Scribd
Upload
391 views24 pages

Cenelec Standards For Irste

The document discusses CENELEC standards for signalling applications on Indian Railways. It summarizes key CENELEC standards including EN 50126, EN 50128, EN 50129, and EN50159-1 that define processes for developing reliable and safe embedded software systems. The standards cover requirements for reliability, availability, maintainability, safety and safety-related communication. [/SUMMARY]

Uploaded by

machinmay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
391 views24 pages

Cenelec Standards For Irste

The document discusses CENELEC standards for signalling applications on Indian Railways. It summarizes key CENELEC standards including EN 50126, EN 50128, EN 50129, and EN50159-1 that define processes for developing reliable and safe embedded software systems. The standards cover requirements for reliability, availability, maintainability, safety and safety-related communication. [/SUMMARY]

Uploaded by

machinmay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

CENELEC STANDARDS

and its Application


on Indian Railways for Signalling

Alok Katiyar
Dir/RDSO
Over View of CENELC Standards for Signalling
Applications
Main CENELEC Standards applicable for
Software Embedded Signalling Systems are:

• EN 50126 - The Specification and Demonstration


of Reliability, Availability, Maintainability
and Safety.
• EN 50128 - Communications, Signalling and Processing
Systems – Software for railway Control and
Protection systems.
• EN 50129 - Communications, Signalling and Processing
Systems – Safety related electronic system for
Signalling.
• EN50159-1- Communication, signalling and processing systems
- Safety-related communication in
transmission.
Introduction to the 5012x-CENELEC-Standards

For the approval process of


Railway Signalling Systems
the CENELEC norms EN
50126, 50128 and 50129
are now obligatory
standards for most
countries. The norms
describe the life cycle
process for safety relevant
railway Systems that is
integrated into the
development process.
Introduction to the 5012x-CENELEC-Standards
EN50126

The EN 50126 defines the terms of RAMS, their interaction and a


process based on the system lifecycle for managing RAMS.

In addition, a systematic process for specifying requirements for


RAMS and demonstrating that these requirements are achieved is
defined.
Introduction to the 5012x-CENELEC-Standards
EN50128

The EN 50128 specifies procedures and technical requirements for the


development of programmable electronic systems for usage in railway control
and protection applications, aimed at usage in any area where there are safety
implications.

In contrast to the EN 50126, it is applicable exclusively to software and the


interaction between software and the system which it is part of.
Introduction to the 5012x-CENELEC-Standards
EN50129

The EN 50129 specifies those lifecycle activities which shall be completed before the
acceptance stage, followed by additional planned activities to be carried out after the
acceptance stage.

It is therefore concerned with the evidence to be presented for the acceptance of


safety-related systems and is highly related to the EN 50126.
Introduction to the 5012x-CENELEC-Standards

transform
Formal Model

In order to have a common understanding of the textual described content inside the
norms, a normative safety case model is developed. For this purpose the use of more or
less formal description languages is used with the purpose of expressing the normative
requirements in user-friendly method.

The Generic Safety Case Model is one basis for formulating a questionnaire used for
discussions with the suppliers and railway operators.
Safety Integrity Level
• CENELEC Standard uses the concept of Safety Integrity Level based on
the Tolerable Hazard Rate
• 4 SIL is defined with SIL4 being the most stringent
System LifeCycle as defined in CENELEC Standards

Concept

System
Definition

Risk Analysis System Operation and


Acceptance Maintenance

System
System
Requirements Validation Validation
System level
Sub-system level
Requirements
Apportionment
Installation

Design and
Implementation

Manufacture
Safety Methodology

Double Life Cycle


Hazard & Syst & Sub-Syst.
Risk Analysis Safety Validation
Syst. & Sub-Syst. Syst. & Sub-Syst.
Design Validation

HW & SW HW & SW
Safety Analysis Safety Validation
HW & SW HW & SW
Design Validation

Each phase of the project


Development Activity

Specific Safety Activity Safety Activity


Structure of Safety Case
METHODOLOGY FOR SAFETY ASSESSMENT
Overview of Safety Strategy

Safety Strategy is based on:

• The system must comply with safety requirements as par


the CENELEC standards
• Safety demonstrated in compliance with EN50126,
EN50128 and EN50129.
• The system must be fully compatible with the current
systems, which are in operation.
• Safety Cases to be deployed as evidence for the safety of
the design.
SAFETY CASE (EN50129 – Clause 5.1)

Safety Case Documents shall consists of:

1) Evidence for Quality Management


2) Evidence for Safety Management
3) Evidence for Functional & Technical Safety

14
Evidence Of Quality Management (EN50129 - Cl.5.2)

QMS Document describes the process adopted to satisfy


the quality of the system, sub-system or equipment to
reduce the risk of systematic faults in every stage of the
product life cycle.

15
Evidence Of Safety Management (EN50129 - Cl.5.3)
System Safety Plan is prepared to identify safety management structure,
safety related activities and procedures for safety reviews for both Software
and Hardware.
Identification of System Safety Requirements.
Hazard Log is maintained to list out the identified Hazards.
Preliminary Hazard Analysis (PHA) and System Hazard Analysis (SHA) is
performed at different stages of development through out the life cycle. Fault
Tree Analysis (FTA), Failure Modes, Effects and Diagnostics Analysis
(FMEDA), along with qualitative analysis is carried out.
Failure Rate is computed to the system level as per MIL HDBK 217 FN2 Part
Stress Method and Reliability Block Diagrams. (RBD). Tolerable Hazard Rate
(THR) is computed using Failure Rate (FR) and Safe Down Rate (SDR).
IV&V has carried out fail-safety testing on each component to analyze the
effect for possible failure modes of the respective component, when the
system is normally working. Fail-Safety is carried out for single and multiple
failures. System condition under failure of each component is verified.

16
Evidence Of Functional & Technical Safety (EN50129 - Cl.5.4)

Technical Safety Report (TSR) provides the reference to


technical principles which assure safety of the design and
all supporting evidence. It provides the reference to the
documents that discuss the practicable measures taken to
prevent the occurrence of identified hazards.
Environmental Stress Screening tests are carried out at
RDSO laboratories and test results are verified. (Tests as
per RDSO/SPN/144).

17
Safety Acceptance & Approval (EN50129 – Cl. 5.5)

Safety Case Document provide the evidences for Quality


Management, Safety Management and Technical safety report.

Safety Case Conclusion summarizes the evidence produced in the


Safety Case document and justify the claim that the system is
adequately safe, subject to its compliance with in the specified
application conditions.

Safety Approvals are received from IV&V agencies based on the


evidences produced and the test results.

18
Software Safety Integrity Level (EN50128 - Cl.5)

Derivation of System Requirements(SRS) based on Customer


specification.
Identification of System Safety Requirements (SSRS)
System Safety Plan to identify safety management structure, safety
related activities and procedures for safety reviews for Software.
Preparation of System Architecture Description (SAD)
Identification and Review of all safety/vital functions.
Apportionment of Safety Integrity Level to Sub-systems based on the
identified safety functions.

19
Software Verification & Testing (EN50128 - Cl.11)

Software (SW) Verification Plan, SW Requirements


Verification Report, SW Architecture and Design
Verification Report, SW Module Verification Report, SW
Source Code Verification Report, SW Integration Test
Plan and SW Integration Test Report documents are
produced by IV&V agency to carry out verification and
testing for the required SIL.

20
Software/Hardware Integration (EN50128 - Cl.12)

Once the Hardware and Software is verified by IV&V, their

compatibility is tested during SHI.

SHI Test Plan and Test Report documents are developed.

They describe the test cases, types of tests to be performed,

And test environment including tools and support software.

21
Software Assessment (EN50128 - Cl.14)

IV&V has evaluated that the life cycle processes and


resulting product is such that the software is of the
defined safety integrity level and is fit for the intended
application.

IV&V has produced the Software Assessment Report


recommending the Software for the intended use.

22
Field Trials
Filed Trials are carried out in three phases for specified mandatory period:

1) Parallel Trials

2) Series Trials

3) Stand-alone Trials

Objective Of Parallel Trial is to assess the Functional Performance and


Operation in Railway Environment..

Objective Of Series Trial is to assess the functionality in operating the Field


Function in Series. Outputs are delivered only if both Systems outputs are
same, thus safety is ensured by two diverse systems.

Objective Of Stand-Alone Trial is to assess the overall system , as


performance and safety is verified in the previous Trials.

23

You might also like