Guidance for Use of CSM Recommendation - ERA - Europa

European Railway Agency
Collection of examples of risk assessments and of some possible tools
supporting the CSM Regulation
(ii) estimation of frequency of hazard and justification (with assumption and
conditions);
(iii) ranking of hazards according to their criticality and frequency of occurrence;
(4) identification of additional appropriate safety measures leading to acceptable risks
for each hazard (iterative process after the risk evaluation phase);
A.4.7.
A.4.8.
A.4.9.
A.4.10.
A.4.11.
Evidences required from the risk evaluation:
(a) when explicit risk estimation is performed:
(1) definition and justification of risk evaluation criteria for each hazard;
(2) demonstration/justification that the safety measures and safety requirements cover
each hazard to an acceptable level (according to above risk evaluation criterion);
(b) in virtue of sections 2.3.5 and 2.4.3 in the CSM Regulation, risks covered by application
of codes of practice and by comparison with reference systems are considered implicitly
as acceptable provided respectively that (see dotted circle in Figure 1):
(1) the conditions of application of codes of practice in section 2.3.2 are met;
(2) the conditions for use of a reference system in section 2.4.2 are met;
The risk acceptance criteria are implicit for these two risk acceptance principles.
Evidences from hazard management:
(a) registration of all hazards in a hazard record, containing the following elements:
(1) identified hazard;
(2) safety measures preventing occurrence of hazard or mitigating its consequences;
(3) safety requirements on the measures;
(4) relevant part of the system;
(5) actor responsible for safety measures;
(6) status of hazard (e.g. open, solved, deleted, transferred, controlled, etc.);
(7) date of registration, review and control of each hazard;
(b) description on how hazards will be managed effectively during the whole life-cycle;
(c) description of the information exchange between parties for hazards at the interfaces
and allocation of responsibilities.
Evidences relating to the quality of the risk evaluation and assessment process:
(a) description of persons involved in the process and their competence;
(b) for explicit risk estimations, description of information, data and other statistics used in
the process, and justification for their adequacy (e.g. sensitivity study on the used data).
Evidences of compliance with safety requirements:
(a) list of standards used;
(b) description of design and of operational principles;
(c) evidences of application of a good quality and safety management system for the
project: refer to point [G 3] in section 1.1.2;
(d) summary of safety analysis reports (e.g. hazard cause analysis) demonstrating the
fulfilment of safety requirements;
(e) description and justification of methods and tools (FMECA, FTA, …) that are used for
the hazard cause analysis;
(f) summary of safety verification and validation tests.
Safety case: CENELEC advises that all previously mentioned evidences are regrouped and
summarised in one document that is submitted to the assessment body: refer to points [G 4]
and [G 5] in section 5.1.
Reference: ERA/GUI/02-2008/SAF Version: 1.1 Page 70 of 105
File Name: Collection_of_RA_Ex_and_some_tools_for_CSM_V1.1.doc
European Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu