Presentation is loading. Please wait.

Presentation is loading. Please wait.

Workshop on CSM-DT, November 2016

Published byHilary Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "Workshop on CSM-DT, November 2016"— Presentation transcript:

1 Overall presentation of the application guide on CSM Design Targets (CSM-DT)
Workshop on CSM-DT, November 2016 Dragan JOVICIC, EU Agency for Railways

2 Application Guide on Regulation 2015/1136 – 6 parts PART I - Explanations of the Legal Text
1.1. What are the CSM-DT? 1.2. Is use of CSM-DT mandatory? (¨Proposer’s responsibility) 1.3. When to use the CSM-DT? 1.4. What technical systems do CSM-DT apply to? 1 Scope of use of CSM-DT How do CSM-DT fit within overall CSM RA process? 2 Systematic failures and safe integration into the railway system 3.1. Overall requirements in § of Reg. 2015/1136 3.2. Additional guidance retrieved from CENELEC 3 4.1. Introduction (link to chapter 1) 4.2. Explanation of terminology in §2.5.5 4.3. Explanation of the definition of a “technical system” 4.4. Process proposed for selecting appropriate CSM-DT class 4.5. Precautions for the selecting appropriate CSM-DT class 4 Choice of appropriate severity class/category 5.1. Level of function to which the CSM-DT is applied 5.2. Use of barriers 5.3. Conditions for the use of barriers (intentional safety measures) 5.4. Barriers not permanently present 5.5. Level of application of CSM-DT Application of CSM-DT and use of external barriers 5

3 Application Guide on Regulation 2015/1136 – 6 parts PARTS II to VI – Informative Annexes
Informative only and cannot be applied without analysis specific circumstances and needs of TS under assessment  Does TS have similar use and application conditions to those stated in Annex 1? ANNEX 1 List of informative examples of technical functions and applicable CSM-DT class II ANNEX 2 Cannot be applied as such Short examples of the functional level at which CSM DT can be applied and use of external barriers III ANNEX 3 Agency example on use of CSM-DT (hot box detector) Overall example illustrating how CSM-DT fit within the overall risk assessment process of the CSM and how to carry out a quantitative risk with the use of external barriers IV Overall example illustrating how CSM-DT fit within the overall risk assessment process of the CSM for the standardised protection of level crossings on secondary lines with low or medium traffic conditions (Infrastructure) V ANNEX 4 Swiss NSA example A5.1 Example 1 : Emergency brake control of a locomotive A5.2 Example 2 : Train door opening authorisation A5.3 Example 3 : Control of the traction cut-off A5.4 Example 4 : Transmit traction and brake command A5.5 Example 5 : Level crossing case study ANNEX 5 Examples from the sector VI

4 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT
What are CSM-DT? harmonised quantitative safety requirement “can be used” for random hardware failures of E/E/PE technical systems when used risks arising from failures of functions of TS is acceptable under conditions of point of Reg. 2015/1136 do not represent a national safety level such as CSTs nor NRVs is not general risk acceptance criterion for whole railway system of a MS (such as GAME or ALARP) established mainly to support mutual recognition of technical systems

5 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT
Is use of CSM-DT mandatory? not mandatory as Reg. 402/2013 does not impose any order of priority proposer free and responsible for choice among CoP, comparison to similar Ref. Syst. or explicit risk estimation, or a combination, which makes risk acceptable Reg. 2015/1136 stresses that CSM-DT “… shall …” neither be used “… for the design of purely mechanical technical systems” nor for controlling “the hazards arising from the purely mechanical part …” of a mixed TS  CSM-DT cannot be used for mechanical systems but although application of (qualitative, quantitative or both) explicit risk estimation remains an option for the associated risk control, it is preferable to use either CoP or Ref. Syst. pneumatic TS are not mentioned  use of CSM-DT not forbidden provided proposer demonstrates the risk acceptability and the CSM assessment body accepts the demonstration

6 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT
When to use the CSM-DT? when carrying out a significant change for technical systems [not to operational and organisational changes] when proposer performs quantitative risk assessment in explicit risk estimation Conversely, when proposer demonstrates that risk is acceptable with the use of qualitative risk control measures, proposer cannot be obliged to perform additional quantitative risk assessments to set up quantitative safety requirements for the design of a technical system to support mutual recognition of results of risk assessments of TS, or for other purposes at the discretion of proposer, if he can demonstrate risk acceptability represent “ the most demanding design targets that can be required for mutual recognition ”. When used, mutual recognition is automatically ensured. more demanding design targets may be requested, through a notified national rule, only if it is necessary to maintain existing level of safety in the MS

7 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT
Flowchart for the applicability test

8 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT - Flowchart for the applicability test

9 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT - Flowchart for the applicability test

10 Application Guide on Regulation 2015/1136 Scope of use of CSM-DT
What technical systems do CSM-DT apply to? for Electrical, Electronic and Programmable Electronic (E/E/PE)( ) technical systems, without prejudice to proposer’s responsibility to choose RAP shall not be used for design of purely mechanical technical systems (e.g. wheel axles) or for the design of the mechanical part of a mixed technical system Reg. 2015/1136 does not recommend any specific approach for that HOWEVER although (qualitative, quantitative or both) explicit risk estimation remains an option, it is preferable to use either CoP or Ref. Syst. for the control of hazards arising from a purely mechanical TS for E/E/PE technical systems approved methods exist in recognised standards (e.g. CENELEC 5012x series of standards or EN 61508) to demonstrate the achievement of quantified design targets and to cope with systematic failures which cannot be quantified

11 Application Guide on Regulation 2015/1136 How do te CSM-DT fit within the overall risk assessment process of CSM?

12 Application Guide on Regulation 2015/1136 How do te CSM-DT fit within overall risk assessment process of CSM?

13 Application Guide on Regulation 2015/1136 How do te CSM-DT fit within overall risk assessment process of CSM?

14 Application Guide on Regulation 2015/1136 How do te CSM-DT fit within overall risk assessment process of CSM?

15 Application Guide on Regulation 2015/1136 Systematic failures and Safe Integration within the railway system

16 Application Guide on Regulation 2015/1136 Random hardware failures and Systematic failures

17 Application Guide on Regulation 2015/1136 Choice of the appropriate severity class of CSM-DT

18 Application Guide on Regulation 2015/1136 Choice of the appropriate severity class of CSM-DT

19 Application Guide on Regulation 2015/1136 Choice of the appropriate severity class of CSM-DT

20 Application Guide on Regulation 2015/1136 Only possible cases of CSM-DT vs. number of (affected persons; victims).

21 Application Guide on Regulation 2015/1136 Application of CSM-DT in presence of intentional external barriers CSM-DT apply to failures of fcts of TS only if can lead directly to accident  CSM-DT limited to a few rather high level functions of railway system In practice, a technical function can be delivered by a combination of TS  to avoid misapplication of CSM and CSM-DT for risk assessment, the way the technical function is actually delivered needs to be considered Usually, additional safety measures outside the TS are also put in place  consequence is not direct and CSM-DT do not apply straight forward to TS Then CSM-DT is to be applied at the level of the overall architecture of the considered function taking into account the way the function is achieved by the TS and the efficiency of the external safety measures/barriers If an external barrier is implemented, less demanding design targets may be used for TS if those external barriers does not reduce the overall safety level Such cases are illustrated in chapter 5 of the application guide on CSM-DT

22 Application Guide on Regulation 2015/1136 Application of CSM-DT in presence of intentional external barriers Use of barriers may impact mutual recognition, as Article 15(5) of CSM requires a demonstration that system is "used under the same functional, operational and environmental conditions as the already accepted system and that equivalent risk acceptance criteria have been applied“  equivalence of safety barriers used in one Member State needs to be demonstrated with those used in another Member State. External barriers need to be identified as an "application condition" for the technical system and included in the Hazard Record, including the actor responsible for controlling the external barriers Barriers should be intentionally implemented either to reduce the frequency of occurrence of a hazard or to mitigate the severity of the potential consequence of the hazard. This does not mean that the barrier is only implemented for this purpose; the barrier(s) may also serve other functional purposes of the railway system as well.

23 Application Guide on Regulation 2015/1136 Application of CSM-DT in presence of intentional external barriers The barrier needs also to be monitored by the organisation responsible for the operation of the TS Consideration of barriers is allowed even though the barrier may be used outside its originally intended purpose. However, demonstration of the barrier effectiveness is necessary Generally external barriers should only be considered if they are permanently present If barriers are only present under certain constraints (e.g. operating conditions or specific circumstances that cannot be controlled) then their use needs to be considered with precautions The risk assessment should take into consideration both the effect of the presence and of the absence of the barriers in the railway system. The railway system needs to be able to achieve the required safety level also when the barrier is not present in the system

24 Application Guide on Regulation 2015/1136 Informative examples contained in the Annexes
The examples contained in the Annexes of the application guide on CSM-DT are illustrated in separate presentations

25

Download ppt "Workshop on CSM-DT, November 2016"

Similar presentations

Armand Racine Consultant Chemicals Branch

Armand Racine Consultant Chemicals Branch
1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
Module N° 3 – ICAO SARPs related to safety management

Module N° 3 – ICAO SARPs related to safety management
Ex-ante conditionality – General guidance Workshop on strategic programming, monitoring and evaluation Ilse De Mecheleer, DG EMPL Madrid, 22 February 2013.

Ex-ante conditionality – General guidance Workshop on strategic programming, monitoring and evaluation Ilse De Mecheleer, DG EMPL Madrid, 22 February 2013.
The Relationship between Nuclear Safety, Security and Safeguards

The Relationship between Nuclear Safety, Security and Safeguards
IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.

IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.
ISO General Awareness Training

ISO General Awareness Training
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
Www.lrqa.co.uk BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.

BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.
Focus on Incident reporting

Focus on Incident reporting
DENNIS CRYER Veterinary Meat Hygiene Adviser Food Standards Agency

DENNIS CRYER Veterinary Meat Hygiene Adviser Food Standards Agency
Ship Recycling Facility Management System IMO Guideline A.962

Ship Recycling Facility Management System IMO Guideline A.962
ISO 14001:2004, Environmental Management System

ISO 14001:2004, Environmental Management System
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
Essentials of Machine Safety Standards in Perspective.

Essentials of Machine Safety Standards in Perspective.
Recommendation 2001/331/EC: Review and relation to sectoral inspection requirements Miroslav Angelov European Commission DG Environment, Unit A 1 Enforcement,

Recommendation 2001/331/EC: Review and relation to sectoral inspection requirements Miroslav Angelov European Commission DG Environment, Unit A 1 Enforcement,
1 ICAO Developments in Safety Management Captain Len Cormier CTA COSCAP-NA.

1 ICAO Developments in Safety Management Captain Len Cormier CTA COSCAP-NA.
Recommendation 2014/897/EC (DV29bis) Key Principles.

Recommendation 2014/897/EC (DV29bis) Key Principles.

Similar presentations

Ads by Google