1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Railway Applications - The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS)Part 2: Systems Approach to SafetyBS EN 501262:2017EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE N
2、ORMEN 50126-2 October 2017ICS 45.020 Supersedes CLC/TR 50126-2:2007English VersionRailway Applications - The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) - Part2: Systems Approach to SafetyApplications ferroviaires - Spcification et dmonstration del
3、a fiabilit, de la disponibilit, de la maintenabilit et de la scurit (FDMS) - Partie 2: Approche systmatique pour lascuritBahnanwendungen - Spezifikation und Nachweis von Zuverlssigkeit, Verfgbarkeit, Instandhaltbarkeit und Sicherheit (RAMS) - Teil 2: Systembezogene Sicherheitsmethodik This European
4、Standard was approved by CENELEC on 2017-07-03. CENELEC members are bound to comply with the CEN/CENELECInternal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.Up-to-date lists and bibliographical references conce
5、rning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CENELEC member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC mem
6、ber into its own language and notified to the CEN-CENELEC Management Centre has thesame status as the official versions.CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic
7、 of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,Switzerland, Turkey and the United Kingdom.European Committee for Electrotechnical Standardizat
8、ionComit Europen de Normalisation ElectrotechniqueEuropisches Komitee fr Elektrotechnische Normung CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.Ref. No. EN 50126-2:2017 ENa
9、tional forewordThis British Standard is the UK implementation of EN 501262:2017. It supersedes PD CLC/TR 50126-2:2007, which is withdrawn.The National Committee is in favour of this standards series (which represents a significant change from BS EN 50126:1999), and acknowledges the considerable effo
10、rts and progress which has been made. However, it regrets that a majority of UK comments to improve its clarity were not incorporated. Consequently, the National Committee recommends that users read the requirements carefully as the resultant documents might, in some circumstances, make it challengi
11、ng for users to understand correctly. This is most likely to be the case in those fields of application and to those aspects of RAMS where EN 50126 may not be applied historically.The UK participation in its preparation was entrusted to Technical Committee GEL/9, Railway Electrotechnical Application
12、s.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2017 Published by BSI Stan
13、dards Limited 2017ISBN 978 0 580 91693 9ICS 45.020Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 November 2017.Amendments/corrigenda issued since publication
14、Date Text affectedBRITISH STANDARDBS EN 501262:2017EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 50126-2 October 2017 ICS 45.020 Supersedes CLC/TR 50126-2:2007English Version Railway Applications - The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (R
15、AMS) - Part 2: Systems Approach to Safety Applications ferroviaires - Spcification et dmonstration de la fiabilit, de la disponibilit, de la maintenabilit et de la scurit (FDMS) - Partie 2: Approche systmatique pour la scurit Bahnanwendungen - Spezifikation und Nachweis von Zuverlssigkeit, Verfgbark
16、eit, Instandhaltbarkeit und Sicherheit (RAMS) - Teil 2: Systembezogene Sicherheitsmethodik This European Standard was approved by CENELEC on 2017-07-03. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the
17、status of a national standard without any alteration.Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CENELEC member. This European Standard exists in three official versions (English, Fre
18、nch, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria
19、, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia,
20、 Spain, Sweden, Switzerland, Turkey and the United Kingdom. European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CENELEC All right
21、s of exploitation in any form and by any means reserved worldwide for CENELEC Members. Ref. No. EN 50126-2:2017 EBS EN 501262:2017EN 50126-2:2017 (E) 2 Contents Page European foreword . 5 Introduction 6 1 Scope 7 2 Normative references. 8 3 Terms and definitions 8 4 Abbreviations . 8 5 Safety proces
22、s . 9 5.1 Risk assessment and hazard control . 9 5.2 A. Risk assessment 10 5.2.1 General 10 5.2.2 Conducting risk assessment . 11 5.3 B. Outcome of the risk assessment . 11 5.4 C. Hazard control . 11 5.5 D. Revision of risk assessment . 12 5.6 Responsibilities 13 6 Safety demonstration and acceptanc
23、e . 13 6.1 Introduction 13 6.2 Safety demonstration and safety acceptance process . 13 6.3 Responsibility in managing the Safety Case . 17 6.4 Modifications after safety acceptance . 17 6.5 Dependencies between Safety Cases . 17 6.6 Relationship between safety cases and system architecture . 18 7 Or
24、ganisation and Independence of Roles . 19 7.1 General 19 7.2 Early phases of the lifecycle (phases 1 to 4) . 19 7.3 Later phases of the lifecycle (starting from phase 5) . 20 7.4 Personnel Competence. 21 8 Risk assessment 22 8.1 Introduction 22 8.2 Risk Analysis 22 8.2.1 General 22 8.2.2 The risk mo
25、del 22 8.2.3 Techniques for the consequence analysis . 24 8.2.4 Expert Judgement . 25 8.3 Risk acceptance principles and risk evaluation . 25 8.3.1 Use of Code of Practice 25 8.3.2 Use of a reference system 26 8.3.3 Use of Explicit Risk Estimation 27 8.4 Application of explicit risk estimation 28 8.
26、4.1 Quantitative approach . 28 8.4.2 Variability using quantitative risk estimates . 30 8.4.3 Qualitative and semi-quantitative approaches . 31 BS EN 501262:2017EN 50126-2:2017 (E) 3 9 Specification of System Safety Requirements 32 9.1 General 32 9.2 Safety requirements . 32 9.3 Categorization of Sa
27、fety Requirements . 32 9.3.1 General 32 9.3.2 Functional safety requirements . 33 9.3.3 Technical safety requirements 34 9.3.4 Contextual safety requirements . 34 10 Apportionment of functional Safety Integrity requirements 35 10.1 Deriving and apportioning system safety requirements . 35 10.2 Funct
28、ional safety integrity for electronic systems 35 10.2.1 Deriving functional safety requirements for electronic systems 35 10.2.2 Apportioning safety requirements 35 10.2.3 Safety Integrity Factors . 38 10.2.4 Functional safety integrity and random failures . 38 10.2.5 Systematic aspect of functional
29、 safety integrity . 38 10.2.6 Balanced requirements controlling random and systematic failures . 38 10.2.7 The SIL table 39 10.2.8 SIL allocation 40 10.2.9 Apportionment of TFFR after SIL allocation 40 10.2.10 Demonstration of quantified targets 40 10.2.11 Requirements for Basic Integrity . 41 10.2.
30、12 Prevention of misuse of SILs 42 10.3 Safety Integrity for non-electronic systems Application of CoP . 42 11 Design and implementation 43 11.1 Introduction 43 11.2 Causal analysis 43 11.3 Hazard identification (refinement) . 44 11.4 Common cause analysis . 44 Annex A (informative) ALARP, GAME, MEM
31、 . 46 A.1 ALARP, GAME, MEM as methods to define risk acceptance criteria 46 A.2 ALARP (As Low As Reasonably Practicable) . 47 A.2.1 General 47 A.2.2 Tolerability and ALARP . 48 A.3 Globalement Au Moins Equivalent (GAME) principle 48 A.3.1 Principle . 48 A.3.2 Using GAME . 49 A.3.2.1 General 49 A.3.2
32、.2 Basic principles 49 A.3.2.3 Using GAME to construct a qualitative safety argument 49 A.3.2.4 GAME using quantitative risk targets 49 A.4 Minimum Endogenous Mortality MEM 50 Annex B (informative) Using failure and accident statistics to derive a THR 52 Annex C (informative) Guidance on SIL Allocat
33、ion 53 Annex D (informative) Safety target apportionment methods . 55 D.1 Analysis of the system and methods 55 BS EN 501262:2017EN 50126-2:2017 (E) 4 D.2 Example of qualitative apportionment method 55 D.2.1 General 55 D.2.2 Example of qualitative method for barrier efficiency 56 D.3 Example of quan
34、titative apportionment method 58 D.3.1 Introduction 58 D.3.2 Functions with independent failure detection and negation mechanisms . 59 D.3.3 Function and independent barrier acting as failure detection and negation mechanism 61 D.3.4 Apportionment of a probability safety target 62 D.3.5 Apportionmen
35、t of a “per hour” safety target 62 Annex E (informative) Common mistakes in quantification . 64 E.1 Common misuses 64 E.2 Mixing failure rates with probabilities . 64 E.3 Using formulas out of their range of applicability 65 Annex F (informative) Techniques / methods for safety analysis . 66 Annex G
36、 (informative) Key system safety roles and responsibilities. 69 Annex ZZ (informative) Relationship between this European Standard and the Essential Requirements of EU Directive 2008/57/EC . 73 Bibliography . 77 BS EN 501262:2017EN 50126-2:2017 (E) 5 European foreword This document (EN 50126-2:2017)
37、 has been prepared by CLC/TC 9X “Electrical and electronic applications for railways“. The following dates are fixed: latest date by which this document has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2018-07-03 latest date by which th
38、e national standards conflicting with this document have to be withdrawn (dow) 2020-07-03 This document supersedes CLC/TR 50126-2:2007. The former edition of CLC/TR 50126-2:2007 is made obsolete by the new editions EN 50126-1:2017 and EN 50126-2:2017; the reason is that the scope of the present part
39、 was modified compared to the superseded edition. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights. EN 50126 “Railway applications The specificatio
40、n and demonstration of Reliability, Availability, Maintainability and Safety (RAMS)“ consists of the following parts: Part 1: Generic RAMS process; Part 2: System approach to safety. This document has been prepared under a mandate given to CENELEC by the European Commission and the European Free Tra
41、de Association, and supports essential requirements of EU Directive(s). For the relationship with EU Directive(s) see informative Annex ZZ, which is an integral part of this document. BS EN 501262:2017EN 50126-2:2017 (E) 6 Introduction EN 50126-1:1999 was aiming at introducing the application of a s
42、ystematic RAMS management process in the railway sector. Through the application of this standard and the experiences gained over the last years, the need for revision and restructuring became apparent with a need to deliver a systematic and coherent approach to RAMS applicable to all the railway ap
43、plication fields Command, Control and Signalling, Rolling Stock and Fixed Installations. The revision work improved the coherency and consistency of the standards, the concept of safety management and the practical usage of EN 50126 and took into consideration the existing and related Technical Repo
44、rts as well. This European Standard provides railway duty holders and the railway suppliers, throughout the European Union, with a process which will enable the implementation of a consistent approach to the management of reliability, availability, maintainability and safety, denoted by the acronym
45、RAMS. Processes for the specification and demonstration of RAMS requirements are cornerstones of this standard. This European Standard promotes a common understanding and approach to the management of RAMS. EN 50126 forms part of the railway sector specific application of IEC 61508. Meeting the requ
46、irements in this European Standard together with the requirements of other suitable standards is sufficient to ensure that additional compliance to IEC 61508 does not need to be demonstrated. With regard to safety, EN 50126-1 provides a Safety Management Process which is supported by guidance and me
47、thods described in EN 50126-2. EN 50126-1 and EN 50126-2 are independent from the technology used. As far as safety is concerned, EN 50126 takes the perspective of safety with a functional approach. The application of this standard should be adapted to the specific requirements for the system under
48、consideration. This European Standard can be applied systematically by the railway duty holders and railway suppliers, throughout all phases of the life-cycle of a railway application, to develop railway specific RAMS requirements and to achieve compliance with these requirements. The systems-level
49、approach developed by this European Standard facilitates assessment of the RAMS interactions between elements of railway applications even if they are of complex nature. This European Standard promotes co-operation between the stakeholders of Railways in the achievement of an optimal combination of RAMS and cost for railway applications. Adoption of this European Standard will support the principles of the European Single Market and facilitate European railway inter-operability. In accordance with CENELEC editing rules 1), mandatory