Roma-Napoli HS line TSI Conformity Certification and Safety Assessment Roma, 16 December 2004 Carlo Carganico
Rome Naples Certification: contents EU and Italian railway legislation RFI: role and responsibility TSI Certification activities Safety Assessment activities 2
EU railway legislation 91/440/EC - on the development of the Community's railways 95/18/EC - on the licensing of railway undertakings 96/48/EC - interoperability of high speed railway network I Railway Package - licensing of RUs, allocation of infrastructure capacity and safety certification 2001/16/EC - interoperability of conventional railway network II Railway Package - European Railway Agency and Railway Safety Directive 3
Italian railway legislation DL 299/2001 transposition of Directive 96/48/EC DL 188/2003 transposition of Directives 2001/12/EC, 2001/13/EC, 2001/14/EC DM 138T granting of National Railway Network to RFI 4
RFI: role and responsibility By law, the Italian Infrastructure Manager (RFI) acts as: National Safety Authority: issuing safety related rules and standards providing the Safety Certificates to the Railway Undertaking approving safety related equipments and systems Competent Body: assessing the conformity to the essential requirements defined by Directives 96/48/EC and 2001/16/EC authorizing the putting into service of the new lines/sub-systems of the national HS and conventional lines 5
Other Companies: roles and responsibilities TAV (Adjudicating Entity): responsible for the whole system contractual aspects IRICAV1 (General Contractor): responsible for the complete design and manufacture of the whole system Consorzio Saturno (Technologies supplier): Responsible for design and manufacture of technological systems Italferr (FS Group Engineering Company): responsible for design and construction supervision 6
HS Rome-Naples: Conformity certification The new Rome Naples high speed line will be the first one to be put into service in Italy after the promulgation of the 96/48/EC Directive. The main considerable aspects of the this project from the conformity assessment point of view are the followings: Interoperability Certification by mean of a retroactive application of TSI procedures to an already designed and even realised high speed line Processes controlled with application of ISO 9001 compliant with Quality Management System Application of Cenelec Standards for Assessment of Safety Related Components and Sub-Systems 7
TSI Conformity Certification The fulfilment of essential requirements is provided with EC Certification of each structural subsystem constituting the high speed rail system. EC Conformity Certification establishes: the complying with the applicable TSI principles or, under the circumstance of derogation, the complying with the Italian legislation, rules and technical specifications as transmitted to the European Community The TSI derogation is planned in the case of advanced development of the project at the moment of TSIs issuing. 8
Conformity Certification: further requirements The verification of further safety requirements, not included in the TSIs, is performed according to national laws. For example: Safety Approval (Interlocking, Digital Track circuits,etc.) Functional Approval Field Technical verification before placing in service 9
RFI: Temporary Notified Body The Italian Ministry of Transport appointed RFI, during the temporary period between the issuing of HS TSI and conventional ones, to perform procedures for assessing the conformity and for controlling as established by legislation. Therefore RFI performs, acting as Temporary Notified Body, the EC verification activities. 10
TSI conformity activities: Module SH2 choice Considering that: Then: General Contractor and the related sub-contractors have set up and managed a project in compliance with standard ISO 9000 series Italferr has verified and surveyed the Design and Construction EC verification of Infrastructure, Energy and Control- Command subsystems, has been managed with module SH2 ( full quality assurance with design examination ) 11
EC Certification: basic activities The applied SH2 procedure (Full quality management system with design examination ) is essentially based on the following two main macro-activities: Design Review Assessment of Quality Management Systems (QMS) 12
EC Certification: the Design review Review of National Laws and Rules relevant for the Essential Requirements Comparison between TSI and National Rules requirements Collection of the Design documentation relevant for EC Verification Implementation of specific Check List to drive the Design documentation review Systematic analysis of the relevant design documentation for the complete verification of conformity with TSI (and National Rules) requirements Issuing of intermediate and final Design Review Reports 13
EC Certification: QMS Assessment activities All the Quality Management Systems (QMS) adopted are assessed at two different levels: General QMS level (System level): the general architecture and management processes of the QMS are assessed (Identification and integration of Processes, Quality documentation and procedures, etc.) QMS specific application level: the adequate application of the general QMS requirements are assessed for the specific processes adopted by the Manufactures to design, develop and install the subsystem 14
EC Conformity Certification Activities Quantities Progress Design Documentation Corpus 100.000 95% Design Review 2.000 70% QMS Evaluation 150 90% QMS Surveillance 50 50% Dynamic Integration Run-Tests 800 10% 15
The Infrastructure Register Moreover, EC Conformity Certification activity includes the issuing and updating of the Register of Infrastructure. A guideline was issued to define the characteristics to be included in the Register of Infrastructure such as: Basic parameters (es. Minimum radius of curvature, height of the contact wire) Interfaces (es. gabarit, phase and system separation sections) Performances (es. type of line, maximum operating speed) 16
Safety Assessment activities: the references The Assessment activities are carried out with respect to the CENELEC norms for the Railway field: EN 50126: whole process (life-cycle) for the Total Railway System EN 50129: defines activities and techniques to be used for the Safety demonstration of the electronic railway signaling systems; practically is the guide-line for the preparation of the Safety case that will be Assessed EN 50128: is a specific subset of EN 50129 for the software 17
Safety Assessment: roles and responsibilities Design and acceptance process is regulated by CENELEC norms and RFI procedures The suppliers must have a specific Verification and Validation department to demonstrate the fulfillment of the required safety targets RFI conformity certification department plays the role of Assessor, also using third party organizations to manage the heavy workload (thousands documents to be analyzed) but keeping continuous control of the whole process 18
Safety Assessment activities The Assessment activities cover the analysis of the Safety Case and related documents completed with audits and inspections related to: Safety and Quality management system System architecture (hardware/software) and conformity to the CENELEC standards Test witnessing Document management and requirements traceability 19
Safety Assessment activities: the RFI experience A five years experience gives to RFI the confidence with the suppliers V&V organizations V&V experts guarantee the equipment is safe for use, documenting each phase and keeping responsibility for the declarations inserted in all the applicable documents RFI, by its Assessment process, put a judgment across the activities made by the supplier 20
Safety Assessment activities: the RFI experience The developed and tested Assessment process has been applied (other than High speed line) to equipments related to all the fields covered by RFI: ACS (electronic interlocking) SCMT (ATP/ATC systems) Axle Counter Systems PAI-PL (Obstacle Detector for Level Crossing) Automatic Track Working Systems On-board tachometers 21
Rome Naples HS line CCS Subsystem architecture Control Command SCC-AV Technological system architecture Radio Block Centre RBC GSM-R Optical fiber network Interlocking BTS switches Other circuits Track circuits No switchable balise Train 22
Safety Assessment activities: the field Specific Application Safety Assessment on 25-105 Km stretch Generic Application ERTMS Safety Assessment 23
Rome Naples Safety Assessment workload Safety Assessment activities started on April 2003 About 20 people (RFI and third party companies) involved in the Safety Assessment process More than 250 documents analyzed More than 100 Technical notes issued 24
Current situation Delay on the development process of the equipments (from 1 to 2 years of delay), not related to safety problems but mainly related to operational problems Important modifications to the original design cause Verification and Validation activities to be re-applied in order to keep under control the safety of the systems The cumulated delays are shrinking the available time for the Assessment activities 25
Rome Naples Safety Assessment Highlights Products/Systems Generic Product Generic Application Interlocking Generic Application Route Management Generic Product - RBC Generic HS Signaling Products Track Circuits, Point Machines, Signals for Point Machines, etc. Generic Application Train Separation Generic Application CCS Subsystem Generic Application On-Board Subsystem Specific Application Pilot section (Km. 25-105) Progress 80% 60% 90% 60% 40% 30% 80% (VMMI 20%) 20% Scheduled March 2005 July 2005 March 2005 March April 2005 August 2005 August 2005 March 2005 August 2005 26
Conformity Certification activities The Certification Conformity includes the following stages: Design review Certification tests Checks and tests during construction Static test for each sub-system Integration tests Dynamic tests for the whole system and for safety related activities Functional assessment Safety assessment 27
Certification Conformity activities Other tasks concern with: Dynamic Test rules and procedures verification Dynamic integration and approval tests for the subsystems or the whole high speed line on: design conditions overload conditions emergency and degraded conditions Infrastructure Register and Rolling Stock Register issue and update Maintenance procedures verification Evaluation of Operational rules and Operation and maintenance personnel training programmes 28
Rome-Naples HS Approval and Put into service process Sub-System National laws and Contractual standards Conformity Verification RFI (Competent Body) Tests and System Integration Verification EC Certification of Structural Sub-Systems National Rules sent to EU Commission according with 96/48/EC Directive RFI (Competent Body) RFI (Competent Body) TAV (Adjudicating Entity) Contractual Standard Conformity Certification Test Reports TAV (Adjudicating Entity) Applicable TSIs EC Conformity Certification Contractual Conformity Declaration EC Conformity Declaration RFI Infrastructure Manager Putting in to service authorisation Pre-business service 29