CENELEC EN 50128: organizational structure for software projects of railway safety


Many of our clients contact us to develop a basic structure at the organizational and process levels, in order to develop railway safety software according to CENELEC EN 50128 regulations.

One of the points to take more into account is team organization. EN 50128 standard requires a structured team comprised by a minimum number of members with their roles and responsibilities. For a team developing systems with software with a SIL-4 safety integrity level, Leedeo Engineering typically recommends having a minimum team of 6 persons with different roles described in EN 50128 standard. We will see therefore each one of these pieces of the project very briefly. The aim of this article is that companies being in a position similar to the one mentioned above, could assess at the structure level how far they are from the "ideal" organization according to the Regulations:

  1. The project manager [PM]. The Project Manager is in charge of managing and organizing the activities involved in project implementation. Its management goes typically through a temporary, economic and quality control of the project.
  2. Quality [QA] engineer: The Quality Engineer is responsible for verifying the correct implementation of quality procedures and company standards in the project. It must also be verified the correct application of the project quality plan.
  3. RAMS Engineer and Verification [RAMS, VER]: The RAMS Engineer is in charge of managing safety, reliability, maintainability and availability analysis, related to the desired SIL level of the software product. Typically, the RAMS Engineer will also execute the activities related to verification, being responsible for verifying the adequacy of documentary evidence and processes developed for each of the V-model cycle phases specified by EN50128 standard.
  4. Engineer Design & Coding Stage [RQM, DES, IMP]: According to 50128 standards, it is possible that these two roles will be responsibility of and being executed by a single engineer. Therefore, in a "minimum" organization, it will be possible to have only one person as a requirements manager + software designer + encoder. In detail, this figure will be responsible for setting, management and traceability of requirements [RQM], the person responsible for building the architecture, and developing software design [DES] and production (coding) of the source code based on the generated design [IMP].
  5. Integration and Test Engineer [INT, TST]: According to 50128, it is possible that these two roles will be responsibility of a single engineer and being executed by his/her. The integrator is in charge of integrating the software components that have already been tested in unit tests. This integration starts from the atomic software sub-components, until a complete software package [INT] has been built. The task of the tester is designing and executing component tests (unit tests) and tests of different stages of software integration [TST].
  6. Testing engineer [VAL]: The Validator will be responsible for testing and confirming that the software developed will meet the requirements set out in the project. For this, the Validator develops the validation plan based on the product requirements, prepares the necessary tools (test equipment, support tools, simulators, etc.) in order to execute the designed validation plan and, finally, it will execute it and record the results.

At Leedeo Engineering, we are specialists in the development of RAMS Railway projects, applying CENELEC standards EN 50126, EN 50129, EN 50128, EU Implementation Regulation 402/2013 with the application of the Common Safety Methods CSM-RA, supporting any level required to RAM and Safety tasks, in the development and certification of safety products and applications.

Are you interested in our articles about RAMS engineering and Technology?

Sign up for our newsletter and we will keep you informed of the publication of new articles.