Information Technology Reference
In-Depth Information
On the Justification of a Risk Matrix for
Technical Systems in European Railways
Jens Braband
Siemens AG, Industry Sector, Mobility Division, Rail Automation
Ackerstr. 22, 38126 Braunschweig, Germany
jens.braband@siemens.com
Abstract. The European Railway Agency (ERA) has the challeng-
ing task of establishing common safety targets (CSTs) and common
safety methods (CSMs) throughout Europe. In this context, the har-
monization of risk matrices is also discussed. The purpose of this pa-
per is to provide a formal justification of risk matrices for technical
systems and the means by which compliance with legal and regula-
tory requirements can be demonstrated. A proposal for a standard
risk matrix applicable to technical systems is derived.
Keywords: Common Safety Method (CSM), Risk Analysis, Risk Matrix,
CSM Regulation, European Railway Agency (ERA).
1
Introduction
The European Railway Agency (http://www.era.europa.eu), established by
European Regulation 881/2004, has the mission of reinforcing railway safety
and interoperability throughout Europe in times of ongoing privatisation.
Central to its work on railway safety is the development of measures based on
common safety targets (CSTs) and common safety methods (CSMs), common
safety indicators and harmonised safety certification documents.
The common safety methods describe how safety levels, the achievement
of safety targets and compliance with other safety requirements are assessed
in the various Member States. As a first step, EU Regulation 352/2009 came
into force in July 2010.
In this regulation, a semi-quantitative risk acceptance criterion for tech-
nical systems (RAC-TS) has been included: For technical systems where a
functional failure has credible direct potential for a catastrophic consequence,
the associated risk does not have to be reduced further if the rate of that failure
is less than or equal to
10 9 per operating hour.
This criterion is limited to those technical systems where the failure can
lead to catastrophic effects, e.g. accidents involving several fatalities, and for
which there are no credible barriers or substantial mitigating factors that will
prevent this consequence from materialising. The criterion can be used for the
most critical functions performed by technical systems on railways such as
Search WWH ::




Custom Search