Application of CENELEC EN 50129 standard in safety systems for railway signalling

CENELEC EN 50129 standard is part of the legislative package on RAMS -reliability, availability, maintainability, and safety- of the railway industry. At a more detailed level, EN 50129 standard is applicable to systems with electronic technology related to safety for railway signalling applications.

As we will see in this article, EN 50129 standard is applicable to all phases of the life cycle of electronic safety signalling system. It includes the specification, design, construction, installation, acceptance, operation, maintenance, and modification. All this, both for generic products or systems, as well as for specific products or systems.

EN 50129 standard aims to define the conditions that must be met so that a product, system, or electronic installation could be ACCEPTED as safe -or safe enough-. Accordingly, this supports its safety assurance strategy being based on three basic pillars:

• Evidencing correct management of quality in the processes of the product life cycle.
• Evidencing of correct management of safety in the processes of the product life cycle.
• Evidence of the technical and functional safety of the product, system or installation.

As it is quite common in RAMS Engineering, this evidence will be, in the end, in the form of documentary evidence showing that the three points have indeed been considered. Also that they are controlled and justified. These documentary evidences are called a safety study or a safety case. The safety study must follow the structure defined in 50129 standards. Its 6 sections are the following ones:

1. The Definition of the System under analysis.
2. The Quality Management Report.
3. The Safety Management Report.
4. Technical Safety Report
5. References to Safety Reports.
6. Conclusions

There are three different categories of Safety Studies. The first one consists of generic products that are characterized by being independent of the final application. It can be used and reused in different independent applications. The second one is from generic applications, which is characterized by being able to be reused in classes/ types of applications having common functions. And finally, the specific applications, which are used only for a particular installation.

It is important to stress that it is considered essential that, for each specific application, the environmental conditions and the context of use are compatible with the conditions of general application.

Section 1 - Definition of the System

Initially, in the definition of systems under analysis (Section 1), it is important to specify precisely the system, the equipment or the subsystem under monitoring of the safety case, giving shape to the equipment: application boundaries of the equipment, that is, as far as it goes, therefore, by correctly defining the interfaces with the rest of systems with which it coexists. It is also especially important in a safety study to define the versions (and edition) of the equipment and subsystems that make it up to and that apply this safety case.

Section 2 - Quality Management

The Report on quality management (Section 2) is considered the first condition that a project -being executed by a company- must meet. Furthermore, evidence shall be given that quality is controlled by an appropriate quality management system. Typically, this report presents a mix between compliance with ISO9001 at generic safety level and compliance with EN 50126 in terms of RAMS life cycle. This means following the phases of product life cycle, which is correctly and robustly defined by EN 50126 standard: concept, definition of the system and safety conditions, risk analysis, system requirements, allocation of system requirements, design and implementation, manufacturing, installation, system validation, system acceptance, operation and maintenance, decommissioning and disposal.

Section 3 - Safety Management

The Security Management Report (Section 3) is responsible for providing evidence about security being controlled by an appropriate security management system, which is consistent with RAMS Management process described in EN 50126. Very briefly, this report will provide evidence regarding:

• V-model product development life cycle has been followed according to EN 50126 standard.
• An organization is available with an adequate level of independence (between management, design and validation/ verification). Also, it will have an appropriate competent level in terms of knowledge, regarding personnel involved in the project. On the other hand, a Safety Plan has been drawn up at the beginning of the life cycle.
• A risks record called Hazard Log.
• Specification of security requirements.
• In-house system design where the system design has been documented by all objective standards: mechanical, electronic, chemical, optical, software, communications, etc.
• Verifying and validating safety targets. Safety justification.

Section 4 - Technical Safety Report

Technical Safety Report (Section 4) must contain the technical principles ensuring design safety, and including detailed technical specification, design calculations, results of type tests, etc. In short:

• Introduction
• Guarantee of proper operation.
• Damaging effects.
• Operation under external influences.
• Application conditions (relations with safety).
• Test results.

Section 5 - References to Safety Reports

In References to Safety Reports (Section 5), other Safety Reports that are dependent on the Safety Report being under analysis must be referenced. This documentation for complex Safety Cases occurs in cases involving, for some reason, some sort of dependency regarding another product, system, sub-system which has been already previously certified.

Section 6 - Conclusion

Finally, in Conclusions (Section 6), the set of evidence presented in the previous Sections should be summarized arguing that the "system is sufficiently safe according to the specified application conditions".

Independent Evaluation of System Safety

All documentation generated in the safety study should be evaluated by an Independent Safety Assessor. This will generate a Report explaining the evaluation activities carried out by the evaluator to ratify that the system's safety requirements are indeed met. As explained in EN 50126 standard, the scope of the safety assessment and the degree of independence, with which it is being carried out, are based on the results of risk classification 

At Leedeo Engineering, we are specialists in the development of RAMS Railway projects, applying CENELEC standards EN 50126, EN 50129, EN 50128, EU Implementation Regulation 402/2013 with the application of the Common Safety Methods CSM-RA, supporting any level required to RAM and Safety tasks, in the development and certification of safety products and applications.