Reference report Traffic & Transportation

Similar documents
Efficient remote access to machines and plants with SIMATIC

Plant automation and telecontrol in one system. SIMATIC PCS 7 TeleControl SIMATIC PCS 7. Answers for industry.

Reference report Oil & Gas

SICAM PAS - the Key to Success Power Automation compliant with IEC and your existing system

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

Patch management and security. updates SIMATIC. Process Control System PCS 7 Patch management and security updates. Preface 1

Simis W electronic interlocking. Safe and economical.

Trains crossing at Toronto s Old Mill Station 2009 TTC. Train Control

TfNSW Standard Requirements TSR T Technical Management

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September Answers for industry.

Protecting productivity with Plant Security Services

SIMATIC WinCC. The scalable and open SCADA system for maximum plant transparency and productivity. siemens.com/wincc

Siemens ENEAS solutions for substation automation and protection

FIBER OPTIC APPLICATION IN A PROFIBUS NETWORK

Training Document for Comprehensive Automation Solutions Totally Integrated Automation (T I A) MODUL E04

Permissible ambient temperature Operation Storage, transport

FAdC i FRAUSCHER Advanced Counter i

Controlling Risks Safety Lifecycle

Railway Business Strategy and R&D in Europe

ABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

C o v e r. Thin Client Application Options. SIMATIC Thin Client s FAQ h April 2009 e et. Service & Support. Answers for industry.

PROCESS DATA VISUALIZATION AND MONITORING USING INTERNET

DeltaV SIS for Burner Management Systems

A MODERN DISTRIBUTION MANAGEMENT SYSTEM FOR REGIONAL ELECTRICITY COMPANIES

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

Overview of IEC Design of electrical / electronic / programmable electronic safety-related systems

Siemens AG Fieldbus solutions with the SIMATIC PCS 7 distributed control system. Brochure April 2010 SIMATIC PCS 7. Answers for industry.

Automatic Fire Fighting Monitors

Development of a Gateway to PROFIBUS for Remote Diagnostics

SIMATIC Route Control Configuration, Control and Diagnostics of Material Transports. Product Brief February 2004

Multiagent Control of Traffic Signals Vision Document 2.0. Vision Document. For Multiagent Control of Traffic Signals. Version 2.0

Transmission and distribution service level agreements

PROFINET IO Diagnostics 1

Designing a Microsoft Exchange Server 2003 Organization

OPC Redundancy Power of Prevention

SCADA Questions and Answers

WinCC Runtime Professional Readme SIMATIC HMI. WinCC V11 SP1. Readme WinCC Runtime Professional. Special considerations for Windows 7.

Version: 1.0 Latest Edition: Guideline

PIPELINE ENGINEERING - Pipeline System Automation and Control - C. Bruce Warren and Mike S. Yoon PIPELINE SYSTEM AUTOMATION AND CONTROL

Design of automatic testing tool for railway signalling systems software safety assessment

Industrial IT for Substation Automation & Protection

White Paper. Technical Capabilities of the DF1 Half-Duplex Protocol

WinCC OA Partner Program

Designing a Microsoft Exchange Server 2003 Organization

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Field Products. Experion LX. Proven, Easy to Use and Purpose-built Distributed Control System

Applications & Tools. Configuration of Messages and Alarms in WinCC (TIA Portal) WinCC (TIA Portal) Application description December 2012

Extend and optimize the life of your plant the modular Life Cycle Service portfolio

CTCS Chinese Train Control System

S-series SQ Controller

FOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW

Is your current safety system compliant to today's safety standard?

NATIONAL INSTITUTE FOR CERTIFICATION IN ENGINEERING TECHNOLOGIES. Level III Content Outline

Trademark Notice. General Disclaimer

Purpose Computer Hardware Configurations... 6 Single Computer Configuration... 6 Multiple Server Configurations Data Encryption...

Hardware safety integrity Guideline

MM8000 safety and security with smart danger management. A scalable and flexible management station for any requirement. Answers for infrastructure.

Automation, Software and Information Technology. Test report of the type approval safety-related automation devices

Connectivity solutions for transport automation

Module 5. Broadcast Communication Networks. Version 2 CSE IIT, Kharagpur

Alert ALARM MANAGEMENT

Grid Automation Products. MicroSCADA Pro for substation automation

Cut down your costs, increase your productions efficiently with the knowledge of PLC s Siemens technology. SITRAIN TM THAILAND Page 1 of 14

Intelligent Solutions for the Highest IT Security Requirements

TECHNICAL NOTE TNOI34

How can I manage all automation software tasks in one engineering environment?

Software Test Plan (STP) Template

Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011)

MOC 5047B: Intro to Installing & Managing Microsoft Exchange Server 2007 SP1

Via the Gas Pump into the Internet

Designing a Windows Server 2008 Network Infrastructure

VOIP-BASED VOICE COMMUNICATIONS CONTROL SYSTEM

IEC in ZX Gas-insulated medium voltage switchgear

The Role of CM in Agile Development of Safety-Critical Software

Fisher FIELDVUE Instrumentation Improving Safety Instrumented System Reliability

R-Win. Smart Wireless Communication Management System

Power network telecommunication

Siemens Integrated Substation Condition Monitoring System. Circuit Breaker Monitoring

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

Wireless DMX Connector

On the Way to Industrie 4.0 The Digital Enterprise Siemens AG 2015 siemens.com

Cisco and VMware Virtualization Planning and Design Service

COMP5426 Parallel and Distributed Computing. Distributed Systems: Client/Server and Clusters

SIMATIC Expert Communication Connecting S7-400H to PC Station (WinCC)

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

PROCESS AUTOMATION. OPERATING AND MONITORING IN HAzARDOUS AREAS AND INDUSTRIAL ENVIRONMENTS PRODUCT OVERVIEW

Municipality Moves SCADA System from Desktop Computers to Terminal Services

Pr oduct Overview Product Overview SMC Pneumatics BV

The Research on Industrial Information Monitoring System Based on B/S Structure Xuexuan ZHU1, a

SIMATIC NET. AS-Interface - Introduction and Basics A B. Preface, Contents

From Computerized Patient Records to National Resource

3 RBC INTERFACE TO INTERLOCKINGS IN FINLAND

INFORMATION UNIFICATION BE- TWEEN ENTERPRISE RESOURCE PLANNING SYSTEM AND PRODUC- TION CONTROL SYSTEM

New Perspectives with SIMATIC PCS 7 Process Control System SIMATIC PCS 7. Answers for industry.

Accelerate your mission with GTSI Integration Services

Trainguard Sirius CBTC

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

Cisco Change Management: Best Practices White Paper

REQUIREMENTS FOR AUTOMATED FAULT AND DISTURBANCE DATA ANALYSIS

Transcription:

Visualization and operating system for railways compliant to SIL2 with type approval from the Swiss Federal Office of Transport (BAV) The visualization and operating system for railways (VBBa) is used to operate and visualize interlocking systems and all the associated elements of safety systems such as switch points, barriers, routes and so on for different railway companies. The VBBa is used for the remote control and remote monitoring of interlocking systems. Although this type of function is still frequently performed today using conventional control desks, these are gradually being replaced by VBBa. VBBa is designed for the execution of critical commands. The operating and observation system is compliant with the requirements of SIL2, and so fulfills the necessary safety requirements. Its safety credentials have been verified by exhaustive testing, approved by external experts and were certified by the BAV (Swiss Federal Office of Transport) in November. This latest project engineered by LeitTec AG entailed the development of a type-approved generic system for the reliable display of signals and the (failsafe) execution of commands. The configuration and size of the system lends the necessary flexibility to adjust to the varied needs of different railways. It is modular in structure and features open interfaces to other control systems (train tracking) or other types of interlocking. It will be possible to add future interface modules to the basic system without risk of interference. End user CHEMINS DE FER DU JURA Private railway with a rail network of 85 km, 19 stations and 1.5 million passengers a year, responsible for public transport within a substantial area of the Swiss Jura. System integrator LeitTec AG Process automation and railway safety technology LeitTec AG has been a WinCC OA Premium Solution Partner since 2001, and is based in Berne, Switzerland

CEO: Jörg Boltshauser Project Manager, Head of Development VBBa: Peter Tschan WinCC OA application development: Kony Meyer For this project, the involvement of system integrator LeitTec AG encompassed a Project Manager and three additional employees in charge of implementing control and visualization (WinCC OA). Also consulted were an external expert and an independent consultant to advise on design matters. Realization The project launched in June 2012 with submission of an application to obtain type approval. Since May 2014, VBBa has been in successful operation for the private railway operator Chemins de Fer du Jura (CJ), and in November 2014 type approval was granted by the BAV. Compilation of the documentation by LeitTec AG and review of the documentation on the part of the authorities were more labor-intensive than had been originally envisaged, putting back the project by six months. Project description Essentially, VBBa comprises two sub-systems the management level and the head stations. The management level is the real nerve center of the VBBa, encompassing the higher-level operating, visualization and data acquisition system. It is here that the SIMATIC WinCC Open Architecture (WinCC OA) SCADA system and Siemens SCALANCE switches are used. As the topology illustrates, the management level comprises: A redundant pair of servers running in hot-standby mode. Each of these monitors the other, with the active server acting as master, the standby server as slave. In the event of a fault in the master server, its functions are automatically carried out by the standby server. One or more operator stations (clients) comprising a workstation, mouse, keyboard and at least two monitors. The client-server architecture means that all the data from the servers transfers to the operator stations. Network for the management level: This network links the servers to each other and to the operator stations Network for the PLC s: This network links the servers to the subordinate controls, the head stations.

The task of the head station is to accept interlocking information from the telecontrol system and forward it to the management level. In the other direction, commands are accepted from the management level and transmitted to the interlocking console by the telecontrol system. The control also executes a variety of testing functions in order to guarantee the consistency and reliability of data transmission. SIMATIC S7-41xHF PLC s are used for the head stations. These form the interface to the telecontrol systems. The name stems from the fact that they simultaneously fulfill the function of head station for the type-approved FWS-S7 remote transmission system (product of LeitTec AG, also with type approval, shared hardware and operating system software). The system boundary runs within the head station. Topology control level

Project sequence Decisive in determining the project sequence were the stipulations of the BAV and the railway standards (predominantly EN50129). From the initial phase, an expert was contracted to act as an advisor throughout the term of the project. The issue of a type approval requires proof of safety in the form of a safety case, which has to be drawn up in compliance with wide-ranging regulations and standards: AB-EBV: 2012 Implementing provisions of the railways regulations AB38.1 points 1.0-1.4 and AB39.2 point 4.3 SN EN 50126:1999 Railway applications. The specification and demonstration of reliability, availability, maintainability and safety SN EN 50128:2011 Railway applications - Communication, signaling and processing systems - Software for railway control and protection systems this part of the IEC 61508 standard series. SN EN 50129:2003 Railway applications - Safety related electronic systems for signaling SN EN 50159: 2010 Railway applications - Safety-related communication in transmission systems EN 61000-6-2:2005 EMC immunity for industrial environments EN 61000-6-4:2007 EMC emission standard for industrial environments Guideline for the implementation of safety-critical projects (Safety Manual from ETM) The structure of safety case documents complies with the standard EN50129. The safety case must contain the following documents: Part 1: Definition of the system Part 2: Quality management report Part 3: Safety management report Part 4: Technical safety report Part 5: Related safety cases Part 6: Summary The actual launch of the project came with submission of the application to obtain type approval for the VBBa with the BAV. The application included a target specification which served as a basic working document for initial talks with the BAV and further development of the system, as well as the basis for the type approval documentation.

After obtaining the consent of the BAV, work started on the requirements specification and hazard analysis. The system requirements specification describes all the VBBa interfaces, the detailed topology, as well as all the requirements the VBBa has to fulfill. This document provides the basis for all further documents and developments. The hazard analysis is used to identify hazards associated with the system and any incidents which could conceivably arise from any such hazards. The hazard analysis analyzes the risks associated with the identified hazards and sets out a process for continuous risk management. The hazard analysis calls for specialist process knowledge which allows different hazard case studies and the resulting (hazard) situations to be highlighted. The purpose of the hazard analysis was to define the safety integrity level (SIL) level for each identified hazard. The outcome of the hazard analysis was that VBBa as an overall system must achieve compliance with SIL2 for critical commands (commands which permit safety devices in the interlocking system to be bypassed). The same also applies to the display of interlocking feedback messages. On the basis of the hazard analysis, the basic documentation (comprising the system definition, quality management, safety management and technical safety reports, as well as the report on related safety cases), were revised. The purpose of the quality management report is to minimize the frequency of human error at every stage of the life cycle and so reduce the risk of systematic faults in the system, sub-system or facility. The document describes the organizational structure used to develop the VBBa, the quality management system in place at LeitTec AG for development of the VBBa, the organization of verifications and reviews, and the documentation required across the whole of the VBBa life cycle. The purpose of the safety management report is to guarantee safety through an effective safety management process which must agree with the management process for ensuring RAMS as defined by EN 50126. Content of the document: Description of all processes and documents required across the various life cycle phases of VBBa (system development and validation, project engineering and commissioning, operation and maintenance, disposal) Description of the safety organization (depending on the SIL level) Description of the safety plan (what is carried out and when, what is reviewed and when, and the impact of reviews performed) Description of required documentation for the entire life cycle of VBBa The purpose of the technical safety report is to provide evidence of the functional and technical safety of VBBa.

It contains: Evidence of fulfillment of the requirements contained in the EN50128 standard Evidence of fulfillment of the individual requirements arising from the requirements specification Evidence of fulfillment of the requirements set out in the framework and operating conditions in the WinCC OA safety manual Evidence of fulfillment of the requirements set out in the EN50128 and EN50159 standards The document setting out related safety cases includes a list of all other cases to which reference was made for the VBBa safety case (e.g. SIL Certificate WinCC OA, SIL Certificate SIMATIC S71xx F). The next step was to draw up the system specification for the hardware and software. This contained A description of the topology, A description of all hardware and software components, A description of the individual functions in VBBa Assignment of the individual requirements to the individual functions of VBBa. On the basis of this specification, the management level was installed. This was then documented and validated, and subsequently the basic functionalities of the management level were specified and validated. An essential aspect of this project was the ability to ensure correct transmission of signals and commands. For this, special function modules and objects for communication were developed, as well as a watchdog system to monitor communication. For the first project with CJ (Tavannes interlocking), additional project-specific functions and objects (such as signal, block, switch points, track and route) were additionally implemented. This was followed by the start of fundamental integration and installation tests. Following their successful completion, the first VBBa application, the Tavannes interlocking, was specified in detail. This entailed drawing up a target specification, the control system, management level and a simulator application for the Tavannes interlocking. A functional safety test was then performed in order to validate all functions to date. In addition, an expertise was prepared by an independent expert for the BAV. This was designed to appraise the VBBa safety case, and contains an evaluation of the safety case from the viewpoint of the independent expert (compliance with all standards, adherence to procedure, completeness of evidence presented etc.), a

report on the appraisal, a list of deficiencies and recommendations and a recommendation for type approval. Once this milestone had been reached, it was possible for the external expert to carry out an initial safety assessment. The next step was to further expand the basic documentation. Project manuals, operating instructions and various training documents for the operator, for the VBBa system manager, for electrical maintenance and for disposal procedure were prepared. Specifications also had to be prepared setting out a procedure for possible system expansion, for the development and application of additional function modules and for periodical maintenance and servicing work, as well as a logistics concept. At the same time as compiling the documentation, the standard VBBa application was developed and the initial project implemented at CJ, the Tavannes interlocking. The management level, the control section and the VBBa simulator were delivered and installed. After induction of the CJ personnel, the VBBa was ready to be commissioned. However, for Tavannes to be commissioned, LeitTec AG required approval for an operational trial from the BAV. To obtain this approval, the entire safety case had to be submitted and appraised in advance. LeitTec AG drew up a concept for operational testing of the Tavannes interlocking, which was also appraised by an external expert. Following testing by the BAV, finally a release for the operational trial was granted in April 1014. Appraisal by the BAV took somewhat longer than planned, as for all those involved this was the first time a system of the complexity of VBBa had been approved in accordance with the new standards. The rail operator then submitted an application for permission to modify its safety installation (PGV). After receiving the consent of the BAV, there were no longer any obstacles to commissioning of the VBBa with control of the Tavannes interlocking. After a two-month operational trial period, the results were evaluated and reviewed by the BAV. This meant that the conditions for VBBa type approval had been fulfilled, and approval was officially issued by the BAV in November 2014.

Technical data Around 350 objects with a total of 1,200 variables are processed per interlocking (appr. 300 interface signals with the interlocking). A maximum of 50 interlockings are linked. Standard safety components used: SIMATIC S741x HF (up to SIL 3) SIMATIC WinCC Open Architecture (up to SIL 3) KERBEROS VPN with IPSEC protocol for remote access CRC (TCP/IP) Benefits The SIL 3 certification of WinCC OA, alongside the relevant documentation, played a major role in enabling approval of the VBBa to be obtained in this way. Without the SIL certificate, the work load would have been at least doubled, as key safety aspects would have required additional verification by LeitTec AG. The scalability and redundancy concept of WinCC OA in conjunction with the high level of WinCC OA availability were considerable benefits when it came to implementation. LeitTec AG s long-standing WinCC OA partnership was a decisive advantage in the execution of this project, given the broad fund of experience it had gathered with WinCC OA, and the fact that it was already familiar with wideranging aspects of WinCC OA functionality. With ETM, the project benefited from a partner which was capable of providing excellent support where needed, had the ability to respond rapidly in the event of problems and was willing to discuss specific issues relating to the SIL3 concepts and project implementation through the medium of workshops. The end client CJ is highly satisfied with the VBBa system. Since it was commissioned at the beginning of May 2014, the system has been operating reliably. CJ was also delighted with the flexibility and straightforward approach taken by LeitTec AG during project execution. Another renowned railway operator, Regionalverkehr Bern Solothurn" (RBS), has already come on board and plans to implement remote control for its entire railway network using VBBa.

Pictures

Panels From a console to a screen:

Operation: Switch point: Section block

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information