RAMS and how to control it

EN 50126 is all about controlling the RAMS parameters of a Railway system (e.g. a complete train, an LED lamp etc.).

It appears directly from the title: “Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS)”.
The RAMS parameters are linked as shown at Figure 2:


Interpretation
The RAMS parameters are useful when categorizing different items e.g.:

• the requirements to and specifications of the system
• faults and findings during design and service.

This way, all parties (Operator, Supplier, Safety Authority, Assessor) know what we are talking about if e.g. an error is disclosed during testing: Is the fault a Reliability issue, an Availability issue, a Maintainability problem or a Safety problem.

Lets say we have a new train ready and approved for operation, but some errors exists. The errors have been categorized as Reliability issues, which are not directly safety-related. In this case Figure 2 above would look as shown on the left:

The yellow "Reliability" in the bottom will cause a Yellow "Availability" in the middle, which again will cause a yellow top level "Railway RAMS".


Since we have a green "Maintainability" in the bottom, it might be possible to increase the "Maintenance" work and hereby compensate for the yellow "Reliability", so we obtain a green "Availability", which again will cause a green top level "Railway RAMS". See the Figure below.

This is controlling RAMS!






Next chapter >> 2.2 The V-model






From the Source (EN 50126)

The links are described more detailed in chapter 4.3.2 and 4.3.3 in EN 50126:1999:

"Safety and availability are inter-linked in the sense that a weakness in either or mismanagement of conflicts between safety and availability requirements may prevent achievement of a dependable system. The inter-linking of railway RAMS elements, reliability, availability, maintainability and safety is shown in figure 2."
"Attainment of in-service safety and availability targets can only be achieved by meeting all reliability and maintainability requirements and controlling the ongoing, long-term, maintenance and operational activities and the system environment."

A more elaborated version of Figure 2 is given in Figure 5 (not shown here).

Read more...

When is the Assessor independent?

The Assessor should be independent from the Supplier and Customer of the product. The needed "Degree of economical and organizational Independency" is decided by the Safety Authority.



As it can be seen above, from Figure 6 in EN50129:2003, the Assessor can not be a part of the same organisation, in which the Project Manager, Designer, Implementer, Verifier or Validator belongs.

Interpretation

The idea of complete "independence" should be substituted with the more flexible concept: "The degree of economical and organizational independence". This concept can furthermore be simplified in to whether it should be in-house or external assessment.

The in-house assessment-divisions are - due to historical reasons - organizations placed inside the large suppliers e.g. Siemens, Bombardier, Alstohm, Alcatel. Because they are organizations inside the suppliers, they have a low "degree of economical and organizational independence". Nevertheless, the Safety Authorities often allows these divisions as Assessors, because they trust the in-house assessment:

1. The in-house assessment-divisions have a high technical knowledge of the products,
2. the entire reputation of the companies depend on their integrity and
3. the alternative external Assessor-companies are just the same paid by the suppliers, which undermines their independence.

External assessment can be performed by inspection companies like DNV, Lloyds and Tüv, which have a high degree of economical and organizational independency, because they do not have any shareholders, but are owned by a foundation.
Another alternative could be the Advisors like Atkins, which have shareholders, but still have a high degree of economical and organizational independence from the traditionally railway Suppliers, Infrastructure owners and Operators.

As a guideline to the minimum needed degree of independence the following criteria can be used: What is the SIL-level of the products safety functions? And how complex is the Project? This interpretation is shown in the table below.

For SIL1/2 or simple projects, the degree of independence it not so important for the safety. In these cases it is often more convenient (faster, less paperwork) with in-house assessment.
For SIL 3/4 and complex projects, it is necessary with a high degree of independence for safety reasons and external Assessors from Assessor-companies should be involved.

Next chapter >> 5.3 Competence of the Assessor?

Focus on the source (/TR 50126/, "Guide to EN 50126")

In TR 50129 ("guide to EN50129") Draft 2006, chapter 7.1.2, is the word "Organization" interpreted to either an external organization or an autonomous in-house organization:

"In general the Safety Assessor or the Safety Assessment Organisation must be accepted by the safety authority. The safety Assessor could be either a member of the in-house organisation (e.g. Assessment Centre) or an independent external organisation. The degree of the independence of the Assessor from the development and RAMS Process must be proven and accepted by the safety authority in charge of the approval. The Assessment organisation should have an accreditation in accordance with EN 45004.

(The mentioned standard EN 45004 contains some requirements to an in-house department regarding economical and organizational independence from the other departments and some professional skills to the Head of the department.)



Read more...

Mandatory EN standards for ERTMS

At ERA is shown a List of Mandatory EN Standards.

Please note

The listed standards are only Mandatory for ERTMS/ETCS lines - not for the national lines.



Read more...