ERA guide for application of the Common Safety Methods ... - Europa
ERA guide for application of the Common Safety Methods ... - Europa
ERA guide for application of the Common Safety Methods ... - Europa
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
European Railway AgencyGuide <strong>for</strong> <strong>the</strong> <strong>application</strong> <strong>of</strong> <strong>the</strong> CSM Regulation [G 2] Fur<strong>the</strong>r risk analysis and risk evaluation are not required <strong>for</strong> <strong>the</strong> related hazards.[G 3] The demonstration that <strong>the</strong> system under assessment complies with <strong>the</strong> safety requirementsderived from reference systems is per<strong>for</strong>med according to section 3.2.4.4. If <strong>the</strong> system under assessment deviates from <strong>the</strong> reference system, <strong>the</strong> risk evaluationshall demonstrate that <strong>the</strong> system under assessment reaches at least <strong>the</strong> same safetylevel as <strong>the</strong> reference system. The risks associated with <strong>the</strong> hazards covered by <strong>the</strong>reference system shall, in that case, be considered as acceptable.[G 1] In case <strong>of</strong> deviation from <strong>the</strong> reference system, <strong>the</strong> safety requirements <strong>for</strong> <strong>the</strong> hazards thatare covered by <strong>the</strong> reference system can still be used. But it is necessary to demonstratethat <strong>the</strong> system under assessment reaches at least <strong>the</strong> same safety per<strong>for</strong>mance as <strong>the</strong>reference system. This may require also explicit risk estimation in order to show that <strong>the</strong>level <strong>of</strong> risk is at least as good as that <strong>of</strong> <strong>the</strong> reference system.2.4.5. If <strong>the</strong> same safety level as <strong>the</strong> reference system cannot be demonstrated, additionalsafety measures shall be identified <strong>for</strong> <strong>the</strong> deviations, applying one <strong>of</strong> <strong>the</strong> two o<strong>the</strong>r riskacceptance principles.[G 1] If <strong>the</strong> same level <strong>of</strong> safety cannot be demonstrated, or if <strong>the</strong> requirements in section 2.4.2 arenot fulfilled, <strong>the</strong> safety measures derived <strong>for</strong> <strong>the</strong> system under assessment will beinsufficient. The corresponding hazards need <strong>the</strong>n to be considered as deviations from <strong>the</strong>reference system. These become new inputs <strong>for</strong> a new loop in <strong>the</strong> iterative risk assessmentprocess described in sections 2.1.1 and 2.2.5. Additional safety measures can be identifiedby applying one <strong>of</strong> <strong>the</strong> o<strong>the</strong>r two risks acceptance principles.2.5. Explicit risk estimation and evaluation2.5.1. When <strong>the</strong> hazards are not covered by one <strong>of</strong> <strong>the</strong> two risk acceptance principlesdescribed in sections 2.3 and 2.4, <strong>the</strong> demonstration <strong>of</strong> <strong>the</strong> risk acceptability shall beper<strong>for</strong>med by explicit risk estimation and evaluation. Risks resulting from <strong>the</strong>se hazardsshall be estimated ei<strong>the</strong>r quantitatively or qualitatively, taking existing safety measuresinto account.[G 1] In general explicit risk estimation and evaluation is used (see also point [G 2] insection 2.1.4):(a) when codes <strong>of</strong> practice or reference systems cannot be applied to control fully <strong>the</strong> risk toan acceptable level. This situation will typically arise when <strong>the</strong> system being assessedis entirely new or where <strong>the</strong>re are deviations from a code <strong>of</strong> practice or from a similarreference system;(b) or when a design strategy is chosen that does not allow <strong>the</strong> use <strong>of</strong> codes <strong>of</strong> practice orsimilar reference systems because <strong>for</strong> example <strong>the</strong>re is a wish to produce a more costeffective design that has not been tried be<strong>for</strong>e.[G 2] The explicit risk estimation is not necessarily always quantitative. The estimation <strong>of</strong> risks canbe quantitative (if sufficient quantitative in<strong>for</strong>mation is available in terms <strong>of</strong> frequency <strong>of</strong> <strong>the</strong>iroccurrence and severity), semi-quantitative (if such quantitative in<strong>for</strong>mation is not sufficiently Reference: <strong>ERA</strong>/GUI/01-2008/SAF Version: 1.1 Page 42 <strong>of</strong> 54File Name: Guide_<strong>for</strong>_Application_<strong>of</strong>_CSM_V1.1.docEuropean Railway Agency ● Boulevard Harpignies, 160 ● BP 20392 ● F-59307 Valenciennes Cedex ● France ● Tel. +33 (0)3 27 09 65 00 ● Fax +33 (0)3 27 33 40 65 ● http://www.era.europa.eu