Assessment of NSA activities in Denmark Danish NSA «Trafikstyrelsen»

Transcription

1 NSA Network European Railway Agency NSA Cross-audit Programme Assessment of NSA activities in Denmark Danish NSA «Trafikstyrelsen» Audit final report ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 1

2 Version Control Document issued by: Audit Team Released by: Christoph Kaupat (the lead auditor) Authors: Christoph Kaupat, Jelena Stepanova, Attila Bukholcz, Gerald Kerr (the audit team) Version: 1.0 Date: 23/09/2015 Type of document: Status of document: Audit Final Report Draft final Amendment records Version Issuer Modified sections Distribution 0.1 CK First draft of the Audit Final Report Audit Team and Auditee 0.2 Audit Changes after closing meeting Audit Team Team 1.0 Audit Team Final revision Auditee ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 2

3 References to frequently quoted European legislation /1/ Directive 2004/49/EC of the European parliament and of the council of 29 April 2004 on safety on the Community's railways /2/ Directive 2008/57/EC of the European Parliament and of the Council of 17 June 2008 on the interoperability of the rail system within the Community (Recast) /3/ Commission Implementing Regulation (EU) No 402/2013 of 30 April 2013 on the common safety method for risk evaluation and assessment /4/ Commission Regulation (EU) No 1158/2010 of 9 December 2010 on a common safety method for assessing conformity with the requirements for obtaining railway safety certificates /5/ Commission Regulation (EU) No 1169/2010 of 10 December 2010 on a common safety method for assessing conformity with the requirements for obtaining a railway safety authorisation /6/ Commission Regulation (EC) No 653/2007 of 13 June 2007 on the use of a common European format for safety certificates and application documents in accordance with Article 10 of Directive 2004/49/EC of the European Parliament and of the Council and on the validity of safety certificates delivered under Directive 2001/14/EC «Safety Directive» «Interoperability Directive» «CSM for Risk Assessment» (CSM RA) «CSM for Conformity Assessment» (CSM CA) «CSM for Conformity Assessment» (CSM CA) Last amended by Commission Directive 2014/88/EU of 9 July 2014 Last amended by Commission Directive 2014/106/EU of 5 December 2014 Commission Regulation (EU) No 445/2011 of 10 May 2011 A list of abbreviations is attached as Annex VI ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 3

4 1 TABLE OF CONTENT 1 Table of content Executive summary Overall summary of the conclusions Main observations Feedback/comments/unresolved issues Cross-audit process Cross-audit process & resources Cross-audit scope & objectives Analysis of the Cross-audit conclusions Organisational Capability OC Strengths OC Scope for improvements Safety certification/ safety authorisation (SCA) SCA Strengths SCA Scope for improvements Supervision SP Strengths SP Scope for improvements Authorisation for placing subsystems in service APS Strengths APS Scope for improvements: Problems reported Corrective action plan Follow up audit plan Final conclusion Confidentiality statement Acknowledgement Table of annexes ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 4

5 2 EXECUTIVE SUMMARY This document is the audit final report for the Danish NSA («Trafikstyrelsen»), within the framework of the National Safety Authorities (NSA) Cross-audit Programme. According to the cross-audit manual, the audit 1 scope covered the organisational capacity (OC) of Trafikstyrelsen and the following 3 processes: - Safety certification/ safety authorisation (SCA); - Supervision of safety performance (SP); - Authorisation for placing in service of vehicles (APS). For the conduct of the audit the following documents were followed: - The Audit Charter, version 1.1; - the cross-audit manual, version 10.0; - the audit protocols, version 0.2; - the guidance to the protocols, version Overall summary of the conclusions Trafikstyrelsen was created in 2010 as a multimodal transport-agency. Its centre for railways, has approximately 35 staff members. The offices are based in Copenhagen s Ørestad district, half way between the international airport and the city centre. The tasks of the NSA are wider than the scope of the relevant European Directives (Railway Safety Directive /1/ and Interoperability Directive /2/), against which the NSA has been assessed during this NSA-Cross Audit, because it is also in charge of metros, light rail systems, tramways and heritage railways. The NSA cross audit was conducted successfully thanks to the good cooperation with the Auditee, who delivered all requested documentation and made information accessible for the Auditors. The on-site phase was also very well organised by Trafikstyrelsen. Based on the document review, the interviews with NSA-staff and the evidence collected on site, it can be concluded that Trafikstyrelsen has sufficient organisational capacity and performs safety certification, safety authorisation, supervision activities and the authorisation for placing in service of rolling stock according to the requirements set out in the Railway Safety Directive /1/ and the Railway Interoperability Directive /2/. The authorisation for placing in service of infrastructure or other subsystems have not been part of this audit. More details about the scope are described in the chapter «Cross-audit scope & objectives» below. 1 Unless otherwise specified, the term «Audit» refers to»nsa Cross Audit» in this report. ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 5

6 2.2 Main observations The work in Trafikstyrelsen is organised in small teams, with a high level of trust in each employee. All staff is based in one single location, which allows effective personal communications, consistency and cooperation. The Danish NSA applies clear decision making criteria and is transparent in its decision making. At the same time, all relevant data including in-house, incoming and outgoing correspondence is recorded in a database called «WorkZone». All relevant information and guidance is given to the applicants. For new staff members, an on the job training is organised. If required, improvements and corrective actions are done on the spot. At the same time, the turnover of staff at Trafikstyrelsen is high resulting in a risk for the business continuity. Presently, there is no Competence Management System (CMS) for auditors yet, but it is under development. The monitoring of deadlines in Trafikstyrelsen is not systematic and there is evidence that deadlines were not respected in all cases. Presently, not all information for applicants is available in English on the website of the Danish NSA. The Audit Team has noted that there is an established appeal procedure allowing applicants to ask for a judicial review. Nevertheless, it was also noted that the flowchart displaying the appeal procedure for APS was not up to date. For the Safety Certification and Authorisation, there are procedures for assessment in place. Sufficient templates and logs are available for the staff. The interaction with Scandinavian NSAs is ensured and a rotation of lead auditors avoids regulatory capture. At the same time, there is an in-house quality assurance process in place. According to the Danish legislation 2, the deadline to apply for the renewal of a safety certificate is six months. Article 12 of the Railway Safety Directive /1/sets a four months deadline for the NSA to decide about safety certificates. Currently, the Danish NSA considers the applicants require more time to fully satisfy the requirements hence the additional time required. The process is an iterative one, but the decisions are taken within the four months set out by Railway Safety Directive /1/. The notion of the required six months deadline is to avoid operational disruptions and to ensure continuity of certificate and authorisation to comply with legislative requirements. Presently, there are plans in place to update requirements after changes in the European legislative framework (e.g. Commission Implementing Regulation (EU) No 402/2013 of 30 April 2013 on the common safety method for risk evaluation and assessment /3/). The Danish NSA has established a supervision strategy and a supervision plan, which are both publicly available. There is sufficient evidence that the Danish NSA delivers its supervision activities according to the plan. Trafikstyrelsen undertakes the enforcement activities based on clear, justifiable reasons and Railway Undertakings (RU) and Infrastructure Managers (IM) are informed about the effectiveness of their Safety Management System (SMS). The supervision plan of the Danish NSA is reviewed on a regular basis to achieve the goals of the supervision strategy and the supervision plan. The supervision process is very deeply connected with the reassessment of safety certificates. However, the co-operation with other NSAs outside Scandinavia is not held on a systematic basis ensuring a proactive approach in supervision. Trafikstyrelsen's authorisation processes are in-line with the Interoperability Directive /2/. The staff of the Danish NSA has sufficient knowledge regarding the established processes for APS and is following them. There is a strict deadline for authorisation, which is shorter than what the Interoperability Directive /2/ defines. Applicants are informed about the expected time of issue of the authorisation, 2 Bekendtgørelse nr 14 af 04/01/2007 om sikkerhedscertifikat til jernbanevirksomheder, 8 ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 6

7 which can be regarded as best practice. The checking of the completeness of the application is checklist based. The data uploaded to the relevant databases, i.e. National Vehicle Register (NVR) and Reference Document Database (RDD) is up-to-date. 2.3 Feedback/comments/unresolved issues The Web application for auditors needs a revision, in order to correctly display minor / major risks in the colored risk matrix report. 3 CROSS-AUDIT PROCESS 3.1 Cross-audit process & resources The procedures of the Cross-audit Programme manual have been followed during the whole audit process. The duration of the audit is from September 2014 to November The key steps of the procedure are given here: The request for establishment of communication was sent on 02/09/2014; The NSA appointed the contact person on 02/09/2014; a new contact person was appointed after the on-site audit in order to elaborate the corrective action plan; The confirmation letter to conduct the audit was sent on 21/11/2014; The letter to access documentation during the on-site audit was sent on 23/09/2014; The request for submission of documents was made on 23/09/2014; Documents were submitted on 05/12/2014 (SP) and 27/02/2015 (SCA and APS); The translation request was made: on 09/12/2014 The audit team members are listed here: Christoph Kaupat, European Railway Agency (Lead Auditor) Jelena Stepanova, NSA Latvia (Deputy Lead Auditor) Attila Bukholcz, NSA Hungary (Auditor) Gerald Kerr, NSA United Kingdom (Auditor) The Kick off-meeting (KOM) took place on 14/04/2015. The list of attendants in the KOM is provided in. All the preparations for the audit were made before and after the KOM, based on the personal plans of action. The on-site audit lasted 4 days from 19/05/2015 to 22/05/2015. All activities during the on-site audit took place as described in the personal plans of action. However, the Entry Meeting was cancelled on site, after the Head of Division and the audit contact person were unavailable and there was no urgent need to discuss open questions. The activities during the on-site audit included the conduct of interviews, checking of documents, revision of interview sheets, daily briefings, answering the protocols, team meetings and the audit exit meeting. The outcome of the interviews is shown in the interview sheets. During the four days of the on-site audit the following Departments were audited: Team inspection and auditing Team rolling stock Registry Human Resources ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 7

8 All interviews took place as planned, except the "Additional Interview Inspection and Auditing" (ID number 37), which was no longer necessary, because all questions were already answered during other interviews. In is the list with the staff interviewed. For the KOM and the exit meeting, minutes were drafted and agreed. The Audit Interim report was drafted by the audit team and has been sent to Trafikstyrelsen on 10/07/2015. The comments from Trafikstyrelsen were received on 04/09/2015. Based on these comments, the Audit Team drafted this Audit Final Report, which was discussed with Trafikstyrelsen during the Audit Closing Meeting on 21/09/2015. Following the decision taken on the 25/02/2014 by the Cross-Audit Committee, the NSA is asked to report audit findings, corrective actions and progress on implementing those actions to the NSA Network. A follow-up audit is no longer scheduled. 3.2 Cross-audit scope & objectives The audit took place within the audit cycle of the NSA Cross-audit Programme. The objectives of the audit, as described in the Cross-audit Charter are to: evaluate delivery by NSAs of their duties and responsibilities set out in the Railway Safety Directive /1/ and the Railway Interoperability Directive /2/; exchange knowledge and good practice on NSA processes to facilitate the harmonisation of decision-making criteria as foreseen by Article 17.4 of the Railway Safety Directive /1/; identify issues faced by the NSAs when applying the requirements of the EU legislation, and possible solutions to keep meeting the requirements of Railway Safety Directive /1/ and the Railway Interoperability Directive /2/. The scope of the audit is to assess the organisational capacity (OC) of Trafikstyrelsen and the following 3 processes against the audit protocols: Safety certification/ safety authorisation; Supervision of safety performance; Authorisation for placing in service of vehicles (APS). For this, the audit team identified the departments of the NSA organogram, where the activities of each processes under the scope of the Cross-audit Programme take place. In case of Trafikstyrelsen, the audit focused on «Team inspection and auditing» and «Team rolling stock», while «Team training and staff» and «Team Infrastructure» were deemed out of scope of this NSA cross audit. The audit plan is based on this notion. The audit protocols were used to assess the 3 NSA processes and the Organisational Capacity of Trafikstyrelsen. The protocols cover each of the three audited activities as well as organisational capacity. The audit protocols are divided into stages for each activity, and according to 2 performance levels (5 in the case of organisational capability). 4 ANALYSIS OF THE CROSS-AUDIT CONCLUSIONS This section is for describing in more detail the non-compliances and best practice found during the audit. ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 8

9 This chapter presents the audit conclusions for each one of the processes which was audited: Organisational capability (OC); Safety certification/ safety authorisation (SCA); Supervision of safety performance (SP); Authorisation for placing in service of vehicles (APS). Important note: the following cross-audit conclusions reflect the situation of the NSA at the time of the on-site audit. Further developments in the NSA internal procedures will be described in the corrective action plan. 4.0 Organisational Capability All NSAs are expected to fulfil the requirement identifiers of the protocols in levels: Purpose achieved, Performance managed and Process established because these are required by the EU legislation 3. Requirement Identifiers that belong to level Process controlled and Process Improved are not mandatory for the NSAs. Nevertheless, NSAs are encouraged to develop practices for these requirement identifiers to ensure that the audited processes are continuously improved OC Strengths Purpose achieved The Danish NSA employs presently around 35 staff members in its centre for railways. This centre is divided in several teams, which closely cooperate and partly share experts (e.g. lawyers) in a cross-team approach. For the purpose of this audit, the team inspection and auditing and the team rolling stock were visited, while the work of the team infrastructure and the team training and staff was deemed out of scope. The teams are headed by two heads of Division and in case of absence, the Deputy Director General of Trafikstyrelsen can also step in. The team approach in Trafikstyrelsen allows very good cooperation, based on a high level of trust in each employee. All staff is based in one single location, which allows effective personal communications and consistency in decision-making. According to the findings of the audit team, there are presently enough employees working at Trafikstyrelsen s centre for railways. There is sufficient evidence, that Trafikstyrelsen is independent in its organisation, legal structure and decision making from the Railway Undertakings, the Infrastructure Managers and the procurement entity. Most important is the Danish railway law 4, granting independence to Trafikstyrelsen. For new staff members without railway background, there are basic courses organised by the National IM «Banedanmark» (i.e. railway system in general and basic courses as behaviour on tracks or signalling). According to the reasoning of the audit team, it constitutes no conflict with its independence when Trafikstyrelsen s staff attends trainings of «Banedanmark». Rotation of auditing staff avoids regulatory capture. This can be highlighted as best practice Performance managed Responsibilities for managing the tasks (SCA, SP, APS) are in place at Trafikstyrelsen. It is under the responsibility of the Head of Division to manage the entire task. Regarding SCA there is a certification / authorisation committee under the guidance of the Head of Division. 3 Railway Safety Directive /1/, Interoperability Directive /2/, EC Regulation 1158/2010 /4/, EC Regulation 1169/2010 /5/, EC Regulation 653/2007 /6/, EC Regulation 1077/2012, EC Recommendation 217/ af Jernbanelov nr 686 af 27/05/2015 ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 9

10 The Danish NSA has established and applies clear decision making criteria and it is transparent in its decision making. The decisions of the NSA are verified in a peer-review before they are sent out. In contrast, decisions about APS are normally not reviewed by a manager. All relevant information and guidance is given to the applicants. The supervision strategy is published on the NSA s website which is dated of Dec (version 2), describing the purpose of supervision and the NSA decision-making criteria dealing with non-compliances. The annual supervision plan is also published on Trafikstyrelsen s website. In order to ensure regular information flow, there is a Directors high-level forum 4 times a year. At the same time, there is a regular safety forum and a safety conference. In the past, Trafikstyrelsen organised «TSI-schools», an exercise which will be considered to be repeated for new or revised TSIs. Trafikstyrelsen offers dialogue to manufacturers, keepers and railway undertakings in order to avoid surprises at a late stage of the certification / authorisation process and in order to prevent back logs during the certification or authorisation. The first dialogue is for free, but after this applicants are charged based on the time required for the authorisation. All relevant data including in-house, incoming and outgoing correspondence is recorded in a database called «WorkZone». There is sufficient evidence that the RU/IM is informed of the decisions taken by Trafikstyrelsen. The audit team has checked a number of cases in the «WorkZone» software. Trafikstyrelsen neither takes the role as Assessment Body for CSM on risk assessment or DeBo in Denmark. Therefore no role conflict is possible Process established The Danish NSA has developed a structured and auditable process for all audited activities and SCA/SP/APS-processes are documented. There is an IT based work-stream to support them («WorkZone» document management system). The audits and certifications are IT-based, while key steps are defined in the system. For authorisation for placing in service everything follows written procedures (paper based). Based on the case studies, the Audit team has identified that the processes are consistently applied throughout the organisation. There is continuous resource planning which is implemented with the support of human resources division. If required, improvements and corrective actions are done on the spot Process Controlled For new staff, there is a mentoring program in the form of on-the-job training. There is sufficient evidence, that competences of the staff are developed and maintained. The Head of Division holds a yearly discussion with each individual staff member focusing on the different tasks, the personal performance and the general wellbeing of the employee. The feedback from the Head of Division gos to the Human Resources Division. There is evaluation on expectation taking into account the professional and behavioural aspect of the individual. On the result of this evaluation, the plan for development is defined. If necessary, staff members are sent on training courses. When a vacancy arises, HR looks at possibilities, first in-house, and if it is not possible they write down a job description. The HR work in close cooperation with the Financial Department and if they approve the hire of new personnel then it is sent to the top management. After approval the position gets advertised. For ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 10

11 the specific jobs it is difficult to get someone with experience (because of the high expectation of salaries), so they hire fresh graduates and train them themselves Process Improved For the supervision process the document management system «WorkZone» ensures transparency of the process, any member of the team can see any problems and suggest any improvement. If required, improvements and corrective actions are addressed on the spot. Twice a year there is a meeting with the Head of Division and the Deputy Director General. At the end of each year, there is a risk-based planning for the supervision of the following year OC Scope for improvements It seems that there are enough resources allocated to the Danish NSA, however, the turnover of staff at Trafikstyrelsen is high, resulting in a risk for the business continuity: Out of a list of 24 experts sent to the Audit Team on 01/12/2014, five employees had left Trafikstyrelsen on 19/03/2015, when an updated list of staff was communicated to the Audit Team. This corresponds to 20% of staff lost in less than 4 months. At the same time, two new staff members joined the NSA in this relatively short period. In the interview with Human Resources it was confirmed, that this high turnover rate is usual at the centre for railways of Trafikstyrelsen. The Audit Team deems this as one of the risks for the activities of Trafikstyrelsen, because continuous brain drain results in loss of expertise. At the same time, it requires a substantial amount of time and resources, to recruit and familiarize new staff with the tasks of the Danish NSA. While the on-the job training / mentoring program at Trafikstyrelsen for new staff is best practice, it may bind too much manpower, if the turnover stays high or even increases. Presently, there is no Competence Management System (CMS) for staff members yet, but it is under development. The introduction of a full CMS would help to improve the learning and development of the staff and help ensure that the required expertise is available for all railway related activities of Trafikstyrelsen. The monitoring of deadlines at Trafikstyrelsen is not systematic. The timing of the interim steps in a certification case or in an authorisation case is not checked by managers. Instead, there is trust that the responsible staff members report delays or any other problems to complete the assignment on time proactively. In one recertification-case checked by the audit team, the activity lasted 9 months and was thus beyond the requirements of Trafikstyrelsen s standard 5 of 6 months, as well as the 4 months required by Article 12 of the Railway Safety Directive /1/. However although it was beyond the requirements it was delivered still (just) before the expiry date of the old safety certificate. This was due, exceptionally, to the applicant wishing to align their Safety Certificate and Safety Authorisation during this process. As long as the number of cases processed is not increasing, this approach might function in such a rather small work unit. However, in case of staff shortage, absenteeism, turnover in staff or if the number of authorisation/certification cases suddenly increases, the control of deadlines might become even more important. The software «WorkZone» used to manage the audited activities SCA and VAPS, includes a functionality to monitor deadlines. Nevertheless, it is rarely used in practice. Presently, there is not full information for applicants available in English on the website of the Danish NSA. It would be an asset, to have the full information on SCA, SP and APS also in English, taking into account Denmark s increasing importance as a transit country (European corridors). There are also exchanges in practice, which allow applicants to understand what is expected from them. While the first meeting 5 Bekendtgørelse nr 14 af om sikkerhedscertifikat til jernbanevirksomheder, 8 ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 11

12 between the applicant and the staff of the Danish NSA is for free, subsequent meetings are billed on an hourly basis. The Audit Team has noted that there is an established appeal procedure for APS, which will change with a planned legal reform 6 coming into force in June It was also noted that the flow-chart displaying this appeal procedure was not up to date. 4.1 Safety certification/ safety authorisation (SCA) SCA Strengths The Danish NSA s procedure for safety certification/safety authorization is in line with the steps described in the safety certification/safety authorization audit protocol. Trafikstyrelsen: has a system to receive applications for safety certification and safety authorisation; undertakes a check of the submitted information for major omissions; undertakes a document review of the submissions and visits the applicant to address any deficiencies; undertakes a further visit to examine that the procedures are in place; carries out a review of the process independent of the original assessment; records and confirms its final decision. The objectives of the assessment are to determine whether the SMS meets the requirements of the national legislation and demonstrates the applicant s organizational capability to operate safely; at the same time, the assessment identifies points for later inspection after issue of the safety certificate/ safety authorization, during the supervision Receive application for a SC or SA and review of the documentation Trafikstyrelsen provides guidance to the applicants to understand the requirements for a safety certification/safety authorization application in a number of ways. There is e.g. a series of documents available on the web site (of note is the guidance document «Vejledning i sikkerhedsledelse» which is described as guidance for IMs and RUs on how to construct a SMS). Additionally, the Danish NSA offers educational days where the applicant can attend a seminar with several auditors to discuss the requirements. Beside this, Trafikstyrelsen provides reminders and detailed letters explaining the requirements to applicants who are due to renew their certificates. The Audit Team saw evidence that educational days had taken place as well as correspondence with applicants in advance of their submission dates. Trafikstyrelsen asks applicants to submit their applications six months before the required commencement or renewal date. The NSA staff explained this long submission period was required as they felt applicants needed this amount of time to get their submissions prepared properly and to allow the applicants to address any issues. Trafikstyrelsen has created a series of Executive Orders which provide the requirements for the application content. There is also a guidance document on the website referred to above which explains the requirements that the applicant has to comply with. 6 Jernbanelov nr 686 af ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 12

13 The Audit Team was told Trafikstyrelsen were continually revising their procedures to take account of EU requirements and were scheduling amendments to incorporate CSM RA /3/ in their principal guidance documents Initial assessment of the application for deciding on the sufficiency and quality of the application On receipt of the submission Trafikstyrelsen allocates the case to a lead auditor and assistant auditor who have the role of assessing the submission. All the work is undertaken by the team inspection and auditing, which contains six auditors at present. Allocation of the work is normally discussed at the weekly team meeting of the team inspection and auditing. The Head of Division also attends. Auditors are not allowed to undertake assessment work without first spending time observing how another auditor carries out the assessment. This mentoring/on the job training can take several months. Several auditors told us they were signed off as competent by the Head of Division but one auditor mentioned they had been able to «selfcertify» after they felt they were competent to undertake the work. The Audit Team saw evidence that submissions were requested on the correct proformas in accordance with the Railway Safety Directive /1/. The submissions are logged on the IT systems and all the documents are archived on the system. The lead auditor responds to the applicant with a suggested timetable using a standard template. The database used has a series of steps with some aide memoires to remind the assessor of the key requirements at each step. Trafikstyrelsen has not prescribed a timescale to acknowledge submissions but they endeavour to do that asap. and within 14 days. The Audit Team saw evidence of an acknowledgement within a few days but auditors were unable to produce evidence of a written acknowledgement for another example and concluded that the acknowledgment would have been a verbal one Formal assessment of the application for a SC or SA The Audit Team has seen sufficient evidence, that Trafiksyrelsen is identifying the relevant rules/ standards/ requirements in each one of the assessment criteria. Having agreed the programme and conveyed this to the applicant the audit team review the submitted documents. An audit (document review) is then carried out (as planned) at the applicants premises, and non-conformities, remarks etc. are discussed and agreed at the audit. The audit (document review) is reported in a document. Once the issues from the document review have been addressed the audit team undertakes an audit to establish that the systems are in place. Any non-conformities require to be remedied in order to allow the submission to progress, although remarks, which will be of a more minor nature, can be transferred to the company log and followed up during the supervision phase with that RU/IM. Trafikstyrelsen has developed sufficient criteria to distinguish between minor and major non-conformities. In the end, the lead auditor then concludes the assessment and completes a report summarising the findings and their recommendation. ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 13

14 The assessment of applications for part B certificates is limited to Annex III of the CSM for conformity assessment /4/. Trafikstyrelsen liaises with other Scandinavian NSAs by means of an annual meeting as well as ad hoc advice when a problem or issues arises. Trafikstyrelsen does not seek the views of affected parties when considering the submission and thus their decision may be made in complete isolation from other bodies. Trafikstyrelsen has developed sufficient criteria to distinguish between minor and major non-conformities. The lead auditor prepares a recommendation and a document package presenting the conclusions of the assessment. Trafikstyrelsen then arranges for an independent review of the assessment by the Certification Committee which consists of the Head of Division and the independent auditor. One independent auditor interviewed during the on-site audit mentioned that they did not use a protocol to direct them in what depth and areas to examine as part of the review process. The auditor suggested they would use their experience as an auditor to carry out the review as well as using it as a learning opportunity. The Certification Committee then considers all the available information and decides whether to agree with the recommendation of the lead auditor. The team were not aware of any recent examples where a certificate had not been issued. Currently there is a complaints procedure described in Section 29/30 of the Executive Orders on safety certificate and authorisation but it is unclear if this internal appeal procedure will disappear with a planned legal reform 7 coming into force in June Recording and confirmation of the final decision and links to supervision Trafikstyrelsen issues safety certificates using the format of the Commission Regulation (EC) No 653/2007 /6/. The certificates the Audit Team examined did not exceed 5 years, the type and extend of operation was clearly mentioned and a unique EU Identification Number was given. The safety certificates are notified to the ERADIS database and the safety authorisations to the ERA Safety Unit. Trafikstyrelsen s policy of requiring a submission 6 months in advance of the required date was looked at via 2 submissions. One example was awarded within approximately 2 months of receipt but an application for a renewal was granted in excess of 9 months after the submission but still before the required renewal date. The IT recording systems for applications has recently been amended. The team inspection and auditing generated a series of requirements for the system and they have been involved in the final version adopted. They have found it has improved their recording and archiving arrangements and the Head of Division considers there is scope for the system to be used more proactively in allowing senior management to monitor the progress of each case assessed. All members of the team inspection and auditing were qualified as auditors and most had an engineering and/or management system background. Trafikstyrelsen provides the team with a series of railway familiarisation courses via the Infrastructure Manager. The NSA is currently introducing a Competency Management System for staff and several staff presented job descriptions and competency assessments which had recently been signed by the Head of Division. The Audit Team was told that other railway 7 Jernbanelov nr 686 af ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 14

15 competencies (e.g. operations) are not contained within the team inspection and auditing but those skills would be called in from other teams, when required, to assist in assessing submissions. The team inspection and auditing is a small cohesive unit and key communications are primarily via team meetings. There are also wider organisational meetings which occur regularly as well SCA Scope for improvements Trafikstyrelsen would benefit from prescribing target timescales for all the key stages of the assessment process. At the same time, implementing a monitoring programme of the IT databases to more closely monitor that timescales are met without exception, would be an improvement. The need for procedural and formal records to be maintained is considered to be of high importance by Trafikstyrelsen, but not the need for documenting and measuring detailed timelines. This has to be seen in the light of the single location and close working relationships within the unit. However, due to high turnover of staff, for the sake of transparency and traceability, it would be an asset to have timing recorded. It would also be a benefit for Trafikstyrelsen to introduce a CMS for key staff. Considering the commissioning of an independent review of their processes, which may provide further insight into their suitability, and reinforce the organisation s commitment to continuous improvement. It is recommended that Trafikstyrelsen takes steps to reduce the required time requested for submissions. 4.2 Supervision The Danish NSA s procedures for supervision activities are in line with the requirements of the audit protocols of the NSA cross-audit programme. Trafikstyrelsen performs audits and inspections using auditors of the Team inspection and auditing. Trafikstyrelsen has developed a supervision strategy and a supervision plan; delivers the supervision activity according to the plan; undertakes the enforcement activities with clear justifiable reasons and RUs/IMs are informed about the effectiveness of their SMS; reviews the supervision plan at a regular basis to achieve the goals; has ensured the deep connection between the supervision activity and the reassessment of safety certificates, the issuing of authorisations and the prioritisation of those activities. The Danish NSA has sufficient resources in order to perform its supervision activities. The allocation of the resources is performed to achieve the fulfilment of the supervision plan. The team dealing with the supervision activity is merged with the team performing safety certification and authorisation activities. Each auditor of the team is certified as an auditor and if he/she has no railway background he/she has additional basic training about railways provided by the main Danish infrastructure manager. Together with the on job training it ensures the quality of the performed audits and inspections. The members of the team closely cooperate based on mutual trust among the team members. There is evidence that this approach ensures consistency in decision-making and continuous learning of each member of the team. ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 15

16 4.2.1 SP Strengths Setting up the supervision activity The NSA of Denmark has developed a «Strategy and Practice in the Supervision of Railway Safety». Based on the evidence available to the audit team the Strategy and Practice in the Supervision of Railway Safety was updated in December 2011 (the English version of the document is issued in October 2010). The difference between the two versions of the document in English and Danish was not assessed by the Audit Team. Based on the strategy and principles described in the document Trafikstyrelsen each year in January develops a supervision plan for the current year taking in account; the priorities (focus areas) defined for the particular year; type and the volume of services provided by each RUs and IMs; the safety performance of the RUs and IMs (number of accident and incident in the previous years); inputs of other Trafikstyrelsen s teams; results of the previous supervision activities; recommendations of the National Investigation Body (NIB); their own evaluations. Trafikstyrelsen s supervision plan, in its introduction, clearly sets priorities (focus areas) for the particular year in the NSA s supervision activity. Based on the Norwegian model audits are prioritised using the risk picture for the individual undertakings depending on the type and volume of company s services. The basic number of audit days is calculated for each company for the particular year. Taking into account the safety performance of the company the number of audit days can be enlarged. The final number of audit days is set manually taking in account the previous supervision activities and inputs from other teams. The supervision plan is a «living» document which is revised whenever it is deemed necessary. The different sources of information, including incoming information from the public, are evaluated in order to keep the supervision strategy and plan up to date. Several examples of such inputs were demonstrated. The supervision plan is consulted internally within the team and agreed by the Head of Division. The Danish NSA co-ordinates its supervision activities with the NSAs of other Member States. There is a formal annual meeting with Swedish and Norwegian NSAs organised. Additionally, if needed, ad-hoc communications are organised to get inputs from these NSAs for some companies which have parts B safety certificates in both Member States Communicating and delivering the plan The supervision plan (without the particular audit days) is publically available on the Trafikstyrelsen s webpage. The company is consulted on the plan although the NSA does not have an obligation to do so. There is sufficient evidence that the NSA of Denmark delivers the supervision activity according to its plan. In order to achieve this, there is an IT solution which helps each auditor to perform all the steps of the supervision activity and Head of Division to check if these steps are fulfilled. The Danish NSA has set the priority to audit versus inspections (80% audits and 20% inspections) and is focusing on the identified key risks. The documentation of each supervision activity is kept in «WorkZone» the document management system used for keeping the documents and managing the cases. The Railway Law ensures that the NSA is independent and free to carry out all its tasks and is granted access to all necessary documents, premises, installations and equipment of RUs/IMs. The Strategy and Practice in the Supervision of Railway Safety, which is publicly available, describes the forms of enforcements used by Trafikstyrelsen. There are 4 levels of enforcement: order/ban (legal ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 16

17 requirement) or non- conformity/remark. The decision-making principles are also explained in the Strategy and Practice in the Supervision of Railway Safety. The evidence where the enforcement actions were issued using the decision-making principles described in the document were presented. The orders and bans are subject to internal legal review and are subject to the appeal procedure. To ensure the monitoring of the supervision actions Trafikstyrelsen always use two auditors for each audit, there is a weekly meeting within the team to review the progress in which the Head of Division participates. Any changes due to revision of the supervision activity (the example was shown when the auditor due to health problems couldn t perform her tasks) can be found in the supervision plan Outcomes of the supervision plan There is sufficient evidence that the NSA shares results with the RU/IM its evaluation of the effectiveness of the RU/IMs' SMS. The audit report sent to the company was presented. After the RU/IM has implemented remedial actions the non-compliances are checked on site or via declaration depending on the seriousness of the circumstances. It is also noted in the company log which identifies the follow up action. All nonconformities are followed-up via correspondence. The NSA has an overview of the overall safety performance in the Member State. This has been demonstrated to the audit team through the Annual Safety Report which is elaborated with the audit and inspection team s contribution Reviewing supervision activities The Danish NSA assesses the suitability and sufficiency of the supervision activities. There are weekly team meetings performed to assess the work done and review it if needed. Any changes are written in the companies Log even minor changes. The lead auditor is the main person who is in charge of review but other auditors also have rights to amend the company s Log. For major changes the audit plan also can be amended. An example of changes to the supervision plan due to unforeseen circumstances was presented as well as examples when the results of supervision activities leads to a change to the number of audit days. The findings from accident investigations are used for the long term planning and short term changes to supervision measures are taken Linking supervision plan to the reassessment The NSA has shown evidence that the results from the supervision activity are linked to the reassessment of safety certificates/the issuing of safety authorisations and the prioritisation of those activities. The Danish NSA sees the reassessment activity as one substantial part of the supervision activity. The team dealing with the supervision activity is the same team dealing with the safety certification and authorisation. The evidence presented for linking the particular company s (Banedanmark) supervision activity in a particular year to the reassessment procedure of the next year was examined. All the information concerning a particular company is written in the company s Log and other teams of Trafikstyrelsen have the possibility to contribute. The evidence of such contributions were presented e.g. the information from the rolling stock team and the note in the company s Log. Corrective actions in relation to the supervision activity are followed-up, regarding what was proved by the evidence SP Scope for improvements The Danish NSA has developed a good co-operation with the Swedish NSA at both levels regular and ad hoc. There is a co-operation established with Norwegian NSA. However, there are no formal agreements or Memoranda of Understanding (MoU) signed between the Danish NSA and neither the Swedish NSA nor the Norwegian NSA. It was mentioned that the necessary amendments to the Law allowing the Danish NSA to sign such agreements or MoUs are already prepared. ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 17

18 There is a special agreement at the companies level at the Danish/German border with a special arrangement between companies that cross the border. Nevertheless, it seems that there is no regular cooperation established between Trafikstyrelsen and German NSA. 4.3 Authorisation for placing subsystems in service APS Strengths Trafikstyrelsen has structured internal processes for APS with clear steps how to perform the APS activity and issue authorizations for placing into service of vehicles. The staff have knowledge about the applicable processes and are following them. Overall, Trafikstyrelsen's authorisation processes are in-line with the Interoperability Directive /2/. Applicants are informed about the expected time of issue of the authorisation, which can be considered as best practice Decision on authorization Trafikstyrelsen uses CSM RA /3/ for distinction between upgrade and renewal of vehicles Receive complete application from the applicant for an authorisation to place into service The Template for APS (application form) is available for clients on Trafikstyrelsen s website. The application form contains the different scenarios, which the applicant needs to select. It is based on Executive Order 56 of 2013, based on the Interoperability Directive /2/. The website also contains a description of the application process for clients, which is also used by the staff as a guideline. Applications are mainly received by . Every incoming application is recorded in Trafikstyrelsen s registration system «Workzone». The functions of the program were demonstrated through practical examples. The public can request information from the archive. An acknowledgement is given by to the applicant upon receipt of the complete application. In cases of submission of incomplete applications, the client is notified about the shortcomings. An initial screening of the application file takes place at the registry. The Danish NSA has established and applies criteria for differentiating between New authorisations for vehicles Subsequent authorisations first authorisations for TSI conform vehicles, first authorisations for non-tsi conform vehicles, additional authorisations for TSI conform vehicles, additional authorisations for non-tsi conform vehicles and type approval. The applicant can select which scenario he wants to request. The application form is based on Executive order 56 of 2013 which is based on the Interoperability Directive /2/. For TSI conform vehicles the Danish NSA follows article 22 and 23 of the Interoperability Directive /2/. Trafikstyrelsen has established a general deadline for vehicle authorization which is 3 weeks. This deadline is presented on the website, however most authorization cases are carried out within a few days only. There is a possibility to manage deadlines with a module of «Workzone», however according to the staff this function is rarely used. The deadlines for APS were in line with the ones defined in the Interoperability Directive /2/. ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 18

19 Screen of application for authorisation The first screening takes place at the registry; the more detailed screening is carried out by the case handlers, after the case is allocated to the competent person. The Danish National Technical Rules (NTR) are notified to RDD. There is a table in the Executive Order Nr of 2012 Annex 1, which defines the applicable rules for technical compatibility. Trafikstyrelsen checks if there is evidence that the relevant TSIs and NNTRs have been identified and complied with, taking into account any derogations granted by the Member State. Trafikstyrelsen also checks the certificates of NoBo and DeBo verification and some of the documents related to the technical file. In case it is found insufficient, the NSA initiates a clarificationprocess. Metro, suburban trains and historic vehicles must comply with NTRs. Derogation was requested for IC4 trains from the Noise TSI Authorisation to place into service The document review for authorisation is based on the application form as a check-list. Trafikstyrelsen acts on behalf of the Member State, therefore the Danish NSA informs the European Commission directly about non-compliances. Two cases were demonstrated to the Audit Team, in which the vehicles comply with the relevant NNTRs. There was no example for TSI conform vehicles Additional authorisations to place vehicles into service Based on the first authorisation and the compatibility certificate issued by a DeBo, the additional authorisation can be issued by Trafikstyrelsen. Deadline are not monitored, however «Workzone» has a function which allows the possibility of monitoring. Nevertheless, the 2 months for TSI conform vehicles and 4 months for non-tsi conform vehicles have always been fulfilled as the general deadline defined for procedures at Trafikstyrelsen is 3 weeks only. Most authorisation cases do not take more than 5 days. The case handlers cross check the decision before it is dispatched. Trafikstyrelsen uses CSM RA /3/ to decide what constitutes a substantial safety risk. There is no co-operation with other NSAs regarding the APS-activity. Trafikstyrelsen relies on the other NSA s previously issued authorisation. The NSA participates in the geographic interest group (GIG) for northern countries Recording and confirmation to the applicant of the final decision on authorisation to place into service Everything is documented in «Workzone», thus the process until issuing the decision, can be traced back in the system. The first authorisation is not issued until the NVR registration is fully completed. With the change of the national legislation in June , the appeal board will be dissolved in its existing form APS Scope for improvements: The Audit Team found evidence, that the Management of Trafikstyrelsen is not reviewing decisions about APS in a systematic way. Instead, there is a peer-review of decisions before they are finally published. Deadlines are not monitored in a systematic way either. 4.4 Problems reported There are no problems to be reported. 8 Jernbanelov nr 686 af ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 19

20 5 CORRECTIVE ACTION PLAN The corrective action plan has been prepared by Trafikstyrelsen and sent to the Audit Team on 04/09/2015. It is attached as Annex III to this report. The corrective action plan is based on the chapter «Scope for improvements» from the Audit Interim Report. 6 FOLLOW UP AUDIT PLAN Following the decision taken on the 25/02/2014 by the Cross-Audit Committee, the NSA is asked to report audit findings, corrective actions and progress on implementing those actions to the NSA Network. A follow-up audit is no longer scheduled. 7 FINAL CONCLUSION The audit team makes a final statement about the extent to which the audited NSA is carrying out activities required by the Safety Directive /1/ and the Interoperability Directive /2/. There are a number of examples of best practices that other NSAs could adopt from Trafikstyrelsen. They are highlighted in the report above. 8 CONFIDENTIALITY STATEMENT The audit final report has been developed for the purpose of the audit to the Danish NSA «Trafikstyrelsen». All the included information should remain confidential within the audit team and the recipients of the report. For this reason, after its revision by the Audit Program Manager, the interim audit report is disclosed to the audited contact person. Then, the audited contact person shall submit the report to the recipients of the distribution list, provided by the auditee (Annex VII). 9 ACKNOWLEDGEMENT The audit team is grateful to the NSA of Denmark for their contribution, fruitful collaboration and logistics during the conduct of the audit. The atmosphere during the NSA Cross-Audit was dedicated, cooperative and full of respect. 10 TABLE OF ANNEXES Number I II III V VI VII Description of the Annexes List of attendants in the kick-off meeting, exit meeting and closing meeting Audit plan Corrective action plan List of conducted interviews List of abbreviations Communication of the audit final report ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 20

21 Annex I: List of attendants in the kick-off meeting, exit meeting and closing meeting Audit Kick off Meeting, 14/04/2015 Name Christoph Kaupat Jelena Stepanova Attila Bukholcz Gerald Kerr Jesper Rasmussen Leif Funch Diana Rose Jørgensen Alexander Tived Lone Rasmussen Lars Kongshammer Institution / Function European Railway Agency, Audit Team NSA Latvia, Audit Team NSA Hungary, Audit Team NSA UK, Audit Team Trafikstyrelsen, Deputy Director General Trafikstyrelsen, Head of Division Trafikstyrelsen, Audit Contact Person Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen Audit Exit Meeting, 22/05/2015 Name Christoph Kaupat Attila Bukholcz Lotte Krambeck Birte Pedersen Leif Funch Alexander Tived Artur Meinild Iram Akbar Helle Viltoft Diana Rose Jørgensen Bolette Daugaard Lone Rasmussen Lars Kongshammer Flemming Folkersen Jelena Stepanova Gerald Kerr Institution / Function European Railway Agency, Audit Team NSA Hungary, Audit Team Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen, Head of Division Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen, Audit Contact Person Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen Trafikstyrelsen NSA Latvia, Audit Team NSA UK, Audit Team ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 21

22 Audit Closing Meeting 21/09/2015 Name Christoph Kaupat Attila Bukholcz Gerald Kerr Jelena Stepanova Lone Rasmussen Lars Kongshammer Alexander Tived Leif Funch Birte Pedersen Helle Viltoft Institution / Function European Railway Agency, Audit Team NSA Hungary, Audit Team NSA UK, Audit Team NSA Latvia, Audit Team Trafikstyrelsen (Supervision) Trafikstyrelsen (Supervision) Trafikstyrelsen Trafikstyrelsen, Head of Division Trafikstyrelsen, audit contact person Trafikstyrelsen ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 22

23 NSA Network European Railway Agency NSA Cross-audit Programme Annex II: Audit plan ERA/GUI/2011-XX/SAF/C-ANSA/32/01/ver.00 23