1、BRITISH STANDARDBS EN 50129:2003Railway applications Communication, signalling and processing systems Safety related electronic systems for signallingICS 93.100g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44
2、g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58IncorporatingcorrigendumMay 2010National forewordThis British Standard is the UK implementation of EN 50129:2003, incorporating corrigendum May 2010. It supersedes DD ENV 50129:1999 which is withdrawn.The UK participation in its preparation
3、 was entrusted by Technical Committee GEL/9, Railway electrotechnical applications, to Subcommittee GEL/9/1, Signalling and communications.A list of organizations represented on this subcommittee can be obtained on request to its secretary.This publication does not purport to include all the necessa
4、ry provisions of a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legal obligations.BS EN 50129:2003This British Standard was published under the authority of the Standards Policy and Strategy Committee on 7 May 2003 BSI 201
5、0Amendments/corrigenda issued since publicationDate Comments 31 July 2010 Implementation of CENELEC corrigendum May 2010. Insertion of Annex ZZISBN 978 0 580 71753 6EUROPEAN STANDARD EN 50129 NORME EUROPENNE EUROPISCHE NORM February 2003 CENELEC European Committee for Electrotechnical Standardizatio
6、nIncorporating corrigendum May 2010Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Central Secretariat: rue de Stassart 35, B - 1050 Brussels 2003 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members
7、. Ref. No. EN 50129:2003 E ICS 93.100 Supersedes ENV 50129:1998English version Railway applications Communication, signalling and processing systems Safety related electronic systems for signalling Applications ferroviaires Systmes de signalisation, de tlcommunications et de traitement - Systmes lec
8、troniques de scurit pour la signalisation Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und Datenverarbeitungssysteme - Sicherheitsrelevante elektronische Systeme fr Signaltechnik This European Standard was approved by CENELEC on 2002-12-01. CENELEC members are bound to comply with the
9、CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or
10、to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the officia
11、l versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal, Slovakia, Spain, Sweden, Switzerland and United Kingdom. 2 Fore
12、word This European Standard was prepared by SC 9XA, Communication, signalling and processing systems, of Technical Committee CENELEC TC 9X, Electrical and electronic applications for railways. The text of the draft was submitted to the formal vote and was approved by CENELEC as EN 50129 on 2002-12-0
13、1. This European Standard supersedes ENV 50129:1998. This European Standard was prepared under a mandate given to CENELEC by the European Commission and the European Free Trade Association and supports the essential requirements of Directive 96/48/EC. The following dates were fixed: - latest date by
14、 which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2003-12-01 - latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2005-12-01 Annexes designated “normative“ are part of the body of
15、 the standard. Annexes designated “informative“ are given for information only. In this standard, Annexes A, B and C are normative and Annexes D and E are informative. _ EN 50129:2003 (E)BS EN 50129:2003 3 Contents Page Introduction6 1 Scope.7 2 Normative references.8 3 Definitions and abbreviations
16、.9 3.1 Definitions9 3.2 Abbreviations.13 4 Overall framework of this standard14 5 Conditions for safety acceptance and approval .15 5.1 The Safety Case15 5.2 Evidence of quality management 17 5.3 Evidence of safety management .20 5.4 Evidence of functional and technical safety.24 5.5 Safety acceptan
17、ce and approval .26 Annex A (normative) Safety Integrity Levels.30 A.1 Introduction.30 A.2 Safety requirements .30 A.3 Safety integrity31 A.4 Allocation of safety integrity requirements31 A.5 Safety Integrity Levels 39 Annex B (normative) Detailed technical requirements 42 B.1 Introduction.42 B.2 As
18、surance of correct functional operation42 B.3 Effects of faults.44 B.4 Operation with external influences 50 B.5 Safety-related application conditions51 B.6 Safety Qualification Tests.53 Annex C (normative) Identification of hardware component failure modes55 C.1 Introduction.55 C.2 General procedur
19、e .55 C.3 Procedure for integrated circuits (including microprocessors) .55 C.4 Procedure for components with inherent physical properties.55 C.5 General notes concerning component failure modes.56 C.6 Additional general notes, concerning components with inherent physical properties 56 C.7 Specific
20、notes concerning components with inherent physical properties .57 EN 50129:2003 (E)BS EN 50129:2003 4 Annex D (informative) Supplementary technical information77 D.1 Introduction.77 D.2 Achievement of physical internal independence 77 D.3 Achievement of physical external independence .78 D.4 Example
21、 of a method for single-fault analysis79 D.5 Example of a method for multiple-fault analysis.80 Annex E (informative) Techniques and measures for safety-related electronic systems for signalling for the avoidance of systematic faults and the control of random and systematic faults .85 Bibliography.9
22、5 Figure 1 Scope of the main CENELEC railway application standards .8 Figure 2 Structure of EN 5012915 Figure 3 Structure of Safety Case 17 Figure 4 Example of system life-cycle 19 Figure 5 Example of design and validation portion of system life-cycle .21 Figure 6 Arrangements for independence22 Fig
23、ure 7 Structure of Technical Safety Report .26 Figure 8 Safety acceptance and approval process.28 Figure 9 Examples of dependencies between Safety Cases/Safety Approval.29 Figure A.1 Safety requirements and safety integrity.30 Figure A.2 Global process overview.32 Figure A.3 Example risk analysis pr
24、ocess33 Figure A.4 Definition of hazards with respect to the system boundary.34 Figure A.5 Example hazard control process.36 Figure A.6 Interpretation of failure and repair times .37 Figure A.7 Treatment of functional independence by FTA.38 Figure A.8 Relationship between SILs and techniques 40 Figu
25、re B.1 Influences affecting the independence of items46 Figure B.2 Detection and negation of single faults .49 Figure D.1 Example of a fault analysis method 81 Table A.1 SIL-table.41 Table C.1 Resistors 61 Table C.2 Capacitors62 Table C.3 Electromagnetic components.63 Table C.4 Diodes66 Table C.5 Tr
26、ansistors .67 Table C.6 Controlled rectifiers 69 Table C.7 Surge Suppressors 71 Table C.8 Opto-electronic components72 Table C.9 Filters .73 Table C.10 Interconnection assemblies .74 EN 50129:2003 (E)BS EN 50129:2003Annex ZZ (informative) Coverage of Essential Requirements of EC Directives 94 5 Tabl
27、e C.11 Fuses .75 Table C.12 Switches and push/pull buttons75 Table C.13 Lamps 75 Table C.14 Batteries.75 Table C.15Transducers/sensors (not including those with internal electronic circuitry)76 Table C.16 Integrated circuits.76 Table D.1 - Examples of measures to detect faults in large-scale integra
28、ted circuits by means of periodic on-line testing, with comparison (SW or HW), in a 2-out-of-n system.82 Table E.1 Safety planning and quality assurance activities86 Table E.2 System requirements specification 87 Table E.3 Safety organisation.87 Table E.4 Architecture of system/sub-system/equipment
29、88 Table E.5 Design features 89 Table E.6 Failure and hazard analysis methods.90 Table E.7 Design and development of system/sub-system/equipment91 Table E.8 Design phase documentation.91 Table E.9 Verification and validation of the system and product design 92 Table E.10 Application, operation and m
30、aintenance 93 EN 50129:2003 (E)BS EN 50129:2003 6 Introduction This document is the first European Standard defining requirements for the acceptance and approval of safety-related electronic systems in the railway signalling field. Until now only some differing national recommendations and general a
31、dvice of the UIC (International Union of Railways) on this topic were in existence. Safety-related electronic systems for signalling include hardware and software aspects. To install complete safety-related systems, both parts within the whole life-cycle of the system have to be taken into account.
32、The requirements for safety-related hardware and for the overall system are defined in this standard. Other requirements are defined in associated CENELEC standards. The aim of European railway authorities and European railway industry is to develop compatible railway systems based on common standar
33、ds. Therefore cross-acceptance of Safety Approvals for sub-systems and equipment by the different national railway authorities is necessary. This document is the common European base for safety acceptance and approval of electronic systems for railway signalling applications. Cross-acceptance is aim
34、ed at generic approval, not specific applications. Public procurement within the European Community concerning safety-related electronic systems for railway signalling applications will in future refer to this standard when it becomes an EN. The standard consists of the main part (Clause 1 to Clause
35、 5) and Annexes A, B, C, D and E. The requirements defined in the main part of the standard and in Annexes A, B and C are normative, whilst Annexes D and E are informative. This standard is in line with, and uses relevant sections of EN 50126: “Railway applications: The Specification and Demonstrati
36、on of Dependability - Reliability, Availability, Maintainability and Safety (RAMS)“. This standard and EN 50126 are based on the system life-cycle and are in line with EN 61508-1, which is replaced by the set of EN 50126/EN 50128/EN 50129, as far as Railway Communication, Signalling and Processing S
37、ystems are involved. Meeting the requirements in these standards is sufficient to ensure that further compliance to EN 61508-1 need not be evaluated. Because this standard is concerned with the evidence to be presented for the acceptance of safety-related systems, it specifies those life-cycle activ
38、ities which shall be completed before the acceptance stage, followed by additional planned activities to be carried out after the acceptance stage. Safety justification for the whole of the life-cycle is therefore required. This standard is concerned with what evidence is to be presented. Except whe
39、re considered appropriate, it does not specify who should carry out the necessary work, since this may vary in different circumstances. For safety-related systems which include programmable electronics, additional conditions for the software are defined in EN 50128. Additional requirements for safet
40、y-related data communication are defined in EN 50159-1 and EN 50159-2. EN 50129:2003 (E)BS EN 50129:2003 7 1 Scope This standard is applicable to safety-related electronic systems (including sub-systems and equipment) for railway signalling applications. The scope of this standard, and its relations
41、hip with other CENELEC standards, are shown in Figure 1. This standard is intended to apply to all safety-related railway signalling systems/sub-system/equipment. However, the hazard analysis and risk assessment processes defined in EN 50126 and this standard are necessary for all railway signalling
42、 systems/sub-systems/equipment, in order to identify any safety requirements. If analysis reveals that no safety requirements exist (i.e.: that the situation is non-safety-related), and provided the conclusion is not revised as a consequence of later changes, this safety standard ceases to be applic
43、able. This standard applies to the specification, design, construction, installation, acceptance, operation, maintenance and modification/extension phases of complete signalling systems, and also to individual sub-systems and equipment within the complete system. Annex C includes procedures relating
44、 to electronic hardware components. This standard applies to generic sub-systems and equipment (both application-independent and those intended for a particular class of application), and also to systems/sub-systems/equipment for specific applications. This standard is not applicable to existing sys
45、tems/sub-systems/equipment (i.e. those which had already been accepted prior to the creation of this standard). However, as far as reasonably practicable, this standard should be applied to modifications and extensions to existing systems, sub-systems and equipment. This standard is primarily applic
46、able to systems/sub-systems/equipment which have been specifically designed and manufactured for railway signalling applications. It should also be applied, as far as reasonably practicable, to general-purpose or industrial equipment (e.g.: power supplies, modems, etc.), which is procured for use as
47、 part of a safety-related signalling system. As a minimum, evidence shall be provided in such cases to demonstrate either that the equipment is not relied on for safety, or that the equipment can be relied on for those functions which relate to safety. This standard is applicable to the functional s
48、afety of railway signalling systems. It is not intended to deal with the occupational health and safety of personnel; this subject is covered by other standards. EN 50129:2003 (E)BS EN 50129:2003 8 Total Railway SystemComplete RailwaySignalling SystemIndividual Sub-SystemIndividual Item of Equipment
49、EN 50128(Software)EN 50159-1 and -2(Communication)EN 50129(SystemSafety)EN 50126(RAMS)Figure 1 Scope of the main CENELEC railway application standards 2 Normative references This European Standard incorporates, by dated or undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or r
