Workshop on CSM-DT, November 2016

Slides:

Advertisements

Similar presentations

Armand Racine Consultant Chemicals Branch

Advertisements

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

Module N° 3 – ICAO SARPs related to safety management

Ex-ante conditionality – General guidance Workshop on strategic programming, monitoring and evaluation Ilse De Mecheleer, DG EMPL Madrid, 22 February 2013.

The Relationship between Nuclear Safety, Security and Safeguards

IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.

ISO General Awareness Training

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.

Focus on Incident reporting

DENNIS CRYER Veterinary Meat Hygiene Adviser Food Standards Agency

Ship Recycling Facility Management System IMO Guideline A.962

ISO 14001:2004, Environmental Management System

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

Essentials of Machine Safety Standards in Perspective.

Recommendation 2001/331/EC: Review and relation to sectoral inspection requirements Miroslav Angelov European Commission DG Environment, Unit A 1 Enforcement,

1 ICAO Developments in Safety Management Captain Len Cormier CTA COSCAP-NA.

Recommendation 2014/897/EC (DV29bis) Key Principles.

RE-E / IRSC / 27/09/ /10/09 1 The necessary evolution of railway safety regulations in Europe A challenge – Risks to be controlled.

SEA in the Czech Republic Prague, 24 September 2008.

Module N° 6 – SMS regulation

Safety Objectives of European Railway Agency Raigo Uukkivi Estonian Railway Inspectorate DAGOB Final Conference , Tallinn.

Slide n° 1 EU railway legislation - Safety regulatory framework NAB/RB training workshop in Valenciennes, April 2016 NAB/RB Training Workshop In Valenciennes,

Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

By Annick Carnino (former Director of IAEA Division of Nuclear Installations Safety) PIME, February , 2012.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

The optimisation of rosters to meet public demand

Guide for the application of the CSM design targets (CSM-DT) Annex 3 – Fitting existing passenger trains with an onboard Hot Box Detection system.

Guide for the application of the CSM design targets (CSM-DT)

Making the Connection ISO Master Class An Overview.

Congestion Management

TRANSPORT SCIENCE: INNOVATIVE BUSINESS SOLUTIONS

Guide for the application of CSM design targets (CSM DT)

REMOVING BURDENS – a European rail system fit for the future

ECM revision working party Safety critical components Introduction

Results from Formal Review Process of the Guide on CSM-DT

EU draft Community Guide to Good Hygiene Practice for the use of animal feed in primary production « Workshop on feed safety, marketing and use of feed.

UK implementation of the BSS Directive

European Rail Infrastructure Managers

NAB/RB Training Workshop In Valenciennes, April 2016

Developing the Overall Audit Plan and Audit Program

Guide for the application of the CSM design targets (CSM-DT)

NON-CONFORMITIES AND EXEMPTIONS AERONAUTICAL STUDIES

Regulation (EU) No 2015/1136 on CSM Design Targets (CSM-DT)

Workshop on freight train derailments - Introduction -

Vesa Tanner European Commission Directorate-General Energy

Session II: System authority for ERTMS 4RP Trackside approval

Ex-ante conditionality – General guidance

Regulatory strategy when voluntary systems become mandated

Communication and Consultation with Interested Parties by the RB

Joint WG on Guidance for an Integrated Transport and Storage Safety Case for Dual Purpose Casks TM TM to Produce Consolidated Drafts of the IAEA’s.

Directive 2006/118/EC Short overview

Institutional changes The role of Bilateral Oversight Boards

Directive 2006/118/EC Short overview

European Railway Agency

Strategic Environmental Assessment (SEA)

TRTR Briefing September 2013

Portfolio, Programme and Project

References to Economic Instruments in Selected MEAs

Updating the Article 6 guide Outline of envisaged changes

Activity on WFD and agriculture

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Overview of Article 6 procedures under the Habitats Directive

EU Food Safety Requirements: - Hygiene of Foodstuffs -

Revision of Decision 2010/477/EU

SAFETY PERFORMANCE TARGETS

State University of Telecommunications

Presentation transcript:

Overall presentation of the application guide on CSM Design Targets (CSM-DT) Workshop on CSM-DT, 29-30 November 2016 Dragan JOVICIC, EU Agency for Railways

Application Guide on Regulation 2015/1136 – 6 parts PART I - Explanations of the Legal Text 1.1. What are the CSM-DT? 1.2. Is use of CSM-DT mandatory? (¨Proposer’s responsibility) 1.3. When to use the CSM-DT? 1.4. What technical systems do CSM-DT apply to? 1 Scope of use of CSM-DT How do CSM-DT fit within overall CSM RA process? 2 Systematic failures and safe integration into the railway system 3.1. Overall requirements in §2.5.7. of Reg. 2015/1136 3.2. Additional guidance retrieved from CENELEC 3 4.1. Introduction (link to chapter 1) 4.2. Explanation of terminology in §2.5.5 4.3. Explanation of the definition of a “technical system” 4.4. Process proposed for selecting appropriate CSM-DT class 4.5. Precautions for the selecting appropriate CSM-DT class 4 Choice of appropriate severity class/category 5.1. Level of function to which the CSM-DT is applied 5.2. Use of barriers 5.3. Conditions for the use of barriers (intentional safety measures) 5.4. Barriers not permanently present 5.5. Level of application of CSM-DT Application of CSM-DT and use of external barriers 5

Application Guide on Regulation 2015/1136 – 6 parts PARTS II to VI – Informative Annexes Informative only and cannot be applied without analysis specific circumstances and needs of TS under assessment  Does TS have similar use and application conditions to those stated in Annex 1? ANNEX 1 List of informative examples of technical functions and applicable CSM-DT class II ANNEX 2 Cannot be applied as such Short examples of the functional level at which CSM DT can be applied and use of external barriers III ANNEX 3 Agency example on use of CSM-DT (hot box detector) Overall example illustrating how CSM-DT fit within the overall risk assessment process of the CSM and how to carry out a quantitative risk with the use of external barriers IV Overall example illustrating how CSM-DT fit within the overall risk assessment process of the CSM for the standardised protection of level crossings on secondary lines with low or medium traffic conditions (Infrastructure) V ANNEX 4 Swiss NSA example A5.1 Example 1 : Emergency brake control of a locomotive A5.2 Example 2 : Train door opening authorisation A5.3 Example 3 : Control of the traction cut-off A5.4 Example 4 : Transmit traction and brake command A5.5 Example 5 : Level crossing case study ANNEX 5 Examples from the sector VI

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT What are CSM-DT? harmonised quantitative safety requirement “can be used” for random hardware failures of E/E/PE technical systems when used risks arising from failures of functions of TS is acceptable under conditions of point 2.5.7 of Reg. 2015/1136 do not represent a national safety level such as CSTs nor NRVs is not general risk acceptance criterion for whole railway system of a MS (such as GAME or ALARP) established mainly to support mutual recognition of technical systems

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT Is use of CSM-DT mandatory? not mandatory as Reg. 402/2013 does not impose any order of priority proposer free and responsible for choice among CoP, comparison to similar Ref. Syst. or explicit risk estimation, or a combination, which makes risk acceptable Reg. 2015/1136 stresses that CSM-DT “… shall …” neither be used “… for the design of purely mechanical technical systems” nor for controlling “the hazards arising from the purely mechanical part …” of a mixed TS  CSM-DT cannot be used for mechanical systems but although application of (qualitative, quantitative or both) explicit risk estimation remains an option for the associated risk control, it is preferable to use either CoP or Ref. Syst. pneumatic TS are not mentioned  use of CSM-DT not forbidden provided proposer demonstrates the risk acceptability and the CSM assessment body accepts the demonstration

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT When to use the CSM-DT? when carrying out a significant change for technical systems [not to operational and organisational changes] when proposer performs quantitative risk assessment in explicit risk estimation Conversely, when proposer demonstrates that risk is acceptable with the use of qualitative risk control measures, proposer cannot be obliged to perform additional quantitative risk assessments to set up quantitative safety requirements for the design of a technical system to support mutual recognition of results of risk assessments of TS, or for other purposes at the discretion of proposer, if he can demonstrate risk acceptability represent “ the most demanding design targets that can be required for mutual recognition ”. When used, mutual recognition is automatically ensured. more demanding design targets may be requested, through a notified national rule, only if it is necessary to maintain existing level of safety in the MS

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT Flowchart for the applicability test

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT - Flowchart for the applicability test

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT - Flowchart for the applicability test

Application Guide on Regulation 2015/1136 Scope of use of CSM-DT What technical systems do CSM-DT apply to? for Electrical, Electronic and Programmable Electronic (E/E/PE)( ) technical systems, without prejudice to proposer’s responsibility to choose RAP shall not be used for design of purely mechanical technical systems (e.g. wheel axles) or for the design of the mechanical part of a mixed technical system Reg. 2015/1136 does not recommend any specific approach for that HOWEVER although (qualitative, quantitative or both) explicit risk estimation remains an option, it is preferable to use either CoP or Ref. Syst. for the control of hazards arising from a purely mechanical TS for E/E/PE technical systems approved methods exist in recognised standards (e.g. CENELEC 5012x series of standards or EN 61508) to demonstrate the achievement of quantified design targets and to cope with systematic failures which cannot be quantified

Application Guide on Regulation 2015/1136 How do te CSM-DT fit within the overall risk assessment process of CSM?

Application Guide on Regulation 2015/1136 How do te CSM-DT fit within overall risk assessment process of CSM?

Application Guide on Regulation 2015/1136 How do te CSM-DT fit within overall risk assessment process of CSM?

Application Guide on Regulation 2015/1136 How do te CSM-DT fit within overall risk assessment process of CSM?

Application Guide on Regulation 2015/1136 Systematic failures and Safe Integration within the railway system

Application Guide on Regulation 2015/1136 Random hardware failures and Systematic failures

Application Guide on Regulation 2015/1136 Choice of the appropriate severity class of CSM-DT

Application Guide on Regulation 2015/1136 Choice of the appropriate severity class of CSM-DT

Application Guide on Regulation 2015/1136 Choice of the appropriate severity class of CSM-DT

Application Guide on Regulation 2015/1136 Only possible cases of CSM-DT vs. number of (affected persons; victims).

Application Guide on Regulation 2015/1136 Application of CSM-DT in presence of intentional external barriers CSM-DT apply to failures of fcts of TS only if can lead directly to accident  CSM-DT limited to a few rather high level functions of railway system In practice, a technical function can be delivered by a combination of TS  to avoid misapplication of CSM and CSM-DT for risk assessment, the way the technical function is actually delivered needs to be considered Usually, additional safety measures outside the TS are also put in place  consequence is not direct and CSM-DT do not apply straight forward to TS Then CSM-DT is to be applied at the level of the overall architecture of the considered function taking into account the way the function is achieved by the TS and the efficiency of the external safety measures/barriers If an external barrier is implemented, less demanding design targets may be used for TS if those external barriers does not reduce the overall safety level Such cases are illustrated in chapter 5 of the application guide on CSM-DT

Application Guide on Regulation 2015/1136 Application of CSM-DT in presence of intentional external barriers Use of barriers may impact mutual recognition, as Article 15(5) of CSM requires a demonstration that system is "used under the same functional, operational and environmental conditions as the already accepted system and that equivalent risk acceptance criteria have been applied“  equivalence of safety barriers used in one Member State needs to be demonstrated with those used in another Member State. External barriers need to be identified as an "application condition" for the technical system and included in the Hazard Record, including the actor responsible for controlling the external barriers Barriers should be intentionally implemented either to reduce the frequency of occurrence of a hazard or to mitigate the severity of the potential consequence of the hazard. This does not mean that the barrier is only implemented for this purpose; the barrier(s) may also serve other functional purposes of the railway system as well.

Application Guide on Regulation 2015/1136 Application of CSM-DT in presence of intentional external barriers The barrier needs also to be monitored by the organisation responsible for the operation of the TS Consideration of barriers is allowed even though the barrier may be used outside its originally intended purpose. However, demonstration of the barrier effectiveness is necessary Generally external barriers should only be considered if they are permanently present If barriers are only present under certain constraints (e.g. operating conditions or specific circumstances that cannot be controlled) then their use needs to be considered with precautions The risk assessment should take into consideration both the effect of the presence and of the absence of the barriers in the railway system. The railway system needs to be able to achieve the required safety level also when the barrier is not present in the system

Application Guide on Regulation 2015/1136 Informative examples contained in the Annexes The examples contained in the Annexes of the application guide on CSM-DT are illustrated in separate presentations