSA [1]) Combined barrier: Rule based human action + techn. system Combined barrier: Rule based human action + techn. system Technical system Loss of train integrity Barrier: mainte-nance of RS Loss of parts/sepa-ration of train Accident to person caused by RS in motion Damage of casing of train (both part of trains) Person falls out of train NF: (self-) rescue of person Barrier: prevention of falling of person Barrier: closure of dangerous zone Accident Rear-end collision Barrier: human attention TD NF: single coach train Div. neutralizing factors Barrier by skill/rule based human action [1] ROSA CCA, DB AG/TU Dresden, 2008

21 Div. neutralizing factors
Calculation of an event tree Example of an event tree (excerpt of project ROSA [1]) Fred1 Fred2 Fred3 Initial Hazard rate HR0 Red. Hazard rate HR1 Red. Hazard rate HR2 Red. Hazard rate HR3 Final Accid. rate ARA Loss of train integrity Barrier: mainte-nance of RS Loss of parts/sepa-ration of train Accident to person caused by RS in motion Damage of casing of train (both part of trains) Person falls out of train NF: (self-) rescue of person Barrier: prevention of falling of person Barrier: closure of dangerous zone NF: single coach train Div. neutralizing factors Formula: HRn+1 = HRn · (1-Fred n) [1] ROSA CCA, DB AG/TU Dresden, 2008

Download ppt "Risk management in complex railway systems"

Similar presentations

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
The Relationship between Nuclear Safety, Security and Safeguards

The Relationship between Nuclear Safety, Security and Safeguards
1 Risk-based Evaluations and Trends of Railway Casualty Accidents on the National Railway of South Korea International Railway Safety Conference 2007.

1 Risk-based Evaluations and Trends of Railway Casualty Accidents on the National Railway of South Korea International Railway Safety Conference 2007.
Vancouver, October 08th 2013 DB Systemtechnik GmbH Marc Geisler The challenge of transforming a rule-based system into a risk-based culture on an example.

Vancouver, October 08th 2013 DB Systemtechnik GmbH Marc Geisler The challenge of transforming a rule-based system into a risk-based culture on an example.
Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.

Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.
6/23/2015 Risk-Informed Process and Tools for Permitting Hydrogen Fueling Stations Jeffrey LaChance 1, Andrei Tchouvelev 2, and Jim Ohi 3 1 Sandia National.

6/23/2015 Risk-Informed Process and Tools for Permitting Hydrogen Fueling Stations Jeffrey LaChance 1, Andrei Tchouvelev 2, and Jim Ohi 3 1 Sandia National.
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
Measuring and Managing Operational Risk. 2 Assessing Operational Risk Exposure Required Process of Continuous Risk Assessment, Monitoring and Reporting.

Measuring and Managing Operational Risk. 2 Assessing Operational Risk Exposure Required Process of Continuous Risk Assessment, Monitoring and Reporting.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Pipeline Qra Seminar Title slide Title slide.

Pipeline Qra Seminar Title slide Title slide.
CURRENT RESEARCH AND INDUSTRIAL APPLICATIONS OF INTEGRATED SRA AND QRA MODELS Philip Smedley.

CURRENT RESEARCH AND INDUSTRIAL APPLICATIONS OF INTEGRATED SRA AND QRA MODELS Philip Smedley.
Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia.

Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia.
Industrial Automation

Industrial Automation
Building Internally Consistent Compensation Systems

Building Internally Consistent Compensation Systems
S/W Project Management

S/W Project Management
Ship Recycling Facility Management System IMO Guideline A.962

Ship Recycling Facility Management System IMO Guideline A.962
Frequency analysis and scenario development

Frequency analysis and scenario development
Torrington, Hall & Taylor, Human Resource Management 6e, © Pearson Education Limited 2005 Slide 22.1 Protection from Hazards Conflict between needs for.

Torrington, Hall & Taylor, Human Resource Management 6e, © Pearson Education Limited 2005 Slide 22.1 Protection from Hazards Conflict between needs for.
Company duties under the ISM Code

Company duties under the ISM Code

Similar presentations

Ads by Google