Sunday Evening Reception - Home - Boyd Caton … · Web viewHazard and Vulnerability Resolution Verification. Describes the process the recipient will use to verify that project personnel

U.S. Departmentof TransportationFederal TransitAdministration

Safety and Security Management in Rail Transit Projects

Prepared by:Federal Transit AdministrationOffice of Safety and SecurityWashington, DC 20590

FTA OFFICE OF SAFETY AND SECURITY MARCH 2009


Table of Contents

1.0 INTRODUCTION...........................................................................................................................................3

1.1 SAFETY AND SECURITY IN THE NEW STARTS PROGRAM.....................................................................................31.2 REQUIRED SAFETY AND SECURITY MANAGEMENT ACTIVITIES...........................................................................5

2.0 SAFETY AND SECURITY MANAGEMENT PLAN (SSMP)...................................................................8

3.0 SSMP CHECKLIST......................................................................................................................................13

4.0 IN-DEPTH GUIDANCE ON SSMP DEVELOPMENT............................................................................22

4.1 MANAGEMENT COMMITMENT AND PHILOSOPHY...............................................................................................224.1.1 Safety and Security Policy Statement..........................................................................................................224.1.2 Purpose of SSMP........................................................................................................................................234.1.3 Scope of SSMP............................................................................................................................................244.1.4 SSMP Goal and Objectives.........................................................................................................................24

4.2 INTEGRATION INTO THE PROJECT DEVELOPMENT PROCESS...............................................................................254.2.1 Safety and Security Activities Matrix..........................................................................................................264.2.2 Procedures and Resources..........................................................................................................................264.2.3 Interface with Management........................................................................................................................28

4.3 ASSIGNMENT OF SAFETY AND SECURITY RESPONSIBILITIES..............................................................................314.3.1 Responsibility and Authority.......................................................................................................................314.3.2 Approach to Safety and Security Responsibilities.......................................................................................394.3.3 Safety and Security Responsibilities Matrix................................................................................................41

4.4 SAFETY AND SECURITY ANALYSIS.....................................................................................................................434.4.1 Approach to Safety and Security Analysis..................................................................................................434.4.2 Risk Tolerance in Safety and Security Analysis..........................................................................................464.4.3 Characteristics of Effective Analysis..........................................................................................................474.4.4 Requirements for Safety and Security Analysis...........................................................................................50

4.5 DEVELOPMENT OF SAFETY AND SECURITY DESIGN CRITERIA...........................................................................534.5.1 Approach to Development of Safety and Security Design Criteria.............................................................544.5.2 Approach to Specification...........................................................................................................................574.5.3 Design Reviews...........................................................................................................................................594.5.4 Deviations and Changes.............................................................................................................................61

4.6 PROCESS FOR ENSURING QUALIFIED OPERATIONS AND MAINTENANCE PERSONNEL........................................634.6.1 Operations and Maintenance Personnel Requirements..............................................................................634.6.2 Plans, Rules and Procedures......................................................................................................................644.6.3 Training Program.......................................................................................................................................644.6.4 Emergency Preparedness............................................................................................................................654.6.5 Public Awareness........................................................................................................................................65

4.7 SAFETY AND SECURITY VERIFICATION PROCESS (INCLUDING FINAL CERTIFICATION)......................................664.7.1 Design Criteria Verification Process..........................................................................................................664.7.2 Construction Specification Conformance Process.....................................................................................694.7.3 Testing/Inspection Verification...................................................................................................................724.7.4 Risk Resolution Verification........................................................................................................................724.7.5 Operational Readiness Verification............................................................................................................734.7.6 Certification Requirements.........................................................................................................................73

4.8 CONSTRUCTION SAFETY AND SECURITY............................................................................................................744.8.1 Construction Safety and Security Program Elements.................................................................................754.8.2 Incentives....................................................................................................................................................83

4.9 49 CFR PART 659 REQUIREMENTS (IF APPLICABLE)..........................................................................................834.9.1 Implementation Activities and Schedule.....................................................................................................834.9.2 Coordination...............................................................................................................................................85

4.10 FRA WAIVER PROCESS (IF APPLICABLE)..........................................................................................................85

March 2009 1


4.10.1 Activities and Schedule.............................................................................................................................854.10.2 Coordination.............................................................................................................................................90

4.11 DHS COORDINATION (IF APPLICABLE).............................................................................................................90

5.0 USEFUL SAFETY RESOURCES...............................................................................................................91

5.1 ADDITIONAL GUIDANCE FOR SSMP DEVELOPMENT..........................................................................................915.2 OTHER FTA SAFETY RESOURCES.......................................................................................................................915.3 TRANSIT COOPERATIVE RESEARCH PROGRAM...................................................................................................915.4 RESOURCES FOR DESIGN CRITERIA....................................................................................................................925.5 DEPARTMENT OF LABOR/OCCUPATIONAL SAFETY AND HEALTH ADMINISTRATION.........................................935.6 RAIL TRANSIT VEHICLE INTERFACE STANDARDS..............................................................................................935.7 APTA RAIL TRANSIT STANDARDS.....................................................................................................................945.8 CPUC GENERAL ORDERS...................................................................................................................................975.9 NFPA STANDARDS.............................................................................................................................................975.10 BIBLIOGRAPHIC REFERENCES...........................................................................................................................98

6.0 USEFUL SECURITY RESOURCES................................................................................................................100

6.1 FTA/ASIS RESOURCES.....................................................................................................................................1006.2 TCRP/NCHRP SECURITY RESOURCES.............................................................................................................1006.3 Department of Homeland Security...................................................................................................................104

March 2009 2


1.0 Introduction

The Federal Transit Administration (FTA) supports public transportation by issuing and managing grants to support the design, construction and operation of public transportation systems throughout the Nation. On August 10, 2005, President Bush signed the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA-LU) into law. SAFETEA-LU provides $52.6 billion in guaranteed funding for federal transit programs over five years through Fiscal Year 2009.

As specified in SAFETEA-LU, FTA manages 19 distinct grant programs. One of these grant programs, called the New Starts Program (49 U.S.C. 5309), provides funds for new fixed guideway systems and extensions to existing fixed guideway systems. A fixed guideway refers to any transit service that uses exclusive or controlled rights-of-way or rails, entirely or in part. The term includes heavy rail, commuter rail, light rail, trolleybus, aerial tramway, inclined plane, cable car, automated guideway transit, ferryboats, that portion of motor bus service operated on exclusive or controlled rights-of-way, and high-occupancy-vehicle (HOV) lanes.

Projects become candidates for funding under this program by successfully completing the appropriate steps in FTA’s New Starts Planning and Development Process. Funds are allocated by Congress on a discretionary basis, based on recommendations made by FTA in its annual report to Congress entitled “Annual Report on New Starts.”

1.1 Safety and Security in the New Starts Program

Each New Starts project funded by FTA must comply with a set of requirements specified in 49 CFR Part 633 “Project Management Oversight” and 49 CFR Part 611, “Major Capital Investment Projects.” In addition, FTA has prepared Guidance Circulars detailing how grant recipients can address FTA requirements. FTA’s Full-Funding Grant Agreement (FFGA) Guidance Circular 5200.1A identifies the specific requirements that must be addressed by grant recipients receiving FTA monies to support the construction of new fixed guideway systems and extensions to existing systems.

In its regulations, FTA requires each grant recipient to develop a Project Management Plan (PMP) to demonstrate its technical capacity to build, operate, and maintain a New Starts project. The grant recipient initiates the PMP during preliminary engineering, and, thereafter, the PMP is an evolving document that follows the project through preliminary engineering, entry into final design, the application for an FFGA, construction, and testing for revenue operations. As set forth in 49 U.S.C. § 5327(a) and in 49 CFR Part 633, within 60 days of receiving a PMP, FTA will decide whether to approve or disapprove the plan, or will notify the applicant that FTA is not yet able to complete its review. In making this determination, FTA may be assisted by a Project Management Oversight contractor (PMOC). Should FTA disapprove a PMP, FTA will inform the applicant of the reasons for disapproval.

FTA’s Guidance Circular 5800.1 entitled “Safety and Security Management for Major Capital Projects,” identifies the specific activities to be performed for safety and security management by grant recipients with New Starts projects from initial conceptual planning and design through the warranty period of construction and the initiation and management of revenue service. This Circular also explains how the grant recipient’s approach to performing these activities should be documented in a Safety and Security Management Plan (SSMP), which is submitted as part of the PMP.

March 2009 3


As part of the PMP, the SSMP must be developed and submitted to FTA for review and approval prior to the grant recipient’s advancement into the next phase of FTA’s New Starts Planning and Development Process. Prior to approving the grant recipient’s advancement into the next phase, FTA and its PMOCs conduct a detailed review of the SSMP and its implementation. Key phases in FTA’s New Starts Planning and Development Process include the following:

System Planning – begins with the transportation planning process carried out by Metropolitan Planning Organizations - in cooperation with State Departments of Transportation, local transit operators, and affected local governments - in urbanized areas throughout the country and results in the development of long range multimodal transportation plans and short-term improvement programs, as well as a number of other transportation and air quality analyses.

Alternatives Analysis – begins with the collection of information needed by local decision makers to consider the costs and benefits associated with several proposed strategies. Alternatives analysis should provide a sufficient level of technical analyses necessary to support an informed decision and concludes with the formal adoption of a Locally Preferred Alternative (LPA) and the request to enter Preliminary Engineering.

Preliminary Engineering (PE) -- takes the project from the planning stage to a level of design that allows a more accurate estimate of project costs and impacts. The results of PE provide the basis for subsequent funding and implementation decisions. A major objective of PE is to investigate the merits of all configurations and designs. These investigations require in-depth analysis of all components, their interrelationships, and their costs. Environmental reviews are also performed.

Final Design (FD) – takes the formalized concept and engineering development and finalizes them in the plans, specifications, and bid documents required for awarding the individual construction and equipment fabrication and installation contracts.

Construction – begins with the development, fabrication, or construction of the engineered design for the selected alternative and concludes with the delivery of the completed project. This phase includes the inspection, review, and checkout of the delivered project and concludes with the determination that the delivered project meets the engineering specification. The construction life cycle phase also includes:

o Integrated Testing – begins with activities to identify, plan and conduct tests to evaluate integration of the delivered and accepted project into planned revenue operations. This phase concludes with verified documentation of compatibility between system elements.

o Demonstration – begins with the identification and performance of tests, drills, exercises, and audits designed to verify the functional capability and readiness of the system as a whole, and concludes with verified documentation of readiness for revenue operations.

Operations – begins with the initiation of the completed project in service and concludes with the determination that the project has fulfilled its service requirements and must be replaced or removed from operations.

March 2009 4


A visual representation of FTA’s New Starts Planning and Development Process appears below:

FTA’s New Starts Planning and Development Process

1.2 Required Safety and Security Management Activities

In FTA’s Guidance Circular 5800.1, FTA requires grant recipients with new rail transit systems to perform the following activities:

Prepare Policy Statement. The recipient must develop a signed statement, issued by the recipient’s executive management, endorsing the SSMP and stating the project’s commitment to safety and security.

March 2009 5


Identify Safety and Security Interfaces. The recipient must identify who among the project team leadership has ultimate decision-making responsibilities for safety and security issues. The recipient must identify these people by names, titles, and departments or affiliations. The recipient must also explain how these people interface with other project team functions regarding safety and security issues.

Establish Safety and Security Organization. The recipient must establish a specific organization to manage safety and security for the project. The recipient must identify, by name, title, and department or affiliation, all staff and contractors assigned to this organization. In addition, for committees established to support this organization, the recipient must identify each committee member by name, with membership provided by title and affiliation. For all contractors, the recipient must identify a recipient staff member or committee responsible for overseeing the contractor. The recipient must also provide a visual illustration of its safety and security management organization in the form of an organizational chart.

Identify Specific Safety and Security Activities by Project Phase. The recipient must identify the specific safety and security management activities it will perform for the project by project phase. The recipient must establish a budget and schedule for these activities. At a minimum, the recipient must perform the following activities.

o The recipient must establish a program to identify and assess safety hazards and security vulnerabilities, using formal safety and security analysis techniques, as appropriate, throughout the project development process. The recipient must also have a process in place for documenting and tracking the action it takes to address the results of this analysis.

o The recipient must establish safety and security requirements for the project. The recipient must base these requirements on applicable safety and security codes, guidelines, and standards established by municipal, county, State, and Federal agencies and industry associations. The recipient may also consider previously used technical specifications, contracts, drawings, design criteria, and manuals (if available) and the recommendations of its staff, committees, and contractors. The recipient must also establish a process to verify that the final drawings, technical specifications, and contracts it issues for the project conform to its established safety and security requirements.

o The recipient must establish a process for verifying that contractors and recipient staff and committees build, install, inspect, and test all facilities, systems, and equipment comprising the project in accordance with the recipient’s adopted safety and security requirements, as reflected in the project’s technical specifications, drawings, and contracts.

o The recipient must develop documentation through which it conveys the safety, security, and emergency rules and procedures it establishes for the project to employees, contractors, and oversight agencies. Depending on the nature of the project, the recipient may develop or update safety, security, and emergency response plans, operating and maintenance procedures and manuals, and rulebooks for revenue operations.

March 2009 6


o The recipient must establish qualifications and training programs for all personnel who will operate and maintain the project in revenue service. The recipient must ensure that its qualification and training programs address the safety and security elements of plans, rules, operating procedures, emergency procedures, and manuals it establishes for the project.

o The recipient must ensure that documented verification is available to show how it trained and qualified its personnel and/or contractors to operate and maintain the project and to respond to emergencies. If applicable, the recipient must also train its local emergency response organizations regarding its operations, equipment, and emergency procedures.

o The recipient must maintain a process to manage open safety and security items, resulting from design deviations, change orders, non-conformances, and other sources. Throughout this process, the recipient must ensure that it identifies outstanding safety and security items, takes action to address them (through temporary measures, if necessary), and tracks the resolution of the items until final closure or acceptance.

o If applicable, the recipient must conduct emergency exercises or drills prior to placing the project into revenue service. The recipient must document the results in an after action report or equivalent document.

o The recipient must make final safety and security certification prior to the placement of the project in revenue service. If applicable, the recipient must document this certification in a Final Verification Report.

Ensure Construction Safety and Security. The recipient must develop an approach to construction safety and security that includes its requirements for contractors at construction sites. The recipient must ensure that it provides oversight of contractors, identifies any safety and security analyses that contractors must perform for the construction site, and uses applicable incentives for contractors.

Ensure Coordination with External Agencies. As appropriate, the recipient must identify required activities and develop schedules to ensure compliance with requirements specified by local and State agencies, and by other agencies, including State oversight agencies, as required by 49 CFR part 659, “Rail Fixed Guideway Systems; State Safety Oversight;” the Federal Railroad Administration (FRA), and the Department of Homeland Security (DHS), including the Transportation Security Administration (TSA), the Office of Grants and Training (OGT), and other DHS agencies as appropriate. In addition, the recipient must document coordination with the applicable metropolitan planning organization (MPO) for the purposes of ensuring consistency, compatibility, and an open line of communication with operators of the rest of region’s transportation infrastructure, as well as police, fire, and emergency services organizations.

March 2009 7


2.0 Safety and Security Management Plan (SSMP)

As specified in FTA’s Guidance 5800.1, to document the approach taken to perform the required safety and security activities, FTA requires each grant recipient to develop an SSMP that contains 11 sections:

Section 1: Management Commitment and Philosophy Section 2: Integration of Safety and Security into Project Development Process Section 3: Assignment of Safety and Security Responsibilities Section 4: Safety and Security Analysis Section 5: Development of Safety and Security Design Criteria Section 6: Process for Ensuring Qualified Operations and Maintenance Personnel Section 7: Safety and Security Verification Process (Including Final Safety and Security

Certification) Section 8: Construction Safety and Security Section 9: Requirements for 49 CFR part 659, Rail Fixed Guideway Systems; State

Safety Oversight Section 10: FRA Coordination Section 11: DHS Coordination

Specific requirements for each SSMP section are provided below.

1. SECTION 1: MANAGEMENT COMMITMENT AND PHILOSOPHY . FTA requires the first section of the SSMP to include the following:

a. Safety and Security Policy Statement . Provides a signed statement, issued by the recipient’s executive management, endorsing the SSMP and confirming the project’s commitment to safety and security.

b. Purpose of SSMP . Describes the SSMP as the document that will guide the recipient’s integration of safety and security into each phase of the project development process.

c. Applicability and Scope . Describes the applicability of the SSMP for all safety and security activities the recipient performs during the project development process. Rail transit agencies, as defined in 49 CFR 659.5 and commuter rail agencies, must clarify that the applicability of the SSMP extends to ensuring their compliance with State oversight agency and the Federal Railroad Administration (FRA) regulations and requirements, as applicable. All recipients must ensure that the applicability of their SSMPs extends to the resolution of any restrictions to full safety and security certification, even after the recipient has commenced revenue service.

d. SSMP Goal . Clarifies that the recipient will use the SSMP to ensure that the final project commenced into revenue service is safe and secure for passengers, employees, public safety personnel, and the general public.

2. SECTION 2: INTEGRATION OF SAFETY AND SECURITY INTO PROJECT DEVELOPMENT PROCESS. FTA requires the second section of the SSMP to include the following:

a. Safety and Security Activities . Identifies the safety and security tasks the recipient must perform for the project through all phases. Includes both a text description of the

March 2009 8


activities and a matrix listing these activities and their corresponding project phases. Recipients may prepare one matrix, combining safety and security activities by project phase, or separate matrices for safety and security.

b. Procedures and Resources . Identifies the procedures and resources that will support performance of safety and security activities throughout the project phases, including a project budget and schedule for safety and security activities, procedures for managing safety and security contractors, procedures for coordinating safety and security activities with other recipient staff and contractors, and procedures for managing sensitive security information (SSI).

c. Interface with Management . Identifies the process and lines of communication through which recipient staff will communicate safety and security issues to project leadership. The recipient must provide an organization chart. In the organization chart or supporting text, the recipient must: 1) identify who among the project team leadership has ultimate decision-making responsibilities for safety and security issues, 2) identify these individuals by names, titles and departments or affiliations, 3) explain how these individuals interface with other project team functions regarding safety and security issues, and 4) identify the relationships from project leadership to construction contractors and subcontractors regarding safety and security issues.

3. SECTION 3: ASSIGNMENT OF SAFETY AND SECURITY RESPONSIBILITIES . FTA requires the third section of the SSMP to include the following items:

a. Responsibility and Authority . Establishes a specific organization to perform the safety and security tasks the recipient identified in Section 2 of the SSMP. In documenting this organization, the recipient must identify, by name, title, and department/affiliation, all staff and contractors assigned to this organization. In addition, for committees established to support this organization, the recipient must identify each committee member by name, with membership provided by title and affiliation. The recipient must also provide an organization chart.

b. Committee Structure . Describes the organization and responsibilities of the different committees that the recipient plans to use for the project, including the Safety and Security Review Committee; the Fire/Life Safety Committee; the Safety and Security Change Review Board; and the Safety and Security Operations Review Committee, or other comparable committees.

c. Safety and Security Responsibilities Matrix . Presents the responsibilities and reporting relationships the recipient has established for recipient staff, committees and contractors performing the safety and security tasks in Section 2 of the SSMP. The recipient may provide separate matrices for safety and security authorities and responsibilities, or a single matrix. For all contractors, the recipient must identify a recipient staff member or committee responsible for overseeing the contractor.

4. SECTION 4: SAFETY AND SECURITY ANALYSIS . FTA requires the fourth section of the SSMP to include the following:

a. Approach to Safety and Security Analysis . Describes the recipient’s approach to the analysis of safety hazards and security vulnerabilities. The recipient must have a program in place to: (1) identify known hazards and vulnerabilities, (2) categorize them

March 2009 9


as to their potential severity and probability of occurrence, (3) analyze them for potential impact, and (4) resolve them by design, engineered features, warning devices, procedures and training, or other methods. The recipient must also identify the level of hazards and vulnerabilities the recipient’s project management finds acceptable.

b. Requirements for Safety and Security Analysis . Specifies the distinct types of safety and security analysis the recipient will perform during the project. The recipient must identify who will be performing these analyses and when they will be performed during the project. The recipient must also describe how its project personnel will communicate the results of these analyses to other members of the project team, and the process the recipient will use to assure resolution of identified hazards and vulnerabilities.

5. SECTION 5: DEVELOPMENT OF SAFETY AND SECURITY DESIGN CRITERIA . FTA requires the fifth section of the SSMP to include the following:

a. Approach to Development of Safety and Security Requirements and Design Criteria. Describes the project’s approach to creating suitable safety and security requirements and design criteria. The recipient must describe the resources, including standards prepared by such organizations as the American Public Transportation Association (APTA), the National Fire Protection Association (NFPA), Underwriters Laboratories (UL), etc., that it will use to develop its safety and security requirements. The recipient must also describe how its project personnel and contractors will use the safety and security requirements to develop safety and security design criteria and to identify safety and security certifiable elements. Finally, the recipient must explain its approach for ensuring that safety and security requirements and design criteria are included in the process to develop final specifications and contract documents for the project.

b. Design Reviews . Identifies how the recipient will address safety and security during design reviews to ensure that its project team incorporates the safety and security requirements into the final project design.

c. Deviations and Changes . Identifies the recipient’s procedures for ensuring that changes to safety and security design criteria are appropriately reviewed and approved by recipient personnel prior to adoption.

6. SECTION 6: PROCESS FOR ENSURING QUALIFIED OPERATIONS AND MAINTENANCE PERSONNEL. FTA requires the sixth section of the SSMP to include the following:

a. Operations and Maintenance Personnel Requirements . Identifies the number of personnel and their specific job classifications required to operate and maintain the project in revenue service. Also, specifies the qualifications and core competencies, required by job classification, for these personnel to ensure their abilities to provide safe and secure service and to respond to emergencies. Recipients must place special emphasis on the requirements for front-line personnel (i.e., operators, supervisors, station attendants, and maintenance personnel).

b. Plans, Rules and Procedures . Identifies, by name, the specific safety, security and emergency plans, rules, procedures, and manuals that the recipient will develop or revise. Also provides a schedule.

March 2009 10


c. Training Program . Lists the elements of training the recipient will provide to employees, by job classification, to ensure their capabilities to provide safe and secure service and to respond effectively to emergencies. Also, the recipient must provide a schedule for the development and offering of this training and for the completion of any qualifications or certifications the recipient requires for employees. The recipient must maintain evidence of personnel training and qualifications/certifications.

d. Emergency Preparedness . Identifies any exercises, drills, tabletops, or other activities that the recipient will perform to ensure the readiness of the project. Also explains how the recipient will assess and document the results (i.e., after action report or equivalent document).

e. Public Awareness . Identifies programs that support the recipient’s commitment to ongoing, comprehensive public awareness, for both security awareness (such as the Transit Watch Program) and emergency preparedness (such as emergency evacuation instructions to riders).

7. SECTION 7: SAFETY AND SECURITY VERIFICATION PROCESS (INCLUDING FINAL SAFETY AND SECURITY CERTIFICATION). FTA requires the seventh section of the SSMP to include the following:

a. Design Criteria Verification Process . Describes the process the recipient will use to verify that the technical specifications, drawings, and contract documents for the project conform to the recipient’s safety and security requirements and design criteria. The recipient will also explain its approach to ensure that all required inspections and tests are incorporated into project test plans.

b. Construction Specification Conformance Process . Describes the process the recipient will use to verify that elements of the project provided under construction, procurement, and installation contracts conform to the safety and security components of the recipient’s technical specifications, drawings, and contract documents.

c. Testing/Inspection Verification . Describes the process the recipient will use to verify that the as-built (or delivered) configuration contains the safety and security related requirements identified in the recipient’s technical specifications, drawings, and contract documents. Includes recipient programs for contractual testing, systems integration testing, and pre-revenue operations testing.

d. Hazard and Vulnerability Resolution Verification . Describes the process the recipient will use to verify that project personnel and contractors have appropriately identified, categorized, and resolved hazards and vulnerabilities to a level acceptable by management.

e. Operational Readiness Verification . Describes the process the recipient will use to verify that project personnel and contractors developed plans, rules, procedures, manuals, and training and qualification programs in conformance with the recipient’s safety and security requirements. The recipient must also explain its process for ensuring the qualification and readiness of operations and maintenance personnel.

f. Safety and Security Certification Requirements . Describes the process the recipients will use to deliver final certification that the project is safe and secure for passengers,

March 2009 11


employees, public safety personnel, and the general public, including the individual certificates the recipient will issue for each of the specific elements to be verified.

8. SECTION 8: CONSTRUCTION SAFETY AND SECURITY . FTA requires the eighth section of the SSMP to include the following:

a. Construction Safety and Security Program Elements . Describes the recipient’s program for construction safety and security. The recipient must include its requirements for contractors, including the plans and reports the contractor must submit to the recipient. The recipient also must include the activities it will perform to track and manage contractor construction safety and security programs and plans.

b. Construction Phase Hazard and Vulnerability Analysis . Describes the recipient’s requirements for safety and security analysis at construction sites. The recipient must describe its approach for identifying and mitigating hazards or threats unique to the construction phase.

c. Safety and Security Incentives . Describes any incentives the recipient may provide for the construction safety and security program.

9. SECTION 9: REQUIREMENTS FOR 49 CFR PART 659, RAIL FIXED GUIDEWAY SYSTEMS; STATE SAFETY OVERSIGHT. FTA requires the ninth section of the SSMP to describe activities the recipient will perform to coordinate with its State oversight agency throughout the project development process. FTA only requires this section for recipients with major capital projects undertaken for rail transit agencies as defined in 49 CFR 659.5. These recipients must identify the specific State oversight agency requirements applicable for their major capital projects and the activities they will perform to address these requirements and coordinate with their State oversight agencies. These recipients must also provide a schedule for the activities they will perform to ensure compliance with State oversight agency requirements. If the State oversight agency has authorities that exceed 49 CFR part 659 minimum requirements, then the recipient must also explain its approach for addressing these additional authorities.

10. SECTION 10: FRA COORDINATION . FTA requires the tenth section of the SSMP only for those recipients that propose to share track with one or more FRA-regulated railroads or that will operate on the general railroad system. In this section, these recipients must identify the activities they will perform to comply with FRA regulations and provide a schedule for the performance of these activities. If the recipient plans to file for FRA waivers, then the recipient should also describe its process and schedule for filing these waivers. Recipients with commuter or passenger railroads, regulated by FRA, must also describe their process for developing or updating a System Safety Program Plan and submitting it to FRA for review and approval. The recipient’s System Safety Program Plan must conform to the American Public Transportation Association (APTA) “Guidelines for the Development of Commuter Rail System Safety Program Plans.” In addition, the recipient must submit for FRA review and approval plans for the completion of a collision/derailment hazard analysis that conforms to the hazard management process in the approved SSPP or the “Draft FRA Guide to Collision/ Derailment Hazard Analysis.”

11. SECTION 11: DHS COORDINATION . FTA requires the eleventh section of the SSMP to address how the project will meet Department of Homeland Security (DHS) requirements, including the applicable security directives issued by the Transportation Security

March 2009 12


Administration (TSA) and other programs managed by the Office of Grants and Training (OGT). The recipient must identify the activities it will perform and provide a schedule. If the recipient has any concerns regarding the potential for conflict between DHS/TSA/OGT and FTA/PMOCs, the recipient should document them in this section.

3.0 SSMP Checklist

FTA uses a checklist to organize its evaluation of the grant recipient’s SSMP. This checklist also assists grant recipients in preparing their SSMPs. This checklist specifies the following:

Section Number Section Title (by Checklist Item) Specific Requirements Applicability (in the event FTA has waived a certain requirement for a specific grant

recipient. Reference and Assessment (where the reference is addressed in the grant recipient’s

SSMP and if the grant recipient’s approach adequately meets FTA requirements)

March 2009 13


FTA’s SSMP Review Checklist

No. Checklist Item Plan Requirements Applicable (?) Reference & Assessment

1.1 Safety and Security Policy Statement

A Safety and Security Policy Statement is developed for the Safety and Security Management Plan (SSMP).

The policy statement endorses the SSMP and confirms the project’s commitment to safety and security throughout all project development phases.

The policy statement is signed by the grant recipient’s executive leadership.

1.2 Purpose of SSMP The SSMP implements the Safety and Security Policy Statement.

The SSMP identifies the grant recipient’s management structure and activities to be performed to integrate safety and security into all phases of the project development process.

1.3 Applicability and Scope

The SSMP applies to all project development activities through preliminary engineering, final design, construction, integrated testing, demonstration, and the initiation of operations.

Depending on the nature of the project, this scope may encompass the following:

o System-wide Elements, o Fixed Facilities, o Safety, Security, System Assurance,

Operational, and Maintenance Plans and Procedures, and

o Personnel Qualifications, Training and Drills/Exercises.

As applicable, the SSMP also includes activities to ensure compliance with requirements specified by the State Safety Oversight Agency (49 CFR Part 659) and/or the Federal Railroad Administration (FRA), and/or the Department of Homeland Security, including the Transportation Security Administration (TSA) and the Office of Grants and Training (OGT).

1.4 SSMP Goal Ensures that the final project initiated into revenue service is safe and secure for passengers, employees, public safety personnel, and the general public through a

March 2009 14



formal program of safety and security certification.

Describes how the grant recipient’s executive leadership has designated personnel and committees with the responsibility:

o to establish safety and security requirements for the project;

o to ensure that the design, acquisition, construction, fabrication, installation, and testing of all critical elements of the project will be evaluated for conformance with the established safety and security requirements;

o to verify operational readiness; and o to ensure that a mechanism is

provided to follow to completion the resolution of any restrictions to full safety and security certification.

2.1 Safety and Security Activities

Identifies the specific safety and security tasks that must be performed for the project through all phases.

Includes both a text description of the activities and a matrix listing these activities and the project phases during which they will be performed.

o One matrix may be prepared that combines safety and security activities by project phase, or separate matrices may be developed.

2.2 Procedures and Resources

Identifies the procedures and resources that will support performance of safety and security activities throughout the project phases.

Includes procedures for the management of sensitive security information (SSI).

2.3 Interface with Management

Identifies the process and lines of communication by which safety and security issues will be communicated to senior management and used by senior management in decision-making.

An organization chart showing the grant

March 2009 15



recipient’s project management team and key points of interface regarding safety and security issues must also be provided.

The organization chart shall identify the relationships from the safety and security staff and organizations to construction management, project management, and executive management.

3.1 Responsibility and Authority

Identifies, by title and department, all staff, contractors, and committees assigned to manage the safety and security activities specified in Section 2 of the SSMP.

o Each individual staff member must be identified by title and affiliation.

o Each committee must be identified by name and acronym, with membership provided by title and affiliation.

o For each authority delegated to a contractor, the grant recipient individual or committee responsible for oversight must be shown.

o An organization chart must be provided.

3.2 Committee Structure Describes the organization and responsibilities of the different safety and security committees , including

o Safety and Security Review Committee;

o Fire/Life Safety Committee; o Safety and Security Change Review

Board; o Safety and Security Operations

Review Committee;o Other comparable committees.

3.3 Safety and Security Responsibilities Matrix

Presents the responsibility and reporting relationships for safety and security in the form of a matrix.

o Separate matrices may be used for safety and security authorities and responsibilities, or a single matrix may be used.

March 2009 16



o Individuals having authority for safety or security functions who are not part of the grant recipient staff must report to a member of that staff who is responsible for that safety or security function.

4.1 Approach to Safety and Security Analysis

Describes the grant recipient’s approach to the analysis of safety hazards and security vulnerabilities.

Known hazards and vulnerabilities must be: o Identified and categorized for their

potential severity and probability of occurrence,

o analyzed for potential impact, and o resolved by design, engineered

features, warning devices, procedures and training, or other methods.

4.2 Requirements for Safety and Security Analysis

Specifies the distinct types of safety and security analysis to be performed during the specific phases of the project.

Describes the mechanism for communicating analysis results throughout the project team.

Describes the process for assuring the resolution of identified hazards and vulnerabilities.

5.1 Approach to Development of Safety and Security Design Criteria

Describes the project’s approach to creating suitable safety and security design criteria.

Identifies the resources, including standards prepared by such organizations as the American Public Transportation Association (APTA), the National Fire Protection Association (NFPA), Underwriters Laboratories (UL) and others that the grant recipient will use to develop safety and security requirements.

Explains how the grant recipient will identify safety and security certifiable elements and

March 2009 17



how identification of these elements will guide the development of safety and security design criteria.

Ensures that the final specifications and contract documents for the project will result in design that meets the grant recipient’s requirements for safety and security and addresses the certifiable elements.

5.2 Design Reviews Identifies how safety and security activities will be addressed during design reviews to ensure incorporation of safety and security requirements into the final project design.

5.3 Deviations and Changes

Identifies procedures for ensuring that changes to safety and security design criteria are appropriately reviewed and approved prior to adoption.

6.1 Operations and Maintenance Personnel Requirements

Identifies the number of personnel and their specific job classifications required to operate and maintain the project in revenue service.

Specifies the qualifications and core competencies, required by job classification, for these personnel to ensure their abilities to provide safe and secure service and to respond to emergencies.

Emphasizes special needs of front-line personnel (i.e., operators, supervisors, station attendants, and mechanics).

6.2 Plans, Rules and Procedures

Identifies by name the specific safety, security and emergency plans, rules, procedures, and manuals to be developed for operations and maintenance personnel, and also provides a schedule for their development.

6.3 Training Program Lists the elements of training to be provided to employees, by job classification, to ensure their capabilities to provide safe and secure service and to respond effectively to emergencies.

Provides a schedule for the development and offering of this training, and for completion of any qualifications or certifications required by employees.

Ensures the availability of documented evidence of personnel training and qualifications/certifications.

6.4 Emergency Preparedness

Identifies any exercises, drills, tabletops or other activities that will be performed to ensure

March 2009 18



the readiness of the project placed in revenue service to respond to emergencies, and how the results of these activities will be assessed (i.e., after action report or equivalent document).

6.5 Public Awareness Identifies programs that support a commitment to on-going comprehensive public awareness, for both security awareness (such as the Transit Watch “eyes and ears” program) and emergency preparedness (such as emergency evacuation instructions to riders).

7.1 Design Criteria Verification Process

Describes the process used by the grant recipient to verify that safety and security design criteria have been addressed in project specifications and contract requirements and that all required inspections and tests have been incorporated into project test plans.

7.2 Construction Specification Conformance Process

Describes the process used to ensure that elements of the system provided under construction, procurement and installation contracts conform to the specifications.

7.3 Testing / Inspection Verification

Describes the process used to ensure that the as-built (or delivered) configuration contains the safety- and security-related requirements identified in the specifications and other contract documents.

7.4 Hazard and Vulnerability Resolution Verification

Describes the process used to ensure that safety and security design criteria and safety and security analysis have effectively identified, categorized and resolved hazard and vulnerabilities to a level acceptable by management.

7.5 Operational Readiness Verification

Describes the process used to ensure that rules and procedures are developed to effectively incorporate all safety and security requirements specified during design and identified through safety and security analysis. This includes the process to ensure that the project has provided training to personnel and is using qualified and capable operations and maintenance personnel to initiate revenue service.

7.6 Safety and Security Certification

Describes the requirements that must be met

March 2009 19



Requirements to deliver final certification that the project is safe and secure for passengers, employees, public safety personnel, and the general public, including individual certificates issued for specific elements to be verified.

8.1 Construction safety and Security Program Elements

Describes the requirements to be implemented by contractors and reports to be received by the grant recipient’s management for implementing and tracking construction safety and security programs and plans.

8.2 Construction Phase Hazard and Vulnerability Analysis

Describes the analyses that must be done to identify and resolve or mitigate hazards or threats and vulnerabilities that may be unique to the construction phase.

8.3 Safety and Security Incentives

Describes any incentives that may be in place to support implementation of the construction safety and security program.

9.1 Activities Identifies the activities that must be performed by the grant recipient to comply with State Safety Oversight Agency (SSOA) requirements implementing 49 CFR Part 659.

If the SSOA has authorities that exceed 49 CFR Part 659 minimum requirements, this section must also explain the grant recipient’s approach for addressing these additional authorities.

9.2 Implementation Schedule

Provides an implementation schedule regarding the performance of activities required to meet SSO agency requirements.

9.3 Coordination Process Describes the processes to be used to communicate and coordinate with the SSOA.

Identifies by title and name the grant recipient’s primary point of contact working with the SSOA.

10.1

Activities Identifies the activities to be performed by grant recipients with projects that propose to share track with one or more FRA-regulated railroads or that will operate on, connected with, or share a corridor with, the general railroad system.

Identifies whether the grant recipient will be requesting waivers from FRA regulations or if they will be complying with them.

o Each FRA regulation must be identified and the grant recipient’s activity regarding that regulation must

March 2009 20



be specified.10.2

Implementation Schedule

Provides a schedule regarding the grant recipient’s activities to comply with FRA regulations or to meet requirements for FRA waivers.

10.3

Coordination Process Describes the processes to be used to communicate and coordinate with FRA.

Identifies by title and name the grant recipient’s primary point of contact working with FRA.

11.1

Activities Identifies the activities to be performed by grant recipients to meet requirements and programs managed by DHS agencies, including the applicable Security Directives issued by TSA.

11.2

Implementation Schedule

Provides a schedule regarding the grant recipient’s activities to comply with DHS requirements and programs.

11.3

Coordination Process Describes the processes to be used to communicate and coordinate with DHS.

Identifies the grant recipient’s primary point of contact working with DHS.

March 2009 21

Section 1: Management Commitment and Philosophy

The grant recipient should demonstrate its commitment and philosophy to actively sustain safe and secure transit operations.


4.0 In-Depth Guidance on SSMP Development

4.1 Management Commitment and Philosophy

The first section of the SSMP should explain how the grant recipient’s leadership is committed to safety and security throughout the project. It should also describe the grant recipient’s philosophy regarding the purpose, scope, and goals for the project’s safety and security management activities. FTA’s suggested outline for this section includes:

1.1 Safety and Security Policy Statement : Provides a signed statement -- issued by the grant recipient’s executive leadership -- endorsing the SSMP and explaining the project’s commitment to safety and security.

1.2 Purpose of SSMP : Describes the grant recipient’s intention to use the SSMP to support the integration of safety and security into the project development process and ensure their consideration throughout this process.

1.3 Scope of SSMP : Describes the applicability of the SSMP to all project development activities through preliminary engineering, final design, construction, integrated testing, demonstration, and operations.

1.4 SSMP Goal and Objectives : Identifies the grant recipient’s intention to use the SSMP to ensure that the final project implemented into revenue service is safe and secure for passengers, employees, public safety personnel, and the general public.

4.1.1 Safety and Security Policy Statement

Grant recipient commitment should flow from a Safety and Security Policy Statement established for the project. The policy statement provides the overall intentions and direction of the grant recipient’s organization regarding safety and security for the project. The policy statement should be in letter or memorandum format and signed by the grant recipient’s chief executive officer. Typically, policy statements for safety and security include the following commitments:

safety and security are top priorities for the project; levels of acceptable risk have been established for the project, and will be used to guide

engineering, verification and operational readiness activities performed to bring the project into revenue operations;

resources are committed to address safety and security at a level commensurate to their importance in the project;

all employees, contractors, sub-contractors, managers and supervisors have a responsibility for ensuring the safety and security of the project;

procedures have been developed, and training has been provided, to ensure that employees, contractors, managers and supervisors understand their safety and security responsibilities;

managers and supervisors, both within the grant recipient organization, and in supporting contractor and sub-contractor organizations, will ensure the implementation of the established safety and security procedures; and

March 2009 22


opportunities for continuous improvement in safety and security throughout the project will be identified and evaluated as appropriate.

This sub-section should introduce and reference the grant recipient’s policy statement. A sample policy statement appears below.

Sample Safety and Security Policy Statement

It is the policy of [insert name of grant recipient] that [insert name of project] be designed and constructed in full compliance with requirements for safety and security established by the Federal Transit Administration (FTA), [insert name of grant recipient], and other local, State and Federal agencies. Safety and security are to be priorities in conducting all work on the [insert name of project] to ensure the safety and security of employees, the public, and emergency responders during the design, construction, and operation of the project.

[Insert name of grant recipient] is committed to ensure that [insert name of project] fully complies with the safety and security requirements contained in the design criteria and standards established for [insert name of project]. The [insert name of project] will not be placed into passenger service until it can be certified be safe and secure as specified in the [insert name of grant recipient]’s Safety and Security Certification Program and Plan.

All persons assigned to conduct work on the [insert name of project] are required to comply with the requirements of this Safety and Security Management Plan as well as the Plans, Procedures, and Instructions referenced by this Plan. The [insert title of grant recipient manager assigned to safety and security] has been assigned the authority to ensure that the requirements of this Plan are implemented properly by all project participants. The [insert name of grant recipient manager assigned to safety and security] will bring any safety and security issues on the project that are not being resolved in a timely or acceptable manner to the attention of the [insert name of grant recipient] Project Director for resolution.

Signed:________________________________ Date:___________Matthew O. Tucker, Director

Virginia Department of Rail and Public Transportation

4.1.2 Purpose of SSMP

This sub-section should state that the grant recipient’s SSMP documents the management philosophy for implementing the Safety and Security Policy Statement, including activities to establish safety and security requirements for the project and to facilitate their integration into the project development process. This sub-section should also clarify that the grant recipient’s executive leadership has designated personnel with the responsibility to ensure that the design, construction, installation, and testing of all critical system elements of the project will be evaluated for conformance with the established safety and security requirements, and that operational readiness will be verified prior to the initiation of the project into service.

March 2009 23


Personnel designated to carry out the Safety and Security Policy Statement may be referred to as Designated Functions or DFs for Safety and Security, and may be the same throughout the project or may change in different project phases. Finally, this sub-section should indicate that, while the grant recipient’s executive leadership has designated responsibility for SSMP development and maintenance to the DFs, its execution will be the responsibility of the entire project team.

4.1.3 Scope of SSMP

In this sub-section, the grant recipient should clarify that the SSMP applies to all project development activities through preliminary engineering, final design, construction, integrated testing, demonstration, and operations. Depending on the nature of the project, this scope may encompass the following:

System-wide Elements – which may include passenger vehicles, catenary, traction power, train control system, voice and data communications, CCTV, grade crossing and traffic control systems, intrusion detection systems, traction power substations, central instrument houses, track, fare collection, supervisory and data acquisition control systems, fire protection and suppression systems, and auxiliary vehicles and equipment.

Fixed Facilities - which may include stations and shelter stops, pedestrian bridges, yards and shops, structures, and the control center. Equipment installed in these fixed facilities, such as HVAC, escalators, elevators, lighting etc., is considered part of the facility.

Safety, Security, System Assurance, Operational, and Maintenance Plans and Procedures - which may include items such as System Safety and System Security Program Plans, Emergency Response Plans, training programs, operating rules and procedures, and emergency operating rules and procedures.

4.1.4 SSMP Goal and Objectives

This sub-section should state that the grant recipient’s overarching goal in implementing the SSMP is to ensure that the final project placed into revenue service is safe and secure for passengers, employees, public safety personnel, and the public. Sub-goals that further support the overarching goal are to provide:

clear determinations regarding acceptable safety and security risks, articulated in policy by the project’s executive management team;

verification that an acceptable level of safety and security is designed into the transit project;

consistent evaluation of safety and security risk throughout the project development process; and

consistent application of safety and security verification activities to support initiation of the project into revenue service.

This sub-section should also clearly identify the objectives of the SSMP to meet the established goal(s), which, at a minimum:

March 2009 24

Section 2: Integration of Safety and Security into the Project Development Process

The grant recipient should explain its approach for the integration of the safety and security function during design, construction, testing, and start-up phases of the project.


establish criteria for acceptable levels of risk, signed-off by the grant recipient’s top management, to guide the review and evaluation of safety and security issues throughout the project;

provide mechanisms for the formal identification, consideration, elimination or control of hazards and vulnerabilities to passengers, employees, contractors, emergency responders, and the general public;

verify that appropriate codes, guidelines and standards have been reviewed to provide a basis for safety and security considerations in the design criteria and that design criteria conformance checklists have been developed and implemented to document this review;

verify that appropriate specifications and drawings are in conformance with the design criteria and that design conformance checklists have been appropriately developed, completed, and certified;

verify that contract deliverables (facilities, systems and equipment) are reviewed against the contract specifications and drawings (including all engineering changes) for compliance with safety and security requirements, using checklists to document construction specification conformance;

validate the necessary tests and safety plans, safety-related operating and maintenance procedures and training, and the rule book to ensure safety and security for operational service; and

verify the emergency preparedness and operational readiness of the project initiated into revenue service.

4.2 Integration into the Project Development Process

Section 2 of the SSMP focuses on how the grant recipient’s project leadership will address safety and security in all project activities. In this section, the grant recipient should specify that its approach will ensure:

identification of all safety and security tasks that must be performed throughout the project;

designated project personnel with responsibility for safety and security;

assignment of resources for the performance of specified safety and security activities; and

development of policies and procedures that require management review and evaluation of safety and security activities.

The objective of this approach is to provide assurances that risk management, safety and security analysis, and corresponding verification requirements will be applied to the grant recipient’s project, and that the results will be tracked through to acceptance or resolution throughout the project life cycle. A suggested outline for this section includes:

March 2009 25


2.1 Safety and Security Activities Matrix : identify all safety and security activities that must be performed for the project during preliminary engineering, final design, construction, integrated testing, demonstration and operations.

2.2 Procedures and Resources : identify procedures and resources that will support performance of safety and security activities throughout the project development process.

2.3 Interface with Management : identify the process through which the results of safety and security activities will be coordinated with both the grant recipient’s executive leadership and the Project Management Plan (PMP) for review and decision-making.

4.2.1 Safety and Security Activities Matrix

In this sub-section, the grant recipient should provide a matrix that identifies safety and security activities that must be performed during the various phases of the projects. The matrix does not have to be exhaustive in detail, but is intended to be representative of the safety and security tasks and the phases during which they should occur.

Figure 8 provides a sample matrix. Activities are identified in the approximate order in which they would occur in a New Starts project. They are further categorized as “management” or “engineering” functions. This type of categorization supports early identification of which project staff and resources can provide activities to support the overall program.

4.2.2 Procedures and Resources

This sub-section should describe the formal management system, established and maintained by the grant recipient, to ensure that project safety and security goals and objectives are satisfied. This management system should extend to the grant recipient's contractors and suppliers as appropriate.

This sub-section should clarify that written procedures and instructions will be developed for activities affecting safety and security in design, procurement, manufacturing, and construction as applicable to the work performed. Procedures and instructions should be developed to guide the preparation and management of critical safety and security documents and activities, as depicted in Figure 1.

These procedures should contain a statement of the purpose and scope, and should contain any references to appropriate codes, standards, or specifications. In developing these procedures, consideration should be given to identifying and acquiring any special equipment, skills, or capabilities needed to ensure their performance. The procedures and instructions should also contain formats for the records needed to ensure that the procedures and instructions are followed and documentation requirements are understood.

March 2009 26


Figure 1: Sample Safety and Security Activities Matrix

TASK TaskType PE FD CO

N

IN T

ST

DEM

OPS

Develop Safety and Security Policy Statement MGT Establish Designated Function (DF) for Safety and Security throughout the Project MGT

Develop Safety and Security Management Plan MGT Establish Safety and Security Committees MGT Create Safety and Security Responsibilities Matrix MGT Develop Safety and Security Certification Program Plan MGT/ENG Develop and Implement Hazard and Vulnerability Resolution and Tracking System MGT/ENG Prepare Preliminary Hazard and Vulnerability List MGT/ENG Identify Safety and Security Certifiable Elements ENG/MGT Establish Safety and Security Certifiable Items List ENG Establish Safety and Security Configuration Management ENG Create Safety and Security Certification Project Folders MGT Perform Preliminary Hazard Analysis and Threat and Vulnerability Analysis ENG Prepare Safety and Security Design Criteria ENG Perform Safety and Security Review of Preliminary Operations and Maintenance Procedures MGT Perform Safety and Security Design Reviews & Additional Hazard and Vulnerability Analysis ENG/MGT

Develop Design Criteria Conformance Checklists ENG Complete Design Criteria Conformance Checklists ENG Develop Test and Evaluation Requirements ENG Develop Specification Conformance Checklists ENG Complete Specification Conformance Checklists ENG Issue Notices and Occupancy Permits MGT Issue Certificates & Complete Folders MGT Complete Integrated Tests ENG Review of Engineering Change Orders & Waivers MGT/ENG Complete Operational Readiness Review MGT/ENG Perform Final Safety and Security Compliance Assessment MGT/ENG

Issue Final Safety and Security Certification MGT Issue Final Safety and Security Verification Report MGT

MGT = ManagementENG = Engineering

PE = Preliminary EngineeringFD = Final DesignCON = Construction

IN TEST = Integrated TestingDEM = DemonstrationOPS = Operations

Checks () indicate the initiation of the activity, and shaded arrows () indicate on-going performance.

In this sub-section, the grant recipient should also identify procedures in place to support configuration management for the control and dissemination of project documents. For example,

March 2009 27


a Document Control Center may be established for the project to distribute copies and maintain master files, including completed hazard analysis documents, test reports, design criteria and technical specifications, field inspection reports, and other safety/security-related documents. This sub-section should also identify the creation of related procedures for change control, indicating that the safety and security DFs are appropriately integrated into the procedures used to request waivers from design criteria and to manage design changes.

Finally, in this sub-section, the grant recipient should also identify the resources allocated to address safety and security activities for the project. These resources may include personnel (i.e., the DFs for Safety and Security, supporting analysts, engineers, etc.), designated safety and security committees, and dedicated equipment, facilities, software, and/or contractor services.

4.2.3 Interface with Management

This sub-section should describe how the grant recipient’s Project Manager (PM) and leadership team will ensure that safety and security are addressed in keeping with the Safety and Security Policy Statement and developed plans, procedures and specified activities.

Project personnel who have responsibility for ensuring or controlling safety and security should be identified and their interrelationships with project management defined. These relationships should be shown on an organization chart. In particular, the personnel should be identified who have responsibility to initiate action to prevent safety and security problems, to identify and record safety hazards and security vulnerabilities, to initiate solutions through appropriate channels, and to verify implementation of solutions to safety and/or security problems.

Those personnel responsible for assuring safety and security should be independent of those having direct responsibility for the work being performed. This can be accomplished satisfactorily if those ensuring or controlling safety and security report on a level higher than those having direct responsibility for the work.

Interface with the PM for safety and security issues may occur through regularly scheduled meetings with committees established for this purpose. For example, the project may establish a Safety Committee, a Security Committee, a Fire/Life Safety Committee and a Safety/Security Change Review Committee. This sub-section should describe how the designated safety and security functions, supporting contractor resources, and the established committees work with the PM and each other through the project to manage safety and security activities throughout the project.

Critical interfaces to be considered include how safety and security activities will be coordinated with the following project elements:

Project Management Plan – to ensure that safety and security activities are among the key activities identified for the project and to support review by FTA and the Project Management Oversight (PMO) Program.

Project Solicitations (Request for Proposal [RFP], Invitation for Bid [IFB], other procurement vehicle) – to identify activities to be performed by the project contractors to ensure that safety and security are designed into the system and delivered in the project received by the agency.

March 2009 28


Project Evaluation and Award Process – to assess the quality of contractors’ responses to the safety and security activities identified in the Solicitation and to request additional activities (if necessary) during negotiation of final contract.

Project Contracts – to provide legal and administrative documentation of the safety and security activities to be performed by the contractor.

Quality Control/Quality Assurance Program – to ensure that activities performed for the project’s quality management system incorporate safety and security requirements and that the results, in each project phase, are accessible to the designated safety and security functions.

Engineering and Inspection Services – to perform safety and security analysis, to perform or witness specific tests, and to provide technical expertise in specific project areas (software safety, electrification, etc.).

Design Criteria Manuals – to ensure that safety and security requirements are clearly identified in the manuals and other references used to develop the preliminary and final designs and to prepare specifications.

Project Milestone Schedule, including Design Reviews – to ensure that requirements to address safety and security are tied to project advancement and contractor payment.

Project Testing Program Plan (TPP) – to ensure performance of all tests necessary to verify that the delivered project complies with approved project specifications and that appropriate supporting verification documentation is filed with the safety and security certification program.

Operational Readiness Reviews – to ensure that safety and security are addressed in operating and maintenance manuals and rules, standard and emergency operating procedures, training, and work-arounds and other activities developed to address change orders and deviations from the approved design during construction.

Auditing Services – to ensure that contractors and others are following criteria, safety and security testing and acceptance standards, and safety and security management practices.

Figure 2 provides a visual illustration of the activities to be performed to effectively integrate safety and security into the project development process. At each stage in this process, those personnel designated to manage safety and security activities must have access to and support from the PM. Other critical partnerships should be established with procurement, project engineering, inspection and auditing functions, the operations and maintenance group, and the quality control/quality assurance program.

March 2009 29


Figure 2: Integration of Safety and Security into Project Development Process

March 2009 30


March 2009 31

SAFETY AND SECURITY IN PROJECT DEVELOPMENT PROCESSSafety and Security

Management Activities

Design, Construction, Integrated Testing and Demonstration

ActivitiesSafety and

Security Policies and Procedures

SSMP and Project Safety/Security

Certification Plan

Certifiable Elements List and

SCIL

RISKTOLERANCES

Certifiable Items Checklists

Design Reviews Design

Verification

Compliance Documentation

Test Results

Rules, SOPs and Manuals

Final Safety/Security

Verification Report

Safety and Security Design Criteria and Design Manuals

Project Management

Plan

Codes andStandards Transit

Experience

Contractual Requirements

Contract Specifications and Drawings

Integrated Testing

and Operating Requirements

Design Reviews Inspections

Contract Submittals

CHANGE ORDERS

Test Plans and Procedures

Safety and Security

Acceptance

Review

Safe

ty a

nd S

ecur

ity

Anal

ysis

Qua

lity

Assu

ranc

e Pr

ogra

m

Cons

truc

tion

ProjectAcceptanc

eReview

Section 3: Assignment of Safety and Security Responsibilities

The grant recipient should document its assignment of organizational safety and security responsibilities for the project.


4.3 Assignment of Safety and Security Responsibilities

This section of the SSMP should describe the project’s approach to designating personnel to manage the specific activities identified in Section 2. A suggested outline for this section includes:

3.1 Responsibility and Authority : Identify where authority resides for implementing the SSMP.

3.2 Committee Structure : describe the organizational and management mechanisms used by the project to ensure the performance of safety and security activities throughout all project development life cycle phases.

3.3 Safety and Security Responsibilities Matrix : identify specific responsibilities for the performance of safety and security activities.

4.3.1 Responsibility and Authority

To clarify responsibility and authority, this sub-section of the SSMP should explain that safety and security activities have been identified and assigned to specific project personnel over the life cycle of the project. In this sub-section, the authority of designated project personnel to address safety and security issues and to report to the grant recipient’s management should be clarified. Figure 3 below provides a description of the different types of authority, responsibilities and activities typically required to address safety and security in a major capital project.

Initiating Authority comes from the project’s executive leadership. This authority is typically delegated to other participants for actual execution. However, the initiating authority ensures that the safety and security effort will have personnel, resources and access to contractor or sub-contractor support. These assurances are critical to the ultimate success of the safety and security activities for the project

Implementation Authority for safety and security ultimately rests with the Program Manager (PM). The PM has overall accountability for the project and its various elements, including safety and security.

Day-to-Day Safety and Security Authority rests with the Designated Function (DF) for Safety and Security. Due to the extended time frame of most major capital projects, this authority may reside with different project personnel throughout design, construction, integrated testing and demonstration.

Throughout the project, Advisory Authority for safety and security typically rests with committees established to review the overall safety and security program, to provide technical assistance, to coordinate with external agencies, such as the fire department, city building officials, and law enforcement, and to evaluate specific activities and outcomes. For most major capital projects, advisory authority rests with the Safety Review Committee, Security Review Committee, and Fire/Life Safety Committee.

March 2009 32


Figure 3: Authority, Responsibilities and Activities for Safety and Security

Program Authority

Responsibility Activities

Initiating Authority

Grant recipient Executive Leadership

Executive Director/General Manager

Board of Directors

Develops Safety and Security Policy Statement Authorizes Safety and Security Designated Function (DF) Authorizes Safety and Security Activities for Project Provides Resources and Staffing Authorizes the Use of Contractors and Sub-Contractors to

Support Safety and Security Activities Establishes Risk Tolerances to Define the Level of Safety and

Security to be Designed into the Project and to Verified in the Completed Project

Implementation Authority

Project Manager (PM) Develops Project Management Plan (PMP) Submits Safety and Security Management Plan (SSMP) Implements/Delegates Responsibility for Implementation of SSMP Management of Design Reviews, Construction Reviews and

Operational Readiness Reviews Ultimate Approval Authority for Safety and Security Activities Resolution of Conflicts Regarding Safety and Security

Issues/Concerns during Design, Construction, Integrated Testing, and Demonstration

Day-to-daySafety and Security Authority

Designated Function for Safety and Security (DF)

Develops System Safety and Security Programs, Plans and Procedures

Develops Safety and Security Certification Program and Plan Identifies Safety and Security Certifiable Elements and Items Performs Hazard and Vulnerability Analysis Prepares Comparative Assessments Recommends Alternatives Develops Safety and Security Requirements Identifies Tests and Integration Standards Participates in Design Reviews Develops Design Verification Forms Certifies Design Verification Develops Construction Conformance Forms Certifies Construction/Installation, Assembly, and/or

Vehicle/System Conformance Develops and Oversees Construction Safety and Security Plan Participates in Construction/Acceptance Reviews Issues Notices and Permits Performs/Observes/Evaluates Testing and Acceptance Performs/Observes/Evaluates Integrated Testing Observes Re-tests and the Resolution of Open Items Participates in/Develops Training, Procedures, Staff Certifications,

and Exercises Evaluates Operational Readiness Program Certifies Operational Readiness Program Identifies and Manages Open Items Prepares Certificates of Compliance Prepares Final Safety and Security Verification Report

Advisory Authority

Safety Review Committee Security Review

Committee Fire/Life Safety Committee

Supports Implementation of Safety and Security Activities Tracks and Resolves Conflicts, Challenges, and Open Items Support Coordination with External Agencies (fire departments,

city/county building officials, and law enforcement) Approves Certificates of Compliance Approves Final Project Certification

March 2009 33


Program Authority

Responsibility Activities

Configuration Authority

Safety and Security Change Review Board

Identifies and Evaluates Changes to Design Baselines Ensures that Proposed Changes Maintain Level of

Safety/Security Designed into System and Do Not Introduce New Hazards or Vulnerabilities

Ensure that Safety and Security Design Verification and Construction Specification Conformance Reflect the Correct Versions of Specifications, Drawings and Bid Package Materials

Readiness Assessment Authority

Safety and Security Operations Review Committee

Oversees the project’s commissioning activities including systems integration testing, start-up, activation, final safety and security certification, and operation and maintenance demonstration.

Supports the development of procedures for integrated testing and pre-revenue operations

Supports planning and coordination regarding the develop of operating and maintenance rules, procedures and training

Oversees the implementation of training and certification programs for operations and maintenance staff

Oversees the project’s safety and security performance during simulated revenue service conditions (both normal and abnormal)

Ensures that final System Safety Program Plan, System Security Plan, and Emergency Operations Plan and supporting procedures are developed

Oversees coordination with State Oversight Agency and the Federal Railroad Administration as appropriate.

CertificationAuthority

Grant recipient Executive Leadership

Signs or receives SSC Verification Report and Final Project Certificate from DF and Support Committees

Configuration Authority for the safety and security elements of the project typically rests with a committee or board charged with coordinating and evaluating requests for changes to the project’s design baseline to address safety and security concerns. This committee or board works with the project’s larger configuration control system to ensure that proposed changes maintain the level of safety and security designed into the system and do not introduce new hazards or vulnerabilities. This board or committee also ensures that the final Safety and Security Design Verification and Construction Specification Conformance Checklists reflect the correct versions of specifications, drawings and bid package materials.

Readiness Assessment Authority for safety and security elements of the project typically rests with a committee established to oversee the development and implementation of rules, procedures, plans, programs, and integrated and acceptance tests, pre-revenue demonstrations, and certification programs for operations and maintenance personnel

Certification Authority for the project rest with the grant recipient’s executive leadership. Ultimately, the grant recipient’s chief executive officer must receive and accept the certification that the project to be initiated into revenue service is safe and secure.

As indicated in Figure 3 above, the following organizational elements are typically established to address safety and security in a major capital project:

Designated Function for Safety

March 2009 34


Designated Function for Security Safety Review Committee Security Review Committee Fire/Life Safety Committee Safety and Security Change Review Board Safety and Security Operations Review Committee

Each of these organizational elements is briefly discussed below.

Designated Function for Safety: The DF for Safety typically reports to the Project Manager for project direction. The DF for Safety is the key contact and coordination point for the performance of the all safety activities identified for the project. The DF role may be performed by one person throughout the entire project, or may reside with different project personnel. For example, throughout the different project phases, the DF for Safety role may be assumed by: System Safety Manager, Project Systems Engineer, Contractor/Sub-contractor, System Safety Engineer, Security Engineer or Specialist, System Integration Engineer/Specialist, Project Engineer, Construction Safety Manager, Start-up/Activation Manager, and other personnel.

The DF for Safety has many responsibilities for safety, including the following:

Advises the Program Manager regarding safety requirements, hazard analysis, and the overall safety or security status of the project.

Coordinates the system safety effort with systems engineering, civil structures, reliability and quality assurance, integration and testing, and program management functions.

Identifies necessary technical safety criteria and requirements (including those associated with interfacing hardware, software, and facilities) and ensures their incorporation into designs, specifications and planning documents.

Ensures that submitted Hazard Reports contain sufficient information to permit the Project Manager to make informed decisions.

Reviews system safety tasks, prioritizes safety risks, and recommends engineering, procedural, or other changes necessary to reduce the risk to an acceptable level.

Ensures the implementation of a closed-loop process for providing traceability and tracking of all hazards from identification through resolution.

Assists the Program Manager in coordinating with the Committees devoted to safety and security issues and with external agencies and chairs the Safety Review Committee.

Participates in all major design reviews, and provides the following: Lists of preliminary hazards and other safety/security concerns Completed hazard analyses appropriate to the level of design detail Recommendations for corrective actions and controls, based on analysis and

sound engineering and management principles Reports documenting on-going safety activities and concerns

March 2009 35


Participates in all major activities to review and accept the delivered project, system, sub-system or component, and provides a safety assessment and a safety certification package, with any exceptions documented.

Participates in all major activities to “checkout” the delivered project and initiate revenue service, and provides a safety assessment and a safety certification package for operational readiness, with any exceptions documented.

Maintains safety oversight of the project tests, operations, or activities at a level consistent with the potential for loss over the life of the system.

Ensures that, in all instances, hazards are controlled or eliminated by corrective action with the following priorities:

Eliminate hazardous elements of subsystems within the design; Minimize or negate the effects of hazards through design techniques; Install safety devices; Install caution and warning devices; Develop administrative controls, including special procedures, access control

systems/barriers; and Provide protective clothing and equipment.

Ensures that contractors and others supporting the project prepare a plan to address hazard analysis and resolution in their activities, which must be approved by the Program Manager or his or her designee.

Submits formal Hazard Reports and other documents for each hazard or safety issue with a residual risk to be formally accepted by management prior to contractual acceptance.

Designated Function for Security: The DF for Security is responsible for all security planning activities specified in the SSMP. Activities may include, but are not limited to:

Chairs the Security Committee, which meets to manage and oversee threat and vulnerability assessment for new project development.

Provides the Program Manager with assessments and briefings regarding security threats and vulnerabilities, technology and design evaluations, personnel requirements, and recommended counter-measures.

Attends reviews and management meetings on project development, acceptance, and operational readiness.

Reviews design concepts, preliminary schematics and technology to provide security evaluations and recommendations.

Reviews new security requirements and activities required to support design, construction, acceptance and operation of transit project.

Develops implementation strategies for new security related activities.

Develops schedules and resource allocation for implementation of new security activities.

March 2009 36


Considers security aspects of facilities and vehicles; propose patrol strategies and security management systems.

Plans fiscal requirements of security activities.

Considers the security of passengers, vehicles and facilities in design and operational reviews.

Manages contract security and/or law enforcement contracts.

Determines training needs for security related activities.

Reviews Safety and Security Management Plan and System Safety & Security Program Plan.

Develops resolutions for security problems identified.

Determines security equipment needs.

Meets with local police and other public safety organizations as needed.

Solicits input from contractors and employees for improving security.

Safety Review Committee: The goal of the Safety Review Committee, whether for a New Starts project or existing system, should be the effective and efficient accomplishment of the project safety objectives for that phase, including all activities specified in the SSMP. This goal may necessitate the involvement of different personnel and contractors from phase to phase and may even require different lead public agencies and project managers. The Safety Review Committee is typically responsible for:

Definition of the organizational structure that the project will need in order to manage the identification and verification of safety requirements for the project in all phases.

Definition of safety responsibilities, assurances that system safety personnel and others have the authority to carry out these responsibilities, and documented procedures to govern the interactions between these personnel and other organizational elements.

Identification and provision of the resources that safety personnel will need to manage, perform, and verify safety requirements.

Reviewing documentation (evidence of conformance to safety requirement), assigning responsibilities for open issues and approvals of certification documentation, conducting site visits, and defining safety and security-related tests and analyses, as required.

Determining whether to accept specific conditions or requiring corrective action(s), including determining the specific methods to mitigate the conditions or potential hazards.

Providing recommendations to the President and CEO regarding certification and noncompliance of system elements.

The Safety Review Committee is generally comprised of senior management personnel, or their designees, who represent the major project areas and activities, including: engineering and systems integration, architectural design, quality control/quality assurance, industrial and construction safety, security, technical services, construction management, operations and

March 2009 37


maintenance, contracts administration, labor relations, public relations, cost and scheduling, and training. The SRC is generally chaired by the agency’s highest ranking safety official and generally managed, convened, and coordinated by the agency’s System Safety Department. For those New Start projects that have not yet developed an in-house staff or an in-house System Safety Department, the Safety Review Committee should fill this role until a fixed organizational element is designated to manage safety. The Safety Review Committee, through its system safety engineering function, is accountable to the grant recipient’s executive leadership for the overall function, direction, coordination, control and conduct of the conduct of Safety Certification Program, and functional approval of certification documentation.

Security Review Committee: This Committee mirrors the role of the Safety Review Committee, but for security. It conducts or oversees system-wide security assessments and identifies and addresses requirements from the Department of Homeland Security, the Transportation Security Administration, and the Office of Grants and Training as they relate to the project. The Committee also ensures that new procedures and facilities incorporate security in their design. The Committee reviews security training curriculum and programs affecting security. The Committee also focuses on the current design measures, and policies and procedures in place in order to analyze and evaluate their effectiveness in meeting security challenges in all aspects of the operations. The results of these analyses could result in design modifications and proposed new procedures for security. Other responsibilities include:

assess compliance with management policies, rules, procedures and assigned security responsibilities;

identify organizational issues that contribute to security incidents, or less effective response to incidents; and

promote security awareness campaigns and award programs.

The Security Review Committee is generally comprised of senior management personnel, or their designees, who represent the major project areas and activities, including: engineering and systems integration, architectural design, quality control/quality assurance, industrial and construction safety, safety, technical services, construction management, operations and maintenance, contracts administration, labor relations, public relations, cost and scheduling, and training. The SRC is generally chaired by the agency’s highest ranking security official and generally managed, convened, and coordinated by the agency’s System Security or Police Department. For those New Start projects that have not yet developed an in-house staff or an in-house System Security Department, the Security Review Committee should fill this role until a fixed organizational element is designated to manage security. The Security Review Committee, through its system security engineering function, is accountable to the grant recipient’s executive leadership for the overall function, direction, coordination, control and conduct of the conduct of Security Certification Program, and functional approval of certification documentation.

March 2009 38


Fire/Life Safety Committee: The purpose of the Fire/Life Safety Committee for the project is to serve as a liaison between the grant recipient and the fire jurisdictions and emergency response agencies during the project development process. This Committee is typically comprised of local and state fire jurisdictions, local emergency response agencies, the project operations and maintenance liaison, the DF for Safety and Security, construction and design managers along with project management staff and the general design consultant. The Committee reviews standards and safety-related designs and tests to verify fire/life safety code and regulation compliance. In addition, the Committee reviews fire/life safety compliance documents and recommends resolution to the SRC for exceptions to the requirements. The Committee also assists the DF for Safety and the Safety Review Committee in the:

establishment of emergency training for rail transit and emergency response personnel; identification and resolution of fire/life safety hazards; and development of emergency preparedness response plans, policies, and procedures.

The Committee meets periodically to review proposed design changes that may affect fire/life safety, to debrief major incidents which involve emergency response agencies, and to plan emergency response drills and exercises. The Committee reviews and recommends revisions to emergency preparedness response plans, policies, and procedures; operating procedures which affect emergency response; changes to training plans and training programs pertaining to emergency response and personnel; and fire/life safety design changes.

Safety and Security Change Review Board: The Safety and Security Change Review Board reviews, evaluates and manages the changes proposed to the project’s baseline configuration and related baseline operation for safety and security impacts. The Review Board makes recommendations for the disposition of proposed changes. The Review Board also ensures that that Safety and Security Design Verification and Construction Specification Conformance reflect the correct versions of specifications, drawings and bid package materials. The Review Board coordinated closely with the configuration control/document control function established for the project.

Safety and Security Operations Review Committee: The Safety and Security Operations Review Committee is responsible for overseeing the project’s commissioning activities including systems integration testing, start-up, activation, final safety and security certification, and operation and maintenance demonstration. Committee activities include:

planning and coordinating the scheduling and witnessing of tests and demonstrations; developing performance criteria to guide the evaluation of pre-revenue operations and

acceptance tests; supporting the development and review of plans, policies, procedures, rulebooks and

training for operations and maintenance; establishing core capabilities essential for operations and maintenance personnel, and

ensuring that project manuals, training and certification programs effectively address these core capabilities;

supporting, witnessing and evaluating simulated revenue service conditions for both normal and abnormal operations; and

ensuring that all final plans, policies, procedures, training materials, manuals and certification programs to be used for revenue service adequately reflect the results onf findings from integrated and acceptance testing, project demonstration, and pre-revenue operations.

March 2009 39


4.3.2 Approach to Safety and Security Responsibilities

The biggest challenge for safety and security in a major capital project is the staggered approach required to support project development. Since projects will have many different participants with varying levels of responsibility over a period of several years, the SSMP must describe an organizational structure that provides a consistent focus on safety and security.

A concern for the grant recipient is the assignment of responsibility for safety and security. To the extent possible, each organization involved in a transit capital project should be responsible for its own safety and security elements. While consultants or contractors to the grant recipient can assume significant responsibility for safety and security, this responsibility should not be completely delegated. The grant recipient should maintain a safety and security oversight capability to ensure that programs are working within the grant recipient’s organization, as well as within the supplier’s and contractor’s organizations.

This sub-section should explain the grant recipient’s approach to assigning safety and security responsibilities and ensuring oversight of contractor activities throughout all project lifecycle phases. For example, the grant recipient may describe its approach to safety and security responsibilities through project design and construction in the following manner:

Design and Construction Process: Overall responsibility for design and construction rests primarily with the Program Manager, with assistance from Chief Discipline Engineers/Architects in the form of contractor and staff technical expertise. The Design Manager, reporting directly to the Program Manager, is responsible for all required design activities. The Design Manager must ensure design conformance with the Scope of Work, an acceptable project cost, technical coordination between the disciplines, and timely completion. The Construction Manager, reporting to the Program Manager, is responsible for assuring that all who work on the project (contractors and/or in-house staff) meet all requirements of the Quality Program, Safety and Security Management Program, contract documents and all applicable laws and regulations.

Safety and Security during Design: Ensuring safety and security in the completed project begins in the design phase. Members of the Project Design Team, whether comprised of contractors or in-house staff, work together to develop the design and prepare the drawings and specifications required for advertisement, bid, award, and construction of a capital project. It is the responsibility of the entire Project Design Team to assure that contract drawings and specifications meet appropriate standards, address project and regulatory requirements, and provide clear direction for construction of the project, including the identification and incorporation of all safety and security requirements. The Project Design Team receives direction from the Design Manager. Specific disciplines will provide technical guidance and direction and will keep the Project Manager informed with respect to project progress.

The Designated Function for Safety and Security is assigned to the Design Team and participates on all Project Design Team Reviews. The DF for Safety and Security reviews and comments on design distributions and provides guidance and assistance to the Project Design Team concerning safety and security issues and procedures. The DF for Safety and Security also ensures that the results of safety and security analysis performed for the project are incorporated into the final technical specifications and contract package.

March 2009 40


Either working with the Quality Management function, or working independently, the DF for Safety and Security will audit the design process to assure that established safety or security requirements are being met. This audit function will support completion of Safety and Security Design Verification Conformance checklists and a Project Certificate stating that the design meets project safety and security requirements.

In addition, during the design phase, safety and security analysis will be performed by – or under the supervision of -- the Designated Function for Safety and Security. This analysis will include preparation of a Preliminary Hazard and Vulnerability List; performance of Preliminary Hazard Analysis and Threat and Vulnerability Analysis, and supporting system, subsystem, reliability and human factors analyses as appropriate for the project. Results from this analysis will aid in the specification of safety and security requirements and will be tracked using the project’s document control system.

Safety and Security during Construction, Testing, Demonstration & Start-up: Construction work is generally performed by third-party contractors who have the primary responsibility for quality and safe construction of the constructed facility. Grant recipient staff may also perform, or support performance of, work on the project. Grant recipient construction contracts require that the contractor establish, implement and maintain an effective Contractor Safety and Security Management Program, approved by the Construction Manager, to manage, control, document and assure that their work complies with the safety and security requirements specified in the contract documents. This program consists of plans, procedures, tests, and the organization necessary to assure adequate control (inspection) and assurance of safety and security in the materials, workmanship, fabrication and operations covering both on-site and off-site construction work. Contractors are required to perform their own audits to assure compliance with the requirements of their safety and security management program and must assign an approved engineer/manager whose function is to manage all safety and security matters relating to the project.

Verification of construction in compliance with the approved design documents is performed throughout the construction phase. Engineering Services personnel, working under the direction of the Construction Manager, perform oversight of construction activities, and assure, on a day-to-day basis, that the contractor is in compliance with construction documents, including quality and safety and security requirements. This oversight takes the form of: checking contractor supplied documentation; witnessing contractor operations, inspections and tests; performing independent inspections and tests to verify contractor results; or any combination of these activities. The DF for Safety and Security will coordinate with Engineering Services personnel and the Quality Program to ensure the completion of Construction Specification Conformance Checklists and preparation of a Project Certificate stating that the as-built project meets project safety and security requirements.

Depending on the nature of the project, Integrated Systems and Acceptance and/or Demonstration Tests and drills may also be required, as well as the delivery of manuals, training, plans and procedures to govern the operations and maintenance of the project. The DF for Safety and Security will coordinate with the Construction Manager, the Quality Manager, and the Operations and Maintenance Group to ensure the safety and security are successfully addressed in these activities and that a Project Certificate is prepared documenting compliance with project safety and security requirements.

March 2009 41


4.3.3 Safety and Security Responsibilities Matrix

This sub-section should present a Safety and Security Responsibility Matrix that lists the activities to be performed and designates responsibility for each task. A sample matrix appears in Figure 4. Headings at the top of the matrix indicate functional responsibility. Within each of the columns the level of responsibility or authority is indicated as primary, secondary, approval, and comment only for each task element. It is understood that at early stages of the project, personnel with responsibility may not yet have been defined. However, the grant recipient should make every effort to ensure -- as completely as possible -- the identification of required activities and those personnel who will most likely perform them.

Figure 4: Safety and Security Responsibilities Matrix

Project Safety and Security TasksLegend:P – Primarily or leadS – Secondary function or assistanceA – Approval authorityC – Comment only Sa

fety

Offi

cer (

SO)

Chie

f of S

ecur

ity (C

OS)

Safe

ty a

nd S

ecur

ity

Cons

truct

ion

Safe

ty (C

S)

Proj

ect M

anag

er (P

M)

Desi

gn M

anag

er (D

M)

Cons

truct

ion

Man

ager

Qual

ity M

anag

er (Q

M)

Test

Man

ager

(TM

)

Oper

atio

ns M

anag

er (O

M)

Program Management and ControlEstablish Safety and Security Policy Statement P S S C A C C C C CSet safety and security policies, goals and objectives P P S C A C C C C CDevelop safety and security task list P P S C A C C C C CEstablish safety organization (DF, committees, contractor support, etc.) P S S C A C C C C CEstablish security organization (DF, committees, contractor support, etc.) S P S C A C C C C CAssign roles and responsibilities for safety activities P S S C A C C C C CAssign roles and responsibilities for security activities S P S C A C C C C CDevelop Safety and Security Management Plan P P S C A C C C C CDevelop Safety and Security Milestone Schedule P P S C A C C C C CDevelop and disseminate Safety and Security Certification Program Plan P P S C A C C C C CDevelop and disseminate procedures to direct safety activities P S S C A C C C C CDevelop and disseminate procedures to direct security activities P S S C A C C C C CProvide assistance on safety and security issues P P S C A C C C C CProvide centralized procurement of safety and security contractors and consultants P P C C A C C C C CPerform program reviews and audits for safety and security activities P P C C C S S P S CEstablish system for hazard and vulnerability tracking and resolution P P S C A S S S S CRequire hazard/vulnerability analysis to assess impacts of deviations from design criteria/design standards and project technical baseline specifications P P S C A S S S S C

Design EvaluationEstablish project concept and component list applicable to safety and security A A P C A P S S C CIdentify codes, standards, regulations, or existing design criteria or manuals containing safety and security requirements for project A A P C A P S S C C

Develop Preliminary Hazards and Vulnerabilities List A A P C A S C S C CPerform preliminary hazard analyses A S P C A S C S C CPerform threat and vulnerability analysis S A P C A S C S C CDevelop safety and security requirements/design criteria for project A A P C A S C S C CPerform additional safety and security analysis (as appropriate) A S P C A S C S C CDevelop a listing of elements which identifies contracts to be safety- and security-certified A A P C A S C S C CDevelop Safety and Security Certifiable Items List (CIL) to support preparation of design criteria and construction specification conformance checklists A A P C A S C S C C

Review 50%, 95%, and Final PE Designs and Update CIL S S P C A S C S C CReview 60%, 95%, and Issued for Construction Designs and update CIL S S P C A S C S C CDevelop Design Criteria Verification Checklist requirements for each certifiable contract and verify inclusion in the system design through the CIL S S P C A S C S C C

Compliance and VerificationAudit safety and security certification processes S S P C A S C S C CPerform safety and security compliance assessments and complete Design Criteria S S P C A S C S C C

March 2009 42


Project Safety and Security TasksLegend:P – Primarily or leadS – Secondary function or assistanceA – Approval authorityC – Comment only Sa

fety

Offi

cer (

SO)

Chie

f of S

ecur

ity (C

OS)

Safe

ty a

nd S

ecur

ity

Cons

truct

ion

Safe

ty (C

S)

Proj

ect M

anag

er (P

M)

Desi

gn M

anag

er (D

M)

Cons

truct

ion

Man

ager

Qual

ity M

anag

er (Q

M)

Test

Man

ager

(TM

)

Oper

atio

ns M

anag

er (O

M)

Verification ChecklistsBased on completed Design Criteria Verification Checklists, develop Construction Specification Conformance Checklists S S P C A S C S C C

Complete Construction Specification Conformance Checklists (verify inclusion of safety and security conformance criteria in as-built facilities and installed systems/equipment) S S P C A S S S S C

Issue/obtain permits and notices to support testing and pre-revenue operations P S S C A S S S S CDocument the findings of integrated testing for safety- and security-related elements S S S S A S S S P CVerify that contractual vendor training classes have been provided S S S S A S S S C PMonitor the identification and resolution of the system hazards and vulnerabilities assessment process to verify that no significant hazard is unresolved at system opening P P S S A S S S C P

Establish a construction safety and security plan S S S P A C S S C CEstablish an emergency response plan for construction S S S P A C S S C CConduct inspections of construction operations, equipment, storage areas, and facilities S S S P A C S S C CNote unsafe acts, unhealthy conditions, or non-secure conditions on the construction site S S S P A C S S C CDocument serious or repeated construction safety and/or security violations S S S P A C S S C CConduct or monitor construction incident/mishap response and investigations S S S P A C S S C CConduct or monitor construction mishap trend analysis and response planning S S S P A C S S C CProvide construction safety, security and emergency response training S S S P A C S S C CConduct project demonstration evaluation and safety and security acceptance S S S S A C S S P SIdentify and resolve restrictions, deviations and work-arounds S S S S A C S P P SIssue final safety and security certification certificates for design verification and construction specification conformance P P S S A C S S S S

Operations SupportCoordinate with State Safety Oversight Agency regarding requirements for safety and security plans and procedures during operations P P S C A C C C C P

Coordinate with FRA Office of Safety and Regional Office regarding requirements for safety plans and procedures and shared track waiver submission P P S C A C C C C P

Develop System Safety Program Plan P P S C A C C C C PDevelop System Security Program Plan P P S C A C C C C PDevelop Emergency Response Plan P P S C A C C C C PPerform safety and security review of preliminary operations & maintenance procedures P P S C A C C C C PDevelop safety rules and procedures P P S C A C C C C PDevelop security rules and procedures P P S C A C C C C PEstablish safety staffing and operational safety program P P S C A C C C C PEstablish security staffing and operational security program P P S C A C C C C PConduct safety incident response and investigations P P S C A C C C C PConduct security incident/mishap response and investigations P P S C A C C C C PPerform crime pattern trending and response planning P P S C A C C C C PPerform safety trend analysis and response planning P P S C A C C C C PDevelop and disseminate emergency safety and security procedures P P S C A C C C C PProvide safety- and security-related training P P S C A C C C C PConduct operational readiness reviews P P S C A C C S P PConduct emergency response drill or exercise P P S C A C C S P PIdentify and resolve restrictions, deviations and work-arounds P P S C A C C S P PIssue final safety and security certification certificates for operational readiness P P S C A C C S S SIssue Final Safety and Security Verification Report P P S C A C C S S S

March 2009 43

Section 4: Safety and Security Analysis

The grant recipient should document its approach to using hazard and vulnerability analysis techniques to ensure the safety and security of the project.


4.4 Safety and Security Analysis

This section of the SSMP should explain the project’s approach to safety and security analysis to effectively manage those conditions with the potential to harm passengers, employees, first responders, and the general public. Safety and security analysis is the formal process to systematically recognize, evaluate, and resolve potential hazards and vulnerabilities associated with the design, construction, testing, start-up, and operation of the major capital transit project.

Known hazards and vulnerabilities must be identified, categorized as to their potential severity and probability of occurrence, analyzed for potential impact, and resolved by design, engineered features, warning device, procedure and training, or other method so that they fall within the prescribed level of risk acceptable to rail transit management. Safety and security analysis promotes a systematic review of occurrences that could result in loss. This review forms the basis for the performance requirements, reliability and maintainability standards, training, and maintenance and operating procedures that will ensure optimal safety performance of the built system within available resources. The tools of safety and security analysis also support the identification of the design criteria – including codes, standard, regulations, and procedures – with which the project must comply to assure Federal, State and local agencies of its recognition and adoption of legal requirements for the safety of passengers, employees, the general public, the environment and shared facilities and rights-of-way.

A suggested outline for this section includes:

4.1 Approach Safety and Security Analysis : establish the objectives for the use of safety and security analysis techniques in the project.

4.2 Requirements for Safety and Security Analysis : specify the distinct types of analysis to be performed during specific phases of the project and the responsibilities for integrating results in engineering, design, construction, testing, and demonstration activities.

4.4.1 Approach to Safety and Security Analysis

This sub-section should describe the objectives to be achieved when using safety and security analysis for the project. Typically, major transit capital projects require safety and security analysis to ensure effective risk management for all high-consequence decisions that affect project design, construction, testing, acceptance and initiation into revenue service.

Risk management, when applied to safety and security decision-making, is defined as:

March 2009 44

“a structured system for measuring uncertainty in safety and security loss and evaluating corresponding impacts on project cost, schedule and performance to support sound decisions.”


The grant recipient’s safety and security management function, through application of safety and security analysis techniques, provides a formal and documented process through which management evaluates and accepts risks for the project. This process is a consistent and vital component of the agency’s overall program for system safety and system security.

Application of safety and security analysis has been referred to as "investigation before the incident" or "troubleshooting before the trouble." This sub-section of the SSMP should explain that the essence of this analysis for the project is ongoing evaluation throughout the project to:

identify hazards and vulnerabilities; translate them into risks; analyze, assess, and prioritize identified risks; resolve, accept or track identified risks; and document risk resolution, acceptance and tracking.

In this manner, safety and security analysis provides a structured approach to considering and evaluating the following:

potential sources of hazards and vulnerabilities in the project and corresponding transit operations;

potential elements of the project or operation that could be affected (people, facilities, equipment, and the internal and external environments) by identified hazards and vulnerabilities, and qualified or quantified assessments of risk;

potential configurations of the project or operation (available alternatives) to reduce risks; and

documentation of accepted risk reduction anticipated for selected alternative(s).

Safety and security analysis can be applied to any phase of the system life cycle or to any evaluation of a design change or retrofit modification. The level of analysis to be performed is dependent upon the needs of the project and the parameters established by management.

Hazards and vulnerabilities can be identified and managed in a variety of ways:

Formal hazard and vulnerability analyses using the inductive process to analyze system components to identify failure modes and effects on the total system, or a part thereof, or of personnel actions.

Formal hazard and vulnerability analysis using the deductive process to identify sequential and concurrent states which are causally or conditionally required to support a specific effect.

Accidents or security incidents that occur in similar operations or during the construction of the project.

Unsafe or non-secure conditions identified as a result of facility inspections. Unsafe or non-secure conditions or behaviors identified as a result of employee or

contractor observations.

The steps in the risk management process are depicted graphically in Figure 5 below.

March 2009 45


Figure 5: Steps in the Risk Management Process

March 2009 46

STEP 1: Decide on Exposures-What is to be assessed?

(Personnel, facilities, equipment, technology, operations, environment)

STEP 2: Establish Authority and Responsibility for Analysis

-Who identifies hazards and threats?-Who set policies and allocates resources?

-Who performs hazard and vulnerability analysis?

-Who accepts risk?

STEP 3: Fix Risk Tolerance Limits-How much risk is acceptable?

-At what levels must risk be resolved?

STEP 4: Perform Analysis to Identify-Hazards

-Vulnerabilities-Over all life cycle phases

-Throughout project development and operation

STEP 5: Assess Hazards and Vulnerabilities-Probability of occurrence-Severity of occurrence

STEP 6: Resolve Risk Associated with Hazards and Vulnerabilities

-Design-Engineered and passive devices

-Warning devices-Policies, procedures and training

STEP 7: Verify Implementation-Countermeasures in place?

-Effectiveness?-New hazards or vulnerabilities introduced?


4.4.2 Risk Tolerance in Safety and Security Analysis

This sub-section of the SSMP should establish the risk tolerance limits set for the project by the grant recipient’s leadership. These limits, which guide acceptable parameters for design specification and project performance, are based on different justifications, including:

formal analysis, in which cost-benefit tradeoffs are rigorously evaluated; professional judgment or assessments, provided by safety and security staff;

engineering, operations and maintenance personnel; and legal counsel; recommendations based on industry guidelines and standards; comparisons with similar transit operations; “bootstrapping” proposed new risks to ones that already exist; and value placed on public expectation and agency reputation.

Risk tolerance limits for a project may be contained within a simple mission statement, such as the one presented in Figure 6.

Figure 6: Risk Tolerance Mission Statement

However documented, this commitment to formal risk acceptance is generally reinforced through formal acceptance and sign-off policies for major findings and recommendations resulting from safety and security analysis. In this manner, the safety and security management function provides a formal process for safety and security analysis that:

establishes a pre-determined level of safety and security, consistent with the agency's function and service;

incorporates this level of safety and security into acquisition and management practices; verifies agency compliance with safety and security requirements in acquisition and

management activities; and ensures, in the reality of day-to-day operations, a reasonable and acceptable level of

minimum risk is established for the project

March 2009 47

All processes, mechanical, human or institutional, which can affect the safety and security of transit passengers, employees, contract employees, or the general public are considered safety-critical, and are subject to the practices outlined in this policy.

At no time shall the transit agency, its management, employees, or contractors, knowingly accept conditions with the potential to result in any of the following:

Death; Severe Injury (to one or more persons); Multiple Injuries; System Loss (full or partial); Major System Damage; and Major Environmental Impact

The transit agency’s Hazard and Vulnerability Identification and Analysis Policy, referenced in the transit agency’s System Safety and System Security Program Plans, establishes safety-criticality of each process through inductive and deductive safety and security analysis.


4.4.3 Characteristics of Effective Analysis

In this sub-section of the SSMP, the grant recipient should clarify that the safety and security analysis techniques used in the project demonstrate the following characteristics:

The risk assessment and analysis process is defined, using accepted methodologies, and documented in a plan that includes the criteria for acceptable risk as determined by the grant recipient’s management.

Required hazard and vulnerability identification processes identify the actual risks associated with the system or operation under evaluation.

Risks are effectively characterized in terms of severity of consequence and likelihood of occurrence.

The findings of risk assessment conducted on identified hazards and vulnerabilities are compared to the acceptability criteria specified by management. The corresponding results are documented in a manner and method easily adapted for decision-making.

Decisions made regarding components of project design or operations which require determinations from grant recipient management are supported with assessments sufficient to compare and contrast options.

Critical to this process is the identification, categorization and resolution of hazards and vulnerabilities.

Identification: During this phase of the process, hazards and vulnerabilities are identified using methods established by the project. Typically, identification of hazards and vulnerabilities begins with the generation of a list of top-level hazards and vulnerabilities called a Preliminary Hazards and Vulnerabilities List (PHVL). The PHVL is the first step in the hazard/vulnerability analysis process, and includes a general listing of anything that that can “go wrong” based on the design concept, its operation and implementation.

It identifies generic accident, crime and terrorism scenarios that may be associated with the project’s systems and sub-systems, components, procedures, and their subsequent interrelationships, providing an overview of the types of issues that must be considered in the design. It also pinpoints requirements for additional and more detailed analysis regarding the presence of hazardous conditions and vulnerabilities and the possibility for loss. In preparing the PHVL, in most instances, input from operating and maintenance personnel, lessons learned from similar projects, combined with the assessments of design engineers and construction specialists, is sufficient to generate this initial listing. The PHVL typically provides the foundation for other safety and security analyses that may be performed for the project.

Categorization: Identifying hazards and vulnerabilities provides little assurance that they will be properly resolved unless they are adequately evaluated and highlighted to those having the decision-making responsibilities. Not all hazards and vulnerabilities are of equal magnitude, frequency, or importance. Categorization involves assessing of the severity of the scenarios identified in the PHVL, should they occur, against the likelihood that the scenarios will actually occur. This may be reported in nonnumeric (qualitative) terms; or in numeric (quantitative) terms. Once each hazard/vulnerability is evaluated for “severity” and “probability,” then these evaluations are generally assessed against each other in a Risk Assessment Matrix.

March 2009 48


As explained in Military Standard 882, the American Public Transportation Association (APTA) Manual for the Development of Rail Transit System Safety Program Plans, and in FTA’s Public Transportation System Security and Emergency Preparedness Program Planning Guide, the final location of the hazard/vulnerability in the matrix determines management’s ability to accept the risk. Figure 7 provides an example matrix.

Figure 7: Quantitative Risk Assessment Matrix

PROBABILITY CATEGORIESDescriptive

WordLevel Within Specific

Individual ItemsWithin a Fleet or

InventoryFrequent A Likely to occur frequently. MTBE* is less than 1000

operating hours.Continuously experienced

Probable B Will occur several times in life of an item. MTBE is equal to or greater than 1000 operating hours and less than 100,000 operating hours.

Will occur frequently

Occasional C Likely to occur sometime in life of an item. MTBE is equal to or greater than 100,000 operating hours and less than 1,000,000 operating hours.

Will occur several times

Remote D Unlikely but possible to occur in life of an item. MTBE is greater than 1,000,000 operating hours and less than 100,000,000 operating hours.

Unlikely but can reasonably be expected to occur

Improbable E So unlikely it can be assumed occurrence may not be experienced. MTBE is greater than 100,000,000 hours.

Unlikely to occur, but possible

* MTBE = Mean Time Between Events

SEVERITY CATEGORIESDescription Category DefinitionCatastrophic I Death, system loss, or severe environmental damage

Critical II Severe injury, severe occupational illness, major system or environmental damage

Marginal III Minor injury/occupational illness, or minor system or environmental damageNegligible IV Less than minor injury, occupational illness or environmental damage

FrequencyI

CatastrophicII

CriticalIII

MarginalIV

Negligible(A) Frequent UN UN UN A/R(B) Probable UN UN UD A/R(C) Occasional UN UD UD A(D) Remote UD UD A/R A(E) Improbable A/R A/R A/R ALegend: Risk Index Acceptance Criteria

IA, IA, IC, IIA, IIB, IIIA Unacceptable (UN)ID, IIC, IID, IIIB, IIIC Undesirable – decision required (UD)IE, IIE, IIID, IIIE, IVA, IVB Acceptable with review (A/R)IVC, IVD, IVE Acceptable (A)

March 2009 49


Resolution: The true benefit of the Risk Assessment Matrix is the ability and flexibility to prioritize hazards and vulnerabilities and to assign required actions for their resolution. This prioritization allows the DFs for Safety and Security to work with Program Manager to ensure the expenditure and allocation of critical project resources where they are most needed. Without the Risk Assessment Matrix, the allocation of resources becomes more arbitrary. Another benefit of the Risk Assessment Matrix is the accountability and responsibility of program and technical management for safety and security management. Use of the Risk Assessment Matrix holds program management and technical engineering accountable for the risk of the system during design, testing and operation, and the residual risk upon delivery.

The ability to adequately eliminate or control safety and security risk is predicated on the ability to accomplish the necessary tasks early in the design phases of the acquisition life cycle. For example, it is more cost effective and technologically efficient to eliminate a known hazard or vulnerability by changing the design (on paper), than retrofitting a rail vehicle fleet in operational use. Identified hazards and vulnerabilities are resolved through the Reduction Order of Precedence, which encompasses five categories of activities that can be performed to resolve hazards and vulnerabilities. These categories, in descending order of effectiveness, include:

Design Change -- eliminate the hazard through a fundamental design change (e.g., overpass to eliminate railroad grade crossing).

Engineered Safety Features -- fixed, active devices (e.g., full-time, redundant backups, interlocks, pressure relief valves).

Safety Devices -- fixed, passive, protective barriers (e.g., guards, shields, suppressors, personal protective equipment. Training and discipline in use of Safety Devices, or obvious reason for their use, is necessary.)

Warning Devices -- visible/audible alarms to trigger avoidance or corrective responses (e.g., signals, lights, signs, horns. Training and discipline in recognizing and responding is necessary. Their value is to personnel with vision or hearing impairments.)

Procedures and Training -- formal or informal training, checklists, certification or experience requirements, personal protective equipment use. Discipline in use of procedures is mandatory.

Examples of commonly-used techniques to resolve hazard and vulnerabilities in the transit environment are presented in Figure 8. Parenthetical notations indicate whether the technique represents a design change (D); engineered safety feature (E); safety device (S); warning device (W); and/or procedures and training (P). When reviewing available options for resolving identified hazards and vulnerabilities to levels acceptable to management, the grant recipient’s project team should consider the following:

Effectiveness: Does it effectively reduce probability and/or severity? Feasibility: Is this proposed activity "do-able?" Is it available when needed? Does it

pose installation difficulties? Will it interface appropriately with existing equipment? Does it pose unusual maintenance demands? Is required staffing or equipment available?

Cost: Is there adequate funding? Consider not just initial outlay but also long-term upkeep, spare parts, projected life span, depreciation, dismantling, etc.

March 2009 50


Figure 8: Sample Techniques for Resolving Hazards and Vulnerabilities

Examples of Engineering Countermeasures:

Fundamental design change (D) Redesign vulnerable components (D/E) Upgrade means of verifying

maintenance/operational adequacy (P) Design/install redundant subsystems/assemblies

(E) Substitute or isolate (D/E/S) Insulate/shield (S) Test and monitor (P) Reduce energy level (D) Dilute or spread (E/P) Exhaust or ventilate (S/P) Include adequate/sufficient sensors/alarms (W/P) Design to limit undesired production and emission

of toxins and wastes (D/E/S/W/P)

Examples of Administrative Countermeasures:

Abandon or shut down (P) Relocate (D) Educate and train (P) Limit exposure time, duration, and/or distance (P) Provide employee supervision evaluation (P) Provide warnings/signals and train in proper steps

(W/P) Maintain high housekeeping standards (P) Design, train, and implement appropriate

procedures for all operational activities and equipment (P)

Other Example Countermeasures:

Employ guards, require Identification (P) Use adequate security methods (light dark areas,

use motion sensors on doors, windows, etc.) (W/P) Provide and require proper Personal Protective

Equipment (PPE) (S/P) Use locks, blocks, interlocks (S/P)

Some available techniques are referred to as ameliorators. Ameliorators do not technically resolve hazards or vulnerabilities; instead, they control severity after an undesired event has begun. Examples include the following:

Automatic sprinklers and fire extinguishers Providing and using personal protective equipment (PPE can also be a countermeasure) First-aid training Emergency preparedness Availability of first-aid kits, oxygen, antidotes Seat belts and crashworthiness provisions

4.4.4 Requirements for Safety and Security Analysis

This section of the SSMP should describe the process for identifying necessary analyses and ensuring their performance, evaluation and incorporation into project design criteria and project specification. The most common types of safety and security analysis include the following:

Preliminary Hazard and Vulnerabilities List (PHVL) – creation of a generic listing of hazards and vulnerabilities that may be present for the project – typically provides the foundation for the PHA and TVA.

Preliminary Hazard Analysis (PHA) – the initial effort in hazard analysis during the system design phase or the programming and requirements development phase for facilities acquisition. It may also be used on an operational system for the initial examination of the

March 2009 51


state of safety. The purpose of the PHA is not to affect control of all risks but to fully recognize the hazardous states with all of the accompanying system implications.

Threat and Vulnerability Analysis (TVA) – an analysis of the generic threats and vulnerabilities present in a system, their evaluation, and recommendations for control.

Subsystem Hazard Analysis (SSHA) – performed if a system under development contains subsystems or components that when integrated function together in a system. This analysis examines each subsystem or component and identifies hazards associated with normal or abnormal operations and is intended to determine how operation or failure of components or any other anomaly may adversely affect the overall safety of the system. This analysis should identify existing and recommended actions using the system safety precedence to determine how to eliminate or reduce the risk of identified hazards.

System Hazard Analysis (SHA) – accomplished in much the same way as the SSHA. However, as the SSHA examines how component operation or risks affect the system, the SHA determines how system operation and hazards can affect the safety of the system and its subsystems. The SSHA, when available, serves as input to the SHA.

Failure Modes and Effects Analysis (FMEA) – a reliability analysis tool that is a bottom up approach to evaluate failures within a system. Any electrical, electronics, propulsion, or hardware system, sub-system can be analyzed to identify failures and failure modes.

Failure Modes, Effects and Criticality Analysis (FMECA) –generated from an FMEA by adding a criticality figure of merit. These analyses are performed for reliability, safety, and supportability information. The FMECA version is more commonly used and is more suited for hazard control.

Fault Tree Analysis (FTA) – a deductive analytical tool used to study a specific undesired event. The deductive approach begins with a defined undesired event, usually a postulated accident condition, and systematically considers all known events, faults, and occurrences that could cause or contribute to the occurrence of the undesired event. Top level events may be identified through any safety analysis approach, through operational experience, or through a "Could it happen?" hypotheses.

Terrorism Risk Assessment (TRA) – methodology developed by the Department of Homeland Security specifically for use by transit agencies to evaluate the risk of terrorist events involving weapons of mass destruction (WMD) through comparison of relative risk between critical assets in order to identify and prioritize needs in terms of security countermeasures and emergency response capability enhancements.

Software Safety and Security Analysis (SSSA) – performed to identify, categorize and resolve issues involving software, where software-controlled functions, if not performed or performed incorrectly, inadvertently, or out of sequence, could result in a hazard or vulnerability or allow a hazardous condition or vulnerability to exist, such as (1) software that exercises direct command and control over potentially hazardous functions and/or hardware, (2) software that monitors critical hardware components, and/or (3) software that monitors the system for possible critical conditions and/or states.

Operations and Support Hazard Analysis (O&SHA) –performed primarily to identify and evaluate the hazards associated with the environment, personnel, procedures, operation,

March 2009 52


support, and equipment involved throughout the total life cycle of a system/element. The O&SHA may be performed on such activities as testing, installation, modification, maintenance, support, transportation, ground servicing, storage, operations, emergency escape, egress, rescue, post-accident responses, and training.

Health Hazard Assessment (HHA) – performed to identify health hazards, to evaluate proposed hazardous materials that may be used in the project, and to propose protective measures to reduce the associated risk to a level acceptable to the grant recipient’s management.

Figure 9 presents the basic process through which safety and security analyses are integrated into the grant recipient’s project development process. This process is flexible and responsive, and should be tailored to the unique requirements of the grant recipient’s project.

Figure 9: Safety and Security Analysis in a Major Capital Transit Project

March 2009 53

PreliminaryEngineering

Final Design Construction Operations

Safety & Security Analysis-Concepts

Safety & Security Analysis-Systems and Subsystems

Safety & Security Analysis-Personnel, Procedures

And Equipment

SSHA, FMEA, FMECA, FTA, TRA & SSSA

Inputs to Design,Procedures, Test,

Training, Manufacturing & Assembly

SHA, Updated FEMA, FMECA, FTA, TRA & SSSA

O&SHA, HHA

Inputs to Design,Changes, Training &

Procedures

PHA and TVA

Revise PHA/TVA

PHVL

Inputs toSpecifications

Section 5: Development of Safety and Security Design Criteria

The grant recipient should describe its process for developing safety and security design criteria.


Some projects will require only a PHVL, a well-done Preliminary Hazards Analysis and Threat and Vulnerability Analysis, supported by reliability assessments from Failure Modes and Effects Analysis. Other projects, such as those performed for the procurement of new vehicles or train control upgrades, may require a full range of system and sub-system analyses, using both inductive and deductive methodologies.

Projects relying on automated functions may require extensive Software Safety and Security Analysis to supplement system and sub-system analyses and the results of Failure Modes, Effects and Criticality Analysis. Fault Tree Analysis can provide an important means for investigating identified safety hazards and/or security vulnerabilities. Increasing concerns over security and emergency preparedness, as well as grant programs available from the Department of Homeland Security, Office of Grants and Training encourage the performance of Terrorism Risk Assessment for New Starts projects and major extensions. The Transportation Security Administration Surface Transportation Security Inspector (STSI) Program may also have recommendations or suggestions regarding ways in which to supplement or improve security analysis.

In this sub-section of the SSMP, the grant recipient should identify how the project will determine the types of safety and security analysis to be performed during various project phases.

4.5 Development of Safety and Security Design Criteria

Section 5 of the SSMP addresses the project’s activity to create safety and security design criteria. It describes how the project will identify safety and security certifiable elements and items; prepare safety and security requirements to guide the development of design criteria; and perform safety and security analysis to ensure the project’s final specification will result in a project that meets the grant recipient’s accepted risk levels for safety and security.

A suggested outline appears below:

5.1 Approach to Development of Safety and Security Design Criteria : Describe approach to incorporating the results of safety and security activities into project design criteria.

5.2 Design Reviews : Identify how safety and security activities will be addressed during Design Reviews to ensure incorporation of safety and security requirement into the final project design.

5.3 Deviations and Changes : Identify procedures for ensuring that changes to safety and security design criteria are appropriately reviewed and approved for their impacts on the level of operational safety and security designed into the system.

March 2009 54


4.5.1 Approach to Development of Safety and Security Design Criteria

Safety and security design criteria provide an organized listing of safety and security codes, regulations, rules, design procedures, standards, recommended practices, handbooks and manuals prepared to provide guidance to project designers in the development of technical specifications for the project.

These criteria are intended to ensure that safety and security are “designed into” the project, and, whenever possible, reference to their identification and documentation should be included in the procurement package for design services. In this sub-section, the grant recipient should describe its approach to the creation of safety and security design criteria. Figure 10 provides a visual illustration of this process.

Figure 10: Safety and Security Analysis in the Design Process

Typically, this process begins with the project definition and general description of the project stemming from Alternatives Analysis phase. Using these items, the project team, including the DFs for Safety and Security, are able to identify the basic scope of the project (i.e., double track alignment operating within a specific corridor over a fixed distance and serving a designated number of stations, with a yard and shop, an operations control center, and a series of ancillary structures, including parking lots, maintenance-of-way sheds and bungalows, and an intermodal bus facility). Once the scope is established, a preliminary list of components can be identified, to include all of the elements which must be designed for the project (i.e., track, stations, vehicles, train control systems, communications systems, parking lots, etc.).

Based on the project description and the preliminary components lists, the grant recipient should identify a basic listing of safety and security codes, regulations and standards to be

March 2009 55


addressed in the project. Source documentation for the identification of safety and security codes and standards often includes:

technical specifications from previous contracts; existing agency design and performance criteria; applicable codes, standards, etc. defined by standards boards and organizations; regulatory directives and requirements; project performance requirements; requirements derived from previously performed safety/security studies; and pertinent safety and security criteria and studies from other transit systems.

Organizations with standards, handbook, manuals, and recommendations to support the development of safety and security design criteria include:

American Association of State Highway Transportation Officials -- http://www.aashto.org American Institute of Architects -- http://www.aia.org American National Standards Institute (ANSI) -- http://www.ansi.org American Public Transportation Association -- http://www.apta.com American Railway Engineering and Maintenance-of-Way Association --

http://www.arema.org American Society of Civil Engineers (ASCE) -- http://www.asce.org American Society of Heating, Refrigerating, and Air-Conditioning Engineers -- http://www.ashrae.org/ Association of American Railroads (AAR) -- http://www.aar.org Building Officials and Code Administrators International -- http://www.bocai.org California Public Utilities Commission -- http://www.cpuc.ca.gov/ Construction Specification Institute (CSI) -- http://www.csinet.org Department of Defense -- http://www.weibull.com/knowledge/milhdbk.htm Environmental Protection Agency -- http://www.epa.gov/ Factory Mutual (FM) -- http://www.factorymutual.com Federal Emergency Management Administration (FEMA) -- http://www.fema.gov Federal Highway Administration -- http://www.fhwa.dot.gov/ Federal Railroad Administration – http://www.fra.dot.gov Federal Transit Administration – http://www.fta.dot.gov General Services Administration – http://www.gsa.gov Illuminating Engineering Society (IES) -- http://www.iesna.org/ Institute of Electrical and Electronics Engineers (IEEE) -- http://www.ieee.org/portal/site Institute of Electrical and Electronics Engineers (IEEE), Rail Transit Vehicle Interface

Standards Committee -- http://grouper.ieee.org/groups/railtransit/index.htm Instrument Society of America (ISA) -- http://www.isa.org/ International Code Council -- http://www.intlcode.org International Conference of Building Officials -- http://www.icbo.org National Fire Protection Association -- http://www.nfpa.org National Institute of Standards and Technology (NIST) -- http://www.nist.gov Occupational Safety and Health Administration (OSHA) -- http://www.osha.gov Southern Building Code Congress International (SBCCI) -- http://www.sbcci.org Transit Standards Consortium -- http://www.tsconsortium.org Underwriters Laboratories, Inc. (U.L.) -- http://www.ul.com

Specifically for security:

FTA has prepared Transit Security Design Considerations, available at: http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/DesignConsiderations/default.asp.

March 2009 56

http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/DesignConsiderations/default.asp


http://www.ul.com/

http://www.tsconsortium.org/

http://www.sbcci.org/

http://www.osha.gov/

http://www.nist.gov/

http://www.nfpa.org/

http://www.icbo.org/

http://www.intlcode.org/

http://www.isa.org/

http://grouper.ieee.org/groups/railtransit/index.htm

http://www.ieee.org/portal/site

http://www.iesna.org/

http://www.gsa.gov/

http://www.fta.dot.gov/

http://www.fra.dot.gov/

http://www.fhwa.dot.gov/

http://www.fema.gov/

http://www.factorymutual.com/

http://www.epa.gov/

http://www.weibull.com/knowledge/milhdbk.htm

http://www.csinet.org/

http://www.cpuc.ca.gov/

http://www.bocai.org/

http://www.aar.org/

http://www.ashrae.org/

http://www.asce.org/

http://www.arema.org/

http://www.apta.com/

http://www.ansi.org/

http://www.aia.org/

http://www.aashto.org/


Other recommendations for designing security into projects, for managing sensitive security information (SSI) during projects, and for developing appropriate procedures and policies for operational security can be found at: http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/Top20/.

The Transit Cooperative Research Program (TCRP) has sponsored a number of projects evaluating security technology and procedures for their effectiveness in the transit environment, available at: http://trb.org/SecurityPubs.

The American Society for Industrial Security (ASIS) also has a series of guidelines and standards available at: http://www.asisonline.org/guidelines/guidelines.htm.

Once codes, standards, regulations and recommendations have been identified and organized according to the appropriate project components, they should be delivered to the project design team for early integration into design activities. They should also be assessed against the Preliminary Hazard and Vulnerability List, to ensure that potential scenarios identified in the PHVL are adequately addressed by the proposed listing of codes, standards and regulations.

Concurrent with this activity, the DFs for Safety and Security will be working with their contractors and the design team to further refine the project component lists and to review this list to identify safety and security certifiable elements. These elements are defined as:

Prior to the initiation of revenue service, a Certificate of Compliance should be issued for each identified element, verifying its conformance with safety and security requirements and its readiness for initiation into revenue service.

Identification of safety and security certifiable elements enables the DFs for Safety and Security to define the project in organizational categories that can be further sub-divided to support recognition of individual sub-elements and items with the potential to affect safety and security.

These sub-elements and items are then documented in a Safety and Security Certifiable Items List (CIL). The process of “breaking down” certifiable elements into CILs typically occurs simultaneously with the project team’s engineering effort. Figure 11 provides a sample CIL worksheet. For those elements of the project that are more difficult to define, preliminary hazard and vulnerability analyses should be performed by, or under the supervision of, the DFs for Safety and Security, to identify major issues and performance requirements for project components. Results of this analysis should be forwarded to the Project Manager and Design Manager for immediate consideration in the engineering effort.

March 2009 57

“Facilities, equipment, procedures, training programs or other components considered critical to the safety and security of a system, and whose inclusion in the project must be certified by the grant recipient using appropriate verification procedures. “

http://www.asisonline.org/guidelines/guidelines.htm

http://trb.org/SecurityPubs

http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/Top20/


Figure 11: Sample CIL

Safety and Security Certifiable Items List

Revision Number:___________________ Date:____________________

Certifiable Element: __________________________________________

Sub-Element: ________________________________________________

Reference(s):____________________________________________

Item Number Item Description Applicable Design Standard(s)

Prepared by:___________________________________________________

Figure 12 presents major groupings of certifiable elements and sub-elements for a rail transit project. This is a sample listing provided for illustrative purposes only. Each agency must determine those elements requiring safety and security certification based on its own policies and the scope of the project.

Based on the general identification of potentially applicable codes, standards and regulations, the in-depth review of the PHVL, and the identification of certifiable elements, the project should be ready to clarify the safety and security requirements for the elements and items identified in the CIL. These requirements, formalized in safety and design criteria, should be delivered to the project design team, organized according to the CIL, to be translated into the technical specifications that will guide the procurement and construction of the project.

4.5.2 Approach to Specification

This sub-section should describe the role of the safety and security function in supporting the preparation of project specifications that accurately reflect the safety and security requirements contained in the safety and security design criteria. Also during this process, requirements for general tests, inspections, integrated tests, demonstration/acceptance tests, and operations and maintenance plans, procedures, training and rulebooks may be identified which will demonstrate the effective realization of the specification in the as-built project and delivered systems.

As the design effort proceeds to greater levels of specification, the safety and security design criteria will be translated by the project team’s detailed designers from general codes and standards to specific requirements for each identified project component. Throughout this process, project engineers may require support in referencing, reviewing and/or interpreting the safety and security design criteria.

March 2009 58


Figure 12: Sample Certifiable Elements and Sub-elements List

SYSTEMS

VEHICLE

Carbody Coupler Doors, Door Operators and Controls Trucks and Suspension Propulsion Braking Operator’s Cab and Controls Communication Equipment Mobility Lift Lighting HVAC Fire/Flammability/Smoke Emissions

SIGNALS

Interlocking Circuits/Equipment Mainline Controls and Indications Grade Crossing Warning Devices Yard/Mainline Interface Track Signals LRT Signals Signal Indications Train Protection

COMMUNICATIONS

Radio System Operations Control Center SCADA Fire Department Communications Security Communications Security Systems Fire Systems Public Address Systems

TRACTION POWER SYSTEMS

Enclosures High Voltage Switchgear AC to DC Conversion DC Switchgear Batteries and Accessories Catenary Stray Current Protection

CIVIL INSTALLATIONS

TRACK AND STRUCTURES

Right of Way Track Aerial At-grade Underground Barriers and Warnings

YARD AND SHOP

Electrical Safety Provisions Vehicle Movement Provisions Track and Appliances Building (Occupancy) Fire System Lifts/Elevator

STATIONS/PARKING LOTS

Platforms Access Provisions for Persons with Disabilities Elevators and Escalators Illumination Electrical Grounding

SIGNAGE

PROCURED ITEMS

Traffic Signal Controllers Mobility Impaired Lifts Traction Power Substations Ticket Vending Equipment

TEST PLANS

Acceptance Tests Integrated Tests Pre-Revenue Tests

OPERATING AND MAINTENANCE ITEMS

Standard Operating Procedures (SOPs) Emergency Operating Procedures (EOPs) Safety, Security and Emergency Response Plans

and Procedures Manuals and Rulebooks Training and Certification Local Responder Training

March 2009 59


To support the project’s overall approach to the specification of safety and security requirements, the DFs for Safety and Security should provide training sessions to the Project Manager and design team to explain their role in overall project performance.

In addition, during this phase of project activity, the DFs for Safety and Security will be coordinating with the design team to support the identification and resolution of hazards or vulnerabilities unique to the system that are not otherwise addressed in standards and regulations. From this process, additional controls or requirements are determined and evaluated to minimize the risks of damage and injury.

Safety and security analysis performed during design specification often provides the best opportunity to “make the case” for safety and security features and specifications, programs, tests, and procedures. Results from safety and security analysis can be integrated into the specification process through delivery of reports and analyses documenting the consequences of specific project decisions for safety hazards and security risks.

Analysis may also be performed on the preliminary system design to identify potential hardware/software interfaces at a gross level that may cause or contribute to potential hazards. Interfaces to be identified include control functions, monitoring functions, safety systems, and functions that may have indirect impact on safety.

4.5.3 Design Reviews

Design reviews involve a formalized, structured approach to ensure that evaluation of design submittals is comprehensive, objective, professional, and properly documented. Typically, in addition to the DF for Safety and Security, reviews include grant recipient project personnel, consultants, operations and maintenance representatives, real estate acquisition and procurement personnel, and construction management staff. Design review schedules are carefully maintained in order to meet construction start dates and other program milestones.

This sub-section of the SSMP should describe how design reviews will be coordinated with the process for delivering safety and security design criteria to the design team, performing safety and security analysis to inform design decisions, and supporting technical specification for safety and security requirements. Design reviews typically focus on consistency with design criteria, possible errors and omissions, and constructability issues. The extent of the reviews is based on consideration of the consequences of system and sub-system failures, the owner's experience with the design organization's capabilities, and findings of the quality assurance program supporting the design process. Coordination usually occurs less formally at the front end of the design process and more formally through the design review process. In addition to the involvement of external stakeholders, a public involvement program is typically maintained to inform and receive input from potential system users and the public at large.

The smooth functioning of the project development process depends on individual reviewers' attitudes, communication between and among disciplines, knowledge of project interfaces, and the skill of the Project Manager in establishing the review objectives. In its coordination role, the DF for Safety and Security can play a vital role in supporting the effectiveness of the overall effort. Throughout the design process, reviews provide an opportunity for the entire project team to assess the status of the development and integration of safety and security requirements into the project through the following:

March 2009 60


briefings on major safety and security program activities, including hazard identification and analysis, safety and security design criteria, safety and security requirement specification, required tests, inspections and procedures, and special issues relating to open items;

identification of subsystem, component, and software safety activities as well as integrated system level activities (i.e., design analyses, tests, and demonstrations) applicable to the safety or security program but specified as tasks for which other grant recipient or contractor personnel or functions are responsible;

delivery of reports and analyses documenting the consequences of specific project decisions for safety hazards and security risks;

identification or presentation of evaluation results relating to requests for deviation from approved baseline designs, procedures or practices;

scheduling coordination and group priority-setting for safety and security activities to be addressed in the next project phase; and

status reports on project compliance with local, State and Federal safety requirements.

Common types of reviews used in the project development process include:

Concept Design Review (CDR). Confirms that the requirements and their allocations contained in the system/segment specifications are sufficient to meet project objectives. This review leads to a formal decision by the Metropolitan Planning Organization (MPO) to proceed with preparations for requesting approval from FTA to enter PE.

Preliminary Design Review (PDR). Confirms that the proposed project baseline is comprehensive (meets all program-level requirements), systematic (all subsystem/component allocations are optimally distributed across the system), efficient (all components relate to a parent requirement), and represents acceptable risk.

Critical Design Review (CDR). Confirms that the project's system, subsystem, and component design, derived from the preliminary design, is of sufficient detail to allow for orderly hardware/software fabrication, assembly, integration, and/or testing, and represents acceptable risk. Completion of the CDR “freezes” the design, and concludes Final Design.

For each stage in the Design Review Process, the DFs for Safety and Security should propose activities to meet the needs of the project development effort and establish them in the Safety and Security Milestone Schedule. If milestone controls are identified early, they can readily be incorporated into project parameters, management activities, and contractual agreements. Finally, during Design Reviews, the DFs for Safety and Security have the opportunity to identify all project documents and activities requiring safety and/or security input and consideration, including the following (sometimes overlooked) resources: rule books; operating and maintenance procedures; training; inspection and test procedures; design specifications and drawings; and emergency procedures and inter-agency organizational agreements.

March 2009 61


4.5.4 Deviations and Changes

As part of the larger project, a management program should be established to define and control the system configuration from the initial technical baseline through to the end of the project, and to provide a record of changes to the baseline as they occur. Within this overall system, the safety and security management program should document its the approach to ensure the effective management and evaluation of safety and security contributions to (1) the technical baseline for the project and (2) the operational and maintenance baselines for the functional system.

This sub-section of the SSMP should explain how safety and security activities for the design effort will be included in procedures established for the identification, documentation, review, and approval of all changes and modifications to the design. Each group responsible for design should provide its own written procedures, which address both quality and safety and security provisions. These procedures should also specify that quality assurance activities are performed to verify compliance to established procedures and to determine the effectiveness of the procedures in meeting quality program objectives, including addressing safety and security requirements.

This process is typically referred to as "Control of the Configuration." Configuration control consists of the evaluation, coordination, and approval or disapproval of changes in the configuration of an item after establishment of a configuration baseline. A configuration baseline consists of the approved or conditionally approved technical documentation for an item as set forth in drawings and associated lists, specifications, and referenced documents.

In an effective configuration control program, drawings are uniquely numbered and otherwise identified. Specifications follow a standard format and each paragraph is numbered and identified. Complete drawing lists are established and the total number of drawings, the titles of the drawings, the revision status, and the dates the drawings were approved are recorded. Changes to approved drawings or specifications should only be made in accordance with established procedures. Permanent files are maintained of all contract documents which include historical information relating to all project changes. As the project becomes implemented, configuration control evolves to include the documentation of the completed improvement in terms of "as-built drawings."

Configuration control is a formal process, such as the one depicted in Figure 13, instituted to control the documentation of the design, evaluation, acceptance, operation and maintenance of a major capital project. Configuration control provides a complete audit trail of project decisions and design modifications.

In this process, responsibility should be clearly assigned for maintaining the orderly control of changes in contract technical requirements and other approved baseline documents. Requests for changes must be identified, evaluated as to their significance, and routed through established procedures for obtaining approvals. The DF for Safety and Security, supporting committees, and other personnel, must be “plugged in” to this larger process -- able to access, review, and contribute documents without disrupting control, or being excluded from critical review activities. In this process, it is important to identify how “open items” will be documented and tracked. The term “open items” refers to items that have not been verified for conformance with design requirements, as well as unresolved safety or security issues.

March 2009 62


Figure 13: Configuration Control Process

In most transit projects, configuration control requirements are established in the agency’s Configuration Management Plan (CMP), and included in major contracts to assure that changes to design of equipment and facilities are adequately documented and approved. Changes to designs, after completion of design reviews, are coordinated within this system to ensure: (1) notification of proposed changes to the baseline; (2) appropriate approvals for acceptance of changes to the baseline; and (3) accurate accounting of all elements of the current baseline. The configuration management process uses this system of “baseline management” to ensure that the technical baseline for the project is defined and controlled throughout the design, maintenance, and operations phases, and that the end products satisfy the technical and operational requirements derived from the system needs. At specific points in time, selected documentation is formally designated and approved as part of the technical baseline. The operations and maintenance technical baseline is the final as-built documentation and system performance requirements.

March 2009 63

YES

Approval…FIC Ensures Changes Incorporated in As-built

Drawings, Procedures, Specs & Design Criteria, Training Materials, Maintenance Manuals, Illustrated Parts Catalogs, Heavy Repair

Manuals…Notifies ALL Those Impacted by Change

FIC Function Initiating ChangeSCP Safety Certification ProgramCM Configuration ManagementSRC Safety Review CommitteeDC Document ControlDocument Control

Portion

FIC Logs In,Reviews Content

&Triggers SCP/CMReview Process

SRC PerformsFunctional &

Technical Review(Engineering

Last)

Project MGR.Develops & Implements

TrialWork Plan-

Completed?

Engineering

Request for Change

ApprovalSignaturesObtained?

FIC arrangesMeeting of SRC

–Approval?

Review by RailSafety Oversight

Committee-Approval?

FIC Notifies ALL Affected Parties

Of Conditional Approval &“Probationary” Go-ahead

Document & Take

Back to SRC

Deliver to ProjectCM/DC

Functions

Reject ChangeRequest

FIC Logs in…any Conditions?

FIC Logs In

Submitter of Change

Request Invited to Present Item

YES

YES

NO

YES

YES

NO

Section 6: Ensuring Qualified Operations and Maintenance Personnel

The grant recipient should describe its process for ensuring that all operations and maintenance personnel are selected, hired, trained and qualified to ensure the safe and secure operation of the project in revenue service and to support emergency response.


4.6 Process for Ensuring Qualified Operations and Maintenance Personnel

Section 6 of the SSMP requires the grant recipient to describe the process to be used to ensure that the personnel hired/contracted to operate and maintain the project in revenue service are adequately trained and qualified. Section 6 describes how the grant recipient will establish job requirements, including needed qualifications and core competencies, for each job classification (or title), and then develop and administer programs to ensure these requirements are addressed. A suggested outline for this section of the SSMP includes:

6.1 Operations and Maintenance Personnel Requirements: Identifies the number of personnel and their specific job classifications required to operate and maintain the project in revenue service. Also includes, by job classification, the qualifications and core competencies necessary to ensure safety, security and emergency preparedness.

6.2 Plans, Rules and Procedures : Identifies, by name, the specific safety, security and emergency plans, rules, procedures, and manuals that the recipient will develop or revise. Also provides a schedule.

6.3 Training Program: Lists the elements of training the grant recipient will provide to employees, by job classification, to ensure their capabilities to provide safe and secure service and to respond effectively to emergencies. Also, includes the training schedule and a commitment to maintain evidence of personnel training and qualifications/certifications.

6.4 Emergency Preparedness : Identifies exercises, drills, tabletops, or other activities that the grant recipient will perform to ensure the readiness of the project. Also explains how the recipient will assess and document the results (i.e., after action report or equivalent document).

6.6 Public Awareness: Identifies programs that support the recipient’s commitment to ongoing, comprehensive public awareness, for both security awareness and emergency preparedness.

4.6.1 Operations and Maintenance Personnel Requirements

This sub-section should describe how personnel staffing requirements for the operation and maintenance of the project in revenue service will be developed. This sub-section should describe or reference the grant recipient’s determination regarding the titles required for system operation and maintenance, qualifications and responsibilities of each title, and training requirements for each title to ensure the safe and secure operation of the project in revenue service. The number of personnel in each title needed for the project should also be included, and may be referenced from the grant recipient’s Operations and Maintenance Plan (OMP).

March 2009 64


4.6.2 Plans, Rules and Procedures

This sub-section should briefly describe the process to be used by the grant recipient to ensure that rules and procedures developed to operate and maintain the project adequately address safety and security requirements. A critical, and often overlooked, component of many transit projects is the integration of operations and maintenance personnel into the project development process.

Typically, this process begins with the development of draft operations and maintenance procedures during final design, which reflect identified safety and security requirements, as well as other elements specified in the project design. Then, during project construction and the manufacturing and acquisition of equipment, these rules and procedures are further refined to reflect requirements of the as-built and delivered facilities, systems, and equipment. Rules and procedures are supplemented by the delivery of manuals and training programs. At different stages throughout the project, reviews are conducted to obtain input and ensure consistency.

In this sub-section, the grant recipient should identify the key plans, rules and procedures to be developed and describe its process for developing them. Typically, this sub-section focuses on the following:

Rulebook Standard Operating Procedures Emergency Operating Procedures Maintenance Rules, Procedures and Manuals System Safety Program Plan System Security Plan Emergency Operations Plan Service Activation Plan

4.6.3 Training Program

This sub-section identifies or references the operations and maintenance training program developed for each title to train employees hired or contracted to operate, maintain, and supervise the project in revenue service. This sub-section also specifies that safety and security (system, personal, and public) are required elements of every training curriculum, and indicates how they are being integrated into the training program.

This sub-section should also explain training programs for employees, consultants, and contractor personnel who are authorized to work within fouling distance of the track. Finally, this sub-section should clarify the approach used to developing, reviewing and maintaining training curriculums. Training curriculums are typically maintained by the manager of the department responsible for performing the training and are reviewed and updated as conditions warrant. Training, licensing, and certification requirements for each title are identified in the individual title descriptions. Employee files contain evidence that each employee has the appropriate qualifications, licenses, certifications, and training for his/her title and responsibilities. To provide greater detail on the training program, and how safety and security requirements are incorporated into it, the grant recipient may reference the following documents:

Operations training program Rolling Stock training program Maintenance training program

March 2009 65


Service Activation Plan Accredited Industry Courses

4.6.4 Emergency Preparedness

In this sub-section of the SSMP, the grant recipient should describe its approach to developing, conducting and evaluating emergency exercises and drills. Typically, grant recipients identify the following activities:

Annual emergency preparedness drill (scenario and location will vary each year) Tabletop drill exercises Emergency field training procedure exercises

Grant recipients also typically clarify that formal reviews will follow each drill, and lessons learned will be incorporated into improvements in incident response and resolution procedures.

Also, in this sub-section, grant recipients should explain how specific exercises and drills will be identified to be incorporated into the System Integration Test Plan (SITP) and the Service Activation Plan and how procedures will be developed to guide the conduct and evaluation of these exercises and drills. Familiarization for Local Fire Departments and Police Departments should also be addressed in this sub-section, including when and how the grant recipient will conduct this training.

4.6.5 Public Awareness

In this sub-section of the SSMP, the grant recipient should explain how it will partner with local communities and lead or participate in public safety and awareness programs. The following types of activities are typically performed:

Train for Safety. This program may be developed to educate school children on proper safety around the project. A detailed Train-for-Safety plan is typically developed during construction, and implemented during pre-revenue operations.

Transit Watch. The grant recipient may choose to implement FTA’s Transit Watch program to provide the public with a way to identify and report suspicious activities in and around the system.

Operation Lifesaver. The grant recipient may choose to partner with Operation Lifesaver, both financially and by volunteering staff to speak at schools and other organizations on safely using and interacting with the system.

March 2009 66

Section 7: Safety and Security Verification Process

The grant recipient should describe its process for verifying conformance with specified safety and security requirements during design, in equipment and materials procurement, and during testing/inspection, and start-up phases, resulting in the issuance of a final certification.


4.7 Safety and Security Verification Process (including final certification)

Section 7 of the SSMP requires the grant recipient to describe its process for safety and security verification. It describes activities to verify compliance of the final design and the delivered project with safety and security requirements identified in technical specifications, contracts, and project objectives. It includes activities performed for design verification, construction verification, acceptance testing, integrated testing, operational readiness assessments, management of open items, and issuance of Final Certificates of Conformance and the Final Verification Report. Figure 14 provides a visual illustration of this process.

A suggested outline for this section includes:

7.1 Design Criteria Verification Process : Describe process to verify that safety and security design criteria have been addressed in project specifications and contract requirements and that all required tests have been incorporated into project test plans.

7.2 Construction Specification Conformance Process : Describe process to ensure that elements of the system provided under construction, procurement and installation contracts conform to the specifications.

7.3 Testing/Inspection Verification : Describe process to ensure that the as-built (or delivered) configuration contains the safety- and security-related requirements identified in the applicable specifications and other contract documents. Identify key interfaces for ensuring safety and security involvement in those tests and reviews.

7.4 Risk Resolution Verification : Describe process to ensure that safety and security design criteria and safety and security analysis have effectively identified, categorized and resolved project risks to a level acceptable by management.

7.5 Operational Readiness Verification : Describe process to ensure documented verification of the readiness of operations and maintenance personnel to initiate revenue service.

7.6 Certification Requirements : Describe requirements which must be met to deliver final certification that the project is safe and secure for passengers, employees, public safety personnel and the general public, including individual certificates issued for specific elements to be verified.

4.7.1 Design Criteria Verification Process

This sub-section should describe the activities to be performed to ensure the verification of the incorporation of safety and security requirements into the final specifications and bid package for the project. This is the first major verification activity performed for the safety and security

March 2009 67


program, and typically requires the development and completion of Design Criteria Conformance Checklists and the issuance of Design Criteria Conformance Certificates of Compliance. A sample checklist appears in Figure 15.

This activity requires the DF and project team to verify that the final design incorporates the safety and security-related criteria and requirements developed for the project. Additionally, this process ensures that all safety- and security-related design review comments have been successfully resolved, and that the results of safety and security analysis have been appropriately addressed.

Figure 14: Verification of Safety and Security Requirement in Transit Project

March 2009 68

CertifiableElements

Design Criteria Conformance

Construction SpecificationConformance

Testing, Inspection

ConformanceRisk Resolution Conformance

Rules and Procedures

Conformance

Training and Exercises

Conformance

Design Criteria

Certificates of Compliance

Construction Specification Certificates of Compliance

Testing and Acceptance


Risk Resolution


Operational Readiness


Final Verification

Report

PROJECT SAFETY AND SECURITY CERTIFICATE

PROJECT PERFORMANCE


Figure 15: Sample Design Criteria Conformance Checklist

Design Verification for Safety and Security Certifiable ItemsElement:________________________ Page___________ of ____________Sub-Element:____________________ Prepared by:____________________Revision:________________________ Date:__________________________Contract Number:_________________

Status Means of Verification - DesignC = ComplianceN = NoncomplianceP = Partial Compliance

S = SubmittalD = Design

Item No.

Description Safety/Security Design Criteria

Design Cross References

Design Verification Means of Verification

Status Initial Date

DESIGN VERIFICATION APPROVAL

_______________________________________________________________________Name Signature Date_______________________________________________________________Organization

NOTES

March 2009 69


The design verification process begins as the design is approaching its final stages, and risks have been effectively identified, evaluated and controlled. During this phase of the project, the DF, supporting contractors and/or project team members must begin the sometimes arduous process of specifying identified safety and security criteria and requirements for each item on the CIL.

This process involves the identification and listing of requirements in checklists for each distinct item listed in the CIL to record requirements generated for project “codeworthiness” and the results of safety and security analysis. These checklists, referred to as Design Criteria Conformance Checklists, also provide space for the DF, supporting contractor, or project team member to record references to the contract documents, specifications, manuals, criteria or other material, where, in the larger design, testing, inspection, assurance, and acceptance process, the critical safety and security requirements for each CIL are referenced.

To complete the design verification process, the DF, supporting contractors and/or project team members must fill in the Design Criteria Conformance Checklists and resolve any non-conforming items. Methods to accomplish this activity include document reviews, contract deliverable reviews, audits, inspections, and random sampling to ensure verification of the final specification with the safety and security requirements. As requirements are verified, the appropriate checklists should be filled in, stating the certifiable elements and item, the requirements, the method of verification, the date, and the individual performing the verification. Also, the checklist should identify if the verification was audited or reviewed.

Completion of these checklists enables the grant recipient, through the DF, supporting contractor, project design team members, to:

verify that an acceptable safety and security level is designed in all project elements; document that the design and specifications require compliance with all applicable safety

codes and regulations; and provide a consistent manner to certify projects.

Upon completion of the verification, the DF and project team, using established procedures should complete, sign and submit the Design Criteria Conformance Certificates of Compliance for the appropriate certifiable elements.

4.7.2 Construction Specification Conformance Process

The construction specification conformance process is used to verify that the as-built facilities, installed systems, and acquired vehicles and equipment contain the safety- and security-related requirements identified in the specifications and other contract documents, including approved changes since the final design. This sub-section of the SSMP should describe how construction specification conformance will be managed for safety and security requirements.

Typically, Specification Conformance Checklists are used to document this conformance. This Checklist should be viewed as the “other half” of the Design Criteria Conformance Checklist, because it (1) identifies the tests and verification methods necessary to ensure that the as-built configuration contains the safety and security-related requirements identified in the applicable specifications and other contract documents, and (2) provides documentation that the delivered project meets those requirements. A sample checklist appears in Figure 16.

March 2009 70


Figure 16: Sample Construction Specific Conformance Checklist

March 2009 71

Status Means of Verification - Design

Means of Verification - Construction

C = ComplianceN = NoncomplianceP = Partial Compliance

S = SubmittalD = Design

M = MeasurementT = TestV = Visual Inspection

Certifiable Element:_____________Checklist Type: Master:____________ Sub:___________Sub-Element:____________Contract Number:_____________Safety:_____________ Security:________________Specification/Drawing Reference:_______________Document Control Number:__________________Revision:___________________________

NOTES OR RESTRICTIONS:

Item No.

Description Design Cross Reference

Design Verification Construction VerificationStatus Initial Date Means of

VerificationStatus Initial Date Means of

Verification

FINAL DESIGN VERIFICATIONName and Organization:______________________________________Date: _____________________________________________________Approved By: _______________________________________________Date: _____________________________________________________

FINAL CONSTRUCTION VERIFICATIONName and Organization:_____________Date:______________________________Approved By:______________________Date:______________________________


The Specification Conformance Checklist is the “work horse” of safety and security verification. It supports coordination among the Project Management Plan, the Test Program Plan and the Quality Assurance Program for the entire project. Depending on the organization and staffing of the project, as documented in Sections 2 and 3 of the SSMP, the activities comprising construction specification conformance may actually be performed by construction management and quality control/quality assurance team members, including resident engineers, inspectors, and technical services personnel, with oversight provided by the DF and the safety/security committees. Or, this verification activity may be performed by safety/security contractors or grant recipient staff, working cooperatively with the project’s construction management and quality functions.

The objective of the verification required to complete the Specification Conformance Checklist is to obtain formal documentation from the responsible design and construction managers, following the requirements of previously approved plans, that:

all elements of the system provided under construction, procurement and installation contracts conform to the specifications;

the as-built configuration contains the safety-related requirements identified in the applicable specifications and other contract documents; and

changes to the established design configuration meet code and regulatory compliance, and identified fire life safety and security issues are also resolved.

Once the checklist is finalized and approved by the appropriate parties, it is distributed to those team members with responsibility for completing it. Typically, completion of the checklist is done in parts, as various elements of the project construction and acquisition are completed. Verified checklists are usually forwarded to appropriate staff for review and comment.

Documentation supporting verification of the safety and security requirements should be available for review by the project team, using the project’s configuration control and document control system. For facilities and systems, certifications, inspector reports, job photos, or other evidence may be submitted as documentation. Any contractor submittal used for verification needs to be approved, typically by the resident engineer. The DF, or supporting contractors, may also conduct final walk-through inspections of all as-built facilities, as well as supporting final sign-off by local fire department and city officials.

Safety and security requirements that are not verified by available documentation or demonstration are tracked to resolution. As appropriate, additional safety and security analysis may be performed. Throughout this verification process, the project team should use the Specification Conformance Checklist to review the status of “open items” resulting from deviations to the approved design, work-arounds, non-conformances, change orders, and other temporary measures.

Upon completion of the verification process, the DF and project team, using established procedures should complete, sign and submit the Construction Specification Conformance Certificates of Compliance for the appropriate certifiable elements.

March 2009 72


4.7.3 Testing/Inspection Verification

During the construction and systems integration phases, a comprehensive test program will be followed to ascertain that all elements of the system provided under construction, procurement and installation contracts conform to the specifications. This program will be documented in the Test Program Plan (TPP), which will bring together all the requirements for final testing, verification of system readiness, and verification that the system is in compliance with government regulations and requirements for revenue operations.

This sub-section of the SSMP should identify the grant recipient’s process for verifying that integrated tests, acceptance tests, and other inspections will be conducted to ensure that safety and security requirements have been effectively addressed. The DF for Safety and Security should be closely involved in this process, as safety and security design criteria often require specific performance tolerances, reliability measures, or installation techniques which must be verified through testing, inspection, or other means. Integration testing also will have special safety and security considerations and requirements.

The DF should also establish procedures to receive and review copies of test plans, test procedures, and the results of all tests including design verification, technical operational evaluation, technical data and requirements validation and verification. A plan should be developed to ensure DF review of project team activity conducted for the acceptance of the project.

During the construction, start-up and project activation phases, many contractual and integrated tests are being conducted for the purpose of validating proper operation of equipment being furnished and constructed for the project. As possible, designated safety and security personnel should participate in system integration and pre-revenue testing activities where the safety and security of passengers and/or employees may be affected. In this capacity, DFs assist in the development of integrated test plans and procedures for system verification and demonstration for both acceptance and system-level tests for safety and security features, such as: sprinkler systems, alarms, emergency management panels, fire management panels, ticket vending machines, and CCTV systems.

Compliance with some safety requirements may not be verifiable by standard tests and reports, and the DF for safety and security, contractors, or others designated to provide this service, may have to independently verify compliance to certify the project for initiation into revenue service. Upon completion of the testing/inspection process, the DF and project team, using established procedures should complete, sign and submit the Testing/Inspection Certificates of Compliance for the appropriate certifiable elements.

4.7.4 Risk Resolution Verification

This sub-section should briefly describe the process used by the grant recipient to certify that required safety and security analyses were performed for the project; that a hazard and vulnerability log was maintained; and that all “open items” affecting safety and security were tracked through to resolution. As previously discussed, Section 4 of the SSMP should explain the requirements for conducting and evaluating the performance of safety and security analysis, and ensuring that the final project falls within the risk tolerance thresholds established by the grant recipient’s management. Auditing or review procedures regarding safety and security analysis are also included in Section 4.

March 2009 73


Once these activities have been completed, the DF and project team, using established procedures should complete, sign and submit the Risk Resolution Certificates of Compliance for the appropriate certifiable elements.

4.7.5 Operational Readiness Verification

Pre-revenue Operations, more commonly called “Start-up Operations” or “System Activation,” simulates service to test whether all system elements are functional and perform as designed. Start-up operations should verify the competence of the transit agency personnel and ensure a smooth transition from testing to revenue service. Start-up operations should also verify, through documented demonstrations, the ability of the agency to provide reliable and safe revenue service and to perform satisfactorily under adverse and emergency conditions.

For operating and maintenance requirements that have safety and security implications, operating and maintenance plans and procedures provide the basis for the requirements. During the pre-operations phase of the system, the procedures and plans are tested for effectiveness under simulated operating conditions for normal, abnormal, and emergency situations. Building on the rules and procedures established for the project, verification is also required regarding the training and capabilities of operations and maintenance personnel. A vital part of ensuring the safety and security of the delivered project is the training of operations and maintenance personnel in accordance with written rules and procedures and the manuals delivered regarding the operations and maintenance of project facilities, systems and equipment.

Verification of training and exercises begins, first, with a review of documentation regarding the contract and project requirements for training and exercises. Then, verification must be obtained for preparation, review and approval of the training and exercise materials, and for the offering of training and the conduct of the exercise. Any pre-determined performance criteria established to evaluate the quality of the training, the outcomes of the exercises, or the capabilities of the project’s operations and maintenance personnel should also be assessed. Based on these results of this verification activity, the DF and project team, using established procedures should complete, sign and submit the Operational Readiness Certificate of Compliance.

4.7.6 Certification Requirements

In this sub-section, the grant recipient should describe the process through which the individual Certificate of Compliance will be assembled and documented to support issuance of the final Safety and Security Certificate of Compliance for the project. This section should also identify the process and schedule for preparation of the project’s final Safety and Security Verification Report.

From early in the design phase, the DF and project team will manage risk resolution activities and the tracking of “open items,” as well as specific requests for deviations, changes and work-arounds. At each phase of activity, the DF may issue restrictions on an individual Certificate of Compliance. Restrictions indicate limitations on the use of the verified element or item that will not be lifted until certain activities have been performed.

Following completion of testing and verification activities, the DF for safety and security, along with the appropriate design and construction manager, system integrator, or activation manager, will review documentation to ensure that all safety-critical issues and items have been

March 2009 74

Section 8: Construction Safety and Security

The grant recipient should describe its process for ensuring construction safety and security management activities.


addressed. Restrictions are tracked on the “open items” list. Throughout the verification process described in Section 6 of the SSMP, the DF should have the tools available to identify and evaluate hazards resulting from these situations, to ensure that the safety and security designed into the system is realized in the delivered, tested, accepted, and operational project.

Before revenue service begins, all safety and security certifiable elements should be approved, or workarounds documented and communicated in writing to all affected parties. The issuance of a certificate verifies that the certifiable element has been reviewed by the appropriate management, applicable analysis and tests have been performed and verified, and contractual safety requirements have been met. The project’s design and construction managers will have provided evidence to the project’s safety and security committees that the safety, fire life safety, and security requirements of the design criteria and specification have been achieved.

Prior to revenue operations, or shortly after the initiation of revenue service, the DF will prepare the Final Certification Verification Report. This report summarizes the safety readiness of the project for revenue service and typically addresses the following elements:

executive summary (including a description of any restrictions placed on the project); description of activities performed to verify that safety and security requirements were

addressed in project design, construction, testing, and demonstration; status of design verification and construction specification conformance; results of integrated testing and pre-revenue operations; results of emergency drills and exercises; assessment of rules, procedures and operations and maintenance manuals; and evaluation of safety and security training.

Throughout the verification effort, the DF or supporting contractors may conduct audits on a periodic basis to verify that all participants in the design and construction conformance and testing/acceptance processes are reviewing compliance with safety and security requirements and appropriately documenting this conformance. Reference to this audit program and its results should be made in the Final Safety and Security Verification Report.

4.8 Construction Safety and Security

Section 8 of the SSMP addresses the project’s activities to develop, implement and monitor a Construction Safety and Security Plan. A suggested outline for this section includes:

8.1 Construction Safety and Security Program Elements: Describe the requirements to be implemented by contractors and reports to be received by transit management for implementing and tracking construction safety programs and plans. Also includes the site specific hazard and vulnerability assessments to be conducted during construction.

8.2 Safety and Security Incentives : Describe any safety incentives that may be in place to support implementation of the construction safety program.

March 2009 75


4.8.1 Construction Safety and Security Program Elements

During project construction, both FTA and the grant recipients have a vested interest in the establishment of programs addressing safety, risk management, and insurance. Careful consideration of these elements will help guard against construction delays, serious injury, extensive costs, and liability considerations that frequently arise in fixed guideway and other transit projects.

This sub-section of the SSMP should briefly describe the grant recipient’s approach to construction safety and security and should reference any specific plans and procedures that will be developed. Typically, grant recipients require their contractors to prepare Construction Safety and Security Plans (CSSPs), sometimes referred to as Environmental, Safety, and Health (ES&H) Plans or Construction Accident Prevention Plans (CAPPs).

Following these requirements, construction programs are typically developed to identify all major construction safety and security functions and the organization and key personnel responsible for each of these functions. Management policies are established and procedures are developed for delegating responsibility and authority for safety and security issues in construction management, including the handling of change orders and the resolution of any hazards and vulnerabilities that may be introduced. These plans also typically address safety and security management during construction, ensuring that adequate provisions are in place to protect employees and contractors from harm. While requirements vary by project, these programs are typically formulated based on the following assumptions:

Management and supervision are charged with the responsibility of preventing the occurrence of incidents or conditions that could lead to occupational injuries or illnesses.

Safety and security should never be sacrificed for production and should be considered to be an integral part of risk management, quality control, cost reduction, and job efficiency.

A good safety and security record reflects the quality of management, supervision, and the work force.

The established policy should be to accomplish the work in the safest and most secure possible manner consistent with good work practices. Management at every level should be charged with the task of translating this policy into positive actions.

Contractors with a good safety and security record on prior projects tend to maintain a good record and run a safe, secure, and efficient job on new work. Consequently, a contractor's safety and security performance track record on prior work should be a factor in qualifying bidders.

The program established for the project should outline management safety and security policies and procedures and be in compliance with, and be supplemented by, all applicable Federal, state and local safety, security and health regulations and standards. In case of a conflict between standards or regulations, the stricter requirement should apply.

There are a number of approaches that may be taken to the management of safety and security during construction; all require that safety and security awareness exist at all levels of the construction organization so that all employees on and off the site are aware of the importance of safety and security.

At a minimum, the plan developed by the grant recipient should specify approval, monitoring, inspecting, and auditing responsibilities for subcontractors, contractors, the construction

March 2009 76


management consultant, and the agency’s construction safety specialist, project manager, and the designated safety/security officer.

In some smaller, newer transit agencies, some or all of these safety and security functions may be assigned to a single person. In larger agencies, it is more likely that a separate security staff, often with full police status and authority, will exist and that security responsibilities will be assigned to a chief security officer or chief of police. Regardless of the nature of the staff members who are assigned safety/security responsibilities, the need for agency approval and inspection of all contractor activities remains the same. Although the general or prime contractor may be responsible for all safety/security on a construction project, the existing transit agency or the grant recipient must retain and exercise its right to approve, monitor, and inspect the construction site at all times.

The Construction Safety/Security Management Team

Agencies, often depending on size, but sometimes on whether the construction is a New Start or an addition to an existing system, use different management configurations for construction projects. Some agencies use construction management consultants to oversee day-to-day construction tasks. Others rely on the construction manager to fulfill these responsibilities. The SSMP must specify who is in overall charge of the construction project and what his/her relationship is to the agency. In addition to a construction manager, a project will most often have an agency project manager, and a system construction safety specialist (who may also function as a security specialist). If the construction safety specialist is not well-versed in security matters, this role may be fulfilled by an outside consultant. The safety and security responsibilities of each of the following members the project team should be included in the SSMP:

Construction Manager

A construction manager is generally responsible for defining security/safety requirements that are appropriate to the project scope of work and the specific construction site(s). He/she is responsible for overseeing contractors and subcontractors; performing site safety and security audits; reviewing and approving safety and security plans and procedures; and coordinating with agency managers, particularly safety/security personnel, during construction.

If the construction manager is an agency employee, his/her responsibilities for the project should be clearly delineated and it should be specified whether he/she is expected to fulfill regular agency job responsibilities at the same time as managing the construction project. The roles of any other agency employees with respect to the construction project should also be clearly documented in writing.

If the construction manager is an outside consultant employed specifically for the project, contract provisions and responsibilities should be explained. Among the duties that a contract might specify for the construction management consultant are to:

review and approve the contractor’s master (overall) safety/security plan and document any disparities with the agency’s safety and security programs;

review and approve the contractor’s site-specific safety/security plan (an important consideration in a multi-site project) and identify any disparities with the master System Safety and/or System Security Plans;

March 2009 77


perform site inspections to assure that the contractor is meeting obligations and responsibilities pertaining to maintaining a safe and secure worksite;

monitor contractor compliance with submitted plans and report areas of non-compliance; take corrective action as required and monitor its effects; and gather reporting information for submission to the system safety/security managers.

Agency Construction Safety Specialist

Most agencies assign a construction safety specialist to conduct document reviews of all contractor submissions involving safety/security activities. This person also conducts construction site safety/security inspections during construction. Inspections should occur on a regular basis, including some without advanced notice to assure that safety/security requirements are being met at all times, not only at times of pre-arranged inspections. Since, like the system project manager, the safety specialist is not likely to be an expert in security matters, he/she should involve either the grant recipient’s security staff member or a security consultant in fulfilling these responsibilities. Factors the safety/security specialist should use to determine the frequency and scope of on-site inspections should include:

the duration of the project; the time elapsed since the last inspection; the level of vulnerability to safety/security violations or criminal activity to the workforce

and/or the property; and previous experience with the contractor and/or subcontractors.

The Construction Safety Management Plan

The Construction Safety Management Plan should include information on how each contractor will plan his/her safety program. Like the Construction Security Management Plan, it should be simple to follow and implement. The plan should be reviewed for conformance with the specifications, applicable laws, codes, rules, and regulations and the adequacy of coverage.

Each contractor must list the name and/or title of the responsible individual, the scope of his/her authority, the title of the person he/she reports to, and any other duties assigned to this individual for each of the following activities, many of which complement and in some cases overlap security functions:

construction safety and health guidelines promulgation and execution responsibility, including job site inspection responsibility, job site first aid medical treatment responsibility, and emergency first aid program;

safety education of new employees for general safety regulations and specifically for accident prevention;

proposed Tool Box meeting program; job site inspections, including scope and frequency; policies pertaining to employee personal protective devices that are required (i.e., hard

hats, goggles, earplugs, safety belts, etc.) and specification of other devices that are available (i.e., wet weather gear and protective gear required for specialized tasks);

safety devices required and available, including blowers, warning horns, lockout devices, noise meter, light meters, etc.;

protection of the public, including pedestrian control, traffic control, and protective devices available such as barricades, cones, lights, warnings, etc.;

March 2009 78


accident procedures, including details of job site medical facilities, doctor/hospital arrangements, and emergency and non-emergency policies; availability of job-site accident devices; and policies for accident investigation and paperwork handling;

policies for subcontractor safety, including responsibility for subcontractor safety, inclusion of safety plan requirements in subcontracts, and specific requirements of subcontractor to promote safety and health;

adverse weather plans; other miscellaneous safety and health features, including site conditions/security,

housekeeping procedures, parking facilities for employees, and changing rooms for employees; and

provisions for implementation, approval, and modification of the plan.

If the construction project involves more than one site, a site-specific plan should also address the following topics specific to each site:

general safety health provisions; occupational health and environmental contracts; drug and alcohol testing; personal protective and life saving equipment; sign, signals, barricades and traffic control; materials handling, including storage, use and disposal; tools (hand and power); welding and cutting; electrical; ladders and scaffolding; floor and wall openings and stairways; cranes, derricks, hoists, elevators, pile drivers and conveyors; excavation, trenching and shoring; shafts and caissons; demolition; blasting and the use of explosives; and rollover protective structures, overheads, protection, reverse warning alarm.

Emergency Planning

Emergency situations which may result from natural or human caused phenomena pose risks for any transit project. Accordingly, each contractor should include an emergency management plan, as part of their construction safety and security plan that enables the agency to respond effectively to emergencies. The agency’s construction safety specialist is normally responsible for establishing guidelines for, reviewing, and monitoring the implementation of each emergency management plans. Such plans should discuss:

prevention – the inclusion of activities to eliminate or reduce the probability of an emergency occurring at construction site(s);

preparedness – preparatory activities necessary to ensure that the response to an emergency incident is swift and effective;

response – measures taken during an emergency situation that prevent loss of life and minimize damage to property and the environment; and

recovery – short- and long-term activities that return the project to normal operations.

March 2009 79


In particular, the plan should address emergencies due to fire, earthquakes, storms, surface and subsurface flooding, failure or collapse of structures, power failures, civil disturbances, and accidental or intentional release of hazardous substances. Contractors are responsible for developing an emergency management plan specific to their work and should be required to obtain approval of the plan from the grant recipient prior to the commencement of the contract work.

Hazardous Materials

The grant recipient should assure that each contractor has a policy to ensure that all employees are trained in the recognition and safe handling of hazardous substances and wastes that they may be exposed to at the site, whether by their use and/or unintentional release. The policy should be approved prior to the commencement of any work. In the event that a contractor encounters hazardous materials during the performance of work, the contractor must take any and all necessary measures required by local, state, or federal law and simultaneously notify agency staff of such condition.

The Construction Security Management Plan

The Construction Security Management Plan should identify how security will be incorporated into the construction and operation of the facility. Ideally, it will be simple to follow and implement and will tie together all security documents, policies, and procedures related to the project. The plan must take into account that many construction sites have numerous entry points and many skilled craft workers may be on the site irregularly or for short periods of time but must be properly identified during work periods. To accommodate the fluid needs of a construction site, a Construction Security Management Plan should contain the following elements and should identify (by name and by position title) the individual who is responsible for:

purpose, mission and objectives of the plan, including identification of the manager and site safety/security officer(s), scope of their responsibilities, how they will be kept aware of issues, and how system managers will be able to contact them regularly, during non-business hours, or during an emergency situations;

plans for site security, including inventory and placement of physical security systems (i.e., intrusion detection, fencing, barriers, lighting, CCTV);

plans for human security (guard patrols, visitor access control points, roving patrols), to include hours of work and explanation of coverage during working hours and non-working hours, including the location of any fixed posts and the hours those posts are to be staffed and the routes of any walking posts and the security checks that are to be made along those routes;

plans for identifying specific hazards or risks and mitigation strategies, including the methods for investigating and reporting incidents and accidents, including who is responsible for investigation and reporting and to whom reports will be circulated;

access control and control of non-public areas, including securing the construction site field office(s);

emergency procedures for such events as fire, earthquake, flood, chemical spills, and accidents with injuries, including review of decontamination methods/procedures; who is trained, what equipment is available, and how incidents will be reported to appropriate oversight agencies;

communications capabilities (landline and cell phones, beepers, portable-two way radios);

March 2009 80


local emergency and medical addresses/phone numbers (including all fire/police and hospitals that might respond to the site);

whether personal protective equipment is required for any specific job activity; whether it has been provided and whether employees are trained in its use;

locks and key control to be used during construction; inspection of and deliveries of goods and equipment, including the inspection

procedures for delivery/departure of equipment, personal vehicles, etc.; document control procedures to include handling of blueprints, public utility drawings,

transit system diagrams, and other security-sensitive documents that may be filed at the site;

personnel identification systems and policies (ID badges, cards, etc.) including policies on background investigations if required and any sign in/sign out policies;

security awareness training; presence of and roles and responsibilities of police/security forces; coordination with outside agencies; and provisions for implementation, approval, and modification of the plan.

The nature of the security function assures that security officers will come into contact with many employees, visitors, and members of the public whether authorized to be on the site or as trespassers or possible vandals. Because of this, it is vitally important that they be properly trained and that records are kept on training activities.

Procedures should define security and safety training requirements, schedule of training, and how training records will be documented, maintained, and made available to agency managers or state auditors upon request. The records should include the dates and hours of attendance at the training. Records should also be maintained of all permits and certifications required for the site or for specialized employees working at the site (i.e., if security officers are armed, are all in compliance with local and state regulations; if canine patrols will be employed either during either working or non-working hours, by whom are officers and dogs certified and are their certifications current and in compliance with local or state regulations).

When Security Is Provided by a Subcontractor

Frequently security of a site is subcontracted to a security firm. In such cases, the contractor retains responsibility for assuring that all phases of security have been specified in the contract with the firm. Some security firms are full-service agencies that can provide expertise on physical security (lights, barriers, CCTV, etc.), security staffing, and threat/vulnerability analyses, while others are primarily in the business of providing security officers. The construction management team must, therefore, understand the types of security it is seeking before interviewing potential subcontractors. The management team must assure that security criteria are included in all bid and contract documents, and that the documents fully describe the expectations and requirements for securing the site(s). Among the items that should be specified are that the contract security firm:

meet all applicable federal, state, and local environmental, health, and safety regulations and submit in writing a comprehensive safety and health plan for all specific aspects of the contract;

provide all its employees the necessary training, medical exams, and safety equipment required by the job specifications; and

submit a written site-specific safety and security plan for each worksite that is part of the project covered by the contract.

March 2009 81


The security subcontractor’s site-specific safety and security plan for each site will depend on state requirements, project management concerns, and the size, scope and complexity of the construction site, and any special local conditions. The subcontractor’s plans should conform to the specifics outlined above just as would be expected if security were being provided directly by the contractor.

Reviewing Plans for Completeness

In reviewing the completeness of the SSMP plans, the grant recipient should consider whether the plans cover protection of the staff, contractor personnel, visitors, the public at large, and the work site and materiel, and whether unusual or emergency situations are defined and accounted for.

Considerations of protection of the public should include discussions of how vehicular and pedestrian traffic will be controlled where it must cross the construction site, how members of the public will be protected from threats of harm resulting from the construction and installation operations, how properties adjacent to the construction sites will be protected, and how the work sites will be protected from trespassers, vandals, and criminals.

Protection of visitors should include discussions of entry points to the site from which visitors will be permitted entry; how visitors will be signed in, instructed and outfitted with necessary protective gear, how they will be identified during their visit, and how their credentials (ID badges, passes, safety vests, etc.) will be collected when they depart to assure these are not re-used for unauthorized entry; how visitors will be escorted or accompanied during their visits and which visitors, if any, are authorized to remain on the site unaccompanied by regularly-assigned staff, and how unauthorized visitors will be turned away or deterred from entering.

Protection of the work site and property should include discussions of where, when, and how physical security devices such as fences, intrusion devices, lights, barriers, etc., will be employed to protect the site from trespassers, including maps if appropriate; a definition of the numbers and types of security officers who will be assigned, including differentiation between security guards, watchmen, or supervisors if each title is employed; how they will be expected to protect the site from trespassers and whether they are also responsible for checking on employees for possible theft or misuse of equipment, and a definition of how equipment and property will be secured from sabotage, tampering, or theft during non-work hours.

Procedures for unusual or emergency situations, should include discussions of fires; injuries to employees or visitors or those who have gained unauthorized access to the site; utility or property damage; demonstrations by the public, by workers, or by any outside groups who may have reason to attempt to disrupt work at the site; bomb threats; emergency evacuation plans, and any other unintentional or intentional critical job site exposures.

Procedures for each should be available to all relevant personnel, particularly those responsible for safety/security, and should include provisions for updating the plans and obtaining approvals for all updates and changes. Procedures must include a call list and notifications list, specifying who is to be called in any emergency (by name and title) and providing all relevant telephone numbers for those individuals. Depending on the number of persons who may have to be called, a check-list might be attached to the procedure so that security officers will have an automatic reminder of who is to be called and will be able to make a notation of the time at which each person was called.

March 2009 82


It is recommended that all functions be graphically illustrated with either names or titles of those responsible for compliance and that the chart be updated periodically to reflect personnel changes or worksite alterations.

Agency or Grant recipient Site Inspections and Document Reviews

All contractual material should assure that agency’s or grant recipient’s personnel are authorized to make safety/security inspections and should specify that these may take place during non-working hours and need not be pre-announced. In addition to site inspections, agency or grant recipient safety/security personnel should conduct document reviews of all contractor submissions pertaining to safety/security activities. These reviews and inspections should take place during construction activity as well as during off-hours.

The agency’s or the grant recipient’s security officer or security consultant must track and report narrative and statistical findings from each construction site. The reports should be prepared on a monthly basis, perhaps in chart format.

The safety report should include such information as: recordable injury/illness cases; days away from work due to injury/illness; restricted/modified work cases; first aid cases; visits from any safety oversight agencies; non-compliance notices; regulatory fines; open corrective action items; delinquent corrective actions, and number of incidents (with a discussion of any serious events).

The security report should include: recordable injuries due to security lapses; days away from work due to security lapse-related injuries; restricted/modified work cases due to security-lapse related injuries; visits from any local police agencies; reports of any thefts or loss due to security lapses; corrective action(s) to prevent similar security lapses; and number of incidents (with a discussion of any serious events).

All incident reports filed by the contractor’s security personnel (whether staff or supplied by a security subcontractor) should be monitored for accuracy, completeness, and to monitor whether actions have been taken to correct the breech associated with the problem. For instance, if property has been reported stolen due to theft that appears to have been aided by a break or tear in the fencing, the inspection should assure that the fencing has been replaced. If thefts of workers’ tools have been occurring during work hours, checks of employees exiting the property may have to be instituted while off hour thefts would indicate the possibility of unauthorized persons on the property. If unauthorized personnel were found in the site, a number of security-related steps could be taken, including management reinforcing rules about employees remaining off the site during non-working hours, re-training security staff, or enhancing supervision of security staff during non-working hours.

4.8.2 Incentives

In this sub-section of the SSMP, the grant recipient should identify any special incentive programs created to support safety and security during project construction. Several grant recipients and capital projects have used incentives in contracts whereby the contractor can benefit financially by having a good construction safety and security record. These incentives are usually directly related to the savings in insurance premium that results from a good accident performance rate. The potential for monetary reward provides the incentive for contractors to have a proactive and effective safety program.

March 2009 83

Section 9: Coordination with 49 CFR Part 659 Requirements

The grant recipient should describe its implementation schedule for meeting 49 CFR Part 659 -- State Safety Oversight (SSO) requirements and approvals.


4.9 49 CFR Part 659 Requirements (if applicable)

Section 9 of the SSMP addresses the project’s activities to coordinate with the State Oversight Agency (SOA) to ensure compliance with 49 CFR Part 659 requirements with the initiation of revenue service. This section is only required for rail fixed guideway systems meeting the definition specified in § 659.5:

“any light, heavy, or rapid rail system, monorail, inclined plane, funicular, trolley, or automated guideway that:

is not regulated by the Federal Railroad Administration; and is included in FTA’s calculation of fixed guideway route miles or receives funding under

FTA’s formula program for urbanized areas (49 U.S.C. 5336); or has submitted documentation to FTA indicating its intent to be included in FTA’s

calculation of fixed guideway route miles to receive funding under FTA’s formula program for urbanized areas (49 U.S.C. 5336).”

A suggested outline for this section is as follows:

9.1 Implementation Activities and Schedule : Identify the activities and schedule required to comply with 49 CFR Part 659 requirements.

9.2 Coordination : Identify how the project will work with the State and designated oversight agency regarding implementation of 49 CFR Part 659 requirements.

4.9.1 Implementation Activities and Schedule

In this sub-section, the grant recipient should identify the activities required and the proposed schedule for ensuring that a compliant program, meeting 49 CFR Part 659 requirements, is in place with revenue operations. In order to meet these requirements, the following activities should occur:

The State designates and establishes an SOA with sufficient authority and resources to implement Part 659 requirements.

The SOA develops a Program Standard, which is a written document developed and adopted by the SOA that describes the policies, objectives, responsibilities, and procedures used to provide rail transit agency safety and security oversight.

The rail transit grant recipient develops an SSPP and Security Program Plan for rail transit operations and a set of supporting procedures to address the SOA Program Standard requirements.

The SOA completes its Initial Submission to FTA.

In performing these activities, the SSPP and Security Plan developed by the rail transit project and any referenced procedures must be submitted to the SOA for review and approval, according to a schedule specified in the SOA’s Program Standard. In addition to establishing

March 2009 84


the safety and security operational programs for the rail transit agency, the materials will address additional responsibilities for the rail transit agency, including:

conducting annual reviews to determine if the SSPP and Security Plan need to be updated and coordinating updates and reviews/approvals with the oversight agency;

performing an internal safety and security audit process to review all elements identified in the SSPP and Security Plan over a three-year cycle;

developing and submitting to the oversight agency an internal audit schedule, procedures, and checklists, and notifying the oversight agency at least 30 days prior to the conduct of individual safety and security audits;

submitting annual reports to the oversight agency documenting activity for its internal safety and security audit process, including compliance with the schedule established for the internal audit program, the activities performed, and a listing of findings and recommendations and the status of their implementation;

submitting to the oversight agency a certification signed by the rail transit agency chief executive regarding the agency’s compliance with its SSPP and Security Plan. In the event that the chief executive cannot submit this certificate, the rail transit agency must submit to the oversight agency the steps it will take to achieve compliance with the SSPP and/or Security Plan;

implementing the hazard management process specified in the SSPP and supporting on-going coordination with the oversight agency;

reporting any accident/incident that meets the thresholds specified in the revised rule or that must be reported to FRA;

conducting accident/incident investigations on behalf of the oversight agency when directed to do so; and

preparing corrective action plans and then implementing the plans so as to minimize, control, correct, or eliminate conditions that have caused an accident/incident, findings from oversight agency Three-Year reviews, or at the request of the oversight agency based on the on-going hazard management process.

For grant recipient projects in States with existing oversight agencies, SOA Program Standards and versions of rail transit agency SSPPs, Security Plans, and supporting procedures are already available. To the extent possible, requirements to develop/revise these plans, programs and procedures can be integrated into the contracts and master schedule for the project.

For New Starts projects in States where an oversight agency must be established, this process can be more challenging. To support the efforts of the State to create its SSO program, the rail grant recipient is allowed to use a portion of its 5309 capital monies to support funding for the development of the SOA's program. However, as passenger operations are initiated, the SOA must find an alternate funding source for its SSO program.

Detailed explanation of the required activities for State and rail transit agencies is presented in FTA’s Implementation Guidelines for 49 CFR Part 659. Sample materials and templates to support the preparation of documents required for the SSO program are included in FTA’s Resource Toolkit for State Oversight Agencies Implementing 49 CFR Part 659.

4.9.2 Coordination

In this sub-section of the SSMP, the grant recipient should identify its process and procedures for coordinating with the State and the SOA regarding compliance with 49 CFR Part 659

March 2009 85

Section 10: FRA Waiver Process

The grant recipient should describe the process for making its waiver application to Federal Railroad Administration (FRA) for transit operations sharing track and/or corridors with the general railroad system.


requirements. As possible, specific personnel should be designated and specific procedures developed and referenced.

4.10 FRA Waiver Process (if applicable)

Section 10 of the SSMP is applicable only for those light rail projects that propose to share track with one or more FRA-regulated railroads and for those commuter rail agencies proposing to operate on the general railroad system.


10.1 Activities and Schedule : In the event that FRA waivers are required for shared use operations or commuter rail operations, describe the grant recipient’s activities and schedule for meeting these requirements.

10.2 Coordination : In the event that FRA waivers are required for shared use operations or commuter rail operations, identify activities to be performed by the grant recipient to support FRA and/or State Safety Oversight Agency review and approvals.

4.10.1 Activities and Schedule

To initiate passenger service on shared track, the light rail transit project must obtain waivers from FRA and must identify FRA requirements with which it must comply. This activity must be coordinated with both the light rail project’s State Safety Oversight Program and the FRA. Commuter rail agencies may also request waivers from FRA.

In this sub-section of the SSMP, the grant recipient should identify the activities to be performed and the schedule for obtaining the appropriate waivers from the FRA to enable passenger operations on the shared track or on the general railroad system. Specific requirements for shared use track and submitting FRA waivers are identified in:

July 10, 2000 (final)—Joint Statement of Policy Concerning Shared Use of the Tracks of the General Railroad System by Conventional Railroads and Light Rail Transit Systems, Federal Register, Vol. 65, No. 132, p. 42,526, issued by the FRA and FTA.

July 10, 2000 (final)—Statement of Agency Policy Concerning Jurisdiction Over the Safety of Railroad Passenger Operations and Waivers Related to Shared Use of the Tracks of the General Railroad System by Light Rail and Conventional Equipment, Federal Register, Vol. 65, No. 132, p. 42,529, issued by the FRA.

In general, as a condition of the FRA waiver request, the light rail agency must demonstrate that it has sufficiently addressed the waiver elements in its SSPP. Through the SSO Program, and the rail transit agency’s implementation of its SSPP, the SOA must oversee the waiver elements.

As specified in FRA Docket No. FRA-1999-5685, Notice No. 6, Fed. Reg. Vol. 65, No. 132, page 42528, “where FRA grants a waiver, the state oversight agency will oversee the area addressed by the waiver, but FRA will actively participate in partnership with FTA and the state

March 2009 86


oversight agency to address any safety problems.” In general, the rail transit project should allow between six (6) and 12 months from the submission of its waiver application to final decision from FRA.

FRA may, after notice and an opportunity for a hearing, grant a waiver "if the waiver is in the public interest and consistent with railroad safety." 49 U.S.C. §20103. Figure 17 lists each of FRA's railroad safety rules and provides FRA's likely decision regarding whether the operator of a light rail system that shares track with a conventional railroad should expect to comply with the rule on the shared track or may receive a waiver. This figure assumes that the operations of the local rail transit agency on the general railroad system are completely separated in time from conventional railroad operations, in accordance with guidance issued by FRA, and that the light rail operation poses no atypical safety hazards. FRA's procedural rules on matters such as enforcement (49 CFR Parts 209 and 216), and its statutory authority to take emergency action to address an imminent hazard of death or injury, would apply to those operations in all cases.

Where waivers are granted, the rail transit agency is expected to operate under an SSPP developed in accordance with 49 CFR Part 659. The SOA would be responsible for the safety oversight of the light rail operation, even on the general system, with regard to aspects of that operation for which a waiver is granted. FRA will actively participate in partnership with the SOA to address any safety problems. If the conditions under which the waiver was granted change substantially, or unanticipated safety issues arise, FRA may modify or withdraw a waiver in order to ensure safety.

To initiate the waiver process, the grant recipient should thoroughly review applicable regulations, which can be found on-line at http://www.gpoaccess.gov/cfr/index.html. An electronic docket will be established for each individual matter. Dockets can be accessed through the Department of Transportation’s Docket Management System at http://dms.dot.gov.

Grant recipients developing commuter rail service to operate on the general railroad system may also request waivers for specific

March 2009 87

http://dms.dot.gov/

http://www.gpoaccess.gov/cfr/index.html


Figure 17: FRA Rules for Consideration in Shared Use Track Waiver Applications

Track, Structures, and SignalsTitle 49 CFR Subject of Rule Likely FRA Treatment Comments

213 Track Safety Standards

Comply (assuming light rail operator owns track or has been assigned responsibility for it)

If the conventional railroad owns the track, light rail will have to observe speed limits for class of track

233, 235, 236 Signal and train control

Comply (assuming light rail operator or its contractor has responsibility for signal maintenance)

If conventional railroad maintains signals, light rail will have to abide by operational limitations and report signal failures

234 Grade Crossing Signals

Comply (assuming light rail operator or its contractor has responsibility for crossing devices)

If conventional railroad maintains devices, light rail will have to comply with sections concerning activation failures and false activations

213, Appendix C

Bridge safety policy Not a rule. Compliance voluntary. Voluntary

Motive Power and EquipmentTitle 49 CFR Subject of Rule Likely FRA Treatment Comments

210 Noise emission Waive State safety oversight215 Freight car safety

standardsWaive State safety oversight

221 Rear end marking devices

Waive State safety oversight

223 Safety glazing standards


229 Locomotive safety standards

Waive, except perhaps for alerting lights, which are important for grade crossing safety

State safety oversight

231 Safety appliance standards


238 Passenger equipment standards


Operating PracticesTitle 49 CFR Subject of Rule Likely FRA Treatment Comments

214 Bridge Worker Waive OSHA standards214 Roadway Worker

SafetyComply

217 Operating Rules Waive State safety oversight218 Operating Practices Waive, except for prohibition on tampering with

safety devices related to signal systemState safety oversight

219 Alcohol and Drug Waive if FTA rule otherwise applies FTA rule may apply220 Radio communications Waive, except to extent communications with

freight trains and roadway workers are necessary

State safety oversight

225 Accident reporting and investigation

Comply with regard to train accidents and crossing accidents; waive as to injuries

Employee injuries would be reported under FTA or OSHA rules

228 Hours of service recordkeeping

Waive (in concert with waiver of statute); waiver not likely for personnel who dispatch conventional railroad or maintain signal system on shared use track

May be partial or full, depending on the nature of the proposed operation

239 Passenger train emergency preparedness


240 Engineer certification Waive State safety oversight

March 2009 88


Specific procedures are set forth in 49 CFR part 211, FRA’s Rules of Practice. In general:

Any person may petition for a temporary or permanent waiver of any rule, regulation, or standard (not statute) (49 U.S.C 20101(c)).

A notice of each new waiver petition will be published in the Federal Register. Requests for an extension of an existing waiver will not be noticed unless a change in conditions or operations is involved.

Written comments will be considered. FRA conducts a field investigation of most waiver petitions. A public hearing will be conducted if needed or requested. Waivers are typically granted for a period not to exceed five years and may be subject to

renewal upon request if warranted.

Approval of any waiver petition may contain various conditions or requirements. These may include time limits; immediate notification to FRA of accident or injury; and/or voiding of the approval if any of the conditions are violated.

As part of the waiver process, FRA asks that the light rail operator and all other affected railroads jointly file a Petition for Approval of Shared Use. In most instances, waiver petitions from the light rail project should include the following elements:

The application may be submitted by letter and shall contain the following information where applicable:

o The corporate name of each applicant, or applicants;o The manner in which applicant(s) is involved;o The location of the project, giving name of operating division and nearest station;o The track or tracks involved;o A complete description of proposed changes as they would affect the existing

facilities or of the section from which relief is sought;o The reason for proposed changes or justification for relief from the requirements;o The approximate dates of beginning and completion of project;o Changes in operating practices, temporary or permanent;o Whether safety of operation will be affected, and if so, how; ando Photographs and/or video of the track or other elements for which waiver is being

sought.

Specific information to be included regarding the shared track waiver is as follows:

o a listing of all FRA sections from which a waiver is sought, and a corresponding explanation as to why, and a listing of all complying sections;

o a detailed description of both the light rail and the conventional railroad's operations on the shared use trackage;

o plans for separation of the light rail and conventional operations by time of day, including a description of what protective systems will ensure that simultaneous operation of the two types of equipment will not occur;

o alternative safety measures to be employed in place of each rule for which waiver is sought;

o any SSPP developed for the operation, including one prepared for a stand-alone light rail transit segment under FTA's State Safety Oversight Program.

March 2009 89


Supplemental information prescribed and/or helpful to FRA in its investigation includes the following:

o the associated railroad milepost(s), nearest city/town(s), and State where the application area is located;

o the number and types of train movements daily, that operate over the application area;

o the annual number of hazardous materials cars transported over the trackage involved in the application;

o whether the National Railroad Passenger Corporation (Amtrak) did or did not operate passenger trains over the trackage involved in the application on February 1, 1979; and

o whether the trackage involved in the application is part of the Strategic Rail Corridor Network (STRACNET).

Additional required information for Waivers of the Drug and Alcohol regulations (49 CFR part 219) may include:

o number of employees covered by the Hours of Service Act and total number of employees; and

o information on alternate plans to control the use of drugs and alcohol.

Additional required information for Safety Glazing Waivers (49 CFR part 223) may include:

o the specifications of the window material currently installed on the locomotive(s), caboose(s), or passenger car(s);

o estimates of the cost to replace current window material with compliant glazing material; and

o accident and personal injury history where glazing material was involved or could have possibly prevented the injury.

Additional required information for Hours of Service Waivers (Hours of Service Act, or 49 CFR part 228) may include the following:

o number of employees covered by the Hours of Service Act and total number of employees.

Additional required information for 50-year-old-Cars (49 CFR part 215.203) may include the following:

o a complete and accurate list of all of the vehicles for which the waiver is requested. This list should include the year built, types of bearings, projected use of the vehicle, and any other pertinent information on the condition of the vehicle(s).

Applications or requests for reconsideration of an application shall be submitted by an authorized officer of the carrier or other requesting entity. The original and two copies of each application with supporting papers should be filed. Each waiver should be submitted to the Docket Clerk, Office of Chief Counsel, Mail Stop 10, 1120 Vermont Avenue, N.W., Washington, D.C. 20590.

March 2009 90

Section 11: DHS Coordination

The grant recipient should describe the process for coordinating with the Department of Homeland Security, including the Transportation Security Administration and the Office of Grants and Training.


4.10.2 Coordination

In this sub-section of the SSMP, the grant recipient should identify its process and procedures for coordinating with the FRA and SOA regarding compliance with FRA waiver requirement. As possible, specific personnel should be designated and specific procedures developed and referenced.

4.11 DHS Coordination (if applicable)

Section 11 of the SSMP describes how the grant recipient will coordinate with the Department of Homeland Security (DHS), including the Transportation Security Administration (TSA) and the Office of Grants and Training (OGT).


11.1 Activities and Schedule : Identify the activities to be performed to address DHS programs and requirements, and specify the schedule for meeting them.

11.2 Coordination : Identify activities to be performed to coordinate with DHS, TSA and OGT, including designated points of contact.

TSA is currently developing its requirements for transit security oversight for new rail transit systems and extensions to existing system. In addition, some grant recipients may participate in threat and vulnerability assessment programs managed by OGT. In this sub-section of the SSMP, the grant recipient should document its activities to address DHS requirements and its schedule for doing so.

Typically, this coordination will include meetings with DHS personnel, perhaps initially managed through the Federal Bureau of Investigation (FBI) liaison in the region as part of the Joint Terrorism Task Force or other such committee established in the grant recipient’s service area. Additional activities may include TSA participation on various committees established by the grant recipient to review safety and security elements of project design, fire/life safety, construction, and integrated testing and start-up.

March 2009 91


5.0 Useful Safety Resources

5.1 Additional Guidance for SSMP Development

Federal Transit Administration, Full-Funding Grant Agreements Guidance, Circular Number 5200.1A, December 5, 2002, available at: http://www.fta.dot.gov/legal/guidance/circulars/5000/324_17848_ENG_HTML.htm Federal Transit Administration, Project and Construction Management Guidelines (2003 Update), 2003, available at: http://www.fta.dot.gov/1465_ENG_HTML.htm

Federal Transit Administration, Handbook for Transit Safety and Security Certification, 2002, available at: transit-safety.volpe.dot.gov/Publications/safety/SafetyCertification/pdf/SSC.pdf

5.2 Other FTA Safety Resources

Relevant Safety Resources from the Federal Transit Administration, available at: http://www.fta.dot.gov

Implementation Guidelines – 49 CFR Part 659, 2006 Resource Toolkit for State Oversight Agencies Implementing 49 CFR Part 659, 2006 Reference Guide for 49 CFR Part 659, June 22, 2005 49 CFR Part 659, Rail Fixed Guideway Systems; State Safety Oversight, April 29, 2005 Technical Advisory for the Notification and Investigation of Accidents and Unacceptable

Hazardous Conditions, 1999 Critical Incident Management Guidelines, 1999 Compliance Guidelines for States with New Starts Projects, 2000 Hazard Analysis Guidelines for Transit Projects, 2000 Keeping Safety on Track brochure series, 2000 and 2001 Sharing of Track by Transit and Freight Railroads: Liability and Insurance Issues, 2005 Highway and Rail Transit Tunnel Inspection Manual, FHWA-IF-05-002, 2005 Highway and Rail Transit Tunnel Maintenance and Rehabilitation Manual, FHWA-IF-05-

017, 2005 Quality Assurance and Quality Control Guidelines, 2002

5.3 Transit Cooperative Research Program

Relevant safety studies and reports from the Transit Cooperative Research Program (TCRP) that may be of use to grant recipient are available at: http://www.tcrponline.org/index.cgi:

Project A-05, Integration of Light Rail Transit into City Streets Project A-5A, Second Train Coming Warning Sign Demonstration Projects Project A-13, Light Rail Service: Pedestrian and Vehicular Safety Project A-18, Effective Practices to Reduce Bus Accidents Project A-22, Simulators and Bus Safety: Guidelines for Acquiring and Using Transit Bus

Operator Driving Simulators Project C-11, Hazard Assessment of Alternative-Fuel-Related Systems in Transit Bus

Operations Project F-07, Part-time Transit Operations: The Trends and Impacts Project F-10, Toolbox for Transit Operator Fatigue

March 2009 92

http://www.tcrponline.org/index.cgi


http://www.fta.dot.gov/1465_ENG_HTML.htm

http://www.fta.dot.gov/legal/guidance/circulars/5000/324_17848_ENG_HTML.htm


Project G-05, Transit Manager Tool Kit for Rural and Small Urban Transportation Systems

Project J-3, Safety and Security Issues at All-Bus Systems in Small-to Medium-Sized Cities in Western Europe

Project J-5, Federal and State Licensing and Other Safety Requirements for Commercial Motor Vehicle Operators

Project J-10D, Hazard and Security Plan Workshop: Instructor Guide Project SF-01, Bus Occupant Safety

5.4 Resources for Design Criteria

Specific standards, handbooks, manuals, and recommendations to support the development of safety design criteria:

American Association of State Highway Transportation Officials -- http://www.aashto.org American Institute of Architects -- http://www.aia.org American National Standards Institute (ANSI) -- http://www.ansi.org American Public Transportation Association -- http://www.apta.com American Railway Engineering and Maintenance-of-Way Association --

http://www.arema.org American Society of Civil Engineers (ASCE) -- http://www.asce.org American Society of Heating, Refrigerating, and Air-Conditioning Engineers --

http://www.ashrae.org/ Association of American Railroads (AAR) --

http://www.aar.org/Rail_Safety/Rail_Safety.asp Building Officials and Code Administrators International -- http://www.bocai.org California Public Utilities Commission -- http://www.cpuc.ca.gov/ Construction Specification Institute (CSI) -- http://www.csinet.org Department of Defense -- http://www.weibull.com/knowledge/milhdbk.htm Environmental Protection Agency -- http://www.epa.gov/ Factory Mutual (FM) -- http://www.factorymutual.com Federal Emergency Management Administration (FEMA) -- http://www.fema.gov Federal Highway Administration -- http://www.fhwa.dot.gov/ Federal Railroad Administration – http://www.fra.dot.gov Federal Transit Administration – http://www.fta.dot.gov General Services Administration – http://www.gsa.gov Illuminating Engineering Society (IES) -- http://www.iesna.org/ Institute of Electrical and Electronics Engineers (IEEE) -- http://www.ieee.org/portal/site Institute of Electrical and Electronics Engineers (IEEE), Rail Transit Vehicle Interface

Standards Committee -- http://grouper.ieee.org/groups/railtransit/index.htm Instrument Society of America (ISA) -- http://www.isa.org/ International Code Council -- http://www.intlcode.org International Conference of Building Officials -- http://www.icbo.org National Fire Protection Association -- http://www.nfpa.org National Institute of Standards and Technology (NIST) -- http://www.nist.gov Occupational Safety and Health Administration (OSHA) -- http://www.osha.gov Southern Building Code Congress International (SBCCI) -- http://www.sbcci.org Transit Standards Consortium -- http://www.tsconsortium.org Underwriters Laboratories, Inc. (U.L.) -- http://www.ul.com

March 2009 93

http://www.ul.com/

http://www.tsconsortium.org/

http://www.sbcci.org/


http://www.nist.gov/


http://www.icbo.org/

http://www.intlcode.org/

http://www.isa.org/


http://www.ieee.org/portal/site

http://www.iesna.org/

http://www.gsa.gov/


http://www.fra.dot.gov/

http://www.fhwa.dot.gov/

http://www.fema.gov/

http://www.factorymutual.com/

http://www.epa.gov/


http://www.csinet.org/


http://www.bocai.org/

http://www.aar.org/Rail_Safety/Rail_Safety.asp

http://www.ashrae.org/

http://www.asce.org/

http://www.arema.org/

http://www.apta.com/

http://www.ansi.org/

http://www.aia.org/

http://www.aashto.org/


5.5 Department of Labor/Occupational Safety and Health Administration

Department of Labor, Occupational Safety and Health Administration regulations affecting transit projects are available at http://www.osha.gov and include:

29 CFR Part 1902, State Plans for the Development and Enforcement of State Standards

29 CFR Part 1904, Recording and Reporting Occupational Injuries and Illness 29 CFR Part 1910, Occupational Safety and Health Standards 29 CFR 1910.119, Process Safety Management 29 CFR Part 1924,Safety Standards Applicable to Workshops and Rehab Facilities 29 CFR Part 1926, Safety and Health Regulations for Construction 29 CFR Part 1952, Approved State Plans for Enforcement of State Standards 3132, Process Safety Management 3133, Process Safety Management Guidelines for Compliance CPL 2-2.45A, Compliance Guidelines and Enforcement Procedures

5.6 Rail Transit Vehicle Interface Standards

Institute of Electrical and Electronics Engineers (IEEE), Rail Transit Vehicle Interface Standards, for transit project are available at: http://grouper.ieee.org/groups/railtransit/index.htm and include:

1473-1999, IEEE Standard for Communications Protocol Aboard Trains 1474.1-1999, IEEE Standard Method for Communications-Based Train Control (CBTC)

Performance and Functional Requirements 1474.2-2003, IEEE Standard for User Interface Requirements in Communication Based

Train Control 1475-1999, IEEE Standard for Functioning of and Interfaces Among Propulsion, Friction

Brake, and Train-Borne Master Control on Rail Rapid Transit Vehicles 1476-2000, IEEE Standard for Passenger Train Auxiliary Power Systems Interfaces 1477-1998, IEEE Standard for Passenger Information System for Rail Transit Vehicles 1478-2001, IEEE Standard for Environmental Conditions for Transit Rail Car Electronic

Equipment 1482.1-1999, IEEE Standard for Rail Transit Vehicle Event Recorders 1483-2000, IEEE Standard for Verification of Vital Functions in Processor-Based

Systems Used in Rail Transit Control 1536-2002, IEEE Standard for Rail Transit Vehicle Battery Physical Interface 1568-2003, IEEE Recommended Practice for Electrical Sizing of Nickel-Cadmium

Batteries for Rail Passenger Vehicles 1570-2002, IEEE Standard for The Interface Between the Rail Subsystem and the

Highway Subsystem at a Highway Rail Intersection 16-2004, IEEE Standard for Electrical and Electronic Control Apparatus on Rail Vehicles 1558-2004, IEEE Standard for Software Documentation for Rail Equipment and Systems

5.7 APTA Rail Transit Standards

American Public Transportation Association (APTA) Rail Transit Safety Standards are available at: http://www.apta.com/about/committees/rstand/, and include:

March 2009 94

http://www.apta.com/about/committees/rstand/




RT-S-VIM-001-02, Standard for Third Rail Current Collection Equipment Periodic Inspection and Maintenance

RT-S-VIM-002-02, Standard for Pantograph Current Collection Equipment Periodic Inspection and Maintenance

RT-S-VIM-003-02, Standard for Air Supply and Air Storage System Periodic Inspection and Maintenance

RT-RP-VIM-004-02, Recommended Practice for Heating, Ventilation and Air Conditioning Periodic Inspection and Maintenance

RT-RP-VIM-005-02, Recommended Practice for Door System Periodic Inspection and Maintenance

RT-RP-VIM-006-02, Recommended Practice for Coupler System Periodic Inspection and Maintenance

RT-S-VIM-007-02, Standard for Friction Brake Equipment Periodic Inspection and Maintenance

RT-RP-VIM-008-03, Recommended Practice for Rail Transit Vehicle Pre-Departure Inspection

RT-RP-VIM-009-02, Recommended Practice for Battery Systems Periodic Inspection and Maintenance

RT-RP-VIM-010-02, Recommended Practice for Electric Motor Periodic Inspection and Maintenance

RT-RP-VIM-011-03, Recommended Practice for Rail Transit Vehicle Inspection and Maintenance Training and Qualifications

RT-S-VIM-012-03, Standard for Diesel Prime Mover Systems Periodic Inspection and Maintenance

RT-RP-VIM-013-03, Recommended Practice for Communication Systems Periodic Inspection and Maintenance

RT-S-VIM-014-02, Standard for Car-borne Cab Signal Control System Periodic Inspection and Maintenance

RT-RP-VIM-015-03, Recommended Practice for On-board Recording Equipment Inspection and Maintenance

RT-RP-VIM-016-03, Recommended Practice for Solid State Auxiliary Power Unit Periodic Inspection and Maintenance

RT-S-VIM-017-03, Standard for Calibration of Inspection and Maintenance Tools RT-RP-VIM-018-03, Recommended Practice for Propulsion Controls Periodic Inspection

and Maintenance RT-RP-VIM-019-03, Recommended Practice for Truck Systems Periodic Inspection and

Maintenance RT-S-RGC-001-02, Standard for Rail Transit System Highway-Rail Grade Crossing

Inspection and Maintenance RT-RP-RGC-002-02, Recommended Practice for Rail Transit Grade Crossing Public

Education and Rail Trespass Prevention RT-RP-RGC-003-03, Recommended Practice for Rail Grade Crossing Safety

Assessment RT-S-RGC-004-03, Standard for Rail Transit Grade Crossing Warning Systems RT-S-OP-001-02, Standard for General Rules - Introduction and Authority RT-S-OP-002-02, Standard for Accident/Incident Investigation RT-S-OP-003-02, Standard for Safe Operations in Yards RT-S-OP- 004-03, Standard for Work Zone Safety RT-S-OP-005-03, Standard for Operations Control Centers RT-S-OP-006-03, Standard for Rail Transit Signals Operating Rules

March 2009 95


RT-S-OP-007-04, Standard for Rail Transit System Emergency Management RT-RP-OP-008-04, Recommended Practice for Rail Transit System Customer Relations RT-S-OP-009-04, Standard for Rail Transit System Station Procedures RT-S-OP-010-03, Standard for Contractor's Responsibility for Right of Way Safety RT-S-OP-011-04, Standard for Rule Compliance and Implementation RT-S-OP-012-04, Standard for General Safety Rules RT-S-OP-013-03, Standard for Training of Rail Operations and Station Operations

Personnel RT-S-OP-014-04, Standard for Operating Personnel Reporting to Work RT-S-FS-001-02, Standard for Transit Structure Inspection and Maintenance RT-S-FS-002-02, Standard for Transit Track Inspection and Maintenance RT-S-FS-003-02, Standard for Station, Shop and Yard Inspection and Maintenance RT-S-FS-004-03, Standard for Traction Electrification Substation Inspection and

Maintenance RT-S-FS-005-03, Standard for Traction Electrification Stray Current/Corrosion Control

Equipment Inspection and Maintenance RT-S-FS-006-03, Standard for Traction Electrification Distribution System Inspection and

Maintenance RT-RP-FS-007-02, Heavy Duty Escalator Design Guidelines RT-RP-FS-008-03, Heavy Duty Elevator Design Guidelines APTA-RT-RP-SC-001-02, Recommended Practice for Wayside AC Signal Power

System Inspection and Testing APTA-RT-RP-SC-002-02, Recommended Practice for Wayside DC Signal Power

System Inspection and Testing APTA-RT-RP-SC-003-02, Recommended Practice for Signal System Snow Melting

Equipment Inspection and Testing APTA-RT-S-SC-004-02, Standard for Approach Locking Tests APTA-RT-S-SC-005-02, Standard for Route Locking Tests APTA-RT-S-SC-006-02, Standard for Time Locking Tests APTA-RT-RP-SC-007-03, Recommended Practice for Presence Detector Inspection and

Maintenance APTA-RT-RP-SC-008-03, Recommended Practice for Train-to-Wayside Communication

System Inspection and Testing APTA-RT-S-SC-009-03, Standard for Audio Frequency Track Circuit Inspection and

Maintenance APTA-RT-S-SC-010-02, Standard for Traffic Locking Tests APTA-RT-S-SC-011-03, Standard for Cable Plant System Inspection and Testing APTA-RT-S-SC-012-03, Standard for Closed Circuit Television (CCTV) Inspection and

Maintenance APTA-RT-RP-SC-013-03, Recommended Practice for Passenger Information System

Inspection and Maintenance APTA-RT-RP-SC-014-03, Recommended Practice for Fiber Optic Multiplexer (FOM)

Inspection and Maintenance APTA-RT-S-SC-015-03, Standard for Emergency Telephone and Passenger Assistance

Device Inspection and Maintenance APTA-RT-RP-SC-016-03, Recommended Practice for Private Branch Exchange (PBX)

Systems and Equipment Inspection and Testing APTA-RT-RP-SC-017-03, Recommended Practice for Signal Equipment Room

Inspection and Maintenance APTA-RT-RP-SC-018-03, Recommended Practice for Vented Standby Battery/Un-

Interruptible Power Supply (UPS) Inspection and Maintenance

March 2009 96


APTA-RT-S-SC-019-03, Standard for AC Ground Detection System Equipment Inspection and Maintenance

APTA-RT-S-SC-020-03, Standard for DC Ground Detection System Equipment Inspection and Maintenance

APTA-RT-S-SC-021-03, Standard for Electric Train Stop Mechanism Inspection and Maintenance

APTA-RT-S-SC-022-03, Standard for Electro-Pneumatic Train Stop Mechanism Inspection and Maintenance

APTA-RT-S-SC-023-03, Standard for Local Control Panel Inspection and Maintenance APTA-RT-S-SC-024-03, Standard for Electric Switch Machine Inspection and

Maintenance APTA-RT-S-SC-025-03, Standard for Electro-Pneumatic Switch Machine Inspection and

Maintenance APTA-RT-S-SC-026-03, Standard for Hand Operated Switch Machine Inspection and

Maintenance APTA-RT-S-SC-027-03, Standard for Switch Inspection and Obstruction Tests APTA-RT-S-SC-028-03, Standard for Vital Relay Tests APTA-RT-S-SC-029-03, Standard for Wayside Inductive Loop Inspection and Testing APTA-RT-RP-SC-030-03, Recommended Practice for Non-Vital Processor-Based

Systems Inspection, Testing and Configuration Control APTA-RT-RP-SC-031-03, Recommended Practice for Signal Maintenance Personnel

Qualifications and Training APTA-RT-RP-SC-032-03, Recommended Practice for Voice/Data Carrier Transmission

System Inspection and Maintenance APTA-RT-RP-SC-033-03, Recommended Practice for Wayside Signal Equipment

Inspection APTA-RT-S-SC-034-03, Standard for Supervisory Control and Data Acquisition

(SCADA) System Inspection and Testing APTA-RT-S-SC-035-03, Standard for Vital Processor-Based System Inspection, Testing

and Configuration Control APTA-RT-S-SC-036-03, Standard for Wayside Signal Inspection and Testing APTA-RT-RP-SC-037-03, Recommended Practice for Signal and Communication

System Configuration Control APTA-RT-RP-SC-038-03, Recommended Practice for Signal System Event Recorders

and Data Logging Equipment Inspection & Maintenance APTA-RT-RP-SC-039-03, Recommended Practice for Yard Page/Intercom System

Inspection and Testing APTA-RT-S-SC-040-03, Standard for AC Track Circuit Inspection and Maintenance APTA-RT-S-SC-041-03, Standard for Interlocking Inspection APTA-RT-S-SC-042-03, Standard for Fire Detection System Inspection and Testing APTA-RT-S-SC-043-03, Standard for Impedance Bond Inspection and Maintenance APTA-RT-S-SC-044-03, Standard for Wayside Intrusion Detection System Inspection

and Testing APTA-RT-RP-SC-045-03, Recommended Practice for Signal Equipment Room

Grounding System Inspection and Testing APTA-RT-RP-SC-046-03, Recommended Practice for Radio Communication System

Inspection and Testing

5.8 CPUC General Orders

March 2009 97


General orders for the design and construction of rail transit projects developed by the California Public Utilities Commission are available at: http://www.cpuc.ca.gov/ and include the following:

California Public Utilities Commission (CPUC) General Order No. 26 D, Regulations Governing Clearances On Railroads and Street Railroad With Reference to Side and Over-head Structures, Parallel Tracks, Crossings of Public Roads, Highways and Streets

California Public Utilities Commission (CPUC) General Order 32-B, Regulations Governing Railroad Interlockings

California Public Utilities Commission (CPUC) General Order No. 72 B, Rules Governing the Construction and Maintenance of Crossings At Grade of Railroad with Public Streets, Roads, and Highways in the State of California

California Public Utilities Commission (CPUC) General Order No. 75-C, Regulations Governing the Protection of Crossings At-Grade of Roads, Highways Protection of and Streets with Railroads in the State of California

California Public Utilities Commission (CPUC) General Order No. 88-A, Rules for Altering Public Railroad-Highway Grade Crossings

California Public Utilities Commission (CPUC) General Order No. 95, Rules for Overhead Line Construction

California Public Utilities Commission (CPUC) General Order No. 118, Regulations Governing the Construction, Reconstruction, and Maintenance of Walkways Adjacent to Railroad Trackage and Control of Vegetation Adjacent Thereto

California Public Utilities Commission (CPUC) General Order No. 128, Rules for Construction of Underground Electric Supply and Communications Systems

California Public Utilities Commission (CPUC) General Order No. 135, The Occupancy of Public Grade Crossing by Railroads

California Public Utilities Commission (CPUC) General Order No. 143 B, Safety Rules and Regulations Governing Light Rail Transit

California Public Utilities Commission (CPUC) General Order 145, Railroad Crossing to be Classified Exempt from the Mandatory Stop Requirements of Section 22452 of the Vehicle Code

5.9 NFPA Standards

Fire life safety standards available from the National Fire Protection Association can be purchased at: http://www.nfpa.org and include the following:

National Fire Protection Association (NFPA) Standard 13, Sprinkler Systems National Fire Protection Association (NFPA) Standard 14, Standpipe and Hose Systems National Fire Protection Association (NFPA) Standard 24, Standard for the Installation of

Private Fire Service Mains and Their Appurtenances National Fire Protection Association (NFPA) Standard 54, National Fuel Gas Code National Fire Protection Association (NFPA) Standard 70, National Electrical Code National Fire Protection Association (NFPA) Standard 72, National Fire Alarm Code National Fire Protection Association (NFPA) Standard 80, Standard for Fire Doors and

Windows National Fire Protection Association (NFPA) Standard 90A, Standard for the Installation

of Air Conditioning and Ventilating Systems National Fire Protection Association (NFPA) Standard 91, Standard for the Installation of

Blower and Exhaust Systems for Dust, Stock, and Vapor Removal or Conveying National Fire Protection Association (NFPA) Standard 101, Life Safety Code

March 2009 98




National Fire Protection Association (NFPA) Standard 130, Fixed Guideway Transit Systems

National Fire Protection Association (NFPA) Standard 220, Standard on Types of Building Construction

National Fire Protection Association (NFPA) Standard 1221, Standard for the Installation, Maintenance and Use of Public Fire Service Communications Systems

National Fire Protection Association (NFPA) Standard 1250, Recommended Practice in Emergency Service Organization Risk Management

National Fire Protection Association (NFPA) Standard1561, Standard on Emergency Services Incident Management Systems

National Fire Protection Association (NFPA) Standard 1600, Standard on Disaster/Emergency Management and Business Continuity Programs

5.10 Bibliographic References

Bibliographic references to support the development and implementation of the Safety and Security Management Plan include:

American Public Transportation Association, “Manual for the Development of Rail Transit System Safety Program Plans,” 1999.

Bahr, Nicholas, System Safety Engineering and Risk Assessment: A Practical Approach: Taylor and Francis, New York City, NY, 1997.

Christensen, Wayne C. and Fred A. Manuele, Editors. Safety through Design. NSC Press, ISBN 0-87912-204-8, 1999.

Department of Defense (DOD) Military Standards and Handbooks for Safety and Reliability, available at: http://www.weibull.com/knowledge/milhdbk.htm

DOD-STD-480, “Configuration Control - Engineering Changes, Deviations, and Waivers”

DOD-STD-2167A, “Military Standard Defense System Software Development”

Federal Aviation Administration, System Safety Handbook, Washington, D.C., December 30, 2000.

Federal Aviation Administration, System Safety Handbook Resource Site, available at: http://www.faa.gov/library/manuals/aviation/risk_management/ss_handbook/

Federal Aviation Administration, System Safety Handbook, Appendix C: Related Readings in Aviation System Safety, December 30, 2000

Federal Aviation Administration, Joint Software System Safety Committee, Software System Safety Handbook: a Technical and Managerial Team Approach, 1999

Federal Highway Administration, Manual on Uniform Traffic Control Devices, available at: http://mutcd.fhwa.dot.gov/

Hammer, Willie. Product Safety Management and Engineering. Second Edition, ASSE, ISBN 0-939874-90-3, 1993.

March 2009 99

http://mutcd.fhwa.dot.gov/



MIL-HDBK-61A(SE), “Military Handbook Configuration Management Guidance”

MIL-STD 882-D, “System Safety Program Requirements”

MIL-STD-481, “Configuration Control - Engineering Changes, Deviations, and Waivers (Short Form)”

MIL-STD-490, “Specification Practices”

MIL-STD-499, “Engineering Management”

MIL-STD-1521, “Technical Reviews and Audits for Systems, Equipments, and Computer Software”

MIL-STD 1629A, “Procedures for Performing a Failure Mode, Effects and Criticality Analysis”

Naval Safety Center Resource Site, available at: http://www.safetycenter.navy.mil/

Raheja, Dev. Products Assurance Technologies: Principles and Practice. New York: McGraw Hill, Inc., 1991.

Roland, Harold E., Moriarty, Brian, System Safety Engineering and Management, Second Edition, John Wiley & Sons, Inc., 1990.

System Safety Society, System Safety Analysis Handbook , 2nd Edition, System Safety Society, Sterling, VA, August 16, 1999.

U.S. Department of Defense, Joint Software Safety Committee, Software System Safety Handbook, December 1999.

U.S. Department of Transportation, Emergency Response Guidebook, 2004

Vincoli, Jeffrey, Basic Guide to System Safety, Van Nostrand Reinhold Press, 1993.

March 2009 100

http://www.safetycenter.navy.mil/


6.0 Useful Security Resources

6.1 FTA/ASIS Resources

FTA has prepared Transit Security Design Considerations, available at: http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/DesignConsiderations/default.asp.

Other recommendations for designing security into projects, for managing sensitive security information (SSI) during projects, and for developing appropriate procedures and policies for operational security can be found at: http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/Top20/.

Information on FTA’s TransitWatch program is available at: http://transit-safety.volpe.dot.gov/Security/TransitWatch/Default.asp

The American Society for Industrial Security (ASIS) also has a series of guidelines and standards available at: http://www.asisonline.org/guidelines/guidelines.htm.

6.2 TCRP/NCHRP Security Resources

Transit Cooperative Research Program (TCRP) Report 86: Public Transportation Security, Volume 1: Communication of Threats: A Guide (2002), available at: http://gulliver.trb.org/publications/tcrp/tcrp_rpt_86-v1.pdf

Transit Cooperative Research Program (TCRP) Report 86: Public Transportation Security, Volume 10, Hazard and Security Plan Workshop: Instructor Guide [Includes Appendix A & B] (2006), available at: http://www.trb.org/publications/tcrp/tcrp_rpt_86v10.pdf

Hazard and Security Plan Workshop: Instructor Guide, Appendix C: Agenda for Participants (2006), available at: http://www.trb.org/news/blurb_detail.asp?id=5733 Hazard and Security Plan Workshop: Instructor Guide, Appendix D: Somewhere County Map for Workshop (2006), available at: http://www.trb.org/news/blurb_detail.asp?id=5733

Hazard and Security Plan Workshop: Instructor Guide, Appendix E: Guide for Workshop Participants (2006), available at: http://www.trb.org/news/blurb_detail.asp?id=5733

Hazard and Security Plan Workshop: Instructor Guide, Appendix F: The HSP (2006), available at: http://www.trb.org/news/blurb_detail.asp?id=5733

Hazard and Security Plan Workshop: Instructor Guide, Appendix G: The HSP Template Instructions (2006), available at: http://www.trb.org/news/blurb_detail.asp?id=5733

Hazard and Security Plan Workshop: Instructor Guide, Appendix H: Evaluation Form (2006), available at: http://www.trb.org/news/blurb_detail.asp?id=5733

Transportation Security: A Summary of Transportation Research Board Activities (February 2006), available at: http://www.trb.org/publications/dva/SecurityActivities.pdf

March 2009 101

http://www.trb.org/publications/dva/SecurityActivities.pdf

http://www.trb.org/news/blurb_detail.asp?id=5733






http://www.trb.org/publications/tcrp/tcrp_rpt_86v10.pdf

http://gulliver.trb.org/publications/tcrp/tcrp_rpt_86-v1.pdf

http://www.asisonline.org/guidelines/guidelines.htm

http://transit-safety.volpe.dot.gov/Security/TransitWatch/Default.asp

http://transit-safety.volpe.dot.gov/Security/TransitWatch/Default.asp

http://transit-safety.volpe.dot.gov/security/SecurityInitiatives/Top20/




National Cooperative Highway Research Program (NCHRP) Report 525 Volume 8: Surface Transportation Security and the Transit Cooperative Research Program (TCRP) Report 86 Volume 8: Public Transportation Security Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies (2005) at: http://trb.org/publications/nchrp/nchrp_rpt_525v8.pdf

Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies, Downloadable Worksheets (2005), available at: http://www.trb.org/publications/crp/COOPWksheet.pdf

Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies, A Template for a Completed COOP Plan (2005), available at: http://www.trb.org/news/blurb_detail.asp?id=5612

Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies, Brochures (2005), available at: http://www.trb.org/news/blurb_detail.asp?id=5612

Continuity of Operations (COOP) Planning Guidelines for Transportation Agencies, Draft PowerPoint Presentation (2005), available at: http://www.trb.org/news/blurb_detail.asp?id=5612

The Case for Searches on Public Transportation. TRB’s Legal Research Digest 22 (October 2005), available at: http://www.trb.org/publications/tcrp/tcrp_lrd_22.pdf

Summary of a Workshop on Using Information Technology to Enhance Disaster Management (2005), available at: http://www.nap.edu/books/0309100372/html/

Quarantine Stations at Ports of Entry Protecting the Public's Health (2005), available at: http://www.nap.edu/books/030909951X/html/

National Cooperative Highway Research Program (NCHRP) Report 525: Surface Transportation Security, Volume 6: Guide for Emergency Transportation Operations (2005), available at: http://trb.org/publications/nchrp/nchrp_rpt_525v6.pdf

Emergency Transportation Operations: Resources Guide for NCHRP Report 525, Volume 6 (2005), available at: http://www.trb.org/publications/nchrp/nchrp_w73.pdf

Transit Cooperative Research Program (TCRP) Report 86: Public Transportation Security, Volume 7, Public Transportation Emergency Mobilization and Emergency Operations Guide (2005), available at: http://www.trb.org/publications/tcrp/tcrp_rpt_86v7.pdf

Transit Cooperative Research Program (TCRP) Web Only Document 25, Public Transportation Emergency Mobilization and Emergency Operations Guide: Appendix B--Survey of U. S. Public Transportation Systems (June 2005), available at: http://www.trb.org/publications/tcrp/tcrp_webdoc_25.pdf

Transit Passengers and Civil Rights. TRB’s Legal Research Digest 20 (June 2005), available at: http://trb.org/publications/tcrp/tcrp_lrd_20.pdf

Evacuation Planning, Human Factors, and Traffic Engineering: Developing Systems for Training and Effective Response. TRB News 238 (June 2005), available at: http://gulliver.trb.org/publications/trnews/trnews238evacplanning.pdf

March 2009 102

http://gulliver.trb.org/publications/trnews/trnews238evacplanning.pdf

http://trb.org/publications/tcrp/tcrp_lrd_20.pdf

http://www.trb.org/publications/tcrp/tcrp_webdoc_25.pdf

http://www.trb.org/publications/tcrp/tcrp_rpt_86v7.pdf

http://www.trb.org/publications/nchrp/nchrp_w73.pdf

http://trb.org/publications/nchrp/nchrp_rpt_525v6.pdf

http://www.nap.edu/books/030909951X/html/

http://www.nap.edu/books/0309100372/html/

http://www.trb.org/publications/tcrp/tcrp_lrd_22.pdf





http://www.trb.org/publications/crp/COOPWksheet.pdf



Transportation Security Training and Education: Resources, Techniques, and Strategies. TRB News 238 (June 2005), available at: http://trb.org/publications/trnews/trnews238.pdf

TRB's Security Related Publications (website), available at: http://www4.trb.org/trb/homepage.nsf/web/security

Nuclear Attack. News and Terrorism – Communicating a Crisis (2005), available at: http://www.nae.edu/NAE/pubundcom.nsf/weblinks/CGOZ-6DZLNU/$file/nuclear%20attack%2006.pdf

Reopening Public Facilities after a Biological Attack: A Decision-Making Framework (2005), available at: http://www.nap.edu/books/0309096618/html

National Cooperative Highway Research Program (NCHRP) Report 525: Surface Transportation Security, Volume 5: Guidance for Transportation Agencies on Managing Sensitive Information (2005), available at: http://trb.org/publications/nchrp/nchrp_rpt_525v5.pdf

National Cooperative Highway Research Program (NCHRP) Report 525: Surface Transportation Security, Volume 4: A Self-Study Course on Terrorism-Related Risk Management of Highway Infrastructure (2005), available at: http://trb.org/publications/nchrp/nchrp_rpt_525v4.pdf

National Cooperative Highway Research Program (NCHRP) Report 525, Surface Transportation Security, Volume 3: Incorporating Security into the Transportation Planning Process (2005), available at: http://trb.org/publications/nchrp/nchrp_rpt_525v3.pdf

Transit Cooperative Research Program (TCRP) Synthesis 58: Emergency Response Procedures for Natural Gas Transit Vehicles (2005), available at: http://gulliver.trb.org/publications/tcrp/tcrp_syn_58.pdf

National Cooperative Highway Research Program (NCHRP) Report 525: Surface Transportation Security Volume 2: Information Sharing and Analysis Centers: Overview and Supporting Software Features (2004), available at: http://trb.org/publications/nchrp/nchrp_rpt_525v2.pdf

National Cooperative Highway Research Program (NCHRP) Report 525: Surface Transportation Security, Volume 1: Responding to Threats: A Field Personnel Manual (2004), available at: http://gulliver.trb.org/publications/nchrp/nchrp_rpt_525v1.pdf

TRB’s Electronic Circular E-C065: Transportation Security Education and Training: Summaries of Presentations at TRB's 83rd Annual Meeting (June 2004), available at: http://gulliver.trb.org/publications/circulars/ec065.pdf

Transit Cooperative Research Program (TCRP) Report 86: Public Transportation Security, Volume 6: Applicability of Portable Explosive Detection Devices in Transit Environments (2004), available at: http://trb.org/publications/tcrp/tcrp_rpt_86v6.pdf

National Cooperative Highway Research Program (NCHRP) Report 520: Sharing Information between Public Safety and Transportation Agencies for Traffic Incident Management (2004), available at: http://gulliver.trb.org/publications/nchrp/nchrp_rpt_520.pdf

March 2009 103

http://gulliver.trb.org/publications/nchrp/nchrp_rpt_520.pdf

http://trb.org/publications/tcrp/tcrp_rpt_86v6.pdf

http://gulliver.trb.org/publications/circulars/ec065.pdf

http://gulliver.trb.org/publications/nchrp/nchrp_rpt_525v1.pdf


http://gulliver.trb.org/publications/tcrp/tcrp_syn_58.pdf




http://www.nap.edu/books/0309096618/html

http://www.nae.edu/NAE/pubundcom.nsf/weblinks/CGOZ-6DZLNU/$file/nuclear%20attack%2006.pdf

http://www.nae.edu/NAE/pubundcom.nsf/weblinks/CGOZ-6DZLNU/$file/nuclear%20attack%2006.pdf

http://www4.trb.org/trb/homepage.nsf/web/security

http://trb.org/publications/trnews/trnews238.pdf


TCRP Report 86, Public Transportation Security: Volume 5: Security-Related Customer Communications and Training for Public Transportation Providers (2004), available at: http://gulliver.trb.org/publications/tcrp/tcrp_rpt_86v5.pdf

TRB Transportation Research Circular EC060: Using Simulation to Evaluate Impacts of Airport Security: 2003 Simulation Workshop (November 2003), available at: http://trb.org/publications/circulars/ec060/ec060.pd

TCRP Report 86, Public Transportation Security: Volume 4, Intrusion Detection for Public Transportation Facilities Handbook (2003), available at: http://trb.org/publications/tcrp/tcrp_rpt_86v4.pdf

Commercial Truck and Bus Safety Synthesis Program (CTBSSP) Synthesis 2: Commercial Truck and Bus Safety Synthesis Program (CTBSSP) Synthesis 2: Security Measures in the Commercial Trucking and Bus Industries (2003), available at: http://trb.org/publications/ctbssp/ctbssp_syn_2.pdf

TRB Special Report 274 - Cybersecurity of Freight Information Systems: A Scoping Study (2003), available at: http://trb.org/publications/sr/sr274.pdf

Tracking and Predicting the Atmospheric Dispersion of Hazardous Material Releases – Implications for Homeland Security (2003), available at: http://www.nap.edu/books/0309089263/html/

Transit Cooperative Research Program (TCRP) Research Results Digest 59: A Guide to Public Transportation Security Resources. Transit Cooperative Research Program (TCRP) Research Results Digest 59 (May 2003), available at: http://trb.org/publications/tcrp/tcrp_rrd_59.pdf

Transit Cooperative Research Program (TCRP) Research Results Digest 58: New Study Examines Bus Safety and Security in Western Europe. Transit Cooperative Research Program (TCRP) Research Results Digest 58 (June 2003), available at: http://trb.org/publications/tcrp/tcrp_rrd_58.pdf

Transit Cooperative Research Program (TCRP) Report 86: Public Transportation Security, Volume 3: Robotic Devices for the Transit Environment (2003), available at: http://trb.org/publications/tcrp/tcrp_rpt_86-v3.pdf

National Cooperative Highway Research Program (NCHRP) Synthesis 309: Transportation Planning and Management for Special Events (2003), available at: http://trb.org/publications/nchrp/nchrp_syn_309a.pdf

Alerting America, Effective Risk Communication (October 2002), available at: http://fermat.nap.edu/html/ndr/alerting_america.pdf?trb

Transit Cooperative Research Program (TCRP) Report 86 Public Transportation Security, Volume 2: K9 Units in Public Transportation: A Guide for Decision Makers (2002), available at: http://trb.org/publications/tcrp/tcrp_rpt_86-v2.pdf

Transit Cooperative Research Program (TCRP) Report 86: Public Transportation Security, Volume 1: Communication of Threats: A Guide (2002), available at: http://gulliver.trb.org/publications/tcrp/tcrp_rpt_86-v1.pdf

March 2009 104

http://gulliver.trb.org/publications/tcrp/tcrp_rpt_86-v1.pdf

http://trb.org/publications/tcrp/tcrp_rpt_86-v2.pdf

http://fermat.nap.edu/html/ndr/alerting_america.pdf?trb

http://trb.org/publications/nchrp/nchrp_syn_309a.pdf

http://trb.org/publications/tcrp/tcrp_rpt_86-v3.pdf

http://trb.org/publications/tcrp/tcrp_rrd_58.pdf

http://trb.org/publications/tcrp/tcrp_rrd_59.pdf


http://trb.org/publications/sr/sr274.pdf

http://trb.org/publications/ctbssp/ctbssp_syn_2.pdf

http://trb.org/publications/tcrp/tcrp_rpt_86v4.pdf

http://trb.org/publications/circulars/ec060/ec060.pd

http://gulliver.trb.org/publications/tcrp/tcrp_rpt_86v5.pdf


Discouraging Terrorism Some Implications of 9/11: New Deterrence Approach Needed to Discourage Terrorism (2002), available at: http://www.nap.edu/books/0309085306/html/

TRB Special Report 270: Deterrence, Protection, and Preparation: The New Transportation Security Imperative (2002), available at: http://trb.org/publications/sr/sr270.pdf

Making the Nation Safer: The Role of Science and Technology in Countering Terrorism (2002), available at: http://darwin.nap.edu/books/0309084814/html/

Transit Cooperative Research Program (TCRP) Research Results Digest 41: Guidelines for Collecting, Analyzing, and Reporting Transit Crime Data (January 2001), available at: http://gulliver.trb.org/publications/tcrp/tcrp_rrd_41.pdf

Transportation Security: Protecting the System from Attack and Theft. TR News: November-December 2000 (December 2000), available at: http://trb.org/publications/trnews/trnews211.pdf

Transit Cooperative Research Program (TCRP) Synthesis 38: Electronic Surveillance Technology on Transit Vehicles (2001), available at: http://gulliver.trb.org/publications/tcrp/tsyn38.pdf

Improved Visibility for Snowplowing Operations. National Cooperative Highway Research Program (NCHRP) Research Results Digest Number 250 (November 2000), available at: http://gulliver.trb.org/publications/nchrp/nchrp_rrd_250.pdf

Transit Cooperative Research Program (TCRP) Web Document 18: Developing Useful Transit-Related Crime and Incident Data (April 2000), available at: http://gulliver.trb.org/publications/tcrp/tcrp_webdoc_18.pdf

Transit Cooperative Research Program (TCRP) Synthesis 21: Improving Transit Security (1997), available at: http://gulliver.trb.org/publications/tcrp/tsyn21.pdf

TRB Transit Cooperative Research Program (TCRP) Synthesis 27: Emergency Preparedness for Transit Terrorism (1997), available at: http://gulliver.trb.org/publications/tcrp/tsyn27.pdf

Transit Cooperative Research Program (TCRP) Web Document 15: Guidelines for the Effective Use of Uniformed Transit Police and Security Personnel (May 1997), available at: http://gulliver.trb.org/publications/tcrp/tcrp_webdoc_15-a.pdf

6.3 Department of Homeland Security

Homeland Security Exercise and Evaluation Program – Volume I: Overview and Doctrine, http://www.ojp.usdoj.gov/odp/docs/HSEEPv1.pdf, March 2003

Homeland Security Exercise and Evaluation Program – Volume II: Exercise Evaluation and Improvement, http://www.ojp.usdoj.gov/odp/docs/HSEEPv2.pdf, March 2003

Homeland Security Exercise and Evaluation Program – Volume III: Exercise Program Management and Exercise Planning Process, http://www.ojp.usdoj.gov/odp/docs/HSEEPv3.pdf, July 2004

March 2009 105

http://www.ojp.usdoj.gov/odp/docs/HSEEPv3.pdf



http://gulliver.trb.org/publications/tcrp/tcrp_webdoc_15-a.pdf

http://gulliver.trb.org/publications/tcrp/tsyn27.pdf


http://gulliver.trb.org/publications/tcrp/tcrp_webdoc_18.pdf

http://gulliver.trb.org/publications/nchrp/nchrp_rrd_250.pdf


http://trb.org/publications/trnews/trnews211.pdf

http://gulliver.trb.org/publications/tcrp/tcrp_rrd_41.pdf

http://darwin.nap.edu/books/0309084814/html/

http://trb.org/publications/sr/sr270.pdf



Homeland Security Exercise and Evaluation Program – Volume IV: Sample Exercise Documents and Formats, http://www.ojp.usdoj.gov/odp/docs/HSEEPv4.pdf, 2004

Homeland Security Presidential Directive/HSPD-5: Management of Domestic Incidents, http://www.fema.gov/pdf/reg-ii/hspd_5.pdf, February 2003

Homeland Security Presidential Directive/HSPD-6: Integration and Use of Screening Information, http://www.whitehouse.gov/news/releases/2003/09/20030916-5.html, September 2003

Homeland Security Presidential Directive/HSPD-7: Critical Infrastructure Identification, Prioritization, and Protection, http://www.ea.doe.gov/pdfs/hspd7.pdf, December 2003

Homeland Security Presidential Directive/HSPD-8: National Preparedness, http://ops.state.co.us/pdf/HSPD-8.pdf, December 2003

National Incident Management System, http://www.dhs.gov/interweb/assetlibrary/NIMS-90-web.pdf, March 2004

National Response Plan, http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0566.xml, December 2004

State NIMS Integration: Integrating the National Incident Management System into State Emergency Operations Plans and Standard Operating Procedures, http://www.fema.gov/txt/nims/eop-sop_state_online.txt, 2006

Special Needs Jurisdiction Toolkit, URL not available, 2003

Special Needs Jurisdiction Toolkit Case Study, URL not available, 2003

March 2009 106

http://www.fema.gov/txt/nims/eop-sop_state_online.txt

http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0566.xml

http://www.dhs.gov/interweb/assetlibrary/NIMS-90-web.pdf

http://www.dhs.gov/interweb/assetlibrary/NIMS-90-web.pdf

http://ops.state.co.us/pdf/HSPD-8.pdf

http://www.ea.doe.gov/pdfs/hspd7.pdf

http://www.whitehouse.gov/news/releases/2003/09/20030916-5.html

http://www.fema.gov/pdf/reg-ii/hspd_5.pdf
