SIST-TP CLC/TR 50506-1:2007

SLOVENSKI STANDARD
SIST-TP CLC/TR 50506-1:2007
01-oktober-2007
Železniške naprave - Komunikacijski, signalni in procesni sistemi – Navodilo za
uporabo EN 50129 – 1. del: Križni sprejem
Railway applications - Communication, signalling and processing systems - Application
Guide for EN 50129 -- Part 1: Cross-acceptance
Ta slovenski standard je istoveten z: CLC/TR 50506-1:2007
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
transportu in trgovini and trade
45.020 Železniška tehnika na Railway engineering in
splošno general
SIST-TP CLC/TR 50506-1:2007 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TP CLC/TR 50506-1:2007

---------------------- Page: 2 ----------------------

SIST-TP CLC/TR 50506-1:2007


TECHNICAL REPORT
CLC/TR 50506-1

RAPPORT TECHNIQUE
May 2007
TECHNISCHER BERICHT

ICS 93.100


English version


Railway applications -
Communication, signalling and processing systems -
Application Guide for EN 50129 -
Part 1: Cross-acceptance










This Technical Report was approved by CENELEC on 2007-01-16.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.





CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels


© 2007 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. CLC/TR 50506-1:2007 E

---------------------- Page: 3 ----------------------

SIST-TP CLC/TR 50506-1:2007
CLC/TR 50506-1:2007 - 2 -
Foreword
This Technical Report was prepared by SC 9XA, Communication, signalling and processing systems, of
Technical Committee CENELEC TC 9X, Electrical and electronic applications for railways.
The text of the draft was submitted to vote and was approved by CENELEC as CLC/TR 50506-1 on
2007-01-16.

---------------------- Page: 4 ----------------------

SIST-TP CLC/TR 50506-1:2007
- 3 - CLC/TR 50506-1:2007
Contents
Introduction . 4
1 Scope. 4
2 Normative references . 4
3 Terms, definitions and abbreviated terms . 5
3.1 Terms and definitions . 5
3.2 Abbreviated terms . 5
4 Cross-acceptance. 7
4.1 General . 7
4.2 Definition and importance of cross-acceptance . 7
4.3 Lifecycle for cross-acceptance . 7
 4.3.1 General. 7
 4.3.2 Specification . 9
4.4 Cross-acceptance process . 9
 4.4.1 The basic premise. 9
 4.4.2 Principles of cross-acceptance. 10
 4.4.3 Safety cases for cross-acceptance. 14
 4.4.4 Generic product / application safety case for cross-acceptance . 14
 4.4.5 Field testing . 15
 4.4.6 Compliance report. 15
Bibliography . 16

Figures
Figure 1 – The role of assessor and developer in maintaining system requirements . 12
Figure 2 – The three types of safety case involved in cross-acceptance process . 14

Table
Table 1 – Lifecycle for cross-acceptance of safety related/safety critical
     systems/products/equipment . 8

---------------------- Page: 5 ----------------------

SIST-TP CLC/TR 50506-1:2007
CLC/TR 50506-1:2007 - 4 -
Introduction
EN 50129 was developed in CENELEC and is now regularly called up in specifications. In essence, it lists
factors that influence RAMS (see EN 50126) and adopts a broad risk-management approach to safety.
EN 50129 is the basic standard for safety related electronic systems for signalling.
Use of EN 50129 has enhanced the general understanding of the issues, but has also shown that items
like cross-acceptance need further explanation and clarification. Therefore CENELEC decided to address
those items in this application guide for cross-acceptance.
1 Scope
This application guide for cross-acceptance is a Technical Report about the basic standard. It is
applicable to the same systems and addresses the same audience as the standard itself. It provides
additional information on the application of EN 50129 to cross-acceptance. Therefore it deals with the
acceptance by a safety authority of a previously accepted system or product in a different environment
and/or context, often referred to as cross-acceptance. It is mainly dedicated to safety assessors, safety
authorities, validators, and safety managers.
In drafting this guide, it is assumed that the reader is familiar with the basic structure of the standard.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
NOTE Additional informative references are included in the bibliography.
EN 50124-1, Railway applications - Insulation coordination - Part 1: Basic requirements - Clearances and
creepage distances for all electrical and electronic equipment
EN 50126, Railway applications - The specification and demonstration of Reliability, Availability,
Maintainability and Safety (RAMS)
EN 50128, Railway applications - Communication, signalling and processing systems - Software for
railway control and protection systems
EN 50129, Railway applications - Communication, signalling and processing systems - Safety related
electronic systems for signalling
EN 61508 series, Functional safety of electrical/electronic/programmable electronic safety-related
systems (IEC 61508 series)
EN/ISO 9001:2000, Quality management systems – Requirements (ISO 9001:2000)
EN/ISO/IEC 17020, General criteria for the operation of various types of bodies performing inspection
(ISO/IEC 17020)

---------------------- Page: 6 ----------------------

SIST-TP CLC/TR 50506-1:2007
- 5 - CLC/TR 50506-1:2007
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 50126, EN 50128, EN 50129
and the following apply. Other definitions not included in these documents have been added to eliminate
any doubts regarding their interpretation.
3.1.1
generic application
system with specific functions that are related to “a category of applications” associated with a general
environmental and operational context, which is developed on the basis of criteria of standardization and
parameterization of its elements, so as to render it serviceable for various tangible applications. By
combining generic products or combining these with other generic applications, it is possible to obtain a
new generic application
3.1.2
generic product
component/product capable of performing certain functions, with a specific performance level, in the
environmental and operational conditions stated in the reference specifications. It can be combined with
other products and generic applications to form other generic applications
3.1.3
specific application
a specific application is used for only one particular installation
3.1.4
risk analysis
identification of hazards associated with a product, process or system, scrutiny of their causes and
systematic determination of their consequences in an operational context. Risk analysis results in the
identification of the nature of likely sources of harm arising from a product, process or system and their
impact in terms of nature of likely accidents and the severity of harm caused
3.1.5
safety analysis
subset of risk analysis solely focused on hazards which have a potential for causing accidents which may
cause harm to people
3.2 Abbreviated terms
For the purposes of this document, the abbreviated terms used in EN 50126, EN 50128 and EN 50129
and the following apply. Other abbreviations not included in these standards have been added to
eliminate any doubts regarding their interpretation.
CMP configuration management plan
COTS commercial-off-the-shelf
CRS customer requirements specification
CTC centralised traffic control
DRACAS data reporting and corrective action system
FMECA failure mode effects and criticality analysis
FRACAS failure reporting and corrective actions system
FTI formal technical inspection
FTP field trial plan

---------------------- Page: 7 ----------------------

SIST-TP CLC/TR 50506-1:2007
CLC/TR 50506-1:2007 - 6 -
FTR field trial report
FPGA field programmable gate array
HAZAN hazard analysis
HAZOP hazard and operability study
I/O input / output
IHA interface hazard analysis
ISA independent safety assessor
LRU line replaceable unit
OSHA operation and system hazard analysis
PCB printed circuit board
PHA preliminary hazard analysis
PLC programmable logic controller
QAP quality assurance plan
QMS quality management system
RAM-P RAM-plan
SC safety case
SAD system architecture description
SADT structured analysis and design techniques
SAP safety plan
SEEA SW error effects analysis
SHA system hazard analysis
SRS system requirements specification
SSHA subsystem hazard analysis
SSRS subsystem requirements specification
VAP validation plan
VHDL VHSIC hardware description language
VHSIC very high speed integrated circuit
VLSI very large scale integration
VTR validation test report
V&V verification & validation

---------------------- Page: 8 ----------------------

SIST-TP CLC/TR 50506-1:2007
- 7 - CLC/TR 50506-1:2007
4 Cross-acceptance
4.1 General
Clause 4 describes the requirements and conditions necessary to achieve the acceptance of a product or
application for use in a different environment from that for which it was originally developed and
approved. One field of application of this Technical Report could be interoperability (for example TSI for
Control Command Subsystem) and in general fields where cross-acceptance is needed.
4.2 Definition and importance of cross-acceptance
Cross-acceptance is defined in EN 50129.
Cross-acceptance is an aspect of the technical and legal process principally aimed at establishing the
fastest route to the deployment of Product, System or Process in a target (new) context or environment.
The Product, System or Process considered for cross-acceptance is generally assumed to satisfy the
qualifications for reliability, tolerable safety and environmental performance in their native (original)
context or environment.
The target application is also assumed to possess significant synergies with the native environment, thus
making the deployment technically feasible viable/advantageous without significant alterations. However,
the essence of cross-acceptance currently relates to the assurance of safety and potentially
environmental performance of product, system or process which are subject to a regulatory regime.
4.3 Lifecycle for cross-acceptance
4.3.1 General
The cross-acceptance life cycle can be seen as a branch of the life cycle model defined in EN 50126,
starting after the original approval of the generic product or generic application. Cross-acceptance life
cycle mainly comprises
– phases, planning and documents (including role of field testing),
– safety assurance processes,
– approval processes.

---------------------- Page: 9 ----------------------

SIST-TP CLC/TR 50506-1:2007
CLC/TR 50506-1:2007 - 8 -

Table 1 – Lifecycle for cross-acceptance of safety related/safety critical systems/products/equipment
Phase Customer Supplier Output documents
Start cross- Define requirements / specifications Prepare safety plan, validation plan, RAM- Follow life cycle, plan.
acceptance (functional, environment, operation, safety, plan, field trial plan.
maintenance, etc.).
Specification Attend hazard identification meeting with Create SRS; create preliminary hazard SRS, preliminary hazard analysis, hazard
members from approval authority, assessor, analysis (PHA) and hazard analysis (HAZ- analysis.
operator, operation and maintenance. AN) on the base of CRS and risk analysis.
Evaluation of Evaluation of differences between originally Evaluation of differences between originally Verification report of specification, updated
differences approved application and new customer approved application and new customer hazard-log (if identified).
application. application.
Validation Assessor: assess validation plan. Start system validation of system Life cycle; validation test report, field trial
requirement specification against customer report (post pilot).
requirement specification.
Assessment Assessor: create assessment report; Assessment of the differences, the assessor Assessment report.
safety case will be examined by an must be familiar with the operating
assessor. The result of his work will be conditions.
presented in an assessment report, forming
the background for the decision taken by
the railway authority.
S
...