Functional Safety

The Evidence
A functional safety evaluation is required in homologation procedures which follow the TEIV (variant VV IBG = administrative regulation on the certification of railway vehicles or variant “memorandum of understanding MOU”) or in order to support a safety case in the CSM regulation (common safety method). In all cases the target is to proof that an electronic or software-based technical solution functions safely. The verification shows that the software, hardware and all variable parameters will generate the desired effect on the causal path of each influenced function.

The Situation
In case of a failure, the technical system must be placed in a safe condition or an unsafe condition must be recognized in good time. In this step it is also of high importance that evidence for all environmental conditions is correctly provided.

The Assessment
Generally, the functional assessment is devided in the part „document inspection“ and a practical (driving) test on the vehicle. In a first step the hazard analysis and the safety requirement specification of the manufacturer or operator are being reviewed.

In the subsequent theoretical investigation the functional chains of all involved functions are identified on the basis of electric schematics, the train driver instructions, the pneumatic schematics, and as the case may be, technical discussions with the development team. As a result we generate the test plan for the failure-free and the disturbed functions.

During the practical driving test we will validate the vehicle against the test plan in standstill and in operation. The result of this acid test is a confirmation on three central questions:

  • Are all the intended functions implemented for regular operation as planned?
  • In case of a failure, are all safety functions implemented?
  • Is the vehicle properly integrated in the fleet and the infrastructure?

The Result
As a result there will be an inspection report which is suited for presentation at Authorities.

Furthermore we inspect the consistency of the electronic hardware with the stipulated Safety Integrity Level SIL and the environmental conditions in the area of operation. Systems which are proven in use in Norway do not necessarily function well in the Sahara. For the software we confirm if the safety targets of the hazard analysis are met.

