Upload
truongnhu
View
216
Download
1
Embed Size (px)
Citation preview
MAY 17TH 2016
CSM-RA - ASSESSMENT AS A PART OF THE SUPPLIERS SCOPE
CSM-RAASSESSMENT AS A PART OF THE SUPPLIERS SCOPE
MAY 17TH 2016
CSM-RA - ASSESSMENT AS A PART OF THE SUPPLIERS SCOPE
Current experience (e.g. Copenhagen Metro) with Employer’s assessor:
• Employer being Postilion d’amour between ISA and Supplier
• Unclear definition of deliverables
• Unpredictable plan
What we want:
• Clear definition of deliverable
• Predicable plan
• Clear responsibilities
• (and well defined economy)
RATIONALE
MAY 17TH 2016
CSM-RA - ASSESSMENT AS A PART OF THE SUPPLIERS SCOPE
PREPARATION - TENDER
• NSA clarification on concept with G-ISA/S-ISA
• Concerns on Independence
• Concerns on responsibility
• But all was inexperienced in such a large scale assessment task
• Definition in tender
• Proposed split of scope between G-ISA/S-ISA
• Deliverables is delivered when a clean ISA report is available
• Requirements to assessor
MAY 17TH 2016
CSM-RA - ASSESSMENT AS A PART OF THE SUPPLIERS SCOPE
EXPERIENCES SO FAR – FROM EMPLOYER (PROPOSER)
Pro:
• Employer need only to review on scope and context
• Limited discussion about delivery
• (Costs !)
Contra:
• CSM-RA versus CENELEC
• Product (generic application) versus specific application
• Roles Proposer/Actor crucial
• Assessment of Actor versus assessment of Proposer
• When are G-ISA satisfied with S-ISA assessment
CSM-REA - Assessment as a Part of
the Suppliers Scope
Dr. Daniel Woodland
Professional Head of Signalling & Train Control
Ricardo Rail
17th May 2016
6© Ricardo plc 201617th May 2016
• The G-ISA’s scope can be summarised as:
– Assessment within the scope of the Signalling Programme including the
interfaces between all involved parties, i.e. the SP projects, the two railways,
the suppliers, Banedanmark Operating Organisation (BDK OO), the RUs
and the independent assessment organisations involved in the project
– This covers everything from product development through to railway
integration and SRAC acceptance
• The G-ISA’s assessment activities sit above any assessment that
may be carried out by an S-ISA, Product ISA or under local
railway practice (e.g. Teknisk System Ansvarlig)
• The G-ISA is approved by the National Safety Authority (NSA) as
CSM-REA Assessment Body (AsBo), whereas the other types of
assessor are not
Overall Assessment
7© Ricardo plc 201617th May 2016
G-ISA assessment process
• G-ISA re-uses existing assessments– Where an appropriate independent
assessment has already been adequately
completed for some aspect, the G-ISA will
accept evidence from assessment reports
• G-ISA needs confidence that
assessments are adequately complete– G-ISA reviews the S-ISA Scope of Work,
Assessment Plans and assessment reports
– G-ISA carries out sample checks and audits
of assessment activities
– Where evidence that the CSM/AsBo criteria
have been met is not found, the G-ISA
requests additional evidence or fills the gaps
in assessment
• G-ISA produces a final Safety
Assessment Report to support APIS
• G-ISA completes assessment of the integrated system– including whole project or railway aspects that needs to be addressed
G-ISA Phase
Reports
G-ISA Safety
Assessment
Reports
G-ISA Safety
Notices
8© Ricardo plc 201617th May 2016
• Strengths of having ISA as a part of supplier scope:– Much of the activity required at product and Generic Application levels is not unique
to this one project
• It is more efficient for a Product ISA or S-ISA working for the supplier to assess
these aspects
– Clear independence of the G-ISA from the supplier
• Weaknesses of having ISA as a part of supplier scope:– The S-ISA is working to a remit from the supplier, who is in turn working to a remit
from the client. If the G-ISA needs something that isn’t in those remits then a gap in
assessment appears that needs to be filled
• This has potential to cause contractual argument and delays
• If this cannot be resolved, the G-ISA is forced to look back over activities the S-
ISA has already reviewed – resulting in inefficient duplication of effort
– The G-ISA can be unsighted as to what is happening, or when activity is expected
• Communication of programmes and co-ordination of assessment
activities are key to successfully managing the risks
Strengths and weaknesses in the adopted approach
9© Ricardo plc 201617th May 2016
• Co-ordination to enable efficient assessment activity:
– Sight of Assessment plans (early chance to raise observations)
– On-going updates on progress
• Indication as to what is coming up and what may need assessment / Audit
– Output that aligns with plans
• Clear explanation of any deviations and their potential impact on safety
– Regular communication with Safety Management team
• A quick discussion can facilitate efficient working and enable rapid progress
– Direct communication between G-ISA and S-ISA / TVEs where required
• Need to be able to ‘cut to the chase’ and gain answers (as well as
confidence in approaches being taken)
Communication and Co-ordination
www.thalesgroup.comTHALES GROUP INTERNAL
EN50126 vs. CSM-RA Assessment
A THALES SAFETY ASSESSMENT CENTRE (TAC) VIEW
11THALES GROUP INTERNALThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights
reserved.
Assessment Activities
Employer’s Requirement Specification
Employer’s Risk
Analysis
SuppliersHazard Analysis
Risks and
assigned THRs
National Railway Regulations and
Standards
G - ISA
S - ISA
CSM
Assessment
EN50126
AssessmentMitigation of risks
by assigned hazardsSuppliers
Requirements Specification
12THALES GROUP INTERNALThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights
reserved.
CSM-RA process
Content & Overview
Content of this presentation
• What we planned
• Status of the activities
• Next steps
• Lessons learned
Overview of the roles defined within the FIE project,
according to the definitions of CSM-RA
• BDK (Infrastructure Manager) = Proposer
• Ricardo (G-ISA) = AsBo
• Alstom (Supplier) = Actor
• Railcert (S-ISA) = Supplier’s Safety Assessor
May 17th, 2016 SLIDE
13
CSM-RA - Assessment as a Part of the Suppliers Scope in the FIE Signalling project
What we planned
From the ISA plan: the S-ISA will assess the compliance of
Alstom’s processes to /CSM-RA/, as applicable to its “actor” role,
in order to provide supporting evidences to the proposer (BDK).
Specifically, the S-ISA will consider:
• The system definition (i.e. proper definition of interfaces and
functions, ...).
• The Risk Assessment and Risk Analysis (completeness and
traceability of results).
• The Demonstration of Compliance with the Safety
Requirements (traceability of tests, test witnessing).
Most of the listed evidences are gathered during the ongoing ISA
according EN5012x as per the following slideMay 17th, 2016 SLIDE
14
CSM-RA - Assessment as a Part of the Suppliers Scope in the FIE Signalling project
What we planned (2)
CSM-RA - Assessment as a Part of the Suppliers Scope in the FIE Signalling project
Status of the activities
Compliance to CSM-RA to be confirmed (in progress) by a clause-
to-clause checklist, with cross-references to EN50129, EN50126
May 17th, 2016 SLIDE
16
ANNEX I of /CSM-REA/ Comment of the Assessor
Result
(Y/N/
NA/OG)
Cross
reference
to
/50129/
Cross
reference
to
/50126/
lifecycle
1. GENERAL PRINCIPLES APPLICABLE TO THE RISK MANAGEMENT PROCESS
1.1 General principles and obligations
1.1.1. The risk management process covered by this Regulation
shall start from a definition of the system under
assessment and comprise the following activities:
(a) the risk assessment process, which shall identify the
hazards, the risks, the associated safety measures and
the resulting safety requirements to be fulfilled by the
system under assessment;
A risk analysis has been provided at signalling
programme level by BDK (ref. "SP-04-010009-
Safety Target determination and
apportionment" Rev. 6.0), assessed by the G-
ISA and submitted to the National Safety
Authority.
At project level, PHA, System HA and
Subsystem HAs identify applicable hazards,
associated safety measures, final risk
evaluation and acceptability.
Y SM - Risk
analysis, HL
SM - Safety
SYRS
3.
4.
1.1.1. (b) demonstration of the compliance of the system with
the identified safety requirements; and
V&V activities have been planned in order to
provide evidence of the safety requirements
fulfilling, not yet completed
OG SM - Safety
V&V
9.
10.
….
1.1.6 Safety organization: the different actors’ tasks, as well
as their risk management activities, shall be identified
and managed by the proposer
NA (in charge to BDK in his role of proposer) NA
….
4.2 All hazards and related safety requirements which
cannot be controlled by one actor alone shall be
communicated to another relevant actor in order to find
jointly an adequate solution. The hazards registered in
the hazard record of the actor who transfers them shall
only be ‘controlled’ when the evaluation of the risks
associated with these hazards is made by the other actor
and the solution is agreed by all concerned.
The Hazard Log generated at project level will
be coordinated with the Banedanmark Hazard
Log, in order to maintain their alignment and
ensure coordination at signalling programme
level among all the actors.
OG
NA
SM - Hazard
Log
3.
4.
11.
12.
Next steps
• Finalise the assessment of the deliverables provided by
Alstom (Actor & Supplier), according to the CSM-RA
requirements applicable to the “Actor” role:
“the rail-sector actors concerned shall cooperate in order to
identify and manage jointly the hazards”
“demonstration of compliance with safety requirements […]
shall be carried out by each of the actors responsible for
fulfilling the safety requirements”
• To be coordinated with the G-ISA (Assessment Body):
“Evaluation of the correct application of the risk management
process falls within the responsibility of the assessment body”
May 17th, 2016 SLIDE
17
CSM-RA - Assessment as a Part of the Suppliers Scope in the FIE Signalling project
Lessons learned
Key points to improve the process:
1. Establish a clear definition of roles and tasks (mainly of the
Proposer) at the very beginning of the project
2. Clearly define the tasks included in the Supplier’s scope of
work (as an Actor): e.g. which kind of “support” to the
Proposer ? How to manage the Hazard Record ?
3. Define the assessment tasks at the boundary between
Supplier/Proposer, in order to avoid duplication of work:
“the assessment body shall: […] conduct an assessment of
the processes used for managing safety and quality during
the design and implementation of the significant change, if
those processes are not already certified by a relevant
conformity assessment body”May 17th, 2016 SLIDE
18CSM-RA - Assessment as a Part of the Suppliers Scope in the FIE Signalling project
MAY 17TH 2016
CSM-RA - ASSESSMENT AS A PART OF THE SUPPLIERS SCOPE
Daniel WoodlandProfessional Head of Signalling and Train Control
Ricardo Rail
T +44 (0)7772 618893 E [email protected]
Cristina ZecchiniSenior Assessor / Project Manager CoCoSigRailcert B.V. Via Montalenghe 8 - 10010 Scarmagno (TO) - Italy M: +39 320 3816039 E [email protected]
André FitzkeSafety Assessor Thales Assessment Centre - Thales DeutschlandM + 49 172 828 1431 E [email protected]
Stig MunckTechnical ManagerRail Safety – Rambøll Danmark A/SM + 45 51616375 E [email protected]