Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
European Railway Agency<br />
Collection <strong>of</strong> examples <strong>of</strong> risk assessments and <strong>of</strong> some possible tools<br />
supporting the <strong>CSM</strong> Regulation<br />
<br />
[G 2] The outputs <strong>of</strong> the risk assessment process in the <strong>CSM</strong> are (after iterations - see Figure 1):<br />
(a) the "system definition" updated with the "safety requirements" issued from the "risk<br />
analysis" and "risk evaluation" activities (see section 2.1.6);<br />
(b) the "apportionment <strong>of</strong> system requirements" down to the different sub-systems and<br />
components (Phase 5 in Figure 5);<br />
(c) the "hazard record" that registers:<br />
(1) all the identified hazards and the associated safety measures;<br />
(2) the resulting safety requirements;<br />
(3) the assumptions taken into account <strong>for</strong> the system that determine the limits and<br />
validity <strong>of</strong> the risk assessment (see point (g) in section 2.1.2);<br />
(d) and in general all the evidence resulting from the application <strong>of</strong> the <strong>CSM</strong>: see section 5.<br />
These risk assessment outputs <strong>of</strong> the <strong>CSM</strong> correspond to the safety related outputs <strong>of</strong> the<br />
Phase 4 in the CENELEC V-Cycle, i.e. to the system requirement specification in Figure 5.<br />
[G 3] The system definition updated with the results from the risk assessment and the hazard<br />
record constitute the inputs against which the system is designed and accepted. The<br />
"demonstration <strong>of</strong> the system compliance with the safety requirements" in the <strong>CSM</strong><br />
corresponds to the following phases <strong>of</strong> the CENELEC V-Cycle (see BOX 3 in Figure 5):<br />
(a) Phase 6 in Figure 5: "design and implementation";<br />
(b) Phase 7 in Figure 5: "manufacture";<br />
(c) Phase 8 in Figure 5: "installation";<br />
(d) Phase 9 in Figure 5: "system validation (including safety acceptance and commissioning)";<br />
(e) Phase 10 in Figure 5: "system acceptance".<br />
[G 4] The demonstration <strong>of</strong> the system compliance with the safety requirements depends on<br />
whether the significant change is technical, operational or organisational. So, the different<br />
steps in the CENELEC V-cycle in Figure 5 may not be suitable <strong>for</strong> all significant changes <strong>of</strong><br />
the given kind. The V-cycle in Figure 5 needs to be considered accordingly and used with<br />
appropriate judgement <strong>of</strong> what fits to each specific application (e.g. <strong>for</strong> operational and<br />
organisational changes, there is not manufacturing phase).<br />
[G 5] This means that the "demonstration <strong>of</strong> the system compliance with the safety requirements"<br />
in the <strong>CSM</strong> does not include only the "verification and validation" activities by tests or<br />
simulation. In practice, it covers all the phases "6 to 10" (see list here above and Figure 5) in<br />
the CENELEC V-Cycle. They include the design, manufacture, installation, verification and<br />
validation activities, as well as the associated RAMS activities and the system acceptance.<br />
[G 6] During the "demonstration <strong>of</strong> the system compliance with the safety requirements", the<br />
general principle is to focus the risk assessment only on the safety related functions and<br />
interfaces <strong>of</strong> the system. This means that whenever risk and safety assessment activities<br />
are required in the scope <strong>of</strong> one <strong>of</strong> the phases in the CENELEC V-Cycle in Figure 5, it<br />
focuses on:<br />
(a) the safety related functions and interfaces;<br />
(b) the sub-systems and/or components involved in the achievement <strong>of</strong> the safety related<br />
functions and/or interfaces assessed during the higher level risk assessment activities.<br />
[G 7] It results then from the comparison with the classical CENELEC V-Cycle in Figure 5 that:<br />
(a) the <strong>CSM</strong> covers the phases "1 to 10" and "13" <strong>of</strong> this V-Cycle. They include the set <strong>of</strong><br />
activities required <strong>for</strong> the acceptance <strong>of</strong> the system under assessment;<br />
<br />
Reference: <strong>ERA</strong>/GUI/02-2008/SAF Version: 1.1 Page 34 <strong>of</strong> 105<br />
File Name: Collection_<strong>of</strong>_RA_Ex_and_some_tools_<strong>for</strong>_<strong>CSM</strong>_V1.1.doc<br />
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu