Railway applications - Communication, signalling and processing systems - Safety related electronic systems for signalling

Supersedes ENV 50129:1998

Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und Datenverarbeitungssysteme - Sicherheitsrelevante elektronische Systeme für Signaltechnik

Applications ferroviaires - Systèmes de signalisation, de télécommunications et de traitement - Systèmes électroniques de sécurité pour la signalisation

Železniške naprave - Komunikacijski, signalni in procesni sistemi - Signalno-varnostni elektronski sistemi

General Information

Status
Withdrawn
Publication Date
30-Apr-2003
Withdrawal Date
18-Jan-2022
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
18-Jan-2022
Due Date
10-Feb-2022
Completion Date
19-Jan-2022

RELATIONS

Buy Standard

Standard
SIST EN 50129:2003
English language
94 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN 50129:2003
01-maj-2003
1DGRPHãþD
SIST ENV 50129:1998
Železniške naprave – Komunikacijski, signalni in procesni sistemi – Signalno-
varnostni elektronski sistemi
Railway applications - Communication, signalling and processing systems - Safety
related electronic systems for signalling
Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und
Datenverarbeitungssysteme - Sicherheitsrelevante elektronische Systeme für
Signaltechnik

Applications ferroviaires - Systèmes de signalisation, de télécommunications et de

traitement - Systèmes électroniques de sécurité pour la signalisation
Ta slovenski standard je istoveten z: EN 50129:2003
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
transportu in trgovini and trade
45.020 Železniška tehnika na Railway engineering in
splošno general
SIST EN 50129:2003 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 50129:2003
---------------------- Page: 2 ----------------------
SIST EN 50129:2003
EUROPEAN STANDARD EN 50129
NORME EUROPÉENNE
EUROPÄISCHE NORM February 2003
ICS 93.100 Supersedes ENV 50129:1998
English version
Railway applications –
Communication, signalling and processing systems –
Safety related electronic systems for signalling
Applications ferroviaires – Bahnanwendungen -
Systèmes de signalisation, Telekommunikationstechnik,
de télécommunications et de traitement - Signaltechnik und
Systèmes électroniques de sécurité Datenverarbeitungssysteme -
pour la signalisation Sicherheitsrelevante elektronische
Systeme für Signaltechnik

This European Standard was approved by CENELEC on 2002-12-01. CENELEC members are bound to

comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European

Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on

application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other

language made by translation under the responsibility of a CENELEC member into its own language and

notified to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Czech Republic,

Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Luxembourg, Malta,

Netherlands, Norway, Portugal, Slovakia, Spain, Sweden, Switzerland and United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2003 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.

Ref. No. EN 50129:2003 E
---------------------- Page: 3 ----------------------
SIST EN 50129:2003
EN 50129:2003 – 2 –
Foreword

This European Standard was prepared by SC 9XA, Communication, signalling and processing systems, of

Technical Committee CENELEC TC 9X, Electrical and electronic applications for railways.

The text of the draft was submitted to the formal vote and was approved by CENELEC as EN 50129 on

2002-12-01.
This European Standard supersedes ENV 50129:1998.

This European Standard was prepared under a mandate given to CENELEC by the European

Commission and the European Free Trade Association and supports the essential requirements of

Directive 96/48/EC.
The following dates were fixed:
- latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2003-12-01
- latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2005-12-01
Annexes designated "normative" are part of the body of the standard.
Annexes designated "informative" are given for information only.

In this standard, Annexes A, B and C are normative and Annexes D and E are informative.

__________
---------------------- Page: 4 ----------------------
SIST EN 50129:2003
– 3 – EN 50129:2003
Contents
Page

Introduction................................................................................................................................................6

1 Scope...................................................................................................................................................7

2 Normative references.........................................................................................................................8

3 Definitions and abbreviations...........................................................................................................9

3.1 Definitions..................................................................................................................................9

3.2 Abbreviations...........................................................................................................................13

4 Overall framework of this standard................................................................................................14

5 Conditions for safety acceptance and approval ...........................................................................15

5.1 The Safety Case......................................................................................................................15

5.2 Evidence of quality management ............................................................................................17

5.3 Evidence of safety management .............................................................................................20

5.4 Evidence of functional and technical safety.............................................................................24

5.5 Safety acceptance and approval .............................................................................................26

Annex A (normative) Safety Integrity Levels.........................................................................................30

A.1 Introduction.........................................................................................................................................30

A.2 Safety requirements ...........................................................................................................................30

A.3 Safety integrity....................................................................................................................................31

A.4 Allocation of safety integrity requirements..........................................................................................31

A.5 Safety Integrity Levels ........................................................................................................................39

Annex B (normative) Detailed technical requirements ........................................................................42

B.1 Introduction.........................................................................................................................................42

B.2 Assurance of correct functional operation..........................................................................................42

B.3 Effects of faults...................................................................................................................................44

B.4 Operation with external influences ....................................................................................................50

B.5 Safety-related application conditions..................................................................................................51

B.6 Safety Qualification Tests...................................................................................................................53

Annex C (normative) Identification of hardware component failure modes......................................55

C.1 Introduction.........................................................................................................................................55

C.2 General procedure .............................................................................................................................55

C.3 Procedure for integrated circuits (including microprocessors) ...........................................................55

C.4 Procedure for components with inherent physical properties.............................................................55

C.5 General notes concerning component failure modes.........................................................................56

C.6 Additional general notes, concerning components with inherent physical properties ........................56

C.7 Specific notes concerning components with inherent physical properties .........................................57

---------------------- Page: 5 ----------------------
SIST EN 50129:2003
EN 50129:2003 – 4 –

Annex D (informative) Supplementary technical information..............................................................77

D.1 Introduction.........................................................................................................................................77

D.2 Achievement of physical internal independence ................................................................................77

D.3 Achievement of physical external independence ...............................................................................78

D.4 Example of a method for single-fault analysis....................................................................................79

D.5 Example of a method for multiple-fault analysis.................................................................................80

Annex E (informative) Techniques and measures for safety-related electronic systems for

signalling for the avoidance of systematic faults and the control of random and systematic

faults .........................................................................................................................................................85

Bibliography.............................................................................................................................................94

Figure 1 – Scope of the main CENELEC railway application standards .....................................................8

Figure 2 – Structure of EN 50129..............................................................................................................15

Figure 3 – Structure of Safety Case ..........................................................................................................17

Figure 4 – Example of system life-cycle ....................................................................................................19

Figure 5 – Example of design and validation portion of system life-cycle .................................................21

Figure 6 – Arrangements for independence..............................................................................................22

Figure 7 – Structure of Technical Safety Report .......................................................................................26

Figure 8 – Safety acceptance and approval process.................................................................................28

Figure 9 – Examples of dependencies between Safety Cases/Safety Approval.......................................29

Figure A.1 – Safety requirements and safety integrity...............................................................................30

Figure A.2 – Global process overview.......................................................................................................32

Figure A.3 – Example risk analysis process..............................................................................................33

Figure A.4 – Definition of hazards with respect to the system boundary...................................................34

Figure A.5 – Example hazard control process...........................................................................................36

Figure A.6 – Interpretation of failure and repair times ...............................................................................37

Figure A.7 – Treatment of functional independence by FTA.....................................................................38

Figure A.8 – Relationship between SILs and techniques ..........................................................................40

Figure B.1 – Influences affecting the independence of items....................................................................46

Figure B.2 – Detection and negation of single faults .................................................................................49

Figure D.1 – Example of a fault analysis method ......................................................................................81

Table A.1 – SIL-table.................................................................................................................................41

Table C.1 – Resistors ................................................................................................................................61

Table C.2 – Capacitors..............................................................................................................................62

Table C.3 – Electromagnetic components.................................................................................................63

Table C.4 – Diodes....................................................................................................................................66

Table C.5 – Transistors .............................................................................................................................67

Table C.6 – Controlled rectifiers ................................................................................................................69

Table C.7 – Surge Suppressors ................................................................................................................71

Table C.8 – Opto-electronic components..................................................................................................72

Table C.9 – Filters .....................................................................................................................................73

Table C.10 – Interconnection assemblies .................................................................................................74

---------------------- Page: 6 ----------------------
SIST EN 50129:2003
– 5 – EN 50129:2003

Table C.11 – Fuses ...................................................................................................................................75

Table C.12 – Switches and push/pull buttons............................................................................................75

Table C.13 – Lamps ..................................................................................................................................75

Table C.14 – Batteries...............................................................................................................................75

Table C.15–Transducers/sensors (not including those with internal electronic circuitry)..........................76

Table C.16 – Integrated circuits.................................................................................................................76

Table D.1 - Examples of measures to detect faults in large-scale integrated circuits by means of periodic

on-line testing, with comparison (SW or HW), in a 2-out-of-n system.......................................................82

Table E.1 – Safety planning and quality assurance activities....................................................................86

Table E.2 – System requirements specification ........................................................................................87

Table E.3 – Safety organisation.................................................................................................................87

Table E.4 – Architecture of system/sub-system/equipment ......................................................................88

Table E.5 – Design features ......................................................................................................................89

Table E.6 – Failure and hazard analysis methods.....................................................................................90

Table E.7 – Design and development of system/sub-system/equipment..................................................91

Table E.8 – Design phase documentation.................................................................................................91

Table E.9 – Verification and validation of the system and product design ................................................92

Table E.10 – Application, operation and maintenance ..............................................................................93

---------------------- Page: 7 ----------------------
SIST EN 50129:2003
EN 50129:2003 – 6 –
Introduction

This document is the first European Standard defining requirements for the acceptance and approval of

safety-related electronic systems in the railway signalling field. Until now only some differing national

recommendations and general advice of the UIC (International Union of Railways) on this topic were in

existence.

Safety-related electronic systems for signalling include hardware and software aspects. To install

complete safety-related systems, both parts within the whole life-cycle of the system have to be taken into

account. The requirements for safety-related hardware and for the overall system are defined in this

standard. Other requirements are defined in associated CENELEC standards.

The aim of European railway authorities and European railway industry is to develop compatible railway

systems based on common standards. Therefore cross-acceptance of Safety Approvals for sub-systems

and equipment by the different national railway authorities is necessary. This document is the common

European base for safety acceptance and approval of electronic systems for railway signalling

applications.

Cross-acceptance is aimed at generic approval, not specific applications. Public procurement within the

European Community concerning safety-related electronic systems for railway signalling applications will

in future refer to this standard when it becomes an EN.

The standard consists of the main part (Clause 1 to Clause 5) and Annexes A, B, C, D and E. The

requirements defined in the main part of the standard and in Annexes A, B and C are normative, whilst

Annexes D and E are informative.

This standard is in line with, and uses relevant sections of EN 50126: "Railway applications: The

Specification and Demonstration of Dependability - Reliability, Availability, Maintainability and Safety

(RAMS)". This standard and EN 50126 are based on the system life-cycle and are in line with

EN 61508-1, which is replaced by the set of EN 50126/EN 50128/EN 50129, as far as Railway

Communication, Signalling and Processing Systems are involved. Meeting the requirements in these

standards is sufficient to ensure that further compliance to EN 61508-1 need not be evaluated.

Because this standard is concerned with the evidence to be presented for the acceptance of safety-

related systems, it specifies those life-cycle activities which shall be completed before the acceptance

stage, followed by additional planned activities to be carried out after the acceptance stage. Safety

justification for the whole of the life-cycle is therefore required.

This standard is concerned with what evidence is to be presented. Except where considered appropriate,

it does not specify who should carry out the necessary work, since this may vary in different

circumstances.

For safety-related systems which include programmable electronics, additional conditions for the software

are defined in EN 50128.

Additional requirements for safety-related data communication are defined in EN 50159-1 and

EN 50159-2.
---------------------- Page: 8 ----------------------
SIST EN 50129:2003
– 7 – EN 50129:2003
1 Scope

This standard is applicable to safety-related electronic systems (including sub-systems and equipment) for

railway signalling applications.

The scope of this standard, and its relationship with other CENELEC standards, are shown in Figure 1.

This standard is intended to apply to all safety-related railway signalling systems/sub-system/equipment.

However, the hazard analysis and risk assessment processes defined in EN 50126 and this standard are

necessary for all railway signalling systems/sub-systems/equipment, in order to identify any safety

requirements. If analysis reveals that no safety requirements exist (i.e.: that the situation is non-safety-

related), and provided the conclusion is not revised as a consequence of later changes, this safety

standard ceases to be applicable.

This standard applies to the specification, design, construction, installation, acceptance, operation,

maintenance and modification/extension phases of complete signalling systems, and also to individual

sub-systems and equipment within the complete system. Annex C includes procedures relating to

electronic hardware components.

This standard applies to generic sub-systems and equipment (both application-independent and those

intended for a particular class of application), and also to systems/sub-systems/equipment for specific

applications.

This standard is not applicable to existing systems/sub-systems/equipment (i.e. those which had already

been accepted prior to the creation of this standard). However, as far as reasonably practicable, this

standard should be applied to modifications and extensions to existing systems, sub-systems and

equipment.

This standard is primarily applicable to systems/sub-systems/equipment which have been specifically

designed and manufactured for railway signalling applications. It should also be applied, as far as

reasonably practicable, to general-purpose or industrial equipment (e.g.: power supplies, modems, etc.),

which is procured for use as part of a safety-related signalling system. As a minimum, evidence shall be

provided in such cases to demonstrate
either that the equipment is not relied on for safety,

or that the equipment can be relied on for those functions which relate to safety.

This standard is applicable to the functional safety of railway signalling systems. It is not intended to deal

with the occupational health and safety of personnel; this subject is covered by other standards.

---------------------- Page: 9 ----------------------
SIST EN 50129:2003
EN 50129:2003 – 8 –
Total Railway System
Complete Railway
Signalling System
EN 50159
-1 and -2
(Communication)
EN 50126
(RAMS)
EN 50129
EN 50128
Individual Sub-System
(System
(Software)
Safety)
Individual Item of Equipment
Figure 1 – Scope of the main CENELEC railway application standards
2 Normative references

This European Standard incorporates, by dated or undated reference, provisions from other publications.

These normative references are cited at the appropriate places in the text and the publications are listed

hereafter. For dated references, subsequent amendments to or revisions of any of these publications

apply to this European Standard only when incorporated in it by amendment or revision. For undated

references the latest edition of the publication referred to applies (including amendments).

NOTE Additional informative references are included in Bibliography.
EN 50121 Series Railway applications – Electromagnetic compatibility

EN 50124-1 Railway applications – Insulation coordination – Part 1: Basic requirements -

Clearances and creepage distances for all electrical and electronic equipment

EN 50124-2 Railway applications – Insulation coordination – Part 2: Overvoltages and related

protection

EN 50125-1 Railway applications – Environmental conditions for equipment – Part 1: Equipment

on board rolling stock

EN 50125-3 Railway applications – Environmental conditions for equipment – Part 3: Equipment

for signalling and communications

EN 50126 Railway applications – The specification and demonstration of Reliability,

Availability, Maintainability and Safety (RAMS)
---------------------- Page: 10 ----------------------
SIST EN 50129:2003
– 9 – EN 50129:2003

EN 50128 Railway applications – Communication, signalling and processing systems –

Software for railway control and protection systems
EN 50155 Railway applications – Electronic equipment used on rolling stock

EN 50159-1 Railway applications – Communication, signalling and processing systems

Part 1: Safety-related communication in closed transmission systems

EN 50159-2 Railway applications – Communication, signalling and processing systems

Part 2: Safety related communication in open transmission systems

EN 61508-1 Functional safety of electrical/electronic/ programmable electronic safety-related

systems - Part 1: General requirements (IEC 61508-1)

IEC 60664 Series Insulation coordination for equipment within low-voltage systems

3 Definitions and abbreviations
3.1 Definitions
For the purposes of this standard, the following definitions apply:
3.1.1
accident

an unintended event or series of events that results in death, injury, loss of a system or service, or

environmental damage
3.1.2
assessment

the process of analysis to determine whether the design authority and the validator have achieved a

product that meets the specified requirements and to form a judgement as to whether the product is fit for

its intended purpose
3.1.3
authorisation
the formal permission to use a product within specified application constraints
3.1.4
availability

the ability of a product to be in a state to perform a required function under given conditions at a given

instant of time or over a given time interval assuming that the required external resources are provided

3.1.5
can
is possible
3.1.6
causal analysis
analysis of the reasons how and why a particular hazard may come into existence
3.1.7
common-cause failure
failure common to items which are intended to be independent
3.1.8
consequence analysis
analysis of events which are likely to happen after a hazard has occurred
3.1.9
configuration

the structuring and interconnection of the hardware and software of a system for its intended application

3.1.10
cross-acceptance

the status achieved by a product that has been accepted by one authority to the relevant European

Standards and is acceptable to other authorities without the necessity for further assessment

---------------------- Page: 11 ----------------------
SIST EN 50129:2003
EN 50129:2003 – 10 –
3.1.11
design

the activity applied in order to analyse and transform specified requirements into acceptable design

solutions which have the required safety integrity
3.1.12
design authority

the body responsible for the formulation of a design solution to fulfil the specified requirements and for

overseeing the subsequent development and setting-to-work of a system in its intended environment

3.1.13
diversity

a means of achieving all or part of the specified requirements in more than one independent and

dissimilar manner
3.1.14
equipment
a functional physical item
3.1.15
error

a deviation from the intended design which could result in unintended system behaviour or failure

3.1.16
fail-safe

a concept which is incorporated into the design of a product such that, in the event of a failure, it enters or

remains in a safe state
3.1.17
failure

a deviation from the specified performance of a system. A failure is the consequence of a fault or error in

the system
3.1.18
fault

an abnormal condition that could lead to an error in a system. A fault can be random or systematic

3.1.19
fault detection time

time span which begins at the instant when a fault occurs and ends when the existence of the fault is

detected
3.1.20
function
a mode of action or activity by which a product fulfils its purpose
3.1.21
hazard
a condition that could lead to an accident
3.1.22
hazard analysis

the process of identifying hazards and analysing their causes, and the derivation of requirements to limit

the likelihood and consequences of hazards to a tolerable level
3.1.23
hazard log

the document in which all safety management activities, hazards identified, decisions made and solutions

adopted, are recorded or referenced
3.1.24
human error

a human action (mistake), which can result in unintended system behaviour/failure

3.1.25
implementation

the activity applied in order to transform the specified designs into their physical realisation

---------------------- Page: 12 ----------------------
SIST EN 50129:2003
– 11 – EN 50129:2003
3.1.26
independence (functional)

freedom from any mechanism which can affect the correct operation of more than one function as a result

of either systematic or random failure
3.1.27
independence (human)

freedom from involvement in the same intellectual, commercial and/or management entity

3.1.28
independence (physical)

freedom from any mechanism which can affect the correct operation of more than one system/sub-

system/equipme
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.