Safety Issue

Although not directly in response to this accident, the Rail Industry Safety and Standards Board (RISSB) has published standards and guidelines since the accident that helped address this safety issue.

In November 2018, RISSB issued Australian Standard AS 7472 (Railway operations – management of change) to assist rail transport operators (RTOs) in fulfilling change management responsibilities. The standard included several elements relevant to projects such as the generation 3 remote control equipment (RCE) project, including:

• definition of ‘change’ was given as: ‘the process of causing a function, practice, system, asset or object to become different somehow to what is at present…’ and ‘…includes anything that has the potential to alter existing risks or introduce new hazards’
• engagement of sufficient expertise on the change management team, for example, engineering, safety and technical specialists
• requirement to review the impact of the change on the RTO’s accreditation, including conditions and restrictions
• review and where required amendment of SMS documentation (for example, manuals, procedures and designs)
• application of relevant standards and codes of practice to the change, or recognition a new standard may need to be developed
• consideration of impacts to engineering and operational interfaces (including human factors)
• independent validation of the change where safety impact was determined as significant
• obtainment of appropriate internal and external approvals
• identification and rectification of emerging issues during implementation
• documentation of changes during the implementation period and reassessment of risks
• post-implementation review of the change including effectiveness of the process and emergence or change to risks.

In January 2019, RISSB issued the Rolling Stock Safety Assessment guideline as ‘an aid to rail industry describing common practice for the safety assessment of rolling stock and approvals.’ It set guidance for:

• providing rolling stock safety assessment awareness in rolling stock lifecycle
• preparing and undertaking a safety assessment and safety assurance case toward regulatory compliance
• addressing stakeholder responsibilities for safety in the rolling stock lifecycle.

The guideline listed several systems and safety engineering standards, including EN 50126 Railway Applications – The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS), as normative references.

In June 2020, the RISSB-developed AS 7473 (Complex system integration in railways) was issued and was freely available to RISSB member organisations. It stated:

The objective of this Standard is to establish an industry approach for managing:

1. the risks associated with integrating complex systems;
2. the design and implementation of complex system interfaces; and,
3. the planning, conducting and reporting on system integration testing (SIT).

This Standard defines an approach to support the preparation and execution of system integration for rail projects in Australia. It provides processes to support the definition, control and optimization of integration processes used within an organization or project that can be applied by the adopter when delivering railway systems.

This Standard is targeted at railway systems integrators such as operators, delivery authorities, prime contractors and alliances, or other bodies involved in integrating systems for or into a railway environment. Specifically, activities that result in changes or creation of railway configuration or operation.

AS 7473 listed 2 systems and safety standards as normative references: EN 50126 and ISO/IEC 15288 (Systems and software engineering - System life cycle processes).

In 2021, RISSB issued standard AS 7474 (Rail industry – System safety) to ‘provide a clear standard for management of System Safety that addresses Australian legislative requirements and is readily scalable for the scope of rail projects undertaken within Australia.’ It stated:

The System Safety Assurance standard is to provide key requirements for the elimination or minimisation of safety-related risks, so far as is reasonably practicable (SFAIRP) associated with the planning, design, build, installation, testing and commissioning, operation, maintenance and disposal of rail assets including rollingstock, track and supporting infrastructure.

This Standard is intended to provide a scalable set of requirements intended to support designers, manufacturers, transport operators and State entities in demonstrating and assuring that new or modified rail assets are safe in accordance with the Australian legislative framework. The standard provided a brief, accessible overview of the following system safety elements:

• system safety organisation
• system safety lifecycle / framework
• system safety activities
• system safety outcomes.

Although not directly in response to this accident, the Office of the National Rail Safety Regulator (ONRSR) has published guidance information since the accident that helped address this safety issue. In March 2019, ONRSR published a safety message titled Importance of a System Engineering Approach, which stated:

Following recent incidents and observations the Office of the National Rail Safety Regulator (ONRSR) is reminding all operators of the importance of a system engineering approach.

With various subsystems - such as track, signalling, rolling stock, electrification, stations, depots, and control centres - closely interlinked, any change in one may affect the operation of another. As such, it is important to carefully consider the interfaces and how the subsystems interact with each other (including how these systems work together with people).

It is essential to understand the hazards when making system changes or introducing new products into a system and the effect such a change will have on the overall risk profile of the railway.

One particular area operators should pay attention to is the acceptance of products or systems based on cross-acceptance. That is, where a product or system is deemed safe because it has been applied safely on another railway or because it is compliant with appropriate standards.

Whilst cross acceptance can be an indication of performance, it cannot be taken as evidence that a product will perform safely in the particular railway system it is introduced to. As part of a robust engineering change process it is, therefore, important to understand the potential hazards a product or system may present in the environment it is introduced to - and the effects it might have on the overall safety risk of the railway.

Operators should demonstrate that they use appropriate systems engineering processes and safety assurance processes (e.g. EN50126/8/9 for complex systems) in their design and procurement approach. This can be achieved through the creation of a systems engineering management plan which specifies the procedures to identify and record stakeholders, system requirements and safety needs.

On 3 August 2020, ONRSR also published 2 related fact sheets:

The Safety Critical Software Assurance fact sheet is designed to help rail transport operators ensure their safety management systems address the complexity of software systems along with its compliance and safety risk. It features a series of international lessons learned to illustrate key points.

The Systems Integration fact sheet focuses on the importance of a robust approach to systems integration in the context of major projects and other initiatives that are delivering complex and/or multifaceted safety systems. The aim of the resource being to ensure new technologies work together safely with existing railway infrastructure and rolling stock.