ERTMS/ETCS Configuration Management

ERTMS/ETCS Configuration Management Bernhard Stamm Siemens Transportation Systems Nick Cory Bombardier Transportation 1

Configuration Management What is it? What to? Why? How? When? Who does it? 2

Configuration Management What is it? What to? Why? How? When? Who does it? 3

What is Configuration Management? Definition according to IEEE Std-729-1983: Configuration Management is the process of identifying and defining the items in a system, controlling the change of these items throughout their lifecycle, recording and reporting the status of items and change requests, and verifying the completeness and correctness of items 4

What is Configuration Management? Definition according to EN50126-1999: A discipline applying technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item, control change to those characteristics, record and report change processing and implementation status and verify compliance with specified requirements. 5

What is Configuration Management? Or simpler: All measures to take care that a system that is made up of different parts continues to work properly over time, even if some of these parts change. 6

What is Configuration Management? Or even simpler: 7

What is Configuration Management? Or as an example: If you go on a business trip and take your new mobile phone with you, but accidentally together with your old battery charger, then your Configuration Management has failed 8

What is Configuration Management? EN50126-1999: Life Cycle Phase 13 Modification and retrofit The objective of this phase shall be to control system modification and retrofit tasks to maintain system RAMS requirements. to establish, implement and regularly review a process to control system modification and retrofit in the context of RAMS, including: - a RAMS impact analysis on the change - a procedure for verifying, validating and accepting the RAMS performance of the system following modification and retrofit Key Output: A validated modified system. 9

Configuration Management What is it? What to? Why? How? When? Who does it? 10

What do we configure in ERTMS/ETCS? ETCS Standard Projects versus Standard Products versus Standard Projects Products Projects versus Products 11

What do we configure in ERTMS/ETCS? Examples: ERTMS/ETCS Standard If the UNISIG SRS is updated to version 3.0.0, most other documents have to be updated as well. ERTMS/ETCS Products HW/SW components onboard a locomotive have to fit together ERTMS/ETCS Applications Assigning values to variables to identify balises, train categories, track gauges etc. has to be coordinated. 12

What do we configure in ERTMS/ETCS? Examples: Products versus Standard If the SRS is updated to version 3.0.0, products will have to be updated too to remain compliant. Projects versus Products Projects have to use products only that fit together, so updating a project to SRS 3.0.0 has to be done in parallel with updating the products. Projects versus Standard Engineering rules specified have to be followed in the engineering phase. 13

Configuration Management What is it? What to? Why? How? When? Who does it? 14

Why Configuration Management? The main reasons for running a Configuration Management in ERTMS/ETCS are Safety and Availability Safety can only be maintained if the configuration of a systems is kept consistent at all times. The availability of a system also depends largely on a proper system configuration. 15

Why Configuration Management? Safety Example: Extract from an FAA accident report: PROBABLE CAUSE: "(1) The captain and first officer's inadequate cockpit discipline, which resulted in the flight crew's attempt to takeoff without the wing flaps and slats properly configured; and (2) the failure of the takeoff configuration warning system to alert the crew that the airplane was not properly configured for the takeoff. 16

Why Configuration Management? Availability Example: Recent press release: On 11. November 2004, more than 5500 EC-cashiers, bank teller machines etc. have been out of service in Vienna due to a faulty software that had been installed the night before. 17

ALCATEL * ALSTOM * ANSALDO SIGNAL * BOMBARDIER * INVENSYS RAIL * SIEMENS Why Configuration Management? Safety and Availability Example: Rail (and road) traffic was interrupted for several hours because the vehicle configuration was incompatible with the infrastructure: 18

Configuration Management What is it? What to? Why? How? When? Who does it? 19

How do we configure ERTMS/ETCS? Different measures have to be taken to ensure that a system is configured correctly at all times. These measures can be of Procedural or Technical Nature Some of these measures have to be harmonized, others are specific to individual countries, user, suppliers or projects. 20

How do we configure ERTMS/ETCS? Example of procedural measures: Handling of Variables in ERTMS/ETCS UIC and UNISIG have together specified a procedure to ensure that values assigned to variables in the ERTMS/ETCS language are correctly coordinated. One of these variables is the country code that serves a number of purposes, for example to ensure that the correct national shunting speed is supervised, or that a position report of a train is handled correctly. 21

How do we configure ERTMS/ETCS? Example of technical measures: System version management A concept called System Version will be introduced in the ERTMS/ETCS SRS 3.0.0. This forms the basis for future upgrades, as it ensures that an upand downward compatibility between certain versions exists and that an asynchronous upgrade of onboard and trackside equipment is possible. 22

How do we configure ERTMS/ETCS? 2.0 => TSI & legally operable 3.0 => TSI 3.0 legally operable 4.0 => TSI 2.0 illegally operated 4.0 legally operable RBC 2.0 Bal,L,RIU 2.0 OB 2.0 Bal,L,RIU 2.0 (pck INV 2.0 => 3.0) Bal,L,RIU 2.0 (pck INV 2.0 =>4.0) A B OB 3.0 + 2.0 RBC 3.0 E Bal,L,RIU 3.0 Bal,L,RIU 3.0 (pck INV 3.0 => 4.0) C F D Bal,L,RIU 4.0 RBC 4.0 Bal,L,RIU 4.0 OB 4.0 + 3.0 time 23

How do we configure ERTMS/ETCS? 3.0 RBC 3.0 3.0 on-board 4.0 + 3.0 4.0 4.0 24

How do we configure ERTMS/ETCS? Influence on the Trans European use of ERTMS/ETCS: It will be possible to operate two subsequent major system versions at any time It will be possible to keep balises, loops and radio infill units with even older system versions in use However The introduction of new versions will require the elimination of older versions, at least on interoperable parts of the network, within certain time limits The on-board equipment will have to be fitted to operate according to two system versions 25

How do we configure ERTMS/ETCS? Example where a similar procedure is used: TCAS (Traffic Alert and Collision Avoidance System) Most current version is 7.0 7.0 is downward compatible to the previous version 6.04a Version 7.0 is mandatory to operate in Europe, as it s advanced features are used in the crowded European airspace Version 6.04a can still be operated in North America for some time, however planes operating worldwide had to be upgraded 26

Configuration Management What is it? What to? Why? How? When? Who does it? 27

When to do Configuration Management? 1 st issue: Configuration Management over the development lifecycle of ERTMS/ETCS: Configuration Management 28

When to do Configuration Management? 2 nd issue: Configuration Management during the use of ERTMS/ETCS: A similar process will have to be established for managing Project engineering Commissioning Daily operation Maintenance System upgrades 29

Configuration Management What is it? What to? Why? How? When? Who does it? 30

Who does Configuration Management? Authorities ERA National Safety Authorities Organizations EC UIC AEIF Suppliers Signaling Industry Engineering companies Consultants Users Railways Infrastructure companies Operators 31

Conclusion 32