8pagespr50126_part2_2012.pdf

March 24, 2018 | Author: saospie | Category: Safety, Evaluation, Technology, Science, Computing And Information Technology
Share
Report this link


Comments



Description

ENTWURFÖVE/ÖNORM EN 50126-2 Ausgabe: 2012-12-01 Railway applications – The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) Part 2: Systems approach to safety Hinweis: Aufgrund von Stellungnahmen kann die endgültige Fassung dieser ÖVE/ÖNORM vom vorliegenden Entwurf abweichen. Stellungnahmen (schriftlich) bis 2013-01-01 an den OVE. Medieninhaber und Hersteller: OVE Österreichischer Verband für Elektrotechnik Austrian Standards Institute AS+ Shop 03.02.2013 Copyright © OVE/Austrian Standards Institute – 2012. Alle Rechte vorbehalten! Nachdruck oder Vervielfältigung, Aufnahme auf oder in sonstige Medien oder Datenträger nur mit Zustimmung gestattet! Verkauf von in- und ausländischen Normen und technischen Regelwerken durch Austrian Standards Institute Heinestraße 38, 1020 Wien E-Mail: [email protected] Internet: www.as-plus.at Webshop: www.as-plus.at/shop Tel.: +43 1 213 00-444 Fax: +43 1 213 00-818 Alle Regelwerke für die Elektrotechnik auch erhältlich bei OVE Österreichischer Verband für Elektrotechnik Eschenbachgasse 9, 1010 Wien E-Mail: [email protected] Internet: www.ove.at Webshop: www.ove.at/webshop Tel.: +43 1 587 63 73 Fax: +43 1 587 63 73 - 99 ICS Ident (IDT) mit zuständig  prEN 50126-2:2012 OVE/Komitee TK TM Traktion und Motorik Der OVE legt hiermit diesen Entwurf eines europäischen Normungsdokumentes der Öffentlichkeit zur Information und Stellungnahme als ÖVE/ÖNORM-Entwurf vor.ENTWURF ÖVE/ÖNORM EN 50126-2:2012 Erläuterungen zum Entwurf Der von CENELEC TC 9X ausgearbeitete Entwurf zu einer Europäischen Norm EN 50126-2:2012 wurde den CENELEC-Mitgliedern zur Abstimmung vorgelegt.2013 Interessenten können das gegenständliche Dokument beim Österreichischen Verband für Elektrotechnik beziehen bzw.02. Wie alle Mitgliedsorganisationen von CENELEC ist der OVE grundsätzlich verpflichtet. wird – um die von CENELEC vorgegebene Einspruchsfrist einzuhalten – die englischsprachige Fassung der prEN 50126-2:2012 zur Information und Stellungnahme vorgelegt. AS+ Shop 03. 2 . Europäische Normen in das nationale Normenwerk zu übernehmen und entgegenstehende Normen zurückzuziehen. in den Text Einsicht nehmen. Da eine Übersetzung in die deutsche Sprache zu diesem Zeitpunkt noch nicht vorhanden ist. Im Falle eines positiven Abstimmungsergebnisses im Sinne der CEN/CENELEC-Regeln wird dieser Entwurf zu einer EN führen. Slovenia. Belgium. the Czech Republic. B .020 Will supersede EN 50126-1:1999 (partially) English version Railway applications The Specification and Demonstration of Reliability. Romania. Former Yugoslav Republic of Macedonia. Recipients of this draft are invited to submit. German). It is subject to change without notice and shall not be referred to as a European Standard. Lithuania. Availability. This draft European Standard was established by CENELEC in three official versions (English. de la maintenabilité et de la sécurité (FDMS) Partie 2: Approche systématique pour la sécurité Bahnanwendungen Spezifikation und Nachweis von Zuverlässigkeit. No. Luxembourg. prEN 50126-2:2012 E . AS+ Shop 03. Norway. Ref. Sweden. French. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Denmark. with their comments. Ireland. It is distributed for review and comments. Deadline for CENELEC: 2013-03-29. CENELEC European Committee for Electrotechnical Standardization Comité Européen de Normalisation Electrotechnique Europäisches Komitee für Elektrotechnische Normung Management Centre: Avenue Marnix 17. Portugal. Cyprus. Germany. Latvia.ENTWURF ÖVE/ÖNORM EUROPEAN STANDARD DRAFT prEN 50126-2 NORME EUROPÉENNE EUROPÄISCHE NORM October 2012 ICS 45. Italy. France. Verfügbarkeit. It has been drawn up by CLC/TC 9X. Hungary. Switzerland. CENELEC members are the national electrotechnical committees of Austria. the Netherlands. Instandhaltbarkeit und Sicherheit (RAMS) Teil 2: Systembezogene Sicherheitsmethodik This draft European Standard is submitted to CENELEC members for CENELEC enquiry. Maintainability and Safety (RAMS) Part 2: Systems approach to safety Applications ferroviaires Spécification et démonstration de la fiabilité.1000 Brussels © 2012 CENELEC Project: 21753 All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.2013 Warning : This document is not a European Standard. Croatia. Slovakia. Malta. Estonia. Spain. de la disponibilité. Iceland. Finland. notification of any relevant patent rights of which they are aware and to provide supporting documentation. Turkey and the United Kingdom. Greece. Poland.02. If this draft becomes a European Standard. A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. Bulgaria. ............................................................. 27  8..................... 24  Consequence analysis.......2  Empirical hazard identification methods ...... 26  Risk evaluation and acceptance ................................................. 28  8....................................... 23  8......................................... 10  4009 4010 4011 4012 4013 4014 4015 4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 AS+ Shop 03................................................................1  8..........................................................................5  Detection and correction of systematic failure during integration and following phases of the life-cycle ...................... 27  8.................................................................................................................................... 16  5............................5............................................ENTWURF ÖVE/ÖNORM prEN 50126-2:2012 4001 Contents 4002 Foreword ..2  5.................................................................................. 9  4008 5 Tailoring the life-cycle ............. 9  4007 4 Abbreviations ..................... 22  analysis and evaluation ..................3  After safety acceptance ................. 24  8.....2  Use of code of practice ................................................... 24  Hazard classification ...................................1  General .....................................................................3.... 19  6......4..........................1  Introduction ...1  7................................................ 16  5.........................................4......... 17  Avoidance of systematic failures ...................................................3  8.....5............................3  Use of a similar system as reference ...............................2  7.................................................................................................. 28  6.................................. 17  Prevention of systematic failure in the early phases of the life-cycle ...........................1  General .................. 21  8 7.........................4  Risk System definition in an iterative system approach ..........................5  Relationship between safety case dependencies and system architecture ........................ 6  4004 1 Scope ......................02..........................................................................................................2....2............................................. 10  Generic and specific safety acceptance processes ..................................................................................................................................... 21  Method for defining the structure of a system .........................................3  7............5.........................................................................................................................................................2  Safety acceptance process ..................2013 -2- 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 Page The life-cycle Model ........................................2  General ............................................................ 23  8............................. 21  Parties/stakeholders/boundaries of systems ......................................................3  6.......................................................................................................process and methods ............................................................................ 19  Guidance on system definition ..4  8.......3...... 9  4006 3 Terms and definitions .......... 23  8............................................................... 25  8..............................1  Introduction to the risk acceptance principles .......................................................... 17  5................................... 24  8........................................................ 22  Guidance on the content of a system definition............................................3.................2  6................................................. 23  8................................................................................................................4................................................................................................... 18  Detection and correction of systematic failure during the design and development phases of the life-cycle ........... 5  4003 Introduction...................5  ......................................................................................4  Dependency between safety cases ... 10  The Hourglass Model ...............3  Techniques for the consequence analysis..........................................2  The risk model ...............................................3  Creative hazard identification methods ..............3................ 14  5................ 17  Independent safety assessment ............................................................................... 23  Hazard identification ..........................3....................... 14  5..................4  8........................................................... 8  4005 2 Normative references .....................2..................1  6.3  6 7 General ............................ 14  5........................1  5............................ .........................11 P revention of misuse of SILs and warnings............................................................................7  Qualitative approach ........1  Deriving and apportioning system safety requirements ...................................... 54  4090 4091 Annex D (informative) CoP on maintenance activities to preserve the safety integrity of nonE/E/PE systems ................... 42  Techniques for causal analysis ..............................2  The safety integrity concept and its levels .......3  A.2  Quantitative approach .5  Combination of random and systematic aspects ............................................................................2  How to proceed with functions implemented by non-E/E/PE architecture ............... 46  System architecture and design ................................. MEM ...............2  A................................................. 46  Safety and quality management ........... 35  10  Apportionment of System Safety Requirements ............................... 42  4074 4075 4076 4077 4078 4079 4080 4081 Causal analysis ......................................................2013 -3- prEN 50126-2:2012 4045 4046 4047 4048 4049 4050 8..........4.................... 41  10........................1............2  11.......... 37  10...................................................................2....................................................................ENTWURF ÖVE/ÖNORM AS+ Shop 03......................... operation and maintenance ...........................1  Rationale .... 37  10................3  Supporting rules for evaluating technical aspects of independence ........................................................2................................................................3  Technical safety requirements ............... 33  9.. 43  Functional Safety principles.... 44  11.....2. 35  10........................ 36  10................... 47  Application.....2......................... 30  8.....................1  A.....4  General remark ..................................... 42  Identification and treatment of additional hazards arising from design ..............................1  11......................4  Systematic aspect of functional safety integrity ..........................................................................................................................4  Explicit risk estimation ..................................................................5.............................2.................................................................................................................................... 46  4082 4083 4084 4085 4086 4087 4088 A.............. 30  8.............................................. 33  9 4051 4052 4053 4054 4055 9.........6  Annex B 4089 Annex C (informative) Using failure and accident statistics to derive a THR ..........................1........................................... 40  10.................................1  Functional composition ....................8  Apportionment of TFFR ..................................................... 38  10........................2........1  Deriving functional safety requirements for E/E/PE systems from defined hazards .. 35  4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 10...................................3  Safety Integrity for non-E/E/PE systems – Guidance on application of CoP ..............................................4  Operational and maintenance safety requirements ........ 41  11  Design and implementation ..........................................................2  Functional safety integrity for E/E/PE ...................................................... 48  ......................6................2........................... 44  Annex A (informative) Measures for the avoidance of systematic failures ......................4  A..10 S IL0 ... 35  10..5  A.......................................2  Independence of functions ............................. 47  Integration and testing of the system .......... 41  10...................................................................................2....................6  The SIL table ..............................................................02...........................................................................................3  11.............................. 46  System requirements specification ........................ 57  11. 35 10.............2..2....1  General ....... GAME.............. 43  11..............................................................6  Guidelines to the explicit risk estimation ............ 34  9.................................4.......................................... 34  9................................... 35  10.................................................................................. 29  8................................................................................ 30  8..... 35  10...2.................2  Functional safety requirements .................................. 37  10...............................................................................................................4..6.....................7  SIL allocation ..................................... 33  Specification of system requirements ............. 43  11..............3  Random aspects of functional safety integrity ...................... 47  (informative) ALARP.............9  Demonstration of quantified targets .............................. 40  10..........................1  How to proceed with functions implemented by E/E/PE architectures .................................................... 39  10............................. 55  4092 Annex E (informative) Apportionment methods..................................................................... ....4 – Integration and testing of the system .....................................3 – 1st step of apportionment: analysis of the system ................. 34  4106 Figure 10 – Apportionment of functional safety requirements ............................... 56  4130 Table H........................................................................................2 – Example of semi-quantitative risk matrix for use within an ALARP framework .. 44  4109 Figure B........................................................................ 25  4104 Figure 8 – Tolerable rates in an example of risk model ............................ 61  4094 Annex G (informative) Common mistakes in quantification ...........4 – Example of quantified apportionment ....... 13  4099 Figure 3 – Generic and specific safety acceptance processes ................... 53  4112 Figure E.................................. 50  4110 Figure B................................................................................... 36  4107 Figure 11 – Relationship between SILs and techniques ...................................................1 – Functional breakdown .............................. 61  4117 Figure F...................................... 31  4105 Figure 9 – Safety requirements ........................ 47  4126 Table A........... 19  4102 Figure 6 – Organisational structure for integration and final phases .................................................................................................. 20  4103 Figure 7 – An example of risk model ...........3 – Differential risk aversion ......................1 – Interpretation of failure and repair times .......................... 26  4122 Table 3 – SIL and SIL-measures .................................................................. 68  4096 4097 Figure 1 – The Hourglass Model ............................ 67  4119 4120 Table 1 – Typical examples for a functional breakdown................................................................................................ 11  4098 Figure 2 – Definition of hazards with respect to the system boundary ........................................................................................................................................................................................ 68  4131 ........................................ 38  4123 Table A............................1 ........................................... 57  4113 Figure E................................................................. 46  4124 Table A..................................... 48  4129 Table D..........................02............................2013 prEN 50126-2:2012 -4- 4093 Annex F (informative) Safety Target Quantification Methods ...................................... 60  4116 Figure F........................................................................................... 16  4101 Figure 5 – Organisational structure for early phases ......1 – Measures to achieve the necessary safety integrity of non-E/E/PE systems ................................. 47  4127 Table A............................................................. 38  4108 Figure 12 – Impact of functional dependence in a fault-tree analysis ............... 67  4095 Annex H (informative) Techniques / methods for safety analysis ........1 – Example of simple qualitative risk matrix for use within an ALARP framework ............................................................... operation and maintenance ............................................................2 – Double channel failure with common cause ......................... 50  4111 Figure B......................................................... 22  4121 Table 2 – Examples of hazards ........................ 58  4114 Figure E............................... 46  4125 Table A.5 – Application...............2 – System requirements specification ............. 63  4118 Figure G...................................................................................3 – System architecture and design .............................................1 ......................................................................................................................................... 59  4115 Figure E...................................2 – Analysis of the scenario: functional independence ...............................................1 – Techniques / Methods for safety analysis ......... 47  4128 Table B................ENTWURF ÖVE/ÖNORM AS+ Shop 03.......... 15  4100 Figure 4 – Examples of dependencies between safety cases .1 – Safety planning and quality assurance activities ............ CLC/TR 50126-2:2007. EN 50126 "Railway applications – The specification and demonstration of Reliability.02. . This part of EN 50126 will supersede EN 50126-1:1999 (together with prEN 50126-2:2012). – Part 2: Systems approach to safety. and supports essential requirements of EU Directive(s). It is mainly based on EN°50126-1:1999. Availability. This new edition of EN 50126 (all parts) will supersede EN 50126-1:1999. CLC/TR 50126-3:2008. This part of EN 50126 covers the systems approach to safety. This document has been prepared under a mandate given to CENELEC by the European Commission and the European Free Trade Association.2013 -5- prEN 50126-2:2012 4132 Foreword 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 This document [prEN 50126-2:2012] has been prepared by CLC/TC 9X "Electrical and electronic applications for railways".ENTWURF ÖVE/ÖNORM AS+ Shop 03. EN 50128:2011 and EN 50129:2003. – Part 4: Functional safety – Electrical/Electronic/Programmable electronic systems. This document is currently submitted to the Enquiry. – Part 5: Functional safety – Software. Maintainability and Safety (RAMS)" consists of the following parts: – Part 1: Generic RAMS process. The process defined by this European Standard assumes that railway duty holders and railway suppliers have business-level policies addressing Quality. This European Standard promotes a common understanding and approach to the management of RAMS. The systemslevel approach developed by this European Standard facilitates assessment of the RAMS interactions between elements of railway applications even if they are of complex nature. For safety-related electronic systems for signalling EN 50128 and EN 50129 were produced.ENTWURF ÖVE/ÖNORM AS+ Shop 03. As far as safety is concerned. Processes for the specification and demonstration of RAMS requirements are cornerstones of this standard. However. throughout the European Union. Through the application of these standards and the experiences gained over the last years. Rolling Stock and Electric power supply for Railways (Fixed Installations). throughout all phases of the life-cycle of a railway application. EN 50126-1 and EN 50126-2 are independent from the technology used. With regard to safety EN 50126-1 provides a Safety Management Process which is supported by guidance and methods described in EN 50126-2. Adoption of this European Standard will support the principles of the European Single Market and facilitate European railway inter-operability. EN 50126 takes the perspective of functional safety. Performance and Safety. with a process which will enable the implementation of a consistent approach to the management of reliability. maintainability and safety. these are not the focus. . The approach defined in this standard is consistent with the application of quality management requirements contained within the ISO 9001. EN 50126-2 provides this guidance. The aims set for revision of EN 50126 required a better understanding of the systems approach and improved methods for applying the safety management process described in EN 50126-1. to develop railway specific RAMS requirements and to achieve compliance with these requirements. This European Standard can be applied systematically by the railway duty holders and railway suppliers. EN 50126-4 and EN 50126-5 provide guidance specific to safety-related E/E/PE technology of railway applications. the concept of safety management and the practical usage of EN 50126 and took into consideration the existing and related Technical Reports as well. This does not exclude other aspects of safety. availability. The revision work improved the coherency and consistency of the standards. denoted by the acronym RAMS.02. EN 50126 is the railways sector specific application of IEC 61508. The application of this standard should be adapted to the specific requirements of the system under consideration. Meeting the requirements in this European Standard is sufficient to ensure that additional compliance to IEC 61508 does not need to be evaluated. the need for revision and restructuring became apparent with a need to deliver a systematic and coherent approach to RAMS applicable to all the railway application fields Signalling.2013 prEN 50126-2:2012 -6- 4150 Introduction 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 EN 50126-1:1999 was produced to introduce the application of a systematic RAMS management process in the railway sector. Their application is determined through the application of the general RAMS process of EN 50126-1 and through the outcome of the safety-related methods described in EN 50126-2. This European Standard promotes co-operation between the stakeholders of Railways in the achievement of an optimal combination of RAMS and cost for railway applications. This European Standard provides railway duty holders and the railway suppliers. EN 50126-2 provides various methods for use in the safety management process. Where justifiable.ENTWURF ÖVE/ÖNORM -7- AS+ Shop 03.3 of EN 50126-1.02. . the mandatory requirements of this method are by consequence mandatory for the safety management of the system under consideration. ————————— 1) CENELEC “Internal Regulations Part 3: Rules for the structure and drafting of CEN/CENELEC Publications (200908).2013 4196 4197 4198 4199 4200 4201 4202 prEN 50126-2:2012 In accordance with CENELEC editing rules 1) . Annex H. Where a particular method is selected for the system under consideration. Specific guidance on the application of this standard in the case of process tailoring is provided in 7. mandatory requirements in this standard are indicated with the modal verb “shall”. the standard permits process tailoring. and to the generic products. requirements or solutions for specific railway applications. – rules or processes pertaining to the certification of railway products against the requirements of this standard. The guidance in this part is still applicable in the application of specific standards. Railway applications mean Command.as regards safety . – for use by railway duty holders and the railway suppliers.ENTWURF ÖVE/ÖNORM AS+ Shop 03. – safety integrity concept. • provides: – the user of the standard with the understanding of the system approach to safety which is a key concept of EN 50126. – an approval process by the safety authority. although it is not generally applicable to other aspects of the existing system. – for modifications of existing systems in operation prior to the creation of this standard. • provides the user with the methods to assure safety with respect to the system under consideration and its interactions. • does not define: – RAMS targets. although it is not generally applicable to other aspects of the existing system. EN 50128 or EN 50129. • does not specify requirements for ensuring system security. • provides guidance and methods for the following areas: – system life-cycles as applicable to generic and specific applications. – to new systems integrated into existing systems in operation prior to the creation of this standard. quantities. . Control & Signalling. from complete railway systems to major systems and to individual and combined sub-systems and components within these major systems. – systems safety assurance. in particular: – to new systems. including those containing software. to identify the interfaces and the interactions of this system with its subsystems or other systems and to conduct the risk analysis. whilst following EN 50126-4 and EN 50126-5 are related to E/E/PE internal systems/subsystems. be it for hardware or software. Rolling Stock and Electric Power Supply for Railways (Fixed Installations). which remain unmodified. – application of risk acceptance principles and criteria. This part 2 of EN 50126 is applicable • to all systems under consideration . – methods to derive the safety requirements and their safety integrity requirements for the system and to apportion it to the subsystems. Examples are guidance on safety integrity by the apportionment amongst the various parts of a system or a method to derive the safetyrelated role of software as a precondition to apply EN 50126-5. • addresses railway specifics. • defines methods and tools which are independent of the actual technology of the systems and subsystems. as appropriate.2013 prEN 50126-2:2012 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 -8- 1 Scope This part of EN 50126 • considers the safety-related generic aspects of the RAMS life-cycle.within the entire railway system and the stakeholders involved. – risk assessment process.02. • enables the user to define the system under consideration. – risk management process. – at all relevant phases of the life-cycle of an application. • to the specification and demonstration of safety for all railway applications and at all levels of such an application. It is not required to apply this standard to existing systems including those systems already compliant with any version of former EN 50126.
Copyright © 2024 DOKUMEN.SITE Inc.