Systems Engineering and Systems Safety Engineering - A case study

Transcription

1 International Engineering Safety Management Systems Engineering and Systems Safety Engineering - A case study Rob Davis & Paul Cheeseman Technical Programme Delivery

2 Contents System Safety and Systems Engineering Case Study ESM roll out in Railways An introduction to iesm Handbook Aims What is in it?

3 Synergies & Differences Safety is an important emergent property Many similarities if done well Formal process (eg requirements), competent people etc A reliable working railway is usually a safe railway Some things are different or in conflict? Failsafe or working? Deliver what we have time for or to a standard Formal acceptance?

4 What we have in common Getting projects to do anything Getting projects to do enough Getting projects to do it early enough Getting projects to use it to make early decisions Getting projects to do it right Helping the decision makers understand it So. What can we learn.

5 Drivers for Change q q q q Restructuring of the UK rail industry Accelerated rate of technological change Changes in legislation and regulation Advances in best practice including emergence of CENELEC railway application standards

6 Requirements in UK Law Health and Safety at Work etc Act 1974 Transport and Works Act 1992 s s Management of Health & Safety at Work Regulations 1999 Construction (Design & Management) Regs 1995 s Railway and Other Transport Systems (Approval of Works, Plant and Equipment) Regs 1994 s Railways (Safety Critical Work) Regs 1994 s Railways (Safety Case) Regulations 1994 s Health & Safety Regulations 1992

7 Requirements - Good Practice q q Engineering Council Code of Practice Hazards Forum Guidance for Engineers q IEC q CENELEC Safety standards for railway applications EN 50126, Railway Applications: The Specification and Demonstration of Reliability, Availability, Maintainability and Safety pren 50128, Railway Applications: Software for Railway Control and Protection Systems ENV 50129, Railway Applications: Safety Related Electronic Systems for Signalling

8 Requirements Business Objectives q q q Formal process to do things right Minimise lifecycle costs Identifying issues early Later requirements: q Separate fundamentals from guidance q Encouraging consistency and re-use q Scaling with problem

9 YB0 early 1990 s Network SouthEast Signalling and Telecomms

10 YB0 early early 1990 s 1990 s Network SouthEast Signalling and Telecomms Telecomms YB UK Railtrack EE&CS

11 YB0 early early 1990 s 1990 s Network SouthEast Signalling and Telecomms Telecomms YB UK Railtrack EE&CS YB UK Railtrack

12 YB0 early early 1990 s 1990 s Network SouthEast Signalling and Telecomms Telecomms YB UK Railtrack EE&CS YB Railtrack Electrical Engineering and Control Systems YB UK Railtrack YB YB Railtrack UK Rail Industry

13 YB0 early early 1990 s 1990 s Network SouthEast Signalling and Telecomms Telecomms YB UK Railtrack EE&CS YB Railtrack Electrical Engineering and Control Systems YB UK Railtrack YB YB Railtrack UK Rail Industry YB Generic

14 YB0 early early 1990 s 1990 s Network SouthEast Signalling and Telecomms Telecomms YB UK Railtrack EE&CS YB Railtrack Electrical Engineering and Control Systems YB UK Railtrack YB YB Railtrack UK Rail Industry YB Generic International Emerging Good Practice

15 ESM - History YB0 early 1990 s YB0 early 1990 s Network SouthEast Network SouthEast Signalling and Telecomms Signalling and Telecomms YB UK Railtrack EE&CS YB Railtrack Electrical Engineering and Control Systems YB UK Railtrack YB UK Rail Industry YB Railtrack International Emerging Good Practice YB YB Generic Rail Industry iesm International YB4 Handbook on Engineering Generic Safety Management

16 So what have we learnt so far? A sound theoretical basis is essential Something that really works Logical underpinning A strong commitment is essential Senior management Contractual

17 So what have we learnt so far? 2 Problems blamed unfairly? It creates a paperwork mountain It will delay the project It is a new requirement It is not necessary It needs to be independent of the project It is out of date..

18 So what have we learnt so far? 3 Accessibility is important Appearance It looks important Complex and scientific Plain English, but Free Handbooks available on my desk Training Management & Practitioner & exam Correctly pitched principles/fundamentals that are so obvious no one can argue against them even the boss or Project Manager!

19 So what have we learnt so far? 4 Steering Group of Practitioners Practitioners are better than representatives Willingness to contribute Informed by experience Will to do things right Ambassadors to the cause

20 So what have we learnt so far? 5 Good Practice vs Standards Advisory vs Mandatory Help not just requirements Informed by real users Boldly go where no one has gone before. Then go there again.. And don t be talked in to withdrawing it!!

21 International ESM So over to Paul to say how we ve done it this time.

22 iesm - Who is producing it? Dr Rob Davis the originator of the riskbased safety engineering process in rail as part of the BR NSE quality system later published as Yellow Book. Established Yellow Book and the YB Steering Group (YBSG) and now chair of iesm WG. Paul Cheeseman part of the BR team and the last chair of YBSG. Bruce Elliot editor of the Yellow Book content throughout and iesm TPD 2013

23 Guidance Development Drafting by TPD as part of its R&D programme incorporating: Experience from EN50126/8/9 Standards UK Yellow Book Experience of system assurance, acceptance & ISA: UK Mainland Europe Asia Australia Review by iesm Working Group of practitioners

24 iesm Working Group Act as authority for iesm and develop/support the creation of associated supporting materials); Facilitate the efficient and effective application of iesm; Promote and facilitate the exchange of ideas for good practice that are found in the world railway community and other relevant industries; Sponsored by MTR Corporation, Hong Kong. TPD 2012

25 iesm supporters Worldwide TPD 2012

26 iesm - Structure Volume 0 Layer 1: Principles and Process Volume 1 Layer 2: Methods, tools and techniques Further Volume 2 volumes to be (Projects) announced Layer 3: Specialized Guidance Application notes as required

27 iesm is more than a Handbook Resources iesm Working Group Website iesm Handbook Volumes 0, 1, 2 Application Notes More. iesm User Group iesm Refresher / Conversion [half day] iesm Register of Practitioners Training iesm for Hazard Management Training [1 day] iesm Overview Training [1 day] iesm ISA Training [1 & 2 day]

28

29

30

31 iesm - What s in? Emerging good practice Common Safety Methods for Risk Assessment have been mandated on parts of the railway by European Directives Recent EN50128 with focus on roles and competence New CENELEC EN50126 incorporating the former EN50128/9/155 Guidance from RSSB UK Taking Safe Decisions Increasing use of Cross Acceptance fast track Increasing awareness and demand for a risk-based approach internationally especially in emerging economies

32 CENELEC Changes EN50126 EN50128 EN50129 EN50155 and more EN50126:201x The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) Part 1 Generic RAMS process Part 2: Systems Approach to Safety Part 4: Functional Safety EEP Electronic Systems Part 5: Software

33 iesm - What s out? Bias towards any one legal system or regulatory framework (e.g. requirement to reduce risk ALARP) Known deficiencies and poor practice e.g. using risk matrices as a sole method for risk acceptance Templates, checklists, techniques etc to layer 3 Explicit consideration of maintenance activities (temporary) English spellings!

34 iesm - Overview #1 Defining the scope DEFINITION Planning safety activities Determining safety obligations, targets and objectives To RISK ASSESSMENT RISK ANALYSIS Identifying hazards Estimating Risk Applying standards Comparing with a reference system Estimating risk explicitly To RISK EVALUATION AND CONTROL

35 1. Estimating risk by applying standards The standard shall at least satisfy following requirements: be widely acknowledged in railway domain. If not the case, the standard will have to be justified; be relevant for control of considered hazards in system under assessment; be publicly available for all who want to use it.

36 IEEE1474 thank you

37 Standards - example Station lighting dazzle / distraction to drivers TPD 2013

38 2. Estimating risk by comparing with a reference system A Reference System shall at least satisfy following: it has already been proven in-use to have an acceptable safety level and would still qualify for acceptance where change is to be introduced; it has similar functions and interfaces as system under assessment; it is used under similar operational conditions as system under assessment; it is used under similar environmental conditions as system under assessment.

39 Reference system - example Mind the gap TPD 2013

40 3. Estimating risk by explicit risk estimation The need for the use of an explicit risk estimation could typically arise: when the system under assessment is entirely new, OR where there are deviations from a Standard or a Reference System, OR when the chosen design strategy does not allow the usage of a Standard or similar Reference System because e.g. of a wish to produce a more cost effective design that has not been tried before

41 iesm Overview #2 RISK CONTROL FROM RISK ANALYSIS Preparing a cross acceptance argument Evaluating risk Setting safety requirements No Is risk acceptable? Yes Implementing and validating control measures Compiling evidence of safety No Is evidence adequate? Yes Monitoring risk Obtaining approval

42 Conflicting Safety Requirements TPD 2013

43 iesm & CENELEC iesm Definition iesm Risk Analysis Re-application of iesm iesm Risk Control TPD 2013

44 iesm - Technical Support Processes Managing hazards Independent assessment Configuration management & records

45 iesm - Team Support Processes Managing safety responsibilities Promoting a good safety culture Building & managing competence Working with suppliers Communicating and co-ordinating

46 iesm - Business benefits Identifying risks early Integrate with financial approval Encouraging consistency and re-use Integrating diverse approaches Scaling with the problem an integrated approach Empowering project managers and supporting users through a common approach and common language $ Committed Time Incurred

47 iesm - Summary Is advisory, not mandatory; Provides good practice guidance and will continue to reflect emerging good practice; Is applicable in an international market; Supports use of CENELEC standards and Common Safety Methods (CSM) for risk assessment, with practical, cost-effective advice; Assists in discharging legal & professional obligations; Is guided by an international Working Group of practitioners and supporters.

48 ..and finally There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction. John F. Kennedy robert.davis@tpd.uk.com paul.cheeseman@tpd.uk.com

49

50 Training Status Newly trained 25 Conversion/Refresher trained 25 Training bookings 35 Practical Course ready for booking

51 Competence Up to date Domain knowledge empirical & scientific Experience of application Drive and motivation to achieve the goals and to strive for betterment/excellence The ability to perform the requisite tasks efficiently and to minimise wastage of physical and virtual resources Education & Training Experience levels Ability to adapt to changing circumstances and demands by creating new know-how to get the job done Improvement

52 Competence Categories iesm Aware iesm Certified iesm Practitioner iesm Expert Practitioner

53 Competence Management Group To develop and oversee the competence management and iesm Competence management & registration arrangements for iesm

54 Competence Management Group On behalf of iesm WG: iesm Working Group Chairman iesm Working Group Member from a Railway Client organisation iesm Working Group Member from a Supplier organisation iesm Secretariat

55 iesm Competence Current & Up to date Different levels to allow competence progression Register to be available via Website

56 Future Developments - Guidance Hazard checklists Document Outlines Tools & Techniques Maintenance ISA HF Specific More detailed guidance eg Hazard Id

57 Future Developments - Training ISA Course Specific activity based courses eg Hazard Id & Establishing a Hazard Log

58 A final thought Absolute safety is not achievable in the real world and therefore success relies on two fundamentals: 1) good processes, and 2) good people; such that when there is a problem or failure in one, the railway can be sustained by the other.