Scribd
Upload
1K views13 pages

I S En50126-2-2017

Uploaded by

đường thừa duong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views13 pages

I S En50126-2-2017

Uploaded by

đường thừa duong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Irish Standard

I.S. EN 50126-2:2017

Railway Applications - The Specification and


Demonstration of Reliability, Availability,
This is a free 12 page sample. Access the full version online.

Maintainability and Safety (RAMS) - Part 2:


Systems Approach to Safety

© CENELEC 2017 No copying without NSAI permission except as permitted by copyright law.
I.S. EN 50126-2:2017

Incorporating amendments/corrigenda/National Annexes issued since publication:

The National Standards Authority of Ireland (NSAI) produces the following categories of formal documents:
I.S. xxx: Irish Standard — national specification based on the consensus of an expert panel and subject to public consultation.

S.R. xxx: Standard Recommendation — recommendation based on the consensus of an expert panel and subject to public consultation.
SWiFT xxx: A rapidly developed recommendatory document based on the consensus of the participants of an NSAI workshop.
This is a free 12 page sample. Access the full version online.

This document replaces/revises/consolidates the NSAI adoption of the document(s) indicated on the
CEN/CENELEC cover/Foreword and the following National document(s):

NOTE: The date of any NSAI previous adoption may not match the date of its original CEN/CENELEC
document.

This document is based on: Published:


EN 50126-2:2017 2017-10-13

This document was published ICS number:


under the authority of the NSAI
and comes into effect on: 45.020

2017-11-01
NOTE: If blank see CEN/CENELEC cover page

NSAI T +353 1 807 3800 Sales:


1 Swift Square, F +353 1 807 3838 T +353 1 857 6730
Northwood, Santry E [email protected] F +353 1 857 6729
Dublin 9 W NSAI.ie W standards.ie

Údarás um Chaighdeáin Náisiúnta na hÉireann


National Foreword
I.S. EN 50126-2:2017 is the adopted Irish version of the European Document EN 50126-2:2017, Railway
Applications - The Specification and Demonstration of Reliability, Availability, Maintainability and Safety
(RAMS) - Part 2: Systems Approach to Safety

This document does not purport to include all the necessary provisions of a contract. Users are responsible
for its correct application.

For relationships with other publications refer to the NSAI web store.

Compliance with this document does not of itself confer immunity from legal obligations.
This is a free 12 page sample. Access the full version online.

In line with international standards practice the decimal point is shown as a comma (,) throughout this
document.
This is a free 12 page sample. Access the full version online.

This page is intentionally left blank


I.S. EN 50126-2:2017

EUROPEAN STANDARD EN 50126-2


NORME EUROPÉENNE
EUROPÄISCHE NORM October 2017

ICS 45.020 Supersedes CLC/TR 50126-2:2007

English Version

Railway Applications - The Specification and Demonstration of


Reliability, Availability, Maintainability and Safety (RAMS) - Part
2: Systems Approach to Safety
This is a free 12 page sample. Access the full version online.

Applications ferroviaires - Spécification et démonstration de Bahnanwendungen - Spezifikation und Nachweis von


la fiabilité, de la disponibilité, de la maintenabilité et de la Zuverlässigkeit, Verfügbarkeit, Instandhaltbarkeit und
sécurité (FDMS) - Partie 2: Approche systématique pour la Sicherheit (RAMS) - Teil 2: Systembezogene
sécurité Sicherheitsmethodik

This European Standard was approved by CENELEC on 2017-07-03. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization


Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels

© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN 50126-2:2017 E


I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

Contents Page

European foreword ............................................................................................................... 5


Introduction .......................................................................................................................... 6
1 Scope ............................................................................................................................ 7
2 Normative references..................................................................................................... 8
3 Terms and definitions .................................................................................................... 8
4 Abbreviations ................................................................................................................. 8
5 Safety process ............................................................................................................... 9
This is a free 12 page sample. Access the full version online.

5.1 Risk assessment and hazard control ..................................................................... 9


5.2 A. Risk assessment ............................................................................................ 10
5.2.1 General .................................................................................................. 10
5.2.2 Conducting risk assessment ................................................................... 11
5.3 B. Outcome of the risk assessment ..................................................................... 11
5.4 C. Hazard control ............................................................................................... 11
5.5 D. Revision of risk assessment ........................................................................... 12
5.6 Responsibilities .................................................................................................. 13
6 Safety demonstration and acceptance ......................................................................... 13
6.1 Introduction ........................................................................................................ 13
6.2 Safety demonstration and safety acceptance process ......................................... 13
6.3 Responsibility in managing the Safety Case ....................................................... 17
6.4 Modifications after safety acceptance ................................................................. 17
6.5 Dependencies between Safety Cases ................................................................. 17
6.6 Relationship between safety cases and system architecture ............................... 18
7 Organisation and Independence of Roles ..................................................................... 19
7.1 General .............................................................................................................. 19
7.2 Early phases of the lifecycle (phases 1 to 4) ....................................................... 19
7.3 Later phases of the lifecycle (starting from phase 5) ........................................... 20
7.4 Personnel Competence....................................................................................... 21
8 Risk assessment .......................................................................................................... 22
8.1 Introduction ........................................................................................................ 22
8.2 Risk Analysis ...................................................................................................... 22
8.2.1 General .................................................................................................. 22
8.2.2 The risk model ........................................................................................ 22
8.2.3 Techniques for the consequence analysis ............................................... 24
8.2.4 Expert Judgement ................................................................................... 25
8.3 Risk acceptance principles and risk evaluation ................................................... 25
8.3.1 Use of Code of Practice .......................................................................... 25
8.3.2 Use of a reference system ...................................................................... 26
8.3.3 Use of Explicit Risk Estimation................................................................ 27
8.4 Application of explicit risk estimation .................................................................. 28
8.4.1 Quantitative approach ............................................................................. 28
8.4.2 Variability using quantitative risk estimates ............................................. 30
8.4.3 Qualitative and semi-quantitative approaches ......................................... 31
2
I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

9 Specification of System Safety Requirements .............................................................. 32


9.1General .............................................................................................................. 32
9.2Safety requirements ........................................................................................... 32
9.3Categorization of Safety Requirements ............................................................... 32
9.3.1 General .................................................................................................. 32
9.3.2 Functional safety requirements ............................................................... 33
9.3.3 Technical safety requirements ................................................................ 34
9.3.4 Contextual safety requirements ............................................................... 34
10 Apportionment of functional Safety Integrity requirements ............................................ 35
10.1 Deriving and apportioning system safety requirements ....................................... 35
10.2 Functional safety integrity for electronic systems ................................................ 35
10.2.1 Deriving functional safety requirements for electronic systems................ 35
10.2.2 Apportioning safety requirements ............................................................ 35
This is a free 12 page sample. Access the full version online.

10.2.3 Safety Integrity Factors ........................................................................... 38


10.2.4 Functional safety integrity and random failures ....................................... 38
10.2.5 Systematic aspect of functional safety integrity ....................................... 38
10.2.6 Balanced requirements controlling random and systematic failures ......... 38
10.2.7 The SIL table .......................................................................................... 39
10.2.8 SIL allocation .......................................................................................... 40
10.2.9 Apportionment of TFFR after SIL allocation ............................................ 40
10.2.10 Demonstration of quantified targets ........................................................ 40
10.2.11 Requirements for Basic Integrity ............................................................. 41
10.2.12 Prevention of misuse of SILs .................................................................. 42
10.3 Safety Integrity for non-electronic systems – Application of CoP ......................... 42
11 Design and implementation .......................................................................................... 43
11.1 Introduction ........................................................................................................ 43
11.2 Causal analysis .................................................................................................. 43
11.3 Hazard identification (refinement) ....................................................................... 44
11.4 Common cause analysis ..................................................................................... 44
Annex A (informative) ALARP, GAME, MEM ..................................................................... 46
A.1 ALARP, GAME, MEM as methods to define risk acceptance criteria ............................ 46
A.2 ALARP (As Low As Reasonably Practicable) ............................................................... 47
A.2.1 General .............................................................................................................. 47
A.2.2 Tolerability and ALARP ....................................................................................... 48
A.3 Globalement Au Moins Equivalent (GAME) principle .................................................... 48
A.3.1 Principle ............................................................................................................. 48
A.3.2 Using GAME ....................................................................................................... 49
A.3.2.1 General .............................................................................................................. 49
A.3.2.2 Basic principles .................................................................................................. 49
A.3.2.3 Using GAME to construct a qualitative safety argument ...................................... 49
A.3.2.4 GAME using quantitative risk targets .................................................................. 49
A.4 Minimum Endogenous Mortality MEM .......................................................................... 50
Annex B (informative) Using failure and accident statistics to derive a THR ...................... 52
Annex C (informative) Guidance on SIL Allocation ............................................................ 53
Annex D (informative) Safety target apportionment methods ............................................. 55
D.1 Analysis of the system and methods ............................................................................ 55

3
I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

D.2 Example of qualitative apportionment method .............................................................. 55


D.2.1 General .............................................................................................................. 55
D.2.2 Example of qualitative method for barrier efficiency ............................................ 56
D.3 Example of quantitative apportionment method ............................................................ 58
D.3.1 Introduction ........................................................................................................ 58
D.3.2 Functions with independent failure detection and negation mechanisms ............. 59
D.3.3 Function and independent barrier acting as failure detection and negation
mechanism .................................................................................................................. 61
D.3.4 Apportionment of a probability safety target ........................................................ 62
D.3.5 Apportionment of a “per hour” safety target ........................................................ 62
Annex E (informative) Common mistakes in quantification ................................................. 64
E.1 Common misuses ........................................................................................................ 64
This is a free 12 page sample. Access the full version online.

E.2 Mixing failure rates with probabilities ........................................................................... 64


E.3 Using formulas out of their range of applicability .......................................................... 65
Annex F (informative) Techniques / methods for safety analysis ....................................... 66
Annex G (informative) Key system safety roles and responsibilities................................... 69
Annex ZZ (informative) Relationship between this European Standard and the Essential
Requirements of EU Directive 2008/57/EC ................................................................... 73
Bibliography ....................................................................................................................... 77

4
I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

European foreword

This document (EN 50126-2:2017) has been prepared by CLC/TC 9X "Electrical and electronic applications
for railways".

The following dates are fixed:

• latest date by which this document has (dop) 2018-07-03


to be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-07-03
standards conflicting with this document
have to be withdrawn
This is a free 12 page sample. Access the full version online.

This document supersedes CLC/TR 50126-2:2007.

The former edition of CLC/TR 50126-2:2007 is made obsolete by the new editions EN 50126-1:2017 and
EN 50126-2:2017; the reason is that the scope of the present part was modified compared to the
superseded edition.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

EN 50126 "Railway applications – The specification and demonstration of Reliability, Availability,


Maintainability and Safety (RAMS)" consists of the following parts:

– Part 1: Generic RAMS process;

– Part 2: System approach to safety.

This document has been prepared under a mandate given to CENELEC by the European Commission and
the European Free Trade Association, and supports essential requirements of EU Directive(s).

For the relationship with EU Directive(s) see informative Annex ZZ, which is an integral part of this
document.

5
I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

Introduction

EN 50126-1:1999 was aiming at introducing the application of a systematic RAMS management process
in the railway sector. Through the application of this standard and the experiences gained over the last
years, the need for revision and restructuring became apparent with a need to deliver a systematic and
coherent approach to RAMS applicable to all the railway application fields Command, Control and
Signalling, Rolling Stock and Fixed Installations.
The revision work improved the coherency and consistency of the standards, the concept of safety
management and the practical usage of EN 50126 and took into consideration the existing and related
Technical Reports as well.
This European Standard provides railway duty holders and the railway suppliers, throughout the European
Union, with a process which will enable the implementation of a consistent approach to the management
of reliability, availability, maintainability and safety, denoted by the acronym RAMS.
Processes for the specification and demonstration of RAMS requirements are cornerstones of this
This is a free 12 page sample. Access the full version online.

standard. This European Standard promotes a common understanding and approach to the management
of RAMS.
EN 50126 forms part of the railway sector specific application of IEC 61508. Meeting the requirements in
this European Standard together with the requirements of other suitable standards is sufficient to ensure
that additional compliance to IEC 61508 does not need to be demonstrated.
With regard to safety, EN 50126-1 provides a Safety Management Process which is supported by guidance
and methods described in EN 50126-2.
EN 50126-1 and EN 50126-2 are independent from the technology used. As far as safety is concerned,
EN 50126 takes the perspective of safety with a functional approach.
The application of this standard should be adapted to the specific requirements for the system under
consideration.
This European Standard can be applied systematically by the railway duty holders and railway suppliers,
throughout all phases of the life-cycle of a railway application, to develop railway specific RAMS
requirements and to achieve compliance with these requirements. The systems-level approach developed
by this European Standard facilitates assessment of the RAMS interactions between elements of railway
applications even if they are of complex nature.
This European Standard promotes co-operation between the stakeholders of Railways in the achievement
of an optimal combination of RAMS and cost for railway applications. Adoption of this European Standard
will support the principles of the European Single Market and facilitate European railway inter-operability.
In accordance with CENELEC editing rules 1), mandatory requirements in this standard are indicated with
the modal verb “shall”. Where justifiable, the standard permits process tailoring.
Specific guidance on the application of this standard for Safety aspects is provided in EN 50126-2.
EN 50126-2 provides various methods for use in the safety management process. Where a particular
method is selected for the system under consideration, the mandatory requirements of this method are by
consequence mandatory for the safety management of the system under consideration.
This European Standard consists of the main part (Clause 1 to Clause 11) and Annexes A, B, C, D, E, F,
G and ZZ. The requirements defined in the main part of the standard are normative, whilst Annexes are
informative.

—————————
1) CEN/CENELEC Internal Regulations Part 3: Rules for the structure and drafting of CEN/CENELEC Publications
(2017-02), Annex H.

6
I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

1 Scope

This part 2 of EN 50126


• considers the safety-related generic aspects of the RAMS life-cycle;

• defines methods and tools which are independent of the actual technology of the systems and
subsystems;

• provides:

– the user of the standard with the understanding of the system approach to safety which is a key
concept of EN 50126;

– methods to derive the safety requirements and their safety integrity requirements for the system
and to apportion them to the subsystems;
This is a free 12 page sample. Access the full version online.

– methods to derive the safety integrity levels (SIL) for the safety-related electronic functions.

NOTE This standard does not allow the allocation of safety integrity levels to non-electronic functions.

• provides guidance and methods for the following areas:

– safety process;

– safety demonstration and acceptance;

– organisation and independence of roles;

– risk assessment;

– specification of safety requirements;

– apportionment of functional safety requirements;

– design and implementation.

• provides the user of this standard with the methods to assure safety with respect to the system under
consideration and its interactions;

• provides guidance about the definition of the system under consideration, including identification of the
interfaces and the interactions of this system with its subsystems or other systems, in order to conduct
the risk analysis;

• does not define:

– RAMS targets, quantities, requirements or solutions for specific railway applications;

– rules or processes pertaining to the certification of railway products against the requirements of
this standard;

– an approval process by the safety authority.

This part 2 of EN 50126 is applicable to railway applications fields, namely Command, Control and
Signalling, Rolling Stock and Fixed Installations, and specifically:
• to the specification and demonstration of safety for all railway applications and at all levels of such an
application, as appropriate, from complete railway systems to major systems and to individual and

7
I.S. EN 50126-2:2017
EN 50126-2:2017 (E)

combined sub-systems and components within these major systems, including those containing
software, in particular:

– to new systems;

– to new systems integrated into existing systems already accepted, but only to the extent and
insofar as the new system with the new functionality is being integrated. It is otherwise not
applicable to any unmodified aspects of the existing system;

– as far as reasonably practicable, to modifications and extensions of existing systems accepted


prior to the creation of this standard, but only to the extent and insofar as existing systems are
being modified. It is otherwise not applicable to any unmodified aspect of the existing system;

• at all relevant phases of the life-cycle of an application;

• for use by railway duty holders and the railway suppliers.


This is a free 12 page sample. Access the full version online.

It is not required to apply this standard to existing systems which remain unmodified, including those
systems already compliant with any former version of EN 50126.
The process defined by this European Standard assumes that railway duty holders and railway suppliers
have business-level policies addressing Quality, Performance and Safety. The approach defined in this
standard is consistent with the application of quality management requirements contained within EN
ISO 9001.

2 Normative references

The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
EN 50126-1:2017, Railway Applications — The Specification and Demonstration of Reliability, Availability,
Maintainability and Safety (RAMS) — Part 1: Generic RAMS Process

3 Terms and definitions

For the purposes of this document, the terms and definitions given in EN 50126-1 apply.

4 Abbreviations

ALARP As Low As Reasonable Practicable


CBA Cost Benefit Analysis
CCF Common Cause Failure (Analysis)
CoP Code of Practice
COTS Commercial Off-The-Shelf
DRA Differential Risk Aversion
ERE Explicit Risk Estimation
EMC Electromagnetic compatibility
ETA Event Tree Analysis
FMECA Failure Mode Effect & Criticality Analysis
FTA Fault Tree Analysis
GA Generic Application
GASC Generic Application Safety Case

8
This is a free preview. Purchase the entire publication at the link below:

I.S. EN 50126-2:2017 - PDF


This is a free 12 page sample. Access the full version online.

Looking for additional Standards? Visit SAI Global Infostore


Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation

Need to speak with a Customer Service Representative - Contact Us

You might also like