Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
INDEPENDENT SAFETY
ASSESSMENT –CONCEPT ,OBJECTIVE & REQUIREMENTS
RAJESH PATEL
ISA & RAILWAY RAM & SAFETY CONSULTANT
Ex-IRSSE-1990.
OVERVIEW
CONCEPT & REQUIREMENTS OF ISA
QUALIFICATION OF ISA
ENGAGEMENT
INDPENDENT SAFETY ASSESSORS’
ASSESSMENT PROCESSES
FAQ –ISA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 2
DEFINITION
Independent Safety Assessment
Process to determine whether the system/product meets the
specified safety requirements and to form a judgement as
to whether the system/product is fit for its intended purpose
in relation to safety
18-07-2020INDEPENDENT SAFETY ASSESSMENT 3
Independent Safety Assessment
- RISK BASED APPROACH
- LOGICAL APPROACH
CONCEPT & REQUIREMENTS
EUROPEAN BACK GROUND- Liberalisation of
European railway ; and Urban Transport System –
Restructuring
Indian Context –
CRS/CMRS under ministry of Civil Aviation –Main
Line & Metro
Metro Railways – Corporation - Company
incorporated under Company Act 1956/2013
18-07-2020INDEPENDENT SAFETY ASSESSMENT 4
CONCEPT & REQUIREMENTS
In general , the State used to be overall responsible for all
aspects of the railway.
The liberalization of the European railways ( started with the
European Directive 91/440) asked for a formal separation of
activities of railway ) Operation and Management of
infrastructure.
A structure exists in which some basic processes organized
completely independent of each other. (EA-2003-Para162-EIG ,
L&E etc).
This structure includes the assessment of railway product,
systems and operations.(RDSO ,RITES etc)
18-07-2020INDEPENDENT SAFETY ASSESSMENT 5
CONCEPT & REQUIREMENTS
Two important European Directives formed the basis for the technicalspecification of the railway and its parts.
These are –
The Railway Safety Directive (EU) 2016/798 (superseding the ED-2004/49/EC) and
The Railway Interoperability Directive (EU) 2016 /797(superseding the ED-2008/57/EC).
From the technical perspective; these two are fundamental and otherdocuments in the legal structure.
Three more documents complete this legal framework:
Technical Specifications for Interoperability (TSI),
Common Safety Methods (CSM) and
European Standards (EN).
18-07-2020INDEPENDENT SAFETY ASSESSMENT 6
CONCEPT & REQUIREMENTS
Technical Specifications for Interoperability-TSI
The Interoperability Directive (EU) 2016/797 -The Technical
Requirements for the interoperability of the high speed and
conventional rail system are defined in the TSI.
A TSI is a common, harmonised, technical standard required to
satisfy the essential requirements of interoperability.
These include Safety, Reliability and Availability, health,
environmental protection and technical compatibility.
TSIs also contain all the elements required to evaluate,
assess and finally certify the conformity of railway products
(interoperability constituents) and subsystems with the
requirements
18-07-2020INDEPENDENT SAFETY ASSESSMENT 7
CONCEPT & REQUIREMENTS Technical Specifications for Interoperability-TSI
TSI key documents can be presented –
Either by Structural subsystem (like Energy,
Infrastructure, Rolling Stock and Control, Command
and Signalling) or
by common areas of application, which include
more then one subsystem (like Persons of Reduced
Mobility, Safety in Railway Tunnels or Noise).
18-07-2020INDEPENDENT SAFETY ASSESSMENT 8
CONCEPT & REQUIREMENTS
Common Safety Methods-CSM-REA
The Railway Safety Directive (EU) 2016/798 introduces the notion of
Common Safety Methods. These are further described in:
The Commission Decision 2009/460/EC, containing the requirements
for the assessment of the achievement of Common Safety Targets.
The EC’s CSM-REA Regulation (352/2009 repealed by 402/2013 as
amended 2015/1136), is a legal requirement for the Evaluation and
Assessment of Risks associated with significant engineering, operational
and organisational changes to the mainline railway.
CSM introduces the notion of structured Risk Evaluation and Analysis
when changes are made in the railway system. These changes can be of
technical. Operational or organizational nature.
The introduction of new rolling stock is one of the example of such a change.
Hence introduction of new RST requires the application of the CSM-REA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 9
CONCEPT & REQUIREMENTS European Railway Standards –EN
The third requirements in the railway field are the Railway Standards.
European Standards ( EN ) -Ratified by one of the 3 European Standards
Organizations; CEN, CENELEC or ETSI.
ENs as European Norms , are Technical Standards drafted and maintained by
CEN ( European Committee for Standardization ), CENELEC ( European
Committee for Electro technical Standardization) and ETSI ( European
Telecommunications Standards Institute ).
The formal application of Railway Standards is normally not required.
The application of standards is voluntary in the normal situation. However,
exceptions exist where standards can be mandatory.
Some standards asks for Independent assessment . [RAMS standards EN
50126, EN 50129 , Compatibility standard EN 50238 etc]
18-07-2020INDEPENDENT SAFETY ASSESSMENT 10
CONCEPT & REQUIREMENTS
18-07-
2020INDEPENDENT SAFETY ASSESSMENT 11
EN are based on a consensus ,which reflects economic
and social interest of 33 member countries
participating through NCs.
Most Standards comes from Industries and projects
from consumers ,SMEs or association or even European
legislators.
Besides EN ,CENELEC also produce other reference
documents like Technical Specifications, Technical
Reports and Workshop-Agreements.
CONCEPT & REQUIREMENTS
18-07-2020INDEPENDENT SAFETY ASSESSMENT 12
CENELEC /TC9X is responsible for EN for Electro Technical applications relatedto the Rail Transport Industry for EU.
Rail Industry comprises of –
Rail User
Operator ( Public & Private)
Owner of Infrastructure
Manufactures & Maintainers
Service Providers ( e.g. Consultants ,financers etc)
Public Authorities ( National & European )
Leasing Companies
Regulating Bodies
Trade Associations
ENGAGEMENT RDSO LETTER No : STS/E/ISA-Vol0IV Dtd 08.01.2018 ( Revised Panel of ISAs for
Signalling Project and Product ) –EMPANELEMNT for 2 Years
Category Nos ofFirm
Brief
A-For Metro
8 Firms HALCROW (UK) , TuV-R(NDR) ,SNC Lavalin (Eng),CERTIFIER ( Fr) , BVI (Italy ) , TuV-N (Gr),TuV-S(Gr) &RINA ( Italy)
B- For Main Line
9 Firms HALCROW (UK) , ITALCERTIFER(Italy) ,TuV-R (NDR),SNC Lavalin (Eng) , CERTIFER ( Fr), SCONRAIL ( Eng ),BVI ( Italy) ,TuV-N ( Gr) & RINA ( Italy )
C- For Genericsystem
12 Firms
Halcrow ( UK) ,ITALCERTIFER ( Italy), TuV-R (NDR) ,SNC Lavalin ( Eng ) ,CERTIFER ( Fr) , SCONRAIL (Eng),BVI (Italy ) , TuV-N ( Gr ) , RINA ( Italy) , RlyCertification Centre NRCC ( JP) , ECA (Spain ) , NAL (IND )
18-07-2020INDEPENDENT SAFETY ASSESSMENT 17
QUALIFICATION- ACCREDITATION
ISO/IEC 17065 – Requirement for Bodies Certifying
Product ,Processes and Services
ISO/IEC 17020- Requirement for Bodies in the
Operation of Various Types of the Inspection Bodies
ISO/IEC 17021- Requirement for Bodies For
Management system Audit
ISO/IEC 17025 – Requirement for Bodies For Testing
& Calibration Labs
18-07-
2020INDEPENDENT SAFETY ASSESSMENT 18
EN17065 - ISA PARA 4.2.10 –Management and Impartiality – Within a period
specified by the CB , personnel shall not be used to review or make a
certification decision for a product for which they have provided
consultancy ( Normally 2 Years)
PARA 7.5 REVIEW – The CB shall assign at least one person to
review all information and result relate to the evaluation . The Review
shall be carried out by person (s) who have not been involved in the
evaluation process.
PARA 7.6.2 – CERTIFICATION DECISION – The CB shall assign at
least one person to make the certification decision based on all
information related to the evaluation ,its review and any other relevant
information. The Certification Decision shall be carried out by a
person or group of persons ( e.g. a Committee ) that has not been
involved in process for evaluation.
18-07-2020INDEPENDENT SAFETY ASSESSMENT 19
RELATIONSHIPS-CLIENT,ISA & CONTRACTORS
ISA
PRODUCT/SUB
SYSTEM CONTRACTOR
ISA
PROJECT /SYSTEM-
CONTRACTOR
CLIENT CRS
18-07-2020INDEPENDENT SAFETY ASSESSMENT 25
RAILWAY SUBSYSTEMS –For ISA Civil structures Buildings
Track Structures
Rolling Stocks System
Power system (Traction /OCS & Auxiliary )
Signalling & Train Control System
Platform Screen Doors System
Lift & Escalators
Automatic Fare Collection System
Communication System
Tunnel Ventilation System
Ventilation & Air Conditionings System
SCADA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 26
ISA ASSESSMENT TEAM –Typical
INTERFACE & INTEGRATION
PM
RST PSD STC
SOFTWARE
DOC ControllerCERTIFICATION
EMC Expert
18-07-2020INDEPENDENT SAFETY ASSESSMENT 27
ISA ASSESSMENT PROCESS
18-07-
2020INDEPENDENT SAFETY ASSESSMENT 28
EN 50126: Railway applications - The specificationand demonstration of reliability, availability,maintainability and safety (RAMS)
EN 50128: Railway applications - Communications,signalling and processing systems - Software forRailway Control and Protection Systems
EN 50129: Railway applications - Communications,signalling and processing systems - Safety relatedelectronic systems for signalling
EN 50159: Railway applications - Communication,signalling and processing systems - Safety-relatedcommunication in transmission systems
ISA ASSESSMENT PROCESS
The Safety Case
Evidence of Quality Management
Evidence of Safety Management
Evidence of Functional & Technical
Safety
Safety Acceptance & Approval
18-07-2020INDEPENDENT SAFETY ASSESSMENT 30
ISA ASSESSMENT PROCESS
DOCUMENT REVIEW –
Safety Documents
Quality Documents
Project Documents
AUDIT & ASSESSMENT
Site inspection
Test Witness
18-07-2020INDEPENDENT SAFETY ASSESSMENT 32
DELIVERABLES By ISA
Safety Assessment Plan
Assessment Reports
CERTIFICATE/s
18-07-2020INDEPENDENT SAFETY ASSESSMENT 33
FAQ-ISA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 34
Sr No
Question Explanation
1) Why ISA needed? RDSO Condition and CMRSasks for it.
It is legal & Contractual Requirement
2) When Signalling is
already SIL-4; why ISA
Needed?
Validity of a SIL Certificate is subject to fulfilment of
certain Safety Restriction /conditions.
3) Why we need another
ISA Certificate?
Contractor submit Baseline General Application /General
Product SIL Certificate.
4) So ISA do not given
GA/GP SIL Certificate?
For the project; ISA gives Operation Safety Certificate
which is based on assessment of all Safety
Compliances of the Product plus Installation, T&C
compliances and confirmation of O&M requirements.
FAQ-ISA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 35
Sr No
Question Explanation
5) What is the Cost of
Compliances for
Independent Safety
Assessment?
It depends upon Project to Project, as Man month
/Mandays invested on deployments of human
resources and Documentation not only on
client/GC side but also on supplier side.
6) Why not GA/GP SIL be
accepted and do away with
formal engagement of ISA?
Validity of these GA/GP SIL Certificates are subject
to /depend upon the compliance of all Safety
Restrictions concern.
7) Why ISA needed when
Project Design are verified
by GC/Client?
ISA also verify Quality and Safety aspect on the
top of Design from Functional safety perspective.
8) What Quality aspect an ISA
look for?
Quality Management Report is part of Safety Case.
Focus on Configuration & Change Management.
FAQ-ISA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 36
Sr No
Question Explanation
9) Whether all GA/GP SIL
Certificate has Safety
Restrictions /Conditions?
Invariably all GA/GP SIL Certificate has SRC
and remain valid as long as and till all Safety
Conditions /Restrictions are compiled and
remained enforced.
10) Where to find Safety
Restrictions/Conditions?
These Safety Restriction are listed in concern
GA/GP ISAAssessment Report.
11) How to confirm same system is
being supplied for which SIL
Certificate is submitted?
Ask for GA/GP Safety Case, which details
about System Description /Configuration.
12) Why do we need to ask
Contractor to submit GA/GP
SC?
To verify system and its version under supply.
FAQ-ISA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 37
Sr No
Question Explanation
13) Do Contractor must submit ISA
Assessment Report Certificate?
Otherwise validity of SIL certificate
cannot be verified
14) Why not let ISA see all the SIL
Certificate, GA/GP Safety Case of
ISA Report?
First of all it is the responsibility of
Client to Accept or reject a SIL
Certificate.
15) When this SIL Certificate be
rejected?
If product under supply is different than
defined in GA/GP Safety case; based
on which a SIL Certificate was earned.
16) When ISA verify SIL why Client is
required to see the SIL Certificate
,ISA Report (Of GA/GP? And
GA/GP Safety Case?
Though professionalism and
Independence is hallmark of ISA
profession /firms; but as with any
profession there has been some
informal complains /doubts.
FAQ-ISA
18-07-2020INDEPENDENT SAFETY ASSESSMENT 38
Sr No
Question Explanation
17) What is the value
addition, if any, from ISA?
For the Project; ISA assess implementation of
Quality Requirements and Safety Requirements
complying to attain /retain validity of SIL.
18) What should be matter of
Concern for Client in ISA
submitted Safety
Certificate?
To keep number of Safety Restrictions as low as
safely possible and System should be Safe with
less/optimum investment on O&M recurring cost.
19) Does ISA Certificate also
has Safety
Restrictions/Conditions?
Yes. ISA will ensure all Safety Restrictions/condition
are complied. Who takes the Responsibility (Client
or Contractor) is not his outlook.
20 What to look for in
Organization &
processes of an ISA?
Organization strength and Changes in it; if any. ISA
Process commitments including Review and
Certification entity.
18-07-2020INDEPENDENT SAFETY ASSESSMENT 40
RAJESH PATEL EX-IRSSE-1990RLY RAM & SAFETY CONSULTANT+ 91 [email protected]