railway group guidance note 0801 - rssb iss 1.pdf · this document will be updated when necessary...

Copyright in the Railway Group Standards is owned by Rail Safety and Standards Board Limited. All rights are hereby reserved. No Railway Group Standard (in whole or in part) may be reproduced, stored in a retrieval system, or transmitted, in any form or means, without the prior written permission of Rail Safety and Standards Board Limited, or as expressly permitted by law.

In circumstances where Rail Safety and Standards Board Limited has granted a particular person or organisation permission to copy extracts from Railway Group Standards, Rail Safety and Standards Board Limited accepts no responsibility for, and excludes all liability in connection with, the use of such extracts, or any claims arising therefrom. This disclaimer applies to all forms of media in which extracts from Railway Group Standards may be reproduced. Published by: Rail Safety and Standards Board Evergreen House 160 Euston Road London NW1 2DX © Copyright 2004 Rail Safety and Standards Board Limited

Railway Group Guidance NoteGK/GN0801 Issue One Date August 2004

Guidance on Using Railway Group Standards to Support Signal Engineering Safety Cases

Synopsis This document shows how Railway Group Standards can be used to support engineering safety cases and describes the hierarchy between standards and interworking requirements. This document also provides guidance on the approach to take when conflicts are found between requirements in signalling standards.

Signatures removed from electronic version

Submitted by Paul Woolford Project Manager

Content approved by

Train Control and Communications Subject Committee on 13 May 2004

Authorised by Anne Blakeney Acting Department Head Railway Group Standards Management

Document to be withdrawn as of 04/09/2010 Uncontrolled When Printed

This page has been left blank intentionally


Guidance on Using Railway Group Standards to Support Signal Engineering

Safety Cases

RAIL SAFETY AND STANDARDS BOARD 1

Railway Group Guidance NoteGK/GN0801 Issue One Date August 2004 Page 1 of 39

Contents Section Description Page

Part A

A1 Issue record 2 A2 Implementation of this document 2 A3 Responsibilities 2 A4 Health and safety responsibilities 2 A5 Supply 2

Part B B1 Purpose 3 B2 Application of this document 3 B3 Definitions and acronyms 3

Part C Signalling document tables C1 Introduction 5 C2 Guidance on engineering safety cases 6 C3 Guidance on standards hierarchy 8 C4 Guidance on conflicts 9

Appendices

A1 Examples of hazard associated with a typical conventional signalling scheme 10 B1 Process requirement: Competence management 18 B2 Process requirement: Safety cases 19 B3 Process requirement: Compliance 20 B4 Process requirement: Acceptance 21 B5 Process requirement: Asset life cycle 22 C1 System requirement: Infrastructure requirements 23 C2 System requirement: Principles 31 D1 Guidance on selecting a signalling system 35 D2 Standards relating to the signalling design process 36

References 37



2 RAIL SAFETY AND STANDARDS BOARD

Railway Group Guidance Note GK/GN0801 Issue One Date August 2004 Page 2 of 39

Part A A1 Issue record

Issue Date Comments One August 2004 Original document incorporating the index of

signalling principles standards from GK/RM0501

This document will be updated when necessary by distribution of a complete replacement.

A2 Implementation of this document

The publication date of this document is 7 August 2004.

This document supersedes the following Railway Group Manual, as indicated.

Railway Group Manual

Issue No.

Title Sections superseded by this document

Date(s) as of which sections are superseded

GK/RM0501 24 Manual of Signalling Principles Standards

Cover List of standards

2 October 2004

GK/RM0501 is withdrawn with effect from 2 October 2004.

A3 Responsibilities Railway Group Guidance Notes are non-mandatory documents providing helpful information relating to the control of hazards and often set out a suggested approach, which may be appropriate for Railway Group* members to follow.

* The Railway Group comprises Network Rail Infrastructure Limited, Rail Safety and Standards Board Limited, and the train and station operators who hold Railway Safety Cases for operation on or related to infrastructure controlled by Network Rail Infrastructure Limited.

Network Rail Infrastructure Limited is also known as Network Rail.

Rail Safety and Standards Board Limited is also known as RSSB.

A4 Health and safety responsibilities

Each Railway Group member is reminded of the need to consider its own responsibilities to ensure health and safety at work and its own duties under health and safety legislation. RSSB does not warrant that compliance with all or any documents published by RSSB is sufficient in itself to ensure safe systems of work or operation or to satisfy such responsibilities or duties.

A5 Supply Controlled and uncontrolled copies of this document may be obtained from the Corporate Communications Dept, Rail Safety and Standards Board, Evergreen House, 160 Euston Road, London NW1 2DX, telephone 020 7904 7518 or e-mail [email protected]. Railway Group Standards can also be viewed at www.rssb.co.uk.



Safety Cases



Part B B1 Purpose

This document gives guidance on:

a) using Railway Group Standards as part of demonstrating that safety risk is reduced to ALARP level within a signalling project

b) the relationship between Railway Group Standards, Guidance Notes, RSSB Approved Codes of Practice and the overarching requirements for safe interworking

c) the approach to take when conflicting requirements are identified in Railway Group Standards.

B2 Application of this document

B2.1 To whom the guidance applies This document contains guidance that is applicable to RSSB and duty holders of the infrastructure controller category of Railway Safety Case.

B2.2 Documents supported by this Guidance Note This document is designed to support all Railway Group Standards that relate to signalling processes and systems. It will be updated on a regular basis to reflect changes to the Catalogue of Railway Group Standards.

B3 Definitions and acronyms

ALARP An acronym for ‘as low as reasonably practicable’ that is applied to safety risk.

Hazard A physical situation with a potential for human injury.

Novel (equipment, systems, applications, operating methods) A term describing a new or untried feature, that is, in the context of this guidance note, to be introduced by a project. It includes both new systems and the application or operation of existing systems in a different way to that already in use.

A feature ceases to be novel when:

a) all of the hazards associated with it are understood, and

b) mitigations are in place to manage the risk to ALARP level, including the availability of the necessary standards and instructions.

Unified Modelling Language Unified Modelling Language (UML) is a method of describing processes using drawings. The following UML symbols are used within this document:

A ‘class’ symbol represents a static object that has attributes and operations. For example:

UML relationship symbol meaning ‘types of’

Class

-attribute

+operation

Standard

-Number of pages

+Describe requirements





UML relationship symbol meaning ‘made up of’



Safety Cases



1…*

0…*

UML quantity symbols meaning ‘one or more’ and ‘any number of’. Other numeric values and limits may be used

text UML symbol representing an association between different classes and the direction that the association is read

UML symbol representing the start of a process

UML symbol representing the end of a process





Part C Signalling document tables C1 Introduction

The process by which signalling safety requirements should be derived is described in GK/RT0206 and GK/GN0806. This document shows how compliance with Railway Group Standards can contribute to demonstration that the derived safety requirements have been met. Compliance with Railway Group Standards alone may not be sufficient to achieve this.

This document is designed to assist those involved with preparing signal engineering safety cases by:

a) listing examples of hazards introduced by typical signalling projects where compliance with Railway Group Standards can support demonstration of risk mitigation and reduction of risk to ALARP levels

b) linking signalling related processes and systems to the appropriate Railway Group Standards and other signalling related documents

c) linking Railway Group Standards and other signalling related documents to the top-level processes or requirements from which the document is derived

d) illustrating the hierarchy of Railway Group Standards and other signalling related documents

e) giving guidance on standards conflict resolution.

Section C2 contains a UML diagram that illustrates the relationship between engineering projects, engineering safety cases and Railway Group Standards.

Section C3 contains a UML diagram that describes how top-level processes and requirements relate to the various signalling systems and processes. The diagram calls up a series of tables, which list Railway Group Standards and other signalling related documents under subject headings. Each subject heading identifies, where relevant:

a) an overarching requirement

b) a primary standard or standards that fulfil the overarching requirement

c) related documents that support the primary standard.

Section C4 gives guidance on how conflicts between different requirements should be managed.



Safety Cases



C2 Guidance on engineering safety cases

This diagram illustrates the relationship between Railway Group Standards and the engineering safety case necessary to support approval of an engineering project.

references

+Provides guidance on safety cases()+Includes application notes()

Engineering Safety Management (Yellow Book)

+Deliver project scope()+Demonstrate safety risk is ALARP()

-scopeEngineering project

-mandated on projectSafe interworking

+provide input to project()

Requirements

complies with

+customer deliverables()+legislation()

Customer requirements

1..*

1..*

+Demonstrate risk is ALARP()+Demonstrate all hazards have been identified()

-generated by projectEngineering safety case produces1..*

1..*

gives guidance on preparing

Identify hazards

Causal analysis Consequence analysis

Loss analysis

Options analysis

Impact analysis

Demostrate achievement of ALARP +specify requirements for safe interworking()-mandatory on holders of railway safety cases

Railway Group Standardswhich can beused to

1..* which are specified in

+authorised deviation from requirement()

-temporary non-compliance-non-compliance subject to standards change-derogation

Deviation proposalnecessary tosupport

0..*

against particular clausescontained in

+Euronorms()+TSI's()

European requirements1..*

Fig. 1 Relation between Railway Group Standards and engineering safety cases (UML diagram)





All railway projects have to demonstrate safety for system design (including systems, equipment or operating methods) and therefore have to manage all of the safety risk associated with each project. This is usually achieved by preparing an engineering safety case to demonstrate that:

a) all of the hazards introduced by the project have been identified, and

b) mitigations are in place to reduce the safety risk level to ALARP for every hazard.

GK/RT0206 and GK/GN0806 describe the particular process used to demonstrate safety for signalling and operational telecommunications projects.

Guidance on how to prepare an engineering safety case is contained in the Engineering Safety Management ‘Yellow Book’ published by RSSB. This includes supplementary application notes, which cover particular subject areas, including software, human factors and independent safety assessment.

The size and content of an engineering safety case should be proportionate to the scope of the project to which it applies and the number and complexity of the hazards that have to be managed.

Where a completely novel system is to be introduced, the engineering safety case process, as described in the ‘Yellow Book’, should be applied in full from first principles. This requires identification of all hazards and implementation of risk mitigation measures for each across the whole project.

Where a project introduces novel design features or has novel elements within it, the engineering safety case process should be followed to demonstrate that risk level is ALARP for the novel aspect of the project, including how the novel aspect interacts within the context of the complete system. The remainder of the project should be managed as a conventional project.

Conventional projects that apply proven designs (for example, conventional re-signalling, remodelling or capacity enhancement schemes) should follow the engineering safety case process in sufficient detail to demonstrate safety for the proposed applications or design configurations in the environment that the application is being used. Emphasis should be placed on managing the hazards arising from the elements of the design that differ from previous applications.

For small, simple projects, engineering safety cases may be limited to justification of the decisions made on application design.

Consideration should be given to the use of generic safety cases for projects that do not include a novel element.

Projects can use compliance with Railway Group Standards as a contribution to demonstrating that safety risk is ALARP. Appendix A1 provides examples of typical and commonly encountered hazards and the Railway Group Standards that address the safe inter-working associated with each hazard.

In some cases, Railway Group Standards place a requirement on projects to complete risk analyses (for example, overrun risk assessment), which may form part of an engineering safety case.

Projects should use the typical hazards listed in Appendix A1 as a starting point to identifying and mitigating the risk associated with signalling projects. Compliance with Railway Group Standards, by itself, may not be sufficient to demonstrate that risk level is ALARP and additional mitigation measures may have to be developed by the project.



Safety Cases



C3 Guidance on standards hierarchy

This diagram illustrates the relationship between the Railway Group Standards and the top-level requirement for safe interworking.

Railway Group members

Process requirement

System requirement

-see appendix B1Competence management

-see appendix B2Safety cases

-see appendix B3Compliance

-see appendix B4Acceptance

-see appendix B5Asset life cycle

1...*

1...*

1...*

-see appendix C1Infrastructure requirement

-see appendix C2Principles requirement

-see appendix C1.1Train control and interface

-see appendix C1.2Points

+ensure safe interworking()

-EU requirements for high-speed lines-EU requirements for conventional lines

Technical specifications for interoperabilitypartially satisfy

-see appendix C1.6Miscellaneous equipment

-see appendix C1.3Lineside signals and signs

-see appendix C1.4Level crossings

-see appendix C1.5Train detection

-see appendix C2.1Route setting, holding and releasing

-see appendix C2.2Control systems

1...*

1...*

+mandate UK requirements()-apply to all Railway Group members

Railway Group Standardsensure safe interworking between

1...*

2...*

partially conflict with

address the same areas as

-includes the Rule BookOperational requirements

1...*

Fig. 2 Relationship between Railway Group signalling documents and top-level safety requirements



1 0 RAIL SAFETY AND STANDARDS BOARD


The tables contained in appendices B1 – B5 and C1 – C2.2 show the relationship between Railway Group signalling documents and the overarching requirements that address relevant subject areas.

Flow charts in Appendices D1 and D2 illustrate how Railway Group Standards and other signalling related documents relate to particular work-streams. Examples are given for:

a) selecting a signalling system (Appendix D1), and

b) application of standards during the signalling design process (Appendix D2).

C4 Guidance on conflicts

Where proposed risk mitigation measures conflict with the requirements contained in Railway Group Standards, projects should submit applications for deviation, in accordance with the Railway Group Standards Code.

Where conflicting requirements exist within Railway Group Standards, projects should submit applications for non-compliance, together with proposals for standards change, in accordance with the Railway Group Standards Code.

Proposed solutions to support non-compliance applications should consider the standards hierarchy. As a general principle, requirements contained in primary standards take precedence over related standards and so any conflicting requirement between the two can be prioritised.

The chart in section C3 can be used as a guide to establish the general hierarchy of Railway Group signalling documents. Appendices B1 – B5 and C1 – C2.2 can be used to identify relationships between the various standards.

Technical advice should also be sought from RSSB.

Non-compliance certificates issued by RSSB form part of project safety case documentation and contribute towards demonstration that safety risk is ALARP.

Conflicts between requirements contained in Railway Group Standards and requirements contained in European Technical Standards for Interoperability can be addressed by compliance with GE/RT8050 (see Appendix B3).



RAIL SAFETY AND STANDARDS BOARD 1 1


Appendix A1 Examples of hazard associated with a typical conventional signalling scheme These tables list typical hazards that need to be managed by projects, and provide guidance on where to find mitigations within Railway Group Standards. The Railway Group Standards listed below primarily relate to signalling technical and operational requirements. Other Railway Group Standards exist that can also be used to demonstrate mitigation of hazards. A full list is contained in the Catalogue of Railway Group Standards.

Hazards that can result in a SPAD Standards that contain mitigations

Design Implement Life cycle Operation Decommission Signaller replaces signal to danger in error causing SPAD

GK/RT0025

GO/RT3259 GE/RT8000

Driver does not understand signal GO/RT3251 GE/RT8000

Driver starts train without movement authority GE/RT8018 GE/RT8030 GE/RT8060 GK/RT0031 GK/RT0032

GK/RT0091

Driver misjudges braking GE/RT8030 GK/RT0034

GK/RT0007 GO/RT3251

Driver misinterprets signal aspect GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031 GK/RT0032 GK/RT0036 GK/RT0039

GK/RT0209 GE/RT8034 GK/RT0210

GO/RT3251

Driver does not see signal GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031

GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210

GO/RT3251





Hazards that can result in a SPAD Standards that contain mitigations Design Implement Life cycle Operation Decommission

Driver responds to wrong signal GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0009 GK/RT0031 GK/RT0032

GE/RT8034 GK/RT0210

GO/RT3251

Driver distracted by conflicting or misleading information and misreads signal

GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037

GE/RT8034 GK/RT0210

GE/RT8000

Insufficient braking distance approaching signal GK/RT0007 GK/RT0034

GK/RT0209 GE/RT8040

Driver has insufficient signal sighting time GE/RT8037 GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210

Signal displays incorrect aspect to driver due to electromagnetic interference

GE/RT8015

GI/RT7002 GK/RT0209

Signal displays incorrect aspect due to disarrangement of signalling system

GK/RT0206 GK/RT0027 GK/RT0217

GK/RT0101 GE/RT8000

Signal displays incorrect aspect to driver due to implementation error

GK/RT0060 GK/RT0206


GK/RT0101

Signal fails to display aspect due to inadequate engineering of signal assembly or component

GK/RT0206

GI/RT7002

Signal fails to display aspect due to life cycle failure GK/RT0206 GK/RT0106GK/RT0210

Signal fails to display aspect due to vandalism GE/RT8063 Signal fails to display aspect due to power supply failure GI/RT7017

GK/RT0206

GK/RT0210





Hazards resulting from a SPAD Standards that contain mitigations Design Implement Life cycle Operation Decommission

Train collides with another train or train derails GI/RT7006 GK/RT0060 GK/RT0064

GO/RT3251

Train collides with buffer stop GC/RT5033 GI/RT7006

GE/RT8040 GO/RT3251

Infrastructure controller / System interface hazards Signal displays incorrect aspect to driver due to electromagnetic interference

GE/RT8015

GI/RT7002

Signal displays incorrect aspect due to disarrangement of signalling system

GK/RT0027 GK/RT0217

GK/RT0101 GE/RT8000

Signal displays incorrect aspect to driver due to implementation error

GK/RT0060 GK/RT0206


GK/RT0101

Signal fails to display aspect due to inadequate engineering of signal assembly or component

GK/RT0206 GI/RT7002

Signal fails to display aspect due to life cycle failure GK/RT0206 GK/RT0106 GK/RT0210

Signal fails to display aspect due to vandalism GK/RT0206 GE/RT8063 Signal fails to display aspect due to power supply failure GI/RT7017

GK/RT0206 GK/RT0106

Points move or fail causing derailment or collision GI/RT7004 GK/RT0060

Train detection system does not detect train GE/RT8217 GK/RT0011 GK/RT0217

GO/RT3208

Signalling control data corrupted GK/RT0105 GK/RT0210 Signalling system functionality incomplete GK/RT0060

GK/RT0101 GK/RT0206






Infrastructure controller / System interface hazards Standards that contain mitigations

Design Implement Life cycle Operation Decommission

Signalling system contains installation errors GK/RT0101 GK/RT0208 GK/RT0209

Signalling system incorrectly reset by technician GE/RT8000 GK/RT0027 GK/RT0101 GK/RT0217

Signalling disarranged by authorised person GE/RT8000 GK/RT0101

Signalling system disarranged by unauthorised person GK/RT0206 GE/RT8063 GK/RT0210

Signalling system or component life cycle failure GE/RT8000 GK/RT0106 GK/RT0210

Interlocking logic inadequate GK/RT0060 GK/RT0101

GK/RT0101 GK/RT0209

Wrong component installed after failure

GI/RT7001 GK/RT0101 GK/RT0209 GK/RT0330

System or component has latent or hidden failure mode GK/RT0206 GI/RT7002

System or component failure inadequately managed GI/RT7001 GK/RT0101 GK/RT0106

Altered system, conflicting standards within systems and components are not compatible

GK/RT0206 GK/RT0207

GI/RT7001 GI/RT7002

Elements of system do not mitigate risk GK/RT0206 GI/RT7002

System or interfacing system not upgraded to current standards

GK/RT0060 GK/RT0206

System does not provide for life cycle management GK/RT0206 GI/RT7001 GK/RT0210

System cannot withstand environmental or operating impact

GK/RT0206 GI/RT7002 GK/RT0210





Infrastructure controller / System interface hazards Standards that contain mitigations

Design Implement Life cycle Operation Decommission Existing or obsolete system does not meet required functionality

GK/RT0101 GK/RT0206

Functionality requirements not properly specified or misunderstood


GI/RT7001

Life cycle management requirements not properly implemented

GI/RT7001 GK/RT0101 GK/RT0210

Authorised person disconnects / reconnects wrong function as part of protection arrangements

GI/RT7001 GE/RT8000

Train operator / System interface hazards

Driver does not understand signal GO/RT3260

Driver starts train without movement authority GE/RT8018 GE/RT8030 GE/RT8060

GK/RT0091 GO/RT3475

Driver misjudges braking GE/RT8030 GK/RT0007 GK/RT0034

GO/RT3251

Driver misinterprets signal aspect GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031 GK/RT0032 GK/RT0036 GK/RT0039

GK/RT0209 GE/RT8034 GO/RT3251

Driver does not see signal GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0031

GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210





Train operator / System interface hazards Standards that contain mitigations


Driver responds to wrong signal GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037 GK/RT0009 GK/RT0032

GE/RT8034 GK/RT0210

GO/RT3251

Driver distracted by conflicting or misleading information and misreads signal

GE/RT8018 GE/RT8030 GE/RT8035 GE/RT8037

GE/RT8034 GK/RT0210

Driver has insufficient signal sighting time GE/RT8037 GK/RT0209 GC/RT5202 GE/RT8034 GK/RT0210

Insufficient braking distance approaching signal GK/RT0007 GK/RT0034

GK/RT0209 GE/RT8040

Driver does not understand how to slow down train GO/RT3251 Driver exceeds permitted speed limit GE/RT8012

GE/RT8030 GI/RT7033

GO/RT3251

Driver misinterprets authorised speed GI/RT7033 GK/RT0038

GC/RT5060 GO/RT3251

Driver does not receive speed information GI/RT7033 GK/RT0206

GC/RT5202

Train moves without degraded movement authority GE/RT8018 GE/RT8030

GO/RT3251 GO/RT3259 GE/RT8000

Train takes wrong degraded movement authority GE/RT8018 GE/RT8030

GO/RT3251 GO/RT3259 GE/RT8000





Train operator / System interface hazards Standards that contain mitigations


Train cab design not compatible with signalling system GE/RT8270 GI/RT7002

Train length exceeds available capacity GE/RT8004 GE/RT8000

Vehicle design incompatible with train detection system GK/RT0011 GI/RT7002

Design of train not compatible with signalling system GE/RT8015 GE/RT8270 GI/RT7002

Driver starts train before station work is completed GE/RT8060 GE/RT8000 Train strikes member of public or vehicle on level crossing

GI/RT7011 GI/RT7012

Train strikes track worker after movement authority granted

GK/RT0029 GK/RT0030

GE/RT8000

Signaller / System interface hazards

Signaller cannot interface with control panel GK/RT0009 GK/RT0025

GK/RT0209 GK/RT0210 GO/RT3259

Signaller cannot interface with system indications GK/RT0009 GK/RT0025

GK/RT0209 GK/RT0210 GO/RT3259

Signaller confused by presentation of information or information overload


GK/RT0209 GO/RT3259

Signaller sets two or more conflicting routes GK/RT0039 GK/RT0060

GK/RT0209

Signaller cancels route and sets another conflicting route GK/RT0060 GK/RT0063

GK/RT0209

Signaller sets route into occupied section GK/RT0041 GK/RT0042 GK/RT0044 GK/RT0051 GK/RT0054 GK/RT0060

GK/RT0209





Signaller / System interface hazards Standards that contain mitigations


Signaller sets route with risk of overrun conflict GI/RT7006 GK/RT0064 GK/RT0206

Signaller controls points within route after movement authority has been issued

GK/RT0060 GK/RT0209

Signaller gives release within set route GK/RT0060 GK/RT0061

GK/RT0209

Authorised person moves points by hand within set route GE/RT8000 GO/RT3259 GO/RT3260

Authorised person moves or secures incorrect points GE/RT8000 GO/RT3259 GO/RT3260

Unauthorised person moves points within set route GK/RT0206 GE/RT8063 GK/RT0210

Signaller incorrectly calls train past red signal when section occupied

GO/RT3259 GE/RT8000

Signaller replaces signal to danger in error causing SPAD

GK/RT0025

GO/RT3259

Signaller issues wrong degraded movement authority GK/RT0025 GO/RT3259

Station operator / System interface hazards

Platform staff dispatch train when starting signal is at red GE/RT8030 GE/RT8060

GO/RT3475 GE/RT8000

Train authorised to leave in wrong direction GE/RT8000





Appendix B1 Process requirement: Competence management

Process category Competence management

Overarching requirement Railways (Safety Critical Work) Regulations

HSE Railway Safety Principles and Guidance Part 3a: Developing and Maintaining Staff Competence

Primary standard GO/RT3260 Competence Management for Safety Critical Work

Related standards

Signalling and telecommunications Other standards relate to train driving, train working and signallers

GK/RT0101 Competence Standards for Signalling and Telecommunications Staff





Appendix B2 Process requirement: Safety cases

Process category Railway safety cases

Overarching requirement Railways (Safety Case) Regulations 2000

as amended by

Railways (Safety Case) (Amendment) Regulations 2003

Primary standard Nil

Related standards

Guidance Notes

GE/GN8561 Guidance on the Preparation of Risk Assessments within Railway Safety Cases

Engineering Safety Management (Yellow Book)





Appendix B3 Process requirement: Compliance

Process category Compliance management

Overarching requirement Railways (Safety Case) Regulations

The Railways (Interoperability) (High Speed) Regulations 2002

These regulations implement EU directive 96/48EU, Interoperability Requirements for High Speed Lines. They apply to those parts of the UK infrastructure that form part of the trans-European high-speed rail system

Further regulations are being developed to implement EU directive 2001/16EU, Interoperability Requirements for Conventional Lines

Emerging Technical Standards for Interoperability (TSIs)

Primary standard Nil

Related standards

Standards change

GE/RT8050 Process for Dealing with Issues between Railway Group Standards and TSIs for High-Speed Operation

The Railway Group Standards Code

Deviations (Temporary non-compliance, derogation, non-compliance pending standards change, subject committees)

The Railway Group Standards Code

Guidance Notes GE/GN8550 Guidance on Issues between Railway Group Standards and TSIs for High-Speed Operation





Appendix B4 Process requirement: Acceptance

Process category Acceptance

Overarching requirement Railways (Safety Case) Regulations

HSE Railway Safety Principles and Guidance Parts:

1

2a Guidance on Infrastructure

2d Guidance on Signalling

2e Guidance on Level Crossings

2f Guidance on Trains

3a Developing and Maintaining Staff Competence

Primary standard GI/RT7002 Acceptance of Systems, Equipment and Materials for Use on Railtrack Controlled Infrastructure

GE/RT8270 Route Acceptance of Rail Vehicles, including changes in Operation or Infrastructure

Related standards

GK/RT0206 Signalling and Operational Telecommunications Systems: Safety Requirements

GK/RT0209 Testing and Commissioning of Signalling and Operational Telecommunications Systems

GE/RT8015 Electromagnetic Compatibility between Railway Infrastructure and Train





Appendix B5 Process requirement: Asset life cycle

Process category Asset life cycle (including change control)

Overarching requirement Construction, design and maintainability regulations

Primary standard

See also Safety Cases and Acceptance processes

GK/RT0210 Asset Management for the Safety of Signalling and Operational Telecommunications Systems and Equipment

Related standards

See systems tables for specific signalling technologies

Design

GK/RT0207 Signalling Design

Construction GK/RT0208 Installation of Signalling and Operational Telecommunications Equipment

Verification and validation GK/RT0209 Testing and Commissioning of Installation of Signalling and Operational Telecommunications Equipment

GK/RT0027 Resetting and Restoration to Service of Signalling Systems

Maintenance and faulting GK/RT0106 Management of Safety Related Failures of Signalling and Operational Telecommunications Systems

GK/RC0606 Management of Safety Related Failures of Train Borne Signalling and Operational Telecommunications Systems

Asset life cycle records GI/RT7001 Management of Safety Related Records

GE/RT8047 Reporting of Safety Related Information

GE/RT8250 Safety Performance Monitoring and Defect Reporting

System authorities GE/RT8049 Creation and Management of System Authorities

Guidance Notes GE/GN8547 Guidance on the Reporting of Safety Related Information

GE/GN8510 Railway Group Safety Performance Monitoring – Definitions and Guidance





Appendix C1 System requirement: Infrastructure requirements

Process category Infrastructure requirements

Overarching requirement

See also Asset Life Cycle and Acceptance

European Union Directives for Interoperability:

96/48EU Interoperability Requirements for High-Speed Lines

2001/16EU Interoperability Requirements for Conventional Lines

as described by the emerging Technical Standards for Interoperability (TSIs)

HSE Railway Safety Principles and Guidance Part 2a: Guidance on Infrastructure (see Appendices B1.1 – B1.6 for particular guidance)

Primary standards GI/RT7002 Acceptance of Systems, Equipment and Materials for Use on Railtrack Controlled Infrastructure


BR13442 50Hz Single Phase AC Electrification: Immunisation of Signalling and Telecommunications against Electrical Interference

Related standards

TSI compliance GE/RT8050 Process for Dealing with Issues between Railway Group Standards and TSIs for High-Speed Operation

Train control and interface systems

See Appendix C1.1

Points See Appendix C1.2

Lineside signals and signs See Appendix C1.3

Level crossings See Appendix C1.4

Train detection See Appendix C1.5

Miscellaneous equipment See Appendix C1.6

Guidance Notes GE/GN8550 Guidance on Issues between Railway Group Standards and TSIs for High-Speed Operation





Appendix C1.1 Infrastructure requirement: Train control and interface

Process category Train control and interface systems

Overarching requirement See Appendix C1

HSE Railway Safety Principles and Guidance Part 2d: Guidance on Signalling

HSE Railway Safety Principles and Guidance Part 2f: Guidance on Trains

Primary standards See Appendix C1

Related standards

Automatic train protection and supervision systems

GE/RT8012 Controlling the Speed of Tilting Trains through Curves

GE/RT8019 Tilting Trains: Controlling Tilt Systems to Maintain Clearances

GE/RC8517 Recommendations for Systems for the Supervision of Enhanced Permissible Speeds and Tilt Enable

GE/RT8018 Mechanical Trainstop Systems

GE/RT8035 Automatic Warning System (AWS)

GE/RT8030 Requirements for a Train Protection and Warning System (TPWS)

Driver interface

See also Lineside Signals and Signs

GE/RT8000 Rule Book Modules (including block regulations)

GE/RT8026 Safety Requirements for Cab Signalling Systems

GE/RT8060 Technical Requirements for Dispatch of Trains from Platforms

GK/RT0091 Drivers Reminder Appliances

GM/RT2161 Requirements for Driving Cabs of Railway Vehicles

Train interface GE/RT8014 Hot Axle Bearing Detection

GE/RT8015 Electromagnetic Compatibility between Railway Infrastructure and Trains

GE/RC8514 Approved Code of Practice – Hot Axle Bearing Detection

Signalling interface GK/RT0036 Transition between Lineside Signalling Systems and Other Systems of Train Control (partially superseded by GE/RT8026)

GK/RT0025 Signalling Control and Display Systems

GK/RT0026 Signallers Route Lists





Infrastructure interface GC/RT5101 Technical Approval Requirements for Changes to the Infrastructure

GK/RT0007 Alteration to Permissible Speeds

Track worker interface GK/RT0029 Train Activated Warning Systems

GK/RT0030 Signalling Lockout Systems for the Protection of Personnel On or Near the Line

Guidance Notes GE/GN8502 Operation of Trams and Light Rail Vehicles over Railtrack Controlled Infrastructure

GE/GN8526 Guidance on Safety Requirements for Cab Signalling Systems

GK/GN0525 Guidance on Signalling Control Centres





Appendix C1.2 Infrastructure requirement: Points

Process category Points




Related standards

Point systems GI/RT7004 Requirements for Design, Operation and Maintenance of Points





Appendix C1.3 Infrastructure requirement: Lineside signals and signs

Process category Lineside signals and signs

Overarching requirements See Appendix C1



Also:

GK/RT0032 Provision of Lineside Signals

GI/RT7033 Lineside Operational Safety Signs

Related standards

Layout and positioning GK/RT0034 Lineside Signal Spacing

GK/RT0036 Transition between Lineside Signalling Systems and other Systems of Train Controls (partially superseded by GE/RT8026)

GE/RT8037 Signal Position and Visibility

GK/RT0038 Signing of Permissible Speeds and Speed Restrictions

Equipment Signals:

GK/RT0009 Identification of Signalling and Related Equipment

GK/RT0031 Lineside Signals and Indicators

Signs:


GC/RT5060 Equipment for Signing of Temporary and Emergency Speed Restrictions

Particular life cycle requirements

GE/RT8034 Maintenance of Signal Visibility

GC/RT5202 Vegetation – Managing the Risks

GO/RT3252 Signals Passed at Danger





Appendix C1.4 Infrastructure requirement: Level crossings

Subject category Level crossings


HSE Railway Safety Principles and Guidance Part 2e: Guidance on Level Crossings

Primary standard See Appendix C1

GI/RT7012 Requirements for Level Crossings

Related standards

Selection of type GI/RT7011 Provision, Risk Assessment and Review of Level Crossings

Guidance Notes GI/GN7611 Guidance on Provision, Risk Assessment and Review of Level Crossings





Appendix C1.5 Infrastructure requirement: Train detection

Subject category Train detection



HSE Railway Safety Principles and Guidance Part 2f: Guidance on Trains

Primary standard See Appendix C1

GK/RT0011 Train Detection

Related standards

Axle counters GK/RT0217 Technical Requirements for Axle Counters

GE/RT8217 Introduction and Use of Axle Counters – Managing the Risk

Block regulations GE/RT8000 Rule Book modules TS1-TS8

Degraded mode GO/RT3208 Arrangements Concerning the Non-Operation of Track Circuits During the Leaf Fall Contamination Period

Guidance Notes GK/GN0611 Guidance on Train Detection





Appendix C1.6 Infrastructure requirement: Miscellaneous equipment

Process category Miscellaneous equipment



Related standards

Plug in components GK/RT0330 Plug in and Interchangeable Railway Signalling Equipment

Lineside signals See Appendix C1.3

Points See Appendix C1.2

Level crossings See Appendix C1.4





Appendix C2 System requirement: Principles

Process category Principles requirements

Overarching requirements

European Union Directives for Interoperability:



as described by the emerging Technical Standards for Interoperability (TSIs)

HSE Railway Safety Principles and Guidance Parts:

1

2d Guidance on Signalling

2e Guidance on Level Crossings

Primary standards GK/RT0206 Signalling and Operational Telecommunications Systems Safety Requirements

GK/RT0060 Interlocking Principles

Related standards

Route setting, holding and releasing

See Appendix C2.1

Control systems See Appendix C2.2

Guidance Notes GK/GN0806 Guidance on Signalling and Operational Telecommunications Systems: Safety Requirements





Appendix C2.1 Principles requirement: Route setting, holding and releasing

Process category Route setting, holding and releasing



Related standards

Block systems GK/RT0041 Track Circuit Block

GK/RT0042 Absolute Block

GK/RT0051 Single Line Control

GK/RT0054 Radio Electronic Token Block

(See also BR1654 Radio Electronic Token Block System)

Controls and indications GK/RT0025 Signalling Control and Display Systems

Particular interlocking requirements

GK/RT0039 Semaphore and Mechanical Signalling

GK/RT0044 Controls for Signalling a Train Onto an Occupied Line

GK/RT0061 Shunters Release, Ground Frames, Switch Panels and Gate Boxes

GK/RT0063 Approach Locking and Train Operated Route Release

SPAD mitigation GK/RT0064 Provision of Overlaps, Flank Protection and Trapping

GI/RT7006 Prevention and Mitigation of Overruns – Risk Assessment

GC/RT5033 Terminal Tracks – Managing the Risks


Staff safety systems GK/RT0029 Train Activated Warning Systems






Guidance Notes GK/GN0525 Guidance on Signalling Control Centres

GI/GN7606 Guidance on Prevention and Mitigation of Overruns – Risk Assessment

GC/GN5533 Guidance on Assessment of Risks from Train Overruns at Terminal or Bay Platforms





Appendix C2.2 Principles requirement: Control systems

Process category Control systems



GK/RT0105 The Transmission of Safety Related Information

Related standards

Remote control SSP50 Remote Control Standby Arrangements





Appendix D1 Guidance on selecting a signalling system

SIGNALLING SYSTEM

Interoperability requirements

Track layout

Operating requirements

Principles requirements

Alterations GC/RT5101

European standards for interoperability96/48EC High-Speed Lines2001/16EC Conventional Lines- Technical Specifications for Interoperability (TSIs)- Notified National Standards- Resolution of issues GE/RT8050

Signalling mandatory requirements

Methods of signallingCab GE/RT8026Lineside GK/RT0031, 32, 34 and 37Transition GK/RT0036

Operating systems GK/RT0025

Train protection systems GI/RT7006AWS GE/RT8035TPWS GE/RT8030Tilt supervision GE/RT8012 and 8019Trainstop GE/RT8018

Level crossings GI/RT7011 and 7012

Point operation GI/RT7004

Train detection GK/RT0011

Track workers GK/RT0029 and 0030

Safety requirements

Train speeds GK/RT0007

Rolling stock GE/RT8270

Timetable

Railway Safety Case (See appendix B2)

Interlocking principles GK/RT0060

Control systems GK/RT0105

Competence systems GO/RT3260

Equipment safetyAcceptance GI/RT7002EMC GE/RT8015AC Lines BR13442

Safety management The Yellow Book

Overall system safety GK/RT0206

LegislationHSE Railway Safety Principles and Guidance Parts2a/d/e





Appendix D2 Standards relating to the signalling design process

Selection ofsignalling system

(Appendix D1)

Particular mandatory requirements

Infrastructure requirements (Appendix C1)

Train control and interface systems (Appendix C1.1)Points (Appendix C1.2)Lineside signals and signs (Appendix C1.3)Level crossings (Appendix C1.4)Train detection (Appendix C1.5)Miscellaneous equipment (Appendix C1.6)

Principles requirements (Appendix C2)

Route setting, holding and releasing (Appendix C2.1)Control systems (Appendix C2.2)

Competencemanagement(Appendix B1)

Detailed Design GK/RT0207Design specificationDesign production

Risk assessment

Overrun mitigation GI/RT7006 and GC/RT5033

Level crossings GI/RT7011Safety justification GK/RT0206

Deviation resolution

The Railway GroupStandards Code

Acceptance and approval

New equipment GI/RT7002GE/RT8016BR13442

Rail vehicles GE/RT8270

SIGNALLING SYSTEM

Detailed design GK/RT0207Design verification

Design certification and issue





References The Railway Group Standards Code Railway Group Standards and other Railway Group Documents

GC/GN5533 Assessment of Risks from Train Overruns at Terminal or Bay Platforms

GC/RT5033 Terminal Tracks – Managing the Risk

GC/RT5060 Equipment for Signing of Temporary and Emergency Speed Restrictions

GC/RT5101 Technical Approval Requirements for Changes to the Infrastructure

GC/RT5202 Vegetation – Managing the Risk

GE/GN8502 Operation of Trams and Light Rail Vehicles over Railtrack Controlled Infrastructure

GE/GN8510 Railway Group Safety Performance Monitoring – Definitions and Guidance

GE/GN8526 Guidance on Safety Requirements for Cab Signalling Systems

GE/GN8547 Reporting of Safety Related Information

GE/GN8550 Guidance on Issues between Railway Group Standards and TSIs for High-Speed Operation

GE/GN8561 Guidance on the Preparation of Risk Assessment within Railway Safety Cases

GE/RC8514 Approved Code of Practice – Hot Axle Bearing Detection

GE/RC8517 Recommendations for Systems for the Supervision of Enhanced Permissible Speeds and Tilt Enable

GE/RT8000 The Rule Book

GE/RT8004 Local Operations Instructions

GE/RT8012 Controlling the Speed of Tilting Trains through Curves

GE/RT8014 Hot Axle Bearing Detection


GE/RT8018 Mechanical Trainstop Systems

GE/RT8019 Tilting Trains: Controlling Tilt Systems to Maintain Clearances

GE/RT8026 Safety Requirements for Cab Signalling Systems

GE/RT8030 Requirements for a Train Protection and Warning System (TPWS)

GE/RT8034 Maintenance of Signal Visibility

GE/RT8035 Automatic Warning System (AWS)

GE/RT8037 Signal Positioning and Visibility

GE/RT8040 Low Adhesion between the Wheel and the Rail – Managing the Risk

GE/RT8047 Reporting of Safety Related Information

GE/RT8049 The Creation and Management of System Authorities

GE/RT8050 Process for Dealing with Issues between Railway Group Standards and TSIs for High-Speed Operation

GE/RT8060 Technical Requirements for Dispatch of Trains from Platforms

GE/RT8063 Deterring Unauthorised Access and Vandalism

GE/RT8217 Introduction and Use of Axle Counters – Managing the Risk

GE/RT8250 Safety Performance Monitoring and Defect Reporting

GE/RT8270 Route Acceptance of Rail Vehicles, including Changes in Operation or Infrastructure

GI/GN7606 Prevention and Mitigation of Overruns – Risk Assessment

GI/GN7611 Guidance on Provision, Risk Assessment and Review of Level Crossings





GI/RT7001 Management of Safety Related Records

GI/RT7002 Acceptance of Systems, Equipment and Materials for Use on Railtrack Controlled Infrastructure

GI/RT7004 Requirements for Design, Operation and Maintenance of Points

GI/RT7006 Prevention and Mitigation of Overruns – Risk Assessment

GI/RT7011 Vision, Risk Assessment and Review of Level Crossings

GI/RT7012 Requirements for Level Crossings

GI/RT7017 Signalling and Safety-Related Telecommunications Power Supplies and Circuits


GK/GN0525 Guidance Note: Signalling Control Centres

GK/GN0611 Guidance on Train Detection

GK/GN0806 Guidance on Signalling and Operational Telecommunications Systems: Safety Requirements

GK/RC0606 Management of Safety Related Failures of Train Borne Signalling and Operational Telecommunications Systems

GK/RT0007 Alterations to Permissible Speeds

GK/RT0009 Identification of Signalling and Related Equipment

GK/RT0011 Train Detection

GK/RT0025 Signalling Control Centres

GK/RT0026 Signallers’ Route Lists

GK/RT0027 Resetting and Restoration to Service of Signalling Systems

GK/RT0029 Train Activated Warning Systems (to be superseded on 2 October 2004 by GI/RT7012 – Requirements for Level Crossings)


GK/RT0031 Lineside Signals and Indicators

GK/RT0032 Provision of Lineside Signals

GK/RT0033 Lineside Signs

GK/RT0034 Lineside Signal Spacing

GK/RT0036 Transition between Lineside Signalling Systems and other Systems of Train Control

GK/RT0038 Signing of Permissible Speeds and Speed Restrictions

GK/RT0039 Semaphore and Mechanical Signalling

GK/RT0041 Track Circuit Block

GK/RT0042 Absolute Block

GK/RT0044 Controls for Signalling a Train Onto an Occupied Line

GK/RT0051 Single Line Control

GK/RT0054 Radio Electronic Token Block

GK/RT0060 Interlocking Principles

GK/RT0061 Shunters Releases, Ground Frames, Switch Panels and Gate Boxes

GK/RT0063 Approach Locking and Train Operated Route Release

GK/RT0064 Provision of Overlaps, Flank Protection and Trapping

GK/RT0091 Driver’s Reminder Appliance

GK/RT0101 Competence Standards for Signalling and Telecommunications Staff





GK/RT0105 The Transmission of Safety Related Information

GK/RT0106 Management of Safety Related Failures of Signalling and Operational Telecommunications Systems

GK/RT0206 Signalling and Operational Telecommunications Systems: Safety Requirements

GK/RT0207 Signalling Designs

GK/RT0208 Installation of Signalling and Operational Telecommunications Equipment

GK/RT0209 Testing and Commissioning of Installation of Signalling and Operational Telecommunications Equipment

GK/RT0210 Asset Management for the Safety of Signalling and Operational Telecommunications Systems and Equipment

GK/RT0217 Technical Requirements for Axle Counters

GK/RT0330 Plug in and Interchangeable Railway Signalling Equipment

GO/RT3208 Arrangements Concerning the Non-Operation of Track Circuits During Leaf Fall Contamination Period

GO/RT3251 Train Driving


GO/RT3259 Competence and Fitness Requirements for Signallers and Crossing Keepers

GO/RT3260 Competence Management for Safety Critical Work

GO/RT3475 Operational Requirements for the Dispatching of Trains from Platforms

The Catalogue of Railway Group Standards and the Railway Group Standards CD-ROM give the current issue number and status of documents published by RSSB. This information is also available from www.rssb.co.uk.

Other References BR13442 50Hz Single Phase AC Electrification: Immunisation of Signalling and Telecommunications against Electrical Interference

BR1654 Radio Electronic Token Block System

HSE Railway Safety Principles and Guidance

Railways (Safety Critical Work) Regulations

SSP50 Remote Control Standby Arrangements

SSP80 Controls required for Routes and Signals

STDG025 Quartz Halogen Level Crossing Road Light Traffic Signals (to be superseded on 2 October 2004 by GI/RT7012 – Requirements for Level Crossings)

Engineering Safety Management (The Yellow Book)



UML for systems engineering (IEE professional applications of computing series)
