Preface

Modern railway systems are complex, integrate various technologies, and

operate in an environment where the identification of exact system response
and behaviors has limita- tions. Complexity in railway systems has
significantly increased due to the use of modern technologies in relation to
computers, microprocessors, communication, and information technologies, in
combination with the historically developed electromechanical compo- nents.
The resulting inter- and intradependencies and redundancies among
technologies extend the boundaries of the railway network system. Unwanted
and unknown system states may emerge due to unidentified behaviors, which
cannot be predicted and, thus, eliminated. It then becomes a target for the
designers, operators, maintainers, and approv- ers to consider the acceptable
limits of system states. To do so, railway-related standards have been
introduced in terms of reliability, availability, maintainability, and safety
(RAMS).
Modeling, assessment, and demonstration of RAMS require careful and
combined han- dling of the following:

• Railway engineering
• System analysis
• Development and application of mathematical and statistical methods,
techniques, and tools
• Compliance with international and local standards and laws and
specific project requirements
• Financial and economic analysis and, management

Today, a main objective for carrying out RAMS-related tasks is to obtain a

safe, highly reliable and available, innovative and sustainable railway system.
Within this, RAMS activities are also fundamental for increasing the lifetime of
railway systems. Railway RAMS-related standards provide specifications and
require the railway manufacturers and operators to implement a RAMS
management system and demonstrate particular safety standards and RAM
requirements. The standards mainly provide general guide- lines on different
RAMS issues but do not provide details on how to proceed in real-world
projects. Consequently, endless discussions, disagreements, and rework of
RAMS activi- ties are experienced in many real-world projects. This is partly
due to the fact that there is lack of purposeful understanding of the standards
themselves and of the mathematical and statistical methods applicable for
RAMS and their use. The topics in this handbook aim to improve the
understanding and application of RAMS-related standards and the theory,
methods, tools and techniques and related background. To this aim, dedicated
efforts have been coordinated worldwide in writing this handbook.
This is the first-ever comprehensive reference handbook that deals with the
many unique RAMS issues involved in the difficult environment of an operating
railway sys- tem. This is of concern given that the European Union and some
other parts of the world have already mandated the use of RAMS in legislation.
The implementation of the RAMS requirements then extends to system and
equipment designers and manufacturers, who supply their products. The
handbook provides detailed guidance for those involved in the
xi
xii Preface

integration of the highly complex and multitechnology systems that must

seamlessly per- form to guarantee a safe and reliable railway transport
system. It can be used as guidance to get the RAMS tasks successfully
accomplished, especially in complex railway projects. It focuses on the several
topics of risk, safety, reliability, and maintenance in railway systems and
provides state-of-the-art knowledge on the issues therein. The handbook
includes 38 chapters authored by key senior experts from industry and
renowned professors and researchers from academia. The handbook is
divided into two major sections: Section 1 on basic concepts, prediction, and
estimation techniques and the second section on RAMS in practice and special
topics. Highlights of the topics covered under each section are pre- sented in
the following.

Highlights of the topics in the handbook of RAMS in Railway Systems: Theory

and Practice
Section Section
1 2
1. Introduction to RAMS requirements 21. Methodology and application of RAMS
2. Basic methods for RAM and decision making management along the railway rolling stock
3. Advance methods for RAM and decision making lifecycle
4. Safety integrity concept 22. RAMS and security
5. SIL apportionment and SIL allocation 23. Modeling reliability analysis European
6. Prognostics and health management Train Control System (ETCS)
7. Human factors and their applications in railways 24. Decision support systems for railway RAMS:
safety An application from the railway signaling subsystem
8. Individual and collective risk and FN 25. Fuzzy reasoning approach and fuzzy
curves for risk acceptance hierarchy process for expert judgement
9. Practical demonstrations of reliability growth in capture and process in risk analysis
railway projects 26. Independent safety assessment process and
10. Methods for RAM demonstration in railway methodology—a practical walk through a typical
projects public transport system/railway system or
subsystem/product/project
11. A guide for preparing comprehensive and
complete case for safety for complex railway 27. IFF-MECA: Interfaces and functional
products and projects failure mode effects and criticality analysis for
railway RAM and safety assessment
12. Reliability demonstration tests: Decision
rules and associated risks 28. RAMS as an integrated part of the
engineering process and the application for railway
13. The hazard log: Structure and management
rolling stock
in complex project
29. Model based HAZOP to identify
14. Life cycle cost (LCC) in railways RAMS
hazards for modern train control system
management with example applications
15. System assurance for the railways 30. Application of risk analysis methods for
electromechanical products railway level crossing problems
16. Software reliability in RAMS management 31. Human reliability and RAMS management
17. Safety software development for the railway 32. A standardized approval process for a
applications public transport system/ railway system/or
subsystem/product/project
18. Practical statistics and demonstration of
RAMS in projects 33. Importance of safety culture for RAMS
management
19. Proven in use for softwareassigning a SIL
based on statistics 34. Railway security policy and administration
in the USA: Reacting to the terrorists attack after
20. Target reliability for new and existing
Sep. 11, 2011
railway engineering structures
35. Introduction to IT transformation
of safety and risk management systems
36. Formal reliability analysis of railway

The authors of the individual chapters have devoted quite some efforts to
include cur- rent and real-world applications, recent research findings, and
future works in the area of RAMS for railway systems and to cite the most
relevant and latest references in their chapters. Practical and insightful
descriptions are presented in order to nourish RAMS practitioners of any level,
from practicing and knowledgeable senior RAMS engineers and managers to
beginning professionals and to researchers. Given the multidisciplinary
breadth and the technical depth of the handbook, we believe that readers
from differ- ent fields of engineering can find noteworthy reading in much
greater detail than in other engineering risk and safety-related publications.
Each chapter has been written in a pedagogical style, providing the
background and fundamentals of the topic and, at the same time, describing
practical issues and their solutions, giving real-world examples of
Preface xiii

application and concluding with a comprehensive discussion and outlook. The

content of each chapter is based on established and accepted practices,
publications in top-ranked journals, and conferences. The comprehensive
contents and the involvement of a team of multidisciplinary experts writing
on their areas of expertise provide the editors confi- dence that this handbook
is a high-quality reference handbook for students, researchers, railway
network operators and maintainers, and railway safety regulators, plus the
associ- ated equipment designers and manufacturers worldwide. We believe
that this handbook is suited to the need of RAMS in railways.
This book contains information obtained from authentic and highly regarded
sources. Reasonable efforts have been given to publish reliable data and
information, but the authors, editors, and publisher cannot assume
responsibility for the validity of all materi- als or consequences of their use.
The authors, editors, and publisher have attempted to trace the copyright
holders of all material reproduced in this publication and apologize to
copyright holders if permission to publish in this form has not been obtained.
If any copyright material has not been acknowledged please write and let us
know so we may rectify in any future reprint.

Dr. Engr. Qamar Mahboob

Erlangen, Germany, and Lahore, Pakistan

Prof. Dr. Enrico Zio

Milano, Italy, and Paris, France
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
Editors

Dr. Engr. Qamar Mahboob has more than 15 years of

project experience and several scientific publications in the
field of reliability, availability, maintainability, and safety
(RAMS).
Qualification: Degrees: PhD in railway risk, safety and
decision sup- port from Technische Universität Dresden (TU
Dresden), Dresden, Germany; MSc in transportation systems
from the Technical University of Munich (TU Munich), Munich,
Germany; MS in total quality manage-
ment from Punjab University, Lahore, Pakistan; BSc in mechanical engineering
from the University of Engineering and Technology Lahore, Lahore, Pakistan;
and B-Tech from the (GCT) Government College of Technology, Railway Road,
Lahore, Pakistan. Experience: maintenance engineer for rolling stock for
Pakistan railways; scientific researcher for engi- neering risk analysis group of
TU Munich; scientific researcher of Railway Signalling and Transport Safety
Technology of TU Dresden; RAMS consultant for CERSS.com; key senior expert
for RAMS for Siemens AG, Germany; technical lead for HI-TEK Manufacturing
Pvt. Ltd., Lahore; services manager for KKPower International Pvt. Ltd.,
Lahore; and direc- tor and CTO (Core Technology Officer), SEATS (Science,
Engineering and Technology for Systems), Lahore.

Prof. Dr. Enrico Zio (M’06–SM’09) received his MSc degree in

nuclear engineering from Politecnico di Milano in 1991 and in
mechanical engineering from the University of California, Los
Angeles, in 1995, and his PhD degree in nuclear engineering
from Politecnico di Milano and the Massachusetts Institute of
Technology (MIT) in 1996 and 1998, respectively. He is
currently the director of the chair on systems sci- ence and
the energetic challenge of the Foundation Electricite’ de
France at CentraleSupélec, Paris, France; full professor and
president of the
Alumni Association at Politecnico di Milano; adjunct professor at University of
Stavanger, Norway, City University of Hong Kong, Beihang University, and
Wuhan University, China; codirector of the Center for REliability and Safety of
Critical Infrastructures, China; visit- ing professor at MIT, Cambridge,
Massachusetts; and distinguished guest professor of Tsinghua University,
Beijing, China. His research focuses on the modeling of the failure– repair–
maintenance behavior of components and complex systems, for the analysis
of their reliability, maintainability, prognostics, safety, vulnerability, resilience,
and security characteristics and on the development and use of Monte Carlo
simulation methods, soft computing techniques and optimization heuristics.
He is the author or coauthor of seven international books and more than 300
papers on international journals.
xv
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
Contributors

Waqar Ahmad Georg Edlbacher

School of Electrical
Bombardier
Engineering and Computer
Transportation Zürich,
Sciences
National University of Switzerland
Sciences and Technology
Islamabad, Pakistan Alessandro Fantechi
University of Florence
Allegra Alessi Florence, Italy
Alstom
Saint-Ouen, France Alessio Ferrari
Istituto di Scienza e
Min An Tecnologie
dell’Informazione
University of Salford
Pisa, Italy
Greater Manchester, United
Kingdom Miguel Figueres-Esteban
University of Huddersfield
Kyoumars Bahrami
Huddersfield, United Kingdom
Siemens Mobility (Rail
Automation) Melbourne, Australia
Olga Fink
Zürcher Hochschule für
Jens Braband
angewandte Wissenschaften,
Siemens AG
Braunschweig, Winterthur, Switzerland
Germany
Simone Finkeldei
Mehdi Brahimi Schweizerische Bundesbahnen
SBB Bern, Switzerland
Alstom
Saint-Ouen, France
Lance Fiondella
University of Massachusetts
Yao Chen
Dartmouth North Dartmouth,
Siemens AG Massachusetts
Munich,
Germany Heinz Gall
TÜV Rheinland
Attilio Ciancabilla Cologne,
Rete Ferroviaria Germany
Italiana Bologna,
Italy Stefania Gnesi
Istituto di Scienza e
Pierre Dersin Tecnologie
Alstom dell’Informazione
Saint-Ouen, France Pisa, Italy

Dimitris Diamantidis Gary A. Gordon

Ostbayerische Technische Massachusetts Maritime
Hochschule Regensburg Academy Buzzards Bay,
Regensburg, Germany Massachusetts

xvii
xviii
Stephan Griebel
Siemens AG
Braunschweig,
Germany
Thomas Grossenbacher
Schweizerische Bundesbahnen
SBB Bern, Switzerland
Coen van Gulijk
University of Huddersfield
Huddersfield, United Kingdom
Malcolm Terry Guy Harris
Topfield Consultancy Limited
London, United Kingdom
Osman Hasan
School of Electrical
Engineering and Computer
Sciences
National University of
Sciences and Technology
Islamabad, Pakistan
Ali Hessami
Vega Systems
London, United Kingdom
Milan Holicky
Czech Technical University in
Prague Prague, Czech Republic
Peter Hughes
University of Huddersfield
Huddersfield, United Kingdom
Lei Jiang
Southwest Jiaotong University
Chengdu, China
Andreas
Joanni Siemens
AG Munich,
Germany
Karel Jung
Czech Technical University in
Prague Prague, Czech Republic
Contributors
Benjamin Lamoureux
Alstom
Saint-Ouen, France
Yiliu Liu
Norwegian University of
Science and Technology
Trondheim, Norway
Andrei Loukianov
University of Huddersfield
Huddersfield, United Kingdom
Cristian
Maiorano
Ansaldo STS
Genoa, Italy
Birgit Milius
Technische Universität Braunschweig
Braunschweig, Germany
Vidhyashree Nagaraju
University of Massachusetts
Dartmouth North Dartmouth,
Massachusetts
Alban Péronne
Alstom
Saint-Ouen, France
Jeremy F. Plant
Pennsylvania State
University Harrisburg,
Pennsylvania
Hendrik
Schäbe TÜV
Rheinland
Cologne,
Germany
Eric J. Schöne
Traffic Sciences
Department Dresden
Technical University
Dresden, Germany
Joerg Schuette
Technische Universität
Dresden Dresden, Germany
Contributors xix

Holger Schult Xiaofei Yao

Siemens AG Casco Signal
Erlangen, Shanghai,
Germany China

Rohan Sharma Richard R. Young

TÜV Rheinland Pennsylvania State
Cologne, University Harrisburg,
Germany Pennsylvania

Miroslav Sykora Datian Zhou

Czech Technical University in Centrale Supélec
Prague Prague, Czech Republic Laboratoire Génie
Industriel Paris, France
Sofiène Tahar
Department of Electrical and and
Computer Engineering
Concordia University Beijing Jiaotong University
Montreal, Canada Beijing, China
René Valenzuela Ruben Zocco
Alstom TÜV Rheinland
Saint-Ouen, France Dubai, United Arab
Emirates
Peter Wigger
TÜV Rheinland
Cologne,
Germany
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
Section
1
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
1
Introduction to the Requirements of Railway
RAM, Safety, and Related General
Management

Qamar Mahboob, Enrico Zio, and Pierre Dersin

CONTENTS
1.1 Introduction and Background....................................................................3
1.2 RAMS Management Requirements.............................................................5
1.3 Life Cycle-Based RAM, Safety, and General Management Tasks................7
1.4 Summary................................................................................................. 11
References...................................................................................................... 11

1.1Introduction and Background

Railway-related standards introduce terms used in reliability, availability,
maintainabil- ity, and safety (also called RAMS) and require railway suppliers,
operators, maintainers, and duty holders to implement a comprehensive
RAMS management system (EN 50126 [CEN 2003], EN 50129 [CEN 2003],
IEC 61508 [IEC 2000], IEC-DTR-62248-4 [IEC 2004],
IEC 62267-2 [IEC 2011], and IEC 62278-3 [IEC 2010]). This chapter explains the
general requirements toward railway RAMS management throughout the life
cycle of a technol- ogy or system for railway application. The topics of RAMS
management and its process are covered in this chapter a way that a reliable,
safe, cost-optimal, and improved quality of railway systems may be achieved.
To achieve all these, a life cycle approach needs to be adopted. The life cycle
applicable to the RAMS management is shown in Figure 1.1 and is adopted
from EN 50126. This life cycle approach provides basic concepts and struc-
ture for planning, managing, implementing, controlling, and monitoring of all
aspects of a railway project, incorporating RAMS as well, as the project
proceeds through the life cycle phases. The general RAMS management
process consists of three major areas shown in Figure 1.1.
This life cycle and three major areas are applicable to any railway product or
subsystem under consideration regardless of its level or position within the
complete railway system. In other words, each considered subsystem level can
be combined and integrated into the supe- rior system until the top level of the
complete railway system has been obtained. The life cycle process can be
simplified depending on the applicable project phases. For example, in rail-
way projects, suppliers usually commit the demonstration of RAMS
performance-related targets until the “trial run and system acceptance” phase.
It is important to mention that warranty periods are also defined within the life
cycle phases of a project, and the warranty demonstration period may overlap
with more than one phase of the life cycle.
According to railway-related RAMS standards, safety is “freedom from
unacceptable risks, danger and injury from a technical failure in railways.” The
focus of the RAMS
3
4 Handbook of RAMS in Railway Systems

Concept 1

2
System definition and operational conditions

Risk assessment
Risk analysis and evaluation 3

Specification of system 4
requirements

Architecture and apportionment of system requirements

5

6
Design and implementation
Demonstration of compliance requirements

Manufacture 7

Re-apply lifecycle
Installation and 8
integration

System validation (including safety acceptance and commissioning)9

Trial run and system acceptance

10
Operation, maintenance,
and decommissioning

Operation, maintenance,
Modification and 11
and retrofit
performance monitoring

Decommissioning and disposal

12

FIGURE 1.1
System life cycle applicable for RAMS management process. (Based on CEN, EN 50126. Railway
Applications— The Specification and Demonstration of Reliability, Availability, Maintainability and
Safety (RAMS), CEN, Brussels, 2003.)
Introduction to the Requirements of Railway RAM 5

management process is either to identify and then reduce the safety relevant
failures or to eliminate the consequences of the failures throughout the life
cycle. The objective is always to minimize the residual risk from the safety-
related failures (Birolini 2014; Rausand and Hoyland 2004). The risk
assessment process, defined in applicable standards such as EN 50129 (CEN
2003), should be performed in order to identify the degree of safety required
for each particular situation. The tolerability of safety risk of a railway system
is dependent upon the safety criteria set by the legal authorities or by the
railway duty holder in accor- dance with the rules given by legal authorities
(HSE 2001).
After a concept for a project has been set up, the life cycle process consists
of three major steps:

• Risk assessment that includes risk analysis and risk evaluation on the
basis of the system definition including the specification of system
requirements
• Demonstration (includes theoretical and practical ways) that the
system fulfils the specified requirements
• Operation, maintenance, and decommissioning

In addition to the process flow—starting from the “Concept” and ending at

the “Decommissioning and Disposal”—within the life cycle phases, the
process flow involves a so-called feedback loop. The risk needs to be
reevaluated in case additional informa- tion on safety risk is obtained during
the related phases of the project. Consequently, some phases of the life cycle
have to be revaluated from the risk point of view. The logical flow of
information and associated decisions in project phases are more important
than the time-based flow of the phases. It requires the risk assessment to be
confirmed at the end of the life cycle. Here the aim is to have complete
visualization of the risk picture, at the end of the lifetime of a
technology/system, in order to confirm whether the “risks expectations” were
met during the whole lifetime. This reassessment, at the end of the lifetime,
will help in updating/improving risk-based decisions in the future (in reference
to a particular system/subsystem), based on the lifetime considerations. RAMS
tasks con- tribute to the general project tasks for each phase, and
requirements for RAMS tasks are detailed in the succeeding sections of this
chapter. The process flow in Figure 1.1 shows life cycle-related RAMS tasks as
components of general project tasks. The next sections will explain the
phases and RAMS requirements in each phase of the project, considering EN
50126. For the applications of the RAMS, we refer the reader to Mahboob
(2014) and references therein.

1.2 RAMS Management Requirements

A V representation, also provided in EN 50126 and other Comité Européen de
Normalisation Électrotechnique (CENELEC) standards, of the life cycle is widely
used in the RAMS man- agement. Please refer to Figure 1.2. The top–down
branch on the left side of the V-shaped diagram is generally called the
development branch and begins with the concept and ends with the
manufacturing of the subsystem components of the system. The bottom–up
branch on the right side is related to the installation or assembly, the system
handover, and then the operation of the whole railway system.
6 Handbook of RAMS in Railway
Systems

1
Concept

12
System definition 2System acceptanc1e0 Operation, 11
Decommissioning
and operational context maintenance, and performance monitoring

Risk analysis and 3

evaluation

Specification of 4 9
System validation
system requirements

Architecture and apportionment 5

of system requirements

6
Design and implementation 8
Integration

7
Manufacture

FIGURE 1.2
V representation of system life cycle. (From DIN [Deutsches Institut für Normung] and VDE
[Verband der Elektrotechnik, Elektronik und Informationstechnik], DIN EN 50126 (VDE 0115-103),
edition 2000-03. Bahnanwendungen—Spezifikation und Nachweis von Zuverlässigkeit,
Verfügbarkeit, Instandhaltbarkeit und Sicherheit (RAMS)—Teil 1: Generischer RAMS Prozess;
Deutsche Fassung prEN 50126-1:2015), Beuth Verlag and VDE Verlag, Berlin, 2003. With
permission No. 12.017 of DIN and VDE, conveyed by VDE.*)

For the roles and responsibilities as well as the general activities throughout,
the appli- cable life cycle, e.g., of the system-level considerations, will be
described in another chapter of this handbook. The life cycle phases in the V
diagram are briefly explained in the fol- lowing and are in line with the
prevailing EN 50126.

1. Concept: Contracts are signed, agreements are made, and transmittals

of the proj- ect are drawn up.
2. System definition and operational context: System characteristics and
functions are described; interfaces and requirements are clarified;
system inputs and out- puts are recorded; intended operational
conditions, maintenance, and environ- ment are stated; and the RAMS
performance-related parameters of the attached subsystems and
components are derived. The RAMS management (e.g., using RAMS
plan) and organization are established.
3. Risk assessment: Risk assessment includes risk analysis and risk
evaluation. The risk assessment involves steps such as hazard
identification, identification

* It should be noted that the latest edition be always used. This can be obtained from Beuth
Verlag, Berlin, Germany (http://www.beuth.de) and from VDE Verlag, Berlin, Germany,
(http://www.vde-verlag.de). The English edition, named BS EN 50126, can be obtained from
British Standards Institution, London (http:// www.bsigroup.com).
Introduction to the Requirements of Railway RAM 7

of events leading to hazards, and determination of risks associated

with haz- ards (requires consequence analysis). The process for
ongoing risk manage- ment should be established and then followed to
decide if a risk is tolerable. This requires risk acceptance criteria to be
in place. Risk analysis is a continu- ous and iterative step and goes in
parallel with subsequent phases. There can be a condition that can
lead to defining further safety system requirements induced by the risk
acceptance criteria in order to reduce the risk to an accept- able level.
Based on the risk assessment, system requirements can be derived.
4. Specification of system requirements: Detailing the initial system
requirements (expected functions including their RAMS requirements)
and the ones derived from risk assessment in phase 3 as well as
defining criteria for acceptance and specifying the overall
demonstration of compliance.
5. Architecture and apportionment of system requirements: Definition
and allo- cation of RAMS requirements for subsystems. This phase
might be a part of a demonstration of compliance, which can be
possibly achieved in theoretical ways such as design simulations and
software-based demos. Subsystems and their component
requirements can be directly allocated if they are already avail- able
up to this point or are apportioned by deriving them from system-level
requirements.
6. Design and implementation: During this phase, subsystems and
components should be developed according to the RAMS requirements.
Furthermore, plans for future life cycle tasks have to be established.
7.Manufacture: The components (and subsystems) of the railway system
are manu- factured, and RAMS-specific assurance plans have to be
established and applied in the later project phases.
8. Integration: All subsystems should be assembled and installed to form
the com- plete railway system in order to achieve the system-level
mission.
9. System validation: It must be validated that the system and associated
processes fully comply with the RAMS requirements, and the external
risk reduction mea- sures are considered.
10.System acceptance: This refers to the demonstration of compliance of
complete railway system with overall contractual RAMS requirements
and provides evi- dence that the system is now acceptable for entry
into service.
11.Operation, maintenance, and performance monitoring: It is required to
operate, maintain, and support the product through performance
monitoring such that compliance with system RAMS requirements is
consistent.
12.Decommissioning: In case of decommissioning, the system risk is
controlled dur- ing the transition phase.

1.3 Life Cycle-Based RAM, Safety, and General Management

Tasks
Table 1.1, which is based on EN 50126:2003, provides a summary of the main
RAM, safety, and general project-related tasks in different phases of the project
life cycle.
8 Handbook of RAMS in Railway
Systems

TABLE 1.1
Summary of the Project Phase-Related Requirements, Management, and Processes
Life Cycle Phases RAM Tasks Safety Tasks General Tasks
1. Concept • Consider • Consider • Establish and define
previously previously the scope and
achieved RAM achieved safety purpose of project
performance of performance of • Define project concept
similar projects similar project • Carry out financial
• Consider and and application analysis and
define RAM conditions feasibility studies
implications of • Consider and • Set up management
new project define safety
• Review implications of
RAM new project
targets • Safety policy
and safety
targets are
reviewed
2. System • Perform • Perform • Define system
definition and preliminary RAM preliminary mission profile
application analysis, based hazard analysis, • Prepare system-
conditions on historical data based on the level technical
of RAM historical data of description
• Define RAM policy safety • Identify operation
• Identify life • Create safety and maintenance
cycle-based plan strategies
operation • Define risk • Identify operating
and acceptance and maintenance
maintenanc criteria conditions
e conditions • Identification of • Identify influence of
• Identification of the influences on existing interfaces
the influences on safety of existing of infrastructure and
RAM of existing interfaces of local constraints
interfaces of infrastructure and
infrastructure and further
other constraints constraints
3. Risk analysis • Not relevant • Perform • Project-level risk
systematic analysis (may have to
hazard analysis be repeated at
and safety risk several stages)
analysis on
system level
• Set up central
hazard log
• Make complete
risk assessment
(= risk analysis
+ risk
evaluation)
4. System • Specify system • Specify system • Requirements analysis
requiremen RAM safety • System specific
ts requirements requirements • Specify local environment
• Define RAM • Define safety • Define system
acceptance acceptance assurance,
criteria criteria demonstration, and
• Define system • Define safety- acceptance criteria
functional related functional • Establish verification
concept and concept and and validation plan
structure requirements • Establish
• Establish RAM • Establish management,
program on safety quality, integration,
system level management and organization
• Establish RAM on system requirements
management level • Introduce and
on system implement change
level control procedure
(C
on
ti
n
ue
d)
Introduction to the Requirements of Railway RAM 9

TABLE 1.1 (CONTINUED)

Summary of the Project Phase-Related Requirements, Management, and Processes
Life Cycle Phases RAM Tasks Safety Tasks General Tasks
5. Apportionme
• Apportionment • Apportionment of • Apportionment of
nt of
of system RAM system safety system requirements
system
requirements to targets and • Define subsystem and
requiremen
the specific requirements for components
ts
subsystem and specific requirements and
component RAM subsystems and acceptance criteria
requirements components
• Define • Define
subsystem and subsystem and
components components
RAM safety
acceptance acceptance
criteria criteria • Planning
6. Design and • Update system • Design and development
implementati • Implement RAM safety plan, if • Design analysis
on program by necessary and testing
review, analysis, • Implement safety • Design certification
testing and data plan by review, • Implementation
assessment, analysis, testing, and validation
reliability, and data • Design of logistic
availability, assessment. It support resources
maintainability includes:
and • Hazard log
maintenance, • Hazard analysis
and analysis and risk
logistic support assessment
• Control • Undertake
programs: RAM program control
program for safety
management, management
control of and supplier
suppliers and control
contractors • Preparation of
generic safety
case
• Preparation of
generic
application
safety case, if
required
7. Manufacturing • Requires • Implement • Production planning
environment safety plan (by • Manufacture
al stress following • Manufacture and
screening review, analysis, test subassembly
• Requires testing and of components
RAM data • Documentati
improvemen assessment) on
t testing • Use and management
• Initiate failure update • Design
reporting and hazard log associated
corrective trainings
action system
(FRACAS) • Subsystem assembly
8. Installation • Start trainings • Establish and system-level
for the installation integration
maintenance program • Multiple
people from a • Implement subsystem
maintainer installation installations
• Establish spare program
parts and tool
provision- related
(inventory) lists
(Continued)
10 Handbook of RAMS in Railway
Systems

TABLE 1.1 (CONTINUED)

Summary of the Project Phase-Related Requirements, Management, and Processes
Life Cycle Phases RAM Tasks Safety Tasks General Tasks
9. System validation • RAM
• Establish and then • System-level
demonstration
commission commissioni
(and evaluation in
program ng
reference to the
• Preparation of • Perform transition
penalty criteria,
application- or probationary
e.g., trip losses
specific safety period of operation
during operation
case begins • Carry out
times)
related
trainings
10. System • Assess RAM • Assess application- • Observe
acceptance demonstration specific safety acceptance
in reference to case in reference procedures, based
the acceptance to the given on acceptance
criteria acceptance criteria
criteria • Documented evidence
for acceptance
• System bringing
into service
• Continue transition
11.Operation or probationary
and • Procurement period of operation,
maintenanc of spare • Safety-centered if necessary
e parts and maintenance • System operation
tools • Safety for long-term
• Apply reliability- performance basis
centered monitoring • Maintenance
maintenance, • Continuous activities based on
logistic support management system-level
and considerations
12. Performan • Through maintenance of
ce FRACAS (and hazard log
monitorin SCADA, if • Through FRACAS
g relevant) (and SCADA, if • Through FRACAS (and
collect, analyze, relevant) collect, SCADA, if relevant)
evaluate, and analyze, evaluate, collect operational
use and use performance statistics
performance performance and and analyze and
and RAM safety statistics evaluate collected
13. Modificatio statistics data
n and • Reconsider RAM • Reconsider safety
retrofit implications for implications for • Take care of
modification modification and change request
and retrofit and retrofit and revise procedures
revise and and update the • Take care of
update the necessary modification and
necessary requirements retrofit procedures
requirements
14. Decommissioni • Not relevant • Safety plan for • Planning and
ng and the procedure of
disposal decommissioning decommissioning
and disposal and and disposal
its
implementation
• Decommissionin
g and disposal-
based hazard
analysis and risk
assessment
Source: CEN, EN 50126. Railway Applications—The Specification and Demonstration of Reliability,
Availability, Maintainability and Safety (RAMS), CEN, Brussels, 2003.
Introduction to the Requirements of Railway RAM 11

1.4Summary
In general, the responsibilities for the tasks in the various life cycle phases
depend on the contractual and, sometime, legal relationship between the
stakeholders involved. It is important that the related responsibilities are
defined and agreed upon. The RAMS man- agement process shall be
implemented under the control of an organization, using com- petent
personnel assigned to specific RAMS-related roles. Selection, assessment, and
documentation of personnel competence, including technical knowledge,
qualifications, relevant experience, skill, and appropriate training, shall be
carried out in accordance with given requirements to be defined by the
project-specific safety management organization (involves subsystem [e.g.,
suppliers of signaling, rolling stock, platform screen doors, rail electrification,
supervisory control and data acquisition [SCADA], communication, auxil- iaries,
and civil works], transit system, consortium, operator, maintainer, and
customer or public authorities levels). Several roles within an organization,
such as ISA (Independent Safety Assessor) verifier, and validator, are viewed
in reference to the RAMS performance of what has been produced by other
specialists in the project such as design engineers for different subsystems. It
is worth noting that the series of RAMS CENELEC standards (EN 50126, EN
50128, and EN 50129) are undergoing a drastic revision. In parallel, a
CENELEC ad hoc group, AHG9, has been drafting a technical report which aims
at strengthening the RAM contents of EN 50126 by introducing the concept of
“RAM risk,” whereas EN 50126 mainly concentrated so far on safety risks.

References
Birolini, A. Reliability Engineering: Theory and Practice. Heidelberg: Springer, 2014.
CEN (European Committee for Standardization). EN 50126: Railway Applications—The
Specification and Demonstration of Reliability, Availability, Maintainability and
Safety (RAMS). Brussels: CEN, 2003.
CEN. EN 50129: Railway Applications—Communications, Signalling and Processing
Systems—Safety- Related Electronic Systems for Signalling. Brussels: CEN, 2003.
HSE (UK Health and Safety Executive). Reducing Risks, Protecting People (R2P2).
Liverpool: HSE, 2001. IEC (International Electrotechnical Commission). IEC 61508:
Functional Safety of Electrical/Electronic/
Programmable Electronic Safety-Related Systems (IEC 61508-1 to 7). Geneva: IEC,
2000.
IEC. IEC-DTR-62248-4: Railway Applications—Specification and Demonstration of
Reliability, Availability, Maintainability and Safety (RAMS), Part 4: RAM Risk and
RAM Life Cycle Aspects. Geneva: IEC, 2004.
IEC. IEC TR 62278-3-2010: Railway Applications—Railway Applications—Specification
and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS)—
Part 3: Guide to the Application of IEC 62278 for Rolling Stock RAM. Geneva: IEC,
2010.
IEC. IEC TR 62267-2-2011: Railway Applications—Automated Urban Guided Transport
(AUGT)—Safety Requirements—Part 2: Hazard Analysis at Top System Level.
Geneva: IEC, 2011.
Mahboob, Q. A Bayesian Network Methodology for Railway Risk, Safety and Decision
Support. Technische Universität Dresden: Dresden, PhD Thesis, 2014.
Rausand, M., and A. Hoyland. System Reliability Theory: Models, Statistical Methods, and
Applications.
Hoboken, NJ: John Wiley & Sons, 2004.
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com