Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa Guidance for Use of CSM Recommendation - ERA - Europa
European Railway Agency Collection of examples of risk assessments and of some possible tools supporting the CSM Regulation 3. DEMONSTRATION OF COMPLIANCE WITH SAFETY REQUIREMENTS 3.1. Prior to the safety acceptance of the change, fulfilment of the safety requirements resulting from the risk assessment phase shall be demonstrated under the supervision of the proposer. [G 1] As explained in points [G 3] to [G 6] in section 2.1.1, the "demonstration of the system compliance with the safety requirements" includes the phases "6 to 10" of the CENELEC V- Cycle (see BOX 3 in Figure 5). Refer to point [G 3] in section 2.1.1. [G 2] Refer also to point [G 4] in section 2.1.1 of this document. 3.2. This demonstration shall be carried out by each of the actors responsible for fulfilling the safety requirements, as decided in accordance with point 1.1.5. [G 1] An example of safety assessments and safety analyses that can be performed at the subsystem level are causal analyses: see Figure 10. But any other method can be used to demonstrate the sub-system compliance with the input safety requirements. Cause (of a Hazard at System Level) Hazard (at Sub-System Level) Hazard (at System Level) Accident k Accident l Cause (of a Hazard at Sub- System Level) Sub-System Boundary System Boundary CAUSES CONSEQUENCES Figure 10 : Figure A.4 of EN 50 129: Definition of hazards with respect to the system boundary. [G 2] The hierarchical structuring of hazards and causes, with respect to systems and subsystems, can be repeated for each lower level phase of the CENELEC V-Cycle in Figure 5, The hazard identification and causal analysis activities (or any relevant method), as well as the use of codes of practice, similar reference systems and explicit analyses and evaluations, can also be repeated for each phase of the system development cycle in order to derive, from the safety measures identified at the sub-system level, the safety requirements to be fulfilled by the next phase. This is illustrated in Figure 11. [G 3] Refer also to point [G 4] in section 2.1.1 of this document. Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 48 of 105 File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu
European Railway Agency Collection of examples of risk assessments and of some possible tools supporting the CSM Regulation Phase N-1 in CENELEC V-Cycle Safety Requirements for Phase N Phase N in CENELEC V-Cycle Safety Measures in Phase N Safety Requirements (i.e. safety measures to be implemented) Safety Requirements for Phase N+1 Phase N+1 in CENELEC V-Cycle Safety Measures in Phase N+1 Safety Requirements (i.e. safety measures to be implemented) Safety Requirements for Phase N+2 Figure 11 : Derivation of the safety requirements for lower level phases. 3.3. The approach chosen for demonstrating compliance with the safety requirements as well as the demonstration itself shall be independently assessed by an assessment body. [G 1] All the activities represented in BOX 3 (14) of the CENELEC V-Cycle in Figure 5 are therefore also independently assessed. [G 2] The kind and level of detail for the independent assessment that is carried out by the assessment bodies (i.e. detailed or macroscopic assessment) is dealt within the explanations of the Article 6. 3.4. Any inadequacy of safety measures expected to fulfil the safety requirements or any hazards discovered during the demonstration of compliance with the safety requirements shall lead to reassessment and evaluation of the associated risks by the proposer according to section 2. The new hazards shall be registered in the hazard record according to section 4. [G 1] For example, the way for extinguishing fire could lead to a new hazard (suffocation) that will impose new safety requirements (e.g. a specific procedure for the passenger evacuation). Another example is the use of toughened glass to avoid that windows are broken in crashes and that passengers are harmed by glass or even thrown out. The new hazard induced is (14) The correspondence of activities between the CSM's and Figure 5 (i.e. Figure 10 of CENELEC 50 126 V-Cycle) is described in section 2.1.1. In particular, point [G 3] in section 2.1.1 lists what CENELEC activities are included in the CSM's phase "demonstration of the system compliance with the safety requirements". Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 49 of 105 File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu
- Page 1 and 2: European Railway Agency Collection
- Page 3 and 4: European Railway Agency Collection
- Page 5 and 6: European Railway Agency Collection
- Page 7 and 8: European Railway Agency Collection
- Page 9 and 10: European Railway Agency Collection
- Page 11 and 12: European Railway Agency Collection
- Page 13 and 14: European Railway Agency Collection
- Page 15 and 16: European Railway Agency Collection
- Page 17 and 18: European Railway Agency Collection
- Page 19 and 20: European Railway Agency Collection
- Page 21 and 22: European Railway Agency Collection
- Page 23 and 24: INDEPENDENT ASSESSMENT System Defin
- Page 25 and 26: European Railway Agency Collection
- Page 27 and 28: European Railway Agency Collection
- Page 29 and 30: European Railway Agency Collection
- Page 31 and 32: European Railway Agency Collection
- Page 33 and 34: BOX 1 BOX 2 European Railway Agency
- Page 35 and 36: European Railway Agency Collection
- Page 37 and 38: European Railway Agency Collection
- Page 39 and 40: European Railway Agency Collection
- Page 41 and 42: European Railway Agency Collection
- Page 43 and 44: European Railway Agency Collection
- Page 45 and 46: European Railway Agency Collection
- Page 47: European Railway Agency Collection
- Page 51 and 52: European Railway Agency Collection
- Page 53 and 54: European Railway Agency Collection
- Page 55 and 56: European Railway Agency Collection
- Page 57 and 58: European Railway Agency Collection
- Page 59 and 60: European Railway Agency Collection
- Page 61 and 62: European Railway Agency Collection
- Page 63 and 64: European Railway Agency Collection
- Page 65 and 66: European Railway Agency Collection
- Page 67 and 68: European Railway Agency Collection
- Page 69 and 70: European Railway Agency Collection
- Page 71 and 72: European Railway Agency Collection
- Page 73 and 74: European Railway Agency Collection
- Page 75 and 76: European Railway Agency Collection
- Page 77 and 78: European Railway Agency Collection
- Page 79 and 80: European Railway Agency Collection
- Page 81 and 82: European Railway Agency Collection
- Page 83 and 84: European Railway Agency Collection
- Page 85 and 86: European Railway Agency Collection
- Page 87 and 88: European Railway Agency Collection
- Page 89 and 90: European Railway Agency Collection
- Page 91 and 92: European Railway Agency Collection
- Page 93 and 94: European Railway Agency Collection
- Page 95 and 96: European Railway Agency Collection
- Page 97 and 98: European Railway Agency Collection
European Railway Agency<br />
Collection <strong>of</strong> examples <strong>of</strong> risk assessments and <strong>of</strong> some possible tools<br />
supporting the <strong>CSM</strong> Regulation<br />
<br />
3. DEMONSTRATION OF COMPLIANCE WITH SAFETY<br />
REQUIREMENTS<br />
3.1. Prior to the safety acceptance <strong>of</strong> the change, fulfilment <strong>of</strong> the safety requirements<br />
resulting from the risk assessment phase shall be demonstrated under the supervision<br />
<strong>of</strong> the proposer.<br />
[G 1] As explained in points [G 3] to [G 6] in section 2.1.1, the "demonstration <strong>of</strong> the system<br />
compliance with the safety requirements" includes the phases "6 to 10" <strong>of</strong> the CENELEC V-<br />
Cycle (see BOX 3 in Figure 5). Refer to point [G 3] in section 2.1.1.<br />
[G 2] Refer also to point [G 4] in section 2.1.1 <strong>of</strong> this document.<br />
3.2. This demonstration shall be carried out by each <strong>of</strong> the actors responsible <strong>for</strong> fulfilling<br />
the safety requirements, as decided in accordance with point 1.1.5.<br />
[G 1] An example <strong>of</strong> safety assessments and safety analyses that can be per<strong>for</strong>med at the subsystem<br />
level are causal analyses: see Figure 10. But any other method can be used to<br />
demonstrate the sub-system compliance with the input safety requirements.<br />
Cause (<strong>of</strong> a Hazard at System Level)<br />
Hazard (at Sub-System Level)<br />
Hazard (at System Level)<br />
Accident k<br />
Accident l<br />
Cause (<strong>of</strong> a<br />
Hazard at Sub-<br />
System Level)<br />
Sub-System<br />
Boundary<br />
System Boundary<br />
CAUSES<br />
CONSEQUENCES<br />
Figure 10 : Figure A.4 <strong>of</strong> EN 50 129:<br />
Definition <strong>of</strong> hazards with respect to the system boundary.<br />
[G 2] The hierarchical structuring <strong>of</strong> hazards and causes, with respect to systems and subsystems,<br />
can be repeated <strong>for</strong> each lower level phase <strong>of</strong> the CENELEC V-Cycle in Figure 5,<br />
The hazard identification and causal analysis activities (or any relevant method), as well as<br />
the use <strong>of</strong> codes <strong>of</strong> practice, similar reference systems and explicit analyses and<br />
evaluations, can also be repeated <strong>for</strong> each phase <strong>of</strong> the system development cycle in order<br />
to derive, from the safety measures identified at the sub-system level, the safety<br />
requirements to be fulfilled by the next phase. This is illustrated in Figure 11.<br />
[G 3] Refer also to point [G 4] in section 2.1.1 <strong>of</strong> this document.<br />
<br />
Reference: <strong>ERA</strong>/GUI/02-2008/SAF Version: 1.1 Page 48 <strong>of</strong> 105<br />
File Name: Collection_<strong>of</strong>_RA_Ex_and_some_tools_<strong>for</strong>_<strong>CSM</strong>_V1.1.doc<br />
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu