international Engineering Safety Management Overview and what’s new Paul Cheeseman & Dr Rob Davis Technical Program Delivery paul.cheeseman@tpd.uk.com rob.davis@tpd.uk.com © TPD 2013 iESM - Aim • To assist the international railway industry in delivering products/systems with acceptable levels of safety by developing & sharing good practice in railway Engineering Safety Management worldwide. • Developed as part of the TPD internal research activities, for the good of the rail industry. © TPD 2013 ESM - History “YB0” – early 1990’s “YB0” – early 1990’s Network SouthEast Network SouthEast Signalling and Telecomms Signalling and Telecomms YB1 -1996 UK Railtrack EE&CS International Emerging Good Practice YB1 -1996 Railtrack Electrical Engineering and Control Systems YB2 -1997 UK Railtrack YB2 -1997 YB3 -2000 Railtrack UK Rail Industry YB4 2005 Generic iESM -2013 YB3 -2000 International Handbook on Rail Industry Engineering Safety Management iESM © TPD 2013 iESM - Who is producing it? • Dr Rob Davis – the originator of the riskbased safety engineering process in rail as part of the BR NSE quality system later published as “Yellow Book”. Established Yellow Book and the YB Steering Group (YBSG) and now chair of iESM WG. • Paul Cheeseman – part of the BR team and the last chair of YBSG. • Bruce Elliot – editor of the Yellow Book content throughout 1991 -2007 and iESM 2012-13 © TPD 2013 iESM Working Group • Act as authority for iESM and develop/support the creation of associated supporting materials); • Facilitate the efficient and effective application of iESM; • Promote and facilitate the exchange of ideas for good practice that are found in the world railway community and other relevant industries; • Sponsored by MTR Corporation, Hong Kong. © TPD 2013 iESM WG Members • Recognised as having significant standing within the industry on matters relating to the management of engineering safety, • Available and commit to the work of the Working Group and promotion of iESM; • Provide a professional contribution to Working Group activities based on their skills and expertise. ..............could that be you? © TPD 2013 iESM supporters Worldwide © TPD 2013 iESM - Structure Layer 1: Principles and Process Volume 1 Layer 2: Methods, tools and techniques Further Volume 2 volumes to be (Projects) announced Layer 3: Specialized Guidance Application notes as required © TPD 2013 Volume 0 iESM - Business benefits • • • • • Identifying risks early Integrated hazard management – three “legs” Encouraging consistency and re-use Scaling with the problem Empowering project managers and supporting users through a common approach and common “language” © TPD 2013 iESM - What’s in? Emerging good practice • Support for Common Safety Methods for Risk Assessment have been mandated on parts of the railway by European Directives • Consistent with: – Recent EN50128 with focus on roles and competence – New CENELEC EN50126 incorporating the former EN50128/9/155 and covering all technical systems – Guidance from RSSB UK “Taking Safe Decisions” – Guidance on using “Cross Acceptance” fast track © TPD 2013 iESM - What’s out? • Bias towards any one legal system or regulatory framework (e.g. requirement to reduce risk ALARP) • Known deficiencies and poor practice e.g. using risk matrices as a sole method for risk acceptance • Templates, checklists, techniques etc to layer 3 • Explicit consideration of maintenance activities – (temporary) • English spellings! © TPD 2013 • Lets look inside …… © TPD 2013 Snap shot from Vol 1 © TPD 2013 Presentation of Volume 2 © TPD 2013 iESM - Overview #1 DEFINITION Defining the scope Determining safety obligations, targets and objectives Planning safety activities To RISK ASSESSMENT RISK ANALYSIS Identifying hazards Estimating Risk Applying standards Comparing with a reference system To RISK EVALUATION AND CONTROL © TPD 2013 Estimating risk explicitly 1. Estimating risk by applying standards • The standard shall at least satisfy following requirements: – be widely acknowledged in railway domain. If not the case, the standard will have to be justified; – be relevant for control of considered hazards in system under assessment; – be publicly available for all who want to use it. © TPD 2013 IEEE1474 – thank you © TPD 2013 2. Estimating risk by comparing with a reference system • A Reference System shall at least satisfy following: – it has already been proven in-use to have an acceptable safety level and would still qualify for acceptance where change is to be introduced; – it has similar functions and interfaces as system under assessment; – it is used under similar operational conditions as system under assessment; – it is used under similar environmental conditions as system under assessment. © TPD 2013 CBTC Roll out using reference system Reference to CDL 1 plus specific application hazard management Generic Application Safety Case for core system Chengdu Line 2 Xian Line 2 Hangzhou Line 1 Hangzhou Line 2 Zhengzhou Line 1 Specific Application Safety Case Chengdu Line 1 © TPD 2013 3. Estimating risk by explicit risk estimation • The need for the use of an explicit risk estimation could typically arise: – when the system under assessment is entirely new, OR – where there are deviations from a Standard or a Reference System, OR – when the chosen design strategy does not allow the usage of a Standard or similar Reference System because e.g. of a wish to produce a more cost effective design that has not been tried before © TPD 2013 Explicit Risk Estimation – putting it all together Derailment Derailment Containment Fails Peak Loading Consequence Risk Summation Frequency Severity Yes OR Gate Consequence 1 1.0E-05 5 Fatalities Consequence 2 1.0E-04 10 Serious Injuries Consequence 3 1.0E-03 5 Minor Injuries Consequence 4 1.0E-02 No Effect Yes Rolling Stock Fault No P-Way Fault Yes AND Gate No No Axle failure Undetected in Maintenance Basic Events © TPD 2013 iESM Overview #2 FROM RISK ANALYSIS Preparing a cross acceptance argument RISK CONTROL Evaluating risk Setting safety requirements No Is risk acceptable? Yes Implementing and validating control measures Compiling evidence of safety No Is evidence adequate? Yes Obtaining approval © TPD 2013 Monitoring risk iESM - Risk Control - Overview 1. Product / System / Project development, (design, build, test, etc.) 2. iESM activities (risk evaluation, risk control, safety argument, etc.) 3. Independent Assessment (checking and certification) © TPD 2013 iESM - Technical Support Processes • Managing hazards • Independent assessment • Configuration management & records © TPD 2013 iESM - Team Support Processes • • • • • Managing safety responsibilities Promoting a good safety culture Building & managing competence Working with suppliers Communicating and co-ordinating © TPD 2013 iESM - Summary • Is advisory, not mandatory; • Provides good practice guidance and will continue to reflect emerging good practice; • Is applicable in an international market; • Supports use of CENELEC standards and Common Safety Methods (CSM) for risk assessment, with practical, costeffective advice; • Assists in discharging legal & professional obligations; • Is guided by a Working Group of practitioners and supporters. • Is supported by training courses from TPD and Lloyd’s Register www.intesm.org © TPD 2013 A final thought Absolute safety is not achievable in the real world and therefore success relies on two fundamentals: 1) good processes, and 2) good people; such that when there is a problem or failure in one, the railway can be sustained by the other. © TPD 2013