November 2014 - Network Rail


Signalling - Safety Step Up

System Safety in the delivery of Signalling Projects

To be delivered as ‘safety conversational’ and discussed within a Step Up environment



– 12


December 2014

## Please delete this slide for onward brief ##

11-Apr-20 / 1

Signalling - Safety Step Up


System Safety in the delivery of Signalling Projects

Delivery Lead & Lead Engineer names

11-Apr-20 / 2

Signalling Projects Safety Working Group

Background & Timeline

• A number of system safety issues encountered on signalling projects over the last 5 years.

• Supply chain members’ concerns were raised with the

Railway Industry Association (RIA) and the Institute of

Railway Signal Engineers (IRSE) in mid 2013 and mapped to investigation causes.

• These parties with NR IP met to discuss the concerns in October 2013.

• A working group was convened under auspices of the

IRSE Council, and incorporated a wider representation of the rail supply industry.

• This group under the banner of the IRSE made recommendations in June 2014.



The IRSE and Industry Recommendations


Build upon the use of technical stage-gates already developed for data in signalling systems, to be applied to all signalling projects, with any non-compliance to this requirement being very much the exception to the rule and treated with the seriousness it deserves

If the agreed date for passing a stage-gate (financial or technical) cannot be met, the implications (including safe assured delivery) for the planned commissioning date(s) and other critical milestones must be identified, risk assessed and mitigations addressed

Any change to the agreed/approved specification during the detailed design, construction, testing and commissioning phases should be avoided. Where change is absolutely necessary, both supplier and client must be in agreement that the impact of the change can be safely managed.

The non-sequential application of signalling design/development processes should be the exception, not the norm and when utilised shall be subject to formal risk assessment


Rigorous change control processes must be applied to all designs issued for construction purposes (and not just AFC designs).

11-Apr-20 / 4

What we have to ensure…..

1. Projects need to be developed in a manner that enables and secures safe and efficient delivery.

2.Initial bolt down of scope.

3. Managed approach to change, the assessment of time and process impact and the reduction of technical risk.

4. Whenever the process is impacted, a reassessment and any necessary reduction of technical risk.

11-Apr-20 / 5

The Network Rail Safety Vision Statement…

The CEO’s Safety Vision Statement

The context of the necessary actions….

#3: We will plan work to ensure that it can be done safely.

#8: We will relentlessly strive to find new ways to keep ourselves, colleagues, passengers and the public safe.

#9: We will design, construct, inspect, operate and maintain the railway to keep everyone safe.

11-Apr-20 / 6

Planning & Integration…

- Integrated Plans

- Include ALL Disciplines

- Includes all stage gates at a timely point before the end of that GRIP stage

- Include Inter Disciplinary Check

- Realistic & durations confirmed by stakeholders

- Sequential Working

11-Apr-20 / 7

A T ypical Project Timeline…

Technical Technical Technical

Stagegate Stagegate end of GRIP end of GRIP end of GRIP



3 4

Deliverable Yes/No?

Deliverable Yes/No?

Deliverable Yes/No?

Deliverable Y/N?



(GRIP 1)








Develop ment

(GRIP 4)


&Stage works

Design (GRIP





Entry into Service


11-Apr-20 / 8

When we don’t get it right…

11-Apr-20 / 9

An example of a Technical Stagegate Checklist…

Deliverable / Check Item

Operational Requirements

Image Slide

End of GS Stagegate Output Purpose

1 Pass / Fail - escalate The purpose of the Operational Requirements

Specification is to provide a detailed and final definition of the Operations stakeholder‘s requirements. (To also include List of Routes)

Project HAZID 1 Pass / Fail - escalate Project HAZID to include but not limited to compatibility with rolling stock, duty of co-operation (ref GE/RT8270)

Design Decision Log 1

Review level of complexity and interlocking capability


Review Non Sequential Activities 1

Review current status of source records


Pass / Fail - escalate The purpose of the design log is to record all relevant decisions on the project to create an audit trail for the evolving design.


– No action

Medium / High escalate

Review the level of complexity and capability for the technology proposed and to be altered for risk.

Are sufficient resources available

How easily can the system be altered

Can the system deliver the required outputs

Low – No action

Medium / High escalate

Low – No action

Medium / High

– escalate

Review sequential activities already taken place or those planned to take place during the next phase.

Review the risk imported or to be imported due to non the availability of source records to allow this scheme to move forwards. This shall also include the current status of the signalling deficiency register.

11-Apr-20 / 10

The Common Safety Method

– Risk Evaluation and Assessment Flow Chart


For scope changes and before introducing non sequential working identify risks and controls using this established process.

Risk Evaluation

& Assessment

11-Apr-20 / 11

What to consider about your project works as you return to the workplace…

1. Is the scope fixed and understood?

2. Have you and are you managing the risk from change?

3. Recognise non-sequential working, assess the imported risks to safe delivery & control…

AND… Are you in a fit state to progress?

11-Apr-20 / 12

Presentation Title: View > Header & Footer

Thank You for Listening…


11-Apr-20 / 13