Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa Guidance for Use of CSM Recommendation - ERA - Europa
European Railway Agency Collection of examples of risk assessments and of some possible tools supporting the CSM Regulation [G 3] The safety case describes and summarises how the project documents resulting from the application of the company or project quality and/or safety management processes interrelate within the system development process to demonstrate the system safety. Usually, the safety case does not include large volumes of detailed evidence and supporting documentation but provides precise references to such documents. [G 4] Safety case for technical systems: CENELEC standards can be used as guidelines for writing and/or for the structure of safety cases: (a) see EN 50 129 standard {Ref. 7} for "Railway Applications - "Communication, Signalling and Processing Systems & Safety related electronic Systems for Signalling"; Appendix H.2 of the EN 50 126-2 Guideline {Ref. 9} also proposes a structure for the safety case of signalling systems; (b) see Appendix H.1 of the EN 50 126-2 Guideline {Ref. 9} for the structure of the safety case for rolling stock; (c) see Appendix H.3 of the EN 50 126-2 Guideline {Ref. 9} for the structure of the safety case of infrastructures As it appears in these references, the safety case structure for technical systems, as well as its content, depends on the system for which the demonstration of the safety compliance is to be provided. The safety case outlined in Appendix H of the EN 50 126-2 Guideline {Ref. 9} provides only examples, and may not be suitable for all systems of the given kind. Therefore, the outline needs to be used with appropriate judgement of what fits to each specific application. [G 5] Safety case for organisational and operational aspects in railway systems: At present, there is not any dedicated standard providing the structure, the content and a guideline for writing the safety case for organisational and operational aspects of a railway system. However, as the safety case aims to demonstrate in a structured way the system compliance with its safety requirements, the same kind of safety case structure can be used as for technical systems. Indeed, the references in point [G 4] of section 5.1 provide advises and a checklist of items to address regardless the type of the system under assessment. The management of organisational and operational changes do require the same kind of quality management and safety management processes as the technical changes, with a demonstration of the system compliance with the specified safety requirements. Requirements from CENELEC standards not applicable to organisational and operational aspects are the ones purely related to technical system design facilities, as for example "inherent hardware fail-safety" principles, electromagnetic compatibility (EMC), etc. 5.2. The document produced by the proposer under point 5.1. shall at least include: (a) description of the organisation and the experts appointed to carry out the risk assessment process, (b) results of the different phases of the risk assessment and a list of all the necessary safety requirements to be fulfilled in order to control the risk to an acceptable level. [G 1] Depending on the complexity of the system, these evidences can be gathered in one or several safety cases. Refer respectively to points [G 4] and [G 5] of section 5.1 for the structure of the safety case for technical systems and for operational and organisational aspects. [G 2] Refer also to section A.4. in Appendix A for possible examples of evidences. Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 56 of 105 File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu
European Railway Agency Collection of examples of risk assessments and of some possible tools supporting the CSM Regulation [G 3] The lifetimes of technical systems and subsystems in the railway sector are generally expected to be around 30 years. During such a long period of time it is plausible to also expect a number of significant changes to these systems. Further risk assessments could thus be conducted for these systems and their interfaces with the accompanying documentation that will need to be reviewed, supplemented and transferred between different actors and organisations using hazard records. This implies rather strict requirements on documentation control and configuration management. [G 4] It is then helpful that the company which archives all the risk assessment and risk management information guarantees that the results/information are stored on a physical support that can be read/accessible during the complete system life(-cycle) (e.g. during 30 years). [G 5] The main reasons for this requirement are among others: (a) to ensure that all the safety analyses and safety records of the system under assessment are accessible during the complete system life. Thus: (1) in case of further significant changes to the same system, the latest system documentation is available; (2) in case of any problem during the system life, it is useful to be able to go back into the associated safety analyses and safety records; (b) to ensure that the safety analyses and the safety records of the system under assessment are accessible in case it is used in another application as a similar reference system. Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 57 of 105 File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu
- Page 5 and 6: European Railway Agency Collection
- Page 7 and 8: European Railway Agency Collection
- Page 9 and 10: European Railway Agency Collection
- Page 11 and 12: European Railway Agency Collection
- Page 13 and 14: European Railway Agency Collection
- Page 15 and 16: European Railway Agency Collection
- Page 17 and 18: European Railway Agency Collection
- Page 19 and 20: European Railway Agency Collection
- Page 21 and 22: European Railway Agency Collection
- Page 23 and 24: INDEPENDENT ASSESSMENT System Defin
- Page 25 and 26: European Railway Agency Collection
- Page 27 and 28: European Railway Agency Collection
- Page 29 and 30: European Railway Agency Collection
- Page 31 and 32: European Railway Agency Collection
- Page 33 and 34: BOX 1 BOX 2 European Railway Agency
- Page 35 and 36: European Railway Agency Collection
- Page 37 and 38: European Railway Agency Collection
- Page 39 and 40: European Railway Agency Collection
- Page 41 and 42: European Railway Agency Collection
- Page 43 and 44: European Railway Agency Collection
- Page 45 and 46: European Railway Agency Collection
- Page 47 and 48: European Railway Agency Collection
- Page 49 and 50: European Railway Agency Collection
- Page 51 and 52: European Railway Agency Collection
- Page 53 and 54: European Railway Agency Collection
- Page 55: European Railway Agency Collection
- Page 59 and 60: European Railway Agency Collection
- Page 61 and 62: European Railway Agency Collection
- Page 63 and 64: European Railway Agency Collection
- Page 65 and 66: European Railway Agency Collection
- Page 67 and 68: European Railway Agency Collection
- Page 69 and 70: European Railway Agency Collection
- Page 71 and 72: European Railway Agency Collection
- Page 73 and 74: European Railway Agency Collection
- Page 75 and 76: European Railway Agency Collection
- Page 77 and 78: European Railway Agency Collection
- Page 79 and 80: European Railway Agency Collection
- Page 81 and 82: European Railway Agency Collection
- Page 83 and 84: European Railway Agency Collection
- Page 85 and 86: European Railway Agency Collection
- Page 87 and 88: European Railway Agency Collection
- Page 89 and 90: European Railway Agency Collection
- Page 91 and 92: European Railway Agency Collection
- Page 93 and 94: European Railway Agency Collection
- Page 95 and 96: European Railway Agency Collection
- Page 97 and 98: European Railway Agency Collection
- Page 99 and 100: European Railway Agency Collection
- Page 101 and 102: European Railway Agency Collection
- Page 103 and 104: European Railway Agency Collection
- Page 105: European Railway Agency Collection
European Railway Agency<br />
Collection <strong>of</strong> examples <strong>of</strong> risk assessments and <strong>of</strong> some possible tools<br />
supporting the <strong>CSM</strong> Regulation<br />
<br />
[G 3] The lifetimes <strong>of</strong> technical systems and subsystems in the railway sector are generally<br />
expected to be around 30 years. During such a long period <strong>of</strong> time it is plausible to also<br />
expect a number <strong>of</strong> significant changes to these systems. Further risk assessments could<br />
thus be conducted <strong>for</strong> these systems and their interfaces with the accompanying<br />
documentation that will need to be reviewed, supplemented and transferred between<br />
different actors and organisations using hazard records. This implies rather strict<br />
requirements on documentation control and configuration management.<br />
[G 4] It is then helpful that the company which archives all the risk assessment and risk<br />
management in<strong>for</strong>mation guarantees that the results/in<strong>for</strong>mation are stored on a physical<br />
support that can be read/accessible during the complete system life(-cycle) (e.g. during 30<br />
years).<br />
[G 5] The main reasons <strong>for</strong> this requirement are among others:<br />
(a) to ensure that all the safety analyses and safety records <strong>of</strong> the system under<br />
assessment are accessible during the complete system life. Thus:<br />
(1) in case <strong>of</strong> further significant changes to the same system, the latest system<br />
documentation is available;<br />
(2) in case <strong>of</strong> any problem during the system life, it is useful to be able to go back into<br />
the associated safety analyses and safety records;<br />
(b) to ensure that the safety analyses and the safety records <strong>of</strong> the system under<br />
assessment are accessible in case it is used in another application as a similar<br />
reference system.<br />
<br />
Reference: <strong>ERA</strong>/GUI/02-2008/SAF Version: 1.1 Page 57 <strong>of</strong> 105<br />
File Name: Collection_<strong>of</strong>_RA_Ex_and_some_tools_<strong>for</strong>_<strong>CSM</strong>_V1.1.doc<br />
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu