ROSAS Seminar RAMS in Railways. Wolfgang Berns 17 May 2017

Transcription

1 ROSAS Seminar 2017 RAMS in Railways Wolfgang Berns 17 May

2 ROSAS Seminar Safety in Railways Fribourg, 17 May 2017 Agenda Reliability, Availability, Maintainability and Safety of Rail Systems - RAMS RAMS and Life-Cycle Costs Standards and Processes Safety analysis methodologies Source: 2

3 RAMS - a life-cycle focused methodology to reduce risks and costs Reliability How often does an event/hazard occur? Availability How often and how long can the item not be used? RAMS Maintainability How easy and effective can the service and maintenance of the item be performed? Safety How serious is the event/hazard? Source: BERNS

4 RAMS - Detailed Definition Reliability The ability of a technical system to perform its required functions under given conditions for a given period of time (mission time). Availability the ability of a technical system to perform a specific function at specific operational conditions at a moment in time under consideration of the system reliability and maintenance/repair activities. Maintainability The feasibility that a certain maintenance measure can be executed for a system under given boundary conditions within a defined period of time; if the maintenance will be performed under defined conditions, a defined process and auxiliary materials will be used. Safety the non-existence of unacceptable damage risk. 4

5 RAMS - a life-cycle focused methodology to reduce risks and costs To predict, monitor and control the safe and reliable functionality of a product over its complete life-cycle by a combined consideration of: A train is operated for years without problems, no malfunctions one day the break system has a problem, difficulties to arrive safely at the next station to fix the problem there it turns out the repair work is very complex => Reliability => Safety => Maintainability will cause the relevant repair time => Availability fortunately the break system did not fall apart when it failed! => Integrity Best from a S(afety) view point but worst from RAM view point: make the train => the break system fails before the train leaves production site => it is extremely complex to repair => repair time cannot be predicted! 5

6 RAMS - a railway specific methodology RAMS = Reliability <=> Availability <=> Maintainability <=> Safety 6

7 RAMS in Railways The railway system Infrastructure and rolling stock Source: European Railway Agency, Intermediate report on the development of railway safety in the European Union,

8 RAMS in Railways The railway system - infrastructure Source: Innotrack, Guideline for LCC and RAMS Analysis,

9 RAMS in Railways The railway system - rolling stock Railway system Traffic Control Center Systems Infrastructure Rolling Stock Subsystems Car body Wheels & bogies Brakes Traction system Door systems Components Vacuum brakes Electro-pneumatic brakes 9

10 RAMS and Life-Cycle Costing (LCC) - a railway specific approach Source: Innotrack, Guideline for LCC and RAMS Analysis,

11 RAMS - a railway specific approach CENELEC EN 50126: RAMS life-cycle development operation disposal Source: CENELEC EN 50216: Railway applications - The specification and demonstration of reliability, availability, maintainability and safety; CENELEC: Comité européen de normalisation en électronique et en électrotechnique 11

12 RAMS and Life-Cycle Costing (LCC) - a railway specific approach Acquisition cost LCC CM PM Maintenance staff Stock and logistic Spares cost Disposal cost

13 RAMS and Life-Cycle Costs (LCC) - a railway specific approach Acquisition Cost: cost to purchase LCC CM (Corrective Maintenance): cost to repair PM (Preventive Maintenance): cost to prevent failures Maintenance staff: cost of personnel/training to perform maintenance Stock and logistic: cost to store and to transport spare parts Spares cost: cost of spare parts Disposal cost: cost of recycling at end-of-life LCC (Life Cycle Costs): Achieve highest level of reliability, availability and safety at the lowest life-cycle costs ( total cost of ownership over life )?

14 RAMS - Many national Standards, but harmonized Relevant CENELEC RAMS Standards RAILWAY APPLICATIONS SPECIFICATION AND DEMONSTRATION OF RELIABILITY, AVAILABILITY, MAINTAINABILITY AND SAFETY (RAMS) Source: BERNS

15 RAMS - Many national Standards, but harmonized EN = Master Standard driven by CENELEC (Comité Européen de Normalisation Électrotechnique), aiming for: common understanding and approach for RAMS management cooperation between railway industry and railway companies and operators Meanwhile a set of general international standards exists: EN (Railway applications - The specification and demonstration of reliability, availability, maintainability and safety) EN (Railway applications - Communication, signaling and processing systems - Software for railway control and protection systems) EN (Railway applications - Communications, signaling and processing systems - Safety related electronic systems for signaling) describing the life-cycle process for safety relevant railway systems associated with standards for their homologation.

16 RAMS - Relevant CENELEC Standards EN defines terms of RAMS, their interaction and process for managing RAMS based on system life-cycle process for specifying requirements for RAMS and demonstrating that these requirements are achieved as defined EN is related to software and defines procedures and technical requirements for development of programmable electronic systems for usage in railway control and protection recommendation for ensuring desired Software Safety Integrity Levels (SSIL) EN defines activities, stages and acceptance criteria for step-by-step approach before acceptance stage, followed by additional planned activities carried out through service life evidence for acceptance of safety-related systems related to EN 50126

17 RAMS - a railway specific approach EN RAMS process Source: EN 50126

18 Relevant Processes Railway life-cycle V - model Source: Gingko 18

19 Failure rate l Safety and Reliability Management of Systems Reliable Systems - Basics Reliability applies to the system life-cycle Infant Mortality phase Useful life phase Phase of constant failures (random) Wear-out phase l(t) => l constant R t = e λt F t = 1 e λt MTTF = 1 λ l constant MTTF constant MTTF = Mean Time To Failure Observed bathtub curve Constant failures (random) Wear-out failures Early failures (Infant Mortality) Reliability R(t) - the probability of success during an interval of time (t=ti) Unreliability F(t) - the Probability of Failure during an interval of time (t=ti)

20 Reliable Systems - Basics Failure Rate l and Failure Probability F * F t = 1 e lt lt Probability l [1/hr] t [hr] F = 1 - e -lt [ - ] F lt [ - ] * E * E * E * E * E * E * E * E * E-04 t = 1000 hr 1.0 * E * E * E * E * E * E-02 0 t = 1 hr * Also often used: PF or P ** for l t << 1 and l = constant Exposure time t [hr] 1.0 * E * E * E

21 Safe and Reliable Systems - Terminology What is a... Error is the discrepancy between a computed, observed or measured value or condition, and the true, specified or theoretically correct value or condition. incorrect operational action or design, implementation, production mistakes e.g.: wrongly coded SW, wrongly designed sensor, wrongly mounted oil pipe, etc. can be caused by faults in the system Fault is the abnormal condition that can cause system functions / systems to fail defect scenario, e.g. SW function does not work, sensor failed, oil pipe broken Failure is the termination of the ability of a system to perform a function / functions as required resulting in a system failure (failure condition) defect scenario, e.g. controller fails, aircraft speed measurement fails, gear box oil supply fails 21

22 RAMS - Reliability Mean Time Between Failure - the average time interval of one failure/restore cycle of a system. Applies only to repairable systems. available failure 1 repair failure 2 not available not repairable MTTF MTTR MTBF MTTF t MTTF = Mean Time to Failure λ = failure rate MTTR = Mean Time to Restore μ = restore rate (= number of restores per time period) MTBF = MTTF + MTTR

23 Safe, Reliable and Secure Systems - Terminology Reliability: the engine of a locomotive fails after x hours of reliable operation (MTTF); no safety issue when occurring on a safe area on ground. Safety: the engine of a locomotive fails after x hours of reliable operation while the train is moving safety issue! Safest train when: the engine of a new locomotive fails right at the first engine start on a sidetrack (MTTF = 0) and the maintenance team has no clue how long it will take to repair the engine (MTTR =?), if at all. Availability: the engine of a locomotive fails after x hours of reliable operation, but can be repaired in y hours. Maintainability: corrective action: the engine of a locomotive failed after x hours of reliable operation; to make the vehicle again available after y hours repair time (MTTR). Legend: MTTF = Mean Time To Failure MTTR = Mean Time To Restore ( or Repair) 23

24 RAMS - Reliability How assess Reliability? 1. Reliability requirements, target data: MTTF, MTBF, MDBF, FPMK Risk categories (from Preliminary Hazard Analysis (PHA)) 2. Assessment actual reliability data: Test data Reliability prediction databases, e.g. IEC 62380, MIL-HDBK-217, Telcordia SR-332, NPRD-2011, Siemens SN 29500, FMD-2016) SW Tools (e.g. reliability block diagram) MTTF = Mean Time to Failure MTBF = Mean Time to Failure MDBF = Mean Distance between Failure FPMK = Failures per Million Kilometer

25 RAMS - Availability Reliability R(t) - the probability of success during an interval of time Availability A - the probability of success at a moment in time (allows for past failures, i.e. repairable systems; considers failure rates and restore rates) MTTF = Mean Time to Failure A = MTTF MTTF + MTTR = f(λ, μ) λ = failure rate MTTR = Mean Time to Restore μ = restore rate MTTF = 1 λ MTTR = 1 μ Reliability: R(t) = 1- λ (t) = f(λ,ti) Maintainability

26 RAMS - Maintainability Maintainability how to maintain a system / product optimally : Serviceability: optimize execution of scheduled maintenance tasks and servicing Reparability: optimize repair service after a failure occurrence Maintenance Engineering a mandatory process associated with the system development process 26

27 RAMS - Maintainability Classification of maintenance types according to EN

28 RAMS - Maintainability Glossary Preventive (Predictive) Maintenance (PM) Scheduled maintenance activities performed to prevent from the occurrence of faults/failures Corrective Maintenance (CM) Unscheduled maintenance activities carried out after failure detection in order to restore an asset to a condition in which it can perform its intended function 28

29 RAMS - Maintainability Glossary (2) Maintenance Task Analysis (MTA) Aims at the definition of all activities to be performed during PM and CM Allows structured analysis and definition of requirements for Serviceability/Maintainability (DfS) Aims at definition of trigger events for PM by sound review of FMECA and Reliability figures Provides structure of maintenance documentation 29

30 RAMS - Maintainability Glossary (3) Design for Serviceability (DfS) Definition of characteristics of design and installation to enable the effective and efficient maintenance and support of the system throughout the life cycle Level of Repair Analysis (LoRA) Analysis of most suitable place for maintenance (e.g. field, workshop) Identification of skill requirements Identification of maintenance level Life Cycle Cost (LCC) Total cost of ownership over the life of an asset 30

31 RAMS - Maintainability Process Overview - Maintainability and Maintenance Engineering Reliability data (FMECA, FTA) LoRA Spare parts Maintenance instructions (manufacturer) MTA Maintenance and disposal instructions LCC Safety related maintenance DfS Staff

32 RAMS - Overall Process and Stakeholders Source: BERNS

33 Safety in Railways - Stepwise Assurance of Safety Evidence Source: enrespro 33

34 RAMS Safety activities during the Project Specification phase Gate 1 Gate 6 Gate 2 Gate 5 Gate 3 Gate 4 PHA: Preliminary Hazard Analysis FMEA: Failure Mode and Effects Analysis FMECA: Failure Mode, Effects and Criticality Analysis FTA: Fault Tree Analysis

35 Safety in Railways - Safety Approval Process Source: enrespro 35

36 Safety Analysis in Railways - Definition of risk Risk = Severity x Frequency Risk can be operation and safety relevant Risk can not be mitigated entirely But risk shall be mitigated to an acceptable level Acceptable is what society accepts Frequency Risk Levels Frequent undesirable intolerable intolerable intolerable Probable tolerable undesirable intolerable intolerable Occasional tolerable undesirable undesirable intolerable Remote negligible tolerable undesirable undesirable Improbable negligible negligible tolerable undesirable Incredible negligible negligible negligible negligible Insignificant Marginal Critical Catastrophic Severity

37 Safety Analysis in Railways - risk acceptance SIL 4 SIL 4 SIL 3 SIL 2 / SIL 1 Source: enrespro 37

38 Safety Analysis in Railways - Safety Integrity Level Safety Integrity: the ability of a system (function) to resist (dangerous) faults/failures Source: EN

39 Safety Analysis in Railways - Software Source: enrespro 39

40 Safety Analysis in Railways - Failure Analysis Methods Method Name Description PHA Preliminary Hazard Analysis System Level; Function -> Risk FMECA Failure Mode, Effects and Criticality Analysis Component Level; Component -> Risk FTA Fault Tree Analysis System Level; Hazards -> Component Failures CCA Common Cause Analysis System Level; Dependent failure identification Markov Markov Analysis Subsystem Level; Probability of service continuity, system MTTF and availability Source: BERNSo

41 Safety Analysis in Railways - Failure Analysis Methods Preliminary Hazard Analysis (PHA) Setup - Top-down approach - From function via effects to criticality - Identification of target SIL Content - Functions and function levels defined by EN Events on vehicle level - Criticalities according to EN Lots of experience needed - Knowledge of previous incidents and accidents necessary Source: BERNSo

42 Safety Assessment Methods - Preliminary Hazard Analysis (PHA) => Target SIL identification Source: BERNS

43 Safety Analysis in Railways - Failure Analysis Methods EN full scope functional systems definition and breakdown Source: TüV Süd

44 Safety Assessment Methods PHA, FMECA Examples Source: BERNSo

45 ROSAS Seminar Safety in Railways Fribourg, 17 May 2017 Thank you Spiegel Online, : Bishwa-Ijtema-Festival in Dhaka, Bangladesch