Advanced Train Management System
ATMS Proof of Concept
ATMS Program Phase II
System Functional Specification (SFS)
Document Number:
Revision:
Issue Date:
ATMS-2008-13-0029
B
04 Jan 10
Copyright 2009 Lockheed Martin Corporation - Use of material authorized via license
in accordance with ATMS Proof of Concept Agreement #104626510.39
Export Restrictions: These commodities, technology, or software were exported from
the United States in accordance with the Export Administration Regulations.
Diversion contrary to U.S. law prohibited.
Document RI
Stephen Donoghue
System Engineering Lead
Lockheed Martin
Document Number:
ATMS-2008-13-0029
Technical Approval
Blaine Groves
Technical Approval
Lockheed Martin
Approved by
Steve deJong
ATMS Project Manager
Lockheed Martin
Rev
Issue Date
Page
B
04 Jan 10
1 of 36
REVISION HISTORY
Revision
Prepared by
Changes/Comments
Date
N/A
Rashaad Hampton
Draft 1
20-NOV-08
-
Rashaad Hampton
Initial Release 1.0
10-DEC-08
A
Elisabeth Kuebler
Incorporated requirement changes from BCR
ATMS-2009-23-004, ATMS-2009-23-007,
ATMS-2009-23-0018, ATMS-2009-23-0020,
ATMS-2009-23-0027, ATMS-2009-23-0028,
ATMS-2009-23-0029, ATMS-2009-23-0031.
26-AUG-09
B
Michael Fanous
Incorporated changes as follows:
04-JAN-10
ATMS-2009-23-0034, ATMS-2009-23-0037,
ATMS-2009-23-0038, ATMS-2009-23-0039,
ATMS-2009-23-0040, ATMS-2009-23-0041
The above BCR’s were only partially
implemented, as a result of a subsequent
ARTC Review. Refer to the BCR’s for full
details
ATMS-2009-23-0053 (Incorporated as
approved)
PRODUCED BY:
Company
Address
Contract Number
Lockheed Martin Australia
208 Princes Hwy, Dandenong, VIC 3175
104626510.39
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
2 of 36
TABLE OF CONTENTS
1
2
BACKGROUND .................................................................................................................................. 6
1.1
Scope............................................................................................................................................... 6
1.2
ATMS Program Overview .............................................................................................................. 6
1.3
ATMS Program Phase 2 Scope....................................................................................................... 6
1.4
ATMS System Description ............................................................................................................. 7
1.5
Applicable Documents .................................................................................................................... 8
ATMS REQUIREMENTS ................................................................................................................ 10
2.1
Management of Equipped Trains .................................................................................................. 10
2.1.1
Start of Mission ..................................................................................................................... 10
2.1.2
Authority Management .......................................................................................................... 12
2.1.3
Warnings and Enforcement ................................................................................................... 16
2.1.4
Train Movement .................................................................................................................... 20
2.1.5
End of Mission....................................................................................................................... 21
2.2
Management of Unequipped Trains.............................................................................................. 21
2.2.1
Start of Mission ..................................................................................................................... 21
2.2.2
Authority Management .......................................................................................................... 21
2.2.3
Train Movement .................................................................................................................... 23
2.2.4
End of Mission....................................................................................................................... 23
2.3
Protection of Track Workers ......................................................................................................... 23
2.3.1
Authority Creation ................................................................................................................. 23
2.3.2
Interaction with Trains........................................................................................................... 24
2.3.3
Fulfilment .............................................................................................................................. 24
2.4
Auxiliary Requirements ................................................................................................................ 25
2.4.1
System Initialisation and Health Monitoring ......................................................................... 25
2.4.2
General Train Management ................................................................................................... 26
2.4.3
Points Control and Monitoring .............................................................................................. 27
2.5
Alarms........................................................................................................................................... 28
2.6
NCS and Backup NCS .................................................................................................................. 29
2.7
Electronic Blocks .......................................................................................................................... 29
2.8
General Authority Management ................................................................................................... 29
2.9
Communications ........................................................................................................................... 30
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
3 of 36
3
2.10
Data Logging ............................................................................................................................. 31
2.11
Reliability, Maintainability, and Extensibility .......................................................................... 32
2.12
System Considerations .............................................................................................................. 33
2.13
Trainborne Interfaces ................................................................................................................ 34
2.14
Trackside Interfaces .................................................................................................................. 34
APPENDICES .................................................................................................................................... 36
3.1
Appendix A - Terms and Expressions .......................................................................................... 36
3.2
Appendix B - Acronyms ............................................................................................................... 36
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
4 of 36
List of Figures
Figure 1-1- Advanced Train Management System (ATMS) ................................................................... 7
Figure 2-1- ATMS Equipped Train States ............................................................................................ 10
Figure 2-2- ATMS Authority States ...................................................................................................... 13
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
5 of 36
1 Background
1.1
Scope
This specification establishes the system level functional and performance requirements for Advanced
Train Management System (ATMS). It includes requirements for the Management of Equipped and
Unequipped trains, Protection of Track Workers, and auxiliary requirements which define other
system characteristics and capabilities.
1.2
ATMS Program Overview
The Advanced Train Management System (ATMS) is designed to meet the current and future needs of
the Australian Rail Track Corporation (ARTC). ATMS supports ARTC’s objectives of improving
train service availability, transit times, rail safety and system reliability. Primarily ATMS will
eliminate the requirement for ARTC to replace its aging conventional signalling systems throughout
much of its national network. In addition, ATMS will provide the operational benefits of:
Increased rail capacity through closer train operation
Improved reliability through better on-time performance
Improved efficiency and flexibility of the rail network
Increased safety through authority and speed limit enforcement
Additional protection for trackside workers
Operator savings through less fuel consumption, less wear of wheels and brakes, and fewer train
crew hours
Reduced operation and maintenance cost for the trackside infrastructure
Ability to interface to other ARTC and Operator information management systems to further
improve network efficiency
This specification focuses on Phase 1 and Phase 2 of the ATMS program. Phase 1 was a study phase
that reduced risk during the development and implementation phases completed in April 2006. Phase
2 is the Proof of Concept phase of the program.
1.3
ATMS Program Phase 2 Scope
The scope of the ATMS program includes trackside equipment within the ARTC Managed Rail
Network, equipment installed on rolling stock that uses the ARTC Network, and equipment at the
facilities designated as Network Control Centres.
Under the Statement of Requirements applicable to Phase 2 of the ATMS Program, Lockheed
Martin’s team will design, integrate, test, install, verify, and present for acceptance the capabilities
defined in the Partnering Management Plan.
Work will be completed in two Stages. Stage 1 will be fully tested on ARTC controlled track from
Coonamia to Stirling North, SA, Australia and will provide the following capabilities: 1) Electronic
train orders, 2) management of equipped and un-equipped trains, 3) train position, 4) over-speed
enforcement - including permanent speed restrictions, 5) coarse end of authority enforcement, 6)
Electronic Block to current boundaries, and 7) remote control of switches.
Stage 2 will be tested from Crystal Brook to Stirling North, SA, Australia and will provide the
following capabilities: 1) Bi-directional double track, 2) paperless cab - temporary speed restrictions,
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
6 of 36
track work occupancy, train driver information, 3) train integrity, 4) metro interfaces, 5) enhanced
electronic block, 6) Network Control Centre redundancy.
1.4
ATMS System Description
ATMS includes network control, communications, trackside, and trainborne systems as shown in the
figure below.
Figure 1-1- Advanced Train Management System (ATMS)
ATMS provides an integrated train management system which is built on a scalable open system
architecture. ATMS system functions are partitioned and allocated to the systems within ATMS to
allow decision making and safety protection to take place where required information is the most
current and accurate. ATMS is comprised of the following:
The Train Control System is responsible for initiating authority, route settings, train path
requests, and other controls.
The Authority Management Server is responsible for issuing and managing authorities safely.
The Trainborne System enforces authorities and speed limits.
The Trackside System protects network entry points and monitors point positions to ensure safe
movement of points.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
7 of 36
The Communications System connects the above systems across the ARTC Managed Rail
Network.
The Train Control System is the primary user interface for Network Controllers. The Train Control
System supports planning, projection, network management and problem resolution functions. Under
the control of the Network Controller, the Train Control System can automatically monitor traffic to
aide in the identification and resolution of potentially unhealthy trains and other conflicts. Train path,
special authority or routing requests, and other controls are initiated from the Train Control System
non-vitally. Other elements of ATMS ensure these requests and controls are safe to issue before
implementing them.
The Authority Management Server is responsible for ensuring authorities are safe to issue. It is the
primary computer interface for the Train Control System. The Train Control System receives current
information on trains and the network from the Authority Management Server. All train path, special
authority or routing requests and other controls initiated by the Train Control System are processed
through the Authority Management Server. The Authority Management Server is the central collector
of all vital information related to train location, status of points, network entry points and authorities,
for both issued and pending requests. This information enables the Authority Management Server to
determine when new authority, routing requests and other commands are safe to issue. While the
analogy to traditional interlocking is not precise, interlocking type functions that require knowledge of
train location, and especially simultaneous knowledge about multiple trains, is performed at the
Authority Management Server.
The Trainborne System receives authorities from the Authority Management Server and enforces
those authorities on the train. The Trainborne System provides the train detection capability by
providing the train location over wireless communications to the Authority Management Server. The
Trainborne System constantly updates the current location to determine applicable speed limits and the
distance to the end of authority. Braking predictions enable the Trainborne System to alert the Driver
to potential violations and to apply enforcement braking if necessary to prevent violations.
The Trackside System periodically communicates its status to the Authority Management Server and
specifically when its status changes. The Authority Management Server relays points movement
commands to the Trackside System in order to set routes requested by the Train Control System. The
Trackside System is significantly simplified as compared to signalling systems and consists primarily
of points monitors and over points train detection. Between points, train detection is provided by the
Trainborne System, thus the Trackside System provides little in the way of traditional interlocking.
However, trackside interlocking is performed in those cases where sufficient information on multiple
points and track occupancies is available to the Trackside System. Principal locations where this takes
place are at points, where the over points track circuit must be unoccupied for the points to move
safely, at crossovers where two points must move together and at Metro interfaces where some signals
may be used to control entry and exit of Unequipped Trains.
The Communication System interconnects the components of ATMS. These interfaces are defined
to open system standards to allow interoperability with different types of equipment. Though many
communications are safety critical, the other systems in ATMS protect themselves against potential
communication system errors using a combination of self-checking and closed loop concepts.
1.5
Applicable Documents
The following table provides a list of applicable documents used to develop this specification. This
specification was derived primarily as a result of requirements analysis, ATMS Operational Scenarios
found in the CONOPs, and associated trade studies.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
8 of 36
Reference Number
Title
N/A
National Code of Practice for the Defined Interstate Rail
Network Volumes I, II, III and draft Volumes IV and V
N/A
Principles of Network Operations Volume 1 – Section A3
(Issue A Rev 6, 28 July 2008)
EIA-632 :1998
Processes for Engineering a System
CENELEC EN 50126
Railway Applications - The Specification and
Demonstration of Reliability, Availability, Maintainability,
and Safety (RAMS), British / European Standard – English
Version, 15 December 1999.
CENELEC EN 50128
Railway Applications – Communications, signalling and
processing systems – Software for railway control and
protection systems, British / European Standard – English
Version, March 2001.
CENELEC EN 50129
Railway Applications – Communication, signalling and
processing systems - Safety Related Electronic Systems for
Signalling, British / European Standard – English Version,
February 2003.
ANSI/ASQC Q90012000
Quality Management Systems, Requirements (ISO 9001),
Model for quality assurance in design/development,
production, installation and servicing, http://www.ansi.org/
AS/NZ 4360:2004
Risk Management
AS/NZ 4292
Rail Safety Management
ANSI/EIA-649-98
National Consensus Standard for Configuration
Management
ATCS Specification
110
Advanced Train Control Systems (ATCS) Specification for
Environmental Requirements, Revision 4, May 1995
SD-B7E8-17512
ATMS Performance Specification, Jan 2006 Workshop
Markup
ATMS-2008-13-0030
ATMS Concept of Operations
N/A
ATMS Glossary
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
9 of 36
2 ATMS Requirements
2.1
Management of Equipped Trains
An ATMS Equipped Train is a train whose Controlling Locomotive is outfit with ATMS onboard
equipment. ATMS manages the movement of Equipped Trains through the use of Movement
Authorities, Location Reports, Points, and Track Circuits.
A Locomotive outfitted with ATMS onboard equipment must follow an initialisation process in order
to operate under ATMS control. ATMS Equipped Train states are shown in Figure below.
Figure 2-1- ATMS Equipped Train States
2.1.1 Start of Mission
An ATMS Equipped Train begins a mission from the initiation of power to the ATMS onboard
equipment.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
10 of 36
2.1.1.1 Power-on Self Test
ATMS utilises power-on self-tests to ensure the integrity of its hardware and software. These tests are
initiated upon power up and must be successfully completed in order to proceed to an initialised state.
[SFS-4] ATMS shall perform a systems integrity check on ATMS Equipped Locomotives.
[SFS-5] An ATMS Equipped Locomotive shall fail safely upon detection of systems integrity failure.
[SFS-6] ATMS shall load configuration data on an ATMS Equipped Locomotive during power-on
self-test.
[SFS-7] ATMS shall automatically determine the locomotive identification of each ATMS Equipped
Locomotive.
[SFS-8] ATMS shall provide visual indication of an ATMS Equipped Locomotive's power-on self-test
progress to the Train Driver.
[SFS-9] An ATMS Equipped Locomotive's power-on self-test shall complete within 5 minutes.
[SFS-10] An ATMS Equipped Locomotive shall transition to Locomotive power-on state upon
successful completion of power-on self test.
2.1.1.2 Locomotive Initialisation
The ATMS Locomotive Initialisation process involves the validation of equipment functionality that is
essential to proper ATMS Equipped Train operation. The ATMS Locomotive Initialisation Test
capability is provided to the Train Driver to ensure the integrity of the ATMS Locomotive equipment.
[SFS-12] An ATMS Equipped Locomotive shall allow the Train Driver to execute ATMS Locomotive
Initialisation Test while in the Locomotive power-on state.
[SFS-13] An ATMS Equipped Locomotive shall display the results of ATMS Locomotive
Initialisation Test to the Train Driver.
[SFS-14] An ATMS Equipped Locomotive shall transition to ATMS Initialised Locomotive state upon
successful completion of ATMS Locomotive Initialisation Test.
2.1.1.3 Train Initialisation
The objective of Train Initialization is to associate train information with its controlling ATMS
Initialised Locomotive.
[SFS-16] ATMS shall allow a Train Driver to enter ID information.
[SFS-18] ATMS shall allow only a single ATMS Equipped Locomotive to be designated as the
controlling locomotive in an ATMS Equipped Train.
[SFS-19] ATMS shall preclude a locomotive from being associated with more than one Train ID
simultaneously.
[SFS-21] ATMS shall allow the Train Driver to enter a Train ID during ATMS Train Initialisation.
[SFS-506] ATMS shall allow the Network Controller to validate a Train ID.
[SFS-507] ATMS shall allow for manual input of train data which is defined as the information
necessary which is used for safe operation.
[SFS-27] ATMS shall allow for manual input of train data during ATMS Train Initialisation.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
11 of 36
[SFS-24] ATMS shall allow the Network Controller to verify train data.
[SFS-28] ATMS shall validate vital data sets during ATMS Train Initialisation.
[SFS-30] ATMS shall ensure an ATMS Enabled Train has the most current vital data sets upon it
resolving to mapped track.
[SFS-29] An ATMS Initialised train shall transition to an ATMS Enabled train upon resolving to
Mapped Track, with Train and Locomotive ID associated, Train Data verified and vital data sets
revalidated.
[SFS-32] The transition of an ATMS Initialised Train to an ATMS Enabled Train shall complete in
less than 4 minutes after resolving to mapped track.
[SFS-31] An ATMS Enabled Train shall transition to an ATMS Operational train upon entering
ATMS Territory in possession of a valid Authority.
[SFS-33] The transition of an ATMS Enabled Train to an ATMS Operational Train shall occur within
2 seconds upon entering ATMS Territory.
2.1.2 Authority Management
A Movement Authority permits unidirectional or bi-directional movement within exclusive or shared
limits. Movement Authorities are required by ATMS Equipped Trains in order to occupy controlled
track within the ATMS network.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
12 of 36
Figure 2-2- ATMS Authority States
2.1.2.1 Authority Creation
Authorities are issued to specified ATMS Equipped Trains. As part of Authority creation, the
Authority request is validated, points are lined and the route is set.
[SFS-36] ATMS shall provide the Network Controller with a "point and click" interface for requesting
Authorities for ATMS Equipped Trains.
[SFS-39] ATMS shall allow unidirectional Authorities for ATMS Equipped Trains.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
13 of 36
[SFS-40] ATMS shall allow bidirectional Authorities for ATMS Equipped Trains.
[SFS-37] ATMS shall sequentially generate one or more Electronic Movement Authorities for each
validated Authority request for an ATMS Equipped Train.
[SFS-38] ATMS shall specify, within the Electronic Movement Authority, the electronic block(s) over
which the train is allowed to operate.
[SFS-42] Electronic Movement Authorities shall specify direction(s) of travel within the Authority
limits.
[SFS-47] ATMS shall issue Electronic Movement Authorities to an ATMS Equipped Train after
safety validation.
[SFS-43] ATMS shall preclude multiple ATMS Equipped Trains from being issued exclusive
occupancy Authorities with limits that overlap.
[SFS-41] ATMS shall provide the ability to specify a speed restriction over the limits of an Authority
for an ATMS Equipped Train.
[SFS-510] ATMS shall ensure all temporary speed restrictions associated with a train's authority are
issued to an ATMS Equipped Train before the authority is issued or with the authority.
[SFS-45] ATMS shall ensure all temporary speed restrictions within the limits of an Authority are
confirmed by an ATMS Equipped Train prior to delivery of the Authority to that ATMS Equipped
Train.
[SFS-48] An ATMS Equipped Train shall send an acknowledgement upon successful validation of a
received Electronic Movement Authority.
[SFS-336] ATMS shall preclude changing the limits of an authority in such a way that would cause
immediate enforcement.
[SFS-49] ATMS shall provide a display indication to the Network Controller that an Electronic
Movement Authority has been successfully issued to an ATMS Equipped Train.
[SFS-50] ATMS shall display to the Network Controller in less than 25 seconds after the points have
been set that an Authority was successfully issued to an ATMS Equipped Train.
[SFS-52] ATMS shall be capable of displaying to a Network Controller all the information delivered
to an ATMS Equipped Train.
[SFS-51] An ATMS Operational Train shall textually display the summary of its current Electronic
Movement Authority.
[SFS-149] An ATMS Operational Train shall graphically display its current Electronic Movement
Authority within its display horizon.
[SFS-53] ATMS shall provide relevant Authorities of other trains as supplementary information to
ATMS Equipped Trains.
[SFS-54] ATMS shall provide worker Authorities as supplementary information to ATMS Equipped
Trains.
[SFS-55] An ATMS Operational Train shall graphically display supplementary information within the
display horizon to the Train Driver.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
14 of 36
2.1.2.2 Authority Stacking
Each ATMS Equipped Train can only hold one Authority at a time. ATMS uses Authority Stacking to
facilitate seamless traversal of the ARTC network when conditions do not permit issuance. Authority
Stacking is used to sequentially deliver Authorities to an ATMS Equipped Train.
[SFS-57] ATMS shall stack the parts of an Authority requested by a Network Controller for an ATMS
Equipped Train which conflict with an existing Authority.
[SFS-58] ATMS shall stack an Authority requested by a Network Controller for an ATMS Equipped
Train which conflicts with another planned authority.
[SFS-59] ATMS shall stack a maximum of 15 Authorities over a given section.
2.1.2.3 Authority Updates
ATMS automatically rolls up uni-directional authorities as the ATMS Equipped Train reports it
location and automatically releases the track segment for use by other trains.
[SFS-513] ATMS shall support a track capacity of 15 trains per hour past any given point at nominal
track speed.
[SFS-61] ATMS shall take no longer than TBD seconds from the time the trailing edge of a preceding
train clears an electronic block by a safety margin until the time the Authority of a following train has
been extended by the electronic block and confirmed onboard.
[SFS-63] ATMS shall automatically roll up the Authority of an ATMS Equipped Train to the location
of a track circuit when the train's location report indicates it has cleared the track circuit and the track
circuit indicates no occupancy.
[SFS-64] ATMS shall preclude automatic rollup of an Authority over a set of points if their associated
track circuit indicates occupancy.
[SFS-629] ATMS shall allow for automatic rollup of an Equipped Train's Authority.
[SFS-625] ATMS shall provide the capability for a Network Controller to manually rollup an authority
for an Equipped Train.
[SFS-65] ATMS shall indicate to the Network Controller once Authority limits have been
automatically rolled up.
[SFS-66] ATMS shall automatically extend Authority limits for ATMS Equipped Trains when a
portion of the train’s stacked Authority limits has cleared.
[SFS-68] ATMS shall display updated relevant supplementary information for ATMS Equipped
Trains if it changes.
[SFS-70] ATMS shall allow joining an ATMS Equipped Train to other trains.
[SFS-536] ATMS shall allow a Train Transit Manager to designate trains as able to access High
Performance ATMS.
[SFS-72] ATMS shall automatically remove the Speed Restriction on an ATMS Operational Train
with a unidirectional Authority whose limits overlap a preceding ATMS Operational Train's
unidirectional Authority when the following train is greater than TBC metres from the preceding train.
[SFS-73] ATMS shall allow a Network Controller to deselect automated control for an ATMS
Equipped Train allowing management of the train's operations as an Unequipped Train.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
15 of 36
[SFS-71] ATMS shall automatically impose a Speed Restriction on a ATMS Operational Train with a
unidirectional Authority whose limits overlap a preceding ATMS Operational Train's unidirectional
Authority when the following train is less than TBC metres from the preceding train.
[SFS-537] When trains are operating in a fleet, ATMS shall be able to bring trains to a close up
position under restricted speed operation.
[SFS-602] ATMS shall send an acknowledge to proceed restriction to an equipped train at points
locations where the points cannot be confirmed in alignment with a train's authority.
2.1.2.4 Authority Fulfilment / Cancellation
ATMS allows for the fulfilment of Authorities for which conditions have successfully been met.
ATMS allows for cancellation of Authorities that are no longer applicable.
[SFS-75] ATMS shall automatically fulfil the Authority of an ATMS Equipped Train when fulfilment
conditions have been met and the train is no longer on ATMS Territory.
[SFS-76] ATMS shall automatically fulfil the Authority of an ATMS Equipped Train when fulfilment
conditions have been met and the train is protected by another Authority.
[SFS-77] ATMS shall notify an ATMS Equipped Train when an Authority held by the train has been
fulfilled.
[SFS-78] ATMS shall graphically display the fulfillment of an Authority to the Train Driver of an
ATMS Equipped Train if within the display horizon.
[SFS-79] ATMS shall notify the Network Controller of an Authority fulfillment for an ATMS
Equipped Train when the fulfillment has been acknowledged by the train.
[SFS-80] ATMS shall provide the Network Controller with a "point and click" interface for cancelling
Authorities of ATMS Equipped Trains.
[SFS-81] ATMS shall preclude the cancellation of an Authority held by an ATMS Equipped Train if
that Authority has been confirmed by ATMS Equipped Train unless it is protected by another
Authority.
[SFS-82] ATMS shall notify an ATMS Equipped Train when an Authority held by the train has been
cancelled.
[SFS-83] ATMS shall graphically display the cancellation of an Authority to the Train Driver of an
ATMS Equipped Train if within the display horizon.
[SFS-84] ATMS shall notify the Network Controller of an Authority cancellation for an ATMS
Equipped Train when the cancellation has been acknowledged by the train.
[SFS-85] ATMS shall clear a stacked Authority upon receipt of a cancellation request for that
Authority.
[SFS-86] ATMS shall notify the Network Controller of an Authority cancellation for a stacked
Authority upon receipt of the cancellation request.
2.1.3 Warnings and Enforcement
ATMS provides the ability to warn the Train Driver of predicted and actual unsafe conditions. ATMS
also provides the ability to initiate a full service application of the brakes in order to keep the train in
compliance with the constraints of authorised speed, authority limits and direction of travel imposed
by the train’s authority.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
16 of 36
2.1.3.1 Enforcement Isolation
ATMS provides the ability to isolate the onboard system from the brake system in case of system
failure or other conditions which impede operation.
[SFS-89] ATMS shall provide an interface to manually isolate the braking system.
[SFS-90] ATMS shall display the status of the braking system to the Train Driver.
[SFS-660] An ATMS Operational Train shall continue to provide full functionality other than brake
commands when the braking system is isolated.
[SFS-91] ATMS shall generate an alarm at the Network Controller if the braking system is isolated.
[SFS-92] ATMS shall notify the Network Controller within 10 seconds of detecting that braking has
been isolated on an ATMS Equipped Train.
2.1.3.2 Warnings
ATMS provides visual and audible warnings when detecting unsafe conditions that will result in the
application of enforcement braking. ATMS provides timely warnings for violations, faults, and
failures to the Train Drivers and to the Network Controller to keep the Network Control Centre up-todate on the train’s status.
[SFS-98] An ATMS Operational Train shall provide a visual warning to the train driver when the train
speed is greater than its permitted speed by TBC1.
[SFS-99] An ATMS Operational Train shall provide an audible warning to the train driver when the
train speed is greater than its permitted speed by TBC2.
[SFS-110] ATMS shall assign the entry points into ATMS territory as authority limits for purposes of
entry control.
[SFS-447] ATMS shall provide a warning to drivers of ATMS Equipped trains entering ATMS
Territory.
[SFS-109] An ATMS Operational Train shall provide a visual warning when an ATMS Equipped
Train is predicted to enter ATMS Territory without Authority to do so.
[SFS-634] ATMS shall provide an audible warning to the Train Driver TBC1 seconds prior to
initiating ATMS enforcement when an ATMS Enabled Train is predicted to enter ATMS Territory
without Authority to do so.
[SFS-96] When the ATMS Equipped train is approaching the limits of its current Electronic
Movement Authority, ATMS shall provide a visual warning to the Train Driver TBC seconds prior to
initiating enforcement.
[SFS-97] When the ATMS Equipped train is approaching the limits of its current Electronic
Movement Authority, ATMS shall provide an audible warning to the Train Driver TBC seconds prior
to initiating enforcement.
[SFS-107] An ATMS Operational Train shall provide a visual warning to the train driver when it
determines that the train is beyond the limits of its Authority.
[SFS-108] An ATMS Operational Train shall provide an audible warning to the train driver when it
determines that the train is beyond the limits of its Authority.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
17 of 36
[SFS-515] ATMS shall raise an alarm to the Network Controller when a train is beyond the limits of
its Authority.
[SFS-119] ATMS shall alert the Network Controller with an alarm within 10 seconds if an ATMS
Equipped Train is beyond its limits of Authority.
[SFS-100] An ATMS Operational Train shall provide a visual warning to the train driver TBC seconds
prior to initiating enforcement when the train speed is greater than its permitted speed by TBC3.
[SFS-102] An ATMS Operational Train shall provide a visual warning TBC4 seconds prior to
initiating enforcement when the train is approaching a track segment that is governed by its current
Electronic Movement Authority, that has a lower permitted speed than the track segment the train
currently occupies, and is predicted to exceed the new speed limit.
[SFS-103] An ATMS Operational Train shall provide a audible warning TBC5 seconds prior to
initiating enforcement when the train is approaching a track segment that is governed by its current
Electronic Movement Authority, that has a lower permitted speed than the track segment the train
currently occupies, and is predicted to exceed the new speed limit.
[SFS-104] An ATMS Operational Train shall provide a visual warning TBC6 seconds prior to
initiating enforcement when the train is approaching an Acknowledge to Proceed restriction that is
governed by its current Electronic Movement Authority, and is predicted to exceed the location of the
restriction.
[SFS-105] An ATMS Operational Train shall provide an audible warning TBC7 seconds prior to
initiating enforcement when the train is approaching an Acknowledge to Proceed restriction that is
governed by its current Electronic Movement Authority, and is predicted to exceed the location of the
restriction.
[SFS-538] Normal authority limit conditions shall apply at ATMS territory entry points.
[SFS-111] ATMS shall display a visual warning to the Train Driver TBC metres before the end of the
territory limits when an ATMS Equipped Train is predicted to exit ATMS Territory.
[SFS-112] ATMS shall display an audible warning to the Train Driver TBC metres before the end of
the territory limits when an ATMS Equipped Train is predicted to exit ATMS Territory.
[SFS-113] An ATMS Operational Train shall remove its visual warning when the condition under
which it was produced no longer exists.
[SFS-114] An ATMS Operational Train shall cease its audible warning when the condition under
which it was produced no longer exists.
[SFS-556] ATMS shall classify non-urgent warnings as a warning that does not relate to a fault which
could immediately lead to possible negative impact to the operation of trains, the warning may be
dealt with as appropriate.
[SFS-555] ATMS shall classify urgent warnings as a warning that requires timely action in order to
avoid possible negative impact to the operation of trains.
[SFS-554] ATMS shall classify emergency warnings as a warning that requires immediate action in
order to minimise negative impact to the operation of trains.
2.1.3.3 Enforcement
Enforcement is ATMS' ability to initiate a full service application of the brakes in order to keep the
train in compliance with the constraints of allowed speed, authority limits and direction of travel
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
18 of 36
imposed by the train’s authority. Enforcement is the safety-critical function which protects trains
against train-to-train collisions, prevents trains from operating at excessive speed, and prevents trains
from entering unacknowledged roadway workers’ limits. ATMS uses two forms of enforcement:
- predictive enforcement to prevent a predicted violation of authority, or speed limits that would
otherwise occur; and
- reactive enforcement to stop a train immediately after violation of the limits of its authority, or speed
limits.
[SFS-127] ATMS shall continuously display the availability of enforcement to the train driver of an
ATMS Equipped Train.
[SFS-118] ATMS enforcement shall bring an ATMS Equipped Train to a stop by utilising a full
service brake application.
[SFS-123] An ATMS Equipped Train shall command enforcement braking within 2 seconds after the
conditions are met for enforcement braking.
[SFS-116] Upon enforcement, ATMS shall stop an ATMS Equipped Train no more than TBD_coarse
metres prior to the enforcement target with TBD% confidence for coarse braking.
[SFS-117] Upon enforcement, ATMS shall stop an ATMS Equipped Train no more than TBD_fine
metres prior to the enforcement target with TBD% confidence for fine braking.
[SFS-518] When enforcement is required, ATMS shall enforce an ATMS Equipped Train within its
Authority limits TBD % of the time.
[SFS-125] ATMS shall have no more than one false ATMS enforcement on average within 60 million
train-kilometres.
[SFS-122] ATMS shall command enforcement braking to an ATMS Equipped Train prior to entering
ATMS Territory without authority.
[SFS-121] ATMS shall command enforcement braking to an ATMS Equipped Train prior to violating
its current Authority limits.
[SFS-120] ATMS shall command enforcement braking to an ATMS Equipped Train if the controlling
locomotive of the train moves in the direction opposite to that permitted by the train's current
Electronic Movement Authority by TBC metres.
[SFS-516] ATMS shall command enforcement braking within TBC seconds if an ATMS Equipped
Train exceeds its TBC3 overspeed threshold.
[SFS-517] ATMS shall command enforcement braking to an ATMS Equipped Train if an
"Acknowledge to Proceed" condition exists and the Train Driver has not acknowledged permission to
proceed.
[SFS-124] ATMS shall enforce an ATMS Equipped Train to a stopped position no more than TBD
metres past its Authority limits.
[SFS-126] ATMS shall alert the responsible Network Controller within 10 seconds upon commanding
enforcement braking.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
19 of 36
2.1.4 Train Movement
Location Management is fundamental to train control. As in any other control system, the better the
resolution of measurement in terms of train location and timeliness of the reading, the better the train
can be controlled.
ATMS will track ATMS Equipped Trains by means of location reports received from the onboard
system and occupancy reports received from TIUs monitoring Track Circuits. The location report
received from the onboard system provides information relevant to the train's current location.
[SFS-131] ATMS shall use a validated track database to assist in the function of train location
determination.
[SFS-130] ATMS shall identify which track an ATMS Equipped Train is on in areas with multiple
tracks.
[SFS-133] An ATMS Enabled Train shall resolve to track within 15 seconds.
[SFS-132] ATMS shall provide the ability for the Train Driver to select the track if ATMS Enabled
Train does not resolve to track.
[SFS-129] ATMS shall identify the direction of travel of ATMS Equipped Trains operating on the
ATMS Territory.
[SFS-142] ATMS shall determine when an ATMS Equipped Train is stopped.
[SFS-106] ATMS shall allow the Train Driver to enter a confirmation to proceed when an ATMS
Operational Train is within TBC metres of an "Acknowledge to Proceed" restriction.
[SFS-134] ATMS shall report to the Network Controller, ATMS Equipped Trains that remain at zero
speed for an unexpected reason, inside its authority limits.
[SFS-136] An ATMS Equipped Train shall send a location report upon occurrence of TBD events.
[SFS-137] ATMS shall determine the location of the leading edge of an ATMS Equipped Train to
within an accuracy of +/- 3 metres with 95% confidence.
[SFS-140] ATMS shall determine the location of the trailing edge of an ATMS Equipped Train to
within an accuracy of +/- TBD metres with TBD confidence.
[SFS-141] ATMS shall determine the speed of each ATMS Equipped Train to an accuracy of +/- 2.5
km/hr with 95% confidence, when the train is in ATMS Operational state.
[SFS-143] The display horizon for an ATMS Equipped train shall be 10 km.
[SFS-144] An ATMS Equipped Train shall graphically display the current train speed.
[SFS-145] An ATMS Equipped Train shall graphically display the current maximum permitted speed.
[SFS-46] An ATMS Equipped Train shall display Temporary Speed Restrictions within the display
horizon to the Train Driver.
[SFS-146] An ATMS Equipped Train shall graphically display approaching speed limits that fall
within the display horizon.
[SFS-147] An ATMS Equipped Train shall graphically display approaching speed limit locations that
fall within the display horizon.
[SFS-148] An ATMS Operational Train shall graphically display the alignment of points that fall
within the display horizon.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
20 of 36
[SFS-152] An ATMS Operational Train shall graphically display track gradient information in its
display horizon.
[SFS-519] An ATMS Operational Train shall graphically display track configuration information in its
display horizon.
[SFS-62] ATMS shall allow the Train Driver of an ATMS Equipped Train to acknowledge cross
information.
[SFS-285] ATMS shall display to the Train Driver the last known location of the ATMS Equipped
Train on ATMS Territory, including which track a train is occupying in multiple track territory.
2.1.5 End of Mission
When the ATMS Equipped Train has completed its journey through ATMS territory, ATMS will
gracefully relinquish its management.
[SFS-155] An ATMS Operational Train shall transition to an ATMS Enabled Train upon exiting
ATMS Territory.
[SFS-157] ATMS shall allow the Network Controller to terminate an ATMS Equipped Train.
[SFS-158] ATMS shall preclude the termination of an ATMS Equipped Train if it holds an Authority
and is on ATMS Territory.
2.2
Management of Unequipped Trains
A train will be treated as an Unequipped Train by ATMS when its controlling locomotive either is not
equipped with ATMS onboard equipment or has ATMS onboard equipment that is non-operational.
ATMS manages the movement of Unequipped Trains through the use of Movement Authorities and
Location Reports that are communicated by voice. Over Switch Circuits are also utilized to help
determine the location of unequipped trains.
2.2.1 Start of Mission
An Unequipped Train begins a mission when train information is associated to its Controlling
Locomotive. The Unequipped Train is permitted to travel through the ATMS network through
authorized Movement Authorities that are communicated via voice communications.
[SFS-161] ATMS shall allow the Network Controller to associate a Locomotive ID with a Train ID for
Unequipped Trains.
[SFS-162] ATMS shall preclude the Network Controller from associating a Locomotive ID to more
than one Unequipped Train ID.
2.2.2 Authority Management
A Movement Authority permits unidirectional or bi-directional movement within exclusive or shared
limits. Movement Authorities are required by Unequipped Trains in order to occupy controlled track
within the ATMS Territory.
2.2.2.1 Authority Creation
Authorities are issued by voice to specified Unequipped Trains. As part of Authority creation, the
Authority request is validated, points are lined and the route is set.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
21 of 36
[SFS-166] ATMS shall provide the Network Controller with a "point and click" interface for
requesting Authorities for Unequipped Trains.
[SFS-170] ATMS shall allow unidirectional Authorities for Unequipped Trains.
[SFS-171] ATMS shall allow bidirectional Authorities for Unequipped Trains.
[SFS-167] ATMS shall manage the Authority limits of Unequipped Trains to physical block limits.
[SFS-168] ATMS shall prefill all Authority forms for a Network Controller with all relevant data for
that authority, including but not limited to Authority ID, date, train ID, controlling locomotive ID,
planned limits, network controller name, and Temporary Speed Restrictions.
[SFS-169] ATMS shall provide an interface to allow the Network Controller to enter data related to
issuing voice based Authorities to Unequipped Trains.
[SFS-172] ATMS shall display Movement Authorities for Unequipped Trains for issue by the
Network Controller.
[SFS-173] ATMS shall display to the Network Controller all temporary speed restrictions within the
limits of an Unequipped Train's planned Authority prior to display of the Authority form.
[SFS-175] ATMS shall be capable of displaying the information delivered to an Unequipped Train as
supplementary information to a Network Controller.
[SFS-178] ATMS shall preclude an Unequipped Train from being issued exclusive occupancy
Authority with limits that overlap the limits of another Authority.
[SFS-520] ATMS shall display to the Network Controller, in less than 15 seconds after the points have
been set, an Authority form for issue to an Unequipped Train.
2.2.2.2 Authority Stacking
Authority Stacking is not available for Unequipped Trains.
[SFS-180] ATMS shall preclude the stacking of Authorities for Unequipped Trains.
2.2.2.3 Authority Updates
Authorities are updated manually for unequipped trains.
[SFS-183] ATMS shall preclude rollup of an Authority over a set of points if their associated track
circuit does not indicate unoccupied, without confirmation of the Network Controller.
[SFS-184] ATMS shall allow for the joining of an Unequipped Train to other trains.
2.2.2.4 Authority Fulfilment / Cancellation
ATMS allows for the fulfilment of Authorities which conditions have successfully been met. ATMS
allows for cancellation of Authorities that are no longer applicable. For unequipped trains, the train
driver informs the Network Controller via voice communications of authority fulfilment. Fulfilment
of the Movement Authorities is then performed by a Network Controller via a NCS workstation.
[SFS-189] ATMS shall provide the Network Controller with a "point and click" interface for
cancelling Authorities of Unequipped Trains.
[SFS-190] ATMS shall display to the Network Controller a prefilled Authority cancellation form upon
request to cancel the Authority of an Unequipped Train.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
22 of 36
[SFS-191] ATMS shall remove an Authority for an Unequipped Train upon Network Controller
confirming that the Authority cancellation has been acknowledged by the Unequipped Train.
2.2.3 Train Movement
Location Management is fundamental to train control. As in any other control system, the better the
resolution of measurement in terms of train location and timeliness of the reading, the better the train
can be controlled.
ATMS will track Unequipped Trains by means of location reports received via voice communications
and occupancy reports received from TIUs monitoring over-switch track circuits at non-signalled
control points.
[SFS-182] ATMS shall provide the Network Controller with a "point and click" interface for entering
location reports of Unequipped Trains inclusive of the identification of the track.
[SFS-193] ATMS shall validate the location report for Unequipped Trains to correspond to an
authorized location.
[SFS-522] ATMS shall raise an alarm to the Network Controller if the location report does not match
the authorized location.
2.2.4 End of Mission
When the Unequipped Train has completed its journey through ATMS territory, ATMS will gracefully
relinquish its management. The previously occupied track segment is made available and the ATMS
identification information is disassociated from the Locomotive.
[SFS-196] ATMS shall allow the Network Controller to terminate an Unequipped Train.
[SFS-197] ATMS shall preclude the termination of an Unequipped Train if it holds an Authority and is
on ATMS Territory.
2.3
Protection of Track Workers
ATMS provides the ability to protect Track Workers on or near the track.
2.3.1 Authority Creation
Authorities are validated against occupancy rules. Authorities are issued to a protection officer via
voice communications.
[SFS-200] ATMS shall provide the Network Controller with a "point and click" interface for
requesting Authorities for Track Workers.
[SFS-204] ATMS shall provide an interface to allow the Network Controller to enter data related to
issuing voice based Authorities to Track Workers.
[SFS-523] ATMS shall allow the Network Controller to specify the limits of authorities for Track
Workers to the nearest metre.
[SFS-201] ATMS shall allow Network Controllers to create Authorities for Track Workers which
prohibit trains from entering the limits.
[SFS-202] ATMS shall allow Network Controllers to create Authorities for Track Workers which
allow the Protection Officer to authorise entry of trains into the authority limits.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
23 of 36
[SFS-203] ATMS shall allow Network Controllers to create Authorities for Track Workers which
prohibit trains from proceeding through the limits without first contacting the Protection Officer.
2.3.2 Interaction with Trains
ATMS ensures that ATMS Equipped trains adhere to the rules of the Authority granted to the Track
Worker.
[SFS-206] ATMS shall provide Track Worker authority information as supplementary data to ATMS
Operational Trains whose Authority limits overlap those of the Track Work Authority.
[SFS-207] ATMS shall provide Track Worker authority information as supplementary data to ATMS
Operational Trains whose Authority limits are adjacent to those of the Track Work Authority.
[SFS-208] ATMS shall provide Track Worker authority information as supplementary data in the
Authority form of Unequipped Trains whose Authority limits overlap those of the Track Work
Authority.
[SFS-209] ATMS shall provide Track Worker authority information as supplementary data in the
Authority form of Unequipped Trains whose Authority limits are adjacent to those of the Track Work
Authority.
[SFS-212] ATMS shall allow a train to be issued an Authority with limits adjoining the limits of a
Track Worker's Authority.
[SFS-508] ATMS shall implement for each work site an area of operation at restricted speed as an
outer boundary extending from each work site limit to a position TBC metres outside that work site
limit to compensate for worker sign placement or other uncertainties, where restricted speed operation
would allow the train to operate up to the work site boundary.
[SFS-211] ATMS shall create an "Acknowledge to Proceed" restriction at the entry limit of the
Authority held by the Protection Officer if an Authority requires communication with a Protection
Officer.
[SFS-210] ATMS shall authorise entry to the Authority limits held by the Protection Officer to an
ATMS Operational Train with adjoining Authority limits after confirmation of the "Acknowledge to
Proceed".
2.3.3 Fulfilment
For track worker authorities, the Protection Officer informs the Network Controller via voice
communications of authority fulfilment. Fulfilment of the Work Authority is then performed by a
Network Controller via an NCS workstation.
[SFS-214] ATMS shall provide the Network Controller with a "point and click" interface for fulfilling
Authorities of Track Workers.
[SFS-215] ATMS shall display to the Network Controller the original prefilled Authority form upon
request to fulfill the Authority of a Track Worker.
[SFS-539] ATMS shall display to the Network Controller the original prefilled Authority form upon
request to cancel the Authority of a Track Worker.
[SFS-216] ATMS shall remove an Authority for a Track Worker upon Network Controller confirming
that the Authority fulfilment has been acknowledged by the Protection Officer.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
24 of 36
2.4
Auxiliary Requirements
2.4.1 System Initialisation and Health Monitoring
In order to operate safely and efficiency, ATMS continuously monitors the health of its elements.
[SFS-219] ATMS shall display the current state of each of its elements.
[SFS-220] ATMS elements shall display a change in their element state within 5 seconds of the
conditions for the state change being met.
[SFS-221] Access to all ATMS Network Control Centre computer systems shall be protected with user
authentication.
[SFS-222] ATMS shall perform a systems integrity check during power-on self-test.
[SFS-224] ATMS shall display the systems integrity check results in a structured manner at the
Network Control Centre, upon request.
[SFS-223] ATMS shall fail safely upon detection of systems integrity failure.
[SFS-558] ATMS shall fail progressively upon detection of systems integrity failure.
[SFS-226] ATMS shall perform a validity check on all data received from its interfaces.
[SFS-227] ATMS shall provide visual indication of power up progress.
[SFS-228] The ATMS power-on self-test shall complete within 10 minutes.
[SFS-225] ATMS shall load system configuration data upon completion of the power-on self-test.
[SFS-229] ATMS shall initiate periodic health monitoring upon successful completion of the poweron process.
[SFS-541] ATMS shall display health monitoring status.
[SFS-230] ATMS shall provide the capability to monitor trackside equipment.
[SFS-524] ATMS shall provide the capability to control trackside equipment.
[SFS-525] ATMS shall provide the capability to monitor an Equipped Locomotive.
[SFS-526] ATMS shall provide the capability to command application and release of the brakes of an
Equipped Locomotive.
[SFS-231] ATMS elements shall fail to a defined safe state upon detection of a safety critical failure
on an ATMS element.
[SFS-443] ATMS shall notify the Network Controller upon failure of an ATMS Equipped Train.
[SFS-233] ATMS shall monitor the connection status of its interfaces.
[SFS-234] ATMS shall display interface failures.
[SFS-235] ATMS shall ensure that all indicated equipment faults remain registered until the fault has
been resolved.
[SFS-236] ATMS shall provide the ability for an ATMS Administrator to modify configurable
parameters prior to starting up the system.
[SFS-237] ATMS shall be capable of permitting access based on user role.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
25 of 36
[SFS-238] ATMS shall allow the Network Controller to define and select the range of network
segments to be controlled on the Network Controller's workstation.
[SFS-239] ATMS shall show the overlap region of an adjacent control area.
[SFS-240] ATMS shall prevent dual control of any track segment.
[SFS-241] ATMS shall be capable of being managed by a single NCS for the entire ATMS Territory.
[SFS-242] ATMS shall include one spare Network Controller workstation for each NCS.
[SFS-243] ATMS shall include one Engineering terminal for each NCS for system maintenance and
development.
[SFS-574] The ATMS Network Control System shall transition from ATMS Power On to ATMS
Enabled within 30 minutes.
[SFS-244] ATMS shall generate an alarm if the integrity of a train cannot be confirmed.
[SFS-245] ATMS shall alert the Train Driver of an ATMS Equipped Train's integrity loss within 10
seconds of the integrity loss.
[SFS-246] ATMS shall alert the Network Controller of an ATMS Equipped Train's integrity loss
within 25 seconds of integrity loss.
[SFS-247] ATMS shall establish and maintain the communicating status of an ATMS Equipped Train
in ATMS Territory.
[SFS-248] ATMS Equipped Train shall be considered out of communications if it does not
communicate to the ATMS within TBC time.
2.4.2 General Train Management
This section lists the requirements that apply to overall ATMS operation.
[SFS-562] ATMS shall include up to 15 train types.
[SFS-278] ATMS shall maintain unique identification of all trains operating on ATMS Territory.
[SFS-20] ATMS shall preclude multiple locomotives from being associated to a train
[SFS-279] The Permitted Speed of a train shall be the most restrictive speed that applies for a given
train, over a given track.
[SFS-284] ATMS shall display the status (Equipped vs. Unequipped, class of service) of each train on
ATMS Territory.
[SFS-286] ATMS shall manage the movement of trains travelling at different maximum authorised
speeds.
[SFS-287] ATMS shall provide an interface to allow the Network Controller to create trains.
[SFS-288] ATMS shall provide an interface for the Network Controller to request Temporary Speed
Restrictions.
[SFS-289] ATMS shall allow a Network Controller to remove Temporary Speed Restrictions upon
request.
[SFS-290] Temporary Speed Restrictions shall be configurable to apply to all or specific train types.
[SFS-291] ATMS shall prevent inadvertent modification of Temporary Speed Restrictions.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
26 of 36
[SFS-528] ATMS shall allow the Network Controller to modify Temporary Speed Restriction limits
and speed value.
[SFS-293] ATMS shall preclude the issuance of a Temporary Speed Restriction which is less
restrictive than an existing Civil Speed Limit over the same track segment.
[SFS-529] ATMS shall allow for overlapping Temporary Speed Restrictions.
[SFS-511] ATMS shall display all Temporary Speed Restrictions within the Network Controller's
assigned territory to the Network Controller.
[SFS-294] ATMS shall utilise systems and procedures to detect ATMS Equipped Trains and
Unequipped Trains entering ATMS Territory.
[SFS-295] An ATMS Equipped Train shall continuously display for TBC minutes that the train has
left ATMS Territory when the train leaves ATMS Territory.
[SFS-296] ATMS Equipped Trains shall automatically enable display upon approach to ATMS
Territory.
[SFS-297] ATMS shall raise an alarm to the Network Controller when trains are detected as entering
the ATMS Territory without an Authority.
[SFS-446] ATMS shall raise an alarm to the Network Controller when trains are detected on ATMS
Territory without an Authority.
[SFS-448] When unauthorized entry into ATMS territory is detected, all affected ATMS train
operations shall be stopped.
[SFS-299] ATMS shall notify the Network Controller within 10 seconds of detecting unauthorised
entry onto ATMS Territory.
[SFS-298] ATMS shall support the handover/takeover for trains entering and leaving the ATMS
Territory.
[SFS-301] ATMS shall display to the Network Controller the last known location of all trains on
ATMS Territory.
[SFS-302] ATMS shall display the permanent civil track speed limits of each segment of track for
each train type.
[SFS-303] ATMS shall be capable of displaying to the Network Controller the speed of each ATMS
Equipped Train in the ATMS Territory.
[SFS-304] ATMS shall provide to the Network Controller the ability to perform train handoff to
another Network Controller.
[SFS-505] ATMS shall allow for a change in controlling locomotives.
2.4.3 Points Control and Monitoring
Monitoring that the route is lined in conformance with the train’s authority and that the route is safe to
operate over are key features of ATMS. ATMS will monitor the status of non-signalled control points
and of selected hand-operated switches. In addition, ATMS will monitor the occupancy status of the
Track Circuit located at control points.
[SFS-326] ATMS shall monitor the alignment of monitored points.
[SFS-530] ATMS shall display the alignment of monitored points to the Network Controller.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
27 of 36
[SFS-327] ATMS shall monitor occupancy of overswitch track circuits.
[SFS-531] ATMS shall display the occupancy of overswitch track circuits to the Network Controller.
[SFS-328] ATMS shall be capable of setting the alignment of points that have remote control
capability.
[SFS-329] ATMS shall automatically set the alignment of points to match the route specified in a
planned Authority when points are verified to be in a safe state.
[SFS-330] ATMS shall allow for local control of points.
[SFS-331] ATMS shall preclude the changing of points against the route specified in an Authority that
has been issued over the points.
[SFS-616] ATMS shall reject a request for movement of the points when the corresponding track
circuit is occupied.
[SFS-617] ATMS shall reject a request for movement of the points when the TIU is in local control.
[SFS-333] ATMS shall display alignment of clamped points using the standard procedure for
reporting states of Normal, Unknown, or Reverse as available.
[SFS-553] ATMS shall allow for clamping of points.
[SFS-542] ATMS shall preclude attempts to move the points using power operated point machines at
clamped locations.
[SFS-334] ATMS shall notify the Network Controller within 10 seconds of a change in monitored
points alignment.
[SFS-335] ATMS shall notify the Network Controller within 12 seconds of a change in monitored
track circuit occupancy.
2.5
Alarms
ATMS will raise alarms to notify users of unsafe conditions that require intervention.
[SFS-259] ATMS shall present alarm data to enable the Network Controller to take appropriate action.
[SFS-250] ATMS shall be capable of refreshing alarm data displayed to Network Controllers at a rate
of not less then once per second.
[SFS-527] ATMS shall route the alarms to relevant personnel.
[SFS-251] ATMS shall be capable of allowing Network Controllers to view alarm conditions.
[SFS-252] ATMS shall be capable of allowing Network Controllers to take action upon alarm
conditions.
[SFS-253] ATMS shall ensure alarms remain active until correctly acknowledged by the responsible
Network Controller.
[SFS-254] ATMS shall initiate an alarm indication if a communications link is lost.
[SFS-256] ATMS shall classify emergency alarms as an alarm that requires immediate action from a
Network Controller in order to minimise negative impact to the operation of trains.
[SFS-257] ATMS shall classify urgent alarms as an alarm that requires timely action from a Network
Controller in order to avoid possible negative impact to the operation of trains.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
28 of 36
[SFS-258] ATMS shall classify non-urgent alarms as an alarm that does not relate to a fault which
could immediately lead to possible negative impact to the operation of trains, the Network Controller
may deal this as appropriate.
2.6
NCS and Backup NCS
ATMS provides a Backup NCS for warm failover of operations in case of a catastrophic failure of the
Master NCS.
[SFS-262] ATMS shall take no longer than 60 minutes to come up to a full operational state from a
backup state if the primary ATMS facility fails and operations are to commence at the backup facility.
[SFS-263] ATMS shall be capable of supporting a single backup facility to provide full ATMS
operations in the event of total failure of the NCS.
[SFS-264] ATMS shall have backup capabilities for each NCS located in a facility separate from that
NCS.
[SFS-265] ATMS shall have only one operational Master NCS facility controlling train movements.
[SFS-266] ATMS shall automatically update the static data at the backup facility upon modification of
static data at the Master NCS facility.
[SFS-267] ATMS shall preclude the Backup NCS from performing any actions post-initialisation.
2.7
Electronic Blocks
ATMS electronically partitions the ARTC network into Electronic blocks. Electronic Blocks are the
smallest units for which the ARTC network is subdivided.
[SFS-269] ATMS shall partition the rail network into electronic blocks.
[SFS-270] Electronic Blocks shall not span control points.
[SFS-271] Electronic Block end points shall be set to conform with existing identifiable physical
locations.
[SFS-272] Electronic Blocks shall be the minimum segment of track for which an Authority may be
applied.
[SFS-273] ATMS shall allow Electronic Blocks to be different sizes.
[SFS-274] Electronic Blocks shall be allowed to be smaller than the physical Blocks.
[SFS-275] ATMS shall use a common electronic block definition for all train types and lengths.
[SFS-276] Electronic Blocks shall be greater than TBD meters in length.
2.8
General Authority Management
General rules apply to all Authorities managed by ATMS. Some restrictions are implemented at the
user interface and others are implemented through an authority validation process.
[SFS-509] ATMS shall protect an authority prior to it being issued.
[SFS-176] ATMS shall protect the limits of an Authority after receiving the Authority from a Network
Controller until the Authority has been confirmed Fulfilled or Cancelled.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
29 of 36
[SFS-620] ATMS shall preclude the cancellation of an Authority held by a train on territory unless the
train is protected by another Authority.
[SFS-306] ATMS shall maintain safe separation of all trains on ATMS Territory.
[SFS-307] ATMS shall automatically generate supplementary information for Authority holders,
including but not limited to relevant Authorities of other entities.
[SFS-308] ATMS shall preclude issuance of Authorities with overlapping limits unless allowed by
joint occupancy Authority rules.
[SFS-309] ATMS shall manage all authorities to prevent collisions between trains moving on
conflicting and converging routes.
[SFS-310] ATMS shall provide direction locking to prevent two trains travelling in opposing
directions with unidirectional Authorities on a common line without intermediate points.
[SFS-311] ATMS shall only route trains to routes that are defined in the route table.
[SFS-312] ATMS shall manage train movement over Bi-Directional Double Track.
[SFS-313] ATMS shall be capable of issuing movement authorities to trains operating in either
direction.
[SFS-314] ATMS shall display a message to the Network Controller when ATMS rejects an Authority
request.
[SFS-316] ATMS shall manage the Authorities listed in the Principles of Network Operations Consolidated Safeworking Rules, Issue A - revision 5, July 2008, including but not limited to
generation, validation, transmittal and display.
[SFS-318] ATMS shall display all Authorities issued on ATMS Territory.
[SFS-319] ATMS shall allow each Network Controller Workstation to display the status of each route
as Not Set, Called, Set, Occupied/Unoccupied, Not Known.
[SFS-521] ATMS shall preclude rollup of an Authority if the location report does not indicate an
authorized location.
[SFS-323] ATMS shall provide a mechanism to allow safe rollup of movement authorities in case of
failure of train detection by Trackside systems.
[SFS-572] ATMS shall impose an acknowledge to proceed restriction at all points within authority
limits of an ATMS equipped train when not communicating.
[SFS-636] ATMS shall impose an acknowledge to proceed restriction for the ATMS Territory
boundary for an ATMS Equipped Train that has an Authority to the ATMS Territory boundary when
not communicating.
[SFS-659] ATMS shall provide the ability to block a section of track over which no authority may
overlap.
[SFS-512] ATMS shall display any transaction in process that takes more than 1 second to complete.
2.9
Communications
ATMS utilises both voice and data communications for the management of trains. Data
communications is primarily used to communicate with Trackside Interfaces and ATMS Equipped
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
30 of 36
Trains, while Voice communication is primarily used to communicate with Track Workers and
Unequipped Trains.
[SFS-340] ATMS operation shall incorporate voice communication.
[SFS-341] ATMS shall utilise data communications.
[SFS-342] The Trainborne System shall include a Communications capability providing highreliability voice communications between the driver and the Network Controller, other train drivers in
the same segment of the Network, and work crews.
[SFS-343] ATMS Communications system shall be capable of reliable and effective data
communication between the NCS Facility, Trackside systems and Trainborne systems from all
locations within the rail network.
[SFS-344] ATMS Communications system shall be capable of reliable and effective voice
communication between the NCS Facility, Trainborne, and Maintenance of Way vehicles, yard
facilities, and other support nodes from all locations within the rail network.
[SFS-345] ATMS Communications system shall provide minimum TBD bandwidth and speed, with a
suitable margin for network expansion, to maximise network capacity with minimum headways.
[SFS-346] ATMS Communications system shall provide a service availability of at least TBD.
[SFS-347] ATMS Communications system shall be capable of recording TBD voice communications.
[SFS-348] ATMS data communications shall be “always on” for continuous data message
transmission.
[SFS-349] ATMS shall provide simultaneous data and voice communications capability using separate
voice and data channels.
[SFS-350] ATMS shall provide secure communications between all ATMS elements providing
protection against unauthorised broadcasts or intentional interference.
2.10 Data Logging
Data logging is essential for accident reconstruction. Each ATMS component will log vital actions
that it performs. All messages that are transmitted to and from each ATMS component are logged and
stored locally until purged.
[SFS-352] ATMS shall log all system configuration settings upon startup.
[SFS-532] ATMS shall log configurable parameter settings upon startup.
[SFS-533] ATMS shall ensure time synchronization to +/- 5 seconds of all elements.
[SFS-353] ATMS shall log all enforcements actions.
[SFS-354] ATMS shall log Authority actions.
[SFS-355] ATMS shall log all internal messages sent.
[SFS-356] ATMS shall log all internal messages received.
[SFS-357] ATMS shall log commands and data sent to ATMS external interfaces.
[SFS-358] ATMS shall log data received from ATMS external interfaces.
[SFS-359] ATMS shall log all detected failures.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
31 of 36
[SFS-360] ATMS shall log all detected faults.
[SFS-361] ATMS shall log Network Controller actions.
[SFS-363] ATMS shall provide 7 days of non-volatile retention capacity for all data logging in the
Network Control Centre.
[SFS-364] ATMS shall monitor the status of the available data logging capacity.
[SFS-365] ATMS shall provide a notification to the System Administrator if data logging exceeds its
configured threshold.
[SFS-367] ATMS shall log acknowledgements of alerts.
[SFS-368] ATMS shall log change in state of ATMS elements.
[SFS-369] ATMS shall log change in Communications Status with ATMS subsystems.
[SFS-370] ATMS shall provide a means to extract the logged data for archive/audit purposes.
[SFS-371] An ATMS Equipped Train shall provide the capability to download its data logs for
archiving.
[SFS-372] ATMS shall log all activities of administrative users.
[SFS-373] ATMS Elements shall store log data locally until extracted or purged.
[SFS-374] ATMS shall retain logs of Network Controller actions for TBD days.
[SFS-375] ATMS Shall provide TBD hours of non-volatile retention capacity for all data logging in
the Trainborne equipment.
[SFS-377] ATMS shall retain logs of NCS alarms for TBD days.
[SFS-378] ATMS shall retain logs of the NCS functionality and associated equipment health
monitoring for TBD days.
[SFS-379] ATMS shall log incoming alarm data with a time stamp accuracy of 1 second.
[SFS-380] ATMS NCS shall be capable of archiving alarm data for future analysis with a time stamp
accurate to 1 second.
2.11 Reliability, Maintainability, and Extensibility
Reliability is derived from functional failure analysis performed on the ATMS. A functional failure
occurs when an item of equipment ceases to perform its intended function.
Maintainability is defined as the probability of performing a successful repair action within a given
time. Maintainability measures the ease and speed with which an ATMS can be restored to operational
status after a failure occurs.
Extensibility is a system design principle where the implementation takes into consideration future
growth. ATMS will be design such that it will be capable of accommodating projected growth of rail
traffic and ATMS territory.
[SFS-381] ATMS shall have the capacity to support at least 20000 kilometres of track within ATMS
Territory and Mapped Track.
[SFS-534] ATMS shall have the capacity to support at least 500 simultaneous ATMS Equipped Trains
within ATMS Territory.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
32 of 36
[SFS-563] ATMS shall have the capacity to support at least 3000 trackside devices.
[SFS-382] The Mean Time Between Critical Failures (MTBCF) for ATMS shall be greater than or
equal to 8500 hrs measured over one year.
[SFS-383] The rate of system failure that could result in a Wrong Side Failure shall not exceed 1.1x108
per train per hour.
[SFS-384] The Mean Time to Repair (MTTR) for primary system of ATMS shall be less than or equal
to 30 minutes not including the logistic delays.
[SFS-561] The Mean Time to Repair (MTTR) for secondary systems of ATMS shall be less than or
equal to 1 hour not including the logistic delays.
[SFS-385] The inherent (design) availability for ATMS shall be equal to or greater than 0.998.
[SFS-535] The percentage of Healthy Trains failing to exit on schedule due to ATMS failures shall be
less than 5 percent.
[SFS-387] ATMS shall have a minimum in-service life of 6 years.
2.12 System Considerations
This section lists requirements that define specific ATMS design features.
[SFS-392] ATMS shall include up to 20 generic authorities with configurable parameters.
[SFS-393] The name of the authority for ATMS generic authorities shall be configurable.
[SFS-394] The occupancy rules (i.e., joint or exclusive, authority compatibility, single party or multi
party) for ATMS generic authorities shall be configurable.
[SFS-395] The Network Controller confirmation of field conditions for ATMS generic authorities
shall be configurable.
[SFS-396] The application of a speed restriction for ATMS generic authorities shall be configurable.
[SFS-397] The applicable authority form for ATMS generic authorities shall be configurable.
[SFS-398] ATMS shall allow for tailoring of the layout of the Authority form.
[SFS-400] All ATMS trackside equipment shall be located in cabinets designed to provide the
required level of environmental protection to ensure reliable operation of the equipment.
[SFS-401] ATMS shall include a sufficient number of workstations to accommodate the necessary
number of Network Controllers required to manage the ATMS Territory.
[SFS-402] ATMS shall have an Engineering Terminal to provide access to the System Administrator
in order to gather data on a non-interference basis with the on-going train control function.
[SFS-403] ATMS shall have an Engineering Terminal to provide access to the System Administrator
in order to work on software or database modifications on a non-interference basis with the on-going
train control function.
[SFS-404] ATMS shall provide each Network Controller workstation with a Permanent Display that
provides a permanent, non-switchable image of a line overview diagram of the Network Controller's
controlled segments of ATMS Territory including tracks and junctions to sidings, protected level
crossings, points, and station platform locations.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
33 of 36
[SFS-405] ATMS shall provide capability to transfer control from a failed workstation to another
workstation without creating an unsafe condition in ATMS Territory.
[SFS-406] ATMS shall provide each Network Controller Workstation with one or more Selectable
Displays that can be customised by the Network Controller to show ATMS information.
[SFS-407] ATMS shall provide each Network Controller Workstation with one or more Selectable
Displays that can be customised by the Network Controller to show line diagrams showing all turnouts
and all trackside ATMS equipment together with their associated kilometric markings.
[SFS-408] ATMS shall provide each Network Controller Workstation with one or more Selectable
Displays that can be customised by the Network Controller to show current Authorities issued to track
segments and to specific trains.
[SFS-409] ATMS shall provide each Network Controller Workstation with one or more Selectable
Displays that can be customised by the Network Controller to show fault alarms and diagnostic
information.
[SFS-410] ATMS shall provide each Network Controller Workstation with colour to indicate the state
of each track block.
[SFS-411] ATMS shall provide each Network Controller Workstation with continuous “pan and
zoom” to show any portion of line with magnifications from display of one crossing loop to display of
the whole area of control on one screen.
[SFS-422] ATMS NCC Systems shall meet the environmental requirements specified in TBD
standard(s).
[SFS-425] ATMS shall have no single points of failure at the element, subsystem or
workstation/terminal level which would result in a total loss of NCS Functionality.
2.13 Trainborne Interfaces
Trainborne interfaces will be designed to be compatible with the locomotive fleet used by the
Operators on the ATMS Territory.
[SFS-427] ATMS Trainborne Systems shall be designed to provide a compatible interface both
functionally and physically with those locomotive types used by Operators on ATMS Territory.
[SFS-432] All ATMS Trainborne System equipment shall conform to the Advanced Train Control
Systems (ATCS) Specification 110, Environmental Requirements as listed in Section 1.4.1, or
acceptable alternative, in order to survive the locomotive environment.
2.14 Trackside Interfaces
Tracksides interfaces are integral to the monitoring and control of switches in the ATMS territory.
The Trackside interfaces will be designed to meet safety and quality guidelines specified in the
Applicable Documents section of this specification.
[SFS-434] ATMS Trackside equipment shall operate in environmental conditions as specified in TBD
Standard.
[SFS-436] Any ATMS equipment that will require installation between running rails shall not protrude
above the railhead.
[SFS-437] ATMS shall be capable of interfacing with all points used in ATMS Territory.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
34 of 36
[SFS-635] ATMS shall be capable of providing safeworking control of points that have a remote
control capability.
[SFS-438] ATMS shall be designed to interface with the extant track formation.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
35 of 36
3 Appendices
3.1
Appendix A - Terms and Expressions
In this document, unless the context requires otherwise, the following terms and expressions have the
meaning given to them below:
NOTE: ATMS Terms and Expressions are held within a stand-alone document. Please refer to
“ATMS Glossary.doc” to find this information.
3.2
Appendix B - Acronyms
The acronyms and abbreviations listed below are specific to this document and may or may not
conform to definitions of similar terms used in other contexts.
NOTE: ATMS Acronyms are held within a stand-alone document. Please refer to “ATMS Glossary”
to find this information.
Document Number:
ATMS-2008-13-0029
Rev
Issue Date
Page
B
04 Jan 10
36 of 36