RAMS Requirements in Electronic Interlock Design
RAMS Requirements in Electronic Interlock Design
Interlocking Design
28/10/2021
INTRODUCTION
Any interlocking system must meet international standards for rail systems and
offer the highest levels of safety, reliability and availability . The main function of an
interlocking system , as a generic product, is to guarantee the safe operation of the
train, avoiding route or itinerary conflicts, while controlling external objects (track
devices), such as signals or points (control and checking ) and the exchange of
adequate information is established between the interlocking system and other
signaling systems, such as the detection systems for the occupancy of the track
section or the level crossings.
In this article we detail, from the point of view of RAMS , the main characteristics of
modern interlocking systems and explore how effective processes and techniques
should be applied for the deployment of this type of system.
ARCHITECTURE OF LATEST GENERATION INTERLOCKING SYSTEMS
The distributed architectures are typically used for complex installations with lots of
equipment and where there are large distances between the locking electronic and
control equipment. In this type of configuration, external object controllers are
linked to central interlocks , each of which controls a set of track equipment.
Compared to a centralized architecture , the distributed architecture has the
following main advantages: Cost savings in cabling, less construction space required,
easy to install and maintain.
Finally upstream, the interlocks can have centralized controls (normally in Control
Centers, CTC), Local Videographic Controls or even local controls on the track. The
management of priorities among them will be relevant according to what is
established by the operation of the line or installation.
RAMS DESIGN REQUIREMENTS FOR INTERLOCKING SYSTEMS
The most common methods used to perform interlocking system safety analysis
are based on failure modes and effects analysis (FMEA) and failure tree analysis
(FTA) . All identified situations are recorded as hazards in a Hazard Log . This
document is intended to be used throughout the life cycle of the system, from
conception to decommissioning and disposal.
The main objective of using the FMEA and FTA methodologies is to identify all the
possible failure modes of the system and, for each of its components, describe the
effects of those failures and assign a probability of occurrence . These can also
include failures caused by human error and causes originating from external events.
This procedure is part of the hazard analysis and risk assessment specified by EN
50126 . This standard establishes the concepts, methods, tools and engineering
techniques that will be applied during the useful life of the systems to guarantee the
achievement of a defined level of safety integrity of rail traffic. at one point.
Achieve rail RAMS requirements : control of factors influencing RAMS over the
life of the system ( EN 50126 ).
Ensure compliance with the specified safety integrity level (SIL) . In order for
an interlocking system to be certified, it must also meet the specifications of
the EN 50129 standard , which defines the requirements for the acceptance
and approval of safety-related electronic systems in railway signaling . This
standard is in line with other related CENELEC standards that must also be met:
EN 50126 for hazard analysis and risk assessment processes, EN 50159 for
communication of safety-related data, and EN 50128 for software
requirements .
Compliance with the following elements, listed in EN 50129, is mandatory for the
safety assessment of the system / subsystems / equipment:
Safety management, which includes the preparation of the safety plan, hazard
log, specification of safety requirements.
SAFETY
An interlocking system must guarantee, very briefly, that a permissive output only
activates under permissive conditions. Otherwise, a non-permissive output must be
issued. In case of failure or inconsistent information, external objects must be moved
to the safe state, which means that, in the affected area, all signals must be in
restrictive aspects. That is why an interlock must be designed under a fail-safe logic
principle . In addition, it will not be possible to establish any route, or change any
point, automatically.
RELIABILITY
AVAILABILITY
Backup systems need to be continually updated so that they are ready to take
over the system at any time.
MAINTENABILITY
homepage>>
RAMS Engineering Leedeo>>
Sign up for our newsletter and we will keep you informed of the
publication of new articles.
Subscribe