140 likes | 327 Views
The challenge of transforming a rule-based system into a risk-based culture on an example of a rolling stock approval. DB Systemtechnik GmbH. Marc Geisler. Risk Management / Safety Assessment. Vancouver, October 08th 2013. Foto: DB Systemtechnik.
E N D
The challenge of transforming a rule-based system into a risk-based culture on an example of a rolling stock approval DB Systemtechnik GmbH Marc Geisler Risk Management / Safety Assessment Vancouver, October08th 2013 Foto: DB Systemtechnik
The challenge of transforming a rule-based system into a risk-based culture on an example of a rolling stock approval 1. Introduction 2. Requirements on Safety Management Systems 3. Approval Process for Roling Stock in Europe 4. Example of Approval Process in Germany 5. Conclusions DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
1. Introduction Safety Management Systems (SMS) focus on risk based approaches. • Existing regulations like the European Common Safety Methods on Risk Evaluation and Assessment (CSM-RA) support the implementation of risk assessment processes. • Combination of the rule based approach by using Code of Practice with risk based approaches by using Reference Systems and explicit risk estimations as so called risk acceptance principles are part of the CSM-RA. • In particular for rolling stock approval guidelines were development in Germany to make the risk based approach as described in EN 50126, EN 50128 and EN 50129 usable for rolling stock. • One outcome is the TeSip (technical safety plan) including a number of exemplarily described functions and hazards of rolling stocks. DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
2. RequirementsofSafety Management SystemsGuideline orientedsafetymanagementbecomesriskoriented Safety in changing cultures • Maintaining safety, keeping operation on a high quality level and ensuring a cost efficient railway system is a demanding task of today DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
2. RequirementsofSafety Management SystemsKeepingCodes ofPractise Safe • Hazards and associated risks are often not sufficiently described in current rules • No direct link between rules and hazards possible • Comparison with CoP or Reference Systems hardly possible as hazards are not described in existing rules and system descriptions. • A systematic approach as shown were in the past not always documented. • The extistingCoP need improvement for a risk based safety management. DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
3. ApprovalProcessforRoling Stock in Europerequires safety demonstration in different ways • The Notified Body (NoBo) checks the conformity with European Technical Specification Interoperability. The TSI cover safety and technical aspects. • The Designated Body (DeBo) checks the conformity with notified national regulation, where safety and technical aspects are included. • The Assessment Body (AsBo) assesses the application of risk management activities following the CSM-RA process. DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
4. ExampleofApprovalProcess in GermanyA numberofassessmentsaretobedocumented Safety demonstration according to European and National requirements demand several documents for receiving the approval for Placing into Service of a Rolling Stock. Some are listed below • Safety plan with the specific safety-process description for the project • Technical Safety Plan (TeSip) including the system safety requirement specification • Safety Assessment Report of the AsBo according to CSM-RA • Conformity Certificates according to Technical Rules • Vehicle dossier and component dossiers according to German rule for rolling stock approval • Several certificates, risk assessments, practical demonstration reports etc. • Application Guide for the Vehicle with operational requirements and limitations • Maintenance settings DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
4. ExampleofApprovalProcessin GermanySafety Plan structureandApprovalprocessfor Rolling Stock TeSip specific amendment Operator Safety Case Specific safety plan Conformity and Safety Assessment Definition of safety responsibilities Specification of system-safety requirements Information Assessments, Tests and Surveys • Done by • NoBo • DeBo • AsBo • according to European require-ments Assessments, Tests and Surveys Concepts / Specifications TeSip specific amendment Contract Safety requirements Conformity Certificates Safety Assessment Report Adjustment of Safety Plan Engineering / Design Specification with safety requirements Supplier Assessments and Surveys Authority Application for Approval Approval Placing into Service Legal Act DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
4. ExampleofApprovalProcess in GermanyThe Technical Safety Plan (TeSip) in theSafety Case TeSip specific amendment Safety Case Specific safety plan Conformity and Safety Assessment Operator Definition of safety responsibilities Specification of system-safety requirements Information Assessments, Tests and Surveys Technical Safey Plan (TeSiP Assessments, Tests and Surveys TeSip specific amendment Contract Safety requirements Concepts / Specifications Function Safety requirement Hazard Hazard Classification Confirmity Certificates Safety Assesment Report Adjustment of Safety Plan Engineering / Design Decision about - Rule based approach - Risk based approach according to Hazard Classification and existence of applicable rules Specification with safety requirements Apportionment of safety requirements and responsibilitiesare detailed in Hazard Trees Supplier Assessments and Surveys Authority Application for Approval Approval Placing into Service Legal Act DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
4. ExampleofApprovalProcess in GermanyHazardTreesunderpinthe Technical Safety Plan • The hazards listed in the TeSipare detailed by Hazard Trees to a level of functional architecture elements. • Safety responsibilities are specified • Orange means staff responsibility • Yellow means technical responsibility • Safety Requirements are broken down to different implementations. • Hazard classification follows the risk graph approach Example Hazard Tree “Fire and Smoke” from TeSiP DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
5. Conclusion (1) • The rule-based approach has been applied during design and maintenance of rolling stock successful for many years and covers implicitly the safety aspects. • The today’s safety management system focuses on hazards to be controlled by different risk acceptance principles. • Therefore safety demonstration by implicit approaches needs amendments. • The risk based approach requires specific knowledge about methods for risk assessment and independent safety assessment which needs time to establish. • Experts in risk management support the design and implementation of functions and subsystems into the next higher system level. • Safety managers ensure the safe integration and the independent safety assessment body checks the overall procedures and requirements of the safety case. DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
5. Conclusion (2) • The rule-based approach is still an important way to ensure safety where the preconditions are well known. • For innovative and complex situations the risk-based approach is an appropriate add-on to make railways reliable and safe. • A solely risk based approach does not cover all the needs of the modern railways. • Expert judgment about the application of rules-based or risk-oriented safety demonstration is always a trustful way. • The TeSip covering the standard functions of a rolling stock and its hazards supports combining the rule-based safety demonstration with risk-based cultures. DB Systemtechnik GmbH | Marc Geisler | 08.10.2013
Thankyouforyourattention! • Do youhavequestions? DB Systemtechnik GmbH | Marc Geisler | 08.10.2013