Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa
Guidance for Use of CSM Recommendation - ERA - Europa
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
European Railway Agency<br />
Collection <strong>of</strong> examples <strong>of</strong> risk assessments and <strong>of</strong> some possible tools<br />
supporting the <strong>CSM</strong> Regulation<br />
<br />
(c) the design and the implementation <strong>of</strong> the technical system, including if applicable the<br />
configuration or parameterisation <strong>of</strong> a generic product to specific requirements <strong>of</strong> the<br />
specific application;<br />
(d) the supporting documentation necessary <strong>for</strong>:<br />
(1) the development <strong>of</strong> the technical system;<br />
(2) the operation and maintenance <strong>of</strong> the technical system;<br />
A.3.4.2.<br />
The notes associated to this definition specify further the scope <strong>of</strong> the technical system:<br />
(a) "The development <strong>of</strong> a technical system starts with its requirements specification and<br />
ends with its safety approval". It includes the phases 1 to 10 <strong>of</strong> the V-Cycle<br />
represented in Figure 10 <strong>of</strong> the CENELEC 50 126-1 Standard {Ref. 8};<br />
(b) "It shall consider the design <strong>of</strong> relevant interfaces with human behaviour. Human<br />
operators and their actions are however not included in a technical system."<br />
Although the human factor errors during the operation and the maintenance <strong>of</strong> the<br />
technical system are not part <strong>of</strong> the technical system itself, the design <strong>of</strong> the interfaces<br />
with the human operators needs to take them into account. The purpose is to minimise<br />
the probability <strong>of</strong> human errors due to a poor design <strong>of</strong> the relevant interfaces with the<br />
human operators;<br />
(c) "Maintenance is not included in the definition, but is included in maintenance<br />
manuals." This means that the RAC-TS needs not be applied to the operation and<br />
maintenance <strong>of</strong> the technical system; these rely strongly on processes and actions<br />
per<strong>for</strong>med by human personnel.<br />
However, in order to support the maintenance <strong>of</strong> technical systems, the technical<br />
system definition must include any relevant requirements (e.g. periodic preventive<br />
maintenance, or corrective maintenance in case <strong>of</strong> failures), with a sufficient level <strong>of</strong><br />
details. But how the maintenance needs to be organised and achieved on the related<br />
technical system is not part <strong>of</strong> the technical system definition but in the corresponding<br />
maintenance manuals.<br />
A.3.4.3. See also section A.3.1. in Appendix A.<br />
A.3.5.<br />
A.3.5.1.<br />
A.3.5.2.<br />
A.3.5.3.<br />
Functions <strong>of</strong> Technical Systems to which RAC-TS applies<br />
According to the definition <strong>of</strong> the RAC-TS, it applies to wrong side failures <strong>of</strong> the functions to<br />
be fulfilled by the technical system if they have "a credible direct potential <strong>for</strong> a<br />
catastrophic consequence": see section 2.5.4. in {Ref. 4}.<br />
The RAC-TS can also be applied to functions that involve technical systems but whose<br />
failures do not have a "direct potential <strong>for</strong> a catastrophic consequence". In this case, the<br />
RAC-TS needs to be applied as an overall target <strong>for</strong> the set <strong>of</strong> events that leads to the<br />
catastrophic consequence. Based on this overall target, the actual contribution <strong>of</strong> each<br />
event, and thus <strong>of</strong> the functional failures <strong>of</strong> the technical system that is involved in the<br />
considered scenario, need to be derived according to section A.3.6. in Appendix A.<br />
Such a use <strong>of</strong> the RAC-TS needs still to be discussed and agreed on with the <strong>CSM</strong> working<br />
group.<br />
To what functions <strong>of</strong> the technical system does the RAC-TS apply? According to the IEC<br />
61226:2005 standard:<br />
(a) a function is defined in this context as a "specific purpose or objective to be<br />
accomplished that can be specified or described without reference to the physical<br />
means <strong>of</strong> achieving it";<br />
<br />
Reference: <strong>ERA</strong>/GUI/02-2008/SAF Version: 1.1 Page 64 <strong>of</strong> 105<br />
File Name: Collection_<strong>of</strong>_RA_Ex_and_some_tools_<strong>for</strong>_<strong>CSM</strong>_V1.1.doc<br />
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu