Development and Application of Hazard Analysis & Risk Assessment Models for
the Korea Railway
Chan-Woo Park  Jong-Bae Wang  Sang-Log Kwak Don-Bum Choi
National Railway Safety R&D Program Corps, Korea Railroad Research Institute, Gyeonggi-Do, Republic of Korea
Abstract
This study shows the developing process of the Korea railway risk assessment models and the results of their
application to the Korea railway. The risk assessment models were developed based on the accident scenarios.
Various hazardous events, which have the potential to lead directly to casualties, were defined by gathering various
accident reports and having several workshops with railway safety experts. Then, for each hazardous event, the
railway accident appearance scenarios and railway accident progress scenarios were developed. The railway
accident appearance scenarios provide the base of accident causal analysis models for the frequency evaluation.
The railway accident progress scenarios provide the base of accident consequence analysis models for the severity
evaluation. The above developed models were applied to assess the accident risk of the Korea railway. The
frequency of each hazardous event was evaluated from the historical accident data and structured expert judgments
by using the FTA technique. In addition, to assess the severity of each hazardous event, the ETA technique and
other safety techniques were applied. Finally, the risks for passengers, staff, and member of public were estimated
as the number of equivalent fatalities.
Key words: Accident Scenario, Risk Assessment
1. Introduction
The Korean railway industry has undergone rapid changes such as structural reform, Korea Train eXpress
(KTX) operation. In order to manage increased hazard factors, “Railway Safety Act” focused on the risk-based
safety management was announced in 2004. According to this Act, railway operators and infrastructure
managers should get the government’s approval for their safety management plans, which are prepared by the
risk assessment results. In this reason, since Oct. 2005, Korea Railroad Research Institute (KRRI) has developed
the common hazard analysis & risk assessment models for the Korea Railway. This paper introduces the
developing process of these models and the results of their application to the Korea railway.
Page 1 of 11
The risk assessment models were developed based on the accident scenarios. The accident scenarios were set
up by gathering various accident reports and having several workshops with railway safety experts. According to
the accident classification of “Railway Accident Report Regulation” published in 2006, the scenarios were
divided into the five main areas as follows: 1) train collision accident, 2) train derailment accident, 3) train fire
accident, 4) level crossing accident, and 5) railway casualty accident. In each area, various hazardous events,
which have the potential to lead directly to casualties, were defined. Then, for each hazardous event, the railway
accident appearance scenarios and railway accident progress scenarios were developed. The railway accident
appearance scenarios provide the base of accident causal analysis models for the frequency evaluation. The
railway accident progress scenarios provide the base of accident consequence analysis models for the severity
evaluation.
The above developed models were applied to assess the accident risk of the Korea railway. The frequency of
each hazardous event was evaluated from the historical accident data and structured expert judgments by using
the FTA technique. In addition, to assess the severity of each hazardous event, the ETA technique and other
safety techniques were applied. Finally, the risks for passengers, staff, and member of public were estimated as
the number of equivalent fatalities.
2. Risk Assessment Procedure
To develop the Korea railway risk assessment models, various risk management procedures were reviewed
such as ISO/IEC Guide 51 [10] and the risk management procedure applied to this study was developed. It is
similar to the common approach risk management [1] suggested in EU.
Figure 1. Common Approach Risk Management
Figure 1 show this procedure. The schemes show three dimensions: a railway system, the life cycle of this
system, the process of risk management. Although unwanted events occur during the construction and
exploitation phase, it is most helpful to take into account the whole lifecycle of a railway. Therefore, the risk
Page 2 of 11
management must start from the system design phase considering both the normal mode and the degrade mode
for this system. Then, the results of the risk management in the system design phase are transmitted to the
involved organization of the construction phase and the similar approach is applied to the next stage as loop.
Figure 2. National Railway Risk Management System Architecture
The developed risk management procedure has resulted in the national railway risk management system
architecture as shown in Figure 2. The architecture will be utilized for the construction of a nation-wide railway
risk management program and the execution of safety regulations. These works will be carried out as a rolling
plan until 2010.
Figure 3 presents the hazard analysis and risk assessment procedure. In this study, the hazard identification of
railway accidents had been carried out by gathering various accident reports and information and having several
workshops with railway safety experts. Then, accident scenarios and railway accident analysis code system have
been built up. The railway accident scenarios are consisted of railway accident appearance scenarios and railway
accident progress scenarios. Both scenario groups are divided by initiating hazardous events. Here, a hazardous
event means one that has the potential to lead directly to death or injury. The railway accident appearance
scenarios refer to the occurrence processes of accidents before hazardous events. These scenarios provide the
base of FTA model structure for frequency evaluation on railway accidents. The railway accident progress
scenarios mean the progress processes of accidents after hazardous events. These scenarios provide the base of
ETA model for severity evaluation on railway accidents.
Page 3 of 11
Figure 3. Railway Risk Assessment Procedure
3. Hazard Identification using Railway Accident Scenarios
To perform hazard identification, it is required to understand what consist of hazards, how to recognize it and
how to define it. That is, the understandings of accident appearance & progress sequences are needed. In order to
understand these sequences, the following procedure was used in hazard identification stage and the railway
accident scenarios were developed to define these sequences.
1) System definition and boundary setting: setting up objective of hazard identification and its boundary
2) Identifying hazardous events, hazards and barriers: Including the definition of measures which stops the
increases of accident
3) Developing accident appearance scenarios: defining relationships among hazardous events, hazards and
barriers.
4) Developing accident progress scenarios: considering the relevant key influential factors.
5) Accident scenario management: drawing up hazard log.
Figure 4. Example of Railways System Breakdown (from SAMRAIL Project)
Page 4 of 11
For the national wide risk assessment model, the definitions of a generic railway system, mission profile and
system operation environment are essential and should be considered. These are fairly well defined by EU
railway safety directive, most notably by EN 50126. Typical railway system configuration of Figure 4 which
proposed in SAMRAIL project [3] report was considered in the development of the risk assessment model.
According to the accident classification of “Railway Accident Report Regulation” published in 2006, the
scenarios were divided into the five main areas as follows: 1) train collision accident, 2) train derailment
accident, 3) train fire accident, 4) level crossing accident, and 5) railway (traffic/safety) casualty accident. In this
study, 177 hazardous events were defined and Table 1 shows the example of the hazardous events
Table 1. Example of the Hazardous Events
Railway Category
Hazardous Events
misrouted train
faults in driving
Train Collision
abnormal train
obstacles on the track
being trapped in level
crossing
Level Crossing
Accident
crossing during warning
signal
interlocking system faults
signal/direction violation, signal fault, mistaking in dealing braking
system, braking system fault, over speeding
train separation, car rolling, train stop, backward moving
external obstacles, parts from train/freight falling, infrastructure
collapsing/obstruction
-Engine stop
-Deviation of pathway
-gangway blocking
-lack of propulsion/braking
-violation entry
breaking through or detour
the barrier
People struck/crushed
Trip/Slip
Railway Traffic
Casualty Accident
mistaking in dealing points, point faults, mistaking in dealing blockage,
Falling
Caught/Dragged
Others
-limit interference
-breaking or detour
Striking with train, Striking with objects
Trip/slip during train boarding/alighting, Trip/slip by train emergency
braking/emergency start
Falling from train, Falling from platform during train
boarding/alighting
Caught in a train door, Caught between platform and train
Electric Shock, Burn, Suffocation
Page 5 of 11
The railway accident appearance scenarios were built up by classifying properly the immediate causes
(hazardous accident) and underlying causes. The immediate causes are classified according to characteristics of
each hazardous event and the underlying causes are applied to all hazardous events with an identical structure.
• Immediate Causes: conditions which immediately cause hazardous events
a) Substandard Acts - substandard acts/behavior of who can cause hazardous events
b) Substandard Conditions - physical conditions which can cause hazardous events
• Underlying Causes: reason or source of substandard acts and conditions
a) Human Management Factors - capability, skill, physical/mental state of concerned peoples
b) Technological Factors – control, maintenance and legal criteria related to the technical environment
conditions including tools and machines
c) External Factors – Illegal action, substandard climate condition and substandard circumstance condition
(a) accident appearance scenario example
(a) accident progress scenario example
Figure 5. Summarized Structure of Railway Accidents
As a matter of fact, the accidents can be considered as the knot between causes and consequence. Thus, after
a hazardous event, there are several processes which lead to the final consequence. In this study, critical factors
influencing the final consequence of each hazardous event were identified and the relationships among these
factors were defined in the accident progress scenario. Figure 5 shows the summarized structure of the
developed accident scenarios.
4. Risk Assessment Model Development
The risk assessment model has been developed in the form of a cause and consequence analysis using fault
trees and event trees to represent each of the hazardous events. The railway accident appearance scenarios
Page 6 of 11
provide the base of accident causal analysis models for the frequency evaluation. The railway accident progress
scenarios provide the base of accident consequence analysis models for the severity evaluation.
In this study, “Risk” relates purely to safety risk in terms of an estimate of the potential for harm to
passengers, staff and members of the public from the operation and maintenance of the railway. The risk is
expressed as the FWI (Fatalities and Weighted Injuries) per year in which ten major injuries and 200 minor
injuries are both equal to one equivalent fatality.
The risk associated with a particular hazardous event is calculated in terms of:
Collective Risk (the average number of FWI/year)
=
Frequency (the average frequency at which the hazardous event occurs)

Consequences (the number of FWI/event)
The fault trees and event trees have been consisted of data relating to the frequency or probability of various
failures (or faults) and the consequences of each scenario sequence. Thus, data was obtained from a wide variety
of railway industry data sources. Where data was not available for the quantification of the cause and
consequence precursors, use was made of:
 Human error probability assessments using a revised Human Error Assessment and Reduction Technique
(HEART)
 Safety expert judgment from in-house expertise within Korea railway.
 Statistical methods including Monte Carlo simulation and Bayesian uncertainty distributions.
To assess the accident risk of the Korea railway has an important role in the improvement of railway safety in
the most effective manner. To do this, a dedicated railway risk assessment and information management system
(RAIMS) is being developed. RAIMS is composed of four sub-systems for; accident analysis, risk analysis,
system management, and requirement verification management, the structure of which is shown in Figure 6.
The accident analysis subsystem is the application running on the web which several users can assess. This
system is composed of three modules as follows: 1) Accident input module, 2) Accident statistics module, 3)
Hazard management module. One purpose of the accident information system is to provide fundamental
information for an in-depth risk assessment of railway accidents. The other purpose is to provide information on
Page 7 of 11
railway safety performance levels to both assessors and the public. Figure 7 shows some pictures of the accident
system subsystem.
RAIMS
Safety Requirement
Verification & Management
Accident Analysis
Risk Analysis
System
Accident Search
Event Tree Analysis
User Management
Safety Requirement
Management
Environment Analysis
Fault Tree Analysis
Code Management
Railway System
Management
Hazard Analysis
Risk Evaluation
Classification
Management
Damage Analysis
Human Factor Analysis
Management
Safety Requirement
Change Management
Requirement Traceability
Management
Options Analysis
Figure 6. Functional Structure of RAIMS
(a) Environment Analysis
(b) Accident Analysis results
(c) Accident Statistic Analysis
Figure 7. Illustrations of the web-based accident analysis subsystem
The risk analysis system is the windows-based application. This is a dedicated railway risk assessment software
package which is a sub-module of RAIMS. The railway risk workstation consists of several modules as shown in
Figure 6. Each module provides the basic functions such as editing ET (Event Tree) and FT (Fault Tree). The
risk of the railway systems can be assessed by the ET/FT linking approach usually used for complex systems.
Accident scenarios that can lead to an undesirable consequence should be defined as event trees, using an event
tree editor. Each branch of the accident sequences requires one or more supplementary fault trees, which can be
Page 8 of 11
developed by a fault tree editor. Sum of the frequency of each sequence becomes the total frequency of the
accident of concern. Figure 8 shows some pictures of the risk analysis system [5].
(a) Event tree editor view
(b) ET/FT linking approach
(c) Fault tree editor view
Figure 8. Illustrations of the risk analysis subsystem
Where data was not available for the quantification of the cause and consequence precursors, it was needed to
support the analysts in an effective and efficient way in analyzing human error potential in railway event. the
revised railway human reliability analysis (R-HRA) method which is to be used under the railway risk
assessment framework and the second part presents the features of a computer software which was developed for
aiding the R-HRA process. The revised R-HRA method supplements the original R-HRA method developed by
RSSB [8] in UK. It provides a specific task analysis guideline and a classification of performance shaping
factors (PSFs) to support a consistent analysis between analysts. The R-HRA software aids the analysts in
gathering information for HRA, qualitative error prediction including identification of external error modes and
internal error modes, quantification of human error probability, and reporting the overall analysis results. Figure
9 shows some pictures of the risk analysis system [5].
(a) General information input
(b) Error analysis & quantification
(c) Reporting results
Figure 9. Illustrations of the railway human reliability analysis module
To assess railway accident risk on the basis of the risk assessment model developed, railway accident data until
2005 year on the main line of South Korea were analyzed. Train operation on the main line is fully carried out by
Page 9 of 11
Korea Railroad Corp.. The total risk to passengers, staff and members of the public modeled within the risk
assessment model, is predicted to be 203 FWI per year. A breakdown of the total risk by accident category is
shown in Table 2.
Table 2: Total risk by accident category
Accident category
Risk (FWI/yr.)
Train collision accident
0.6744
Train derailment accident
3.6898
Train fire accident
14.1
Level crossing accident
16.94
Railway traffic casualty accident
161.138
Railway safety casualty accident
20.742
Total
217.284
The overall risk contributions for the hazardous events are made up from different profiles of frequency and
consequences. The Railway traffic casualty accident and railway safety casualty accident tend to consist of high
frequency low consequence type events eg. slips, trips and falls, while the train accidents tend to have a risk
contribution from the low frequency high consequence type events eg. train derailment and train collision. The
effect of these low frequency high consequence events is to increase the risk contribution for the hazardous
events above the level that may have been seen in practice project.
The model is being prepared currently and will include:
• The feasibility and uncertainty test in the results of the developed model
• Improved level of human factors modeling
• Use of more sophisticated statistical analysis techniques where only limited data is available for some of the
required inputs.
5. Conclusion
This study has proposed the development procedure 'Risk Assessment Model' by railway accidents as a
common approach for hazard analysis and risk assessment, a start point of railway system safety management,
and presented a quantitative risk assessment model which is based on accident scenarios.
The developed model will provide a generic model of the safety risk on the Korea railway
Which will
Page 10 of 11
• Increase the industry’s knowledge of the risk from the operation and maintenance of Korea railway network
• Allow the identification of areas of railway operation that need further risk controls
• Allow sensitivity analyses to be carried out to determine the risk reduction from the introduction of new
control measures
• Allow cost benefit analysis of proposed changes
References
[1] European Commission, “Safety Management in Railway, D.2.3: Common Safety Methods”, 2004.
[2] European Commission, “Safety Management in Railway, WP.2.4: Acceptable Risk Level”, 2004.
[3] European Commission, “Framework for identifying sources, stakeholders and the nature of risks, SAMNET /
LSA / PhG / WP2.3 / D2.3.1 / V4, 2004.
[5] Korea railroad research Institute, “Establishment of Risk Analysis and Assessment System for Railway
Accidents and Hazards”, Annual report of an Integrated R&D Plan for the Railway Safety, Ministry of
Construction and Transportation, Korea, 2006.
[6] Rail Safety and Standard Board, “Investigation of common safety methods”, 2005.
[7] Rail Safety & Standard Board, “A statistical review of the RSSB Safety Risk Model (WP1)”, 2004.
[8] Rail Safety and Standard Board, UK (2004), “Rail-specific HRA technique for driving tasks”, Final report.
[9] Rail Safety and Standard Board, “Profile of Safety Risk on the UK Mainline Railway”, issue 5, 2006.
[10] ISO/IEC Guide 51, “Safety Aspect-Guidelines for their inclusion in standards”, 1991.
Page 11 of 11