ARTC had not undertaken formal assessments to determine the need for or the locations of remote weather monitoring stations to detect extreme weather events that could affect the integrity of its rail infrastructure.
Neither ARTC or PN provided guidance for train crew to respond to extreme wet weather events or floodwater in the rail corridor. There was no guidance for when trains should stop or report if there was water on the track formation, covering the ballast, sleepers or the rail.
The design of the modular cabin mount was not resilient to frontal impact forces in the event of a collision. This increased the risk of their failure and separation of the cabin, removing the effectiveness of protection afforded by the collision posts.
The Rail Industry Safety and Standards Board did not provide design and/or performance standards on modular cabin resilience and retention for locomotive crashworthiness.
The procedure for predeparture testing, as part of the coupling procedure, required two competent staff. There was no procedure in the operations manual to ensure that a competent and qualified person was present to assist the driver.
The eTAP system, used at Track Occupancy Authority (TOA) fulfilment, did not include a key safeworking requirement contained in the ARTC Network Rule ANGE 204 for confirming and repeating back safety critical information.
ARTC will undertake a review of the relevant Rules and Procedures applicable to TOA Fulfilment being ANWT 304 and ANPR 701, including ANGE 204.
The eTAP roll out did not include an effective training regime, as the briefing was not targeted to the appropriate level of competence of the trainees. The Protection Officer involved was not trained or competent in the rules and procedures for Track Occupancy Authority (TOA) at the time of the eTAP briefing. There was no competence assessment for the use of the application for the Protection Officer involved.
Sydney Trains Signaller refresher training, to keep signallers’ skills and knowledge up to date, has not been in place since 2009.
Sydney Trains assurance and audit processes for signal box management did not routinely detect non-conformances with NTR 432.
Sydney Trains internal safety investigation identified similar incidents i.e., where a freight train failed, that were not managed in accordance with the requirements of NTR 432, Protecting activities associated with in-service rail traffic. Recent ATSB investigations also identified examples where the requirements of NTR 432 and NPR 750 were not adequately applied.
Aurizon did not have measuring equipment available at its Stuart Yard to identify freight loads that were outside the permissible loading profile for transport via rail.
TasRail’s processes for ensuring immediate network control actions in response to emergencies (such as runaway and authority exceedance) fundamentally relied on the experience and knowledge of network control officers and did not include the provision of procedures, tools and checklists detailed enough to support the effective management of specific types of incidents that require a time-critical response.
The guidance provided by the Office of the National Rail Safety Regulator about the requirement to submit a notification of change included limited detail about the extent or type of changes that necessitated a notification. In addition, with regard to ‘a safety critical element of rolling stock’, it did not provide detail with regard to the interpretation of ‘safety critical’ and the applicability to equipment that may not be inherently part of rolling stock (such as remote control equipment).
There was limited practical guidance specifically for the Australian rail industry for the application of system safety assurance processes to the development of complex and safety-critical rail systems.
TasRail did not have a reliable process to systematically identify, track and analyse reported faults on its remotely-controlled train or to identify their potential safety implications.
Although TasRail had a detailed change management process in place, and had documented that the project to develop the third-generation remote control equipment was a significant change, the change management process had a limited capability to:
Although there were no previous accidents attributable to TasRail’s use of remote control equipment (RCE) over 19 years, TasRail did not identify or fully assess the safety implications of remotely-controlled train operations, or those of TasRail’s specific implementation. These included the:
TasRail commissioned the manufacture of, and continued to use, redesigned safety-critical remote control equipment for operating a locomotive without systematic assurance of its safety, leading to excessive reliance on the manufacturer. This was because TasRail did not:
Although Air Digital Engineering had safety as a design objective and safety elements were included in the remote control equipment, system safety assurance activities appropriate to its application were not conducted.
The Air Digital Engineering generation 3 remote control equipment (RCE) had several safety-related design and integration problems, which were readily identifiable. These included:
