Add to collection(s) Add to saved
  1. Business

CBTC Paul Cheeseman TPD SYSTEMS

advertisement 
Challenges and Successes of
Independent Safety Assessment
on New CBTC Railways
Paul Cheeseman
Technical Programme Delivery Ltd
paul.cheeseman@tpd.uk.com +44(0) 7775 631033
© TPD 2014
Overview
 The scale of the
problem.....
 The ISA role
 Acceptance into service
Case study
Cross acceptance + Reference system = Cost and time effective success!
© TPD 2014
© TPD 2014
Independent Assessment
“Your organization must ensure that
activities are reviewed by
competent people who are not
involved with the activities
concerned.”
Free download from www.intesm.org
© TPD 2014
ISA – Project interface
1. Product /
System /
Project
development,
(design, build,
test, etc.)
2. iESM activities
(risk evaluation,
risk control, safety
argument, etc.)
3. Independent
Assessment
(checking and
certification)
© TPD 2014
Assessment or Certification?
Compliance-based:
“This complies with the specified standard”
A statement of fact where no judgement, risk
assessment or test of reasonable practicability is
necessary
Risk-based:
“In this situation, with these assumptions, caveats and
dependencies this is adequate”
A judgement based on professional opinion, supported by
objective evidence of process, inspection of output and
compliance with standards
© TPD 2014
Compliant, but hazards still exist
©
1. Applying standards
 Before deciding that just referring to standards
is enough, make sure that: :
 They are acknowledged to represent good
practice in the railway sector;
 All of the risk associated with the hazard is
covered by the standards;
 The standards cover the specific application;
 There are no obvious and straightforward ways of
reducing risk further.
 But standards seldom show which risks they
are addressing (IEEE1474 is a notable
exception)
© TPD 2014
Acceptance into service
“Your organization must demonstrate
that risk has been controlled to an
acceptable level.”
“Your organization must support this
demonstration with objective
evidence.”
Free download from www.intesm.org
© TPD 2014
CENELEC Scope of Safety Cases
GASC
SASC
System (SS/E)
Requirement
Specification
System (SS/E)
Requirement
Specification
System (SS/E)
Requirement
Specification
Safety
Requirement
Specification
Safety
Requirement
Specification
Safety
Requirement
Specification
Generic Product
Safety Case
Generic Application
Safety Case
Part1 ….
Part 2 ….
Part 3 ….
Part 4 ….
Part 5 ….
Part 6 ….
Part1 ….
Part 2 ….
Part 3 ….
Part 4 ….
Part 5 ….
Part 6 ….
Specific Application
Safety Case
Application
Design
Part1 ….
Part 2 ….
Part 3 ….
Part 4 ….
Part 5 ….
Part 6 ….
Physical
Implementation
Part1 ….
Part 2 ….
Part 3 ….
Part 4 ….
Part 5 ….
Part 6 ….
Safety
Assessment
Report
Safety
Assessment
Report
Safety
Assessment
Report
Product
Safety
Approval
Application
Safety
Approval
Application
Safety
Approval
Application
Safety
Approval
Product
Safety
Acceptance
Application
Safety
Acceptance
Cross
Acceptance
Cross
Acceptance
Safety
Assessment
Report
Wayside
On board
CBTC
System
Overall Safety
Acceptance
EN50129
©
Generic features - GASC
 A Wayside system (ZC) that implements a
SIL4 trains management system
(Movement Authority, safe trains
separation, safe interface with SIL 4
Interlocking system).
 An On-Board system (CC and tags) that
implements a SIL4 ATP and localization
system.
© TPD 2014
So to the first specific application..
Chengdu Line 1 SASC:
1. Core CBTC with a subset of equipment
and functions defined as iATPM
(intermittent ATP mode).
2. Core CBTC with the communication
between the trains and the wayside
equipment defined as ATPM with limited
AM.
3. Additional functionality leading to full AM
CBTC with ATO
© TPD 2014
Step #1 Cross Acceptance
CENELEC
TR50506-1
“Where a similar product has been found
safe in a similar environment and approved
for use in that environment, your
organization may use that approval as
evidence for the safety of new products and
new applications of products but it must
identify and allow for the differences
between the products and between their
environments.”
Free download from www.intesm.org
© TPD 2014
§
§
§
CBTC Chengdu
Specific Application
Customer Requirements
Government Regulations
Relevant Standards, etc.
System Requirements Specification
CBTC Generic
Application
Platform Safety Requirements
Safety Requirements
Project-Specific
Requirements
Specification
Wayside
Project-Specific
Specification
ICDDs
(CBTC
external)
Vehicle
Project-Specific
Specification
ATS
Project-Specific
Specification
Core CBTC
Requirements
Specification
ICDDs
(CBTC
internal)
CBI (MLK II)
Requirements
Specification
ATS
Requirements
Specification
Platform Requirements
Specification
Platform Detailed Design
Documentation
See Wayside
Tree (CBTC)
See Wayside
Tree (iATP)
See Vehicle
Tree
Platform Safety Analyses
Integration Test
V&V Report
(included in Safety
Case)
Safety
Analyses
Safety Cases
© TPD 2014
Platform Safety
Application
Conditions
Platform
Safety Cases
Specific application differences
 GA Safety-related Constraints (SRC)
 GA functions not implemented
 Site specific hazard identification focussing on:
 Different train interfaces
 Local products e.g. PSD, axle counter
 Operator preferences (e.g. blue / dark signal
aspect for CBTC, driver display)
 Site specific verification and validation
 Plus lessons learnt from DRACAS
© TPD 2014
Chengdu Line 1
© TPD 2014
Step #2 Reference System
 A Reference System shall at least satisfy following:
 it has already been proven in-use to have
an acceptable safety level and would still
qualify for acceptance;
 it has similar functions and interfaces as
system under assessment;
 it is used under similar operational
conditions as system under assessment;
 it is used under similar environmental
conditions as system under assessment.
Free download from www.intesm.org
© TPD 2014
CBTC roll out using reference system
Reference to CDL 1
plus specific application
hazard management
Generic Application
Safety Case
for core system
Cross
Acceptance
Chengdu Line 2
Xian Line 2
Hangzhou Line 1
Hangzhou Line 2
Zhengzhou Line 1
Specific Application Safety Case
Chengdu Line 1
© TPD 2014
The key issues for the assessment
 Is a function generic or specific?
 If its generic, are there any limitations
(Safety-related Constraints)
 If its specific, is it different to before?
 If its different, does it matter?
 If it matters, where is the evidence in SASC
to demonstrate safety?
© TPD 2014
Summary
1.
2.
3.
4.
Establish firm GA and reference baselines
Specify (target) application and environment
Identify key differences
Specify any technical, operational and
procedures adaptations
5. Manage the risk associated with the
differences
6. Produce a credible a safety argument
7. Goto 1
© TPD 2014
Related documents
ChE 397 * Team 7
ChE 397 * Team 7
CBTC from the start - Communication Based Train Control
CBTC from the start - Communication Based Train Control
System life cycle
System life cycle
Job analysis and Job description Job analysis
Job analysis and Job description Job analysis
Specification - the Redhill Academy
Specification - the Redhill Academy
Evaluation of Safety Critical Software
Evaluation of Safety Critical Software
Introduction Design and technology
Introduction Design and technology
iYBWG Background & Expectations
iYBWG Background & Expectations
Project Management - UK Versity Online
Project Management - UK Versity Online
GCSe textiles ppt3 specifications
GCSe textiles ppt3 specifications
Developer training
Developer training
iESM Working Group - the international ESM Handbook
iESM Working Group - the international ESM Handbook
Download
advertisement