Guidance for Use of CSM Recommendation - ERA - Europa

European Railway Agency
Collection of examples of risk assessments and of some possible tools
supporting the CSM Regulation
[G 3] The safety case describes and summarises how the project documents resulting from the
application of the company or project quality and/or safety management processes
interrelate within the system development process to demonstrate the system safety.
Usually, the safety case does not include large volumes of detailed evidence and supporting
documentation but provides precise references to such documents.
[G 4] Safety case for technical systems: CENELEC standards can be used as guidelines for
writing and/or for the structure of safety cases:
(a) see EN 50 129 standard {Ref. 7} for "Railway Applications - "Communication, Signalling
and Processing Systems & Safety related electronic Systems for Signalling";
Appendix H.2 of the EN 50 126-2 Guideline {Ref. 9} also proposes a structure for the
safety case of signalling systems;
(b) see Appendix H.1 of the EN 50 126-2 Guideline {Ref. 9} for the structure of the safety
case for rolling stock;
(c) see Appendix H.3 of the EN 50 126-2 Guideline {Ref. 9} for the structure of the safety
case of infrastructures
As it appears in these references, the safety case structure for technical systems, as well as
its content, depends on the system for which the demonstration of the safety compliance is
to be provided.
The safety case outlined in Appendix H of the EN 50 126-2 Guideline {Ref. 9} provides only
examples, and may not be suitable for all systems of the given kind. Therefore, the outline
needs to be used with appropriate judgement of what fits to each specific application.
[G 5] Safety case for organisational and operational aspects in railway systems:
At present, there is not any dedicated standard providing the structure, the content and a
guideline for writing the safety case for organisational and operational aspects of a railway
system. However, as the safety case aims to demonstrate in a structured way the system
compliance with its safety requirements, the same kind of safety case structure can be used
as for technical systems. Indeed, the references in point [G 4] of section 5.1 provide advises
and a checklist of items to address regardless the type of the system under assessment.
The management of organisational and operational changes do require the same kind of
quality management and safety management processes as the technical changes, with a
demonstration of the system compliance with the specified safety requirements.
Requirements from CENELEC standards not applicable to organisational and operational
aspects are the ones purely related to technical system design facilities, as for example
"inherent hardware fail-safety" principles, electromagnetic compatibility (EMC), etc.
5.2. The document produced by the proposer under point 5.1. shall at least include:
(a) description of the organisation and the experts appointed to carry out the risk
assessment process,
(b) results of the different phases of the risk assessment and a list of all the necessary
safety requirements to be fulfilled in order to control the risk to an acceptable level.
[G 1] Depending on the complexity of the system, these evidences can be gathered in one or
several safety cases. Refer respectively to points [G 4] and [G 5] of section 5.1 for the
structure of the safety case for technical systems and for operational and organisational
aspects.
[G 2] Refer also to section A.4. in Appendix A for possible examples of evidences.
Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 56 of 105
File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu