Guidance on Using Railway Group Standards to Support Signal Engineering Safety Cases
Size: px
Start display at page:

Download "Guidance on Using Railway Group Standards to Support Signal Engineering Safety Cases"

Transcription

1 Railway Group Guidance Note Guidance on Using Railway Group Standards to Support Signal Engineering Signatures removed from electronic version Synopsis This document shows how Railway Group Standards can be used to support engineering safety cases and describes the hierarchy between standards and interworking requirements. This document also provides guidance on the approach to take when conflicts are found between requirements in signalling standards. Submitted by Paul Woolford Project Manager Content approved by Train Control and Communications Subject Committee on 13 May 2004 Authorised by Anne Blakeney Acting Department Head Railway Group Standards Management Copyright in the Railway Group Standards is owned by Rail Safety and Standards Board Limited. All rights are hereby reserved. No Railway Group Standard (in whole or in part) may be reproduced, stored in a retrieval system, or transmitted, in any form or means, without the prior written permission of Rail Safety and Standards Board Limited, or as expressly permitted by law. In circumstances where Rail Safety and Standards Board Limited has granted a particular person or organisation permission to copy extracts from Railway Group Standards, Rail Safety and Standards Board Limited accepts no responsibility for, and excludes all liability in connection with, the use of such extracts, or any claims arising therefrom. This disclaimer applies to all forms of media in which extracts from Railway Group Standards may be reproduced. Published by: Rail Safety and Standards Board Evergreen House 160 Euston Road London NW1 2DX Copyright 2004 Rail Safety and Standards Board Limited

2 This page has been left blank intentionally

3 Railway Group Guidance Note Page 1 of 39 Contents Section Description Page Part A A1 Issue record 2 A2 Implementation of this document 2 A3 Responsibilities 2 A4 Health and safety responsibilities 2 A5 Supply 2 Part B B1 Purpose 3 B2 Application of this document 3 B3 Definitions and acronyms 3 Part C Signalling document tables C1 Introduction 5 C2 Guidance on engineering safety cases 6 C3 Guidance on standards hierarchy 8 C4 Guidance on conflicts 9 Appendices A1 Examples of hazard associated with a typical conventional signalling scheme 10 B1 Process requirement: Competence management 18 B2 Process requirement: Safety cases 19 B3 Process requirement: Compliance 20 B4 Process requirement: Acceptance 21 B5 Process requirement: Asset life cycle 22 C1 System requirement: Infrastructure requirements 23 C2 System requirement: Principles 31 D1 Guidance on selecting a signalling system 35 D2 Standards relating to the signalling design process 36 References 37 RAIL SAFETY AND STANDARDS BOARD 1

4 Railway Group Guidance Note Page 2 of 39 Document to be withdrawn as of 04/09/2010 A1 Issue record Part A Issue Date Comments One August 2004 Original document incorporating the index of signalling principles standards from GK/RM0501 This document will be updated when necessary by distribution of a complete replacement. A2 Implementation of this document The publication date of this document is 7 August This document supersedes the following Railway Group Manual, as indicated. Railway Group Manual Issue No. Title Sections superseded by this document Date(s) as of which sections are superseded GK/RM Manual of Signalling Principles Standards Cover List of standards 2 October 2004 GK/RM0501 is withdrawn with effect from 2 October A3 Responsibilities Railway Group Guidance Notes are non-mandatory documents providing helpful information relating to the control of hazards and often set out a suggested approach, which may be appropriate for Railway Group* members to follow. * The Railway Group comprises Network Rail Infrastructure Limited, Rail Safety and Standards Board Limited, and the train and station operators who hold Railway for operation on or related to infrastructure controlled by Network Rail Infrastructure Limited. Network Rail Infrastructure Limited is also known as Network Rail. Rail Safety and Standards Board Limited is also known as RSSB. A4 Health and safety responsibilities A5 Supply Each Railway Group member is reminded of the need to consider its own responsibilities to ensure health and safety at work and its own duties under health and safety legislation. RSSB does not warrant that compliance with all or any documents published by RSSB is sufficient in itself to ensure safe systems of work or operation or to satisfy such responsibilities or duties. Controlled and uncontrolled copies of this document may be obtained from the Corporate Communications Dept, Rail Safety and Standards Board, Evergreen House, 160 Euston Road, London NW1 2DX, telephone or enquiries@rssb.co.uk. Railway Group Standards can also be viewed at 2 RAIL SAFETY AND STANDARDS BOARD

5 Railway Group Guidance Note Page 3 of 39 B1 Purpose Part B This document gives guidance on: a) using Railway Group Standards as part of demonstrating that safety risk is reduced to ALARP level within a signalling project b) the relationship between Railway Group Standards, Guidance Notes, RSSB Approved Codes of Practice and the overarching requirements for safe interworking c) the approach to take when conflicting requirements are identified in Railway Group Standards. B2 Application of this document B2.1 To whom the guidance applies This document contains guidance that is applicable to RSSB and duty holders of the infrastructure controller category of Railway Safety Case. B2.2 Documents supported by this Guidance Note This document is designed to support all Railway Group Standards that relate to signalling processes and systems. It will be updated on a regular basis to reflect changes to the Catalogue of Railway Group Standards. B3 Definitions and acronyms ALARP An acronym for as low as reasonably practicable that is applied to safety risk. Hazard A physical situation with a potential for human injury. Novel (equipment, systems, applications, operating methods) A term describing a new or untried feature, that is, in the context of this guidance note, to be introduced by a project. It includes both new systems and the application or operation of existing systems in a different way to that already in use. A feature ceases to be novel when: a) all of the hazards associated with it are understood, and b) mitigations are in place to manage the risk to ALARP level, including the availability of the necessary standards and instructions. Unified Modelling Language Unified Modelling Language (UML) is a method of describing processes using drawings. The following UML symbols are used within this document: Class -attribute +operation A class symbol represents a static object that has attributes and operations. For example: Standard -Number of pages +Describe requirements UML relationship symbol meaning types of RAIL SAFETY AND STANDARDS BOARD 3

6 Railway Group Guidance Note Page 4 of 39 Document to be withdrawn as of 04/09/2010 UML relationship symbol meaning made up of 4 RAIL SAFETY AND STANDARDS BOARD

7 Railway Group Guidance Note Page 5 of 39 text 1 * 0 * UML quantity symbols meaning one or more and any number of. Other numeric values and limits may be used UML symbol representing an association between different classes and the direction that the association is read UML symbol representing the start of a process UML symbol representing the end of a process RAIL SAFETY AND STANDARDS BOARD 5

8 Railway Group Guidance Note Page 6 of 39 Document to be withdrawn as of 04/09/2010 C1 Introduction Part C Signalling document tables The process by which signalling safety requirements should be derived is described in GK/RT0206 and GK/GN0806. This document shows how compliance with Railway Group Standards can contribute to demonstration that the derived safety requirements have been met. Compliance with Railway Group Standards alone may not be sufficient to achieve this. This document is designed to assist those involved with preparing signal engineering safety cases by: a) listing examples of hazards introduced by typical signalling projects where compliance with Railway Group Standards can support demonstration of risk mitigation and reduction of risk to ALARP levels b) linking signalling related processes and systems to the appropriate Railway Group Standards and other signalling related documents c) linking Railway Group Standards and other signalling related documents to the top-level processes or requirements from which the document is derived d) illustrating the hierarchy of Railway Group Standards and other signalling related documents e) giving guidance on standards conflict resolution. Section C2 contains a UML diagram that illustrates the relationship between engineering projects, engineering safety cases and Railway Group Standards. Section C3 contains a UML diagram that describes how top-level processes and requirements relate to the various signalling systems and processes. The diagram calls up a series of tables, which list Railway Group Standards and other signalling related documents under subject headings. Each subject heading identifies, where relevant: a) an overarching requirement b) a primary standard or standards that fulfil the overarching requirement c) related documents that support the primary standard. Section C4 gives guidance on how conflicts between different requirements should be managed. 6 RAIL SAFETY AND STANDARDS BOARD

9 Railway Group Guidance Note Page 7 of 39 C2 Guidance on engineering safety cases This diagram illustrates the relationship between Railway Group Standards and the engineering safety case necessary to support approval of an engineering project. Engineering Safety Management (Yellow Book) +Provides guidance on safety cases() +Includes application notes() gives guidance on preparing Engineering safety case -generated by project +Demonstrate risk is ALARP() +Demonstrate all hazards have been identified() 1..* produces references Engineering project -scope +Deliver project scope() +Demonstrate safety risk is ALARP() Identify hazards 1..* Requirements complies with Causal analysis Consequence analysis +provide input to project() 1..* Customer requirements Loss analysis 1..* Safe interworking -mandated on project +customer deliverables() +legislation() 1..* European requirements Options analysis +Euronorms() +TSI's() Impact analysis 1..* which are specified in Demostrate achievement of ALARP which can be used to Railway Group Standards -mandatory on holders of railway safety cases +specify requirements for safe interworking() necessary to support 0..* against particular clauses contained in Deviation proposal -temporary non-compliance -non-compliance subject to standards change -derogation +authorised deviation from requirement() Fig. 1 Relation between Railway Group Standards and engineering safety cases (UML diagram) RAIL SAFETY AND STANDARDS BOARD 7

10 Railway Group Guidance Note Page 8 of 39 Document to be withdrawn as of 04/09/2010 All railway projects have to demonstrate safety for system design (including systems, equipment or operating methods) and therefore have to manage all of the safety risk associated with each project. This is usually achieved by preparing an engineering safety case to demonstrate that: a) all of the hazards introduced by the project have been identified, and b) mitigations are in place to reduce the safety risk level to ALARP for every hazard. GK/RT0206 and GK/GN0806 describe the particular process used to demonstrate safety for signalling and operational telecommunications projects. Guidance on how to prepare an engineering safety case is contained in the Engineering Safety Management Yellow Book published by RSSB. This includes supplementary application notes, which cover particular subject areas, including software, human factors and independent safety assessment. The size and content of an engineering safety case should be proportionate to the scope of the project to which it applies and the number and complexity of the hazards that have to be managed. Where a completely novel system is to be introduced, the engineering safety case process, as described in the Yellow Book, should be applied in full from first principles. This requires identification of all hazards and implementation of risk mitigation measures for each across the whole project. Where a project introduces novel design features or has novel elements within it, the engineering safety case process should be followed to demonstrate that risk level is ALARP for the novel aspect of the project, including how the novel aspect interacts within the context of the complete system. The remainder of the project should be managed as a conventional project. Conventional projects that apply proven designs (for example, conventional resignalling, remodelling or capacity enhancement schemes) should follow the engineering safety case process in sufficient detail to demonstrate safety for the proposed applications or design configurations in the environment that the application is being used. Emphasis should be placed on managing the hazards arising from the elements of the design that differ from previous applications. For small, simple projects, engineering safety cases may be limited to justification of the decisions made on application design. Consideration should be given to the use of generic safety cases for projects that do not include a novel element. Projects can use compliance with Railway Group Standards as a contribution to demonstrating that safety risk is ALARP. Appendix A1 provides examples of typical and commonly encountered hazards and the Railway Group Standards that address the safe inter-working associated with each hazard. In some cases, Railway Group Standards place a requirement on projects to complete risk analyses (for example, overrun risk assessment), which may form part of an engineering safety case. Projects should use the typical hazards listed in Appendix A1 as a starting point to identifying and mitigating the risk associated with signalling projects. Compliance with Railway Group Standards, by itself, may not be sufficient to demonstrate that risk level is ALARP and additional mitigation measures may have to be developed by the project. 8 RAIL SAFETY AND STANDARDS BOARD

11 Railway Group Guidance Note Page 9 of 39 C3 Guidance on standards hierarchy This diagram illustrates the relationship between the Railway Group Standards and the top-level requirement for safe interworking. 1...* Railway Group Standards -apply to all Railway Group members +mandate UK requirements() ensure safe interworking between 2...* Railway Group members 1...* Process requirement Competence management -see appendix B1 Safety cases -see appendix B2 Compliance -see appendix B3 Acceptance -see appendix B4 Asset life cycle -see appendix B5 1...* System requirement partially satisfy partially conflict with address the same areas as 1...* Technical specifications for interoperability -EU requirements for high-speed lines -EU requirements for conventional lines +ensure safe interworking() -includes the Rule Book 1...* Operational requirements 1...* Infrastructure requirement -see appendix C1 1...* Principles requirement -see appendix C2 Train control and interface -see appendix C1.1 Points -see appendix C1.2 Lineside signals and signs -see appendix C1.3 Route setting, holding and releasing -see appendix C2.1 Level crossings -see appendix C1.4 Control systems -see appendix C2.2 Train detection -see appendix C1.5 Miscellaneous equipment -see appendix C1.6 Fig. 2 Relationship between Railway Group signalling documents and top-level safety requirements RAIL SAFETY AND STANDARDS BOARD 9

12 Railway Group Guidance Note Page 10 of 39 Document to be withdrawn as of 04/09/2010 The tables contained in appendices B1 B5 and C1 C2.2 show the relationship between Railway Group signalling documents and the overarching requirements that address relevant subject areas. Flow charts in Appendices D1 and D2 illustrate how Railway Group Standards and other signalling related documents relate to particular work-streams. Examples are given for: a) selecting a signalling system (Appendix D1), and b) application of standards during the signalling design process (Appendix D2). C4 Guidance on conflicts Where proposed risk mitigation measures conflict with the requirements contained in Railway Group Standards, projects should submit applications for deviation, in accordance with the Railway Group Standards Code. Where conflicting requirements exist within Railway Group Standards, projects should submit applications for non-compliance, together with proposals for standards change, in accordance with the Railway Group Standards Code. Proposed solutions to support non-compliance applications should consider the standards hierarchy. As a general principle, requirements contained in primary standards take precedence over related standards and so any conflicting requirement between the two can be prioritised. The chart in section C3 can be used as a guide to establish the general hierarchy of Railway Group signalling documents. Appendices B1 B5 and C1 C2.2 can be used to identify relationships between the various standards. Technical advice should also be sought from RSSB. Non-compliance certificates issued by RSSB form part of project safety case documentation and contribute towards demonstration that safety risk is ALARP. Conflicts between requirements contained in Railway Group Standards and requirements contained in European Technical Standards for Interoperability can be addressed by compliance with GE/RT8050 (see Appendix B3). 10 RAIL SAFETY AND STANDARDS BOARD

13 Standards to Support Signal Engineering Railway Group Guidance Note Page 11 of 39 Appendix A1 Examples of hazard associated with a typical conventional signalling scheme These tables list typical hazards that need to be managed by projects, and provide guidance on where to find mitigations within Railway Group Standards. The Railway Group Standards listed below primarily relate to signalling technical and operational requirements. Other Railway Group Standards exist that can also be used to demonstrate mitigation of hazards. A full list is contained in the Catalogue of Railway Group Standards. Hazards that can result in a SPAD Signaller replaces signal to danger in error causing SPAD Standards that contain mitigations Design Implement Life cycle Operation Decommission GK/RT0025 GO/RT3259 GE/RT8000 Driver does not understand signal GO/RT3251 GE/RT8000 Driver starts train without movement authority GE/RT8018 GK/RT0091 GE/RT8030 GE/RT8060 GK/RT0031 GK/RT0032 Driver misjudges braking GE/RT8030 GK/RT0034 GK/RT0007 GO/RT3251 Driver misinterprets signal aspect Driver does not see signal GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031 GK/RT0032 GK/RT0036 GK/RT0039 GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031 GK/RT0209 GK/RT0209 GE/RT8034 GK/RT0210 GC/RT5202 GE/RT8034 GK/RT0210 GO/RT3251 GO/RT3251 RAIL SAFETY AND STANDARDS BOARD 11

14 Railway Group Guidance Note Page 12 of 39 Document to be withdrawn as of 04/09/2010 Standards to Support Signal Engineering Hazards that can result in a SPAD Driver responds to wrong signal Driver distracted by conflicting or misleading information and misreads signal Insufficient braking distance approaching signal Standards that contain mitigations Design Implement Life cycle Operation Decommission GE/RT8018 GE/RT8034 GO/RT3251 GE/RT8030 GK/RT0210 GE/RT8035 GE/RT8037 GK/RT0009 GK/RT0031 GK/RT0032 GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0007 GK/RT0034 GE/RT8034 GK/RT0210 GE/RT8000 GK/RT0209 GE/RT8040 Driver has insufficient signal sighting time GE/RT8037 GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210 Signal displays incorrect aspect to driver due to electromagnetic interference GE/RT8015 GI/RT7002 GK/RT0209 Signal displays incorrect aspect due to disarrangement of signalling system Signal displays incorrect aspect to driver due to implementation error Signal fails to display aspect due to inadequate engineering of signal assembly or component GK/RT0206 GK/RT0027 GK/RT0217 GK/RT0060 GK/RT0206 GK/RT0207 GK/RT0208 GK/RT0209 GK/RT0206 GI/RT7002 GK/RT0101 GE/RT8000 GK/RT0101 Signal fails to display aspect due to life cycle failure GK/RT0206 GK/RT0106 GK/RT0210 Signal fails to display aspect due to vandalism GE/RT8063 Signal fails to display aspect due to power supply failure GI/RT7017 GK/RT0206 GK/RT RAIL SAFETY AND STANDARDS BOARD

15 Standards to Support Signal Engineering Railway Group Guidance Note Page 13 of 39 Hazards resulting from a SPAD Train collides with another train or train derails Train collides with buffer stop Infrastructure controller / System interface hazards Signal displays incorrect aspect to driver due to electromagnetic interference Signal displays incorrect aspect due to disarrangement of signalling system Signal displays incorrect aspect to driver due to implementation error Standards that contain mitigations Design Implement Life cycle Operation Decommission GI/RT7006 GO/RT3251 GK/RT0060 GK/RT0064 GC/RT5033 GI/RT7006 GE/RT8015 GI/RT7002 GK/RT0060 GK/RT0206 GK/RT0207 GK/RT0208 GK/RT0209 GK/RT0027 GK/RT0217 Signal fails to display aspect due to inadequate GK/RT0206 GI/RT7002 engineering of signal assembly or component Signal fails to display aspect due to life cycle failure GK/RT0206 GK/RT0106 GK/RT0210 Signal fails to display aspect due to vandalism GK/RT0206 GE/RT8063 Signal fails to display aspect due to power supply failure GI/RT7017 GK/RT0106 GK/RT0206 Points move or fail causing derailment or collision GI/RT7004 GK/RT0060 Train detection system does not detect train GE/RT8217 GK/RT0011 GK/RT0217 Signalling control data corrupted GK/RT0105 GK/RT0210 Signalling system functionality incomplete GK/RT0060 GK/RT0101 GK/RT0206 GK/RT0101 GK/RT0207 GK/RT0209 GE/RT8040 GO/RT3251 GK/RT0101 GE/RT8000 GK/RT0101 GO/RT3208 RAIL SAFETY AND STANDARDS BOARD 13

16 Railway Group Guidance Note Page 14 of 39 Document to be withdrawn as of 04/09/2010 Standards to Support Signal Engineering Infrastructure controller / System interface hazards Standards that contain mitigations Design Implement Life cycle Operation Decommission Signalling system contains installation errors GK/RT0101 GK/RT0208 GK/RT0209 Signalling system incorrectly reset by technician GE/RT8000 GK/RT0027 GK/RT0101 GK/RT0217 Signalling disarranged by authorised person GE/RT8000 GK/RT0101 Signalling system disarranged by unauthorised person GK/RT0206 GE/RT8063 GK/RT0210 Signalling system or component life cycle failure GE/RT8000 GK/RT0106 GK/RT0210 Interlocking logic inadequate GK/RT0060 GK/RT0101 GK/RT0101 GK/RT0209 Wrong component installed after failure GI/RT7001 GK/RT0101 GK/RT0209 GK/RT0330 System or component has latent or hidden failure mode GK/RT0206 GI/RT7002 System or component failure inadequately managed GI/RT7001 GK/RT0101 GK/RT0106 Altered system, conflicting standards within systems and components are not compatible GK/RT0206 GK/RT0207 GI/RT7001 GI/RT7002 Elements of system do not mitigate risk GK/RT0206 GI/RT7002 System or interfacing system not upgraded to current standards GK/RT0060 GK/RT0206 System does not provide for life cycle management GK/RT0206 GI/RT7001 GK/RT0210 System cannot withstand environmental or operating GK/RT0206 GI/RT7002 GK/RT0210 impact 14 RAIL SAFETY AND STANDARDS BOARD

17 Standards to Support Signal Engineering Railway Group Guidance Note Page 15 of 39 Infrastructure controller / System interface hazards Existing or obsolete system does not meet required functionality Functionality requirements not properly specified or misunderstood Life cycle management requirements not properly implemented Standards that contain mitigations Design Implement Life cycle Operation Decommission GK/RT0101 GK/RT0206 GK/RT0101 GI/RT7001 GK/RT0206 GK/RT0207 GI/RT7001 GK/RT0101 GK/RT0210 Authorised person disconnects / reconnects wrong GI/RT7001 GE/RT8000 function as part of protection arrangements Train operator / System interface hazards Driver does not understand signal GO/RT3260 Driver starts train without movement authority Driver misjudges braking Driver misinterprets signal aspect Driver does not see signal GE/RT8018 GE/RT8030 GE/RT8060 GE/RT8030 GK/RT0007 GK/RT0034 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031 GK/RT0032 GK/RT0036 GK/RT0039 GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031 GK/RT0091 GO/RT3475 GO/RT3251 GK/RT0209 GE/RT8034 GO/RT3251 GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210 RAIL SAFETY AND STANDARDS BOARD 15

18 Railway Group Guidance Note Page 16 of 39 Document to be withdrawn as of 04/09/2010 Standards to Support Signal Engineering Train operator / System interface hazards Driver responds to wrong signal Driver distracted by conflicting or misleading information and misreads signal Standards that contain mitigations Design Implement Life cycle Operation Decommission GE/RT8018 GE/RT8034 GO/RT3251 GE/RT8030 GK/RT0210 GE/RT8035 GE/RT8037 GK/RT0009 GK/RT0032 GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GE/RT8034 GK/RT0210 Driver has insufficient signal sighting time GE/RT8037 GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210 Insufficient braking distance approaching signal GK/RT0007 GK/RT0209 GE/RT8040 GK/RT0034 Driver does not understand how to slow down train GO/RT3251 Driver exceeds permitted speed limit GE/RT8012 GO/RT3251 GE/RT8030 GI/RT7033 Driver misinterprets authorised speed GI/RT7033 GC/RT5060 GO/RT3251 GK/RT0038 Driver does not receive speed information GI/RT7033 GK/RT0206 GC/RT5202 Train moves without degraded movement authority Train takes wrong degraded movement authority GE/RT8018 GE/RT8030 GE/RT8018 GE/RT8030 GO/RT3251 GO/RT3259 GE/RT8000 GO/RT3251 GO/RT3259 GE/RT RAIL SAFETY AND STANDARDS BOARD

19 Standards to Support Signal Engineering Railway Group Guidance Note Page 17 of 39 Train operator / System interface hazards Standards that contain mitigations Design Implement Life cycle Operation Decommission Train cab design not compatible with signalling system GE/RT8270 GI/RT7002 Train length exceeds available capacity GE/RT8004 GE/RT8000 Vehicle design incompatible with train detection system GK/RT0011 GI/RT7002 Design of train not compatible with signalling system GE/RT8015 GE/RT8270 GI/RT7002 Driver starts train before station work is completed GE/RT8060 GE/RT8000 Train strikes member of public or vehicle on level crossing Train strikes track worker after movement authority granted Signaller / System interface hazards Signaller cannot interface with control panel Signaller cannot interface with system indications Signaller confused by presentation of information or information overload Signaller sets two or more conflicting routes Signaller cancels route and sets another conflicting route Signaller sets route into occupied section GI/RT7011 GI/RT7012 GK/RT0029 GK/RT0030 GK/RT0009 GK/RT0025 GK/RT0009 GK/RT0025 GK/RT0025 GK/RT0206 GK/RT0207 GK/RT0039 GK/RT0060 GK/RT0060 GK/RT0063 GK/RT0041 GK/RT0042 GK/RT0044 GK/RT0051 GK/RT0054 GK/RT0060 GE/RT8000 GK/RT0209 GK/RT0210 GO/RT3259 GK/RT0209 GK/RT0210 GO/RT3259 GK/RT0209 GO/RT3259 GK/RT0209 GK/RT0209 GK/RT0209 RAIL SAFETY AND STANDARDS BOARD 17

20 Railway Group Guidance Note Page 18 of 39 Document to be withdrawn as of 04/09/2010 Standards to Support Signal Engineering Signaller / System interface hazards Signaller sets route with risk of overrun conflict Signaller controls points within route after movement authority has been issued Signaller gives release within set route Standards that contain mitigations Design Implement Life cycle Operation Decommission GI/RT7006 GK/RT0064 GK/RT0206 GK/RT0060 GK/RT0209 GK/RT0060 GK/RT0061 GK/RT0209 Authorised person moves points by hand within set route GE/RT8000 GO/RT3259 GO/RT3260 Authorised person moves or secures incorrect points GE/RT8000 GO/RT3259 GO/RT3260 Unauthorised person moves points within set route GK/RT0206 GE/RT8063 GK/RT0210 Signaller incorrectly calls train past red signal when section occupied Signaller replaces signal to danger in error causing SPAD GO/RT3259 GE/RT8000 GK/RT0025 GO/RT3259 Signaller issues wrong degraded movement authority GK/RT0025 GO/RT3259 Station operator / System interface hazards Platform staff dispatch train when starting signal is at red GE/RT8030 GE/RT8060 GO/RT3475 GE/RT8000 Train authorised to leave in wrong direction GE/RT RAIL SAFETY AND STANDARDS BOARD

21 Railway Group Guidance Note Page 19 of 39 Appendix B1 Process requirement: Competence management Process category Competence management Overarching requirement Railways (Safety Critical Work) Regulations HSE Railway Safety Principles and Guidance Part 3a: Developing and Maintaining Staff Competence Primary standard GO/RT3260 Competence Management for Safety Critical Work Related standards Signalling and telecommunications GK/RT0101 Competence Standards for Signalling and Telecommunications Staff Other standards relate to train driving, train working and signallers RAIL SAFETY AND STANDARDS BOARD 19

22 Railway Group Guidance Note Page 20 of 39 Document to be withdrawn as of 04/09/2010 Appendix B2 Process requirement: Safety cases Process category Railway safety cases Overarching requirement Railways (Safety Case) Regulations 2000 as amended by Railways (Safety Case) (Amendment) Regulations 2003 Primary standard Nil Related standards Guidance Notes GE/GN8561 Guidance on the Preparation of Risk Assessments within Railway Engineering Safety Management (Yellow Book) 20 RAIL SAFETY AND STANDARDS BOARD

23 Railway Group Guidance Note Page 21 of 39 Appendix B3 Process requirement: Compliance Process category Compliance management Overarching requirement Railways (Safety Case) Regulations The Railways (Interoperability) (High Speed) Regulations 2002 These regulations implement EU directive 96/48EU, Interoperability Requirements for High Speed Lines. They apply to those parts of the UK infrastructure that form part of the trans- European high-speed rail system Further regulations are being developed to implement EU directive 2001/16EU, Interoperability Requirements for Conventional Lines Emerging Technical Standards for Interoperability (TSIs) Primary standard Nil Related standards Standards change Deviations (Temporary non-compliance, derogation, non-compliance pending standards change, subject committees) GE/RT8050 Process for Dealing with Issues between Railway Group Standards and TSIs for High-Speed Operation The Railway Group Standards Code The Railway Group Standards Code Guidance Notes GE/GN8550 Guidance on Issues between Railway Group Standards and TSIs for High-Speed Operation RAIL SAFETY AND STANDARDS BOARD 21

24 Railway Group Guidance Note Page 22 of 39 Document to be withdrawn as of 04/09/2010 Appendix B4 Process requirement: Acceptance Process category Acceptance Overarching requirement Railways (Safety Case) Regulations HSE Railway Safety Principles and Guidance Parts: 1 2a 2d 2e 2f 3a Guidance on Infrastructure Guidance on Signalling Guidance on Level Crossings Guidance on Trains Developing and Maintaining Staff Competence Primary standard GI/RT7002 Acceptance of Systems, Equipment and Materials for Use on Railtrack Controlled Infrastructure GE/RT8270 Route Acceptance of Rail Vehicles, including changes in Operation or Infrastructure Related standards GK/RT0206 Signalling and Operational Telecommunications Systems: Safety Requirements GK/RT0209 Testing and Commissioning of Signalling and Operational Telecommunications Systems GE/RT8015 Electromagnetic Compatibility between Railway Infrastructure and Train 22 RAIL SAFETY AND STANDARDS BOARD

25 Railway Group Guidance Note Page 23 of 39 Appendix B5 Process requirement: Asset life cycle Process category Asset life cycle (including change control) Overarching requirement Construction, design and maintainability regulations Primary standard See also and Acceptance processes GK/RT0210 Asset Management for the Safety of Signalling and Operational Telecommunications Systems and Equipment Related standards See systems tables for specific signalling technologies Design GK/RT0207 Signalling Design Construction Verification and validation Maintenance and faulting Asset life cycle records System authorities Guidance Notes GK/RT0208 Installation of Signalling and Operational Telecommunications Equipment GK/RT0209 Testing and Commissioning of Installation of Signalling and Operational Telecommunications Equipment GK/RT0027 Resetting and Restoration to Service of Signalling Systems GK/RT0106 Management of Safety Related Failures of Signalling and Operational Telecommunications Systems GK/RC0606 Management of Safety Related Failures of Train Borne Signalling and Operational Telecommunications Systems GI/RT7001 Management of Safety Related Records GE/RT8047 Reporting of Safety Related Information GE/RT8250 Safety Performance Monitoring and Defect Reporting GE/RT8049 Creation and Management of System Authorities GE/GN8547 Guidance on the Reporting of Safety Related Information GE/GN8510 Railway Group Safety Performance Monitoring Definitions and Guidance RAIL SAFETY AND STANDARDS BOARD 23

26 Railway Group Guidance Note Page 24 of 39 Document to be withdrawn as of 04/09/2010 Appendix C1 System requirement: Infrastructure requirements Process category Infrastructure requirements Overarching requirement European Union Directives for Interoperability: 96/48EU Interoperability Requirements for High-Speed Lines See also Asset Life Cycle and Acceptance 2001/16EU Interoperability Requirements for Conventional Lines as described by the emerging Technical Standards for Interoperability (TSIs) HSE Railway Safety Principles and Guidance Part 2a: Guidance on Infrastructure (see Appendices B1.1 B1.6 for particular guidance) Primary standards GI/RT7002 Acceptance of Systems, Equipment and Materials for Use on Railtrack Controlled Infrastructure GE/RT8015 Electromagnetic Compatibility between Railway Infrastructure and Train BR Hz Single Phase AC Electrification: Immunisation of Signalling and Telecommunications against Electrical Interference Related standards TSI compliance Train control and interface systems GE/RT8050 Process for Dealing with Issues between Railway Group Standards and TSIs for High-Speed Operation See Appendix C1.1 Points See Appendix C1.2 Lineside signals and signs See Appendix C1.3 Level crossings See Appendix C1.4 Train detection See Appendix C1.5 Miscellaneous equipment See Appendix C1.6 Guidance Notes GE/GN8550 Guidance on Issues between Railway Group Standards and TSIs for High-Speed Operation 24 RAIL SAFETY AND STANDARDS BOARD

27 Railway Group Guidance Note Page 25 of 39 Appendix C1.1 Infrastructure requirement: Train control and interface Process category Train control and interface systems Overarching requirement See Appendix C1 HSE Railway Safety Principles and Guidance Part 2d: Guidance on Signalling HSE Railway Safety Principles and Guidance Part 2f: Guidance on Trains Primary standards See Appendix C1 Related standards Automatic train protection and supervision systems Driver interface See also Lineside Signals and Signs Train interface Signalling interface GE/RT8012 Controlling the Speed of Tilting Trains through Curves GE/RT8019 Tilting Trains: Controlling Tilt Systems to Maintain Clearances GE/RC8517 Recommendations for Systems for the Supervision of Enhanced Permissible Speeds and Tilt Enable GE/RT8018 Mechanical Trainstop Systems GE/RT8035 Automatic Warning System (AWS) GE/RT8030 Requirements for a Train Protection and Warning System (TPWS) GE/RT8000 Rule Book Modules (including block regulations) GE/RT8026 Safety Requirements for Cab Signalling Systems GE/RT8060 Technical Requirements for Dispatch of Trains from Platforms GK/RT0091 Drivers Reminder Appliances GM/RT2161 Requirements for Driving Cabs of Railway Vehicles GE/RT8014 Hot Axle Bearing Detection GE/RT8015 Electromagnetic Compatibility between Railway Infrastructure and Trains GE/RC8514 Approved Code of Practice Hot Axle Bearing Detection GK/RT0036 Transition between Lineside Signalling Systems and Other Systems of Train Control (partially superseded by GE/RT8026) GK/RT0025 Signalling Control and Display Systems GK/RT0026 Signallers Route Lists RAIL SAFETY AND STANDARDS BOARD 25

28 Railway Group Guidance Note Page 26 of 39 Document to be withdrawn as of 04/09/2010 Infrastructure interface Track worker interface Guidance Notes GC/RT5101 Technical Approval Requirements for Changes to the Infrastructure GK/RT0007 Alteration to Permissible Speeds GK/RT0029 Train Activated Warning Systems GK/RT0030 Signalling Lockout Systems for the Protection of Personnel On or Near the Line GE/GN8502 Operation of Trams and Light Rail Vehicles over Railtrack Controlled Infrastructure GE/GN8526 Guidance on Safety Requirements for Cab Signalling Systems GK/GN0525 Guidance on Signalling Control Centres 26 RAIL SAFETY AND STANDARDS BOARD

29 Railway Group Guidance Note Page 27 of 39 Appendix C1.2 Infrastructure requirement: Points Process category Points Overarching requirement See Appendix C1 HSE Railway Safety Principles and Guidance Part 2d: Guidance on Signalling Primary standards See Appendix C1 Related standards Point systems GI/RT7004 Requirements for Design, Operation and Maintenance of Points RAIL SAFETY AND STANDARDS BOARD 27

30 Railway Group Guidance Note Page 28 of 39 Document to be withdrawn as of 04/09/2010 Appendix C1.3 Infrastructure requirement: Lineside signals and signs Process category Lineside signals and signs Overarching requirements See Appendix C1 HSE Railway Safety Principles and Guidance Part 2d: Guidance on Signalling Primary standards See Appendix C1 Also: GK/RT0032 Provision of Lineside Signals GI/RT7033 Lineside Operational Safety Signs Related standards Layout and positioning Equipment Particular life cycle requirements GK/RT0034 Lineside Signal Spacing GK/RT0036 Transition between Lineside Signalling Systems and other Systems of Train Controls (partially superseded by GE/RT8026) GE/RT8037 Signal Position and Visibility GK/RT0038 Signing of Permissible Speeds and Speed Restrictions Signals: GK/RT0009 Identification of Signalling and Related Equipment GK/RT0031 Lineside Signals and Indicators Signs: GI/RT7033 Lineside Operational Safety Signs GC/RT5060 Equipment for Signing of Temporary and Emergency Speed Restrictions GE/RT8034 Maintenance of Signal Visibility GC/RT5202 Vegetation Managing the Risks GO/RT3252 Signals Passed at Danger 28 RAIL SAFETY AND STANDARDS BOARD

31 Railway Group Guidance Note Page 29 of 39 Appendix C1.4 Infrastructure requirement: Level crossings Subject category Level crossings Overarching requirement See Appendix C1 HSE Railway Safety Principles and Guidance Part 2e: Guidance on Level Crossings Primary standard See Appendix C1 GI/RT7012 Requirements for Level Crossings Related standards Selection of type Guidance Notes GI/RT7011 Provision, Risk Assessment and Review of Level Crossings GI/GN7611 Guidance on Provision, Risk Assessment and Review of Level Crossings RAIL SAFETY AND STANDARDS BOARD 29

32 Railway Group Guidance Note Page 30 of 39 Document to be withdrawn as of 04/09/2010 Appendix C1.5 Infrastructure requirement: Train detection Subject category Train detection Overarching requirement See Appendix C1 HSE Railway Safety Principles and Guidance Part 2d: Guidance on Signalling HSE Railway Safety Principles and Guidance Part 2f: Guidance on Trains Primary standard See Appendix C1 GK/RT0011 Train Detection Related standards Axle counters GK/RT0217 Technical Requirements for Axle Counters GE/RT8217 Introduction and Use of Axle Counters Managing the Risk Block regulations Degraded mode Guidance Notes GE/RT8000 Rule Book modules TS1-TS8 GO/RT3208 Arrangements Concerning the Non-Operation of Track Circuits During the Leaf Fall Contamination Period GK/GN0611 Guidance on Train Detection 30 RAIL SAFETY AND STANDARDS BOARD

33 Railway Group Guidance Note Page 31 of 39 Appendix C1.6 Infrastructure requirement: Miscellaneous equipment Process category Miscellaneous equipment Overarching requirements See Appendix C1 Primary standards See Appendix C1 Related standards Plug in components GK/RT0330 Plug in and Interchangeable Railway Signalling Equipment Lineside signals See Appendix C1.3 Points See Appendix C1.2 Level crossings See Appendix C1.4 RAIL SAFETY AND STANDARDS BOARD 31

34 Railway Group Guidance Note Page 32 of 39 Document to be withdrawn as of 04/09/2010 Appendix C2 System requirement: Principles Process category Principles requirements Overarching requirements European Union Directives for Interoperability: 96/48EU Interoperability Requirements for High-Speed Lines 2001/16EU Interoperability Requirements for Conventional Lines as described by the emerging Technical Standards for Interoperability (TSIs) HSE Railway Safety Principles and Guidance Parts: 1 2d Guidance on Signalling 2e Guidance on Level Crossings Primary standards GK/RT0206 Signalling and Operational Telecommunications Systems Safety Requirements GK/RT0060 Interlocking Principles Related standards Route setting, holding and releasing See Appendix C2.1 Control systems See Appendix C2.2 Guidance Notes GK/GN0806 Guidance on Signalling and Operational Telecommunications Systems: Safety Requirements 32 RAIL SAFETY AND STANDARDS BOARD

35 Railway Group Guidance Note Page 33 of 39 Appendix C2.1 Principles requirement: Route setting, holding and releasing Process category Route setting, holding and releasing Overarching requirements See Appendix C2 Primary standards See Appendix C2 Related standards Block systems GK/RT0041 Track Circuit Block GK/RT0042 Absolute Block GK/RT0051 Single Line Control GK/RT0054 Radio Electronic Token Block (See also BR1654 Radio Electronic Token Block System) Controls and indications Particular interlocking requirements GK/RT0025 Signalling Control and Display Systems GK/RT0039 Semaphore and Mechanical Signalling GK/RT0044 Controls for Signalling a Train Onto an Occupied Line GK/RT0061 Shunters Release, Ground Frames, Switch Panels and Gate Boxes GK/RT0063 Approach Locking and Train Operated Route Release SPAD mitigation GK/RT0064 Provision of Overlaps, Flank Protection and Trapping GI/RT7006 Prevention and Mitigation of Overruns Risk Assessment GC/RT5033 Terminal Tracks Managing the Risks GO/RT3252 Signals Passed at Danger Staff safety systems GK/RT0029 Train Activated Warning Systems GK/RT0030 Signalling Lockout Systems for the Protection of Personnel On or Near the Line RAIL SAFETY AND STANDARDS BOARD 33

36 Railway Group Guidance Note Page 34 of 39 Document to be withdrawn as of 04/09/2010 Guidance Notes GK/GN0525 Guidance on Signalling Control Centres GI/GN7606 Guidance on Prevention and Mitigation of Overruns Risk Assessment GC/GN5533 Guidance on Assessment of Risks from Train Overruns at Terminal or Bay Platforms 34 RAIL SAFETY AND STANDARDS BOARD

37 Railway Group Guidance Note Page 35 of 39 Appendix C2.2 Principles requirement: Control systems Process category Control systems Overarching requirements See Appendix C2 Primary standards See Appendix C2 GK/RT0105 The Transmission of Safety Related Information Related standards Remote control SSP50 Remote Control Standby Arrangements RAIL SAFETY AND STANDARDS BOARD 35

38 Railway Group Guidance Note Page 36 of 39 Document to be withdrawn as of 04/09/2010 Appendix D1 Guidance on selecting a signalling system Signalling mandatory requirements Methods of signalling Cab GE/RT8026 Lineside GK/RT0031, 32, 34 and 37 Transition GK/RT0036 Operating systems GK/RT0025 Interoperability requirements European standards for interoperability 96/48EC High-Speed Lines 2001/16EC Conventional Lines - Technical Specifications for Interoperability (TSIs) - Notified National Standards - Resolution of issues GE/RT8050 Train protection systems GI/RT7006 AWS GE/RT8035 TPWS GE/RT8030 Tilt supervision GE/RT8012 and 8019 Trainstop GE/RT8018 Level crossings GI/RT7011 and 7012 Point operation GI/RT7004 Track layout Train detection GK/RT0011 Alterations GC/RT5101 Track workers GK/RT0029 and 0030 SIGNALLING SYSTEM Operating requirements Safety requirements Train speeds Rolling stock GK/RT0007 GE/RT8270 Legislation HSE Railway Safety Principles and Guidance Parts 2a/d/e Timetable Competence systems GO/RT3260 Railway Safety Case (See appendix B2) Principles requirements Interlocking principles GK/RT0060 Equipment safety Acceptance GI/RT7002 EMC GE/RT8015 AC Lines BR13442 Safety management The Yellow Book Control systems GK/RT0105 Overall system safety GK/RT RAIL SAFETY AND STANDARDS BOARD

39 Railway Group Guidance Note Page 37 of 39 Appendix D2 Standards relating to the signalling design process Selection of signalling system (Appendix D1) Particular mandatory requirements Infrastructure requirements (Appendix C1) Train control and interface systems Points Lineside signals and signs Level crossings Train detection Miscellaneous equipment (Appendix C1.1) (Appendix C1.2) (Appendix C1.3) (Appendix C1.4) (Appendix C1.5) (Appendix C1.6) Principles requirements (Appendix C2) Route setting, holding and releasing Control systems (Appendix C2.1) (Appendix C2.2) Competence management (Appendix B1) Detailed Design GK/RT0207 Design specification Design production Risk assessment Deviation resolution Acceptance and approval Overrun mitigation Level crossings Safety justification GI/RT7006 and GC/RT5033 GI/RT7011 GK/RT0206 The Railway Group Standards Code New equipment Rail vehicles GI/RT7002 GE/RT8016 BR13442 GE/RT8270 Detailed design GK/RT0207 Design verification Design certification and issue SIGNALLING SYSTEM RAIL SAFETY AND STANDARDS BOARD 37

40 Railway Group Guidance Note Page 38 of 39 GC/GN5533 GC/RT5033 GC/RT5060 GC/RT5101 GC/RT5202 GE/GN8502 GE/GN8510 GE/GN8526 GE/GN8547 GE/GN8550 GE/GN8561 GE/RC8514 GE/RC8517 GE/RT8000 GE/RT8004 GE/RT8012 GE/RT8014 GE/RT8015 GE/RT8018 GE/RT8019 GE/RT8026 GE/RT8030 GE/RT8034 GE/RT8035 GE/RT8037 GE/RT8040 GE/RT8047 GE/RT8049 GE/RT8050 GE/RT8060 GE/RT8063 GE/RT8217 GE/RT8250 GE/RT8270 GI/GN7606 GI/GN7611 Document to be withdrawn as of 04/09/2010 References The Railway Group Standards Code Railway Group Standards and other Railway Group Documents Assessment of Risks from Train Overruns at Terminal or Bay Platforms Terminal Tracks Managing the Risk Equipment for Signing of Temporary and Emergency Speed Restrictions Technical Approval Requirements for Changes to the Infrastructure Vegetation Managing the Risk Operation of Trams and Light Rail Vehicles over Railtrack Controlled Infrastructure Railway Group Safety Performance Monitoring Definitions and Guidance Guidance on Safety Requirements for Cab Signalling Systems Reporting of Safety Related Information Guidance on Issues between Railway Group Standards and TSIs for High-Speed Operation Guidance on the Preparation of Risk Assessment within Railway Safety Cases Approved Code of Practice Hot Axle Bearing Detection Recommendations for Systems for the Supervision of Enhanced Permissible Speeds and Tilt Enable The Rule Book Local Operations Instructions Controlling the Speed of Tilting Trains through Curves Hot Axle Bearing Detection Electromagnetic Compatibility between Railway Infrastructure and Train Mechanical Trainstop Systems Tilting Trains: Controlling Tilt Systems to Maintain Clearances Safety Requirements for Cab Signalling Systems Requirements for a Train Protection and Warning System (TPWS) Maintenance of Signal Visibility Automatic Warning System (AWS) Signal Positioning and Visibility Low Adhesion between the Wheel and the Rail Managing the Risk Reporting of Safety Related Information The Creation and Management of System Authorities Process for Dealing with Issues between Railway Group Standards and TSIs for High-Speed Operation Technical Requirements for Dispatch of Trains from Platforms Deterring Unauthorised Access and Vandalism Introduction and Use of Axle Counters Managing the Risk Safety Performance Monitoring and Defect Reporting Route Acceptance of Rail Vehicles, including Changes in Operation or Infrastructure Prevention and Mitigation of Overruns Risk Assessment Guidance on Provision, Risk Assessment and Review of Level Crossings 38 RAIL SAFETY AND STANDARDS BOARD

41 Railway Group Guidance Note Page 39 of 39 GI/RT7001 GI/RT7002 GI/RT7004 GI/RT7006 GI/RT7011 GI/RT7012 GI/RT7017 GI/RT7033 GK/GN0525 GK/GN0611 GK/GN0806 GK/RC0606 GK/RT0007 GK/RT0009 GK/RT0011 GK/RT0025 GK/RT0026 GK/RT0027 GK/RT0029 GK/RT0030 GK/RT0031 GK/RT0032 GK/RT0033 GK/RT0034 GK/RT0036 GK/RT0038 GK/RT0039 GK/RT0041 GK/RT0042 GK/RT0044 GK/RT0051 GK/RT0054 GK/RT0060 GK/RT0061 GK/RT0063 GK/RT0064 GK/RT0091 GK/RT0101 Management of Safety Related Records Acceptance of Systems, Equipment and Materials for Use on Railtrack Controlled Infrastructure Requirements for Design, Operation and Maintenance of Points Prevention and Mitigation of Overruns Risk Assessment Vision, Risk Assessment and Review of Level Crossings Requirements for Level Crossings Signalling and Safety-Related Telecommunications Power Supplies and Circuits Lineside Operational Safety Signs Guidance Note: Signalling Control Centres Guidance on Train Detection Guidance on Signalling and Operational Telecommunications Systems: Safety Requirements Management of Safety Related Failures of Train Borne Signalling and Operational Telecommunications Systems Alterations to Permissible Speeds Identification of Signalling and Related Equipment Train Detection Signalling Control Centres Signallers Route Lists Resetting and Restoration to Service of Signalling Systems Train Activated Warning Systems (to be superseded on 2 October 2004 by GI/RT7012 Requirements for Level Crossings) Signalling Lockout Systems for the Protection of Personnel On or Near the Line Lineside Signals and Indicators Provision of Lineside Signals Lineside Signs Lineside Signal Spacing Transition between Lineside Signalling Systems and other Systems of Train Control Signing of Permissible Speeds and Speed Restrictions Semaphore and Mechanical Signalling Track Circuit Block Absolute Block Controls for Signalling a Train Onto an Occupied Line Single Line Control Radio Electronic Token Block Interlocking Principles Shunters Releases, Ground Frames, Switch Panels and Gate Boxes Approach Locking and Train Operated Route Release Provision of Overlaps, Flank Protection and Trapping Driver s Reminder Appliance Competence Standards for Signalling and Telecommunications Staff RAIL SAFETY AND STANDARDS BOARD 39

Similar documents
2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback