Safely designing High Speed Two · 2019-03-09 · CDM CSM-RA . CDM Hazard Register CSM-RA Hazard...

Safely designing High Speed Two Challenges in building the organisation, and demonstrating the railway to be safe

Dr Reuben McDonald, Head of System Safety, Security & Interoperability, HS2 16th June 2016

www.gov.uk/hs2

System Definition

Of HS2

Health and Safety

CSM-RA & Examples

Overview

Security

SWIFT HERA Event Trees HAZID

Event Trees

SWIFT

SWIFT TRACER

FHA

HERA Event Trees

HAZID

Hazard Record

HAZID SWIFT

FHA

SWIFT HAZID Fault Trees

FHA PSSA

System Safety Technical File

SWIFT HERA HERA

SAFSIM

FHA

Hazard Record

FHA FHA

Hazard Record SAFSIM TRACER

SWIFT

PSSA

SWIFT

SAFSIM

FHA FHA HAZID

SAFSIM Fault Trees Event Trees Hazard Record

HAZID TRACER SWIFT

HERA

FHA PSSA


SAFSIM Fault Trees Event Trees Hazard Record

HAZID TRACER SWIFT

HERA

PSSA

System Safety Technical File SWIFT

SWIFT SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

HAZID

HAZID

HAZID

HAZID

HAZID

HAZID

HAZID

HAZID

HAZID

HAZID

TRACER

TRACER

TRACER

TRACER

TRACER TRACER

TRACER

SAFSIM

SAFSIM SAFSIM

SAFSIM SAFSIM

SAFSIM

SAFSIM

SAFSIM

SAFSIM

Fault Trees

Fault Trees Fault Trees Fault Trees Fault Trees

Fault Trees

Fault Trees

Fault Trees

Fault Trees

FHA

FHA

FHA

FHA

FHA FHA

FHA

FHA

FHA FHA

Event Trees Event Trees

Event Trees

Event Trees

Event Trees

Event Trees

Event Trees

Event Trees

Event Trees

PSSA PSSA

PSSA

PSSA

PSSA

PSSA

PSSA

PSSA





Hazard Record

Hazard Record

Hazard Record Hazard Record

Hazard Record

Hazard Record

Hazard Record

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

SWIFT

HAZID

HAZID HAZID

HAZID

HAZID

HAZID TRACER

TRACER

TRACER

TRACER

HERA

HERA

HERA

HERA

HERA

HERA

HERA

HERA HERA

SAFSIM

SAFSIM SAFSIM

SAFSIM

FHA

FHA

PSSA PSSA

PSSA

PSSA



Event Trees

Hazard Record

Hazard Record

SWIFT

SWIFT

SWIFT

SWIFT

HAZID

TRACER

TRACER

SAFSIM

SAFSIM SAFSIM

Fault Trees

FHA FHA

FHA

FHA

FHA FHA

Event Trees

PSSA

Hazard Record

SWIFT SWIFT

SWIFT

HAZID HAZID

HERA HERA SAFSIM

FHA

FHA

Hazard Record

SWIFT

SWIFT

SWIFT

SWIFT

HAZID

TRACER

TRACER

SAFSIM

SAFSIM

SAFSIM

Fault Trees

FHA FHA

FHA

FHA

FHA FHA

Event Trees

PSSA

Hazard Record

SWIFT SWIFT

SWIFT

HAZID HAZID

HERA HERA SAFSIM

FHA

FHA

Hazard Record

SWIFT

SWIFT

SWIFT

SWIFT

HAZID

TRACER

TRACER

SAFSIM

SAFSIM SAFSIM

Fault Trees

FHA FHA

FHA

FHA

FHA FHA

Event Trees

PSSA

Hazard Record

SWIFT SWIFT

SWIFT

HAZID HAZID

HERA HERA SAFSIM

FHA

FHA

Hazard Record

SWIFT

SWIFT

SWIFT

HAZID

TRACER

TRACER

SAFSIM

SAFSIM

SAFSIM

Fault Trees

FHA FHA

FHA

FHA

FHA FHA

Event Trees

PSSA

Hazard Record

SWIFT SWIFT

SWIFT

HAZID HAZID

HERA

HERA SAFSIM

FHA

FHA

Hazard Record

SWIFT

SWIFT

SWIFT

SWIFT

HAZID

TRACER

TRACER

SAFSIM

SAFSIM SAFSIM

Fault Trees

FHA FHA

FHA

FHA

FHA FHA PSSA

Hazard Record

SWIFT SWIFT

SWIFT

HAZID HAZID

HERA HERA SAFSIM

FHA

FHA

Hazard Record

HAZID

TRACER

Fault Trees

FHA System Safety Technical File SWIFT

TRACER HERA

HERA

SAFSIM

FHA Hazard Record FHA

Hazard Record

HAZID SWIFT

SWIFT HAZID

FHA

Event Trees PSSA

PSSA SWIFT

HERA

HERA

PSSA Hazard Record

SAFSIM

FHA Hazard Record

SWIFT

HERA SAFSIM

SAFETY Hazard Identification

Safety Plan

Consequence Analysis

Risk Control Measure

Common Safety Method on Risk assessment

Frequency Analysis System Safety Technical File

Common Safety Method

FHA Fault Trees HAZID



CSM-RA

CSM-RA

CSM-RA Assessment Body

Assessment Body

Assessment Body

…. it’s not as complicated as you think

HS2: a strategic transformation

Phase One Stations: Euston Old Oak Common Birmingham Interchange Birmingham Curzon Street

Phase Two Stations: East Midlands Hub Sheffield Leeds Manchester Piccadilly Manchester Airport

Phase one key construction statistics

230km ROUTE LENGTH

46km TUNNELS

74km CUTTINGS

152 STRUCTURES

UNDER BRIDGES

145 STRUCTURES

OVER BRIDGES

128 mt EXCAVATED MATERIAL

(90% TO BE RE USED)

31 MAIN COMPOUNDS

FOR CONSTRUCTION

299 SATELLITE

COMPOUNDS

HS2 “The Project”

BUSINESS REQUIREMENTS

OPERATION CONCEPT

ENGINEERING SYSTEM PERFORMANCE

TRAINS | TRACK | CONTROL | STATIONS | ETC.

ROUTE SELECTION AND DEVELOPMENT

Scope of HS2 design

THE HS2 TRAIN SERVICE AND INFRASTRUCTURE WILL BE DESIGNED AND DEVELOPED TOGETHER

What is safety risk ?

System safety

• ‘Safety’ means freedom from unacceptable risk of harm1

• System safety refers to the safety of the operational railway, this includes Passengers

Railway staff

Members of the public

• System safety covers sudden events but not the ongoing health and safety of the staff

10 Reference 1: EN50126-2, and CSM-RA (2009) regulation

The Common Safety Method on Risk Evaluation and

Assessment is used to assess the safety of the operational

railway

Common Safety Method on Risk Evaluation and Assessment Requires a proposer the undertake the risk assessment process, identify the hazards, the risks, the associated safety measures and the resulting safety requirements

Passengers Workforce Public

The Construction (Design and Management) Regulations is used to assess the health &

safety in construction

Construction (Design and Management) Regulations

Requires a designer ….. to eliminate, so far as is reasonably practicable, foreseeable risks to the health or safety of any person during:

Construction Maintenance Use

Design for construction

Design for operation

Safety of project personnel

Safety of Others

Occupational Health

CDM CSM-RA

CDM Hazard Register CSM-RA Hazard Record

HS2 System Safety

HS2 Safety Goals (from functional response)

• HS2 Ltd will design, build and operate the Railway to meet or better the performance standard of HS1,

• to reduce safety risks as low as reasonably practicable

• in line with best current international practice.

18

Common Safety Method on Risk Evaluation and Assessment (EU 402/2013)

Design Stages – civil infrastructure

Parliamentary Design

Specification Design

Employers Requirements

Design

Scheme Design

Detailed Design

Activity by lifecycle stage – CSM-RA

HS2 Lifecycle stage

CSM

Task

Concept

design

Parliamentary

Design/ Spec

design

Scheme/

Employers

design

Detailed

design

Construction Test and

commissioning

Operational

System

Description

Develop

Preliminary

system

description

Develop

system

description

(functional,

interfaces)

System

description

should reflect

preliminary

design, be

configuration

controlled

Should be

detailed,

controlled

and complete

(reflecting

system

architecture)

Change

control –

ensure any

changes (e.g.

in as built) are

included and

assessed

Change control –

ensure any

changes resulting

from tests are

included and

assessed

Change

control –

ensure any

changes are

included and

assessed

Hazard

Identification

High level Preliminary

hazard

identification

Hazard

identification

on all systems

and sub-

systems

Detailed

hazard

identification

on all

systems, sub-

systems and

products,

including site

specific and

migration

stages

Update

hazard

identification

against

changes

Construction

hazards

identified and

managed as

part of CDM

process

Update hazard

identification

against changes

Update

hazard

identification

against

changes

Selection of

Risk Accept.

Principle

Develop

principles

Identify likely

RAP for

hazards

Identify RAP for hazards

identified

Update RAP for hazards identified against changes

HS2 Lifecycle stage

CSM

Task

Concept

design

Parliamentary

Design/ Spec

design

Scheme/

Employers

design

Detailed

design

Construction Test and

commissioning

Operational

Risk

acceptance:

Code of

Practice/ Ref

System

Develop standards baseline

Identify where hazards are

managed by Codes of

Practice

Ensure code of practice/

reference system is relevant

for the control of the

considered hazards

Update code of practice/ reference application

against changes

Risk

acceptance:

Explicit Risk

Estimation

Develop

criteria for

explicit risk

Demonstrate that explicit risk

criteria have been met

Update argument in response to changes

Safety

Requirements

Collate safety

requirements

Identify safety requirements from hazard

controls and feed into requirements process

Update safety requirements in response to changes

in hazards

Demo of

Compliance

Collate validation evidence

Independent

Assessment

Develop

strategy for

independent

assessment

Appoint AsBo

AsBo review

of Design

Deliverables

AsBo review of Scheme/

employers Deliverables

AsBo report

Hazard

Management

Establish

hazard

management

processes

Implement

hazard

management

(using hazard

record)

Continue hazard management process, update as required

Application of CSM-RA in HS2 – System Definition for hybrid bill design

EXTERNAL

CIVIL ENGINEERING

STATIONS TRAIN DEPOT

MAINTENANCE DEPOT TRACK

ROLLING STOCK

ENERGY

CONTROLS & COMMS

TELEMATIC APPLICATIONS OPERATIONAL

PASSENGER

CIVIL ENGINEERING

ENERGY

CONTROLS & COMMS

TELEMATIC

APPLICATIONS

PASSENGER

PASSENGER

CONTROLS & COMMS

ENERGY

ROLLING STOCK

TRACK

CIVIL ENGINEERING

MAINTENANCE DEPOT

TRACK

ROLLING STOCK

WEATHER, ENVIRONMENT OTHER RAILWAYS

WEATHER, ENVIRONMENT

MONITOR & CONTROL THE RAIL INFRASTRUCTURE

PROTECT RAILWAY FROM EXTERNAL IMPACTS

PROVIDE NOISE & VIBRATION MITIGATION

PREVENT INCURSION INTO THE LOADING GAUGE

PROVIDE DIAGNOSTIC INFO TO TELEMATIC

PROVIDE ENERGY FUNCTIONS AND FACILITIES

PROVIDE A SECURE CONTROL AND COMMS

ENVIRONMENTPROVIDE CONTROL & COMMS FACILITIES

SECURITY SYSTEMS


THIRD PARTIES

PROVIDES PHYSICAL SUPPORT AND GUIDANCE TO

THE TRAINPROVIDE DRAINAGE

ALLOWS SUFFICIENT ADHERENCE FOR TRAINS TO

ACCELERATE AND BRAKE AS REQUIRED

ENABLES TRAIN MOVEMENT ALONG ROUTE AND

TO ADJACENT INFRASTRUCTURE

PROTECT PEOPLE ON RAILWAY FROM MOVING

TRAINS

PROVIDE SAFE ACCESS AND EGRESS FOR

EMERGENCY SERVICES

PROVIDE RESOURCE ALLOCATION AND

RESPONSIBILITIES TO IMPLEMENT EMERGENCY

EMERGENCY SERVICES WEATHER, ENVIRONMENT

ROAD ROAD OTHER RAILWAYS OTHER RAILWAYS

PROTECT RAILWAY FROM RAIL VEHICLE IMPACTS

PROVIDE TRAIN MAINTENANCE FUNCTIONS &

FACILITIES

PROVIDE FACILITIES FOR SERVICES PROVIDE DRAINAGE PROTECT STATION FROM RAIL VEHICLE IMPACTS PROTECT STATIONS FROM EXTERNAL IMPACTS

PROVIDE SAFE ENVIRONMENT FOR PASSENGERS,

STAFF AND NEIGHBOURS


FACILITIES


FACILITIES


FACILITIES

PROVIDE EGRESS FOR PASSENGERS

PROVIDE SECURE STABLING ENVIRONMENT FOR

TRAINSPROVIDE STATION FACILITIES


STAFF AND NEIGHBOURSPROVIDE SAFE EGRESS AND ACCESS FOR

EMERGENCY SERVICES ON TO TRAINS

THIRD PARTIES THIRD PARTIES


FACILITIES


FACILITIES

THIRD PARTIES

MAINTENANCE DEPOT

PROVIDE A SAFE WORKING ENVIRONMENTPROVIDE SECURE STORAGE ENVIRONMENT FOR

EQUIPMENT AND MATERIALSPROVIDE CONTAMINATED DISCHARGE FACILITIES PROVIDE A SAFE WORKING ENVIRONMENT

PROVIDE SECURE STORAGE ENVIRONMENT FOR

EQUIPMENT AND MATERIALS

PROVIDE SECURE STORAGE STABLING

ENVIRONMENT FOR ENG TRAINS & OTM

PROVIDE TRAINING FACILITIES

EXTERNAL

OTHER RAILWAYS OTHER RAILWAYS WEATHER, ENVIRONMENT OTHER RAILWAYS WEATHER, ENVIRONMENT

THIRD PARTIES THIRD PARTIES ROAD


TRAIN DEPOT

PROVIDE SECURE STABLING ENVIRONMENT (FOR

PASSENGER TRAINS AND OTM)

STATIONS

PROVIDE RETAIL AND SUPPORT FACILITIES

TELEMATIC

APPLICATIONS

SECURITY SYSTEMS RCM INFRA MAINTENANCE PLANNING SYSTEM


THE TRAINPROVIDE DRAINAGE

ALLOWS SUFFICIENT ADHERENCE FOR TRAINS TO

ACCELERATE AND BRAKE AS REQUIRED

ENABLES TRAIN MOVEMENT ALONG ROUTE AND

TO ADJACENT INFRASTRUCTUREMITIGATE NOISE AND VIBRATION

PROVIDE CONTROL & COMMS FACILITIES

PROVIDE ENERGY FUNCTIONS AND FACILITIES


TRAINSSTAYS ON TRACK PROVIDE NOISE & VIBRATION MITIGATION STAYS ON TRACK


THE TRAIN

PROVIDE A SECURE CONTROL AND COMMS

ENVIRONMENT

PROVIDE SAFE EGRESS AND ACCESS FOR


PROVIDE TEST FACILITIES

PROVIDE A SAFE WORKING ENVIRONMENT

PROVIDE SAFE EGRESS & ACCESS

PROVIDE OPERATIONAL AND MAINTENANCE

PLANS FOR THE RAILWAYPROVIDE OPERATION FACILITIES MONITOR & CONTROL THE RAIL INFRASTRUCTURE

PROVIDE EMERGENCY PLANNING FOR THE

RAILWAY


RAILWAY

MONITOR SECURITY ACROSS NETWORK PROVIDE OPERATION FACILITIES MONITOR & CONTROL THE RAIL INFRASTRUCTUREPROVIDE EMERGENCY PLANNING FOR THE

RAILWAY


RAILWAY

PROVIDE OPERATIONAL AND MAINTENANCE

PLANS FOR THE RAILWAY

MONITOR & CONTROL THE RAIL INFRASTRUCTURE

MONITOR & CONTROL THE STATION

INFRASTRUCTURE

MONITOR & CONTROL THE DEPOTS

MAINTAIN CIVIL ASSETS

PROVIDE A SAFE WORKING ENVIRONMENT CARRY OUT PLANNED RENEWALS

PROVIDE INFRASTRUCTURE MAINTENANCE

FUNCTIONS & FACILITIESPROVIDE WELFARE & OFFICE FACILITIES

PROVIDE DRAINAGE

CARRY OUT MAINTENANCE ACTIVITIES (PLANNED

& UNPLANNED)

PROVIDE SAFE ACCESS AND EGRESS FOR

EMERGENCY SERVICES

PROVIDE ACCESS FOR EMERGENCY SERVICES

PROVIDE A SECURE BOUNDARY

CIVIL ENGINEERING

PROVIDE A SECURE BOUNDARY

PROVIDE EARTHWORK & GEOTECH

PROVIDE SUPPORT TO AND CONSTRAIN THE

TRACK FORM

PROVIDE BUILDINGS, STRUCTURE AND FACILITIES

PROVIDE DRAINAGE

MANAGEMENT OF VEGETATION

MONITOR SECURITY ACROSS NETWORK

OTHER RAILWAYS OTHER RAILWAYS WEATHER, ENVIRONMENT

THIRD PARTIES THIRD PARTIES

STATIONS


EQUIPMENT AND MATERIALSPROVIDE TRAINING FACILITIES


FACILITIES


FACILITIES

PROVIDE TEST FACILITIES

PROVIDE CONTAMINATED DISCHARGE FACILITIES


EQUIPMENT AND MATERIALS

STAYS ON TRACK

TRAIN DEPOT

PROVIDE EGRESS FOR PASSENGERS


STAFF AND NEIGHBOURS



FACILITIES


FACILITIES


OTHER RAILWAYS

OTHER RAILWAYS



THIRD PARTIES THIRD PARTIES EMERGENCY SERVICES

PROVIDE DRAINAGE PROTECT STATION FROM RAIL VEHICLE IMPACTS PROTECT STATIONS FROM EXTERNAL IMPACTS

PROVIDE DRAINAGE


FACILITIES


FACILITIES



EXTERNAL

OPERATIONAL

NOISE & VIBRATION MITIGATION

NOISE & VIBRATION MITIGATION


TRAINS

STAYS WITHIN LOADING GAUGE

ROAD ROAD

ACCEPT AND DESPATCH TRAINS AS REQUIRED

OPERATIONAL

ROAD

PROVIDE A SAFE WORKING ENVIRONMENT PROVIDE WELFARE & OFFICE FACILITIES


FACILITIES

PROVIDE SECURE STABLING ENVIRONMENT (FOR

PASSENGER TRAINS AND OTM)

PROVIDE SECURE STABLING ENVIRONMENT FOR

TRAINSPROVIDE STATION FACILITIES


STAFF AND NEIGHBOURSPROVIDE RETAIL AND SUPPORT FACILITIES

PROVIDE A SECURE BOUNDARY PROVIDE FACILITIES FOR SERVICES


THE TRAIN

FUNCTIONALITY SHALL NOT BE IMPAIRED BY

WEATHERPROVIDE S&C LAYOUT FOR TRAINING

PROVIDE SECURE STORAGE STABLING

ENVIRONMENT FOR ENG TRAINS & OTM

RECEIVE INFO FROM CIVIL ENG INFRASTRUCTURE

RECEIVE INFO FROM CIVIL ENG INFRASTRUCTURE

SECURITY SYSTEMS

SECURITY SYSTEMS


THE TRAIN

PROVIDE A SAFE WORKING ENVIRONMENT CARRY OUT PLANNED RENEWALS

CARRY OUT MAINTENANCE ACTIVITIES (PLANNED

& UNPLANNED)

MITIGATE NOISE AND VIBRATION

RCM INFRA MAINTENANCE PLANNING SYSTEM


THE TRAIN

PROVIDE NOISE & VIBRATION MITIGATION STAYS ON TRACK

MONITOR & CONTROL THE STATION

INFRASTRUCTURE

MONITOR & CONTROL THE DEPOTS

PROVIDE RESOURCES TO IMPLEMENT

OPERATIONAL PLANS

PROVIDE RESOURCES TO IMPLEMENT

OPERATIONAL PLANS







Functional Architecture

Hazard record – output from hybrid bill design

CIVIL ENGINEERING


Road vehicle incursion

Adequate barriers/ protection of over-bridges and parallel roads

Include requirement for crossings under the railway to be shown designed and built to be fit for purpose and shown to be compliant with standards

CIVIL ENGINEERING


Road vehicle incursion

Ensure road design is adequate

Include requirement for provision of adequate barriers between adjacent roads and rail to mitigate risk of incursion

CSM-RA for specification design

• Specification design includes developing the technical standards

• How do we develop a new suite of standards for a new railway?


• HS2 is an Interoperable Railway, must comply with the European Technical Specification for Interoperability: Energy

Infrastructure

Locomotive and Passenger train

Safety in Railway Tunnels

Persons of Reduced Mobility

Control, Command and Signalling

Telematics Applications for Passenger/ Freight

Operations and Traffic Management

• These in turn call up a series of standards and processes.


• However, many new standards are being developed, approximately 300 were created for civil design.

• Theses were developed through a Integrated Design Review process (IDR 1 /2/3, IDC).

• Specific safety related standards were developed

Bridge over rail design – writing standards

• In the phase 1 route, there are 154 bridges over the railway. Bridge design standards need to deliver a safe railway, example design issues hazards include:

Bridge parapet design

Locations of bridge structures/ piers

Errant vehicle protection standard

• Develop errant vehicle protection standard Based on HS1 standard and

DfT risk assessment for bridge design

Scope differences to HS2 identified

Workshops held to identify deltas to HS2 system definition

Standard enhanced to an HS2 version delivering an equivalent level of safety

Bridge design standard

• Since the Eschede disaster in 1998, the location of structures near the railway is key

• Bridge design based on Eurocodes, civil engineering standards etc. but How far should the bridge pier be from the running line?

• Used UIC 7772-R to build derailment model

• Quantitative ALARP calculation of increase in derailment consequence vs. additional bridge cost

• Result informs bridge design standard.

An example of risk acceptance

• Inspection access during operational hours

• Given hybrid bill walkway location, train characteristics, service frequency etc.

• Is HS2 able to accept the hazards realised by allowing access to the lineside areas during passenger service operation?

• Note: This has not been chosen for operation

Hazards around lineside access Worker in vicinity of track leading to

worker struck by train

Object thrown up by passing train

Worker subjected to high noise levels

Infrastructure worker/ Train

Inadequate walking route provision leading to Slips, Trips and Falls (STF)

Manual handling of equipment

Unauthorised access leading to assault on the operational railway

Use of road vehicles leading to road traffic accidents

Being on site

Getting to site

Hazards relevant to

lineside access

Aerodynamic forces on workers

• A specific identified hazard was the effect of HS2 trains on infrastructure workers.

• HS2 has chosen to close this hazard by application of a code of practice:

• The Locomotive and Passenger Train TSI sets a value for the protection of infrastructure workers and passengers from aerodynamic effects. Sets criteria:

Aerodynamics example

Worker Type Distance (m) Air Speed (v+2σ) m/s

@ train speed kph

Maintenance workers

3.0 from the nearest track centreline

22 300 (but consider actual speed)

Platform passengers

3.0 from the nearest track centreline

15.5 200

Aerodynamics

Safe Integration

Further Assessment Sub-system specific requirements

Further Assessment

Hazard Record Information Flow Diagram

HAZARD RECORD

Amendments

to the Design

HS2 Contracts System Safety Sub-

System Specific Teams

HS2 Directorate

Technical Review

HS2 System Safety

Team Review

Hazard Closure

Review and

Acceptance

Security


• In a safety context, Security can be seen as a additional cause to a number of operational hazards.

Safety mitigation will work for security threats

Cyber security is an important consideration

A number of working groups are looking at this and rail systems

Physical security is more widely understood

Thank you

Safely designing High Speed Two · 2019-03-09 · CDM CSM-RA . CDM Hazard Register CSM-RA Hazard...

Documents

Transcript of Safely designing High Speed Two · 2019-03-09 · CDM CSM-RA . CDM Hazard Register CSM-RA Hazard...