Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
European Railway Agency<br />
Collection <strong>of</strong> examples <strong>of</strong> risk assessments and <strong>of</strong> some possible tools<br />
supporting the <strong>CSM</strong> Regulation<br />
<br />
System<br />
(A)<br />
Sub-System<br />
(5)<br />
Specific<br />
Applications<br />
Sub-System<br />
(1)<br />
Sub-System<br />
(2)<br />
Sub-System<br />
(3)<br />
Generic<br />
Applications<br />
Sub-System<br />
(4)<br />
Equipment<br />
(a)<br />
Equipment<br />
(b)<br />
Equipment<br />
(c)<br />
Generic<br />
Products<br />
Figure 3 : Examples <strong>of</strong> dependencies between safety cases<br />
(drawn from Figure 9 in EN 50 129 standard).<br />
[G 6] CENELEC advises that the manufacturer provides the documented evidence from the risk<br />
assessment in generic product (respectively generic application (9) ) safety cases and hazard<br />
records. These safety cases and hazard records contain all the assumptions (10) and<br />
(9) The terminology "generic application" and "generic product safety cases" is reused from CENELEC<br />
where three different categories <strong>of</strong> safety cases can be considered (see Figure 3):<br />
(a)<br />
(b)<br />
(c)<br />
Generic product safety case (independent <strong>of</strong> the application). A generic product can be<br />
re-used <strong>for</strong> different independent applications;<br />
Generic application safety case (<strong>for</strong> a class <strong>of</strong> application). A generic application can<br />
be re-used <strong>for</strong> a class/type <strong>of</strong> application with common functions;<br />
Specific application safety case (<strong>for</strong> a specific application). A specific application is<br />
used <strong>for</strong> only one particular installation.<br />
For more in<strong>for</strong>mation about their interdependence, refer to section § 9.4. and Figure 9.1 <strong>of</strong> the<br />
CENELEC 50 126-2 Guideline {Ref. 9}.<br />
(10) These assumptions and restrictions <strong>of</strong> use determine the limits and the validity <strong>of</strong> the "safety<br />
assessments" and "safety analyses" associated to the related generic product and generic<br />
application safety cases. If they are not fulfilled by the considered specific application, it is<br />
necessary to update or replace the corresponding "safety assessments" and "safety analyses" (e.g.<br />
causal analyses) by new ones.<br />
This is in line with the following general safety principle: "Whenever a specific (sub-<br />
)system design is based on generic applications and generic products, it must be<br />
demonstrated that the specific (sub-)system complies with all the assumptions and<br />
restrictions <strong>of</strong> use (called safety related application conditions in CENELEC) that are<br />
exported in the corresponding generic application and generic product safety cases (see<br />
Figure 3)"<br />
<br />
Reference: <strong>ERA</strong>/GUI/02-2008/SAF Version: 1.1 Page 27 <strong>of</strong> 105<br />
File Name: Collection_<strong>of</strong>_RA_Ex_and_some_tools_<strong>for</strong>_<strong>CSM</strong>_V1.1.doc<br />
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu