HCRQ
System Safety, Software Safety Experts
Since 1986
"The Key To A Safer World"
salus populi suprema lex




Rail System Safety & Security

NEW - Excellent Webinars Taught by an Expert - Don't Miss Out!

Rail Safety-Related Courses & Who From The Rail Industry Has Attended Them

Links to Rail-Related Web Sites



Rail System Safety

Client Challenges Interesting Reading!

Rail System Safety Reference Material

HCRQ provides complete coverage in the areas of light rail and heavy rail system safety and software safety.

We have experience in the development and end-to-end implementation of rail System Safety Program Plans.

There are "domain" experts and there are "system safety and software safety" experts.
Our knowledge in system safety and software safety easily exceeds that of:
  • rail transportation system suppliers
  • rail transportation system regulators
  • rail transportation system consultants

Our experience spans:

  • Design,
  • Installation,
  • Test & Commissioning (T&C), and
  • Operation and Maintenance (O&M).

If your interest is in light rail systems, we suggest you look here.


One Of Our Rail Safety Contracts

Perform a Risk Assessment of the Florida Overland eXpress System

The FOX was intended to connect Miami, Orlando and Tampa using TGV technology with a maximum train speed of 200 mph.

We prepared and presented this risk assessment to FRA.

What were the hazards unique to Florida?
  • sink holes
  • hurricanes
  • high water table
We also provided consulting services on the System Safety Program and emergency preparedness portions of the Rules for Particular Applicability.

Another One Of Our Rail Safety Contracts

Consortium System Safety & Security Manager

It is an excellent idea to have a system safety & security manager on light rail projects. This person is the customer's single point of contact for all matters relating to safety & security. This person oversees and coordinates the safety & security aspects of design, construction, installation, T&C, and O&M and the interfaces between them. (many people have been either seriously injured or killed during construction and T&C)

In order to be effective, this person must be a very knowledgeable and experienced in rail transit system design. This person must also be granted the authority, by the rail transit consortium to influence these aspects. Customers should reject any safety & security manager who is not empowered to perform their job. In addition, this person needs to be mobile in order to oversee, interact and coordinate.

HCRQ is experienced in this role. We also have experience with customer safety and security committees. The safety committee can represent a challenge to the safety & security manager especially if the customer does not have at least one system safety engineer of their own.

HCRQ has been responsible for the production of:
  • safety certification program plan,
  • safety certification report,
  • system security program plan,
  • security threat & vulnerability analysis,
  • access control plan,
  • wayside intrusion detection analysis, and
  • security system design document.


Back to Top

JFK Airtrain

Light Rail

HCRQ has supervised not only the System Safety Programs but also the reliability, availability, maintainability of LRT systems such as:

*** Regretably, after our contract with Bombardier finished, there was a fatal accident during T&C.

We have also helped light rail subsystem suppliers with their system safety analyses.

Finally, we have assisted in the bidding process for many LRT systems such as:

Utilizing our name alone provides bidders with an edge over their competitors.


We have experience with:


Light Rail - A Word Of Warning

One of the glaring problems we witness with light rail systems, in the U.S. and Canada, is failure to involve experienced system safety engineers (not transportation system consultants) in two roles:

  • preparation of the safety sections of the technical specification, and
  • review of system safety submissions from the transit system supplier

In situations where system safety engineers are involved, sometimes they are not granted the authority to do their job properly.

HCRQ cautions those purchasing light rail systems that this represents a risk to themselves and their passengers.

3rd Rail History

Werner von Siemens (1816-1892) pioneered the use of the third rail when he used it to power an experimental electric train which he demonstrated at the 1879 Berlin Industrial Exhibition.

In the U.S., Leo Daft used a third rail system to electrify the Baltimore & Hampden lines in 1885.

The first electrically-powered subway train, which emerged in London in 1890, drew power from a third rail.


Back to Top

Safety Audits

We have performed safety audits on equipment, where software safety is of paramount importance, such as:

The problem with safety audits is defining what they imply and what level of assurance is truly provided by them.

In addition, the outcome of a safety audit is extremely dependent on the skills and experience of the auditor - Remember the phrase "garbage in - garbage out"?

Alleviate these types of concerns. Have HCRQ perform your audits.

Back to Top


Another One Of Our Rail Safety Contracts

CANAC Beltpack System

HCRQ was responsible for consulting on system safety and software safety of the CANAC locomotive control system which allows ground-based yard employees to control a locomotive equipped with an on-board computer via a RF link.

HCRQ was also responsible for planning and estimating the effort required to obtain European EN 50126, EN 50128, and EN 50129 rail standards compliance.


Another One Of Our Rail Safety Contracts

Cattron-Theimeg RCL-II System

HCRQ was responsible for consulting on system safety and software safety of Cattron's RCL-II remote locomotive control system.


Double Diamond Crossover

RAM

HCRQ is also experienced in the area of Reliability, Availability and Maintainability (RAM). The first document produced, in this regard, is the RAM Plan.

Besides safety, one of the most challenging areas is Availability with respect to light rail transit systems.

Key parameters are:

  • MTBSAF (Mean Time Between Service Affecting Failures), and
  • MTTRs (Mean Time To Restore Service).

Different types of Availability are definable such as:

  • Subjective,
  • Objective,
  • Rolling Stock

Availability Demonstrations put rail transit system suppliers on the edge of their seats due to financial penalties which they incur if they fail to reach the contractual targets.

An Availability Demonstration is driven by an:

  • Availability Demonstration Test Plan, and
  • Availability Demonstration Test Procedure.
Back to Top

Another One Of Our Rail Safety Contracts

Acela Tilting System

Bombardier Transportation Systems and GEC Alstom provided 18 trainsets that traverse the Washington, D.C. - New York City - Boston route at speeds up to 150 mph (240 km/h).

The Acela uses a tilting system. Tilting the body of a rail passenger car during curve negotiation offers the possibility of increasing the speed of a trainset in a curve without exceeding the maximum allowed steady state lateral acceleration felt by the passengers. Typically, the centrifugal acceleration must be lower than 1 m/sec/sec. This feature reduces the overall travelling time without requiring track modification.

We provided consulting assistance in connection with the safety of the tilting system.


Positive Train Control (PTC)

Perhaps you have heard about the FRA approval of BNSF's Electronic Train Management System (ETMS). This is an example of a PTC system. HCRQ has significant experience with ETMS's predecessor - the Illinois Department Of Transportation (IDOT) PTC.

The purpose of the IDOT PTC was to prevent:

  • train-to-train collisions,
  • derailments due to over-speed, and
  • collisions between trains and roadway workers or their equipment while working within their authority limits.

The current operating time between Chicago and St. Louis is about 5½ hours, and IDOT would contribute towards reducing this time to about 3½ hours. This reduction in running time requires that the current top speed limit of 79 mph, imposed by the current signal technology, be increased to 110 mph by the application new technology.

The IDOT PTC architecture comprised five major systems. Four of these systems are the information processing systems that included:

  • the IDOT PTC Server,
  • locomotive on-board computers and peripherals,
  • a track force terminal on board work vehicles, and
  • in the field, Wayside Interface Units (WIUs) interfacing with control points, intermediate signal sites, highway crossing warning systems and train defect detectors.

The fifth system, and the IDOT PTC keystone, was a data communication system which tied the various information processing systems together.

HCRQ has significant first-hand system safety and software safety analysis experience with Positive Train Control and 49CFR236 Subpart H.

We have provided guidance and input on:

For more information regarding our PTC experience contact Karl Lindberg.

Back to Top


49CFR236 Subpart H

HCRQ has provided:

  • system safety consulting services,
  • software safety consulting services, and
  • training

with respect to compliance with this regulation. In fact we were the first to do so!

Subpart H requires a Railroad Safety Program Plan (RSPP),
and a 20-section Product Safety Plan (PSP) including:

  • risk assessment, and
  • safety assessment.

Check out our system safety course on 49CFR236 Subpart H.


49CFR238.105

Some of our clients must comply with 49CFR238 Subpart B
"Safety Planning and General Requirements" which includes 49CFR238.105.

49CFR238.105 - "Train Electronic Hardware and Software Safety"
requires a hardware and software safety program including:
hardware and software FMECA {hmm, stop, really think about this}
and several other interesting requirements listed in paragraph (c).

HCRQ has provided:

  • system safety consulting services,
  • software safety consulting services, and
  • training (no wonder!)

with respect to compliance with this regulation. Again, we were the first to do so!


EIC PRT

TTCI is developing an Employee In Charge (EIC) Personal Remote Terminal (PRT).

The EIC PRT is a handheld portable computer terminal for use by the roadway worker who establishes on-track safety for others in roadway work groups and lone workers who establish their own protection. Its initial functionality will enable an EIC to authorize train entry into and set the speed limit within a Maintenance of Way Protection (MWP).

The EIC PRT must comply with 49CFR236 Subpart H.

Due to its experience with the IDOT PTC, and its expertise in system safety and software safety, TTCI retained the services of HCRQ to guide the system safety effort, software safety effort and to assist with the preparation of the project documentation.

HCRQ also provided software safety training to the EIC PRT Project Team.

Back to Top


Rail System Security

The importance of rail system security has increased substantially due to the threat of terrorism.

A transit system is vulnerable to certain types of threats including:

A transit system can face threats to its security including curious children, destructive passengers, criminals, and even disgruntled workers.

A potential security problem exists when these two components - threat and vulnerability - coincide.


System Security Program Plan

The development of a System Security Program Plan and its implementation, in the form of a System Security Program, ensures that security is built into the rail system concurrent with system development.


System Security Program

The System Security Program Plan orchestrates the System Security Program.

The purpose of this Plan is to set forth the approach, organization and methodology to be used to ensure the thorough and timely identification, evaluation and elimination or minimization of potential security hazards throughout the life-cycle of the system.


System Security Principles

The foundational principles of system security are clearly stated in FTA's Transit Security Handbook:

"System security is a form of risk management that eliminates or controls threats and vulnerabilities through an ongoing threat and vulnerability resolution process. The system security approach identifies, evaluates, and controls security threats and vulnerabilities through all system life cycle phases. Security is addressed in the design, construction, and operation of the transit system. This proactive approach encourages both the design of features which "harden" system elements against criminal activity, and the implementation of security information monitoring systems, which identify and control new threats and vulnerabilities. This approach also identifies designs technologies, and deployment strategies that assist in reducing patron fear.

A System Security Program utilizing the systems approach offers the functional and integrated capability of protecting users and operators of the system, as well as the resources of the system. The basic elements of protection involve prevention or deterrence of acts or conditions threatening the safety or welfare of those persons or resources, and corrective or remedial action to limit the effects of such acts or conditions when they do occur.

The system security approach relies on threat and vulnerability management. This threat identification and resolution process includes a thorough examination of the role and interrelationship between the four elements of the System:

  • Passengers and employees,
  • Equipment and facilities,
  • Procedures, and
  • Environment

Such an approach will assist in minimizing System threats while providing the highest level of security practical."


Threat And Vulnerability Analysis

Threats and vulnerabilities should be identified, examined, and appropriately resolved.

The overall process is usually referred to as a Threat and Vulnerability Analysis (TVA).

Similar to the approach used for system safety where a Preliminary Hazard Analysis is used to analyze system hazards, a Threat and Vulnerability Analysis is used to analyze security hazards.


Security Risk Management

It is impossible for a transit system to be completely secure.

Management of security issues is a process of risk management.

It is necessary to identify the major vulnerabilities and to identify threats to which the System is subject.

These identifications should be done independently so that assumptions about vulnerability do not hide the possibility of problems with threats.

Once the vulnerability and threat areas are brought into focus, the security resources can be applied to solve specific problems.


TTC Safer Train

TTC announced a safer train that it hopes to have in service by 2009. Some of the features include:

  • Elimination of space under seats which prevents potentially dangerous items from being tucked in and left behind
  • Ceiling-mounted security cameras to deter harassment and assaults
  • Passenger alarm intercom systems, so riders can talk to train crew members
  • On-board LCD screens that can transmit emergency messages
  • Built-in ramps at the front and end of the train to make evacuation easier


We're Here To Help

If you need help:

  • developing a System Security Program Plan,
  • implementing a System Security Program,
  • performing a Threat and Vulnerability Analysis,
  • developing an Access Control Plan, or
  • performing a Wayside Intrusion Detection Analysis

look no further!

HCRQ has the experience you are looking for!

Back to Top

European Rail Standards

Three of the well known European rail standards are:

  • EN 50126 / IEC 62278 (Railway Applications - The Specification And Demonstration Of Reliability, Availability, Maintainability and Safety (RAMS));
  • EN 50128 / IEC 62279 (Railway Applications - Communications, Signaling And Processing Systems - Software For Railway Control And Protection Systems); and
  • EN 50129 (Railway Applications - Communication, Signaling And Processing Systems - Safety Related Electronic Systems For Signaling)

These are examples of application sector standards referred to by IEC 61508 (Functional Safety Of Electrical/Electronic/ Programmable Electronic Safety-Related Systems).

EN50128 requires a number of software documents to be generated throughout the development process such as:

  • Software Requirements Specification
  • Software Architecture Specification
  • Software Design Specification
  • Software Module Design Specification
  • Software Source Code & Supporting Specification
  • Software Requirements Test Specification
  • Software Module Test Specification
  • Software Module Test Report
  • Software Quality Assurance Plan (SQAP)
  • Software Configuration Management Plan
  • Software Verification Plan
  • Software Requirements Verification Report
  • Software Architecture & Design Verification Report
  • Software Module Verification Report
  • Software Source Code Verification Report
  • Software Integration Test Plan
  • Software Integration Test Report
  • Software/Hardware Integration Test Plan
  • Software/Hardware Integration Test Report
  • Software Validation Plan
  • Software Validation Report
  • Software Assessment Report
  • Software Maintenance Plan
  • Software Change Records
  • Software Maintenance Record

Need to know how to apply these standards to existing systems? Click here.

Another European rail standard is:

  • EN 50159 (Railway Applications - Communication, Signalling, and Processing Systems - Safety-related Communication)

Back to Top

Client Challenges

  • Some of our U.S. clients are faced with the challenge of meeting EN 50126/50128/50129 requirements for their existing systems.
  • Others must meet the requirements of NFPA 130 or IEEE 1483.
    • NFPA 130, from the National Fire Protection Association, is "Fixed Guideway Transit and Passenger Rail Systems".
    • IEEE 1483 is the "Standard For Verification Of Vital Functions In Processor-Based Systems Used In Rail Transit Control".
  • Some must comply with "49CFR Part 209, 234 and 236 Subpart H - Standards for Development and Use of Processor-Based Signal and Train Control Systems".
    • By the way, HCRQ has a system safety course which focuses on Subpart H safety requirements!
  • Others are faced with the challenges of designing security into driverless light rail systems which service international airports.
  • Some have no Corporate Safety Policy.
  • System integrators have called us in to assist their subcontractors with safety analyses.
  • Some spent 3 to 5 times their safety budget before they conceded that they needed expert guidance.
  • Others spent a chunk of their safety budget before realizing that their current safety consultants were lacking.
    • A few made the mistake of focusing on the lowest bid.
  • Some discovered that their current safety consultants were inadequate when preparing for and representing them at meetings with their client.
    • Remember, each safety action has an associated cost, and everyone has an opinion about safety!
  • Still others require the services of a system safety and security manager, acting as a single point of contact with their customer on all safety and security issues through the phases of:
    • Design,
    • Construction,
    • Installation,
    • T&C, and
    • O&M.
We are here to help.

Back to Top

More Information

Rail System Safety - contact Karl Lindberg.
System Security - contact Desert Fields.
Back to Top


Links to Rail-Related Web Sites

A

Back to Top

B

Back to Top

C

Back to Top

D

Back to Top

E

Back to Top

F

Back to Top

G

Back to Top

H

Back to Top

I

Back to Top

K

Back to Top

L

Back to Top

M

Back to Top

N

Back to Top

O

Back to Top

P

Back to Top

R

Back to Top

S

Back to Top

T

Back to Top

U

Back to Top

V

Back to Top

W

Back to Top

Y

Back to Top


Rail System Safety Reference Material

If you are looking for other types of rail system reference material click here.

Accidents/Incidents

  • FRA Guide For Preparing Accidents/Incidents Reports, DOT/FRA/RRS-22, Office of Safety, May 1, 2003.
  • Critical Incident Management Guidelines, Federal Transit Administration, FTA-MA-26-7009-98-1, July 1998.
Back to Top

System Safety Programs

  • Manual For The Development Of Rail Transit System Safety Program Plans, American Public Transportation Association, May 1999.
Back to Top

System Safety

  • A Critical Look At The CENELEC Railway Application Standards, Odd Nordland SINTEF Telecom and Informatics, Trondheim, Norway, Presented at the TÜVIT Seminar Application Of The International Standard IEC 61508, January 2003 in Augsburg, Germany.
  • Assessment Criteria for Railway Safety Cases, Health & Safety Executive, April 2001.
  • Automated People Mover Standards - Part 1, American Society of Civil Engineers, ASCE Standard No. ASCE 21-96, ISBN 0-7844-0193-4, 1997.
  • Automated People Mover Standards - Part 2, American Society of Civil Engineers, ASCE Standard No. ASCE 21-98, ISBN 0-7844-0447-X, 1999.
  • British Standard Code Of Practice For Fire Precautions In The Design And Construction Of Railway Passenger Rolling Stock, British Standards Institution, BS 6853:1999.
  • Code Of Federal Regulations, Title 49, Transportation, Parts 200-240 (49 CFR).
  • Event Recorders For Rail Rapid Transit Systems, Federal Transit Administration, FTA-VA-26-7004-98-1, June 1998.
  • Fire Safety Countermeasures For Urban Rail Vehicles, U.S. DOT, DOT-VNTSC-FTA-92-1, 1989.
  • Fire Safety Of Passenger Trains: A Review Of Current Approaches And Of New Concepts, U.S. DOT, FRA, DOT/FRA/ORD-93/23, DOT-VNTSC-FRA-93-26, 1999.
  • Handbook for Transit Safety and Security Certification, Federal Transit Administration, FTA-MA-90-5006-02-01, DOT-VNTSC-FTA-02-01, November 2002.
  • Hazard Analysis Guidelines for Transit Projects, Federal Transit Administration, DOT-FRA-MA-26-5005-00-01, DOT-VNTSC-FTA-00-01, January 2000.
  • Implementation Guidelines For State Safety Oversight Of Rail Fixed Guideway Systems, U.S. DOT, FTA, DOT-FTA-MA-90-7006-96-3, DOT-VNTSC-FTA-96-5, July 1996.
  • NFPA 130: Fixed Guideway Transit and Passenger Rail Systems, National Fire Protection Association.
  • Principles of Technical Approval for Signalling and Communications Technology - Mu 8004, Deutsche Bundesbahn.
  • Preventative Fire Protection In Railway Vehicles, DIN 5510.
  • Rail Safety Management System Guide - TP 13548, Transport Canada, February 2001.
  • Railway Applications - Communication, Signalling, and Processing Systems - Part 1: Safety-related Communication In Closed Transmission Systems - EN50159-1, CENELEC, March 2001.
  • Railway Applications - Communication, Signalling, and Processing Systems - Part 2: Safety-related Communication In Open Transmission Systems - EN50159-2, CENELEC, March 2001.
  • Railway Applications - The Specification And Demonstration Of Dependability, Reliability, Maintainability, And Safety (RAMS) - EN 50126, CENELEC , September 1999.
  • Railway Applications - Radio Remote Control System Of Traction Vehicle For Freight Traffic - EN50239, CENELEC, December 1999.
  • Railway Rolling Stock, Fire Behavior, Choice of Materials - NF F16-101, French Railway Standard (AFNOR), October 1, 1988.
  • Railway Rolling Stock, Fire Behavior, Choice of Materials, Application To Electrical Equipment - NF F16-102, French Railway Standard (AFNOR), April 1, 1992.
  • Railway Rolling Stock, Fire Protection and Fire Fighting, Design Arrangements - NF F16-103, French Railway Standard (AFNOR), July 1, 1989.
  • Railway Rolling Stock, Fire Resistance For Seats - NF F16-201, French Railway Standard (AFNOR), March 1, 1990.
  • Recommended Fire Safety Practices For Rail Transit Materials Selection, Federal Register Vol. 49, No. 158, August 1984.
  • Regulations Relating To Fire Protection And Fire Fighting Measures In Passenger Carrying Railway Vehicles Or Assimilated Vehicles Used On International Services, International Union Of Railways Standard, UIC Code 564-2.
  • Safety Case Assessment Manual, Health & Safety Executive, April 2001.
  • Safety Management Information Statistics (SAMIS) - 1998 Annual Report, Federal Transit Administration, FTA-MA-26-5011-00-1, December 1999.
  • Standard for Verification of Vital Functions in Processor-Based Systems Used in Rail Transit Control - IEEE 1483, 2000.
  • Standards for Development and Use of Processor-Based Signal and Train Control Systems - 49CFR Part 209, 234 and 236 Subpart H.
  • Train Door Emergency Egress and Access and Emergency Evacuation Procedures - Safety Report, ITSRR, Transport Safety Regulation Division, ISBN 0975691317, November 2004.
  • Train Electronic Hardware and Software Safety- 49CFR238.105.
Back to Top

Hardware/Hardware Safety

  • Railway Applications - Safety Related Electronic Systems For Signalling - EN 50129 , CENELEC , February 2003.
Back to Top

Software/Software Safety

  • Quality Principles, Software-Based Equipment, Association of American Railroads, Signal Manual, Section 17, 1995.
  • Railway Applications - Software For Railway Control And Protection Systems, Draft European Standard prEN 50128 , CENELEC , March 2001.
  • Safety Related Software For Railway Signalling, BRB/LU LTD/RIA Technical Specification No. 23, Railway Industry Association, 1991.
Back to Top

System Reliability

  • Glossary Of Reliability, Availability, And Maintainability For Rail Rapid Transit, American Public Transportation Association, #TEC-007, 1978.
  • Guidelines For Rapid Transit Equipment Reliability, Availability, And Maintainability Assessment, American Public Transportation Association, #TEC-010, 1978.
  • Guidelines For Rapid Transit Equipment Reliability, Availability, And Maintainability Specification, American Public Transportation Association, #TEC-011, 1981.
Back to Top

Emergency Preparedness

  • Recommended Emergency Preparedness Guidelines For Elderly And Disabled Rail Transit Passengers, U.S. DOT, UMTA, UMTA-MA-06-0186-89-1, May 1997.
  • Recommended Emergency Preparedness Guidelines For Passenger Trains, U.S. DOT, FRA, DOT/FRA/ORD-93/24, DOT-VNTSC-FRA-93-23, December 1993.
  • Recommended Emergency Preparedness Guidelines For Urban, Rural, And Specialized Transit Systems, U.S. DOT, UMTA, UMTA-MA-06-0196-91-1, DOT-VNTSC-UMTA-91-1, February 1995.
  • Recommended Emergency Preparedness Guidelines For Rail Transit Systems, U.S. DOT, UMTA, UMTA-MA-06-0152-85-1, DOT-TSC-UMTA-84-26, August 1992.
  • Safety Planning Information Directed To Emergency Response: Resource Manual, U.S. DOT, SPI-JNB-94-005, K-148-000.
Back to Top


Rail Safety-Related Courses

HCRQ offers the following rail-related courseware:


Rail Safety-Related Course Attendees

  • ABB
  • Alcatel
  • BNSF
  • Bombardier
  • CANAC
  • Cattron-Theimeg
  • CP Rail
  • FRA {2 courses}
  • Lockheed Martin
  • New York Air Brake {3 courses}
  • Quester Tangent Corporation
  • Safetran
  • TTCI
  • Volpe Center
  • WABCO Transit
  • WABTEC Railway Electronics
Back to Top