common safety methods when using code of · pdf filecommon safety methods when using code of...
TRANSCRIPT
Common Safety Methods when using code f iof practice
“Tools for Planning” Banekonferencen 9. Maj 2012
Joakim Böcher
25/12/2012
CSM RA Code of Practice / Joakim Böcher
Who am I ? Joakim Böcher
- Bachelor from Copenhagen University College of Engineering (Electronic systems) 1981- DSB-Bane until 2000: Validation, assessment and safety management of signalling systems - From 2000: Det Norske Veritas Danmark A/S – now DNV KEMA –
- Experience in - Independent Assessment (ISA) on various types of railway systems- Safety Authority processes and procedures (External assistance)
- Just initiated the assessor role on the CSM-RA process
35/12/2012
CSM RA Code of Practice / Joakim Böcher
Overview
1. Introduction and scope of this presentation
2. Facts from the CSM Regulation
3. Approach to identify pitfalls in the process and some advises
4. Checklist and “conclusion”
45/12/2012
CSM RA Code of Practice / Joakim Böcher
Introduction
Background = COMMISSION REGULATION CSM
(EC) No 352/2009 of 24 April 2009 (CSM)
In force in DK from 1.1.2012 for all changes on railway infrastructure and rolling stocks [except historical lines and closed private lines]
Few projects in Denmark have used theFew projects in Denmark have used the regulation until now and no “state of the art” or common experiences exist
This presentation discusses some issues ?
related to the possible path in the regulation called “Application of code of Practice”
55/12/2012
CSM RA Code of Practice / Joakim Böcher
Viewpoint in this presentationp pPreliminary system
definition ge
log
Significant change?
Document the judgement of not significant
Ekspert judgement based on a Preliminary system
definition.
Y
No
gC
hang
Yes
Risk assessmentSystem definition
Hazard identification
Safety requirements
Risk evaluation
y q
Demonstration of compliance
Slide 65/12/2012
CSM RA Code of Practice / Joakim Böcher
The Code of Practice path
Detailed System definition
Risk assessmentReview af
systemdefinition
Yes
Hasard identification
Hasard identifikation and classification
Risk analysis
Clasify hasards: broadly acceptable and for all other chose
estimation methods A, B, or C
Document ”Broadly acceptable”
CEksplicit risk
estimation
BReference systemComparaison with a
ACode of praxis
Check validity of norms estimationQualitative or quantitative
Comparaison with a similar referencesystem
Check validity of norms or procedures and use
Risk evaluation
All nesesary safety requirements and external barriers identified
5/12/2012
CSM RA Code of Practice / Joakim Böcher
7
Code of practice, facts from the regulationp , g
Wording from CSM-RA ExplanationCodes of Practice Is a written set of rules that when correctlyCodes of Practice (Chapter 2.3.x)
Is a written set of rules that, when correctly applied, can be used to control one or more specific hazards
Be widely acknowledged in the railway domain • International acknowledged rules or• National rules (notified or accepted as
generic in the domain) or• Justified and accepted by the assessment
body
Relevant for the control of the considered hazards in the system under assessment
Sufficient risk reduction is achieved by the relevant section/ paragraph in the rules and they are relevant in the context for the hazard(s)
P bli l il bl f ll t h t t T i l bli i d th b b ‘t t dPublicly available for all actors who want to use them
Typical publicised on the web by a ‘trusted party’. Should prevent technical barriers to trade and prepare for easier cross acceptance
Where an alternative approach is not fully Only few deviation from a de facto ‘code of pp ycompliant with a code of practice, the proposer shall demonstrate that the alternative approach taken leads to at least the same level of safety
ypractice’ are acceptable. Can be a derogation (dispensation) or a new rule but “rule shopping” will not be acceptable.
5/12/2012
CSM RA Code of Practice / Joakim Böcher
8
Approach to identify pitfalls pp y pLets look here.Howe can the doorbe opened?be opened?
Safety Assessment System definition reportSystem definition
Authorization to put in service
GO!
95/12/2012
CSM RA Code of Practice / Joakim Böcher
Sometimes we should try to start from “behind”yRisk assessment
System definition 4) Check that the hazard identification are relevant
Hazard identification
Ri k l ti
in question
identification are relevant and complete for the system in question
Safety requirements
Risk evaluation 3) Trace that each hazard and the risk reduction requirement have been evaluated according to ay q
Demonstration of compliance
evaluated according to a relevant criteria
with the safety requirements
Safety Assessment report
2) Trace that each requirement have linked hazards
1) Trace the evidence that each safety requirement have been complied to
Slide 105/12/2012
CSM RA Code of Practice / Joakim Böcher
Evidence for each safety requirement have been complied to?y q p
Requirements must be
Assessable
Demonstration of compliance
Safety Case (recommended) Assessable - Measurable- Quantifiable
U bi
Safety Case (recommended) - Proof of safety- Test results
I ti- Unambiguous
Relevant for the system and the part(s) that
- Inspection - Validation- Etc. p ( )
contribute with the hazard
Challenge no. 1• The code of practice must include assessable requirements.
[Not ‘declaration of intent’, nor wording like ‘may’, ‘can’..etc.]
• Check that the rule is not too general / generic. It shall be dedicated to specific hazards and specific parts of the system.
115/12/2012
CSM RA Code of Practice / Joakim Böcher
What could be a “code of practice” – a rule?pTypes of Codes of Practice Comment / pitfalls /problems EN XXXXX - Railway applications…ICE XXXXX
Covers often much more than needed to control a i l h dICE XXXXX
ISO XXXXXDIN XXXXXUIC Codes
single hazard.Typical the whole standard must be applied.Standards often uses references to other standards.
UIC CodesBN XXXXX (Approved)E.g. BN1-77-1 on signalman's MMI
Only available in Danish.BN2 may not be authorized.Often uses references to other standards.
EN 50126 - 129 These standards includes by themselves risk analysis and generic methods. A clear interface to CSM-RA and identification of used methods are required.
TSI xx (Technical specification of interoperability for xx)
Problem that TSI’s have no traceability between a hazard list and the requirements.
( f )Further this is checked by NoBo (Notified Body). NNTR (Notified National Technical Rules)
Problem that NNTR have no traceability between a hazard list and the requirements.F th thi i h k d b D B (d i t d B d )Further this is checked by DeBo (designated Body)
5/12/2012
CSM RA Code of Practice / Joakim Böcher
12
Trace that each requirement have linked hazards q
Hazard EN XX XXX BN XX XXX ISO XX XXX BN XX XXXMitigating “codes of Practice” + requirement
Hazard EN XX XXX BN XX XXX ISO XX XXX BN XX XXX1 Chapter 4 and 52 Chapter w Complete3 Complete 4 Chapter 45 Chapter 7-10n
Challenge no. 2
Requirement
g• Each requirement shall have linked hazards • Each hazard shall have requirements linked.
135/12/2012
CSM RA Code of Practice / Joakim Böcher
Risk evaluation
For each hazard X: Perform thorough investigation to decide if the Code of practice d th i d i t i lid f ti h d X
Valid for preventing alua
tion
NO
and the recognized requirement is valid for preventing hazard X.
Use another Implicit Risk Acceptance p g
hazard X?Eva
YES
Document justification for “valid” in hazard log.
principleAcceptance Criteria!
Establish safety requirements
j g
Challenge no. 3Fi d f l t li it th l ti it i• Find or formulate explicit the evaluation criteria
• Argue why the hazard can be controlled to an acceptable level
5/12/2012
CSM RA Code of Practice / Joakim Böcher
14
Checklist
Find and formulate the evaluation criteria for the Code of Practice path
Make sure that the “code of practice” in fact is widely acknowledged and available
Rules, Standards etc. identified as Code of practice shall include specific requirements in order to create the demonstration (Safety Case) at the endrequirements in order to create the demonstration (Safety Case) at the end
Check that the rule is not too general / generic. It shall be dedicated tospecific hazards and specific parts of the system.
Use a matrix or list to document that each requirement has linked hazards and visa versa.
If generic standards that includes by themselves risk analysis and generic methods you shall try only to use relevant part of the standards.
If TSI are in force for the system special arrangements for the CSM RA have to be If TSI are in force for the system special arrangements for the CSM-RA have to be in place. For example: Divide the system in part fully covered by the TSI or create the relevant hazard list for the TSI.
155/12/2012
CSM RA Code of Practice / Joakim Böcher
Conclusion
The first use of CSM-RA and Code of practice can be challenging
When the process is completed once there will be rooms for reuse for all project which have a similar scope and system definition
The company can beneficially create a common list of hazards and there associated “Code of practice”there associated Code of practice
Time will develop a common practice and a smooth use of CSM-RA
By then the CSM RA process will be innovative for the railway By then the CSM-RA process will be innovative for the railway industry
165/12/2012
CSM RA Code of Practice / Joakim Böcher
Thank you!
www.dnvkema.com
175/12/2012
CSM RA Code of Practice / Joakim Böcher