In our previous blog, “Keeping Safety on track in the Rail Sector”, we looked at the benefits of marrying the Cone of Uncertainty concept with the Reliability, Availability, Maintainability and Safety (RAMS) lifecycle. This enables us to assess more accurately the uncertain nature of the quality and safety characteristics of embedded safety railway system design over the course of development.
In this blog we visit further the standards we have in place for railway embedded safety systems. We will look at to what extent we could benefit from those in a process of assessing safety and quality maturity of a particular embedded safety system / subsystem design.
The most relevant RAMS standards we have for railway embedded safety systems are the following:
• EN 50126-1:2017 – Railway Applications – The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) – Part 1: Generic RAMS Process
• EN 50126-2:2017 – Railway Applications – The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) – Part 2: Systems Approach to Safety
• EN 50128:2011 – Railway Applications – Communication, signaling and processing systems – Software for railway control and protection systems
• EN 50129:2003 – Railway applications – Communication, signaling and processing systems – Safety related electronic systems for signaling
• EN 50155:2017 – Railway application – Rolling stock – Electronic equipment
Evaluation of the plausibility of information in hand for safe design
Assessing the level of commercial release readiness for the embedded safety design can be challenging. Availability of design information and the level of accuracy of that information pertaining to the particular revision of the design could vary greatly. Time pressures on such decisions are also a common issue.
One of the most essential aspects is to identify the RAMS life cycle phase which we are at.
The RAMS life cycle itself describes system, hardware and software design development levels tailored by the manufacturer. The RAMS life cycle tailoring could fragment towards hardware and software design development life cycles.
The phase we are looking at to assess the safety maturity of the embedded design at RAMS system level, however, means that the embedded safety design readiness evaluation for software design should not be in isolation. It should also look at the safety maturity of the hardware design and vice versa, if the hardware design is in evaluation. All these hardware and software pieces of the embedded design are ideally controlled by an established configuration management system. For release readiness evaluation purposes, a scoring system could be useful that would encompass release readiness decisions.
One aspect of such a safety maturity scoring system could be the plausibility factor of the available information. For determining such plausibility factor, the uncertainty level could be assigned to each individual RAMS lifecycle phase, based on the overarching diagram we have already shared in our previous blog.
Let’s have a look at an example for this concept. A company decides that the information available for a particular design at the RAMS life cycle phase “System acceptance” represents 90 percent confidence on the truthfulness and accuracy of the information. They assume that the uncertainty over the RAMS life cycle is similar to an exponential distribution.
The table above illustrates the release readiness plausibility factors that this company has over the RAMS life cycle phases. It could encompass assessing the level of uncertainty for release decisions made at any earlier time than the “System acceptance”.
In our next closing post for the “Keeping Safety on track in the Rail Sector” series we will look into further subtle safety maturity evaluation concepts, particularly for embedded hardware and software designs.
By Szabolcs Agai, Functional Safety Consultant