Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

Draft foundation control measure

GoalIdentify risk control measures to avoid hazards / to bring the system from hazardous to the non-hazardous state
Requirements met by this process step

CSM-RA (402/2013) §4 (Risikomanagementverfahren)

EN 50126-1:2017 §7.4, §7.5

EN 50126-2:2017 §5

Inputs

https://rmt.jaas.service.deutschebahn.com/confluence/display/SSI/Safety+functions

Analyzed standards:

  • VDE 0831-103 (2020-09) -  Elektrische Bahn-Signalanlagen, Teil 103: Ermittlung von Sicherheitsanforderungen an technische Funktionen in der Eisenbahnsignaltechnik; Ausgabedatum: 2020-09
  • SIRF TESIP - Sicherheitsregelung Fahrzeug - Überarbeitete Fassung 2019; Methode zum Festlegen und Nachweisen sicherheitsbezogener Anforderungen und Bewertung der Risiken im Rahmen der Umsetzung der CSM-RA und der EN 50126; Datum:   01.01.2020
  • IEC 62290-2/Ed.1 2CD © IEC - 2009/01/13 – 11 – 9/1229/CD; RAILWAY APPLICATIONS – URBAN GUIDED TRANSPORT MANAGEMENT AND COMMAND/CONTROL SYSTEMS; Part 2: Functional requirements specification
  • IEC 62290-1 Railway applications - Urban guided transport management and command/control systems - Part 1: System principles and fundamental concepts
  • 1474.1 IEEE Standard for Communications-Based Train Control (CBTC); Performance and Functional Requirements; 2005
  • 1474.2 IEEE Standard for User Interface Requirements in Communications-Based Train Control (CBTC) Systems; 2003
  • EN62267 (2010) - Railway applications – Automated urban guided transport (AUGT) – Safety requirements (IEC 62267:2009)
  • ETCS Subset-088 v354 ETCS Application Level 1 - Safety Analysis, Part 1 - Functional Fault Tree 
  • MODSafe Project: MODSafe Hompage - Documentlist; Especially, D4.2 "Analysis of Common Safety Requirements Allocation for MODSafe continuous Safety Measures and Functions", D2.1 "First List of Hazards, Preliminary Hazard Analysis (PHA)"
Outputs

Finite set of already known and used Control Measure to cope with hazards (as mindmaps):

https://rmt.jaas.service.deutschebahn.com/confluence/display/SSI/Safety+functions

See subpages sorted by accident.
Methodology

Control measure (CM) are used on operational level. The control measure shall avoid a hazard or mitigate a hazard. Following steps have been aplplied in order to create a set of suitable control measures:

1) Identify already existing control measures resp. system (safety) functions

The different railway standards have been analyzed (see Input) in order to identify safety functions which can mitigate identified hazards or their failure modes.

2) Define control measures to mitigate hazards/to negate their conditions

For every hazard/its condition or failure mode a minimum one control measure has been assigned in the mindmaps created during hazard-accident assignment process.

3) Consolidate the set of identified control measures and system (safety) functions

The list of identified control measures/safety functions have been mapped to the control measures assigned to the identified hazards and hazard failure modes. Where necessary new control measures have been defined in order to suit to the failure mode/hazard, where possible the established safety functions or their adaptations have been used.

Tools and non-human resources
Cardinality
  • Created and provided as a first stable draft or baseline incl. reviews
  • Control Measures will be further implemented and maintained in Capella, if applicable (Risk-State-Model)
  • In case of significant changes, set of Control Measures will be changed and confirmed by review (ensured by implemented quality management system and related processes)
Completion criteriaList of consolidated control measures applied to all before identified hazards and their failure modes sorted by accident; no further Control Measures needed for Risk Managemet Procedure
Design review

Link to the corresponding design review where the completion of this activity is evaluated.

Remark: Internal review is documented in list in Safety functions (MMs with CMs) (still no quality management process in DBS).

Step done by (Responsible)RAMS Expert, Risk Manager or System Architect
Provides input to/assists (Contributes)

other RAMS Expert, Risk Manager or System Architect

Uses outputs (Informed)

Identify the roles and/or process areas that make use of this information outside of the ARCH process area;

The consolidation of the list of control measures is a basis for the implementation of state model in Capella.