Guide for the application of the CSM design targets (CSM-DT)

Slides:

Advertisements

Similar presentations

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Advertisements

Experience of a GIG - 17/11/2010 Experience of a GIG: Mutual recognition in practice.

General Presentation of the Project

OTM TASK FORCE EFRTC General Meeting Sofia, Markus Hofmann, EFRTC OTM Task Force Chairman Franz Messerli, UNIFE OTM Task Force Vice-Chairman.

International Energy Agency Hydrogen Implementing Agreement Proposed Task on Hydrogen Safety.

Risk Management Chapter 7.

Project Risk Management

Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.

Hazards Analysis & Risks Assessment By Sebastien A. Daleyden Vincent M. Goussen.

Railtrack PLC Safety & Standards Directorate Railway Safety: Analysing Risks and Causes Sally Brearley Railtrack Safety and Standards Directorate 8 December.

SISTEMA Example Two. Schneider Electric – Areva D Acquisition – June Example 2: Safe stopping of a PLC-driven drive with emergency stop – Category.

Frequency analysis and scenario development

Hans-Martin Gerhard28. April 2010 Seite 1Dr. Ing. h. c. F. Porsche AG Pedestrian Safety - Quiet Cars Hans-Martin Gerhard Dr. Ing. h.c. F. Porsche AG Quiet.

IRSN STRATEGY TO ASSESS A NEW MAINTENANCE POLICY / Nesebar, Bulgaria Presented by Naoëlle MATAHRI, IRSN.

Managing Risks in Projects. Risk Concepts The Likelihood that some Problematical Event will Occur The Likelihood that some Problematical Event will Occur.

Quick Recap Monitoring and Controlling. Phases of Quality Assurance Acceptance sampling Process control Continuous improvement Inspection before/after.

11/04/15Asansor Istanbul April Protection against unintended car movement EN 81-1/2 A3 EN 81-1/2 A3 Wolfgang ADLDINGER Chairman – Components.

SAFETY OF TRAFFIC COMPARED TO OTHER HUMAN ACTIVITIES IN FINLAND Otto Kärki and Kirsi Pajunen Technical Research Centre of Finland (VTT)

Damage Mitigation Braking System

Designing tools for enhanced monitoring of railway safety performance of the European Union and its Member States Vojtech EKSLER & Cecilia LIND Safety.

1 Safety - definitions Accident - an unanticipated loss of life, injury, or other cost beyond a pre-determined threshhold.  If you expect it, it’s not.

20/06/051 Technology Challenges for 350 km/h EurailSpeed 7-9 November 2005 Session E1 Louis-Marie CLEON I&R Technical Director.

October 2007 IRSC, Goa (India) 1 Lessons from an accident Marion Segretain, French National Safety Authority (EPSF)

Project Risk Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 3 rd Edition, Project Management.

Low Power and Shutdown PSA IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Workshop Information IAEA Workshop City, Country.

6/11/04Part 11 Public Meeting1 Risk-Based Approach Scott M Revolinski Washington Safety Management Solutions Carolyn Apperson-Hansen Cleveland Clinic Foundation.

DB AG, , Dr. Schulte-Werning ROSA Rail Optimisation Safety Analysis.

Slide n° 1 EU railway legislation - Safety regulatory framework NAB/RB training workshop in Valenciennes, April 2016 NAB/RB Training Workshop In Valenciennes,

HIGH SPEED RAIL ASSESSMENT NORGE

Capacity-building from the perspective of the ECE Industrial Accidents Convention Virginia Fusé, UNECE secretariatIspra26/03/2015.

OICA IWG AECSAPRIL 2016 AECS REGULATION POST-CRASH CHECK WITH HMI TEST METHOD SUMMARY -ASIL determination – ISO Pre-requirements for HMI test method.

FAILURE MODE EFFECTIVE ANALYSIS. Introduction Failure Mode Effect Analysis is an analytical technique that goes in for combining Technology and Experience.

1 Address: UIC Safety Database (SDB) System and Results.

Transmitted by the Experts of TRL (EC)

RISK MANAGEMENT PROCESS PREPARED BY: MUHAMMAD SULAIMAN

Guide for the application of the CSM design targets (CSM-DT) Annex 3 – Fitting existing passenger trains with an onboard Hot Box Detection system.

Guide for the application of the CSM design targets (CSM-DT)

Workshop on CSM-DT, November 2016

Guide for the application of CSM design targets (CSM DT)

Results from Formal Review Process of the Guide on CSM-DT

IRSC 2005 Cape Town - South Africa 9 – 14 october 2005

ANNEX 4 : EXAMPLE STANDARDISED LEVEL CROSSING SYSTEM

ANTI COLLISION SYSTEM FOR TRAINS.

NAB/RB Training Workshop In Valenciennes, April 2016

Accident investigations: developments and roles

Guide for the application of the CSM design targets (CSM-DT)

Common Understanding on Major Horizontal Issues and Legal Obstacles

Submitted by the expert form Japan Document No. ITS/AD-09-12

Regulation (EU) No 2015/1136 on CSM Design Targets (CSM-DT)

Track circuit reliability assessment for preventing railway accidents

Workshop on freight train derailments - Introduction -

Data Driven Risk Modelling A Pragmatic Approach

IRSC 2017 Hong-Kong.

HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

Quality Risk Management

Timing to be activated the hazard lights

Project Risk Management

Air Carrier Continuing Analysis and Surveillance System (CASS)

Regulatory strategy when voluntary systems become mandated

Sandia National Laboratories

Designed-in Logic to Ensure Safety of Integration and Field Engineering of Large Scale CBTC Systems Author: Fenggang Shi.

Mumtaz Ali Rajput +92 – SOFTWARE PROJECTMANAGMENT Mumtaz Ali Rajput +92 –

Proposals from the Informal Working Group on AEBS

Runway Incursion Severity Categorization (RISC) Model

Project Risk Management

Progress report of GRSG informal group

Hazards Analysis & Risks Assessment

Review and comparison of the modeling approaches and risk analysis methods for complex ship system. Author: Sunil Basnet.

ACSF B2 SAE Level 2 and/or Level 3

Multi-modal transport workshop session

Presentation transcript:

Guide for the application of the CSM design targets (CSM-DT) Annex 5 Example 1: Emergency brake control 29-30/11/2016, ERA workshop, Valenciennes Olivier CASTELLANI SNCF – Rolling Stock – Project Manager for High Speed Train international homologation

Summary System Definition of the technical system under assessment List of functions of the technical system under assessment Scope, assumptions and limits of the risk assessment Hazard Identification and classification Applicability of CSM DT Setting up of applicable category of CSM DT Allocated quantitative requirements, and alternative solutions or cases Conclusions from the risk assessment and allocation of CSM DT category

System Definition of the technical system under assessment Emergency brake triggered: In case of driver’s command In case of safety equipment command (e.g. ERTMS) The safety equipment monitor: Speed limitations Lineside signals Driver’s activity … The emergency brake command is sent to all actuators, which brake for each bogey/axle/wheel (e.g. through brake pads)

List of functions of the technical system under assessment The technical system under assessment is composed of 3 sub-functions: Issue the command (safety equipment, e.g. speed control, signal acknowledgment and obedience, …) Transmit the command to actuators Actuate the braking devices (braking blocks, magnetic braking devices, …)

Scope, assumptions and limits of the risk assessment Only safety equipment will be considered. It is considered that only one single type of safety equipment is active (e.g. either you are in ERTMS driving mode, or in KVB driving mode, both cannot be active at the same time). None of the “safety equipment” stated above are studied as individual safety equipment in this example. Only the technical components installed inside the rolling stock are considered in this function.

Hazard Identification and classification Functional FMEA Function Functional Failure modes Technical local consequence (Hazard) Consequences for train Emergency brake Does not start Emergency brake not issued No braking Starts when not asked to Inopportune emergency brake Train is stopped, operation is hindered Does not stop when asked to Emergency brake stays active Stops when not asked to Incomplete emergency brake Incomplete braking (braking distance not respected) Delay in response Delay in emergency braking Braking distance not respected Degraded output (e.g. wrong output value) Partial braking command

Hazard Identification and classification Extract of Functional FMEA (merge of identical Technical local consequence) Technical local consequence (Hazard) Consequences for train Potential accident Potential for at least 1 fatality? Accident limited to a specific area of the train Associated CSM-DT Emergency brake not issued No braking Collision, derailment Yes No 1,00E-09 Inopportune emergency brake Train is stopped, operation is hindered None (no safety impact, as long as no train is accepted to circulate on the line where this train is stopped) NA Emergency brake stays active Incomplete emergency brake Braking distance not respected Delay in emergency braking Partial braking command

Applicability of CSM DT Extract of Functional FMEA (merge of identical Technical local consequence) Technical local consequence (Hazard) Consequences for train Potential accident Potential for at least 1 fatality? Direct consequence? Emergency brake not issued No braking Collision, derailment Yes Inopportune emergency brake Train is stopped, operation is hindered None (no safety impact, as long as no train is accepted to circulate on the line where this train is stopped) NA Emergency brake stays active Incomplete emergency brake Braking distance not respected Delay in emergency braking Partial braking command CSM-DT not applicable

Setting up of applicable category of CSM DT Extract of Functional FMEA (merge of identical Technical local consequence) Technical local consequence (Hazard) Consequences for train Potential accident Potential for at least 1 fatality? Accident limited to a specific area of the train Associated CSM-DT Emergency brake not issued No braking Collision, derailment Yes No 1,00E-09 Incomplete emergency brake Braking distance not respected Delay in emergency braking Partial braking command As “Braking distance not respected” is largely dependent on the train (e.g. number of bogeys), this example will focus on “No braking”

Allocated quantitative requirements, and alternative solutions or cases Solution 1 : “simple” design based on the use of one technical system The components Q(ECH)URG, RB(IS)Q(ECH)URG and VE-URG are components already used in other trains, and thus whose failure rate is known The CSM-DT cannot be reached with this solution 1 => solution rejected ≈10-7 / h >> 10-9 / h

Allocated quantitative requirements, and alternative solutions or cases Solution 2 : duplication of solution 1 (redundancy) The CSM-DT can be reached with this solution 2 => solution acceptable Is it necessary to duplicate all components? (e.g. safety equipment which are already at 10-9 / h) λ ≤ 10-9 / h & λ ≈ 10-7 / h

Allocated quantitative requirements, and alternative solutions or cases Solution 3 : solution 1 taking into account lineside signalling The CSM-DT can be reached with this solution 3 => solution acceptable However, mutual recognition not assured, and only applicable in presence of lineside signaling λ ≈ 10-9 / h & λ ≈ 10-7 / h

Conclusions from the risk assessment and allocation of CSM DT category Allocation of CSM-DT has allowed to cancel one of the possible designs 2 other designs are possible: Train which may operate in several countries => use solution 2 Train which will use lineside signaling, and only operate in a single country (or mutual recognition of the driver’s “efficiency” between the countries where the train will operate) => use solution 1, which is less expensive However, if later operation in another country is studied, cross acceptance is not assured CSM-DT, if used in early design, will impact the design choices, including depending on the project’s strategy (multiple countries? Lineside signaling? Type of safety equipment? …)

Thank you for your attention! Questions? For further information, visit our website: www.cer.be 