Guidance for Use of CSM Recommendation - ERA - Europa

European Railway Agency
Collection of examples of risk assessments and of some possible tools
supporting the CSM Regulation
ANNEX II TO THE CSM REGULATION ................................................................................ 58
Criteria which must be fulfilled by the Assessment Bodies ................................................................. 58
APPENDIX A: ADDITIONAL CLARIFICATIONS ................................................................... 59
A.1. Introduction .............................................................................................................................. 59
A.2. Hazard classification ............................................................................................................... 59
A.3. Risk acceptance criterion for technical systems (RAC-TS).................................................... 59
A.4. Evidence from safety assessment .......................................................................................... 68
APPENDIX B: EXAMPLES OF TECHNIQUES AND TOOLS SUPPORTING THE RISK
ASSESSMENT PROCESS .............................................................................................. 71
APPENDIX C: EXAMPLES .................................................................................................... 72
C.1. Introduction .............................................................................................................................. 72
C.2. Examples of application of significant change criteria in Article 4 (2) .................................... 72
C.3. Examples of interfaces between rail sector actors ................................................................. 73
C.4. Examples of methods for determining broadly acceptable risks ............................................ 74
C.5. Risk assessment example of an organisational significant change ....................................... 75
C.6.
Risk assessment example of an operational significant change – Change of driving
hours........................................................................................................................................ 77
C.7. Risk assessment example of a technical significant change (CCS)....................................... 79
C.8. Example of Swedish BVH 585.30 guideline for risk assessment of railway tunnels .............. 82
C.9. Example of risk assessment at a system level for Copenhagen Metro .................................. 84
C.10. Example of OTIF guideline for the calculation of risk due to railway transport of
dangerous goods .................................................................................................................... 87
C.11. Risk assessment example of an application for approval of a new rolling stock type............ 89
C.12. Risk assessment example of an operational significant change –Driver only operation ....... 91
C.13. Example of the use of a reference system for deriving safety requirements to new
electronic interlocking systems in Germany ........................................................................... 93
C.14. Example of an explicit Risk acceptance criterion for FFB Radio-based Train Operation in
Germany .................................................................................................................................. 95
C.15. Example of applicability test of the RAC-TS ........................................................................... 96
C.16. Examples of possible structures for the hazard record .......................................................... 97
C.17. Example of a generic hazard list for railway operation ......................................................... 104
List of Figures
Figure 1 : Risk management framework in the CSM Regulation {Ref. 3}. ...................................................... 23
Figure 2 : Harmonised SMS and CSM. ........................................................................................................... 25
Figure 3 : Examples of dependencies between safety cases (drawn from Figure 9 in EN 50 129
standard). .......................................................................................................................................... 27
Figure 4 : Simplified V-Cycle of Figure 10 of EN 50 126 standard. ................................................................. 32
Figure 5 : Figure 10 of EN 50 126 V-Cycle (CENELEC system life-cycle). ..................................................... 33
Figure 6 : Selection of adequate safety measures for controlling risks. .......................................................... 38
Figure 7 : Broadly acceptable risks ................................................................................................................. 40
Figure 8 : Filtering out of hazards associated with broadly acceptable risk. ................................................... 40
Figure 9 : Pyramid of risk acceptance criteria (RAC). ..................................................................................... 46
Figure 10 : Figure A.4 of EN 50 129: Definition of hazards with respect to the system boundary. ................ 48
Figure 11 : Derivation of the safety requirements for lower level phases. ...................................................... 49
Figure 12 : Structured documentation hierarchy. ............................................................................................ 55
Figure 13 : Redundant Architecture for a Technical System........................................................................... 61
Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 5 of 105
File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu