Functional hazard analysis or functional hazard assessment (FHA) is an established and recommended method of risk analysis and allocation of safety targets in aviation, see e.g. JAR 25.1309 (JAA 2000), SAE ARP 4754/4761 (SAE 1996a, b) or EUROCONTROL Safety Assessment Methodology (EUROCONTROL 2000). It supports the international harmonisation of safety requirements and interoperability of products in aviation. Even a cursory glance reveals many similarities between aviation and railways. Because moving vehicles, whether trains or aeroplanes, are controlled by stationary control centres (interlockings, air traffic management centres), the idea of applying FHA to railways is an obvious one. On closer examination, however, a few differences become apparent, not only in the analogy between aviation and railways, but also in the use of FHA for large aeroplanes (SAE 1996a, b) and air traffic management (ATM) systems (EUROCONTROL 2000). This paper contrasts FHA in SAE and EUROCONTROL and merges the two approaches to form a single procedure. The result is compared with the risk analysis approaches in railways, in particular EN 50126 (CENELEC 2000) and EN 50129 (CENELEC 2002), both from the point of view of standards and practical applications. The pros and cons of the use of FHA in railways are discussed. In fact the application of FHA in the field of railways offers many benefits, which could have a considerable impact on products and standards, but the feasibility cannot be demonstrated merely on the basis of theoretical considerations. There was thus a need for a pilot application of FHA in railway signalling. The initial result of such a feasibility study are described here.
展开▼
