GENERAL RAMS PLAN FOR THE RAILWAY LINES

Transcription

1 GENERAL RAMS PLAN FOR THE RAILWAY LINES AKKO CARMIEL, HAIFA - BET SHEAN AND HERZELYA- KEFAR SABA General Rams Plan 1

2 Version Date Author Approve Reference Line Observation V.1 19/07/2012 Elena Laura López general rams plan_1 Akko First draft Martínez Carmiel Haifa Bet Shean V.2 1/08/2012 Elena Laura López Akko Internal version with Martínez general rams plan_2 Carmiel Haifa Bet Shean comments V.3 8/08/2012 Elena Laura López Akko RAMS targets are Martínez general rams plan_3 Carmiel Haifa Bet Shean apportioned V.4 13/08/2012 Elena Laura López Akko Include a table of Martínez general rams plan_4 Carmiel Haifa Bet Shean traceability of revisions and some corrections V.5 11/01/2013 Elena Laura López Akko Update SIL level for Train Martínez general rams plan_5 Carmiel Haifa Bet Shean Location System v.6 16/05/2013 Laura López Laura López Akko Updated Herzelya Kefar general rams plan_5 Carmiel Haifa Bet Shean- Herzelya Kefar Saba Saba line V.7 10/10/2013 Updated Aux. Detection System General Rams Plan 2

3 1 INTRODUCTION THE PURPOSE GENERAL SCOPE NORMATIVE RAMS LIFECYCLE ORGANIZATION AND RESPONSIBILITIES RAM PROGRAM RAM ACTIVITIES RAM REQUIREMENTS AND OBJECTIVES RELIABILITY AVAILABILITY MAINTAINABILITY RAM VALUES FOR EACH SUBSYSTEM DEMONSTRATION OF COMPLIANCE WITH RAM REQUIREMENTS SAFETY PLAN PURPOSE AND SCOPE SAFETY MANAGEMENT SAFETY STRATEGY RISK ANALYSIS AND EVALUATION HAZARD LOG FAILURE REPORTING, ANALYSIS, AND CORRECTIVE ACTION SYSTEM SAFETY INTEGRITY LEVEL AUDITS PLANNING AND PROGRAMMING DELIVERABLES ANNEX PROPOSAL OF RAMS DELIVERABLES ANNEX 1 MODEL FOR THE REGISTRATION OF HAZARD (HAZARD LOG) General Rams Plan 3

4 10.3 ANNEX 2 GENERAL HAZARD LOG LIST OF HAZARDOUS SITUATIONS FOR AKKO CARMIEL AND HAIFA BET SHEAN LINE ANNEX 2 INTERFACES HAZARD LOG LIST OF HAZARDOUS SITUATIONS FOR AKKO CARMIEL AND HAIFA BET SHEAN LINE ANNEX 3 INDEX RAMS PLAN FOR THE SYSTEM S SUPPLIERS General Rams Plan 4

5 1 INTRODUCTION RAMS is a characteristic of a system s long term operation and is achieved by the application of established engineering concepts, methods, tools and techniques throughout the lifecycle of the system. INRC is the company in charged for the development and implementation of new railways lines in Israel, and the ISR is the client, that is in charged on the operation and the maintenance of these two railway lines. INRC is in charge of building two new railway lines in the north of Israel. The first line is the line from Akko to Carmiel. The main characteristics of this line are: Double track. Electrified. Mixed traffic: passenger and freight trains. 22 km long approximately. Slab track only in the Gilon tunnels (two single tunnels of 4.6 km each). Ballasted track in the rest. Telecommunications (fixed and mobile) for all the line. Signalling System. Auxiliary Detection Systems (Hot Axle-Bearing detector and Object Fall detector) Tunnel system integration (distributed control for security installations) including smoke and fire detection, ventilation, CCTV, IR Telephone, lighting, public address, energy supply, pumping water system and emergency communications. Two stations: one in Achihud and one in Carmiel. The second one is the line from Haifa to Bet Shean. The main characteristics of this line are: Single track. Not-electrified. Mixed traffic: passenger and freight trains. 58 km long approximately. Ballasted track in all the line. General Rams Plan 5

6 Telecommunications (fixed and mobile) for all the line. Signalling System. Auxiliary Detection Systems (Hot Axle-Bearing detector) 5 stations: Lev Ha' mifratz, Kefar Yehoshua, Kefar Baruch, Afula and Bet Shean. The third one is the line from Herzelya to Kefar Saba line. The main characteristics of this line are: Double track. Electrified. Mixed traffic: passenger and freight trains. 15 km long approximately Raanana railway tunnel is a double track tunnel with a total length of 1800 m Two stations inside the tunnel: Raanana West and Raanana Center (the stations are out of the scope of the work) The tunnel system integration (distributed control for security installations) including smoke and fire detection, ventilation, CCTV, IR Telephone, lighting, public address, energy supply, pumping water system and emergency communication will be designed and constructed by a third party. Telecommunications (fixed and mobile) for all the line. Signalling System. Auxiliary Detection Systems (Object Fall detector) Slab track only in the Raanana tunnel. Ballasted track in the rest. The goal of a railway system is to achieve a defined level of rail traffic in a given time, safely. RAMS describes the confidence with which the system can guarantee the achievement of this goal and has a clear influence on the railway quality of service. The goal of RAMS is to create input data for the assessment of the suitability of a system in a life cycle. That is, to provide data on failure rates of the system, possible failure modes, maintenance operations, hazards and their consequences, etc. A dependable railway system can only be realized through consideration of the interactions of RAMS elements within a system and the specification and achievement of the optimum RAMS combination for the system. General Rams Plan 6

7 Therefore, for design, build, operation and maintenance of a Railway System, it has become increasingly important to assure conformity with respect to requirements in the areas of reliability, availability, maintainability, and safety (RAMS). These four primary components of a RAMS analysis provide eloquent insights into an entire railway system, and of its component sub-systems. All contractors of any of the phases of design, manufacturing, construction and engineering of any of the elements of the proposed system should perform their particular management processes in RAMS by this document. 2 THE PURPOSE This document can be applied systematically by a railway authority as ISR or INRC and railway support industry as are the rest of companies that are working for this project, throughout all phases of the lifecycle of a railway application, to develop railway specific RAMS requirements and to achieve compliance with these requirements. 2.1 GENERAL This document aims to set the overall strategy for managing RAMS aspects. The goal of a railway system is to achieve a defined level of rail traffic in a given time, safely. The RAMS plan is drawn in the initial design phase of the application so it has to be adapted to the needs of the project. This document constitutes the basic RAMS program. Includes the overall strategy for the management of RAM and safety issues and define the specific tasks to be performed throughout all the lifecycle of a project. 3 SCOPE This document applies for all the lifecycle according to the following subsystems. The project will deliver an infrastructure/systems that are safe (and reliable) to use by the maintenance team, operator and for the passengers. For this project the subsystem electrification is not applied but It will be necessary consider the interface between electrification and rest of subsystems. For the railway lines Akko-Carmiel and Herzelya- Kefar Saba the project breakdown: General Rams Plan 7

8 MOBILE COMM SUPERSTRUCTURE Rolling Stock AUX. DETECTION SYSTEM FIXED COMM Electrification SIGNALLING TUNNEL Civil Works Notice that the other lines to the rest of subsystems are not painted with fix lines because is not the scope of the rams activities, only the interfaces between them. The scope of this document is only for the facilities provided by different manufacturers. Requirements for establishing a rigorous Systems Integration process on major railway projects are becoming more commonplace; The System RAM Plan must consider not only the internal interfaces between the System, the Subsystems, and Operation and Maintenance, but also the external interfaces between the System and the civil works and station. The main function will be to pay attention to the interfaces between subsystems. The scope of this plan does not include the RAMS responsibility of the electrification and the operation and maintenance, only includes the interfaces with it. For the railway line Haifa-Bet Shean the project breakdown: General Rams Plan 8

9 SUPERSTRUCTURE MOBILE COMM FIXED COMM Rolling Stock Civil Works AUX. DETECTION SYSTEM SIGNALLING Notice that the other lines to the rest of subsystems are not painted with fix lines because is not the scope of the rams activities, only the interfaces between them. 4 NORMATIVE All Standards referred here are to be applied for all lifecycle: RAMS EN The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) En 50128: Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems EN 50129: Railway applications - Communication, signalling and processing systems - Safety related electronic systems for signalling For all the subsystems involved in this project it will be applicable the actual standards. 5 RAMS LIFECYCLE A system lifecycle appropriate in the context of railway application is shown in the next figure. General Rams Plan 9

10 Concept 1 System Definition and Application Conditions 2 Risk Analysis 3 Re-apply Risk Analysis System Requirements 4 Apportionment of 5 System Requirements Design and Implementation 6 Manufacture 7 Installation 8 System Validation 9 (Including Safety Acceptance and Commissioning) System Acceptance 10 Performance Monitoring 12 Operation and Maintenance 11 Modification and Retrofit 13 De-commissioning and Disposal 14 Re-apply Lifecycle A life cycle costing approach considering Reliability, Availability, Maintainability & Safety (RAMS) analysis will provide a way to optimize the maintenance strategy, it is important to follow systematic RAMS actions throughout the life cycle of the system. The next figure shows the relation between them. General Rams Plan 10

11 Railway RAMS Safety Availability Reliability Maintainability Interrelation between RAMS elements of technical systems (reliability, availability, maintainability and safety) it is shown in the above figure. It can be seen from the Figure that safety and availability are output RAMS characteristics, depending on RAMS characteristics that are inherent to railway technical system (reliability and maintainability). In the relation of an influence on safety and availability, let it be that operation and maintenance conditions are at the same level as reliability and maintainability. 6 ORGANIZATION AND RESPONSIBILITIES The Consortium (it is formed by the support railway industry and INRC) will put into place a Development team which will be in charge of the System RAMS management. This team will be in charge of preparing the specifications, integrating and supervising supplier and subcontractor RAMS studies, and ensuring that each department and supplier complies with the tasks specified in this plan and the technical specifications document. The person responsible for RAMS must attend technical meetings with the suppliers and subcontractors, as well as design review meetings, providing the observations necessary to supervise and guarantee the fulfilment of RAMS objectives. It will be necessary a RAMS coordinator to ensure that all the RAMS responsible fulfil the RAMS objectives. The next figure shows the hierarchical organization between RAMS coordinator and RAMS responsible for each subsystem. INECO will be the integrator of the particular RAMS analysis to the different subsystem and the RAMS coordinator of the whole project. For this project, this figure shows the different responsibilities between each subsystem 12 : General Rams Plan 11

12 This Figure only apply for Akko Carmiel and Haifa-Bet Shean lines RAMS ACTIVITIES Sub-system designer SYSTEM Elaboration of 'RAMS General Plan' - Ineco Company responsible for RAMS activities in design stage Follow-up responsible in design stage SIGNALLING SUB-SYSTEM Elaboration of 'RAMS Particular Plan' Thales Thales Ineco Selected Selected AUXILIARY DECTECTION SUB-SYSTEM Elaboration of 'RAM Particular Plan' contractor contractor Ineco FIXED COMMUNICATION SUB-SYSTEM Elaboration of 'RAM Particular Plan' Nokia- Siemens Nokia- Siemens Ineco MOBILE COMMUNICATION SUB- SYSTEM Elaboration of 'RAM Particular Plan' Motorola Motorola Ineco TUNNEL SUB-SYSTEM Elaboration of 'RAMS Particular Plan' Several designers Ineco Ineco TRACK SUB-SYSTEM Elaboration of 'RAM Particular Plan' Ineco Ineco Ineco ELECTRIFICATION SUB-SYSTEM Elaboration of 'RAM Particular Plan' ISR ISR Ineco *For Herzelya-Kefar Saba line this figure is in progress The next figure shows the RAMS activities according the different subsystem. Notice that for each subsystem is involved a different company. RAMS Coordinator Superstructure Signalling Aux. Detection Tunnel system Fixed communic Mobile communic Design Design Design Design Design Design V&V V&V V&V V&V V&V V&V Install Install Install Install Install Install RAMS RAMS RAMS RAMS RAMS RAMS responsible responsible responsible responsible responsible responsible General Rams Plan 12

13 For Akko Carmiel and Haifa-Bet Shean lines: Tunnel system Ineco Signalling Thales Auxiliary dection system Ineco Fixed comms Nokia Siemens Mobile comm Motorola Superstructure - Ineco Here we list the main function for the safety responsible for each subsystem: Establishment of the necessary safety procedures in the different phases of the lifecycle. Planning safety activities. Compilation compliance evidences of safety activities. Control and Management Hazard Log. For the railway lines Akko-Carmiel and Herzelya-Kefar Saba the activities RAMS according to each subsystem is shown in the next figure: RAMS activities RAMS activities RAMS activities RAMS activities RAMS activities RAMS activities Superstructure Signalling Aux. Detection Fixed comm Mobile comm Tunnel system For the railway Haifa-Bet Shean will be the same (exception Tunnel system). General Rams Plan 13

14 7 RAM PROGRAM This chapter details preliminary RAM values for each railway subsystem, as well as reliability and availability experiences and practical demonstrations relating to each of these subsystems, to ensure compliance with the availability target required for the railway system as a whole. The requirements of the technical specifications document do not specify any specific quantitative objectives for the reliability and maintainability parameters. Nevertheless, as demonstrated in the RAM Management Plan, the target values that have been established for each subsystem s reliability and maintainability allow achieving the level of availability required for the railway system. 7.1 RAM ACTIVITIES The main activity in the RAM program will be the RAM analysis; it is a process which utilizes the failure information from a system in order to develop probability distributions that the system will be able to perform its intended functions of reliability and availability performance. This shall allow identifying potential deficiencies during early design stages. 7.2 RAM REQUIREMENTS AND OBJECTIVES Along with the safety requirements are the Reliability, Availability, Maintainability (RAM) requirements whose goal is to ensure the System has a required level of dependability. This means that it must be reliable, have minimum delays and cancellations and minimum incidents. Maintenance must, to the greatest extent possible, be performed during the scheduled possession times. In order to anticipate and ensure the Reliability, Availability, and Maintainability levels of the railway system as a whole, it is essential to have detailed information available and to conduct a reliability analysis of each subsystem that is considered to be critical from the operating point of view RAM objectives analysis is based on the following elements: RAM database (other similar projects, reliability analysis from subcontractors and suppliers) General Rams Plan 14

15 Failure modes Feedback experience There are different methods to calculate the RAM values. The railway companies will define which one it is going to be used. They must explain in which conditions are this parameter calculated and for which interval of time it is going to be apply. 7.3 RELIABILITY Reliability is a characteristic of design. It is defined as the probability that a specified item will perform a specified function within a defined environment, for a specified length of time. For complex systems the reliability requirement is normally specified in terms of the mean time between failures (MTBF) or as a failure rate, for example failures per million operating hours. The basic parameter for the reliability study is defined as MTBF. MTBF = Total operating time/ number of failures This parameter is used to detect those elements that you should pay more attention To verify the reliability of the system during its lifetime, it shall prepare a plan for monitoring the reliability, which will form part of the RAMS program. To calculate this parameter it will be necessary to have all the design information, configuration of the subsystems and the methodology that it is going to be used. Notice that there are different ways to calculate this parameter. 7.4 AVAILABILITY The ability of a product to be in a state to perform a required function under given conditions at a given instant of time or over a given time interval assuming that the required external resources are provided. The number of trains that are available for service without technical restrictions will be checked each day. Availability is the availability of an item/system is the probability that this item/system will be in a state to perform a required function under given conditions, at a given instant in time or over a time interval, assuming that the given external resources are provided. General Rams Plan 15

16 Availability = 1 Unavailability/Availability max The intrinsic availability facilitates measurement of the availability of an element of a system which indicates the operation of the element depending on the design. Intrinsic Availability= MTBF/ MTBF+MTTR To calculate this parameter it will be necessary to have all the design information, configuration of the subsystems and the methodology that it is going to be used. Notice that there are different ways to calculate this parameter. 7.5 MAINTAINABILITY The probability that a given active maintenance action, for an item under given conditions of use can be carried out within a stated time interval when the maintenance is performance under stated conditions and using stated procedures and resources. Maintainability is the probability that a given active maintenance action, for an item under given conditions of use can be carried out within a stated time interval when the maintenance is performed under stated conditions and using stated procedures and resources.. Alternatively Maintainability is a characteristic of design and is essentially a measure of the ease with which the item can be maintained. A more formal definition is maintainability is a characteristic of design and installation, expressed as the probability that an item will be restored to operating condition, within a given period of time, using prescribed procedures and resources. The most commonly used measure of maintainability is the mean time to repair (MTTR). Where the logistical delays aren t considered (MDT) Among the basic parameters that characterize the maintainability of the elements and systems we have the following: MTTR (Mean Time to Restore) MDT (Mean down Time) Maintainability will be reviewed to assure maintenance of the elements in each of the systems and subsystems. Maintainability requirements shall be included in the specification either directly in the form of MTTR targets for specific equipment. General Rams Plan 16

17 7.6 RAM VALUES FOR EACH SUBSYSTEM The System RAM targets are apportioned in the following table. The individual RAM targets are defined to each party for his specific Subsystem. The combination of RAM targets imposed to each party shall perfectly match the System target. The minimum functional availability for the whole system for the lines Akko Carmiel and Herzelya Kefar Saba are 99.07%. The minimum functional availability for the whole system for the line Haifa Bet Shean is 99.51%. The next table shows the availability for each subsystem per year. Notice that these values will be the minimum values that the suppliers must comply. The following table shows a proposal RAM values for the functional availability: RAILWAY RAM PRELIMINARY FIGURES AVAILABILITY SIGNALLING 99.86% AUXILIARY DETECTION % ELECTRIFICATION 99.87% TELECOMMUNICATIONS (FIXED) 99.89% TELECOMMUNICATIONS (MOBILE) 99.85% TRACK 99.91% TUNNEL 99.67% For electrification it will be necessary to confirm this value. Electrification is not in the scope of this document. 7.7 DEMONSTRATION OF COMPLIANCE WITH RAM REQUIREMENTS The process of demonstrating the RAM requirements starts at the design phase and is carried out throughout the entire lifecycle. General Rams Plan 17

18 Since the upgrade and development of the RAM preliminary analysis, it will be necessary set policy and RAM management in order to and detail the activities to be carried out by updating this program RAM. It will be necessary start with the global system definition in order to establish the RAM requirements. After this we evaluate the reliability and overall availability in order to compare with the system objectives. Based on the requirements of reliability, availability and maintainability of the system and the proposed architecture, each team will analyze to assign values of reliability and availability. At this point the plan will establish a demonstration of reliability and availability that will return from the experience of the installed equipment, demonstration of compliance with the above objectives. The results of all analyze and studies carried out RAM will be reflected in the RAM reports. There will be a RAM review program that it takes place in the main phases of all the lifecycle. 8 SAFETY PLAN A documented set of time scheduled activities, resources and events serving to implement the organizational structure, responsibilities, procedures, activities, capabilities and resources that together ensure that an item will satisfy given safety requirements relevant to a given contract project. The plan considers the management and control requirements emanating from the whole series of standards EN 50126, EN 50128, EN and EN 50159, with the objective of controlling the risks arising from the nonconformities during the lifecycle. 8.1 PURPOSE AND SCOPE The purpose of this plan is to develop the safety activities ensuring consistency. Another object of this Plan is to establish general guidelines for the conduct of safety activities. This Plan applies to all the phases of the lifecycle for each subsystem and cover the general requirements. It takes into consideration the guidelines for the organization and management of security, in order to keep under control the risks arising from non-conformities in the subsystems during the life cycle of the same. The object of this Plan set the safety activities to obtain the safety requirements and the subsequent monitoring and control for each phase. This plan also provides guidelines for the relationship, for the transmission of the risks whose level cannot be reduced to a negligible level facing the implementation of mitigation measures. This will be including in the Hazard Log. General Rams Plan 18

19 8.2 SAFETY MANAGEMENT From the point of view of organization, strategy, planning and programming and safety activities, a safety policy is implemented. It consists in a development of an organization, coordination and direction for the safety activities to ensure the safety minimum level. The next figure shows a safety policy. To achieve this goal will take the following actions: Establishing a Safety Management System that provides a continuous risk management, this will be as a tool to control safety requirements throughout the lifecycle. Implementation of safety analysis, systematic top-down. Definition of an organization under the structure and responsibilities, which will maintain the System safety Management. Provide guidelines to ensure system safety objectives. Ensure resources to meet safety policy. Requiring preservation of the Safety Management System. General Rams Plan 19

20 8.3 SAFETY STRATEGY The safety strategy for achieving compliance with safety requirements is based on the following principles: In the unmodified components and subsystems, with proven safety, the safety demonstration will be based on existing safety documentation; in modified components and subsystems, the safety demonstration will be based on safety documentation of non-regression. Risks are identified in the early stages of the life cycle, and will be tracked to closure. The routine to be followed for the Safety Management consists of a risk management process with continuous feedback, based on the following points: Tracing Quality Management System. Identification of Hazards Risk assessment Monitoring Safety Requirements throughout the lifecycle. Communication Hazard, Conditions and Service restrictions. Perform audits. In Annex 9 it is include a Hazard Log model. 8.4 RISK ANALYSIS AND EVALUATION The purpose of the Preliminary Risk Analysis is to identify, classify and assign a risk level to potentially dangerous situations that individually or in combination with others could cause an accident. Part of this analysis is the justification of SIL assigned to safety functions. The level of risk is derived from the combination of the severity and frequency of occurrence of the dangerous situation. The following table shows this classification: General Rams Plan 20

21 The probability or frequency of occurrence is classified into six categories: The risk assessment will be made by combining the frequency of occurrence of the hazard to the severity or seriousness of their consequences, thus obtaining the level of risk associated with such hazard. For the risk level using the following matrix: General Rams Plan 21

22 The relationship between the level of risk and mitigation measures will be: For each identified hazardous situation, contained in the Hazard Log, will be a risk analysis. Where it is possible to reduce the risk to negligible levels, you must apply the risk acceptance criteria. 8.5 HAZARD LOG The Hazard Analysis Reports shall contain the following information: Hazard Log for the whole System (including the interfaces between subsystems) Additional to the Hazard Log a summary of all original R3 and R4 Hazards and the proposed mitigation measures to reduce the risks to R1 and R2 status. Analysis records using detailed analysis techniques such as Failure Mode and effects Criticality Analysis (FMECA). The Hazard Analyses Report will be based on each individual Subsystem Hazard Analysis Report, as prepared by each Contractor/Subcontractor. Any new Hazard arising shall be included and highlighted in the Hazard Analysis Report. The Hazard Analysis Report shall be updated on a regular basis during the design, installation, testing and commissioning stages. General Rams Plan 22

23 8.6 FAILURE REPORTING, ANALYSIS, AND CORRECTIVE ACTION SYSTEM Control non-conformities will be made throughout all phases of the life cycle of the system. Corrective actions for non-conformities shall take into account the impact on lifecycle stages that apply. Under this, non - conformities will close when: It has been shown that the modification made to the correction has no impact on lifecycle stages already completed. When this is not possible, it will act on the corresponding phases and showing the rest are not affected 8.7 SAFETY INTEGRITY LEVEL When the level of safety for the application has been set and the necessary risk reduction estimated, based on the results of the risk assessment process, the safety integrity requirements, for the systems and components of the application, can be derived. Safety integrity can be viewed as a combination of quantifiable elements (generally associated with hardware) and non- quantifiable elements (generally associated with systematic failures in software, specification, documents, processes...etc). External risk reduction facilities and the system risk reduction facilities should match the necessary risk reduction required for the system to meet its target level of safety. Safety integrity correlates to the probability of failure to achieve required safety functionality. Safety functions within systems should be implemented using the architecture, methods, tools and techniques defined in other relevant detailed standards. For example EN50126, EN50128 and EN General Rams Plan 23

24 PROPOSAL SIL Subsystem Safety Integrity Level (SIL) Mobile Communication SIL 0* Fixed Communication SIL 0* Superstructure SIL 0* Signalling SIL 4 Auxiliary Detection SIL 2** Tunnel System See table below. *This failures do not affect to the safety integrity level, only availability of the system, except for the tunnel. **This value is applicable to the case where the Auxiliary Detection System is not directly connected to the interlocking (Signalling System), that is, possible alarms do not close signals or impose speed limitations automatically. In case any module of the Auxiliary Detection System would have a direct and safety related impact in the interlocking, that module should be considered as SIL 4. PROPOSAL SIL FOR TUNNEL SUBSYSTEMS FUNTIONS Subsystem function Safety Integrity Level (SIL) Fire Detection SIL 2* Gas Detection SIL 2* Ventilation SIL 2* Emergency Lighting SIL 2* Evacuation Lighting SIL 2* Train Location System SIL 0 Rest of facilities SIL 0* * According to IEC standard. General Rams Plan 24

25 8.8 AUDITS As a tool for monitoring RAMS activities it will be necessary to perform audits. We can divide into two programs audit. The scheduled audits will take place at the main phase from the lifecycle. Also more audits will take place if it will be necessary. 8.9 PLANNING AND PROGRAMMING The programming of the safety activities is always done by the time of execution of work activities, ie, is linked to the progress of work. Here are activities to be undertaken in each of the phases of the lifecycle: PHASE 1: CONCEPT The objective of this phase shall be to develop a level understanding of the system sufficient to enable all subsequent RAMS lifecycle tasks to be satisfactorily performed. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase, for example the scope and purpose statements for the project. PHASE 2: SYSTEM DEFINITION This phase defined the limits of the system and application conditions that can influence the characteristics of the system. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase 1. To meet this objective, the activities to be undertaken will be: RAM preliminary analysis Establish a RAM policy Include a Safety Plan PHASE 3: RISK ANALYSIS Risk analysis may need to be repeated at several stages of the lifecycle. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase and the deliverables produced in phase 2. General Rams Plan 25

26 The main purpose of this phase is to obtain the System Hazard Log analysis and assessment of all hazards PHASE 4: SYSTEM REQUIREMENTS This stage is carried out to specify the general requirements of system RAM also define general criteria for the acceptance of safety. The tasks to be performed at this stage, related to RAM management will be primarily: Specify the requirements of the global system RAM; Define global acceptance criteria of RAM; Define the functional structure of the system. Updated Safety Plan The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase and the deliverables produced in phase 2 and 3. PHASE 5: APPORTIONMENT OF SYSTEM REQUIREMENTS After obtaining the system RAM requirements at this stage they will be allocated to the various subsystems and components. Also it will be define acceptance criteria for these subsystems and components. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase and the deliverables produced in phase 4. Also this phase shall produce an updated Safety plan. PHASE 6: DESIGN AND IMPLEMENTATION The objectives of this phase are to: Create sub-systems and components conforming to RAMS requirements. Demonstrate sub-systems and components conform to RAMS requirements. Establish plans for future lifecycle tasks involving RAMS. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase and the deliverables produced in phase 4 and 5. The implementation of the program RAM through review, analysis, testing and evaluation of data, covering: Reliability and Availability Maintenance and Maintainability General Rams Plan 26

27 optimal maintenance policy Logistics Support Management of the program RAM PHASE 7: MANUFACTURING The objectives of this phase are to: Implement a manufacturing process which produces RAMS-validated sub-systems and components. Establish RAMS-centered process assurance arrangements Establish sub-system and component RAMS support arrangements. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase and the deliverables produced in phase 6. Also it will begin Communication System Failures and Corrective Action (FRACAS) PHASE 8: INSTALLATION This phase will run the installation plan, and carried out the control and monitoring of RAM requirements. The objective of this phase shall be to assemble and install the total combination of subsystems and components required to form the complete system and initiate a system support management. The input to this phase shall include all relevant information, and where, appropriate, data, necessary to meet the requirements of the phase and the deliverables produced in phase 6 and 7. Also it is necessary updated the safety plan. PHASE 9: SYSTEM VALIDATION The objectives of this phase are to: Validate that the total combination of sub-systems, components and external risk reduction measures comply with the RAMS requirements for the system. Commission the total combination of sub-systems, components and external risk reduction measures. The main task in this phase will be the demonstration RAM PHASE 10: SYSTEM ACCEPTANCE The task performed at this stage is the evaluation of the demonstration RAM General Rams Plan 27

28 The input to this phase shall include all relevant information, and where appropriate, data, necessary to meet the requirement in phase 4, the verification and validation plan and acceptance plan prepared in phase 4 and the record of verification and validation tasks prepared in phase 9. Also it will be necessary update the Hazard Log. PHASE 11: OPERATION AND MAINTENANCE This phase will track maintenance to verify that the RAM requirements associated with the operation and maintenance are met. The input to this phase shall include all relevant information, and where appropiate, data, necessary to meet the requirement and in particular the operation and maintenance procedures prepared in phase 6. PHASE 12: PERFORMANCE MONITORING The objective of this phase will be to maintain the confidence of the system during operation. For this reason will be necessary collect, analyze and evaluate RAM operating statistics. PHASE 13: MODIFICATION AND RETROFIT The objective of this phase shall be to control system modification and retrofit tasks to maintain system RAMS requirements. PHASE 14: DECOMMISSIONING AND DISPOSAL The objective of this phase shall be to control system decommissioning and disposal tasks. There will be revisions and updates to the Safety Plan and Hazard Log to contemplate phased commissioning or changes in the scope. These updates will take place in the life cycle phase in which changes occur. 9 DELIVERABLES Here we list a number of deliverables depending on the subsystem and the lifecycle. General Rams Plan 28

29 The operation phase is not in the scope of the project and should be under the responsibility, and should be done by the ISR. General Rams Plan 29

30 10 ANNEX General Rams Plan 30

31 10.1 PROPOSAL OF RAMS DELIVERABLES All this documents are based in the normative EN The subsystem of the electrification is not included. It will be necessary evaluate the interface between the electrification subsystem and the rest of the subsystems and also assess the impact of the electrification on the rest of the subsystems. System Safety Plan: A documented set of time scheduled activities, resources and events serving to implement the organisational structure, responsibilities, procedures, activities, capabilities and resources that together ensure that an item will satisfy given safety requirements relevant to a given Project. This document applies for the subsystem SIGNALLING AND TUNNEL. Hazard Log: A document in which all hazards are identified with a frequency and severity. Decisions made and solutions adopted are recorded or referenced during all lifecycle. This document will include all the hazards, restrictions and mitigations during all lifecycle. This document applies for the subsystem SIGNALLING AND TUNNEL. Safety Case: It will be a summary demonstration that the subsystem complies with the specified safety requirements. The purpose of this document is to meet the requirements during all phases of the lifecycle, providing evidence of safety systems supplied and providing justification. The document it will contain all the open points during all lifecycle. The activities are separated by phases. All this document will be follow the normative EN This document applies for the subsystem SIGNALLING, (TUNNEL: to define if it needed a Safety Case or a Safety tunnel report). Engineering Safety Validation: The document will include the validation of the safety requirements for the system. Throughout this document details test cases carried out in order to validate the system, the relationship of the effects found in these tests and the validation of the same in subsequent tests will ensure that the system comply with the safety requirements. This document applies for the subsystem SIGNALLING AND TUNNEL. Operation and Maintenance Manual: A documented set of resources which are arranged and organised in order to operate and maintain the system with a safety level (if it needed) and with the specific availability level at the required lifecycle cost. It will contain the combination of all technical and administrative actions, including supervision actions, intended to retain a product in, or restore it to, a state in which it can perform a required function. This document should be applied under the Israel Railways (ISR) companies because it will be their responsibility. The responsibility of designing this operation and maintenance plan is for the builder. General Rams Plan 31

32 System RAM Plan: A documented set of time scheduled activities, resources and events serving to implement the organisational structure, responsibilities, procedures, activities, capabilities and resources that together ensure that an item will satisfy given RAM requirements relevant to a given Project. This document applies for all the subsystems, SIGNALLING, TUNNEL, FIXED COM, MOBILE COM, SUPERSTRUCTURE. RAM Analysis and Prediction Report: It will have the analysis of a combination of Reliability, Availability, and Maintainability of system. Many tasks, methods, and tools can be used to achieve RAM value parameters. Every system requires a different level of RAM parameters. For example for reliability the document will include a functional analysis, a top-down analysis, a common cause failure etc. For maintainability will include a maintainability analysis, studies etc. For availability include availability analysis, availability demonstration etc. This document applies for all the subsystems SIGNALLING, TUNNEL, FIXED COM, MOBILE COM, SUPERSTRUCTURE. FMECA: A documented set of Failure Modes, effects, and Criticality Analysis will be included. FMECA are methodologies designed to identify potential failure modes for a product or process, to assess the risk associated with those failure modes, to rank the issues in terms of importance and to identify and carry out corrective actions to address the most serious concerns.this document will have the result failure modes with relatively high probability and severity of consequences, allowing remedial effort to be directed where it will produce the greatest value. It has a bottom up analysis. This document applies for all the subsystems SIGNALLING, TUNNEL, FIXED COM, MOBILE COM, SUPERSTRUCTURE. FRACAS/DRACAS: Data/Failure Reporting Analysis and Corrective Action System. It will contain a database history of faults/failures of the system components. This document is used to collate information on how equipment or systems are performing in the field from a reliability and maintainability perspective. This document applies for all the subsystems SIGNALLING, TUNNEL, FIXED COM, MOBILE COM, SUPERSTRUCTURE. RAM Demonstration Report: A document to validate the values obtained and to demonstrate that the system meets the operational objectives. This document will demonstrate compliance of the activities included in the ram plan. This document applies for all the subsystems SIGNALLING, TUNNEL, FIXED COM, MOBILE COM, SUPERSTRUCTURE. General Rams Plan 32

33 10.2 ANNEX 1 MODEL FOR THE REGISTRATION OF HAZARD (HAZARD LOG) ID Hazard status Initial estimation SIL Mitigation Freq. Severity Danger Measure Final estimation Doc. Ref. Ver. Freq. Severity Danger Date Responsible Hazard report General Rams Plan 33

34 10.3 ANNEX 2 GENERAL HAZARD LOG LIST OF HAZARDOUS SITUATIONS FOR AKKO CARMIEL AND HAIFA BET SHEAN LINE General Rams Plan 34

35 10.4 ANNEX 2 INTERFACES HAZARD LOG LIST OF HAZARDOUS SITUATIONS FOR AKKO CARMIEL AND HAIFA BET SHEAN LINE General Rams Plan 35

36 10.5 ANNEX 3 INDEX RAMS PLAN FOR THE SYSTEM S SUPPLIERS General Rams Plan 36