THE CONCEPT OF RISK MANAGEMENT IN THE RAILWAY SECTOR Miroslav Prokić, Branislav Bošković University of Belgrade Faculty of Transport and Traffic Engineering, Vojvode Stepe 305 Belgrade, Serbia
[email protected],
[email protected] Abstract New transport policy of the railway sector in Europe is aimed at creating a unified and open transport market, establishing an interoperable railway network and achieving greater competitiveness on it. The result is the emergence of private rail operators and a large number of new procedures that have not been implemented so far. In line with the above, a new approach to safety in the railway sector has been introduced in order to maintain and improve the existing level of safety. The basis of this new approach to safety is the application of risk management concept. Concept of risk management provides proactive approach in order to prevent the occurrence of unwanted events. This paper presents the current ambience in the rail sector, the reasons for the introduction of the concept of risk management, the legislative framework and the process of risk management itself, explaining all processes and terms that are necessary for understanding the concept. Keywords – safety, interoperability, risk management INTRODUCTION Creation of a single railway market, restructuring process and introduction of competition, caused the emergence of new stakeholders at the market and introduction of new concepts and procedures. Bearing in mind that today there are not only national railway undertakings on the railway market but also private ones, which operates on railway infrastructure, European Commison, to maintain the existing one or upgrade the current level of safety, has adopted a legislative framework for implementation of new concept of safety - risk management. The remainder of this paper is structured as follows. The following part provides an interpretation of the term ″risk″. Part 3 describes the concept of risk management in railway sector of Europe and legislative framework. Part 4 presents the phases and outcomes of implementation of risk management, whereas Part 5 presents the conclusion of this study.
DEFINITION OF RISK AND ITS INTERPRETATION Risk is a term that has been defined many times and in many different ways. In Oxfford dictionarie, risk represents the possibility that something unpleasant or unwelcome will happen [1]. According the AS/NZS 4360 Risk Management Standard, risk is defined as the probability of something that may happen affecting the previously defined objectives and is measured as the ratio of consequences and probabilities of some events occurrence [2]. In European Standard NF EN 50129 risk is defined as combination of the frequency (or likelihood) of a potential accident and the consequences of the accident (severity of damage) [3]. Standard ISO 31000:2009 - Risk management — Principles and guidelines define risk as the effect of uncertainty on acquiring organization’s objectives. It is the effect of a deviation from the expected outcome of an event, situation, etc, that can be in either positive or negative direction [4]. Standard ISO 31000:2009 is a main standard in field of risks which provides general instruction for implementation of risk management in any organization. In general, the following basic four elements are required to define risk qualitatively and quantitatively [5]: 1. A potential root hazard causes (or failure causes); 2. A hazard (or a failure mode); 3. A consequences (or failure effects) and; 4. A probability of occurrence (or failure consequences). The risk can be calculated as the product of how often an unwanted event occurring in one year - frequency of events and the consequences - injuries, deaths or incidents that may arise in case of unwanted events: Frequency of an accident x The consequences of the accident = Risk CONCEPT OF RISK MANAGEMENT IN RAILWAY SECTOR OF EUROPE The risk management process provides proactive action to prevent the occurrence of unwanted events. Proactive action is based on a systemic and structured approach to problems, which purpose is planning and predicting the occurence of risks, defining and adopting all activities, with which the identified risks can be controlled in the best possible way. In the past, in many areas, and especially in transport, a gradual improvement in safety was a consequence of the valuable experiences and lessons learned from accidents. Preventing the repetition of the same or similar events was regulated by the competent state authority and the government in a reactive way, by establishing new rules or norms through law or by-law acts, code of practice or standards. The development of risk assessment and risk management methods made it possible to replace these
reactive safety controls with a modern proactive and systematic approach to safety management [6]. The concept of risk management is also applied in the rail sector. The construction of a safe, modern integrated railway network is one of the EU’s major priorities. Railways must become more competitive and offer highquality, end-to-end services without being restricted by national borders. The European Union Agency for Railways (ERA) was set up to help create this integrated railway area by reinforcing safety and interoperability [7]. In regard to the standards an important addition to the European wide regulatory regime with respect to risk management is the introduction of the common safety method on risk evaluation and assessment and its implementation [8] European Commission adopted Regulation 359/2009 on the adoption of a common safety method on risk evaluation and assessment – CSM RA in accordance with Directive 2004/49/EC on railway safety and Directive 2008/57/EC on the interoperability of the rail system. This Regulation provides a legislative framework for establishing a common approach to risk management in the European railway sector. The 352/2009 has been replaced by Regulation 402/2013. The key terms that are defined in this regulation are the proposer of the change and the significance of the change. The proposer of the change is the person who introduces a change to the existing system. The risk management process applies only in cases where this change is significant. The changes may be of a technical, operational or organisational nature (where the organisational changes could have an impact on the operation of the railway). The CSM RA also applies if a risk assessment is required by a technical specification for interoperability - TSI and is used to ensure safe integration of a structural subsystem into an existing system in the context of an authorisation for placing in service in accordance with the Directive 2008/57/E [9]. In order to differentiate the acceptance of risks related to technical systems from accepting operational and organizational risks, the European Commission adopted the Regulation 2015/1136 amending implementing Regulation 402/2013 on the common safety method for risk evaluation and assessment – CSM DT which defines the harmonised design targets for technical systems which also present the criteria for accepting the identified risk. This design targets defines two categories of technical system: 1) Category CSM-DT - where any way of failure of system function leads to hazard and which has direct potential to cause catastrophic consequences and should not occur with the rate of occurrence that is higher than the rate per working time
2) Category CSM-DT - where any way of failure of system function leads to hazard and which has directly potential to the critical consequences should not occur with a rate of occurrence that is higher than the rate per working time. Clasification of consequence according to EN 50126 – 1 is presented in next table. Severity Level Catastrophic Critical Marginal Insignificant
Table 1. Clasification of consequence Consequence to persons or environment Fatalities and/or multiple severe injuries and/or major damage to the environment Single fatality and/or severe injury and/or significant damage to the environment Minor injury and/or significant threat to the environment Possible minor injury
RISK MANAGEMENT PROCESS The risk management process is presented in the diagram in Annex 1 of the Regulation 352/2009. Risk management consists of three parts that cover different phases of this process. These parts refer to: 1. Risk assessment Risk assessment is a process that defines system definiton, identifies hazards and evaluates a risk qualitatively, quantitatively and/or both, and consist of: System definition - The process of CSM-RA starts with the system definition. In the phase system definition, the proposer of the change first defines the preliminary system definition. The preliminary system definition represents an analysis of what is changing. After that, depending on the established criterias defines significance of change. Regulation defines six criteria [10]: 1) failure consequence: credible worst-case scenario in the event of failure of the system under assessment, taking into account the existence of safety barriers outside the system; 2) novelty used in implementing the change: this concerns both what is innovative in the railway sector, and what is new just for the organisation implementing the change; 3) complexity of the change; 4) monitoring: the inability to monitor the implemented change throughout the system life-cycle and take appropriate interventions; 5) reversibility: the inability to revert to the system before the change; 6) additionality: assessment of the significance of the change taking into account all recent safety-related modifications to the system under assessment and which were not judged as significant.
Content of the system definition is presented on picture 1. Purpose of the system System boundaries
Assumptions System definition Existing security measures
Physical and functional interfaces System environment Fig 1. Scope of system definition
Identification of the hazard and their classification - This phase is one on the most important phases in the process and it should be implemented comprehensively and structured. This means, when identifying hazards, all system boundaries and its interaction with the environment must be taken into account, as well as mode of operation, maintenance, and the life cycle of the system, but also the human factor. In order to properly implement this phase, it is necessary either to engage competent experts or to apply already established methods based on which the hazards and their manifestation will be accurately described. When hazards are defined, the proposer of the change classifies them on the basis of the risks. Classification of hazards allows the proposer to focus subsequent risk assessment work on the most important risks, by discounting those hazards which need no further evaluation. Evaluation of risks and its acceptance - Risk evaluation in terms of its acceptance, based on the hazards that they cause, is carried out on the basis of three principles, namely: 1) Principle "Code of Practice" - The Regulation 402/2013 defines a code of practice as "a written set of rules that, when properly applied, can be used to control one or more specific hazards" [11] In order to consider these rules as a relevant code of practice, they have already been effectively used to control the hazard that cause changes of the system.
Documents that can be relevant as code of practice are European and international standards, technical specifications for interoperability national technical and safety regulations, ect [10]. These documents, although primarily written for different purposes (interoperability, safety ect.), can also control the identified hazards in such a way that they define safety measures (set boundaries, protective measures, operational procedures ect). After applying these measures to the system in which a significant change occurs, it can be said that the risks are acceptable from the point of view of the principles of the code of practice and no further analysis is required. 2) Principle "Comparison with reference system" - If for the system being evaluated there is a sufficiently similar system over which the risk management process has already been implemented, then this system is called a reference system. If it is found that there is no additional risk between the reference system and the system being assessed then the risk is considered as acceptable and safety measures from the reference system will be used to control the hazards in the new system. The use of this principle can be implemented even if there are deviations from the reference system. In this situation, it is necessary to identify all the differences between the systems being evaluated and the reference system that can influence the risk. The regulation prescribes minimum measures that must be met by the reference system (similar functions and interfaces, operational and environmental conditions, system has already been proven to have an acceptable safety level) [11]. 3) Principle "Explicit risk assessment". - If the principles of the code of practice and the reference system do not cover the identified hazards, the demonstration of risk acceptance is carried out with an explicit risk assessment. An explicit risk assessment can be qualitative or quantitative In order to make a sustainable decision after the application of a qualitative method, it is necessary to have a sufficient number of experts and for each decision there is a consensus so that valid results can be obtained from each step. A quantitative risk assessment generally requires considerable effort and significant statistical data. In practice, it is often possible to make strong and correct decisions using qualitative methods, since previous experience of experts often can be used to make quicker decisions 2. Defining Safety Requirements and Hazard Management: The concepts of "Safety measures" and " Safety requirements" are key to implementing the risk management process [9].
Safety measures are set of activities that are used to reduce the probability of a hazard or mitigate their consequences in order to achieve and/or maintain an acceptable level of risk, while safety requirements indicate the characteristics of the system and its operation necessary to meet the safety objectives. When the proposer proves that all the safety requirements have been met and that the system is in accordance with them, and that the selected risk assessment principles are correctly applied, then the risk management process may be considered as complete. This means that all identified hazards are covered by safety measures. Selected safety measures becomes part of the safety requirements for the system. Safety requirements shall be carried out by each of the actors responsible for fulfilling the safety requirements under supervision of proposer. Preliminary system definition
Is change significant?
Risk assessment Risk analysis Hazard Identification and Classification
Code of Practice
Comparison with reference system
Explicit risk assessment
Risk evaluation in accordance with risk acceptance criteria
Safety requirements for the system within defined safety measures
Demonstration of compliance with safety requirements Fig. 2. Risk management process
HAZARD MANAGEMENT
INDEPENDENT ASSESSMENT
System definition
Algorithm of risk management process with indepented assessment is presentend figure above. 3. Independent assessment Also, regulation requires appoint an independent assessment body for assessment of the correct application of the risk management process and suitability of results. The safety assessment report - that the assessment body submits to the proposer - is taken into account when National Safety Authoruty - NSA is deciding to put the railway subsystem or the vehicle into service, as well as when drafting the EC declaration of verification. CONCLUSION In this paper authors have presented a new approach to railway safety in a form of risk managment. This concept provides proactive action in order to predict the occurence of unwanted events. Overviewing the legislative framework and other literature, authors have defined and explained all phases of risk managment process with the purpose of better understanding of this new approach in railway sector. The risk management process in railway traffic is applied in cases where a certain change is introduced into the existing railway system, which may have an impact on the safe traffic operation, on the basis of its significance. In addition, this process is also applied in cases where the new structural railway subsystem is integrated into the existing rail system. Risks failures of railway systems have a great potential to cause injury and/or fatality of railway staffs and passengers, the impact on environmental degradation, damage to property and adverse impact in the railway operational contexts. In accordance to that, the introduction of risk managment for proactive action of railway stakeholders is of great importance and big advantage for ensuring the safe and reliable railway transport. REFERENCES [1] Oxford Dictionaries, https://en.oxforddictionaries.com/definition/risk [2] Standards Australia & Standards New Zealand Committee OB/7 on Risk Management, Risk management, AS/NZS 4360:2004. Avaliable: www.saiglobal.com [3] CENELEC (2003) European Standard NF EN50129, “Railway applications – Communications, signalling and processing systems – Safety related electronic systems for signalling” [4] International Organization for Standardization - ISO 31000:2009 Risk management - Principles and guidelines [5] British Standards Institution (BSI) - BS EN 31010 (2008). Risk Management – Risk Assessment Techniques. London
[6] Đuričić R, Bošković B, i Rosić S, (2017) European concept of railway safety. Faculty of Transport and Traffic Engeneering in Doboju. Doboj. [7] Norwegian National Rail Administration (2012) High Speed Rail Assessment Report - Risk and Safety Analysis. Oslo. [8] Guidance on Hazard Identification and Classification (2014). Railway Sasfety and Standards Board. London. URL: https://www.rssb.co.uk/rgs/standards/GEGN8642%20Iss%202.pdf [9] D-RAIL consortium (2014). Development of the Future Rail System to Reduce the Occurrences and Impact of Derailment. United Kingdom. URL: http://drail-project.eu/IMG/pdf/DR-D7_2-F2-RAMS_analysis_and_recommendation20140926.pdf [10] Office of Rail Regulation (2015). Guidance on the application of Commission Regulation (EU) 402/2013. Avaliable: http://orr.gov.uk/__data/assets/pdf_file/0006/3867/common_safety_method_guidanc e.pdf [11]Commission Implementing Regulation (EU) No 402/2013 of 30 April 2013 on the common safety method for risk evaluation and assessment and repealing Regulation (EC) No 352/2009, Official Journal of the European Union, OJ L 121/8 3.5.2013. URL: https://lovdata.no/static/SF/32013r0402e.pdf
