Using functional analysis to determine the requirements for changes to critical systems: Railway level crossing case study Joe Silmon, Clive Roberts Centre for Railway Research and Education, Gisbert Kapp Building, University of Birmingham B15 2TT, UK Reliability Engineering and System Safety 95 (2010)
Level crossings -> Components of railway networks with the greatest risk of collusion and possibly derailment. Analysis of functional interactions will inform the choices of asset owners wishing to upgrade their existing systems. OverviewOverview
Level crossing -> a weak point in terms of railway safety The onus has always been on the railway operator to reduce the risk of collusion at level crossings. In this paper: The factors affecting risk at level crossings are reviewed. The case of the automatic half-barrier level crossing (AHB) is examined in detail. A hypothetical obstacle detection system is introduced. How functional analysis can be used to better understand the operation of the AHB and determine the best points to improve the system? A case study -> To provide an example of how functional analysis creates a framework for through examination of a system. The Objective of the Research
Hazards: Something which can cause harm. Risk: The likelihood that a hazard will cause harm, together with a measure of the severity of the harm caused. The hazards presented by a level crossing are: Collision between trains and road vehicles Collision between trains and pedestrians Collision between road vehicles and level crossing equipment Slips, trips, and falls by pedestrians Collision between pedestrians and level crossing equipment. Review of hazards, risk and mitigation at level crossings
According to the British Safety Risk Model, level crossings account for 11.8 “fatalities and weighted injuries (FWI)” per year, comprising 8.4% of the total system risk for the railway network....Review of hazards, risk and mitigation at level crossings
The figure shows the sources of risk for train accidents at level crossings, i.e. collusions between road and rail vehicles....Review of hazards, risk and mitigation at level crossings
AHB was introduced accross Europe in the 1950s and the 1960s. It was designed to improve the flow of road traffic by minimising the time the road is closed, and to be more economical by dispensing with manually operated crossing gates. Description of the system: Operation is triggered by the approach of a train. A warning sequence starts and is soon followed by the lowering of barriers which extend accross half of the carriageway only, allowing vehicles already on the crossing to exit. Case study: The automatic half-barrier level crossing
AHB history: In Great Britain, the AHB crossing was installed from the mid 1960s. Initially, the time between strike-in and the arrival of a train was designed to be 24 s. Case study: The automatic half-barrier level crossing
The recommendations were carried out, and signage has been improved continuously over the past 35 years. Case study: The automatic half-barrier level crossing
Current warning signs: Case study: The automatic half-barrier level crossing
It is desirable to have a means of instructing trains to stop when they are approaching a level crossing which is obstructed. -> The introduction of extra equipment for this function will have a negative impact on the overall reliability of the level crossing system, if the system is configured to depend on the new equipment -> Because no equipment can be 100% reliable. However, the system will also have a positive effect on safety, because it will reduce the chances of a collision occuring when a road vehicle becomes struct on the crossing. -> The system is assumed to be intelligent enough to tell the difference between a car moving slowly and one that is stationary. -> There are no circumstances under which a car should stop on a level crossing, any stationary vehicle on the crossing can be assumed to be in trouble. This system is called the future obstacle detection system (FODS). The future obstacle detection system
AHB level crossing has been modelled in 2 stages: A general model of its operation has been built up by gaining an understanding of how it functions overall Then, decomposing this function into smaller parts which interact with each other. This has been done for each of the following three variants: The original 1960s design The modern-day design The modern-day design with the addition of the future obstacle detection system Modelling the operation of the level crossing
The functional modelling of the level crossing begins by defining its function as a whole. Its function: To manage the road-rail interface in a safe and expedient manner. Then, the functional model is refined by decomposing this function into smaller functions which interact together to give the desired effect. Functional decomposition
The interaction between each function is best shown using an enhanced functional flow block diagram (EFFBD), where the functions are sometimes arranged in a different configuration in the hierarchy, according to the order in which the functions are performed....Functional decomposition
It is desirable to obtain a numeric indicator of how effective the level crossing system is, taking into account several other measures which are key to its performance. For a level crossing, the important factors are safety and availability. MTBF: Mean time between failure MTTR: Mean time to repair failure Availability (A i ) is a function of MTBF and MTTR. 2 factors have been chosen to represent the safety of the system: Percentage of failures of the crossing equipment which are safe. Probability of a collision on the crossing being avoided, given that a vehicle causes an obstruction at a random time. When all 3 are combined, a percentage rating is obtained which indicates how available and safe the system is: System effectiveness
Three AHBs were assessed in this study. Using the statistics gathered, it is possible to determine MTBF and MTTR, and therefore determine A i using: AvailabilityAvailability
Failures can either be right-side or wrong-side. Right-side failures result in degraded performance of the system, with disruption to services, but no increase in risk. Ex: Crossing closes the road when no train is approaching. Wrong-side failures increase the risk of accidents. Ex: Crossing fails to close when a train is approaching. Safe failures
A test scenario has been created in order to simulate the functional model of the crossing in a realistic environment. Collision probabilities
Calculation of system effectiveness
...Calculation of system effectiveness
An improvement in safety performance may not justify the expense and disruption of installing new technology for the detection of obstructions on level crossings. Consideration must be given to all types of performance requirements when evaluating the use of extra components. Using functional modelling and reliability analysis, a fuller picture can be gained of the benefits and disadvantages of introducing new technology. ConclusionsConclusions