1 / 19

Safety Process in Vectus ’ PRT Project Inge Alme: Safety Manager Jörgen Gustafsson: CTO

Safety Process in Vectus ’ PRT Project Inge Alme: Safety Manager Jörgen Gustafsson: CTO. Overview of the process including Requirements Criteria Analyses Documentation. Law: Rail vehicles, track and other systems have to be approved by the Rail Agency before putting into service.

cullen
Download Presentation

Safety Process in Vectus ’ PRT Project Inge Alme: Safety Manager Jörgen Gustafsson: CTO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Safety Processin Vectus’ PRT ProjectInge Alme: Safety ManagerJörgen Gustafsson: CTO

  2. Overview of the process including Requirements Criteria Analyses Documentation

  3. Law: Rail vehicles, track and other systems have to be approved by the Rail Agency before putting into service. Regulation: A safety case for the system is required for an approval. The regulations are according to the process in the standard EN 50126 (Demonstration of Reliability, Availability Maintainability and Safety) Manufacturer or operator/owner shall apply for approval and provide all documents for the safety case. There has to be an operator also approved by the Rail Agency. An approved vehicle is allowed to be put into service by an operator with a safety certificate. (There also has to be an infrastructure owner) Laws and regulations in Sweden 3

  4. Safety process / safety case (described in more detail) Compliance with international standards agreed to be applicable for various aspects of the system, e.g. noise, EMC, electrical installations, doors. Fulfillment of certain agreed functionality if not suitably covered by any international standards. Various documentation, e.g. descriptions, validation plan, maintenance plan and manuals, operating procedures etc. Approval requirements

  5. For the generic PRT system: Maximum 0.3 fatalities per billion person kilometers for passengers in PRT system. A fatality risk of maximum 1·10-6 per year for the most exposed third person For each subsystem: A single failure shall not lead to undesirable events, loss of lives or serious injuries. If such failures are identified, they must be controlled through either maintenance or operational actions For future changes in concept: Changes shall as a minimum not increase the risks in the system. If any increasing risk is identified, necessary mitigations should be implemented according to the ALARP-principle Safety Acceptance Criteria In railway, metro, trams etc. there are often specific requirements for individual parts of the complete system, usually derived over time based on historic performance. Distribution of levels for individual parts are not always optimized for best overall performance, and are sometimes based on certain operating conditions (e.g. certain size of a system, certain technical solution etc). We wanted to have criteria which are independent of system size and technical solutions, hence a new approach with a generic target has been set.

  6. Third person risk (our criterium: 1·10-6 per year for the most exposed third person) The same as the average annual risk for a Swede to die in a railway level crossing accident About the same level as the average risk of dying struck by lightning A factor 40 less risk than the average risk of dying in a fire Many oil & gas installations use the criterium 1·10-5 for the most exposed third person  The risk level for third person is very low compared to other “involuntarily” risks (note that our criterium is for the most exposed person compared to the average person in above examples) Passenger risk (our criterium: 0.3 fatalities per billion person kilometers) Swedish rail statistics fluctuate between 0.3 and 0.6 in the period from 1995-2004 The average number for railway systems in EU countries + Switzerland and Norway was 0.58 (in 2000) The corresponding number for bus passengers in Norway was 0.65 (1992-2001) The corresponding number for airplanes in Norway was 0.20 (1992-2001) Safety criteria, perspective

  7. Safety Acceptance Criteria Risk matrix for the test site

  8. Concept with intended operation and preliminary safety targets Specification with technical description, safety plan and safety requirements Design with standards, risk analysis and safety measurements Validation with test reports, manuals, main-tenance plans and future modification process Safety case, independent assessors report and infrastructure manager track admittance Approval for operation with conditions Safety process, requirements

  9. EN 50126 / IEC 62278 (RAMS-standard) IEC 61508 for electronic safety systems (this standard is more generic than EN 50128 and EN 50129 that is used for traditional railway systems) Basis for Safety Process The Swedish Railway Agency has required a third party assessment of the Safety Instrumented System (SIS) of the PRT system, i.e. a third party verification of the compliance with IEC 61508

  10. Vectus Safety Organization in the Project Swedish Rail Agency Application Reporting Reporting Safety Management- Safety Plan- Safety requirements - Safety ReportCase- Hazard Log- Test Program- Manuals- Etc. Contract Contract Scandpower(Norway) Jacobs Babtie(England) 3rd party assessor for track 3rd party assessor for control system Requirements Prove fulfillment of requirements Noventus WGH TDI Skanska SD Control System incl. SIS SD Track and Chassis SD Cabin SD Station and Foundation SD = Safety Documentation

  11. Safety Process in the Project Safety Analysis for Safety Instr. System Concept risk analysis Preliminary Hazard Assessment Safety Audit Safety Plan QRA Safety requirments Site Risk Analysis Safety Case Safety Analyses of subsystems (7 in total) Hazard Log 2005 2006 2007 2008 Start up meeting 3rd Party Assessment Presentation of 3rd Party Assessment Report to SRA 3rd Party Work Shops (5 in total)

  12. FMECA = Failure Mode, Effects and Criticality Analysis(done for all parts of the safety instrumented system and control system) FTA = Fault Tree Analysis(done for all parts of the safety instrumented system and relevant parts of control system) ETA = Event Tree Analysis(done for all identified accident scenarios) Analysis of safety critical functions(done for all subsystems) The Risk Graph method(done to identify the right SIL-requirements) Methods used in safety analyses

  13. The passenger risk is quantified to 0.165 fatalities per billion person kilometres, which is well below the acceptance criterion of 0.3 fatalities per billion person kilometres The fatality frequency for the most exposed third person, i.e. a person who is not choosing to be exposed to the risk of the PRT system, is calculated to 1.9·10-7 per year. This is also well below the acceptance criterion of maximum 1·10-6. All subsystems are analysed with regard to the single failure principle and a number of safety critical maintenance activities are identified and implemented Main results of analyses

  14. More than 1200 pages in total. The hazard log contains over 200 items that are followed up with actions. The quantitative risk analysis includes 78 different sensitivity calculations to check out the criticality of different input factors. This is the first time a quantitative risk analysis is performed for a total railway system in Sweden. Safety case trivia

  15. Formal requirements: IEC 61508, Chapter1 Documentation Management of Functional Safety QA, incl. verification and validation activities Hardware requirements: IEC 61508, Chapter 2 Hardware specification and development Avoidance and control of systematic failures Reliability of components (SIL): Probability of Failure on Demand (PFD) Structure/topology of components (redundancy) Avoidance and control of systematic failures Diversity and independence Testing Software requirements: IEC 61508, Chapter 3 Software specification and development Software implementation Testing Requirements for Third Party Assessment of SIS

  16. Focus of third party assessment FSA Part 1 FSA Part 2

  17. The results from the Third Party Assessment are documented in two reports: Functional Safety Assessment (FSA) for the Control System of the PRT System Functional Safety Assessment (FSA) - On-site Observation for the PRT System Results – Third Party Assessment

  18. Approval status VECTUS PRT safety case for the generic application, i.e. over and beyond what is requried for the test track as such, will be accepted with the completion of the ongoing testing activities.

  19. www.vectusprt.com www.vectusprt.se

More Related