MODSAFE - A Detailed Safety Model for Urban Guided Transport Systems

摘要

In 2012, the four years European Commission Project "MODSAFE" has presented its final results. 22 Urban Guided Transport Operators (London Underground, RATP Paris, Metro Madrid etc.), System Suppliers (Alstom, Bombardier, Ansaldo) and other Institutions (TU Dresden, Budapest University, TUV Rheinland, UITP, UNIFE) had established a Safety and Security Model for Urban Guided Transport Systems including Metros, Lightrails, Tramways and APMs operated in four Grades of Automation, from Line of Sight driving to completely unmanned operations. Basis of the Safety Model is a complex System Hazards and Risk Analysis, including over 1.000 entries and containing all train controls related potential hazards but also hazards related to environmental effects, operations and degraded modes situations. In order to control and cover the hazards, a train control oriented MODSafe Functional Model had been agreed, including some 70 detailed functions in close coherence with the IEC62290 standard. Since the safety related functions are built up by physical entities, a MODSafe Object Model has been researched and agreed, containing a list of generic constituents of train control architectures. In order to derive adequate Safety Requirements, two different Safety Requirement Allocation Processes had been performed for every individual Function and the result checked for consistency. The Safety Requirements are ultimately linked to a THR (Tolerable Hazard Rate) and presented as a SIL (Safety Integrity Level) for every function. As a final result the Safety Requirements/Safety Attributes are allocated to a Spread Sheet between the safety related objects and the safety related function for every Grade of Automation GOA 0-4. The paper presents the rationale of the project and its results as well as an outlook of the applicability and further possible works.