Slide n° 1 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CSM for risk assessment (Reg. 402/2013) & Requirements for CSM Assessment Body Dragan JOVICIC, European Railway Agency
Slide n° 2 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CONTENTS 2.Overview of CSM RA WHAT is it? ( Reg. 402/2013) WHO shall apply it? Responsibility WHEN shall it be applied? TOO changes WHAT shall it be applied to? if change is significant WHAT controls ensure all risks are adequately controlled? Risk Assessment method Process or flowchart 3.Independent CSM Assessment Body WHY is it needed? mutual recogn. HOW to achieve trust of its work? HOW to become a CSM AB? WHY are different options permitted? GENERIC & SPECIFIC requirements Geographical area of work - ISA report WHEN shall ISA start & WHY? WHAT shall be assessed & HOW? WHAT is ISA work result? ISA Report Interaction with other CABs 4. ERADIS database - Member State choices & List of CSM AB 1.CSM for risk assessment within legislation + Management & Supervision of safety
Slide n° 3 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Place of the CSM for risk assessment within EU railway legislation and in Management & Supervision of railway safety
Slide n° 4 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 REMINDER - Risk based approach In a proactive system based on control of risks the key question is: «What are the likely risks and the risk control measures I should put in place to manage safely my business?» Safe Operation & Maintenance (i.e. all risks are under control) Activities undertaken by RUs, IMs & ECMs SMS MS Risks
Slide n° 5 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Existing national railway systems usually based on use of rules and retrospective review of «bad experiences» from past REMINDER - Harmonised way of thinking in terms of «risk» «Risk based approach» and proactive Management of Safety Directive 2004/49 introduces concepts of: (Safety) Management System (SMS/MS), and; proactive way of thinking «predicting and preventing» possible events (i.e. risks) that have not yet happened To ensure the safe Operation & Maintenance of the railway system, looking both FORWARD and RETROSPECTIVE, the SMS/MS shall enable to: «predict» unwanted events that can happen during the operation and maintenance of the railway system; «prevent» those unwanted events to happen in addition to «reacting and fixing» only those that occurred in the past, and; control (all) risks associated with RU, IM & ECM activities
Slide n° 6 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 SMS/MS provides a structured framework to ensure that: 1)PLAN: the company is designed (i.e. organised) to deliver safely the operation 2)DO: the company actually deploys the operational and support processes 3)CHECK: the company measures the effectiveness of the processes 4)ACT/ADJUST: the company takes preventive or corrective measures on detection of non-compliances SMS/MS is not an alternative to the existing set of safety related technical, operational & maintenance rules. It is a structured way to apply and improve them taking into account the risks related to specific activities of RU, IM, ECM REMINDER Objective of an SMS/MS: keep "set rules" up to date SMS MS DOCHECKACTPLAN
Slide n° 7 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Risk Manage ment Processes (Existing) Rules Procedures Human Factors A documented and structured framework for safe management of all company activities Ensures appropriate processes, procedures and rules exist for controlling all company risks Enables identification of hazards and continuous management of risks related to the company activities, with the aim of preventing accidents Uses scientific "risk manage- ment" tools to support company managers in taking consciously decisions for their business REMINDER - What is an SMS/MMS?
Slide n° 8 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 REMINDER from previous presentation Relations between the different railway stakeholders CUSTOMER ECM IM RU Track Access Safety Certification Safety Authorisation Transport Contract Maintenance Contract Renting Contract Contract of use - GCU KEEPER ECM CERTIFICATION BODY NSA Surveillance of MSSupervision of SMS ECM CERTIFICATION BODY NSA Certification of MSCertification of SMS
Slide n° 9 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Cornerstones of Safety Management & Safety Supervision in a risk based approach Overview of CSM for risk assessment
Slide n° 10 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Safe Operation REMINDER - European Railway Legislation Safety Regulatory Framework – How many CSMs? Railway Safety Directive 2004/49/EC ² CSM for Conformity Assessment - Regulations 1158/2010 & 1169/2010 ECM Regulation 445/2011 CSM for Supervision Regulation 1077/2012 ECM Regulation 445/2011 SMS/ MS Do Check ActPlan AssessmentMonitoring/Supervision/Surveillance Freight wagons CSM for Risk Assessment Regulation 402/2013 CSM for Monitoring Regulation 1078/2012
Slide n° 11 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 REMINDER - Pilars for managing railway safety and taking safe decisions Risk Assessment & Monitoring within the framework of Change Management Presentation by CSM for risk assessment & CSM for monitoring of the links between Reg. 1078/2011 Reg. 402/2013
Slide n° 12 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Overview of Regulation N°402/2013 WHEN shall the CSM be applied? WHAT is the CSM for risk assessment? (Regulation 402/2013) WHO shall apply it? (responsibility) WHEN shall it be applied? (entry into force) WHAT shall it be applied to? (significant changes) METHOD (Process or flowchart) Always keep in mind why risk assessment is made (i.e. for controlling the risks) Demonstration of Compliance with Safety Requirements Preliminary System Definition INDEPENDENT ASSESSMENT HAZARD MANAGEMENT RISK ANALYSIS RISK EVALUATION (vs. Risk Acceptance Criteria) Safety Requirements (i.e. safety measures to be implemented) SYSTEM DEFINITION RISK ASSESSMENT Significant Change? HAZARD IDENTIFICATION AND CLASSIFICATION Codes of Practice Similar Reference Systems Explicit Risk Estimation Justify and document decision
Slide n° 13 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Versions of CSM for risk assessment Successive Changes Regulation 402/2013 Regulation 2015/1136 R&R CSM AB More categories of RAC-TS 19/07/2010 Technical changes 01/07/2012 TOO changes 21 st May 2015 (Repealing Reg. 352/2009) 2012 to 2014 CSM DT [10 -9 & h -1 ] 2010 to rd August 2015 (Amending Reg. 402/2013) 2005 to 2007 Regulation 352/2009 RAC-TS [10 -9 h -1 ] Guide on CSM AB Guide on CSM DT (+ 2 existing Guides) under development
Slide n° 14 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CSM for Risk Assessment WHAT is the CSM for risk assessment? CSM for risk evaluation and assessment (Regulations 402/2013 & 2015/1136 replacing Regulation 352/2009) Method: tool to be applied for controlling risks and taking decisions transparently and in a harmonised way. It is not replacing the technical railway knowledge Common and harmonised method at the European level ensuring equal treatment for all railway actors Safety: it is to be used by railway actors to manage safely changes of the European railway system CSM for risk assessment is a European regulation it is legally binding and there is no need for national transposition
Slide n° 15 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Next slide explains who can be the Proposer (it quotes Article 3(11) of CSM Regulation) Who shall apply the CSM? the Proposer IMs, RUs, ECMs; Actors requested to apply CSM by law (TSIs, directives,…) Other actors when defined through contractual arrangements How should the CSM be applied? CSM describes a process or framework for risk assessment to be integrated within the SMS CSM does not constraint any detailed tool/instrument for risk assessment CSM for Risk Assessment WHO shall apply the CSM for risk assessment?
Slide n° 16 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CSM for Risk Assessment WHO shall apply the CSM? The proposer Art. 3(11) (a)a railway undertaking or an infrastructure manager which implements risk control measures vs. Art. 4 of Directive 2004/49; (b)an entity in charge of maintenance which implements measures in accordance with Article 14a(3) of Directive 2004/49; (c)a contracting entity or a manufacturer which invites a NOBO to apply the “EC” verification procedure in accordance with Article 18(1) of Directive 2008/57 or a designated body according to Article 17(3) of that Directive; (d)an applicant for an authorisation for the placing in service of structural sub-systems [Manufacturer, RU or Keeper]; Directive 2004/49 - Through RU/IM SMS & ECM Maintenance System Directive 2008/57 - Authorisation for placing in service (APIS) Contracting Entity RU ECM IM Applicant for an APIS Auth. for placing in service SMS – Syst of Maint.
Slide n° 17 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Who is deciding if the change is significant? If there is no Notified National Rule, Proposer decides whether the change is significant national safety authority (NSA) does not decide CSM for risk assessment WHEN shall it be applied & WHAT shall it be applied to? Significant change When should the CSM be applied? When making changes to the railway system Indifferently to “Technical, Operational or Organisational” changes Always for evaluating at least the “significance of the change” BUT Only when change impacts safety performances AND when it is assessed as being a ”significant” change Annex I must be applied When change is non significant, method for risk assessment is not imposed But risk control is mandatory, e.g. ISO 31000/31010 standard could be used
Slide n° 18 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CSM for risk assessment – WHEN shall it be applied? Evaluation of the significance of the change How shall the decision on the significance of the change be taken? On basis of experts’ judgment taking into account 6 criteria defined in Article 4 of CSM: Consequences Novelty Complexity Monitorability Reversibility Additionality Preliminary System Definition Significant Change Traceability + SMS procedures Application of process defined in Annex I of CSM YES NO
Slide n° 19 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Reasonable use of CSM for risk assessment Significant – Non Significant When making a change ask yourself whether change is significant [Article 4] 1)Not significant: a)because not safety related: document for transparency reasons; b)safety related but not significant because either risk is already under control with existing provisions of the SMS or it can be controlled by well known measures SMS requires to demonstrate that all risks related to the company activities are managed, including thus management of changes. So, the proposer has to apply his procedures/process for risk management described in SMS 2)Significant apply Regulation 352/2009 (Regulation 402/2013)
Slide n° 20 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Reasonable use of CSM for risk assessment Is change significant or not Significant (Art. 4)? Application of CSM not needed Document decision (transparency) NO Application of Regulation 402/2013 not mandatory Apply company procedures for Risk Assessment & Risk Management - Document decision & activities related to manner risk is controlled YES Full application of CSM for risk assessment and process in Annex I Is associated risk already controlled and thus acceptable? Can risk be managed by well known measures? NO YES NO Change is SIGNIFICANT Change is NOT SIGNIFICANT Application of all criteria in Article 4(2) of Regulation 402/2013 Is the change safety related?
Slide n° 21 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CSM for risk assessment Controls of the correct assessment of the significance of the change For RUs and IMs NSA during supervision activities of RU/IM SMS For ECMs ECM Certification Bodies during surveillance activities of ECM System of Maintenance In the cases foreseen by the national legislation (notified rules) Supervision/Surveillance are not expected to be done systematically on all changes but on a sampling basis, having knowledge of the key risks RUs and IMs (respectively ECMs) are requested to keep and document a list of changes they do to enable such a supervision by NSA (respectively such a surveillance by ECM Certification Body) Decisions made by Proposers can be questioned by NSAs and by ECM Certification Bodies if they can demonstrate existence of substantial safety risks WHO is checking, WHEN and HOW risks of both Significant and Non Significant changes are adequately controlled?
Slide n° 22 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Benefits of application of CSM for risk assessment Common tool used by all railway actors Common language supporting mutual recognition of results of Risk Assessments and the exchange of information between stakeholders Enables traceability of decisions and provides Company Management with criteria to help them taking consciously and safely decisions Memory of the company Decisions of the NSA/ECM Certification Body are based on objective evidences Equal treatment for all RUs/IMs and ECMs CSM supports logical and rational approaches rather then emotional behaviours based on doubts and fears
Slide n° 23 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 (a)System definition (b)Hazard identification & classification (c)Identification of safety measures (d)Risk analysis based on use of exiting Risk Acceptance Principles (RAP): 1)Codes of practice 2)Reference Systems 3)Explicit risk estimation There is no mandatory order of priority in use of these three RAP (d)Risk evaluation for checking acceptance of risk(s) (e)Definition of safety requirements from identified safety measures Iterative Risk Management Process “triggered” by a Significant Change Overview of the CSM for risk assessment Risk assessment flowchart - Process in Annex I Defines a common process for risk assessment Demonstration of Compliance with Safety Requirements Preliminary System Definition INDEPENDENT ASSESSMENT HAZARD MANAGEMENT RISK ANALYSIS RISK EVALUATION (vs. Risk Acceptance Criteria) Safety Requirements (i.e. safety measures to be implemented) SYSTEM DEFINITION RISK ASSESSMENT Significant Change? HAZARD IDENTIFICATION AND CLASSIFICATION Codes of Practice Similar Reference Systems Explicit Risk Estimation Justify and document decision
Slide n° 24 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Iterative Risk Management Process “triggered” by a Significant Change Demonstration of Compliance with Safety Requirements Preliminary System Definition INDEPENDENT ASSESSMENT HAZARD MANAGEMENT RISK ANALYSIS RISK EVALUATION (vs. Risk Acceptance Criteria) Safety Requirements (i.e. safety measures to be implemented) SYSTEM DEFINITION RISK ASSESSMENT Significant Change? HAZARD IDENTIFICATION AND CLASSIFICATION Codes of Practice Similar Reference Systems Explicit Risk Estimation Justify and document decision CSM for risk assessment also requires: Update system definition with identified safety requirements; Demonstrate compliance with system definition, and thus with safety requirements from risk assessment; To support mutual recognition: (a)Risk assessment and risk management must be documented in hazard record; (b)Independent assessment by a CSM Assessment Body of correct application of the CSM Process and of appropriateness of results Overview of the CSM for risk assessment Risk assessment flowchart - Process in Annex I
Slide n° 25 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body (RASBO)
Slide n° 26 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Why is Independent Safety Assessment needed ? to give confidence that system under assessment can fulfil safely the intended objectives, and consequently to gain trust in the risk assessment and allow mutual recognition of the risk assessment results CSM Assessment Body (RASBO) is necessary
Slide n° 27 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body Check correct application of CSM for risk assessment When change significant, a CSM Assessment Body must be appointed CSM assessment body shall carry out an independent assessment of: correct application of risk management process in Annex I, and; suitability of results from risk assessment process Criteria & requirements to be fulfilled Who, What, How, When, etc.? Demonstration of Compliance with Safety Requirements RISK EVALUATION (vs. Risk Acceptance Criteria) INDEPENDENT ASSESSMENT HAZARD MANAGEMENT RISK ANALYSIS Safety Requirements (i.e. safety measures to be implemented) SYSTEM DEFINITION RISK ASSESSMENT Significant Change? HAZARD IDENTIFICATION AND CLASSIFICATION Codes of Practice Similar Reference Systems Explicit Risk Estimation Justify and document decision Preliminary Sys Definition Article 6 of Regulation 402/2013
Slide n° 28 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Required when change is significant - Appointed by Proposer, if there is no contrary national legal obligation Necessary for mutual recognition of results from risk assessments reduction of risk assessment costs and requests of unjustified additional demonstrations Check correct application of CSM process and appropriateness of results Deliver a safety assessment report to support Proposer in its decisions WHEN? not explicitly required in CSM - Should be involved early in project and finishes with delivery of independent assessment report to Proposer WHO? whoever fulfils general requirements in Annex II of Reg. 352/2009: independence from design, manufacturing, construction, marketing, operation or maintenance of system under assessment professional integrity and competence (skills, training, knowledge and experience) to perform independent safety assessment civil liability insurance & commercial confidentiality Independent CSM Assessment Body General Legal framework in Regulation 352/ /2009
Slide n° 29 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body Novelty in Regulation 402/ /2013 To establish sufficient trust and enable mutual recognition of independent assessment work of CSM AB, following questions needed an answer: WHAT shall be assessed? HOW assessments are to be performed? WHAT is content of safety assessment report? What is the interaction with other assessments (e.g. Safety certification & authorisation process for placing in service structural sub-systems)? What specific criteria and requirements need to be fulfilled? What area of competence are necessary? WHICH scheme could ensure similar quality of independent assessment? or HOW to become a CSM Assessment Body?
Slide n° 30 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Similarly to ECM Certification Body, based on the existing recognised standard ISO/IEC for inspection bodies, CSM Assessment Body can be either: (a)ACCREDITED by the national accreditation body using the criteria defined in Annex II, or; (b)RECOGNISED by the recognition body using the criteria defined in Annex II, or; (c)the NATIONAL SAFETY AUTHORITY designated by the Member State as able to conduct independent assessment Art. 9(2) - When the Member State recognises the NSA as an assessment body, it is the responsibility of that Member State to ensure that the NSA fulfils the requirements set out in Annex II; In this case, the assessment body functions of the NSA shall be demonstrably independent of the other functions of the NSA. A MS can use accreditation or recognition or any combination of these two options There may be several assessment bodies, variously accredited or recognised, or no assessment bodies at all within a MS 402/2013 How to become an independent CSM Assessment Body?
Slide n° 31 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April /2013 WHY are different options permitted for the independent CSM Assessment Body? CUSTOMER ECM IM RU Track Access Safety Certification Safety Authorisation Transport Contract Maintenance Contract Renting Contract Contract of use - GCU KEEPER ECM CERTIFICATION BODY NSA Surveillance of MSSupervision of SMS ECM CERTIFICATION BODY NSA Certification of MSCertification of SMS REMINDER of the legal obligations for some stakeholders (RUs, IMs & ECMs) From beginning of dev pmt of CSM AB concepts, stakeholders expressed importance of: (a)avoiding duplication of different conformity assessments by different CABs; (b)avoiding duplication of costs inherent to all those conformity assessments; So, although not explicit in Reg. 402/2013 Working Group experts intended: (c)ACCREDITATION to be used for companies not submitted to obligation of having a certified Management System in place [ e.g. Consulting Companies ]; (d)RECOGNITION of in-house CSM AB by relevant CAB through one Conformity Assessment for stakeholders submitted to obligation of having a certified Management System [ in principle only for RUs, IMs and ECMs ] Indeed, it is important not to divert NSA attention from their key roles in SC/SA, APIS of vehicles + Supervision of RU/IM SMS & safety performance
Slide n° 32 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Types of recognition of the CSM Assessment Body [Article 9] (a)recognition by Member State of an ECM, an organisation or a part of it or an individual; (b)recognition by NSA of ability of an organisation or a part of it or an individual to conduct independent assessment through the assessment and supervision of SMS of an RU/IM; (c)when NSA is acting as certification body in conformity with Article 10 of Regulation (EU) No 445/2011, recognition by NSA of the ability of an organisation or a part of it or an individual to conduct independent assessment through assessment and surveillance of System of Maintenance of an ECM; (d)recognition by a recognition body designated by Member State of ability of an ECM, an organisation or a part of it or an individual to conduct independent assessment. 402/2013 How to become an independent CSM Assessment Body?
Slide n° 33 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Compliance with criteria & requirements in Annex II of Reg. 402/2013 for the assessment of competence of the CSM Assessment Body 402/2013 WHAT accreditation/recognition scheme needed to ensure competence of independent CSM Assessment Body? GENERIC criteria & requirements of ISO/IEC 17020:2012 on: 1.Competence; 2.Impartiality; 3.Independence; 4.Administration capabilities; 5.Organisation; 6.Resources; 7.Processes and management system for the operation of various types of bodies performing inspection SPECIFIC criteria & requirements in Annex II of Reg. 402/2013 on competencies in: 1.Risk management; 2.Relevant for assessing change & its impacts on railway system 3.Correct application of Safety & Quality management systems or in auditing them 4.Different technical areas of railway system, including operation & maintenance 5.Overall consistency of risk management and safe integration of change into railway system as a whole
Slide n° 34 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April /2013 GENERIC criteria and requirements of ISO/IEC General requirements 4.1 Impartiality and independence 4.2 Confidentiality 5 Structural requirements 5.1 Administrative requirements 5.2 Organization and management 6 Resource requirements 6.1 Personnel 6.2 Facilities and equipment 6.3 Subcontracting 7 Process requirements 7.1 Inspection methods and procedures 7.2 Handling inspection items and samples 7 Process requirements 7.3 Inspection records 7.4 Inspection reports and inspection certificates 7.5 Complaints and appeals 7.6 Complaints and appeals process 8 Management system requirements 8.1 Options 8.2 Management system documentation (Option A) 8.3 Control of documents (Option A) 8.4 Control of records (Option A) 8.5 Management review (Option A) 8.6 Internal audits (Option A) 8.7 Corrective actions (Option A) 8.8 Preventive actions (Option A)
Slide n° 35 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Option A (fulfilling requirements in §8.)Option B (ISO 9001) management system documentation (e.g. manual, policies, definition of responsibilities, see 8.2) control of documents (see 8.3) control of records (see 8.4) management review (see 8.5) internal audit (see 8.6) corrective actions (see 8.7) preventive actions (see 8.8) complaints and appeals (see 7.5 and 7.6) Management system established and maintained in accordance with ISO 9001 standard Demonstration that requirements of ISO/IEC standard are fulfilled GENERIC criteria and requirements of ISO/IEC §8.Management system requirements – possible Options [§8.1] AB shall establish and maintain a management system that is capable of achieving consistent fulfilment of requirements of ISO/IEC standard in accordance with either:
Slide n° 36 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body WHAT specific criteria and requirements shall CSM Assessment Body fulfill ? Full compliance with ISO/IEC 17020:2012 standard which contains general criteria for "independence, competence, integrity and impartiality“ Following specific competence: (a)competence in risk management, including knowledge and experience of standard safety analysis techniques and of relevant risk assessment and risk management standards; (b)all relevant technical competence for assessing the change under assessment and its safe integration into the railway system; (c)competence in checking the correct application of safety and quality management systems or in auditing management systems. This is crucial since CSM AB not required to check all activities and details of risk assessment and risk management done by proposer 402/2013
Slide n° 37 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body WHAT can be the areas of competence of the CSM Assessment Body ? By analogy to Article 28 of Directive 2008/57/EC concerning NoBo’s, CSM Assessment Body may be competent in different areas of railway system, or parts of it for which an essential safety requirement exists, including competence in operation and maintenance. Possible examples of classifications could be: (a)infrastructure; (b)energy; (c)control command and signalling; (d)rolling stock; (e)braking components; (f)operation, maintenance and traffic management; (g)overall consistency and system approach (system level); (h)specific engineering disciplines such as embedded real-time systems, telecommunications, hardware, software, human factor, … (i)etc. 402/2013
Slide n° 38 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body WHAT can be the areas of competence of the CSM Assessment Body ? A particular competence is needed to assess overall consistency of risk management and safe integration of system under assessment into railway system as a whole. This specific competence includes ability of CSM AB to check: (j)the organisation or arrangements put in place by the proposer to ensure a coordinated approach to achieving system safety through a uniform understanding and application of risk control measures for its composing sub systems; (k)the methodology for the evaluation of the methods and resources deployed by various stakeholders to support safety at both the sub-system and system levels; and (l)the technical aspects necessary for assessing the relevance and completeness of risk assessments and the level of safety for the system as a whole. The CSM assessment body may be accredited or recognised for one, several or all of the areas of competence 402/2013
Slide n° 39 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 One per MS Activity in MS 0, 1 or several per MS Activity in whole EU European co- operation for accreditation (EA) National Accreditation Body Accredited Assessment Body Assessment & Peer Evaluations vs. Art. 10 of Reg. 765/2008 & ISO Check compliance with Annex II of CSM & Surveillance vs. ISO Check suitability with CSM and suitability of results Independent Safety Assessment Report One per significant change – It must be accepted in whole EU Organiser: EA Peer Reviews by other NABs ACCREDITED Independent Safety Assessment Independent CSM Assessment Body WHICH scheme ensures similar quality of independent assessment ? USE OF ACCREDITATION [Art. 7(a)] 402/2013
Slide n° 40 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Equivalence to EA Recognition Body Recognised Assessment Body Assessment & Peer Evaluations vs. Art. 10 of Reg. 765/2008 & ISO Check compliance with Annex II of CSM & Surveillance vs. ISO Check suitability with CSM and suitability of results Independent Safety Assessment Report 0, 1 or several per MS Activity in MS 0, 1 or several per MS Activity in whole EU One per significant change that must be accepted in whole EU Organiser: ERA Peer Reviews by other Recognition Bodies RECOGNISED Independent Safety Assessment Independent CSM Assessment Body WHICH scheme ensures similar quality of independent assessment ? USE OF RECOGNITION [Art. 7(b)] 402/2013
Slide n° 41 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body WHICH scheme ensures similar quality of independent assessment ? 402/2013
Slide n° 42 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 ISA Report of any CSM AB accredited or recognised vs. Reg. 402/2013 or equivalent OTIF UTP GEN G for an area of competence must be mutually recognised in whole EU and in all OTIF Contracting States A CSM AB accredited vs. Reg. 402/2013 or OTIF UTP GEN G can carry out independent safety assessment in whole EU and all OTIF Contracting States An EU NSA or OTIF national authority competent for technical admission recognised by its State as CSM AB vs. CSM RA cannot provide ISA services outside its State unless bilateral agreements concluded (principle of national sovereignty) Although not forbidden by CSM, in-house CSM AB and in particular recognised through SMS not expected to provide ISA services outside their own companies IMPORTANT : as EA is member of IAF [International Accreditation Forum] & ILAC [Int. Laboratory Accredit. Cooperation], EA MLA is recognised at International Level by IAF & ILAC. So ISA Report of a CSM AB accredited by a signatory of MLA is accepted internationally ACCREDITATION is by default a passport to international trade contrary to ISA Report of a recognition CSM AB Independent CSM Assessment Body Acceptance of ISA Report + Geographical area of activity 402/2013
Slide n° 43 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Validity shall not exceed 5 years → new accredit./recognition every 5 years RUs/IMs: validity limited to validity of Safety Certificate or Authorisation ECMs: validity limited to validity of ECM Certificate Surveillance by National Accreditation Body / Recognition Body on a regular basis (usually once a year) to verify that CSM assessment body continues to satisfy criteria set out in Annex II [principles in ISO/IEC 17011] If CSM assessment body no longer satisfies criteria depending on degree of non-compliance, scope shall be limited, suspended or the accredit./recognition withdrawn Independent CSM Assessment Body Validity of Accredit./Recognition - Surveillance of CSM Assessment Body 402/2013
Slide n° 44 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 CSM for risk assessment – Clear separation of Roles & Responsibilities between the Proposer and the CSM Assessment Body Important to distinguish that: Risk Assessment shall be done by the proposer Independent assessment shall be done by CSM Assessment Body to check: correct application of CSM, and; appropriateness of results from risk assessment 402/2013 CSM assessment body: does not carry out risk assessment does not provides advices, recommendations or solutions on how to address detected non-compliances with CSM or any organisational concerns related to company safety and quality assurance processes Otherwise there is a risk to compromise CSM AB independence in assessing appropriateness of corrective measures Proposer suggests to address issues
Slide n° 45 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Proposer is responsible for application of CSM for risk assessment and to document/justify its decisions and results of risk assessment When change is significant, Proposer shall appoint an Assessment Body CSM Assessment Body carries out independent safety assessment and provides proposer with a Safety Assessment Report Proposer is responsible for determining if and how to take into account the conclusions of safety assessment report for safety acceptance of change Proposer shall justify and document part(s) of safety assessment report for which he eventually disagrees with Assessment Body Article 16: Declaration by Proposer Based on results of application of CSM and on safety assessment report provided by assessment body, Proposer shall produce a written declaration that all identified hazards and associated risks are controlled to an acceptable level 402/2013 CSM for risk assessment – Clear separation of Roles & Responsibilities between the Proposer and the CSM Assessment Body
Slide n° 46 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 I ndependent Safety Assessment shall start at the earliest appropriate stage of the risk assessment process [Art. 6(1) of Reg. 402/2013] It is important, especially for complex projects or changes, in order to: detect as early as possible any inappropriate risk control measures or non-compliance with either the risk management process of the CSM or the company organisation, safety and quality processes to enable the Proposer to take timely any necessary remedial actions and be able at the end of the project to accept the significant change In practice this requires sufficient project documentation to be available (e.g. project organisation, project quality and safety plans, definition of the change, risk assessment plans, etc.) to enable the CSM assessment body to plan and target the key areas for further independent safety assessment Independent CSM Assessment Body WHEN shall be independent assessment start and WHY? 402/2013
Slide n° 47 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Correct application of CSM check of compliance with the CSM Regulation, and; the risk assessment process in that CSM Suitability of results of risk assessment check that system under assessment fulfils safely intended objectives of the change Assessment include all steps of CSM process: system definition hazard identification and risk analysis risk evaluation and risk acceptance demonstration of compliance with safety requirements Evaluation of significance of change needs not to be assessed by CSM AB Independent CSM Assessment Body WHAT shall be assessed? 402/2013
Slide n° 48 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body HOW is the independent assessment performed ? Independent assessment in Regulation 402/2013 different from NOBO work: NOBO checks formal conformity of a structural sub-system vs. ALL requirements defined in relevant TSIs whereas CSM assessment body makes JUDGEMENTS To make its judgement, a complete, thorough review and follow up of all activities of “Proposer and its subcontractors” for design and implementation of change not cost effective and also not necessary Rather a 3 steps approach shall be undertaken based on: thorough understanding of the change and of its specification assessment of safety and quality processes put in place for the change assessment of application of these processes for design and implementation of change based on e.g. auditing and SAMPLING techniques [or VERTICAL SLICE assessment of key risks] till delivery of safety assessment report 402/2013
Slide n° 49 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April /2013 WHY has ISO/IEC Standard been selected for accreditation/recognition of CSM Assessment Body? ERA worked with a Group of Experts & in collaboration with EA & NB Rail Important not invent new principles if possible use existing standards Applicability of different CEN/CENELEC, ISO, IEC standards was considered 17021: Conformity assessment – Requirements for bodies providing audit and certification of Management Systems; 17065: Conformity assessment – Requirements for bodies certifying products, processes and services; 17025: General requirements for competence of testing and calibration laboratories; 17020: Conformity assessment – Requirements for the operation of various types of bodies performing inspection
Slide n° 50 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April /2013 WHY has ISO/IEC Standard been selected for accreditation/recognition of CSM Assessment Body? Considering that independent safety assessment is neither certification of Management Systems nor products/services nor testing/calibration of laboratories BUT requires professional judgement to assess: correct application of CSM Regulation and of risk assessment process defined therein suitability of results of risk assessment and thus of ability of system under assessment can deliver required level of safety it is inspection at a point of time without need for regular surveillance It assesses conformity of "risk assessment” [inspected item] done by proposer with "requirements of a process" and the “CSM Regulation” As does not specify technical competence requirements to arrive at professional judgement about conformity, SPECIFIC REQUIREMENTS on risk assessment and railway competence were added in Annex II of Reg. 402/2013
Slide n° 51 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Safety assessment report delivered to Proposer, contains at least: (a)identification of CSM assessment body; (b)independent safety assessment plan; (c)definition of scope and limitations of independent safety assessment; (d)results of independent safety assessment including in particular: (1)detailed information on independent safety assessment activities for checking compliance with provisions of CSM; (2)any identified cases of non-compliances with provisions of CSM and assessment body’s recommendations; (e)conclusions on compliance of risk assessment and risk management with CSM requirements and appropriateness to fulfil safely intended objectives Safety assessment report supports Proposer in decision to accept change It provides evidence to NSA, in particular within APIS structural sub-systems, that Proposer correctly applied CSM process, It is useful for supervision activities of the proposer’s Management System Independent CSM Assessment Body WHAT is the result of the independent assessment ? 402/2013
Slide n° 52 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 European (Railway) Legislation related to Market Opening Assurance of compliance with EU legislation - Mutual trust/recognition To avoid new assessments and new safety demonstrations for a same system, EU legislation introduces concepts of: Certification (Independent) Conformity Assessment Body (CAB) Mutual Recognition or Acceptance (XA) (In line with the "New Approach" for creation of a single European railway market)
Slide n° 53 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 European (Railway) Legislation related to Market Opening Assurance of compliance with EU legislation - Mutual trust/recognition If used under the same functional, operational & environmental conditions System or safety demonstration accepted in one MS or by one CAB must be cross accepted in another MS or by another CAB duplication of conformity assessments by different CABs involved in a project shall be avoided unless the CAB demonstrates the existence of a substantial safety risk Conformity assessment bodies: NSAs NoBos DeBos ECM Certification Bodies CSM Assessment Bodies National Accreditation Bodies & Recognition Bodies
Slide n° 54 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 TSI's (NoBo) National Rules (DeBo) Other measures (CSM AB) All risks identified with CSM for risk assessment Safety demonstration by proposer/applicant + NSA authorisation based on evidences of: Safe integration (AB] Check of technical compatibility Compliance with TSI's [NoBo] & National Rules (law) [DeBo] Independent CSM Assessment Body WHAT is the interaction with other Conformity Assessment Bodies ? Check of correct application of CSM and of suitability of results form risk assessment Check of conformity with national rules applicable to the structural sub-system Check of conformity with TSI requirements applicable to the structural sub-system Duplication of independent assessment work between different Conformity Assessment Bodies involved in a project shall be avoided 402/2013
Slide n° 55 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Roles and responsibilities of different Conformity Assessment Bodies within placing in service Authorisation of Vehicles - Safe Integrations Conformity with TSI Check by NOBO Conformity with NNR Check by DEBO RA according to CSM Check by CSM Assessment Body Technical compatibility and safe integration within the vehicle (Use of CSM for RA) Technical File containing all Operational & Maintenance Requirements linked to the design Responsibilities of Applicant Design, construct, install, test & demonstrate Safe Integration within the vehicle NSA Authorisation for placing in service Responsibilities of Railway Undertaking Check technical compatibility and demonstrate safe integration within the Route Conformity with infrastructure register (RINF) Check by RU Conformity with NNR Check by RU SMS update accor- ding to CSM for RA Check by CSM Assessment Body Technical compatibility and safe integration within the Route (Use of CSM for RA) RU decision of placing in service Operation according to RU SMS Maintenance according to ECM System of Maintenance Responsibilities of RU & ECM Operation & Maintenance according to Technical File Supervision by NSA Surveillance by ECM Cert Body Supervision by NSA [Art 16(2)(f)] Update of SMS Return of experience STEP 1STEP 2 STEP 3
Slide n° 56 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 When the change is significant, in scope of authorisation for placing service of structural sub-systems, NSA shall accept Proposer’s Declaration … NSA may not request additional checks or risk analyses unless it is able to demonstrate the existence of a substantial safety risk When a TSI requires application of CSM for risk assessment, if Proposer has contracted an Assessment Body to check compliance with CSM, NoBo shall accept Proposer’s Declaration … unless it justifies and documents its doubts concerning the assumptions made or the appropriateness of the results CSM for risk assessment Mutual recognition by the NSA/NOBO of the Safety Assessment Report 402/2013
Slide n° 57 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Register – ERADIS Member State decisions on use of Accreditation and Recognition List of acknowledged CSM Assessment Bodies in EU and OTIF
Slide n° 58 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 To enable ERA to keep updated Data Bases Member States (MS) shall inform ERA which is their national accreditation body and/or recognition body or recognition bodies, as well as of assessment bodies they recognised directly in conformity with Article 9(1)(a) National Accreditation Body shall inform ERA of assessment bodies accredited, as well as of area of competence from Annex II for which those assessment bodies are accredited Recognition Body shall inform ERA of the assessment bodies recognised, as well as of the area of competence from Annex II for which those assessment bodies are recognised MS, NAB, Recognition Bodies shall also notify any changes within one month so that ERA can make this information publicly available. Independent CSM Assessment Body Provision of information to ERA – Roles of ERA 402/2013
Slide n° 59 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body ERADIS Database on
Slide n° 60 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body - ERADIS Database on - Member State decision CountryMS decisionsDate of Member State notification AustriaAccreditation15/01/2015 BelgiumAccreditation, Recognition24/12/2014 BulgariaRecognition08/01/2016 CroatiaAccreditation, Recognition18/11/2015 Czech RepublicAccreditation, Recognition14/07/2015 DenmarkAccreditation18/06/2014 FinlandAccreditation10/12/2014 FranceAccreditation24/06/2015 GermanyRecognition30/06/2015 GreeceAccreditation08/05/2015 IrelandRecognition17/11/2015 ItalyRecognition09/06/2015 LatviaRecognition13/07/2015 LithuaniaAccreditation04/12/2014 LuxembourgRecognition25/01/2016 NorwayAccreditation, Recognition18/11/2014 PolandAccreditation04/12/2014 PortugalAccreditation16/12/2014 RomaniaRecognition17/12/2015 Slovak RepublicAccreditation09/07/2015 SloveniaRecognition20/07/2015 SpainAccreditation, Recognition17/02/2015 SwedenAccreditation14/07/2015 SwitzerlandAccreditation05/08/2015 The NetherlandsRecognition09/07/2015 United KingdomAccreditation14/11/2014 Choice of Member States: 5 countries use both Accreditation & Recognition 12 countries (CH included) use only Accreditation Not enough NSA staff to offer also Recognition 9 countries use only Recognition where 3 countries have a small NAB that cannot offer Accreditation 2 countries have not yet choosen 2countries Ministry recognised NSA until other CSM AB accredit/recog
Slide n° 61 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Independent CSM Assessment Body - ERADIS Database on - List of 37 acknowledged CSM Assessment Bodies
Slide n° 62 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016 Many thanks for your attention! Send an to on-the-CSM-Assessment-Body.aspx Additional information on CSM Assessment Body is available in an Explanatory Note on CSM Assessment Body accessible on ERA web page, under the link: You need more information? Visit the Agency webpage:
Slide n° 63 Regulation 402/2013 & Requirements for CSM Assessment Body NAB/RB Training Workshop In Valenciennes, April 2016