Documente Academic
Documente Profesional
Documente Cultură
& CSM-RA
• What is new/changed/improved
EN61508 EN61508
TR50126-2
2006 2007
TSI
2010 2012 2015
CSM-RA CSM-RA
352/2009 402/2013
2003 2007
EN 50129 TR 50506-1
Communication, signalling and processing Guide to the application of EN
systems –
Safety related electronic systems for
50129 –
signalling Part 1: Cross Acceptance
2018 2007
EN 50129 TR 50506-1
Communication, signalling and processing Guide to the application of EN
systems –
Safety related electronic systems for
50129 –
signalling Part 1: Cross Acceptance
EN 50126
Entire Railway system
EN 50129
Railway IEC 61551 Process IEC 62061, Safety of
Where no
sub-system System Sector Safety System machinery Functional
other sector/
/ Product HW+SW Standard for Safety safety of electrical/
Instrumented Systems electronic/ application
Designers, Integrators programmable control exists
Specific sector /
application EN 50128 and Users systems
SW
2011 2017
EN 50128 EN 50657
Communications, signalling and Rolling stock applications -
processing systems - Software on board ofrolling stock,
Software for railway control and excluding railway control and
protection systems protection applications
New
General
1: Scope 5: Railway RAMS 6: Management of
2: Normative reference Railway RAMS – 7: RAMS Life cycle 8: Safety Case
Normative
3: Terms & Definition general requirements
4: Abbreviation
Informative
New New
Annex C
Annex D Annex B
Risk Management Annex A
Guidance on system Examples of
Calibration and risk RAMS Plan
definition parameters for railway
acceptance categories
Bibliography
General
1: Scope 7: Organisation and
2: Normative reference 8: Risk Assessment 5: Safety Process independence of
Normative
3: Terms & Definition roles
4: Abbreviation
10: Apportionment
9: Specification of
of functional safety 11: Design &
system safety
integrity Implementation
requirements
requirements
6: Safety
Demonstration
Informative
Bibliography Annex B Annex D
Annex A Annex C
Using failure and Safety Target
ALARP, GAME, MEM Guidance on SIL
accident statistics to Apportionment
Allocation
derive a THR methods
NEW CENELEC STANDARDS & CSM-RA
2017
PRODUCTS IN CENELEC PROCESS
EN 50126 50129/50128
• Provide the overall process for • Provide the process for development of
development of products products
• Lifecycle • Tailored system/hardware/software
development process
• Hazard identification and management
• Detailed analysis of failure and hazard
• Safety requirements identification and
control
apportionment
• SIL demonstration
• Safety target (THR, TFFR, SIL)
• Product specific implementation evidence
• Implementation evidence
• Product specific documentation
• Documentation
5: Requirements for
6: Requirements for 8: Acceptance and
Developing electronic 7: Safety Case
external elements subsequent phases
Normative
systems
Annex C
HW component failure
modes
Annex A
Annex E Annex B
Safety Integrity Level
SIL-based techniques Management of faults
(SIL)
Annex F
Informative
Bibliography Programmable
Components
CSM-RA EN 50126
• Focus on a change • Can be applied for changes and products
• Significance • Always applicable
• Emphasis on hazard identification & • Life cycle approach in hazard
control identification and control
• Hazard normally controlled by well known • Generic control of hazards
measures
• Verification and validation process
• Independent safety assessor as NSA
• Independent safety assessor to ensure
proxy
process
• Functional Safety & Safety Integrity
• RAM (dependability)
EN50126
Risk
Assessment
System Definition
(Scope, Functions, Interfaces, etc.)
definition
Hazard Identification
( What can happen?, When?, Where?, How? Etc.)
Hazard Classification
(How critical?)
Broadly
Acceptable
Risk?
Yes Justify and
document decision
EN50126
Hazard identification
No
Selection
EN50126
Risk evaluation
Similarity Identification of
Application of Analysis with
Code of Scenarios & associated
Reference Safety Measures
Practice
Hazard Record
System(s)
Qualitative Safety
Critera?
Quantitative
How to control risk
Estimate Estimate
EN50126
Frequency Severity
Estimate Risks
Risk Acceptance
Control risk EN50129/EN50128
Risk Evaluation
No Acceptable
Risks?
No Acceptable
Risks?
No Acceptable
Risks? EN50126
Safety documentation
Yes Yes Yes
EN50129/EN50128
Safety Requirements
Concept
2 10 11 12
System definition Operation and De-commissioning
and Operational System Acceptance
Maintenance and Disposal
Context
3
Risk Analysis and
Evaluation
Significant
4 9
Prelim. System Definition
? CSM-RA
Specification of
System Validation
System Requirements Risk Assessment
Hazard Management
Apportionment
Hazard Identification and
of System classification
Requirements
Similar
Code of Explicit Risk
Reference
6 8 Practice Estimation
System
Design and
Integration
Implementation
Risk Evaluation
vs risk acceptance criteria
7
Safety Requirements
Manufacture
Demonstration of Compliance with Safety Requirement
NEW CENELEC STANDARDS & CSM-RA
2017
System Definition
Railway Duty Risk analysis
Holder’s
responsibility
Risk evaluation
CSM-RA
Proposer
Contractual Arrangement
Legal framework
System requirements
Actor System
Sub System
Supplier’s Hazard analysis
Responsibility Products
Demonstration of compliance NEW CENELEC STANDARDS & CSM-RA
2017
SYSTEM DEFINITION
Contextual Requirements
The operational environment
Functional Requirements
What the system shall do
Technical Requirements
Ensure the system function
HZ HZ
Hazard Code of Practice (2)
Hazard
Hazard Code of Practice (1)
HZ Hazard
HZ
Hazard
HZ Reference HZ
Hazard System
Interface
Hazards Interface definition
Hazards
Hazards
EN50129
EN50128 Generic
Product
Failures/Hazards in Product SC
NEW CENELEC STANDARDS & CSM-RA
2017
Proposer’s Hazard Record Safety Demonstration
System
EN50126
Defintion
Generic Appl. EN50129
Implementation Safety Case(s)
Specifc log
Register
EN50129
Generic Product
Supplier Hazard Log Safety Case(s) EN50128
NEW CENELEC STANDARDS & CSM-RA
2017
APPLICATION OF CENELEC STANDARDS ON
SYSTEM/SUBSYSTEM LEVEL
Hazards identified in CSM-RA
Hazard
Hazard Hazard
EN 50126 systematic
System process
SystemIntegration
SUb EN 50129 System
Integration
Hardware Software
EN 50128 Software
development process
SIL requirement
EN 50129 Hardware
development process NEW CENELEC STANDARDS & CSM-RA
2017
HAZARD RATES & SIL - PRINCIPLE
Safety functionality
Hazards
Functional
System Failure Hazard rate
1
QA System description Definition of System
2
QA Audit Quality Management Report
Safety Plan 3
Safety Management Report
Risk Management Safety Management Audit
4
Technical Safety Report
Hazard Log (activities)
5
Hazard Record Hazard Log (register)
Related Safety Cases
Evidence of implementation
6
Safety requirements Conclusion
NEW CENELEC STANDARDS & CSM-RA
2017
Safety Analysis
Feedback on
RAMS into
Concept
Concept Operation, Maintenance
risk analysis 11
11 Performance Monitoring
System Definition
System Definition and
and
22 System Acceptance 10
Decommissioning2
Operational Concept
Operational Concept
Risk Analysis
Risk Analysis and
and Safety
evaluation
evaluation
33
Case
1
Specification of
Specification of
System Requirements
System Requirements
44 System Validation
System Validation 99
Architecture &
Architecture &
Apportionment of
of Sys.
Sys. Req
5
Req 5
Integration
Integration 88
Apportionment
Independent
Project Management of project Independent
Safety
Assessor
Design Verifier Validator
SIL 4 / SIL 3
OR
(Vital)
Independent Independent
Project Management of project Safety
Assessor
Design Verifier Validator
• No Contradiction with CSM-RA – but a good Code of Practice for the process
• Fill-in on products
QUESTIONS ?
STIG MUNCK
SGM@RAMBOLL.DK
+45 5161 6375