En-50126 PPT by Rambol

NEW CENELEC STANDARDS
& CSM-RA
NEW CENELEC STANDARDS & CSM-RA

2017
AGENDA
• New EN 501xx Standards
• What is new/changed/improved
• The use of CENELEC in

CSM-RA process

2017
CENELEC & CSM-RA TIMELINE
EN61508 EN61508
ENV50126 EN50126 EN50128 EN50129 EN50128 EN50126 EN50129
1995 1999 2000 2001 2003 2010 2011 2017 2018

TR50126-3
TR50126-2
2006 2007
TSI
2010 2012 2015
CSM-RA CSM-RA
352/2009 402/2013

CSM-RA 2017
1136/2015
OVERVIEW OF CURRENT RAILWAY
2007
SAFETY STANDARDS
TR 50126-2
Guide to the application of EN
50126 for safety
1999
EN 50126 Guidance
The Specification and
System Demonstration of Reliablity,
2006
Level Availablity, Maintainability and
TR 50126-3
Safety (RAMS)
Guide to the application of EN
50126 for rolling stock
2003 2007
EN 50129 TR 50506-1
Communication, signalling and processing Guide to the application of EN
systems –
Safety related electronic systems for
50129 –
signalling Part 1: Cross Acceptance
SubSystem 2011 Guidance

(Product) EN 50128 2001
TR 50506-2
2008
Communications, signalling and

processing systems - Guide to the application of EN
Software for railway control and 50129 –
protection systems Part 2: Safety Assurance
2017
OVERVIEW OF NEW RAILWAY
SAFETY STANDARDS
2017 2017
EN 50126
System The Specification and
Demonstration of Reliablity,
Guidance EN 50126-2
Systems Approach to Safety
Level Availablity, Maintainability and
Safety (RAMS)
2018 2007
EN 50129 TR 50506-1
Communication, signalling and processing Guide to the application of EN
systems –
Safety related electronic systems for
50129 –
signalling Part 1: Cross Acceptance
SubSystem 2011 Guidance

(Product) EN 50128 TR 50506-2
2008
Communications, signalling and

processing systems - Guide to the application of EN
Software for railway control and 50129 –
protection systems Part 2: Safety Assurance
2017
SAFETY STANDARDS RELATIONSHIPS
EN 50126
Entire Railway system
EN 61508 ”FUNCTIONAL SAFETY OF

ELECTRICAL/ELECTRONIC/PROGRAMMABLE
General standard
(generic) ELECTRONIC SAFETY-RELATED SYSTEMS”
EN 50129
Railway IEC 61551 Process IEC 62061, Safety of
Where no
sub-system System Sector Safety System machinery Functional
other sector/
/ Product HW+SW Standard for Safety safety of electrical/
Instrumented Systems electronic/ application
Designers, Integrators programmable control exists
Specific sector /
application EN 50128 and Users systems
SW
Railway Other sectors Other

signalling (e.g. machinery / process control)
Railway Applications 2017
Adapted after EN 50129 / IEC WG group

RAILWAY SAFETY STANDARDS - SUBSYSTEM
2017
EN 50126-1 & 2
SC9X / S-509 Railway Applications - The Specification and
Demonstration of Reliability, Availability, Maintainability
and Safety (RAMS)
SC9XA SC9XB SC9XC

2018 2017 2018
EN 50155 EN 50562
EN 50129
Process, measures and
Communication, signalling and Electronic equipment used on
demonstration of safety for
processing systems – rolling stock
electric traction systems
Safety related electronic systems
for signalling
2011 2017
EN 50128 EN 50657
Communications, signalling and Rolling stock applications -
processing systems - Software on board ofrolling stock,
Software for railway control and excluding railway control and
protection systems protection applications
Signalling Rolling Stock Fixed Installation

2017
EN 50126 OLD & NEW IN COMPARISON
Similarities New/changed Improved/detailed
• System approach for • More mature and consistent • Clear hazard identification and
RAMS classification
• CSM-RA approach
• Risk based approach • Classification of safety
• Multilevel system approach
(hierarchies) requirements
• RAMS lifecycle
• Aligned risk evaluation • Method to derive THR from
• Safety demonstration
statistics
principles • Safety demonstration
• Safety Case structure
• Safety requirements Spec.
• Modularity
• Guidance integrated part
• Handling of product/Generic /
• Clear linkage to TSI specific Application
• Safety Apportionment methods

• Key system safety roles &
responsibilities
2017
EN 50126-1
New
General
1: Scope 5: Railway RAMS 6: Management of
2: Normative reference Railway RAMS – 7: RAMS Life cycle 8: Safety Case
Normative
3: Terms & Definition general requirements
4: Abbreviation
Informative
New New
Annex C
Annex D Annex B
Risk Management Annex A
Guidance on system Examples of
Calibration and risk RAMS Plan
definition parameters for railway
acceptance categories
Bibliography

2017
EN 50126-2
General
1: Scope 7: Organisation and
2: Normative reference 8: Risk Assessment 5: Safety Process independence of
Normative
3: Terms & Definition roles
4: Abbreviation
10: Apportionment
9: Specification of
of functional safety 11: Design &
system safety
integrity Implementation
requirements
requirements
6: Safety
Demonstration
Informative
Bibliography Annex B Annex D
Annex A Annex C
Using failure and Safety Target
ALARP, GAME, MEM Guidance on SIL
accident statistics to Apportionment
Allocation
derive a THR methods
2017
PRODUCTS IN CENELEC PROCESS
EN 50126 50129/50128
• Provide the overall process for • Provide the process for development of
development of products products
• Lifecycle • Tailored system/hardware/software
development process
• Hazard identification and management
• Detailed analysis of failure and hazard
• Safety requirements identification and
control
apportionment
• SIL demonstration
• Safety target (THR, TFFR, SIL)
• Product specific implementation evidence
• Implementation evidence
• Product specific documentation
• Documentation

2017
EN 50129
General
1: Scope 4: Overview
2: Normative reference
3:Definition
5: Requirements for
6: Requirements for 8: Acceptance and
Developing electronic 7: Safety Case
external elements subsequent phases
Normative
systems
Annex C
HW component failure
modes
Annex A
Annex E Annex B
Safety Integrity Level
SIL-based techniques Management of faults
(SIL)
Annex F
Informative
Bibliography Programmable
Components

2017
CSM-RA VERSUS EN50126
CSM-RA EN 50126
• Focus on a change • Can be applied for changes and products
• Significance • Always applicable
• Emphasis on hazard identification & • Life cycle approach in hazard
control identification and control
• Hazard normally controlled by well known • Generic control of hazards
measures
• Verification and validation process
• Independent safety assessor as NSA
• Independent safety assessor to ensure
proxy
process
• Functional Safety & Safety Integrity
• RAM (dependability)

2017
CSM-RA IN SHORT
Significance evaluation
Imple-
Preliminary System
Definition
Significant
Change?
No Justify and document
decision
CSM-RA relevant ? Concept Design
mentation
Yes
EN50126
Risk
Assessment
System Definition
(Scope, Functions, Interfaces, etc.)
Risk System Definition System

The Change in short
Analysis
definition
Hazard Identification
( What can happen?, When?, Where?, How? Etc.)
Hazard Classification
(How critical?)
Broadly
Acceptable
Risk?
Yes Justify and
document decision
EN50126
Hazard identification
No
Selection
What is the risk?

of Risk Acceptance
Criteria
EN50126
Codes of Practice Similar Reference Explicit Risk

System(s) Estimation
EN50126
Risk evaluation
Similarity Identification of
Application of Analysis with
Code of Scenarios & associated
Reference Safety Measures
Practice
Hazard Record
System(s)
Qualitative Safety
Critera?
Quantitative
How to control risk
Estimate Estimate
EN50126
Frequency Severity
Estimate Risks
Risk Acceptance
Control risk EN50129/EN50128
Risk Evaluation
Comparison Comparison Comparison

with Criteria with Criteria with Criteria
No Acceptable
Risks?
No Acceptable
Risks?
No Acceptable
Risks? EN50126
Safety documentation
Yes Yes Yes
EN50129/EN50128
Safety Requirements
Risk was in control Safety Documentation

(i.e. the Safety Measures to be implemented)
Demonstration of the compliance with

the safety requirements

2017
CSM-RA SUPPORTED BY EN50126
CSM-RA The Good Process EN 50126
• The Legal framework • Hierarchical system definition model
• Detailed risk management process &
evaluation principles
• System definition
• The systematic process
• Standard lifecycle to be tailored to project
• Risk Management process
• Detailed risk management process
• Engineering process requirements
• Require systematic process
• Provide the principles for safety
documentation
• Require documentation for hazard control • Safety Case structure
• Verification & Validation process

2017
EN 50126 LIFECYCLE COMPARED TO
CSM-RA PROCESS
1
Concept
2 10 11 12
System definition Operation and De-commissioning
and Operational System Acceptance
Maintenance and Disposal
Context
3
Risk Analysis and
Evaluation
Significant
4 9
Prelim. System Definition
? CSM-RA
Specification of
System Validation
System Requirements Risk Assessment
Independent Safety Assessment

System Definition
5
Architecture and Risk Analysis
Hazard Management
Apportionment
Hazard Identification and
of System classification
Requirements
Similar
Code of Explicit Risk
Reference
6 8 Practice Estimation
System
Design and
Integration
Implementation
Risk Evaluation
vs risk acceptance criteria
7
Safety Requirements
Manufacture
Demonstration of Compliance with Safety Requirement
2017
System Definition
Railway Duty Risk analysis
Holder’s
responsibility
Risk evaluation
CSM-RA
Proposer
Contractual Arrangement
Legal framework
System requirements
Safety Measures &

Safety requirements Hazard
Additional Hazards
Hazard
Application Conditions
• Code Of practice
• Reference system
• Functional/technical/context
CENELEC
Actor System
Sub System
Supplier’s Hazard analysis
Responsibility Products
Demonstration of compliance NEW CENELEC STANDARDS & CSM-RA
2017
SYSTEM DEFINITION
Contextual Requirements
The operational environment
Functional Requirements
What the system shall do
Technical Requirements
Ensure the system function

2017
HAZARD IDENTIFICATION & ACCEPTANCE
Code Of Practice Interface
Lack of Hazards
Hazards
Reference system
HZ
Explicit Risk Evaluation
HZ
Code of HZ
Hazard Practice (3) HZ
CENELEC
HZ HZ
Hazard Code of Practice (2)
Hazard
Hazard Code of Practice (1)
HZ Hazard
HZ
Hazard
HZ Reference HZ
Hazard System
Interface
Hazards Interface definition
Hazards

2017
EXAMPLE
Hazards
CSM-RA Hazard related to Specific Appl.

Trains too close - > separate
EN50126
Block sections Specific Appl.
Indicate free/occupied Axle counter
Specific
indicate free
while occupied
Generic
Application
Hazard related to Generic Appl. SC
EN50129
EN50128 Generic
Product
Failures/Hazards in Product SC
2017
Proposer’s Hazard Record Safety Demonstration
CSM-RA System CSM-RA

Defintion CLOSE Safety
Dcoumentation
CENELEC CENELEC
Log
Register
Allocation of hazards Specific Appl. EN50126

Safety Case(s)
CENELEC
System
EN50126
Defintion
Generic Appl. EN50129
Implementation Safety Case(s)
Specifc log
Register
EN50129
Generic Product
Supplier Hazard Log Safety Case(s) EN50128
2017
APPLICATION OF CENELEC STANDARDS ON
SYSTEM/SUBSYSTEM LEVEL
Hazards identified in CSM-RA
Hazard
Hazard Hazard
EN 50126 systematic
System process
SystemIntegration
SUb EN 50129 System
Integration
Hardware Software
EN 50128 Software
development process
SIL requirement
EN 50129 Hardware
development process NEW CENELEC STANDARDS & CSM-RA
2017
HAZARD RATES & SIL - PRINCIPLE
Safety functionality
Hazard not controlled by system Hazard rate
Hazard not fully mitigated
Hazards
Functional
System Failure Hazard rate
Safety Integrity (SIL)
Functional Safety System

2017
SAFETY INTEGRITY
SIL Qualitative SIL Quantitative

Measures Target (TFFR)
Quality Safety Technical

Management Management Safety
Conditions Conditions Measures Tolerable Functional
SIL Qualitative SIL
Failure Rate
Measures
4 10-9 < TFFR < 10-8
Demonstration
Defined in 3
sector specific Compliance of 10-8 < TFFR < 10-7
standard to the Safety Integrity measures 2 Quantitative
EN50129/ 10-7 < TFFR < 10-6
Targets
EN50128
1 10-6 < TFFR < 10-5
Compliance to Basic Integrity measures

2017
CSM-RA & SAFETY CASE
CSM-RA CENELEC
What is done
Executive summary
System definition System description Introduction
1
QA System description Definition of System
2
QA Audit Quality Management Report
Safety Plan 3
Safety Management Report
Risk Management Safety Management Audit
4
Technical Safety Report
Hazard Log (activities)
5
Hazard Record Hazard Log (register)
Related Safety Cases
Evidence of implementation
6
Safety requirements Conclusion
2017
Safety Analysis
Feedback on
RAMS into
Concept
Concept Operation, Maintenance
risk analysis 11
11 Performance Monitoring
System Definition
System Definition and
and
22 System Acceptance 10
Decommissioning2
Operational Concept
Operational Concept
Risk Analysis
Risk Analysis and
and Safety
evaluation
evaluation
33
Case
1
Specification of
Specification of
System Requirements
System Requirements
44 System Validation
System Validation 99
Architecture &
Architecture &
Apportionment of
of Sys.
Sys. Req
5
Req 5
Integration
Integration 88
Apportionment
Control of Design and

and
Design
RAMS Implementation
Implementation
66 Manufacture
Manufacture 77
Requirements
2017
V & V INDEPENDENCE ARRANGEMENTS
Independent
Project Management of project Independent
Safety
Assessor
Design Verifier Validator
SIL 4 / SIL 3
OR
(Vital)
Independent Independent
Project Management of project Safety
Assessor
SIL 2 / SIL 1 Project Management Independent

Safety
Basic Integrity Assessor

2017
CENELEC & CSM-RA
New EN 50126 & EN 50129
• No Contradiction with CSM-RA – but a good Code of Practice for the process
• CENELEC -> provide the good practice
• Fill-in on products

2017
THANK YOU
QUESTIONS ?
STIG MUNCK
SGM@RAMBOLL.DK
+45 5161 6375
New CENELEC StandardS

& CSM-RA
2017

En-50126 PPT by Rambol

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

En-50126 PPT by Rambol

Încărcat de

Drepturi de autor:

Formate disponibile

NEW CENELEC STANDARDS

NEW CENELEC STANDARDS & CSM-RA

• New EN 501xx Standards

• The use of CENELEC in

NEW CENELEC STANDARDS & CSM-RA

ENV50126 EN50126 EN50128 EN50129 EN50128 EN50126 EN50129

1995 1999 2000 2001 2003 2010 2011 2017 2018

NEW CENELEC STANDARDS & CSM-RA

SubSystem 2011 Guidance

Communications, signalling and

SubSystem 2011 Guidance

Communications, signalling and

EN 61508 ”FUNCTIONAL SAFETY OF

Railway Other sectors Other

Adapted after EN 50129 / IEC WG group

SC9XA SC9XB SC9XC

Signalling Rolling Stock Fixed Installation

• Safety Apportionment methods

NEW CENELEC STANDARDS & CSM-RA

NEW CENELEC STANDARDS & CSM-RA

NEW CENELEC STANDARDS & CSM-RA

NEW CENELEC STANDARDS & CSM-RA

Risk System Definition System

What is the risk?

Codes of Practice Similar Reference Explicit Risk

Comparison Comparison Comparison

Risk was in control Safety Documentation

Demonstration of the compliance with

NEW CENELEC STANDARDS & CSM-RA

NEW CENELEC STANDARDS & CSM-RA

Independent Safety Assessment

Safety Measures &

NEW CENELEC STANDARDS & CSM-RA

NEW CENELEC STANDARDS & CSM-RA

CSM-RA Hazard related to Specific Appl.

CSM-RA System CSM-RA

Allocation of hazards Specific Appl. EN50126

Hazard not controlled by system Hazard rate

Hazard not fully mitigated

Safety Integrity (SIL)

Functional Safety System

SIL Qualitative SIL Quantitative

Quality Safety Technical

Compliance to Basic Integrity measures

NEW CENELEC STANDARDS & CSM-RA

System definition System description Introduction

Control of Design and

SIL 2 / SIL 1 Project Management Independent

NEW CENELEC STANDARDS & CSM-RA

New EN 50126 & EN 50129

• CENELEC -> provide the good practice

NEW CENELEC STANDARDS & CSM-RA

New CENELEC StandardS

S-ar putea să vă placă și