SIST EN 62267:2010

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Železniške naprave - Avtomatsko vodeni urbani transport (AUGT) - Varnostne zahteve (IEC 62267:2009)Bahnanwendungen - Automatischer städtischer schienengebundener Personennahverkehr (AUGT) - Sicherheitsanforderungen (IEC 62267:2009)Applications ferroviaires - Transport urbain guidé automatique (AUGT) - Exigences de sécurité (CEI 62267:2009)Railway applications - Automated urban guided transport (AUGT) - Safety requirements (IEC 62267:2009)45.020Železniška tehnika na splošnoRailway engineering in general35.240.60Uporabniške rešitve IT v transportu in trgoviniIT applications in transport and tradeICS:Ta slovenski standard je istoveten z:EN 62267:2009SIST EN 62267:2010en,fr01-februar-2010SIST EN 62267:2010SLOVENSKI
STANDARD
EUROPEAN STANDARD EN 62267 NORME EUROPÉENNE
EUROPÄISCHE NORM December 2009
CENELEC European Committee for Electrotechnical Standardization Comité Européen de Normalisation Electrotechnique Europäisches Komitee für Elektrotechnische Normung
Central Secretariat: Avenue Marnix 17, B - 1000 Brussels
© 2009 CENELEC -
All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 62267:2009 E
ICS 45.060
English version
Railway applications -
Automated urban guided transport (AUGT) -
Safety requirements (IEC 62267:2009)
Applications ferroviaires -
Transports guidés
urbains automatiques (AUGT) -
Exigences de sécurité (CEI 62267:2009)
Bahnanwendungen - Automatischer städtischer schienengebundener Personennahverkehr (AUGT) - Sicherheitsanforderungen
(IEC 62267:2009)
This European Standard was approved by CENELEC on 2009-10-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.
- 2 -
Foreword The text of document 9/1261/FDIS, future edition 1 of IEC 62267, prepared by IEC TC 9, Electrical equipment and systems for railways, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as EN 62267 on 2009-10-01. The following dates were fixed: – latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement
(dop)
2010-07-01 – latest date by which the national standards conflicting
with the EN have to be withdrawn
(dow)
2012-10-01 Annex ZA has been added by CENELEC. __________ Endorsement notice The text of the International Standard IEC 62267:2009 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: IEC 61508 NOTE
Harmonized in EN 61508 series (not modified). IEC 62128-1 NOTE
Identical to EN 50122-1:1997. IEC 62236 NOTE
In Europe, the series EN 50121 applies. IEC 62279 NOTE
In Europe, EN 50128 applies. __________
- 3 - EN 62267:2009 Annex ZA (normative)
Normative references to international publications with their corresponding European publications
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1
When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD applies.
NOTE 2 Where a standard cited below belongs to the EN 50000 series, this European Standard applies instead of the relevant International Standard.
Publication Year Title EN/HD Year
IEC 62278 2002 Railway applications - Specification and demonstration of reliability, availability, maintainability and safety (RAMS) EN 50126-1 + corr. May 1999 2006
IEC 62290-1 -1) Railway applications - Urban guided transport management and command/control systems - Part 1: System principles and fundamental concepts EN 62290-1 20062)
IEC 62425 -1) Railway applications - Communication, signalling and processing systems - Safety related electronic systems for signalling EN 50129 20032)
1) Undated reference. 2) Valid edition at date of issue. SIST EN 62267:2010

IEC 62267Edition 1.0 2009-07INTERNATIONAL STANDARD NORME INTERNATIONALERailway applications – Automated urban guided transport (AUGT) – Safety requirements
Applications ferroviaires – Transports guidés urbains automatiques (AUGT) – Exigences de sécurité
INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE XBICS 45.060 PRICE CODECODE PRIXISBN 2-8318-1048-5
– 2 – 62267 © IEC:2009 CONTENTS FOREWORD.5 INTRODUCTION.7 1 Scope.8 2 Normative references.10 3 Terms, definitions and abbreviations.10 3.1 Terms and definitions.11 3.2 Abbreviations.13 4 Methodology.13 4.1 System definition and application conditions.14 4.2 Hazard analysis at top system level.14 4.3 Safety requirements.14 5 System description.14 5.1 Station.15 5.2 Train.15 5.3 Guideway between stations.16 5.4 System boundaries.17 6 Entities to be protected.18 6.1 Persons.18 6.1.1 Passengers.18 6.1.2 Staff.18 6.1.3 External emergency services.19 6.1.4 Public.19 6.2 Property.19 7 Identified hazardous situations and possible safeguards.19 7.1 Supervising guideway.20 7.1.1 Prevent collisions with obstacles.20 7.1.2 Prevent collisions with persons.21 7.2 Supervising passenger transfer.23 7.2.1 Control passenger doors.23 7.2.2 Prevent injuries to persons between cars or between platform and train.23 7.2.3 Ensure safe starting conditions.24 7.3 Operating a train.25 7.3.1 Put in or take out of operation.25 7.3.2 Supervise the status of the train.26 7.4 Ensuring detection and management of emergency situations.27 8 Safety requirements.30 8.1 General requirements.30 8.1.1 Public works regulations to protect the guideway.30 8.1.2 Fire protection.31 8.1.3 Systems and equipment.31 8.1.4 Rules for passenger behaviour.32 8.2 Monitoring the AUGT system.32 8.2.1 Monitoring by the OCC staff.32 8.2.2 Action of operational staff.33 8.2.3 Communication systems.33 SIST EN 62267:2010

62267 © IEC:2009 – 3 – 8.3 Operational rules.34 8.3.1 Rules for rescue of passengers.34 8.3.2 Rules for fire emergency.34 8.3.3 Rules for foreseeable vandalism.35 8.3.4 Rules for checking guideway clearance.35 8.3.5 Rules for start-up and shut down of operations.35 8.3.6 Rules for train operations in the depot.36 8.3.7 Rules for trains to be put in or taken out of operation.36 8.3.8 Rules for stranded train removal.36 8.4 Safeguards on platforms.36 8.4.1 Common safeguards for enclosed and open platforms.37 8.4.2 Enclosed platforms.39 8.4.3 Open platforms with detection systems.41 8.5 Safeguards in trains.41 8.5.1 Door closed supervision.42 8.5.2 Door release for passenger transfer.42 8.5.3 Door release for emergency opening.43 8.5.4 Emergency exits.43 8.5.5 On board obstacle detection device.43 8.5.6 Derailment detection device.43 8.5.7 On board video surveillance.44 8.5.8 Public address system (train).44 8.5.9 On board announcement for taking a train out of operation.44 8.5.10 Emergency stop demand on board.44 8.5.11 Emergency call device on board.45 8.5.12 Fire and smoke detection (train).45 8.5.13 Train status supervision and testing.45 8.5.14 Manual operation.46 8.5.15 Safe speed during automatic coupling.46 8.5.16 Reaction to unexpected train movement.46 8.5.17 Warning means in the train for evacuation.46 8.6 Safeguards for passenger transfer area.46 8.6.1 Train immobilisation during passenger transfer.47 8.6.2 Safeguards related to the opening of the doors.47 8.6.3 Safeguards related to the closing of the doors.47 8.6.4 Marking of train door areas on the platform.48 8.6.5 Surveillance by operational staff.49 8.6.6 Safeguards related to gap between train and platform.49 8.6.7 Safeguards related to coupling area between cars.51 8.6.8 Safeguards related to space between train and platform screen.51 8.6.9 Safeguards to protect passengers from electrocution after falling into the gap.51 8.7 Safeguards for guideway.51 8.7.1 Segregated guideway.52 8.7.2 Warning means along the guideway.52 8.7.3 Physical barriers along the track.52 8.7.4 Physical barriers beside bridges.52 8.7.5 Intrusion detection device between platform track and guideway between stations.52 SIST EN 62267:2010

– 4 – 62267 © IEC:2009 8.7.6 Guideway intrusion detection device.53 8.7.7 Wayside obstacle detection device.53 8.7.8 Platform end door with controlled access.53 8.7.9 Emergency exit from physically segregated guideway.53 8.7.10 Fire and smoke detection (guideway between stations).53 8.7.11 Water flooding protection.54 8.7.12 Level crossing.54 8.7.13 Work zones.55 8.8 Safeguards for transfer areas and depots.55 9 Information for use.56 10 Specific safety requirements for upgrading existing lines to DTO or UTO.56 11 Verification of safety.57 11.1 Documentation and responsibilities.58 11.2 Verification process.58 Annex A (informative)
Role of the OCC.60 Bibliography.61
Figure 1 – Life Cycle Phases covered by this standard (see Figure 10 of IEC 62278).13 Figure 2 – Boundary of the station subsystem.15 Figure 3 – Boundary of the “guideway between stations” subsystem.16 Figure 4 – Boundary of the “guideway between stations” subsystem with level crossing.17 Figure 5 – Boundary of the “guideway between stations” subsystem with sidings.17 Figure 6 – Verification of safety.58 Figure A.1 – Role of the OCC in the safety of the system.60
Table 1 – Grades of automation.9 Table 2 – Prevent collisions with obstacles.20 Table 3 – Prevent collisions with persons.21 Table 4 – Prevent injuries to persons associated with opening and closing passenger transfer doors.23 Table 5 – Prevent injuries to persons between cars or between platform and train.24 Table 6 – Prevent passenger injury during train starting.25 Table 7 – Prevent harm to passengers in relation to taking the train out of operation or putting the train in operation.26 Table 8 – Prevent injury to person resulting from train failures.26 Table 9 – Prevent injury to persons related to emergency situations.27
62267 © IEC:2009 – 5 – INTERNATIONAL ELECTROTECHNICAL COMMISSION _____________
RAILWAY APPLICATIONS –
AUTOMATED URBAN GUIDED TRANSPORT (AUGT) –
SAFETY REQUIREMENTS
FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any equipment declared to be in conformity with an IEC Publication. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. This International Standard has been prepared by IEC technical committee 9: Electrical equipment and systems for railways. This standard cancels and replaces IEC/PAS 62267:2005. The text of this standard is based on the following documents: FDIS Report on voting 9/1261/FDIS 9/1272/RVD
Full information on the voting for the approval of this standard can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. SIST EN 62267:2010

– 6 – 62267 © IEC:2009 The committee has decided that the contents of this publication will remain unchanged until the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in the data related to the specific publication. At this date, the publication will be
• reconfirmed, • withdrawn, • replaced by a revised edition, or • amended.
62267 © IEC:2009 – 7 – INTRODUCTION This International Standard is a generic guideline providing recommendations to assist railway authorities and safety regulatory authorities to define safety requirements appropriate to AUGT systems. The generic requirements recommended in this standard are based on the experience gained from AUGT systems already in operation. Safety requirements for each specific application, however, can only be defined from the results of a risk analysis, taking into consideration the conditions in which the AUGT system is to be set up and based on the risk acceptance principles prevailing in the local environment. The standard applicable for conducting a mandatory and comprehensive risk analysis of an AUGT system is IEC 62278 (RAMS). In view of the diversity of the technical solutions that may be adopted for new AUGT systems and the diversity of operational conditions, the list of generic hazardous situations considered in this standard should be regarded as a minimum list. The requirements for a safeguard as described in this standard are intended as minimum requirements in case a specific safeguard is applied to mitigate the related hazardous situation. However, the specific risk analysis may show that some requirements of a chosen safeguard should be modified to take into account some specific conditions. Each specific design of the new AUGT system and each aspect of the specific topographic, environmental, social or legal environment of the new AUGT system can also generate new hazards and therefore may require additional safety requirements. A specific hazard analysis to identify additional requirements or requirements to be modified is therefore always a necessity. This standard, therefore, does not and could not prescribe any specific means that could, without a fail, mitigate risks arising from hazardous situations. Rather, it identifies a list of foreseeable hazardous situations, derived from the elementary consideration that functions assumed by the driver and staff in conventional systems are replaced in AUGT systems by automated functions or other safeguards. It is the purpose of this standard that this list of hazardous situations should be carefully considered during the risk analysis carried out for any new AUGT system. In addition to generic hazardous situations, this standard also describes possible and widely implemented safeguards that the specific risk analysis may well show to be adapted to the specific application. It should be noted that not all hazardous situations identified in the context of one or other of the large number of different AUGT systems already in operation in the world have necessarily been covered in this standard. Nor would it have been necessarily helpful. Neither could this standard describe all the possible safeguards demanded by each and every specific application. This standard does not require that a safeguard be put in place for every generic hazardous situation identified. This is because often, the risk associated with a hazardous situation may be assessed as tolerable without the need for a safeguard. According to IEC 62278, it is the responsibility of the railway authority, in agreement with the Safety Regulatory Authority having jurisdiction, to decide on the tolerability of each risk and on the necessity of a specific safeguard, taking into account their specific risk acceptance criteria and legal requirements that are applicable for the specific AUGT application. SIST EN 62267:2010

– 8 – 62267 © IEC:2009 RAILWAY APPLICATIONS –
AUTOMATED URBAN GUIDED TRANSPORT (AUGT) –
SAFETY REQUIREMENTS
1 Scope This International Standard covers high-level safety requirements applicable to automated urban guided transport systems, with driverless or unattended self-propelled trains, operating on an exclusive guideway. This standard only deals with the safety requirements needed to compensate for the absence of a driver or attendant staff who would otherwise be responsible for some or all of train operation functions (see Table 1), depending on the level of automation of the system (see shaded areas in Table 1 and see 3.1 for a definition of the different grades of automation). The requirements of this standard are restricted to transports systems as defined in Clause
5 and to DTO and UTO as defined in
3.1.4 and 3.1.20, respectively (see the shaded areas in Table 1). SIST EN 62267:2010

62267 © IEC:2009 – 9 – Table 1 – Grades of automation On-sight train operationNon- automated train operation Semi- automated train operation Driverless train operation Unattended train operation TOS NTO STO DTO UTO Basic functions of train operation GOA0 GOA1 GOA2 GOA3 GOA4 Ensure safe route X (points command/control in system) S S S S Ensure safe separation of trains X S S S S Ensuring safe movement of trains Ensure safe speed X X (partly supervised by system) S S S Driving Control acceleration and braking X X S S S Prevent collision with obstaclesX X X S S Supervising guideway Prevent collision with persons X X X S S Control passengers doors X X X X or S S Prevent injuries to persons between cars or between platform and train X X X X or S S Supervising passenger transfer Ensure safe starting conditionsX X X X or S S Put in or take out of operation X X X X S Operating a train Supervise the status of the train X X X X S Ensuring detection and management of emergency situations Perform train diagnostic, detect fire/smoke and detect derailment, handle emergency situations (call/evacuation, supervision) X X X X S and/or staff in OCCNOTE X = responsibility of operations staff (may be realised by technical system). S = realised by technical system.
This standard does not specifically look at security issues. However, aspects of safety requirements may apply to assuring security within the transport system. NOTE The definitions of “security” and “safety” are given by IEC 62278. Application of this standard is subsidiary to the responsibility of the transport authority and the safety regulatory authority (see IEC 62278) and to the specific laws and decrees applicable within the prevailing environment (economic, social, political, etc.) where the transport system is located, taking into account: • social risk acceptance in different cultures or different national legal regulations (e.g. SHOREI, BOStrab) or principles (e.g. GAME, ALARP); • laws and decrees in different states; • special or different requirements specified by the safety regulatory authority or by an independent assessor in charge of the specific application; SIST EN 62267:2010

– 10 – 62267 © IEC:2009 • the responsibility for ”safe operation“ by the transport authority. This standard does not apply to the following types of transport systems, unless specifically required by the Transport Authority: • APMs (Automated People Movers) operating entirely inside a privileged environment such as an airport, a commercial centre or a leisure resort; • amusement rides and roller-coasters, generally featuring a single station so that passengers board and alight the system at the same location; • intercity and mainline train services, generally operating in a rural environment on part of their routes; • cable-driven systems; • systems featuring electronically guided vehicles with optical sensors, magnetic sensors, or similar devices/systems. This standard is not concerned with risks arising during works for construction, installation, modification and dismantling of a system. This standard is not concerned with pre-existing DTO or UTO systems (see definitions in
3.1) that were designed before this standard took effect. In the case of upgrading an existing transport system to a DTO or UTO system, the risks associated with the existing system are outside the scope of this standard. However, this standard and the risk analysis process described are relevant for the additional subsystems and possibly for the transition process itself. Therefore, the application of the standard is at the discretion of the safety regulatory authority. In the case of extending or modifying an existing DTO or UTO system in operation, this standard applies only if the change is significant as determined by the safety regulatory authority. However, the risks due to the relationship with the unchanged parts of existing systems (e.g. rolling stock, traction power supply, signalling and platforms) should be taken into account. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 62278:2002, Railway applications – Specification and demonstration of reliability, availability, maintainability and safety (RAMS) IEC 62290-1, Railway applications – Urban guided transport management and command/control systems – Part 1: System principles and fundamental concepts IEC 62425, Railway applications – Communication, signalling and processing systems – Safety related electronic systems for signalling 3 Terms, definitions and abbreviations For the purposes of this document, the following terms, definitions and abbreviations apply. SIST EN 62267:2010

62267 © IEC:2009 – 11 – 3.1 Terms and definitions 3.1.1
Automated Urban Guided Transport AUGT system featuring driverless or unattended train operation (as defined below) with self-propelled, guided vehicles, operating on an exclusive guideway 3.1.2
conventional system system operated in TOS, NTO or STO 3.1.3
doors closed and locked doors are considered as being in a closed and locked state if they cannot be opened by passengers 3.1.4
Driverless Train Operation DTO train operated with operations staff present on board the train but not accelerating or braking and not responsible for observing the guideway in front of the train and stopping the train in case of a hazardous situation. Safe departure of the train from the station, including door closing, is either the responsibility of operations staff or of the technical system 3.1.5
exclusive guideway guideway intended to be used only by one transport system without interference with other types of transport systems 3.1.6
grade of automation automation level of train operation resulting from sharing responsibility for given basic functions of train operation between operations staff and technical system 3.1.7
guideway clearance pre-defined space around the track defined relatively to the track and such that trains in motion cannot, while under operating conditions, come into contact with persons or property fully outside this space 3.1.8
Non-automated Train Operation NTO train operation where the driver (i.e., train operator) is in the front cabin of the train observing the guideway and stopping the train in case of a hazardous situation. Acceleration and braking are controlled by the driver in conformance with wayside signals or cab-signalling. The signalling system supervises the activities of the driver. This supervision may be discrete, semi-continuous or continuous. Safe departure of the train from the station, including door closing, is the responsibility of the operations staff whether on board the train or on the station platform 3.1.9
On Sight Train Operation TOS train operation where the driver has full responsibility and no technical system is required to supervise his activities. However, points (switches) and single tracks can be partially supervised by the system SIST EN 62267:2010

– 12 – 62267 © IEC:2009 3.1.10
Operations Control Centre OCC centre from which operation of the line or the network is supervised and managed 3.1.11
passenger cabin part of the train used for carrying passengers 3.1.12
passenger transfer area area of the platform directly adjacent to the guideway clearance intended for the passage of passengers during transfer between the platform waiting area and a train 3.1.13
passenger transfer door train door which provides access for passenger transfer between the passenger cabin and a station platform; can also be used as an emergency exit in cases of hazardous situations (e.g. fire, hazardous fumes) 3.1.14
platform track area of track located in a station in front of the platform (see Figure 2) 3.1.15
platform waiting area area of platform where passengers wait for approaching trains, separated from the guideway clearance by the passenger transfer area 3.1.16
safety space area beside the guideway clearance where persons can shelter and not be endangered by moving trains 3.1.17
Semi-automated Train Operation STO train operation where operations staff is located in the front cabin of the train observing the guideway and stopping the train in case of a hazardous situation. Acceleration and braking is automated and the speed is supervised continuously by the system. Safe departure of the train from the station is under the responsibility of the operations staff, whether on board the train or on the station platform 3.1.18
transfer area area where the transfer of a train between automated and non-automated areas is made 3.1.19
transport authority entity which is responsible for safe and orderly operation of a transport system NOTE For safety aspects, the term “transport authority” is equivalent to the term “railway authority” as used in IEC 62278.
3.1.20
Unattended Train Operation UTO train operated without any operations staff on board (all functions are the responsibility of the technical system) SIST EN 62267:2010

62267 © IEC:2009 – 13 – 3.1.21
zero speed status safety-related information indicating that the speed of the train is below a pre-defined limit whereby the system considers the train as stopped 3.2 Abbreviations ALARP
As Low As Reasonably Practicable AUGT
Automated Urban Guided Transport DTO
Driverless Train Operation GAME
Globalement Au Moins Equivalent (French safety principle meaning “globally at least equivalent”) GOA
Grade Of Automation NTO
Non-automated Train Operation OCC
Operations Control Centre SRA
Safety Regulatory Authority STO
Semi-automated Train Operation TA
Transport Authority TOS
On-sight Train Operation UTO
Unattended Train Operation 4 Methodology Methodology used for deriving generic safety requirements given in this standard is based on the principles of life cycle phases described in IEC 62278. Figure 1 below shows the V representation of system life cycle and highlights the activities of the methodology.
Figure 1 – Life cycle phases covered by this standard (see Figure 10 of IEC 62278) The methodology consists of the following sequence of activities (shown by the shaded areas in Figure 1): Concept System Definition and Application Conditions Apportionment of System Requirements Risk Analysis System Requirements Design and Implementation Installation System Validation, including Safety Acceptance and Commissioning System Acceptance Performance Monitoring De-commissioning and Disposal Operation and Maintenance Modification and Retrofit Generic approach of IEC 62267 Hazard Analysis at top system level Safety Requirements System Definition and Application Conditions Manufacture Life cycle of specific AUGT application IEC
1029/09 SIST EN 62267:2010
– 14 – 62267 © IEC:2009 • defining a generic AUGT system and its application conditions; • performing a hazard analysis at the top system level; • deriving safety requirements. These activities are briefly described below. 4.1 System definition and application conditions Clause
5 defines a generic AUGT system, subsystems, their boundaries and application conditions. The basic functions of train operation considered are those covered under DTO and UTO only and shown as shaded in Table 1. System definition clarifies application conditions as a basis for the generic hazard analysis and enables comparability with specific applications. 4.2 Hazard analysis at top system level A hazard analysis at top system level has been conducted for the generic system defined in Clause
5. In the sense of this standard the hazard analysis comprises: • determination of hazardous situations; • identification of possible causes for identified hazardous situations;
• allocation of possible safeguards. Hazardous situations considered are those that arise in an AUGT system when there is: • no train driver in the front train cabin (i.e. DTO); • no operational staff on board trains (i.e. UTO). 4.3 Safety requirements As result of the hazard analysis at top system level, possible safeguards, which are able to compensate for the absence of a train driver in the front cabin, or any operational staff on board the train, have been identified and are listed in Clause
7. For each safeguard listed in Tables 2 to 9, Clause
8 gives the corresponding safety requirements. Safeguards and requirements also take into account the consensus of operational experience gained from a number of automated systems currently in operation. This standard does not state the choice of safeguards nor the acceptable level of residual risk which may vary depending on the local safety culture. The tasks for setting safety policy or safety targets or for defining safety acceptance or risk tolerability criteria are the responsibility of the relevant SRA that has jurisdiction over the application. Safety requirements derived may result in different levels of residual risk and therefore the solution chosen depends on the risk acceptance by the relevant SRA. 5 System description An Automated Urban Guided Transport (AUGT) is a system which • transports passengers between stations, • uses automated self-propelled trains, • runs on an exclusive guideway, • allows train operation independent from other traffic, • provides conditions of safe train movement. SIST EN 62267:2010

62267 © IEC:2009 – 15 – The subsystems (stations, trains and guideway between stations) and their boundaries, shown as doted lines in the figures below, are described in the subclauses below. 5.1 Station Locality which allows passengers access to the system by transfer from the public environment to the trains (i.e. boarding and alighting activity). The subsystem station is divided into a number of areas as shown in Figure 2 and defined below: • the platform waiting area, considered for the purpose of this standard as safe area where persons are not endangered by moving trains. The platform waiting area is by definition outside the scope of this standard; • the passenger transfer area (platform edge zone) used for passenger transfer between a platform waiting area and a train, but where passengers would be endangered by moving trains or falls; • the platform track which is used by moving trains to ensure transport.
Figure 2 – Boundary of the station subsystem 5.2 Train The subsystem that operates within the guideway and, under regular conditions, moves along the guideway and stops in the stations for passenger transfer. The train can be a • single vehicle, • composition of single vehicles, forming a unit, which cannot be decoupled in regular operation, • composition of single vehicles or of units which can be decoupled in regular operation. The subsystem train is divided into: • the passenger cabin, which is defined as a safe area if a safe train movement is ensured and adequate safeguards are provided against external events impacting on the train, e.g. obstacle on the guideway; or impacting on passengers, e.g. fire; • the staff (drivers) cabin if provided; • passenger/transfer doors; • other train doors or additional emergency exits, if provided. Platform waiting area Passenger transfer area
Platform track Guideway clearance Subsystem boundary IEC
1030/09 SIST EN 62267:2010
– 16 – 62267 © IEC:2009 The train itself with its drive, bogies and passenger cabin is defined as safe if the general requirements for mechanical and electrical train construction are fulfilled and safe guiding of wheels is provided. This is outside the scope of this standard. Train subassemblies comprising a propulsion/braking system, bogies and guidance equipment, signalling system, mechanical and electrical aspects of the passenger compartment, communications systems, and other such elements of the train subsystem addressed by other complimentary IEC safety standards are outside the scope of this standard. However, functional design requirements for train subassemblies may be dictated or influenced by the safety requirements contained in this standard. The basic function "Ensure safe train movement" (see Table 1) is typical of all grades of automation from NTO to UTO, regardless of the presence of operational staff on board trains (see IEC 62290-1) and is therefore outside the scope of this standard. 5.3 Guideway between stations The subsystem guideway between stations (Figures 3 to 5) is divided as follows: • infrastr
...