INDEPENDENT SAFETY ASSESSMENT - Indian Railways

INDEPENDENT SAFETY

ASSESSMENT –CONCEPT ,OBJECTIVE & REQUIREMENTS

RAJESH PATEL

ISA & RAILWAY RAM & SAFETY CONSULTANT

Ex-IRSSE-1990.

OVERVIEW

CONCEPT & REQUIREMENTS OF ISA

QUALIFICATION OF ISA

ENGAGEMENT

INDPENDENT SAFETY ASSESSORS’

ASSESSMENT PROCESSES

FAQ –ISA

18-07-2020INDEPENDENT SAFETY ASSESSMENT 2

DEFINITION

Independent Safety Assessment

Process to determine whether the system/product meets the

specified safety requirements and to form a judgement as

to whether the system/product is fit for its intended purpose

in relation to safety


Independent Safety Assessment

- RISK BASED APPROACH

- LOGICAL APPROACH

CONCEPT & REQUIREMENTS

EUROPEAN BACK GROUND- Liberalisation of

European railway ; and Urban Transport System –

Restructuring

Indian Context –

CRS/CMRS under ministry of Civil Aviation –Main

Line & Metro

Metro Railways – Corporation - Company

incorporated under Company Act 1956/2013



In general , the State used to be overall responsible for all

aspects of the railway.

The liberalization of the European railways ( started with the

European Directive 91/440) asked for a formal separation of

activities of railway ) Operation and Management of

infrastructure.

A structure exists in which some basic processes organized

completely independent of each other. (EA-2003-Para162-EIG ,

L&E etc).

This structure includes the assessment of railway product,

systems and operations.(RDSO ,RITES etc)



Two important European Directives formed the basis for the technicalspecification of the railway and its parts.

These are –

The Railway Safety Directive (EU) 2016/798 (superseding the ED-2004/49/EC) and

The Railway Interoperability Directive (EU) 2016 /797(superseding the ED-2008/57/EC).

From the technical perspective; these two are fundamental and otherdocuments in the legal structure.

Three more documents complete this legal framework:

Technical Specifications for Interoperability (TSI),

Common Safety Methods (CSM) and

European Standards (EN).



Technical Specifications for Interoperability-TSI

The Interoperability Directive (EU) 2016/797 -The Technical

Requirements for the interoperability of the high speed and

conventional rail system are defined in the TSI.

A TSI is a common, harmonised, technical standard required to

satisfy the essential requirements of interoperability.

These include Safety, Reliability and Availability, health,

environmental protection and technical compatibility.

TSIs also contain all the elements required to evaluate,

assess and finally certify the conformity of railway products

(interoperability constituents) and subsystems with the

requirements


CONCEPT & REQUIREMENTS Technical Specifications for Interoperability-TSI

TSI key documents can be presented –

Either by Structural subsystem (like Energy,

Infrastructure, Rolling Stock and Control, Command

and Signalling) or

by common areas of application, which include

more then one subsystem (like Persons of Reduced

Mobility, Safety in Railway Tunnels or Noise).



Common Safety Methods-CSM-REA

The Railway Safety Directive (EU) 2016/798 introduces the notion of

Common Safety Methods. These are further described in:

The Commission Decision 2009/460/EC, containing the requirements

for the assessment of the achievement of Common Safety Targets.

The EC’s CSM-REA Regulation (352/2009 repealed by 402/2013 as

amended 2015/1136), is a legal requirement for the Evaluation and

Assessment of Risks associated with significant engineering, operational

and organisational changes to the mainline railway.

CSM introduces the notion of structured Risk Evaluation and Analysis

when changes are made in the railway system. These changes can be of

technical. Operational or organizational nature.

The introduction of new rolling stock is one of the example of such a change.

Hence introduction of new RST requires the application of the CSM-REA


CONCEPT & REQUIREMENTS European Railway Standards –EN

The third requirements in the railway field are the Railway Standards.

European Standards ( EN ) -Ratified by one of the 3 European Standards

Organizations; CEN, CENELEC or ETSI.

ENs as European Norms , are Technical Standards drafted and maintained by

CEN ( European Committee for Standardization ), CENELEC ( European

Committee for Electro technical Standardization) and ETSI ( European

Telecommunications Standards Institute ).

The formal application of Railway Standards is normally not required.

The application of standards is voluntary in the normal situation. However,

exceptions exist where standards can be mandatory.

Some standards asks for Independent assessment . [RAMS standards EN

50126, EN 50129 , Compatibility standard EN 50238 etc]



18-07-

2020INDEPENDENT SAFETY ASSESSMENT 11

EN are based on a consensus ,which reflects economic

and social interest of 33 member countries

participating through NCs.

Most Standards comes from Industries and projects

from consumers ,SMEs or association or even European

legislators.

Besides EN ,CENELEC also produce other reference

documents like Technical Specifications, Technical

Reports and Workshop-Agreements.



CENELEC /TC9X is responsible for EN for Electro Technical applications relatedto the Rail Transport Industry for EU.

Rail Industry comprises of –

Rail User

Operator ( Public & Private)

Owner of Infrastructure

Manufactures & Maintainers

Service Providers ( e.g. Consultants ,financers etc)

Public Authorities ( National & European )

Leasing Companies

Regulating Bodies

Trade Associations

REQUIREMENT


REQUIREMENT


REQUIREMENT


REQUIREMENT


ENGAGEMENT RDSO LETTER No : STS/E/ISA-Vol0IV Dtd 08.01.2018 ( Revised Panel of ISAs for

Signalling Project and Product ) –EMPANELEMNT for 2 Years

Category Nos ofFirm

Brief

A-For Metro

8 Firms HALCROW (UK) , TuV-R(NDR) ,SNC Lavalin (Eng),CERTIFIER ( Fr) , BVI (Italy ) , TuV-N (Gr),TuV-S(Gr) &RINA ( Italy)

B- For Main Line

9 Firms HALCROW (UK) , ITALCERTIFER(Italy) ,TuV-R (NDR),SNC Lavalin (Eng) , CERTIFER ( Fr), SCONRAIL ( Eng ),BVI ( Italy) ,TuV-N ( Gr) & RINA ( Italy )

C- For Genericsystem

12 Firms

Halcrow ( UK) ,ITALCERTIFER ( Italy), TuV-R (NDR) ,SNC Lavalin ( Eng ) ,CERTIFER ( Fr) , SCONRAIL (Eng),BVI (Italy ) , TuV-N ( Gr ) , RINA ( Italy) , RlyCertification Centre NRCC ( JP) , ECA (Spain ) , NAL (IND )


QUALIFICATION- ACCREDITATION

ISO/IEC 17065 – Requirement for Bodies Certifying

Product ,Processes and Services

ISO/IEC 17020- Requirement for Bodies in the

Operation of Various Types of the Inspection Bodies

ISO/IEC 17021- Requirement for Bodies For

Management system Audit

ISO/IEC 17025 – Requirement for Bodies For Testing

& Calibration Labs

18-07-


EN17065 - ISA PARA 4.2.10 –Management and Impartiality – Within a period

specified by the CB , personnel shall not be used to review or make a

certification decision for a product for which they have provided

consultancy ( Normally 2 Years)

PARA 7.5 REVIEW – The CB shall assign at least one person to

review all information and result relate to the evaluation . The Review

shall be carried out by person (s) who have not been involved in the

evaluation process.

PARA 7.6.2 – CERTIFICATION DECISION – The CB shall assign at

least one person to make the certification decision based on all

information related to the evaluation ,its review and any other relevant

information. The Certification Decision shall be carried out by a

person or group of persons ( e.g. a Committee ) that has not been

involved in process for evaluation.


RAILWAY ENVIRONMENT


SYSTEM

LIFE

CYCLE


V- CYCLE –SYSTEM LIFE CYCLE


RISK ASSESSMENT PROCESS


REQUIREMENTS


RELATIONSHIPS-CLIENT,ISA & CONTRACTORS

ISA

PRODUCT/SUB

SYSTEM CONTRACTOR

ISA

PROJECT /SYSTEM-

CONTRACTOR

CLIENT CRS


RAILWAY SUBSYSTEMS –For ISA Civil structures Buildings

Track Structures

Rolling Stocks System

Power system (Traction /OCS & Auxiliary )

Signalling & Train Control System

Platform Screen Doors System

Lift & Escalators

Automatic Fare Collection System

Communication System

Tunnel Ventilation System

Ventilation & Air Conditionings System

SCADA


ISA ASSESSMENT TEAM –Typical

INTERFACE & INTEGRATION

PM

RST PSD STC

SOFTWARE

DOC ControllerCERTIFICATION

EMC Expert


ISA ASSESSMENT PROCESS

18-07-


EN 50126: Railway applications - The specificationand demonstration of reliability, availability,maintainability and safety (RAMS)

EN 50128: Railway applications - Communications,signalling and processing systems - Software forRailway Control and Protection Systems

EN 50129: Railway applications - Communications,signalling and processing systems - Safety relatedelectronic systems for signalling

EN 50159: Railway applications - Communication,signalling and processing systems - Safety-relatedcommunication in transmission systems

http://en.wikipedia.org/w/index.php?title=EN_50126&action=edit&redlink=1

http://de.wikipedia.org/wiki/RAMS







The Safety Case

Evidence of Quality Management

Evidence of Safety Management

Evidence of Functional & Technical

Safety

Safety Acceptance & Approval





DOCUMENT REVIEW –

Safety Documents

Quality Documents

Project Documents

AUDIT & ASSESSMENT

Site inspection

Test Witness


DELIVERABLES By ISA

Safety Assessment Plan

Assessment Reports

CERTIFICATE/s


FAQ-ISA


Sr No

Question Explanation

1) Why ISA needed? RDSO Condition and CMRSasks for it.

It is legal & Contractual Requirement

2) When Signalling is

already SIL-4; why ISA

Needed?

Validity of a SIL Certificate is subject to fulfilment of

certain Safety Restriction /conditions.

3) Why we need another

ISA Certificate?

Contractor submit Baseline General Application /General

Product SIL Certificate.

4) So ISA do not given

GA/GP SIL Certificate?

For the project; ISA gives Operation Safety Certificate

which is based on assessment of all Safety

Compliances of the Product plus Installation, T&C

compliances and confirmation of O&M requirements.

FAQ-ISA


Sr No


5) What is the Cost of

Compliances for

Independent Safety

Assessment?

It depends upon Project to Project, as Man month

/Mandays invested on deployments of human

resources and Documentation not only on

client/GC side but also on supplier side.

6) Why not GA/GP SIL be

accepted and do away with

formal engagement of ISA?

Validity of these GA/GP SIL Certificates are subject

to /depend upon the compliance of all Safety

Restrictions concern.

7) Why ISA needed when

Project Design are verified

by GC/Client?

ISA also verify Quality and Safety aspect on the

top of Design from Functional safety perspective.

8) What Quality aspect an ISA

look for?

Quality Management Report is part of Safety Case.

Focus on Configuration & Change Management.

FAQ-ISA


Sr No


9) Whether all GA/GP SIL

Certificate has Safety

Restrictions /Conditions?

Invariably all GA/GP SIL Certificate has SRC

and remain valid as long as and till all Safety

Conditions /Restrictions are compiled and

remained enforced.

10) Where to find Safety

Restrictions/Conditions?

These Safety Restriction are listed in concern

GA/GP ISAAssessment Report.

11) How to confirm same system is

being supplied for which SIL

Certificate is submitted?

Ask for GA/GP Safety Case, which details

about System Description /Configuration.

12) Why do we need to ask

Contractor to submit GA/GP

SC?

To verify system and its version under supply.

FAQ-ISA


Sr No


13) Do Contractor must submit ISA

Assessment Report Certificate?

Otherwise validity of SIL certificate

cannot be verified

14) Why not let ISA see all the SIL

Certificate, GA/GP Safety Case of

ISA Report?

First of all it is the responsibility of

Client to Accept or reject a SIL

Certificate.

15) When this SIL Certificate be

rejected?

If product under supply is different than

defined in GA/GP Safety case; based

on which a SIL Certificate was earned.

16) When ISA verify SIL why Client is

required to see the SIL Certificate

,ISA Report (Of GA/GP? And

GA/GP Safety Case?

Though professionalism and

Independence is hallmark of ISA

profession /firms; but as with any

profession there has been some

informal complains /doubts.

FAQ-ISA


Sr No


17) What is the value

addition, if any, from ISA?

For the Project; ISA assess implementation of

Quality Requirements and Safety Requirements

complying to attain /retain validity of SIL.

18) What should be matter of

Concern for Client in ISA

submitted Safety

Certificate?

To keep number of Safety Restrictions as low as

safely possible and System should be Safe with

less/optimum investment on O&M recurring cost.

19) Does ISA Certificate also

has Safety

Restrictions/Conditions?

Yes. ISA will ensure all Safety Restrictions/condition

are complied. Who takes the Responsibility (Client

or Contractor) is not his outlook.

20 What to look for in

Organization &

processes of an ISA?

Organization strength and Changes in it; if any. ISA

Process commitments including Review and

Certification entity.

QUESTIONS


ANY OTHER ….


RAJESH PATEL EX-IRSSE-1990RLY RAM & SAFETY CONSULTANT+ 91 [email protected]