WP2 Final Report - 17 September 2007

Transcription

Tender ERA/2006/ERTMS/OP/01
Survey of Safety Approvals for the first ERTMS implementations
Analysis of Safety Approval Process
Final Report WP2
Subcontractors:
Reference: BV-LZ-FW/KRTC316/WP2
Document Approval
Author
Checker
B. Vittorini
F.Walenberg
Approval
17 September 2007
From the following organisations, the following persons contributed to the study:
•
•
•
•
•
•
KEMA Rail Transport Certification:
o F. Walenberg, Project Manager
o L. Zigterman, WP1-leader
o R. te Pas
RINA:
o F. Caruso, Technical Manager
o B. Vittorini, WP2-leader
Cetren:
o J. Figuera, WP4-leader
o M. Carvajal
o G. Moreno
Attica Advies:
o J. Postmes, WP3-leader
o H. Vas Visser
o W. Oskam
o J. Rimmelzwaan
EBC:
o C. Glatt
o H. Müller
Arsenal Research:
o G. List
Survey of safety approvals for the first ERTMS implementations
WP2 Final Report on Analysis of Safety Approval Process – 17 September 2007
2/161
Summary
This document contains a preliminary collection of information regarding the Safety
Approval Process followed in the different ERTMS projects included in the scope of this
Project. The information is presented in a comparative format aiming at an easy outlining of
commonalities and differences. The process covers the system life cycle defined in the
CENELEC Norm EN50126, although some of its phases may not be fully considered.
The following main issues are included:
•
•
•
•
•
•
•
General information of the line under consideration;
System definition;
Safety aspects:
o Risk analysis;
o Safety requirements;
o System requirements, including safety requirements for components, subsystems and operation;
Suppliers responsibility:
o System design;
o Manufacturing of generic components;
o Installation, configuration and commissioning;
Approval:
o Acceptance verification and tests;
o Formal approval;
Operation, maintenance and monitoring of system performances in revenue service;
Modifications and retrofits.
Note: The items in italics are not mandatory. The user of the guideline was asked to indicate
why the “Non mandatory” subjects are not filled out (lack of information, unknown, not
traceable etc.). In general, this information is deemed not necessary for the objectives of the
study. The structure of this report contains the relevant chapter for each analysed project,
even if it is not actually filled in for the above mentioned reasons.
3/161
Contents
SUMMARY......................................................................................................................................................... 3
CONTENTS........................................................................................................................................................ 4
1
PHASE 1 - SYSTEM CONCEPTS.......................................................................................................... 9
1.1
SYSTEM CONTEXT.............................................................................................................................. 9
The Austria-Italy project: the Brenner Basis Tunnel .................................................................................. 9
The Austrian project: Vienna-Nickelsdorf .................................................................................................. 9
The Belgian projects ................................................................................................................................. 10
The French project: LGV-Est ................................................................................................................... 11
The German project: Berlin-Halle-Leipzig............................................................................................... 13
The Italian projects ................................................................................................................................... 14
The Dutch projects.................................................................................................................................... 17
The Spanish projects ................................................................................................................................. 21
1.2
POLITICAL AND GEOGRAPHICAL CONSTRAINTS ............................................................................... 28
The Austria-Italy project: the Brenner Basis Tunnel ................................................................................ 28
The Austrian project: Vienna-Nickelsdorf ................................................................................................ 30
The Italian Projects .................................................................................................................................. 38
1.3
SAFETY TARGETS / RAMS POLICY................................................................................................... 59
The Austria-Italy project: the Brenner Basis Tunnel ................................................................................ 59
The Austrian project: Vienna – Nickelsdorf.............................................................................................. 60
The German project: Berlin-HalleLeipzig ................................................................................................ 61
2
PHASE 2 - SYSTEM DEFINITION AND APPLICATION CONDITIONS .................................... 66
2.1
THE MISSION PROFILE OF THE SYSTEM ............................................................................................. 66
Austria-Italy project: Brenner Basis Tunnel project................................................................................. 66
Austrian project: Vienna – Nickelsdorf .................................................................................................... 66
French project: LGV-Est .......................................................................................................................... 67
German project: Berlin-HalleLeipzig....................................................................................................... 67
2.2
THE SYSTEM DEFINITION .................................................................................................................. 71
The Austria-Italy project: Brenner Basis Tunnel...................................................................................... 71
3
PHASE 3 - RISK ANALYSIS ................................................................................................................ 80
3.1
HAZARD ANALYSIS AND SYSTEM LEVEL MITIGATIONS ..................................................................... 80
4/161
3.2
SPECIFIC ISSUES ............................................................................................................................... 90
4
PHASE 4 - SYSTEM REQUIREMENTS............................................................................................. 94
4.1
THE AUSTRIA-ITALY PROJECT: BRENNER BASIS TUNNEL ................................................................ 94
4.2
THE AUSTRIAN PROJECT: VIENNA – NICKELSDORF .......................................................................... 94
4.3
THE BELGIAN PROJECTS ................................................................................................................... 95
4.4
THE FRENCH PROJECT: LGV-EST..................................................................................................... 95
4.5
THE GERMAN PROJECT: BERLIN-HALLELEIPZIG .............................................................................. 95
4.6
THE ITALIAN PROJECTS .................................................................................................................... 95
The Rome-Naples HSL.............................................................................................................................. 95
The Torino-Novara HSL ........................................................................................................................... 96
4.7
THE DUTCH PROJECTS ...................................................................................................................... 96
Betuweroute .............................................................................................................................................. 96
Amsterdam - Utrecht................................................................................................................................. 96
HSL ZUID................................................................................................................................................. 96
4.8
THE SPANISH PROJECTS .................................................................................................................... 96
5
PHASE 5 – APPORTIONMENT OF SYSTEM REQUIREMENTS................................................. 97
5.1
THE AUSTRIA-ITALY PROJECT: BRENNER BASIS TUNNEL ................................................................ 97
5.2
THE AUSTRIAN PROJECT: VIENNA – NICKELSDORF .......................................................................... 97
5.3
THE BELGIAN PROJECTS ................................................................................................................... 97
5.4
THE FRENCH PROJECT: LGV-EST..................................................................................................... 97
5.5
THE GERMAN PROJECT: BERLIN-HALLELEIPZIG .............................................................................. 97
5.6
THE ITALIAN PROJECTS .................................................................................................................... 97
The Rome-Naples HSL.............................................................................................................................. 97
The Torino-Novara HSL ........................................................................................................................... 98
5.7
THE DUTCH PROJECTS ...................................................................................................................... 98
Betuweroute .............................................................................................................................................. 98
Amsterdam - Utrecht................................................................................................................................. 98
HSL ZUID................................................................................................................................................. 99
5.8
THE SPANISH PROJECTS .................................................................................................................... 99
6
PHASE 6 – DESIGN AND IMPLEMENTATION ............................................................................ 100
6.1
THE AUSTRIA-ITALY PROJECT: BRENNER BASIS TUNNEL .............................................................. 100
6.2
THE AUSTRIAN PROJECT: VIENNA – NICKELSDORF ........................................................................ 100
6.3
THE BELGIAN PROJECTS ................................................................................................................. 100
6.4
THE FRENCH PROJECT: LGV-EST................................................................................................... 100
6.5
THE GERMAN PROJECT: BERLIN-HALLE-LEIPZIG ........................................................................... 100
6.6
THE ITALIAN PROJECTS .................................................................................................................. 100
The Rome-Naples HSL............................................................................................................................ 100
The Torino-Novara HSL ......................................................................................................................... 103
6.7
THE DUTCH PROJECTS .................................................................................................................... 104
Betuweroute ............................................................................................................................................ 104
Amsterdam - Utrecht............................................................................................................................... 104
5/161
HSL ZUID............................................................................................................................................... 104
6.8
THE SPANISH PROJECTS .................................................................................................................. 104
7
PHASE 7 – MANUFACTURING........................................................................................................ 105
7.1
7.2
7.3
7.4
7.5
THE GERMAN PROJECT: BERLIN-HALLELEIPZIG ............................................................................ 105
7.6
7.7
Betuweroute ............................................................................................................................................ 106
HSL ZUID............................................................................................................................................... 106
7.8
8
PHASE 8 – INSTALLATION.............................................................................................................. 107
8.1
8.2
8.3
8.4
8.5
8.6
8.7
Betuweroute ............................................................................................................................................ 108
HSL ZUID............................................................................................................................................... 108
8.8
9
PHASE 9 – SYSTEM VALIDATION ................................................................................................. 109
9.1
9.2
9.3
The L3 and the L4 HSL ........................................................................................................................... 110
The ETCS Level 1 lines ........................................................................................................................... 110
9.4
9.5
9.6
The Torino-Novara HSL/HCL ................................................................................................................ 113
9.7
Betuweroute ............................................................................................................................................ 114
Amsterdam- Utrecht- HSL ...................................................................................................................... 115
HSL ZUID............................................................................................................................................... 115
9.8
Validation&Verification guidelines ........................................................................................................ 115
Validation procedure .............................................................................................................................. 116
Compatibility and Interoperability issues............................................................................................... 117
10 PHASE 10 – SYSTEM ACCEPTANCE ............................................................................................. 119
10.1
10.2
10.3
The L3 and the L4 HSL ........................................................................................................................... 119
The ETCS Level 1 lines ........................................................................................................................... 120
10.4
6/161
10.5
10.6
Torino-Novara HSL/HCL ....................................................................................................................... 123
10.7
Betuweroute ............................................................................................................................................ 124
HSL ZUID............................................................................................................................................... 125
10.8
Complementary tests............................................................................................................................... 127
11 PHASES 11-12 OPERATION, MAINTENANCE AND MONITORING ...................................... 129
11.1
11.2
11.3
The L3 and the L4 HSL ........................................................................................................................... 129
Belgian ETCS level 1 lines...................................................................................................................... 129
11.4
11.5
11.6
Torino-Novara HSL ................................................................................................................................ 130
11.7
Betuweroute ............................................................................................................................................ 130
HSL ZUID............................................................................................................................................... 130
11.8
12 PHASE 13 – MODIFICATION AND RETROFIT............................................................................ 132
12.1
AUSTRIA-ITALY PROJECT: BRENNER BASIS TUNNEL PROJECT ....................................................... 132
12.2
VIENNA-NICKELSDORF .................................................................................................................. 132
12.3
12.4
12.5
12.6
Torino-Novara HSL ................................................................................................................................ 133
12.7
Betuweroute ............................................................................................................................................ 133
Utrecht-Amsterdam HSL......................................................................................................................... 133
HSL ZUID............................................................................................................................................... 133
12.8
13 ANNEX .................................................................................................................................................. 134
13.1
REFERENCES FOR THE AUSTRIAN PROJECTS .................................................................................. 134
13.2
REFERENCES FOR THE GERMAN PROJECTS ..................................................................................... 134
European Directives, Standards and Specifications ............................................................................... 134
National Rules & Regulations................................................................................................................. 135
DBAG Regulations................................................................................................................................. 135
DBAG Pilot Documentation .................................................................................................................. 135
Suppliers´ (“Consortium”) Documentation (RBC Docu as an example) ............................................... 136
Verification & Validation ....................................................................................................................... 138
Assessment .............................................................................................................................................. 138
Approval & Acceptance .......................................................................................................................... 138
Conformity .............................................................................................................................................. 141
13.3
REFERENCES FOR THE ITALIAN PROJECTS ...................................................................................... 141
Laws and Norms ..................................................................................................................................... 141
European Norms and Standards ............................................................................................................. 142
RFI Norms and Standards ...................................................................................................................... 142
7/161
13.4
SPECIFIC REFERENCES FOR THE TURIN-NOVARA PROJECT ............................................................ 149
RFI Specifications and assessment documents ....................................................................................... 149
Suppliers Documents .............................................................................................................................. 154
13.5
REFERENCES FOR THE DUTCH AND BELGIAN PROJECTS ................................................................. 156
13.6
REFERENCES FOR THE SPANISH PROJECTS ...................................................................................... 156
LIST OF ABBREVIATIONS AND ACRONYMS ...................................................................................... 157
8/161
1
Phase 1 - System Concepts
1.1 System Context
This section is intended to provide the following information:
•
•
•
Official identification of each individual project under consideration.
Project organisation: the infrastructure owner, the railway authority1, the system
integrator, the train operators, the safety authority, the independent safety assessors,
and the notified bodies.
Roles and responsibilities of each entity.
The Austria-Italy project: the Brenner Basis Tunnel
The line, presently in the final design phase, constitutes the central part of the VeronaMunich line that will be integrated in the TEN Corridor 1 from Berlin to Palermo. It is 55.6
km long (32.6 km in Austria and 23 km in Italy) within a twin, single rail tunnel system
from Fortezza-Italy to Innsbruck-Austria (circulation at left in Italy, at right in Austria).
It is foreseen for mixed traffic: High speed traffic (200 km/h) for international passenger
transport (20% of the overall traffic), conventional light (160 km/h) and heavy (100 km/h)
freight trains (80% of the traffic). Traffic forecast: 140 trains per day and per running
direction. The minimum heading has been set to 7.5 minutes. The line will be powered at
2x25 kV/50 Hz.
The Parties involved are:
•
•
•
•
•
Inframanager: BBT SE (Brenner Basis Tunnel, a company owned by RFI, OEBB
and the Tyrolean Region)
System design: PGBB (an Austro-Italian Consortium)
Design Verification: RABBIT Consortium (RINA-ARSENAL) assessing the
conformity of the design to the CC&S TSI and to the applicable Austro-Italian
Norms and Specifications.
Operating companies:N/A in this phase
Suppliers: N/A in this phase
The Austrian project: Vienna-Nickelsdorf
The line characteristics are:
•
Conventional line from Vienna Southern Railway station (km 3.659) to Hungarian
border after Nickelsdorf (km 67.506). It constitutes the Austrian part of the Vienna –
Budapest line. As the station in Vienna (Vienna central station / Wien
Zentralbahnhof) has currently started to be rebuilt, the line will be equipped into the
station at a later time.
1
The term “Railway authority” is used here to refer to the body that is in charge of the safety approval
according to the national law or regulations (sometimes not yet compliant with the Directives). This could be
for instance an Infrastructure Manager, a NSA or an other body.
9/161
•
Rolling Stock: 13 (already nationally approved) locos of type 1116 are to be
equipped with ETCS equipment
The involved parties are:
•
•
•
•
•
•
•
•
Infrastructure owner: ÖBB BAU AG
Inframanager: ÖBB Betrieb AG
System integrator: ARGE Euroloop - contract with ÖBB
Suppliers: ARGE Euroloop consisting of Siemens AG-Österreich, responsible for the
train-borne system and a small part of the trackside system and Thales (until end of
2006: Alcatel Austria AG), responsible for the large extent of the trackside
subsystem) - contract with ÖBB
Train operators: ÖBB Traktion (currently the only one to be equipped with ETCS),
Gysev, Wiener Lokalbahnen (WLB) - licenced railway undertakings
Safety Authority: Federal Ministry of traffic and information technologiesresponsible by law
Independent Safety Assessors: IPW - contract with manufacturer
Notified Body: Arsenal Research (0894) - contract with ÖBB
The Belgian projects
The L3 and the L4 HSL
The high speed lines L3 (Luik – German/Belgian border) and L4 (Antwerp – Dutch/Belgian
border) are built to achieve a performance of up to 300 km/h and a 3-minute headway under
continuous speed supervision provided by ERTMS/ETCS Level 2. The ERTMS/ETCS
Level 2 is supplemented with ERTMS/ETCS Level 1, which takes over in case the former
experiences a failure, while offering parallel operations in a mixed level application.
These two separate lines are divided into three structural and two functional subsystems.
These subsystems are subject to EC verification against their respective Technical
Specifications of Interoperability (TSI) of Directive 96/48/EC.
The L3 line is 139 km long, while the L4 line is 87 km long.
Infrabel, part of NMBS-Holding, is the Infrastructure operator since January 1st 2005.
Infrabel is controlled by the Belgian Federal State. NMBS-Holding also exploits the train
operation (NMBS).
Certifer is the Notified Body for the L3 and the L4 lines, whereas Belgorail is the NoBo for
the rest of the network and assessor of national functionalities (also for L3 and L4). Certifer
also checks or prepares every decision (Safety Assessment) that is taken by a division of the
responsible Ministry that acts as National Safety Authority (NSA).
The ETCS Level 1 conventional lines
The project concerns the roll-out of ETCS Level 1 (just the equipment) over the Belgian
conventional railway network.
The infrastructure owner/manager is Infrabel, which is part of the NMBS (SNCB) holding.
The main train operator involved is NMBS (SNCB), which is the other entity under the
NMBS (SNCB) holding.
10/161
The Safety Authority is currently being organised within the Ministry of Transportation.
For phase 2, KEMA Rail Transport Certification is the ISA and the Notified Body for the
trackside equipment.
The French project: LGV-Est
This project is identified as « Pilote ERTMS Est Européen » (pilot East European ERTMS)
(PEEE).
This high speed line will connect Paris-Gare de l’Est to Frankfurt Main Station. In the final
stage of implementation it will be 406 km long.
The following project information has been derived from the PEEE Safety Plan [ “Project
PEEE sous project Equipement Sol, plan de securité, v 02, 16 nov. 2004).
Role and responsibilities of the involved organisations are as follows (see Figure 1):
• The Infrastructure Owner is RFF (Réseau Ferré de France)
• The National Safety Authority is SIST (Securité des Infrastructures)
• The Notified Body is CERTIFER
• The Independent Safety Assessor for the trackside systems is SNCF
• The Independent Safety Assessor for the train borne systems is SNCF
• The Independent Safety Assessor for the Integral Safety is SNCF
The evaluation is carried out at two levels:
•
A safety team from SNCF engineering division ensures the overall coherence of
safety. The safety team’s tasks are described in the table below.
• RFF has entrusted CERTIFER with the evaluation of the ERTMS system in the
framework of the OSTI contract & Notified Body. (ref: Project PEEE: Sub-project
Safety Plan Equipment, F3SJ0601, v. 011).
RFF is the owner of LGV Est and the promoter of the PEEE project, and as such is
responsible for safety on these projects.
RFF entrusts the supply and implementation of equipment to LGV EST Européen to the
manufacturers, who must provide evidence of the assured safety of the equipment delivered.
In accordance with European regulations, this evidence must be evaluated by an
independent organisation.
RFF entrusts SNCF direction de l’Ingénierie (engineering division) with study and works
management assignments, known as ‘engineering assignments’.
In the context of the engineering assignments SNCF must in particular:
•
•
•
ensure, validate and approve the sub-system project,
establish all operational rules,
evaluate the safety evidence supplied by the manufacturers for each delivered
component,
• provide evidence to RFF that all safety requirements are complied with in the system
(all components delivered to RFF).
The tasks described above are also known as ‘integration tasks’.
11/161
In observance of the decree [SRFN] RFF entrusts an OSTI (Certifer) with the task of
evaluating safety on the whole project. Certifer will also ensure the Notified Body
assignment and must issue an EC verification declaration certifying that the command &
control and signals sub-system complies with the provisions of decree 2001-129 (pending
transposition of the directive 96/48/EC).
An “Engineering Activities Safety File” is prepared on all the activities contributing to the
demonstration and construction of industrial and engineering safety in the context of the
PEEE.
RFF supplies this file, which is subject to evaluation by CERTIFER (OSTI and ON), to
SNCF IES who prepares the Safety File.
RFF promotor of LPEEE projet, owner of LGV
Est project
OSTI/ON
SNCF IES
SNCF Engineering
Manufacturers
Figure 1 – LPEE Project organisation
The engineering activities of the PEEE trackside project are entrusted to the ERTMS sector
of technical division of engineering division. The ERTMS head of sector, the Project
Manager, is responsible for the safety of the PEEE sub-project and must set up the
organisation and means necessary for safety in all the activities of the PEEE sub-project in
accordance with this plan.
The OSTI/ON awarded for this project is Certifer. The identification number assigned by the
European Commission is 942 (Notified Body - directive 96/48). The COFRAC accreditation
certification number is 5-0023 (standard NF EN 45011 and COFRAC application rules –
Section D – under section DM – Transport Materials). This accreditation is valid until
31/11/2008.
12/161
The German project: Berlin-Halle-Leipzig
The line identification is “B-H/L”, Berlin-Halle-Leipzig.
The infrastructure owner of the BHL line is “Deutsche Bahn Netz AG” (Theodor-HeussAllee 7, D-60486 Frankfurt am Main).
The railway authority acting as a contact person and legal entity for all aspects like concept
preparation, development, operational questions, etc. for the BHL project is the “Deutsche
Bahn AG” (Potsdamer Platz 2, D-10785 Berlin) and their subsidiary companies,
respectively.
No "system integrator" has been explicitely defined, however the customer was undertaking
most tasks of integration. The suppliers´ consortium as well played an important role in the
processes of system integration. According to TSI CCS the railway undertaking and
infrastructure manager have to declare conformity and EC-verification. Both acts of
declaration are planned to be committed to the suppliers´ consortium. More detailed
information on this intention is not available in the moment.
For the moment “DB Fernverkehr AG” (Stephensonstr. 1, D-60326 Frankfurt am Main),
“DB Regio AG” (Stephensonstr. 1, D-60326 Frankfurt am Main), “Railion Deutschland
AG” (Rheinstr. 2, D-55116 Mainz), “InterConnex” (Ostseeland Verkehr GmbH,
Ludwigsluster Chaussee 72, D-19061 Schwerin) and “Dispolok GmbH” (GeorgReismüllerstr. 32, D-80999 München) are present on the BHL line as railway undertakings.
The safety authority charged with the national approval and acceptance procedures for BHL
is the “Eisenbahn-Bundesamt EBA” (Vorgebirgsstr. 49, D-53119 Bonn).
Nearly all verification, validation and assessment according to the refernced CENELEC
norms (see Chap. 13.2) have been performed by inhouse test control centres
("Prüfleitstelle" PLS) of the two main components´ suppliers SIEMENS and
ALCATEL/THALES. Both have been accredited as Qualified Development Organisations
("Qualifizierter Entwicklungsbetrieb") by the EBA, additionally fulfilling the requirements
of [DB 9]. Hence they are permitted to operate their own - yet independent (conforming [DB
4], [DB 5], [DB 6]) - proving and test departments for verification, validation and
assessment tasks. Independency of verification, validation and assessment is ensured by
self-responsibility and stringent EBA control. Some audits (according to module D, [DB
16]) have been performed by TÜV InterTraffic GmbH (TÜV Rheinland Group).
“Eisenbahn Cert EBC” (Vorgebirgsstr. 43, D-53119 Bonn) acts as “Notified Body
Interoperability” according to EC directives, as well as to the national regulations [DB 19],
[DB 20], that transfered the interoperability directives into German regulation. The EBC located at the Eisenbahn-Bundesamt (EBA) and accredited as independent and autonomous
organisation under public law – was commissioned for the conformity and EC examinations
for both trackside and onboard equipment. However the two PLSs were subcontracted by
EBC to perform most of the examinations. Some audits have been done by EBC himself or
TÜV InterTraffic GmbH. EBC did not perform any technical examinations for BHL.
13/161
The Italian projects
The Rome-Naples HSL
The Rome-Naples HSL is a section of the High Speed / High Capacity Line Milan-Naples.
The entities/companies involved in the project and their roles are listed in the following
Table 1.
Company
RFI
Role
Customer, Safety Authority, Railway Authority, Safety Assessor
TAV
ITALFERR
IRICAV
TRENITALIA
SATURNO
Purchaser
Work Director
General Contractor
Train Operator
Technological System Integrator and Trackside Subsystem Valuator. Saturno is a
consortium including Ansaldo, Alstom, Bombardier and Sirti.
Supplier of Solid State Interlocking, Encoder and Eurobalise. For the supplied products –
subsystems the company performed Design, Verification and Validation activities for the
Generic Product, Generic and Specific Application. ASF supplied also the traffic
supervisory system (SIL 0 system)
Supplier of On-Board subsystem, RBC subsystem and wayside track-circuit sub-system.
For the supplied products – subsystems the Company performed Design, Verification and
Validation activities for the Generic Product, Generic and Specific Application.
Supplier of Hot Axel Box Detector and Braked Wheels Detector subsystem
Supplier of Telecommunication sub-system (Long Distance network and GSM-R network
– Nortel Technology)
ANSALDO
(ASF)
ALSTOM
BOMBARDIER
SIRTI
Table 1 – Entities/Companies involved in Rome-Naples HSL
The RFI “Direzione Movimento” and “Direzione Manutenzione” are the Customers.
Different departments of “Direzione Tecnica” had the following tasks:
• System Requirement Specification delivery;
• Assessment and Acceptance of the system.
The Rome and the Naples “Direzione Compartimentale Movimento” are the Railway
Authorities supported by the corresponding “Direzioni Compartimentali Infrastrutture”.
The tasks of each RFI structure are indicated with more details in the following table:
Dept.
PATC
PATC
PATC
PATC
PATC
CESIFER
PACS
CC
Structure
“Specificazione Requisiti di Sistema e
Applicazione Sistemi ATC”
“Omologazione Sottosistema di Terra
(SDT/SST)“
“Omologazione Sottosistema di Bordo
(SDT/SSB)“
“Prodotti a Tecnologia Innovativa“
Task
System specification; functional assessment and
acceptance; SDT, SST and SSB system homologation;
products functional assessment and homologation
System specification; functional assessment and
acceptance
SDT/SST functional assessment and acceptance
SDT/SSB functional assessment and acceptance
Product functional assessment and acceptance
SSB functional assessment and acceptance
Interlocking System functional assessment and acceptance
Systems, subsystems, products Safety Integrity Level
assessment; assessment of systems and components
interoperability.
14/161
Dept.
CC
Structure
“Valutazione di Sicurezza (Assessment) “
CC
SS
SS
“Certificazione Standard di Interoperabilità“
“Impianti“
“Tecnologie di Base
Task
Systems, subsystems, products Safety Integrity Level
assessment
Assessment of systems and components interoperability.
Interlocking logic assessment and homologation
Hot Axle Box Detector System and wayside objects
assessment and homologation
Table 2 - RFI departments related to the Rome-Neaples HSL Project
The responsibilities of the RFI structures in the assessment process are shown with more
details in the following Figure 2, Figure 3 and Figure 4.
GA ETCS System - CC
GA System CC - VdS
GA System
PATC - SRS
GA SST SDT - CC
GA SDT
CC - CSI
GA SSB - CC
GA SDT
CC - VdS
GA SDT
PATC - OSST
GP RBC - CC
GA SSB
CC - VdS
GA SSB
PATC - OSST
GP SSB - CC
GP RBC
CC - CSI
GP RBC
CC - VdS
GP SSB
CC - VdS
GP RBC
PATC - PTI
GP SSB
PATC - PTI
Coulor Meaning:
Functional Assessment
Interoperability Assessment
Safety Assessment
Overall Assessment
Figure 2– Assessment process of the ETCS System
15/161
GA Interlocking Subsystem GdV - CC
GA – CC VdS
GP NVP + GAT
GP CC - VdS
GA PACS
Logic – SS I
Wayside Objects
RTB System
SS - TB
SS - TB
GP PACS- PTI
Coulor Meaning:
Functional Assessment
Safety Assessment
Overall Assessment
Figure 3– Assessment process of the Interlocking System
GA System SSAV - CC
GA SSAV
CC - VdS
GA SSAV
DT
GA GdV
GA ETCS
(see f. 2)
(see f. 1)
Coulor Meaning:
Functional assessment
Safety Assessment
Overall Assessment
Figure 4– Assessment process of the Rome-Naples CCS sub-system
16/161
The Torino -Novara HSL
The line characteristics are:
•
Typology: High speed/ High Capacity line for mixed passenger and freight trains
linking Torino to Milano. The only section Torino-Novara is presently in operation
at 300 km/h.
• Maximum speed: 300 km/h
The detailed organization is similar to the one in place for the Rome-Naples Project, with
some differences in the suppliers.
The involved parties are:
•
•
•
•
•
•
•
•
•
•
Infrastructure manager: RFI
Safety Authority: RFI
Assessor: RFI
Integration of existing rules with new rules applicable to ERTMS/ETCS Lev. 2: RFI
and the Transportation Ministry.
Operating companies (to date): Trenitalia
General Contractor: Consortium CAVTOMI
System Integrator: Saturno Consortium composed of Ansaldo, Alstom, Bombardier
and Sirti. In addition to System Integrator Saturno has also been the Trackside
Subsystem Validator.
Suppliers:
o Ansaldo Signal for RBC and Interlocking subsystem including ATIS audio
frequency track circuit, Encoders and Eurobalises. For the supplied products
– subsystems the company performed Design, Verification and Validation
activities for the Generic Product, Generic and Specific Application. ASF
supplied also the traffic supervisory system (SIL 0 system). The Ansaldo onboard sub-system is undergoing pre-operational acceptance tests.
o Alstom Ferroviaria for the on board subsystem and wayside objects track
circuits. For the supplied products – subsystems the Company performed
Design, Verification and Validation activities for the Generic Product,
Generic and Specific Application.
o Bombardier for Hot Axle Detector and Braked Wheels Detector
o Sirti for telecom subsystem including Long Distance Network and GSM-R
Network (Siemens Technology)
EC Conformity verification: SciroTÜV Mod. SH2.
The organization of the assessment process has been very similar to the one adopted
for the Rome –Naples line, described in the previous chapter.
The Dutch projects
Betuweroute
The Betuweroute is a new international and domestic line designed for freight transport
only. It is 160 km long and connects the Europe’s biggest harbour, Rotterdam, with the
German border.
17/161
It is equipped with a ERTMS Level 2 system only (no fall back). Some area’s, Kijfhoek en
Zevenaar are equipped with ATB, the Dutch Legacy system, because in this area the
Betuweroute is integrated in the national system.
The line has been put into operation officially on June 16th 2007 by the Dutch Queen. Until
now, there is little operational experience.
To date, the train-infrastructure integration tests have not yet been completed. Immediately
after the official opening of the line, trains were only allowed to enter into the line after the
previous train had cleared it.
Only the A15 section from Kijfhoek to Zevenaar (107 km) is equipped with ERTMS at this
moment. The Western part (West of Rotterdam/Kijfhoek) will be equipped later.
The number of trains per day will be limited heavily by the capacity of the German lines that
connect the Dutch Betuweroute with the Corridor Rotterdam-Genoa.
All trains will at least have to be equipped with ERTMS as there is no other system installed
on the Betuweroute.
About ten freight operating companies, such as Raillion by far the biggest one, will operate
freight trains on the Betuweroute.
Keyrail is a new company, established to manage the exploitation and maintenance of the
Betuweroute, separately of the rest of the Dutch Infrastructure, managed by ProRail. ProRail
however, still plays an important role in the transition of construction and tests to regular
operating.
The Safety Authority is IVW (www.ivw.nl). IVW which stands for “Inspectie Verkeer en
Waterstaat”, is the National Safety Authority. It is a department of the Ministry of
Transportation, reporting directly to the Minister and is therefore independent of the
Inframanager, Train Operating Companies and Suppliers. All infrastructures added to the
Dutch infrastructure and all trains running on this infrastructure have to be admitted by this
organisation.
The trackside Supplier is the Consortium Alstom Movares
Different safety assessors have been contracted for the integral Betuweroute project:
•
An ISA for the generic safety system Bev21(In this case the Dutch adaptation of an
Alstom safety system)
• An ISA for the Specific Safety Case of the Betuweroute. The BR A15 Trackside
Safety Case is available, including ISA report, for Alstom Bev21 A15 v3.4
configuration
• Alstom has its own ISA for the Safety Case of its equipment included in the Bev21
Safety Case.
These companies are in al cases experienced independent companies on the area of
certification, contracted by each of the involved parties.
Steps are not yet taken to have the track certified by a NoBo. Although the Infrastructure
provider ProRail intends to approach the ideal situation as close as possible, the IMdeemes it
impossible at this moment , due to the limited maturity of the TSI’s and lack of earlier
references.
The Trackside Assembly shall finally comply with ERTMS SRS vers. 2.3.0.
18/161
At this moment about 100 locomotives (10 different types) are in different stages of
preparation for operation on the Betuweroute. Also in this case a process is followed that
approaches the ERTMS type approval as close as possible.
A starting requirement for the acceptance of a train type is a Declaration of Conformity of
all used ERTMS Interoperability Constituents, certified by a NoBo, and a Declaration of
Verification for the Train borne Subsystem, also certified by a NoBo, as well as a completed
CENELEC Safety Case for the trainborne Command and Control On Board Assembly,
assessed by an ISA, with no blocking findings.
Amsterdam - Utrecht
The Amsterdam – Utrecht is part of the Dutch Railway Network. Several operators (26) run
on this line. The line has to fulfil all the present regulations of the existing railway network.
ProRail – the infrastructure manager – is the system integrator as well.
The maximum design speed for the line is 200 km/h. It is only for international and
domestic passenger trains. The line speed is now 140 km/h.
The line speed will be raised to 200 km/h when the trains and the infrastructure have
switched over the traction voltage from 1500 Volt dc to 25 kV ac and the signaling system
from ATB (ATP) to ERTMS level 2.
The line is 30 km long and interconnects with the rest of the ProRail Network.
The involved Parties are :
•
•
•
•
Infrastructure manager - ProRail
Safety Authority - Railway divison of IVW (Transport and Water management
Inspectorate)
Suppliers Trackside: Bombardier has delivered the signalling equipment
Operating companies: There are at the moment 26 operators (International traffic,
domestic passengers traffic and freight traffic)
HSL ZUID
Scope of the HSL ZUID project is the high speed transportation system at the south of the
Netherlands towards Belgium.
The HSL ZUID runs from Amsterdam via Schiphol and Rotterdam to the Belgian border,
with connections to The Hague and Breda. On the HSL route, the high-speed trains run on
newly laid, double track rails, wherever it is possible to travel at such high speeds. However,
from Amsterdam to just beyond Schiphol Airport and at the other HSL stations, the high
speed trains travel on existing tracks. Accordingly, the HSL line connects with existing lines
in five locations: Hoofddorp, Rotterdam-West , Rotterdam-Lombardijen, Zevenbergschen
Hoek and Breda.
Regular trains in the Netherlands use 1.5 kVdc and have a capacity of 6 MWatt. The high
speed trains on the HSL-Zuid are fed with 25 kVac (50 Hz). Trains using both the regular
Dutch network and the new European network must be able to switch between the two
systems.
19/161
Along the HSL track, spanning around 100 kilometres, no less than 170 civil engineering
structures, such as viaducts, fly-overs, dive-unders, bridges and tunnels have been built.
This Project has been contracted in several parts:
•
The Infraspeed provider for the superstructure including the CCS sub-system; the
Infraspeed consortium delivers through a Design-Build-Finance-and-MaintainContract the Superstructure and provides the maintenance of superstructure and
substructure over a period of 25 years. Payment of the Infraspeed Consortium will be
related to the availability of the line.
• The transport concession.
• The contracts to provide the substructure.
• The Railway Act: ProRail (Inframanager and also amongst others fulfilling the
function of Traffic Control/Operation of the 25kV and Tunnel installations on the
line.
• The agreement with the Belgium State.
The involved Parties are:
•
•
•
•
•
•
•
•
•
•
•
The Infrastructure Owner: the State of the Netherlands.
The Inframanager (=Railway Authority): ProRail (www.prorail.nl ).
The Safety Authority: the Railway division of the IVW (Transport and Water
Management Inspectorate) (www.ivw.nl)
The train operator: the High Speed Alliance company - HSA (
www.highspeedalliance.nl), with commercial name HIspeed (www.nshispeed.nl).
The system integrator: the project organisation HSL Zuid acting on behalf of the
principal stakeholder, the State of the Netherlands
The Independent Safety Assessors:
For Infraspeed supplier of superstructure including CCS: Railcert and DeltaRail;
For HSA, the train operating company who has ordered rolling stock: safety
assessors contracted by suppliers of the rolling stock.
The Notified Bodies:
For the trackside assembly: Railcert (www.railcert.nl )
For the trainside: suppliers of rolling stock who have contracted Lloyds.
The Figure 5 below shows roles and responsibilities related to the CCS certification and
safety approval.
20/161
RWS / HSL
Integral Safety Case
L 4 by Infrabel
Lux-control
Integral Safety Case
HSL Zuid traffic
system
RWS / HSL
IVW (inzetcertificaat)
RWS / HSL
A il bilit P i d S f t
Railcert (TÜV/EBC)
Suppliers*
Deltarail
Supplier*
Availability Period Safety
Case
Trackside assembly
Functionality
Assessment
Safety case by supplier
On board assembly
Generic Application
Safety
Case & Specific
Application Safety
Case for conv. track
To be done by suppliers of rolling stock;
•
Interoperability
Assessment
V250: Ansaldo delivers a certified train including
ERTMS
•
Traxx: certified train delivered by Angels Trains,
certification by Lloyds
Safety
Assessment
•
Thalys, certified by France, Lloyds certified the
STM-ATB
Overall Assessment
The Integral Safety Case of the L4 and the HSL
Zuid have to be aligned in order to assure the safety of
the interface between the two lines
Figure 5 – Relationship between diferent bodies in HSL ZUID
The Spanish projects
This report provides basic information related to the implementation and safety approval of
the ERTMS projects that are currently under different status of development in Spain. They
include High Speed and Conventional Railways projects as well:
•
Madrid-Zaragoza-Barcelona that connects the two biggest Spanish cities
(>4.000.000 inhabitants each), and will be extended up to the French border, fully
equipped with ERTMS. In service the sections Madrid-Zaragoza-Lleida and LleidaRoda de Bará (Tarragona). It will be completed by the end of the year 2007.
Maximum speed in this moment is 300 Km/h. Maximum planned speed is 350
Km/h.
21/161
•
•
•
•
La Sagra Toledo: a small branch with the singularity of being equipped with LZB +
ERTMS. Maximum speed is 300 Km/h.
Figueras-Perpignan: ERTMS, crossig border Project. Maximum speed is 350 Km/h.
Córdoba-Málaga: the Córdoba-Antequera section is already in operation. It will be
completed by the end of the year 2007).
Madrid-Valladolid: presently under construction.
Ownership of the Spanish Infrastructure
In Spain, there are several publicly- owned railway networks. The owners of these networks
are the State, the Autonomous Regions, or the Railway Infrastructure Administrator (ADIF).
Spanish State has full powers over the General Interest Railway Network (RFIG). The
General Interest Railway Network comprises all the essential railway infrastructures
necessary to guarantee a common transport system throughout the national territory, or
infrastructures whose joint administration is necessary for the correct operation of the
common transport system, such as those connecting to international traffic routes, linking
different autonomous regions and their connections and accesses to the main population
centres and transport nodes, or to facilities which are vital to the economy and national
defence. The General Interest Railway Network includes all the railway infrastructures
managed by RENFE, before its reconversion on 1 January 2005, and those whose
management has been assigned to the ADIF or is the responsibility of the Ports Authority in
the general interest ports. The metric gauge network managed by FEVE is also a part of the
RFIG.
The decisions as to the inclusion or exclusion of railway infrastructures in the RFIG must be
approved by the Ministry of Public Works, with a prior report from the autonomous regions
implicated, whenever this is justified for reasons of general interest. The autonomous
regions may request the transfer of any infrastructures which are agreed to be excluded from
the RFIG.
On the other hand the Autonomous Regions may assume powers on railway infrastructures
whose routes are situated entirely in their territories.
The Ministry of Transport (“Ministerio de Fomento”)
The Ministry of Transport is in charge of the administration of the railway sector as a whole.
According to the Railway Sector Act 39/2003 of 17 December, its main responsibilities are:
•
strategic planning for the railway sector, as regards both infrastructures and
provision of services
• general planning and regulation of the railway system, particularly in all matters
relating to safety and the interoperability of the railway system, as well as to
relations between the different agents in the sector
• defining objectives and supervising the activity of the public railway companies,
ADIF and RENFE, and their financing system
For more details on the Ministry’s areas of responsibility, see art. 81 of the Act.
As the Directive 2004/49/EC on Railway Safety has not yet been transposed to the Spanish
Legislation, there is not any National Safety Authority (NSA). Its functions are fulfilled by
22/161
the Ministry of Transport through the Railway General Directorate according to the Railway
Sector Act 39/2003, Real Decreto 2387/2004 and Orden Ministerial 233/2006.
Railway Infrastructure Administrator (ADIF)
ADIF was set up by the Railway Sector Act 39/2003 of 17 December. The ADIF by-laws
were established in Royal Decree 2395/2004 of 30 December 2004. It began operating on 1
January 2005. ADIF is a public company, independently managed within the limits
established by its regulations, and is part of the Ministry of Public Works. It has its own
separate legal personality, is fully qualified to operate in the fulfilment of its objectives, and
has its own assets. Its primary purpose is the management and construction of railway
infrastructures.
ADIF manages the network owned by itself and almost the whole of the general interest
railway network (RFIG). ADIF currently manages a) as a commercial operation, the new
high-speed and UIC gauge lines which are included in their inventory (Madrid-Seville, with
the Toledo branch line, and Madrid-Zaragoza-Lleida; a total of 1,010 Km) and, b) by
assignment from the State, the conventional Iberian-gauge network (11,780 Km), through an
agreement subscribed for the management of this nationally-owned network.
ADIF, as well as administering (operation and maintenance) the railway infrastructures
mentioned above, is also responsible for the construction of new lines by order of the State,
either owned by ADIF itself, financed with their own resources, or nationally-owned and
financed with resources from the national budget. ADIF is currently building the MadridValladolid section of the Madrid-Valladolid-Vitoria-French border line, the LleidaBarcelona and Barcelona-Figueras sections of the Madrid-Barcelona-French border line, the
lines in the Madrid-Valencia Autonomous Region-Murcia corridor, the Cordoba-Malaga
section of the Madrid-Andalusia corridor, and the tunnels in the Pajares and the OrenseSantiago section of the north-east corridor.
For more information on the ADIF’s areas of responsibility and functions, see art. 21 of Act
There is only one exception: the high speed connexion between Figueras (Spain) and
Perpignan (France). In 1995 the Spanish government and the French government signed an
agreement for the construction and the operation of this new line by a concession contract.
The concession was given, by a public tender, to TP Ferro, a society under Spanish law
shared by the Spanish holding ACS and the French holding Eiffage. The concession is for
50 years, including the 5 years necessary for the construction.
RENFE-Operadora
The current RENFE was created as a public company by the Railway Sector Act 39/2003 of
17 December. RENFE’s by-laws were established in Royal Decree 2396/2004 of 30
December 2004. It began operations on 1 January 2005.
RENFE was created by the segregating of the business units providing railway services and
other commercial activities from the previous vertical railway company.
RENFE is a public company, independently managed within the limits established by its
regulations, and is part of the Ministry of Public Works. It has its own separate legal
personality, is fully qualified to operate in the fulfilment of its objectives, and has its own
assets. Its purpose is to provide passenger and goods transport services by rail and other
23/161
complementary services, and activities connected to railway transport. It also is responsible
for the maintenance of railway rolling stock.
RENFE will continue to receive remuneration from the State for public service obligations
in providing regional and local commuter passenger services. The long-distance and highspeed passenger units are managed as commercial operations, as is the cargo unit, the only
one which has been opened to competition by other operators starting in 2006.
RENFE has been granted a renewal of the licence authorising it to transport passengers and
goods on the national railway network.
Other railway companies
According to European and Spanish regulations, since 1 January 2006, all railway
companies with European licences will have unrestricted access to the whole of the General
Interest State Network for providing international or national freight transport by rail. To
qualify, they must apply for the corresponding capacity (slot) from the ADIF, following the
established procedure. At the time the capacity is granted, they must also be in possession of
the safety certificate required for permission to operate, with their rolling stock and driving
staff, on the requested routes.
As of 1 January 2006, the Ministry of Transport has granted licences for new railway
companies,. All these new railway companies will carry out their activities in freight
transport by rail.
At the present time ERTMS is implemented only in the High Speed Lines, which are
foreseen for passenger traffic only. Freight companies operate in the conventional network
that will not be equipped with ERTMS in the short term. Therefore the freight operators will
not be affected by ERTMS regulations and rules.
Railway Regulatory Committee
The Railway Regulatory Committee is the regulatory body for the railway sector. It is a
registered body which is part of the National Infrastructure and Planning Agency of the
Ministry of Public Works. It comprises a president and four spokespeople who are highranking government employees in the Ministry of Transport and appointed by the Ministry,
and a secretary, appointed by the committee itself. The length of the mandate, termination,
incompatibilities and functions of the committee members are established in Royal Decree
2387/2004.
The objectives, functions and responsibilities of the committee are:
•
•
•
•
•
•
•
To safeguard the plurality of the railway services.
To guarantee the equality of all the operators in the conditions of access to the
market.
To ensure that the instructions comply with the regulations and are not
discriminatory.
To resolve any conflicts between the ADIF and the railway companies, in connection
with:
The assignment and use of the safety certificate.
The application of the declaration’s criteria to the network.
The procedures for assigning capacity.
24/161
•
•
The amount, structure and application of tariffs to the operators.
Resolving conflicts between railway companies in the event of actions intended to
obtain discriminatory treatment in the access to infrastructures or services.
• Interpreting the clauses in licences and authorizations for providing public interest
services, and providing information in the bidding process.
• Informing and advising the Ministry of Transport and the regional authorities on
railway matters, particularly those which may affect the development of a
competitive railway market
The Regulatory Committee will exercise its functions in accordance with the authority
granted under Act 16/1989 to the bodies established for the defence of free competition.
There is an information and coordination system in place between the Committee and the
Service for the Defence of Free Competition.
The Committee will act ex office or at the request of the interested party. The Committee’s
resolutions are binding on the parties operating in the scope of the railway, but may be
appealed before the Ministry of Public Works. Non-compliance with the resolutions will be
penalised according to Act 39/2003.
The Safety Authority
At the present time, the National Safety Authority (NSA) in Spain is the Railway General
Directorate, located at the Ministry of Public Works, according to the Railway Sector Act,
Royal Decree 2387/2004 and Orden Ministerial 233/2006. This Railway General Directorate
is in charge of delivering the safety authorizations for putting into service any Infrastructure
and Rolling Stock. The technical support for safety aspects relies on the ADIF Safety
Directorate.
There is an ongoing study for the creation of an independent Railway Agency which will
assume those functions shortly. In the meantime, the ADIF is playing a double role in the
safety authorization process. From one side, as infrastructure construction manager, is a
demander of safety approval, so as the construction departments of the Ministry itself. On
the other side, the Safety Direction of ADIF, acting as independent body, is in charge of the
verification of the correct application of the safety prescriptions and delivers the
certifications of the compliance with safety conditions required for the railway operation.
The Independent Safety Assesors
The interim provision of the Royal Decree 355/2006 of 29 March, on the interoperability of
the trans-European high-speed rail system, lays down that the projects which were submitted
to the Royal Decree 1191/2000, shall remain submitted to this regulation after the Royal
Decree 355/2006 has come into force. Both Royal Decrees establish that the subsystems
shall be consistent with the TSIs.
The Decision 2006/860/EC, of 7 November 2006, concerning a technical specification for
interoperability relating to the control-command and signalling subsystem of the transEuropean high speed rail is now in force. Its article 6 lays down:
“Decision 2002/731/EC is hereby repealed. Its provisions shall however continue to apply
in relation to the maintenance of projects authorised in accordance with the TSI annexed to
that Decision and to projects for a new line and for the renewal or upgrading of an existing
line which are at an advanced stage of development or the subject of a contract in course of
25/161
performance at the date of notification of the present Decision. Member States shall notify
an exhaustive list of the sub-systems and interoperability constituents to which the
provisions of Decision 2002/731/EC continue to apply to the Commission not later than six
months after the date on which the present Decision becomes applicable.”
According to the TSI set out in the Annex to Decision 2002/731/EC:
• TSI § 6.1.1Conformity and suitability for use assessment procedure
• TSI § 6.2.1 Control-command subsystem.
“The independent assessment in the safety acceptance and approval process as described in
Annex A, index 1 may be accepted by the Notified Body, without it being repeated”.
Hence, Safety, which is an essential requirement, may be assessed by an ISA, which is not
necessarily a Notified Body.
Note that the scope of ISA assessment can be an Interoperability Constituent (IC), a
subsystem, or a part of an IC or a subsystem such as an electronic board, software, or a
sensor.
Therefore, it is important that an ISA involved in a Directive 96/48 conformity assessment
procedure, meets minimum criteria to give confidence to the NoBo accepting the ISA
results, and those accepting the ISA results in a cross acceptance situation.
These minimum criteria were agreed by the NB Rail Plenary Meeting on 16th February 2006
and are gathered in the RFU 2-000-16 issued by NB Rail on first of April of 2006.
The Notified Body
The Association of Railway Action, CETREN, was created in 1980 as a non-profit
organisation, with the aim of defending the interests of the 30 companies related with the
railway sector who were its founder members. More than 70 companies are currently
members of CETREN and its main objective is the technical standardisation and
interoperability in the railway sector.
CETREN is currently registered as a certifying body, and as such was reported by the
Spanish State to the Commission and the rest of the member states, within the framework of
the interoperability guidelines (96/48 –high speed- and 2001/ 16 –conventional railway-).
The ERTMS System suppliers
The following companies are suppliers of ERTMS systems and components for the Spanish
railways to date:
•
Ansaldo-CSEE Transport - Supplier of Trackside sub-system for Madrid-Lleida and
for train-borne equipment for Trains S 120 dual gauge;
• Alcatel – Invensys/Dimetronic - Supplier of Trackside sub-system for Lleida-Roda
de Bará and On board GSM-R for Locos 252 and of the on-board ASFA equipment.
• Bombardier - Supplier of train-borne equipment for Trains S130 (ETCS+STM LZB
+ STM EBICAB)
• Siemens - Supplier of the GSM-R network and of train-borne equipment for Trains S
102 and S 103 (ETCS+STM LZB).
The Figure 6 below shows the different roles played by the main parties of the Spanish
Railway Sector.
26/161
Infraestructure contracting
Entities
Train Operating
Companies
Equipment manufacturers
General Directorate of
Railways (Ministry of
Public Works) Construction
Departments
Renfe Operadora
Alcatel
Ansaldo
Other TOC´s
Alstom
Bombardier
Infrastructure Manager(ADIF)
Dimetronic
Construction Departments
Siemens
……
Other Contracting Entities
Safety
Certificate
Application for getting
Interoperability Certifications
Application for getting the
authorization for placing in
service
(Mandatory
documentation
attached to the
application)
Safety AuthorityTechnical Support
ADIF Opertation Safety
Directorate
National Safety Authority
Notified Body
Cetren
General Directorate of
Railways
Certifer
(Ministry of Transport)
EBC
Interoperability Certification
Note:
Authorization for placing in
service of ERTMS/ Rolling
Stock
ADIF (Railway Infrastructure
Administrator)
Authorisation to placing in service
is granted by the Safety Authority
when all the legal requirements are
fulfilled.
The authorisation for running is
granted by the IM, (Adif), when all
the operational constraints, are
satisfied.
Authorization for
running of Rolling
Stock
Figure 6 - Contracting Bodies and ERTMS Manufacturers
27/161
1.2 Political and Geographical constraints
•
•
•
•
•
•
The regulatory framework (European Directives, National Railway Acts and Laws)
applicable to the Project under consideration, the inter-governmental agreements,
their scope and objectives, the time schedule and the major milestones and the
present implementation/exploitation status.
Drawings/maps showing the whole line with interconnections with other lines,
terminations, stations, tunnels, bridges, distances, international borders, etc.
The type, the category and the maximum speed of the line, according to the
definitions of 96/48/EC or 01/16/EC directives: new high-speed line of category 1,
new high speed/high capacity line, conventional line, etc.
The foreseen traffic typology: only passenger traffic or mixed passenger/freight
traffic (relevant percentages), commercial speeds, fixed or variable time slot
characteristics, minimum headway, etc.
The major physical characteristics of the line: length, double or single rails, main
left/right running direction, double directivity, presence of important bridges/tunnels,
curve radii, profiles, type of electrification, neutral sections etc.
The main constraints to the CC&S sub-system deriving from political, geographical
and topological characteristics of the Project: the ERTMS level of application, to
which TSI-version the certification took place, its actual baseline (SUBSET version),
the upgrading policy, the fall-back modes and systems, the interoperating modes
with neighbouring systems.
The Project is ruled by the High Speed European Directive 96/48/EC and by the Austrian
and the Italian laws and Norms for all the aspects not included in the scope of the European
Directive. In particular, the Italian Ministerial Decree of 28th October 2005 giving
mandatory requirements for the structural design of long tunnels and for all the related
technical and security facilities must also be fulfilled.
There is a special inter-governmental agreement between Austria and Italy that sets the basic
political issues of the Project. In addition to the national design rules from OEBB (Austria)
and RFI (Italy), there is a specific Italian Ministarial Decree (DM 28-10.2005) that imposes
stringent mandatory requirements for the safety precautions to be adopted in the design long
tunnel systems. It regards civil design rules as well as the use of high security measures.
The Control-command and signalling sub-system foresees the ERTMS/ETCS/Level 2
system, without fall back system. The interlocking and the signalling system will be based
on Austrian-German rules/technology from Innsbruck down to Fortezza.
Way-side signals will be installed only at the interconnections with the conventional lines.
Virtual signals, with external marker boards, will be located at the border of the block
sections along the line.
The main Control Centre will be placed in Innsbruck. An auxiliary Control Centre planned
in Verona (or Bologna) for fallback operation.
28/161
A GSM_R mobile telecommunication system is foreseen for all mobile telecom duties from
a single GSM-R Operator. Additional redundancy is ensured by public GSM managed by
Austrian and Italian commercial providers and by the TETRA system managed by the
regional authorities for civil protection duties. This high level of communication redundancy
is due for managing possible emergengy situations inside the tunnels.
For long tunnel hazards mitigation, the technical border (for the CCS and Operation subsystems) has been moved from the political border down to the Fortezza station. Moreover,
a number of additional security systems are foreseen, including Hot Box Detectors, Axial
Load Monitors, Train Gabarit Monitors, Security Access Control systems etc.
Possible future Train Operators are any allowed international train operator (Train typology
ICE, IC, EC, EN, RoLa, EG etc.).
Public and private operators of freight trains are already active in the parallel historical line.
The final project will be delivered for CE conformity verification based on TSI
2002/731/EC and its amendment 2004/447/EC.
Plans for Project updating to TSI 2006/860/EC are under discussion.
No fall-back system is foreseen. The required level of availability will be achieved with an
highly redundant ERTMS/ETCS/Lev.2 system.
Interfacing with existing systems: The interconnection with the Italian hystorical line at the
Fortezza Station: SCMT (v<80 km/h); with Austrian hystorical line : LZB/Indusi (v<60
km/h) at the Innsbruck station/Innsbruch railway ring; with future Italian and Austrian HSL
lines at Fortezza and Innsbruck: ETCS/Lev. 2.
The following Time Schedule is available to date:
•
Trackside: Final project to be completed with EC Conformity approval. It will be
followed by Design Approval by Governments, Bids and Construction. Revenue
service expected by 2015
• Train Operating Company: Any approved Operator at the time of the line
availability.
The following Figure 7 gives an overview of the line and of its interconnections. The former
figure shows the technical border decided for the energy sub-system, the latter figure shows
the technical border decided for the CC&S sub-system.
29/161
Umfahrung
Innsbruck
Circonvallazione
Innsbruck
3 kV =
MFS Umfahrung
Innsbruck
MFS Steinach
MFS Wiesen/Prati
Bf. Innsbruck
/ Stazione
Bf Innsbruck
di Innsbruck
Stazione
Bf. Franzensfeste
Fortezza /
Stazione di Fortezza
15 kV 16 2/3 Hz
25 kV 50 Hz
Umfahrung
Innsbruck
Circonvallazione
Innsbruck
MFS Umfahrung
Innsbruck
MFS Steinach
MFS Wiesen/Prati
Bf Innsbruck
Stazione
Fortezza
Österreichische Technologie
Technologia austriaca
Italienische Technologie
Technologia italiana
Figure 7 - Layout of the Brenner Basis Tunnel line
The Austrian project: Vienna-Nickelsdorf
The line concerned is an existing line (No. 10118), equipped with signals and Indusi PZB
system. It is the Austrian part up to the border of the Vienna-Budapest line. The
ERTMS/ETCS level 1 system is an overlay system to the existing ones.
The political and geographical constraints are just the European Directives - Directive
96/48/EC + 2004/50/EC, TSI CC&S (2002/731/EC and amendment 2004/447/EC).
The legal framework is the National Railway law: "Eisenbahngesetz 1957" in the currently
valid edition.
30/161
The Project is supported by EC in the framework of “Indicative Multi-annual Programme
for the Trans-European Transport Network 2001-2006”.
The main milestones are: Start of the Project, start of NoBo activity by end of 2001, planned
to be completed by end of 2003; Srtart of trial phase on 29.12.2006.
The actual Status is: on one hand the track side system on the line is completely finished; on
the other hand the train-borne system currently has no certificate for the group of
interoperability components; the trial phase is running but not yet completed.
The line is used for mixed traffic (freight and passengers).
The maximum speed is 140 km/h - see VZG (summary of allowed speeds) of the line
(No.10118). As for the freight/passengers mix, it actually depends of the specific sections:
between Wien and Bruck a.d.L. approximately. 40%freight, 60% passengers, between Bruck
a.d.L. and Hungarian border approximatly 50% each.
The train frequency is: Wien - Gramtneusiedl: 140 trains/day - according to time tables and
educated guess, Gramatneusiedl - Bruck a.d.L.: 120 trains/ day, Bruck a.d.L. - border: 50
trains/day.
As for the line characteristics: according to the "drawings" here below; further on there are
no tunnels and no relevant bridges (only some short ones).
As for the interconnections with other lines: see drawings below; TEN line: Gramtneusiedl Wampersdorf, Parndorf - Kittsee (Petrcalka-Bratislava)
The physical characteristics are: length: approximatly 65km, double rails, main running
direction on right side, double directivity of both tracks, wide curves, total line electrified,
no essential gradients, no important bridges or tunnels, Line profile in Austria D4, in
Hungary D3.
Speeds, stations, signals, gradients, level crossings are given in the VZG (summary of
allowed speeds) of the line (No.10118).
There are no particular political or geographical constraints for the choices of the CCS subsystem.
The ERTMS/ETCS Level 1 (originally V. 2.0.0, during run of project changed to V 2.2.2 +
several CRs of Subset 108 related to Level 1). Upgrading to V2.3.0 is envisaged.
Fallback mode and neighbouring system is the conventional PZB system (also relevant for
level transitions) - Customer requirements specification (Lastenheft-1-00 für das
Zugbeeinflussungssystem ERTMS/ETCS Level 1 für die Strecke Wien – Hegyeshalom,
10.12.2001). No other neighbouring ETCS (or similar) systems must be considered.
System transition on the Hungarian border will be of the type ETCS/Level 1 to ETCS/Level
1.
The ERTMS architecture of the two track railway line Wien/Zentralverschiebebahnhof Nickelsdorf is a dual signalling ERTMS level STM/L1 architecture. The dual signaling
ERTMS level STM/L1 system consists of an ERTMS STM (conventional system with
wayside signals and PZB) and an overlay ETCS Level 1 system. The suppliers are Thales
(former Alcatel) and Siemens. The standard system with balises is supplemented by the
“infill function” realised with Euroloops.
31/161
LEUs are used to convert the signalling information derived from a lamp current interface,
for each signal lamp, to Interface C information for Eurobalises and Euroloops. The infill
information is mainly used in stations where the danger points are too near to the signal.
This is the case for protection signals (Austrian “Schutzsignal”) and too short overlap.
The driver - traffic control voice connection is ensured by a conventional train radio
communication system, GSM-R is planned.
Fall-back mode: As the ETCS level 1 system is an overlay to the existing signalling system,
the existing system can be considered as its fall back system.
Figure 8 – Layout of the Vienna-Nickelsdorf line
32/161
Figure 9 – Interconnections of the Vienna-Nickelsdorf line
The Belgian authorities/railways have taken the following decisions:
•
New high speed lines will be equipped with ETCS Level 2 (this applies to the
connections to Netherlands and to Germany, respectively L4 and L3 – see the
description of L3/L4).
• The conventional network is to be equipped with ETCS Level 1 track side equipment
with the following functionalities:
• TBL1+ for the largest part: ETCS-balises sending Packet 44 with TBL-information;
• ETCS Level 1 for specific lines (like the Freight Corridors)
• This is the first step towards the implementation of ETCS all over the Belgian
network.
In the first phase, a total of 4.000 way-side signals (out of of the overall 10.000 ones) will be
equipped with LEU and balises under a contract stipulated in 2006 with Siemens.
The Italian SCMT system has been used as a reference for the system approach: The TBL1+
information is embedded in Packet 44 of the ETCS-based telegram as step towards later use
of full ETCS Level 1 telegrams. This is a national decision, as no direct impact to the
national borders is involved.
33/161
The latest TSI (Commission Decision 2006/860/EC of 7 November 2006) is used as
reference scheme.
The Figure 10 below shows the different levels of implementation of ERTMS/ETCS
planned for the major Belgian lines, in combination with the national legacy systems.
L4(ETCS2)
L3(ETCS2)
TBL2
TVM
ETCS1
Basis=crocodile
Figure 10 - Overview of the Belgian network: ETCS Levels 1 and 2, TVM, TBL2,
TBL1+
The Figure 11 below shows the medium term implementation plans of ERTMS/ETCS
systems in the Belgian network.
34/161
Figure 11 - Preliminary Planning for roll-out ETCS on Belgian network
Milestones:
•
Contract between Infrabel and Siemens signed in June 2006;
•
Roll out is started, to be completed by 2015.
•
Actual status: “under construction”.
Note: according to the agreements between Infrabel and the Ministry, the TBL1-system is
considered as a “SIL-zero” system. Consequently, neither assessment nor certification is
contracted for this system, although ETCS-equipment is used.
The network under consideration is a conventional network (according to EU-Directive
2001/16/EC) with a maximum line speed of 160 km/h. On this network both passenger
services and freigt services are offered.
Most lines are equipped with a 3 kV DC power supply system. On the regional lines diesel
traction is used.
ETCS Level 1, according to the latest specifications (Commission Decision 2006/860/EC of
7 November 2006 concerning a technical specification for interoperability relating to the
control-command and signalling subsystem of the trans-European High Speed rail system
and modifying Annex A to Decision 2006/679/EC of 28 March 2006 concerning the
technical specification for interoperability relating to the control-command and signalling
35/161
subsystem of the trans-European conventional rail system. (Notified under document
number C(2006) 5211) – “Official Journal of the European Union L 342/1 of 7.12.2006”.).
The complete project (see the Figure 12 below) includes 406 km of a new line between
Vaires (Seine et Marne) and Vendenheim (Bas Rhin). The first stage, includes 300 km of
line from Vaires to Baudrecourt (Moselle), plus new links to the existing network in order to
serve as many destinations as possible.
The project also includes modifications to connecting lines and installations, in particular
between Paris Gare de l'Est and Vaires sur Marne and on the line Strasbourg-Kehl in order
to improve the link with the German network. The lines to Épinal and St. Dié in the Vosges
will be electrified to allow the towns to be served by the TGV.
Figure 12 – LGV-EST Line
ERTMS L2 is implemented on the line.
Trains equipped with ERTMS Level 2 will circulate on this line under ERTMS and trains
equipped with TVM 430 only, under TVM.
TVM 430 serves as a fall back system but only after a procedure has been followed by
driver and dispatcher.
The PEEE project thus covers three sub-projects:
• One sub-project system ensuring coordination of the PEEE project at system level,
• One sub-project supplying ERTMS Level 2 on TVM 430 trackside
• One sub-project developing and supplying trains with bi-standard ERTMS/TVM.
The commissioning authorisation applies to the system made up of the on board equipment
(bi-standard ERTMS/TVM) installed on the POS trains and the trackside equipment
regarding Level 2 superimposed on TVM430.
The line is operated bidirectionally and is meant for passenger-transport only.
The regulatory framework of the Project is summarised in the previous section.
36/161
Since the BHL line does not touch or cross any national borders there is no need for any
kind of intergovernmental agreement in the moment. BHL shall become part of an
international high speed TEN connection from Stockholm/SE via Berlin and Munich to
Verona/IT.
As for the time schedule and milestones, a serial qualification period without safety
responsibility started in 2003-03. The basic functions - trackside and onboard - should be
tested and continuously amended at this phase, the concept should prove its practicality.
On 7th of July and 11th of December 2003 first presentation runs took place for the
customer and a UIC conference.
Start of operational qualification period without safety qualification was in 2003-12. Within
this phase the functions known from the Serial Qualification should be extended step-bystep up to the point that all functions depicted in the LH were realised.
In 2004-10 the EBA issued the permission to start the safety qualification tests. The tests –
still without safety responsibility - finally began in 2005-06 after it had been proven that the
functions implemented equalled those defined in the LH. Meanwhile all preliminary safety
cases had been assessed and the overall ETCS safety fulfilled the top level safety target
calculated by the risk analysis. Level 2 operational and reliability qualification period under
full safety relevance started in 2005-12.
The national automatic train protection system LZB (LZB L72 CE2) was commissioned in
2006-05.
ETCS Referenzstrecke Berlin-Halle/Leipzig
Streckenübersicht
Berlin
RBC-Bereich
Ludwigsfelde
LZB-Bereich
Ludwigsfelde
Teltow
15 km
160 Balisen
Birkengrund-Süd
Ludwigfelde
Ludwigsfelde
Trebbin
km 34,3
RBC-Bereich
Jüterbog
LZB-Bereich
Jüterbog
Scharfenbrück
km 39,5
Luckenwalde
km 50,0
RBC
Jüterbog
km 62,8
RBC-Bereich
Wittenberg
40 km
250 Balisen
UZ Jüterbog
Steuerbezirk 1 Berlin
Niedergörsdorf
km 69,2
w
lto
e
T
eB
ld
u
M
i
W
rg
b
n
Bte
-terflhBiRC-dcd
C
iR
B
rflh
cte
i
W
rg
b
n
te
C
B
iR
W
n
te
C
B
iR
W
n
te
ic-L
B
h
o
tb
Jü
rg
e
S
u
ubergJütohBicL
lw
is
B
k
c
ü
b
n
fe
h
d
gw
bT
s
B
-S
ru
n
k
5
,9
4
3
km
ld
fe
ig
ra
T
C
B
R
C
B
R
C
R
B
g
o
trb
ü
J
C
lR
ödergösofZahnNi
ikm75,16289LuckensdorfB
N
n
h
a
fZ
o
d
s
ö
rg
e
lw
a
e
dealw
d50,
d
a
R
n
m
ik
w
rg
e
B
z
G
d
R
b
W
m
k
w
g
B
fz
ä
G
tu
ra
iP
n
e
h
u
tsc
s
,0
4
8
km
6
5
2
0
1
3
,8
4
9
km
e
lb
E
Blönsdorf
km 75,1
Zahna
RBC
km 84,0
Wittenberg
km 94,8
Pratau
Elbe
km 98,3
UZ Wittenberg
Steuerbezirk 6 Leipzig
LZB-Bereich
Wittenberg
Bergwitz
km 104,2
RBC-Bereich
Bitterfeld
Radis
km 112,5
Gräfenhainichen
Burgkemnitz
Mulde
RBC
90 km
795 Balisen
km 116,1
km 121,5
Muldenstein
km 126,2
Bitterfeld
km 131,6 / 48,5
Roitzsch
km 138,7
Landsberg
km 146,5
Delitzsch
Ab
km 156,0
km 60,4
UZ Bitterfeld/Delitzsch
Steuerbezirk 6 Leipzig
LZB-Bereich
Bitterfeld
km 151,545 Po 159
km 152,003, Po 160
Rackwitz
Halle
km 70,0
km 81,3
Leipzig
Figure 13 – Halle-Leipzig line
The BHL relation was upgraded to a high speed line with mixed operation of passenger
trains at Vmax =200 kph and freight trains at Vmax = 100 kph. It was equipped with both high
speed and conventional train protection systems so that both ETCS trains and trains with
legacy onboard CCS can run on the track.
The length of the line is about 145 km, starting at Teltow in the south-west of Berlin, ending
before Leipzig, via Ludwigsfelde, Jüterbog, Wittenberg and Bitterfeld. The main driving
direction is 'right'. Trains run on double rails with crossovers at defined transfer points. The
line is fitted with two legacy (national) signalling techniques: linear LZB and intermittent
37/161
PZB train protection systems. Optical wayside signals "KS system" and track sections with
axle counters are installed.
The BHL line is equipped with ETCS Level 2. It is planned to connect the route to a Level
1 section in the North.
Momentarily the line is operated based on a national specification (“Rahmenlastenheft”,
[DB 27]) and on UNISIG 2.2.2.
The BHL line is the first German route being prepared with the new European train
protection system. This was a special challenge, not only because of the new technology
itself, but because of the fact that two approval/acceptance and certification processes had to
be conciliated. Thus a “new” approval process had to be initiated, trying to assemble in a
way that both national and European aspects with regard to technical, operational,
economical and judicial demands were satisfied.
Migration from LZB to ETCS is a costly long-term enterprise, since the German network is
well equipped with modern, safe and effective automatic train protection systems for the
main and high speed lines. Exchanging LZB to ETCS in one step would cause immense
costs. Hence a period of double equipped lines and traction units are aspired by the German
railway net and rolling stock operators. The re-investment in LZB and many other
arguments are contrary discussed.
The BHL line was initially not equipped with any type of LZB so that the specific migration
at the pilot line became an “inversion of the usual migration situation”
(Kollmannsberger/Kilian/Mindel, Signal & Draht, 2003-03): On the BHL pilot line ETCS
was installed 3 years before LZB was added.
The “Punktförmige Zugbeeinflussung” (PZB), German Class B intermittent train protection
system, serves in case of ETCS malfunctions. Additionally the LZB is the part of the
migration concept, allowing non-ETCS trains to run on the BHL track, too. Not all traction
units running on the multifunctional line are equipped with LZB (or ETCS). In Germany
some 2.000 km of track are equipped with LZB (5% of the network, all main lines).
BHL, formerly named “J-H/L” (Jüterbog – Halle - Leipzig), was initially intended to be
operated as a "Test Site" during the consolidation phase of the European ETCS
specifications.
The Italian Projects
The Rome-Naples HSL
The design of this line started much earlier than the entry into force of the 96/48/EC
Directive. As a consequence a full EC certification was not strictly required. Nevertheless,
RFI decided to pursue the EC conformity verification as a mean of anticipating activities
that were to be required for the HSL projects to come.
It must also be noticed that being the HSL in consideration fully contained in the national
territory, the Rome-Naples HSL Project did not experience the technical and operational
issues typical of a cross-border line.
The regulatory framework applicable to Rome-Naples HSL project is outlined in the
Annex:
• European Directives regarding the HSL interoperability;
• The Italian Law endorsing the Directive;
38/161
• The relevant CENELEC Norms and European Specifications;
• The RFI Directives;
• The RFI Procedures and Technical Norms.
The line was put in revenue service since 12th December 2005.
The HS/HC Line Rome-Naples (see Figure 15 below) is integrated in the Italian High
Speed Project which integrates the trans-European High Speed Network (see Figure 14).
Figure 14 - European Corridors crossing Italy
The line is new high speed/high capacity line of category 1. The maximum speed of the line
is 300 km/hour.
A mixed traffic typology (passengers and freight) is foreseen. The commercial speed is 300
Km. per hour for passenger trains.
The length of the line is 184 Km. To date, the high speed line starts in Rome from Termini
Station and ends to the Gricignano interconnection whit the Foggia-Naples conventional
line. The line is double track (minimum distance 5 meters) with left main running direction
and the possibility of double directivity. There are a total of 40 Km. of bridges and 38 km.
of tunnels the length of the longer tunnel is 6,628 Km. (Colli Albani). The minimum curve
radius is 5 450 m. The maximum slope is 21 ‰. The power supply is of the type 2x25
kVac-50 Hz. There are three interconnections with conventional line: Frosinone Cassino
39/161
Caserta. At each interconnection plus in Salone and in Gricignano there are Neutral
Sections managed by ERTMS.
Figure 15 - Interconnections of Rome-Naples HSL
No specific constrains deriving from political, geographical and topological characteristics
are present on the Rome Naples line.
The adopted signalling system is based on Solid State Interlocking supplemented by jointless, audio-frequency track-circuits. No lateral signals are used. Only Marker Boards are
used at the borders of each Block Section.
40/161
The ERTMS/ETCS Level 2 system is used for all the train operation and protection
functions (according to SUBSET026 version 2.2.2) without any other fallback system.
The interconnected conventional lines are equipped with the Italian BACC/SCMT signalling
system.
This requires the on-board train control system to be equipped with the BACC/SCMT STM.
Train entrance/exit from/to interconnections are managed as normal level transition STM Æ
L2 or L2 Æ STM for the train equipped by STM or L0 Æ L2 or L2 Æ L0 for those trains
not equipped with the STM.
RFI foresees the upgrading from the SUBSET026 version 2.2.2 to version 2.3.0 in a near
future. To date, RFI is discussing the migration strategy in accordance with the European
strategy.
The Torino -Novara HSL
The line is, in all aspects, similar to the Rome-Naples case, with the following difference:
the EC conformity certification was legally required, since the works started after the
Directive entered in force. It is integrated in the Italian High Speed Line Project which is
integrated in TEN corridor 5 linking Lisbon to Kiev.
The line is in revenue service since February 6th 2006.
One of the most remarkable events pushing for a quick and very effective completion of the
test and acceptance process for the Turin-Novara line was the Turin Winter Olimpiads to be
held just in the early 2006.
Figure 16 – Turin/Novara High Speed Line
The line is new high speed/high capacity line of Category 1. The maximum speed of the line
is 300 Km per hour. A mixed traffic typology (passengers and freight) is foreseen. The
commercial speed is 300 Km. per hour.
The length of the line is 84 Km. It is double track (minimum distance 5 meters) with left
main running direction and the possibility of double directivity. The maximum slope is 15
41/161
‰. The power supply is AC 2x25 Kv 50 Hz. There are two interconnections with
traditional line: Stura and Novara.
No special constrains deriving from political, geographical and topological characteristics
are present on the Turin-Novara line. The signalling system is ERTMS Level 2 (Subset 026
version 2.2.2) without fallback system. The interconnected traditional lines use the
BACC/SCMT signalling system. The BACC/SCMT is the Italian STM agreed of TSI Class
B systems. Train inputs or outputs from/to interconnections are managed as normal level
transition STM Æ L2 or L2 Æ STM for the train equipped by STM or L0 Æ L2 or L2 Æ L0
for those not equipped. RFI foresees the upgrading from SUBSET026 vers. 2.2.2 to version
2.3.0. Nowaday RFI is discussing the migration strategy according to the European strategy.
The Dutch projects
Betuweroute
The technical solutions chosen for this project are: ETCS Level 2 without any other fallback
system;
As far as the current status (May 2007) is concerned, the following applies: although the
contract between Alstom and ProRail requires Alstom to build the system according to
ERTMS SRS 2.2.2, there are NoBo statements declaring the status of implementation of the
CR’s in SUBSET108. The trackside system can therefore be viewed as 2.3.0 compatible.
•
As for the fall-back mode: Simple ATB NG system with signals and very large
sections, only allowing limited capacity has not bee implemented on A15, because
there was enough confidence in ERTMS.
• The interfaces with existing systems are: ATB-ERTMS Lev. 2 at entrance; ERTMS
Lev. 2-ATB at exit.
• The controlled balises are coupled with existing Interlocking via LEUs
The Project Time Schedule (to May 2007) is:
•
A15 Trackside Safety Case is available for BR A15v3.4, approved by ISA (no
blocking remarks) and ready to start revenue service from mid June 2007.
• Bev21 update to A15v4 (version that includes HHT+workzones functionality)
expected Q4 2007
• Train Operating Company: Approval tests on Betuweline are foreseen in 2007.
Official opening on June 16th 2007, with about 20 locomotives of different freight
operators. The train-infrastructure integration tests will then not be finished
completely
The following figures show the profile of the line toghether with its interconnections.
42/161
Figure 17 - The Betuweroute overview
Figure 18 - The Betuweroute, Western part
43/161
Figure 19 - The Betuweroute, Middle part
Figure 20 - The Betuweroute, Eastern part
44/161
Amsterdam - Utrecht
The Amsterdam - Utrecht line has the
architecture of Dual Signaling consisting
of a conventional system with wayside
signals, ATB-EG and an overlay ETCS
Level 2 system.
The supplier will install the overlay ETCS
Level 2 on the line by 2009. The
ERTMS/ETCS architecture is part of
further negotiations. The supplier has
developed a new and more powerful
hardware for the Interlocking and the
Radio Block Center and proposed to
install the new hardware. The supplier has
more ETCS projects and will come to
RBC standard generic software modules.
The country specific functionality will be
hosted in a country specific interface
module. The supplier proposal is to install
one Master / Slave interlocking and one
Master / Slave RBC.
The supplier proposes at the same time to
migrate the system specification from the
actual SUBSET026 version 2.2.2 to
version 2.3.0.
The fallback scenario for ETCS Level 2 is
the conventional system with way-side
signals and ATB (the Dutch ATP system).
At the present date, the use of GSM-R is
for voice communications only.
Figure 21 – Utrecht-Amsterdam HSL
45/161
HSL ZUID
The following Figure 21 shows the route of the line
from Amsterdam to the Belgian border.
The signalling system is the ERTMS/ETCS Level 2,
with a Level 1 fallback system. At the connecting
locations with the existing tracks, a transition from
Level STM to Level 2 is made, or from Level STM to
Level 1 in fallback mode.
The applicable CCS TSI is the 2006 version including
Subset 108.
The contract was initially based on TSI 2002, in a later
stage it was decided to add subset 108.
The applicable Operations TSI is the 2002 version.
There are no derogations reported to the time being.
The information about this project derives from the
following official documents:
•
•
Concept Register of Infrastructure ; Doc. nr:
HSL-Zuid #743200
Operation Analysis including Capacity
Simulation Doc. nr : IFS M011090085
Figure 22 - HSL Zuid
The main legislation items that regulate the railway sector in Spain, including high-speed
and conventional rail system, are:
•
•
Railway Sector Act 39/2003 of 17 December: the Railway Sector Act that transposes
to the Spanish legislation the Directives 91/440/CEE, 2001/12/CE, 95/18/CE,
2001/13/CE, 2001/14/CE and 2001/16/CE. This law puts the administration of the
railway infrastructure under the responsibility of a new entity: Railway Infrastructure
Administrator (ADIF). At the same time a new public entity named RENFEOperadora is created as a railway transport enterprise to offer all kind of railway
services to the citizenship.
Royal Decree 2387/2004 of 30 December, approving the Railway Sector Regulation:
Royal Decree that develops the Law 39/2003 and regulates the railway sector in
Spain. This Royal Decree defines more precisely the procedures for the authorization
to enter into service the infrastructure and the rolling stock.
46/161
•
•
•
•
•
Royal Decree 2395/2004 of 30 December approving the by-laws of the Railway
Infrastructure Administrator (ADIF).
Orden FOM/897/2005 of 7 April, on the Network Statement and the procedure for
allocating railway infrastructure capacity.
Orden FOM 233/2006 of 31 January regulating the conditions for the approval of
railway rolling stock and maintenance workshops and sets the certification fee
amounts for this rolling stock.
Royal Decree 354/2006 of 29 March, on the interoperability of the trans-European
conventional rail system.
Royal Decree 355/2006 of 29 March, on the interoperability of the trans-European
high-speed rail system
The first transitional provision of the Royal Decree 2387/2004 lays down that until the
Ministry of Transport passes the regulations which will implement the Railway Sector Act
39/2003, the applicable safety regulations are the following:
•
•
RENFE Operational Rules and Regulations.
Technical and Operating Requirements for Running and Safety on the MadridZaragoza-Lleida section of the Madrid-Barcelona-French Border line, Version 2.
All the technical regulations and standards applicable to the every different ERTMS projects
are gathered in the Annex [see RENFE 1].
The regulatory framework for ERTMS is the Decision 2002/731/EC of 30 May 2002
concerning the technical specification for interoperability relating to the control-command
and signalling subsystem of the trans-European high-speed rail system referred to in Article
6(1) of Council Directive 96/48/EC, according to RENFE - Operadora´s tender
specifications for rolling stock purchases, which figure on Annex II [see RENFE 2].
The Safety approval process: Infrastructure
The art. 16 of the Royal Decree 2387/2004 of 30 December ‘04, approving the Railway
Sector Regulation, lays down the way to authorize the placing in service of the new railway
infrastructures. According to this article, before the railway lines enter into service, its
sections and the stations belonging to the general interest railway network (RFIG), must
have the Ministry of Transport’s authorisation. In addition, this authorization has to declare
that the line or the section of the line has to enter into service, when it fulfils all the safety
requirements of the applicable regulations.
This authorisation shall be granted by the Railway General Directorate, taking into account:
•
•
•
The report on the suitability of the works to the applicable technical rules and
regulations. This report has to be issued by personal responsible for the construction
and its supervision.
The certification of the compliance with the safety conditions required for the
railway operation issued by the Railway Infrastructure Administrator or entity
entitled to issue it.
The supporting documents relative to the compliance with the implementation of the
testing plan at the request of ADIF or, where appropriate, the General Railway
Directorate.
47/161
The authorization to enter in service can be unrestricted, or subject to some restrictions, or
an interim authorization (i. e. for test runs, maintenance….).
The Royal Decree, RD 2387/2004, refers implicitly to the TSIs: The “Additional disposition
1” of this RD states that the interoperability is regulated by the RD 1191/2000 and the RD
646/2003, whch respectively transpose the HS and CR EC Directives.
Due to the delay in the TSI completion, the Spanish Ministry of Transport has decided to put
into service the HS lines in two phases: First opening the infrastructure on the basis of the
safety certification, which allows the “national” operation of the line, and in a second step
the infrastructure will get the Declaration of Verification when all the constituents have the
Declaration of Conformity or Certificates and then could be open to international traffic.
The following Figure 23 sumarizes the safety approval process for infrastructures.
A similar process is being applied to rolling stock.
48/161
Construction manager
Report on the suitability of the ERTMS
subsystem to the applicable technical rules
and regulations with reference to the
applied technical regulations and rules
Reference regulations:
Directive 2004/50/EC
Royal Decree 355/2006
Directive 96/48/EC
Directive 2001/16
o
o
o
o
Construction
manager
Application for
getting the
authorization for
placing in service
of ERTMS
Mandatory
documentation
attached to the
application
Independent assessment
report
Safety Case
Reference rules:
CENELEC standards
Adif Safety Directorate
Certification of the compliance with
safety conditions required for the
railway operation
General Railway Directorate
Authorization for placing in service
of ERTMS
Supporting documents relative to the
compliance with the implementation of
the testing plan at the request of Adif
or, where appropriate, the General
Railway Directorate:
o
o
Testing protocol
Subsystem integration report
Figure 23 – Safety approval process for infrastructural works in Spain
49/161
Safety approval process: rolling stock
The article 4 of the Orden Ministerial 233/2006 lays down the requirements for placing in
service of rolling stock.
Article 4 of the above-mentioned Orden Ministerial states that:
1. Every railway vehicle must get an authorization for placing in service, granted by the
General Railway Directorate, and an authorization for running, granted by the
Railway Infrastructure Administrator, before running on the general interest railway
network (RFIG).
2. There are two authorisation levels
3. The ”first level authorization” for placing in service shall be granted having regard
to:
•
The “EC” certificate of conformity issued by a Notified Body which gives
evidence of the compliance with the applicable Technical Specifications of
Interoperabilty (TSI´s).
•
The validation report issued by a Certifying Body that gives evidence of the
compliance with the applicable Technical Specifications for Homologation
(Especificaciones Técnicas de Homologación – ETH). In fact, these
specifications are under development now, refer to national requirements,
and will be notified to the EC when ready).
Rolling stock granted with a first level authorization is interoperable and suitable for
running on the general interest railway network (RFIG).
4. The ”second level authorization” for placing in service shall be granted when the
applicant rolling stock has got a validation report issued by a Certifying Body that
gives evidence of the compliance with the applicable ETH.
Rolling stock granted with a second level authorization suitable for running on the
general interest railway network (but is not interoperable).
5. The Railway Infrastructure Administrator shall grant the authorization for running to
the rolling stock that has got an authorization for placing in service and has passed
satisfactorily the test runs requested by the Railway Infrastructure Administrator, in
accordance with the applicable ETH´s.
The ETH, now under development, are intended to complement the TSIs in safety aspects,
trying to adapt the current Spanish operational rules to the TSI’s structure and philosophy.
The ETH, when completed, will be notified to the EC.
At the present time, any rolling stock has received the EC Declaration of verification.
Consequently all the authorisations granted by the General Railway Directorate have been
“second level authorisations”.
50/161
Second level authorisation Step 1
Certifying Entity
Validation report giving
evidence of the compliance
with the applicable ETHs
Rolling Stock Manufacturer
Rolling stock owner
Application for
getting the
authorization for
placing in service
of Rolling Stock
Mandatory
document
ation
attached
to the
application
Safety case
Reference rules:
CENELEC standards
Report on validation and
verification
Railways General Directorate
ISA report on safety
Authorization for placing in service of
Rolling Stock
without interoperability
Rolling stock owner
To pass verification tests
requested by Adif together with
the General Railway Directorate
Figure 24 – Safety approval process (second level) for rolling stock in Spain
With reference to the interoperability certification of new lines, it is necessary to consider
the followings:
•
•
•
•
The new high speed lines have been built at the same time when the TSIs were being
updated. This implies that the ERTMS installation was being adapted to the
modification of the specifications. Consequently, the new lines are being placed into
service with the required Safety Authorizations but without the Interoperability
Certifications.
Nevertheless, as the verification and safety tests required for the Safety Certification
have been established using the TSIs and the EEIG test specifications, no
interoperability problems are to be expected during the NoBos Certification process.
The certification procedure of the line Figueras-Perpignan started in the beginning of
the year 2005, at the same time of the beginning of the construction. The certification
procedures of the other lines started at the beginning of the year 2007.
As far as on board systems are concerned, the interoperability verification and
certification procedures started in the year 2005 for some of the manufacturers.
However, no certification has been issued yet.
The geographical structure
From the geographical point of view, it must be underlined that the Spanish railway network
has essentially a radial structure, with Madrid as main centre. Besides this structure, there is
51/161
an important line along most of the Mediterranean coast from the French border to Valencia,
Alicante and Murcia.
Since 1992 there is an intense development of new high speed lines using standard gauge
and 25 KV AC power supply. The structure of this high speed network will follow the same
radial principle. The main high speed lines are:
•
•
•
•
•
•
•
Madrid –Sevilla, built in 1992 to foster the development of a wide region not well
communicated up to that time, equipped with LZB as at that time the ERTMS was
not developed. Maximum speed: 300 Km/h.
Madrid- Zaragoza-LLeida- Roda de Bara (Tarragona) - Barcelona, that interconnects
the two biggest Spanish cities (>4.000.000 inhabitants each), that will be extended
up to the French border. It is equipped with ERTMS and is in service from Madrid to
Roda de Bara. It will be completed by the end of the year 2007. Maximum speed in
this moment is 300 Km/h. Maximum speed planned is 350 Km/h.
Madrid- Valladolid, under construction, will open the high speed way to the north
and northwest at the end of 2007. Maximum speed planned: 350 Km/h.
La Sagra Toledo: Small branch with the singularity of being equipped with LZB +
ERTMS Maximum speed: 300 Km/h.
Córdoba-Málaga branch also fitted with LZB+ERTMS. Maximum speed: 300 Km/h.
Zaragoza-Tardienta-Huesca: Interesting experience with ERTMS over hybrid line
Spanish Broad Gauge + UIC gauge. Maximum speed: 300 Km/h.
Figueras-Perpignan, ERTMS, crossig border Project. Maximum speed: 350 Km/h.
In the medium term, the high speed network will be completed with the Madrid-Valencia (in
the year 2010) and Madrid-Lisbon lines.
The high speed network, (with the exception of the Madrid-Sevilla line) is being equipped
with ERTMS.
The conventional railway lines will be progressively upgraded to ERTMS. All Spanish lines
are equipped with ASFA as back up system.
52/161
Figure 25 – High speed lines in Spain
The characteristics and the status of each one of the ongoing ERTMS implementation
projects are given in the followings.
Madrid-Lleida Line
•
•
•
•
•
•
•
•
•
•
•
Passenger traffic only
Length : 492 Km
Max gradient: 25 o/oo
Tunnels: n. 26, with a total tunnel length: 29,5 Km
Viaducts: n.40, with a total viaduct length: 25,5 Km
Bridges: n. 48 with a total bridge length: 4,18 Km
Maximum speed: 350 Km/h
Permanent speed restrictions: 90 Km/h through Zaragoza station and 50 Km/h
through Lleida station
Switches in main line and speed in side position n. 12 at 50 Km/h, n. 73 at 100
Km/h, n. 9 at 150 Km/h, n. 9 at 160 Km/h and n. 89 at 220 Km/h
Stations: Madrid, Guadalajara, Calatayud, Zaragoza, Lleida
Interlockings: n.13 (Ansaldo)
53/161
•
•
ERTMS implementation: Level 1 and Level 2 with Specs vers. 2.2.2
ERTMS equipment: n. 361 LEU’s, n. 3262 Eurobalises, n. 5 RBC’s (Ansaldo) –
GSM-R (Siemens)
• Fall-back systems: ERTMS Level 1 and ASFA
LLeida-Roda de Bara Line
•
•
•
•
•
Passengers traffic only
Length: 91 km
Tunnels: n. 7 (Lilla, 2000 m; la Riba 1971 m)
Viaducts: n.20
Maximum speed: 350 km/h
The figure below shows the route of the line Madrid-Zaragoza-LLeida-Roda de BaraBarcelona).
Figure 26 - The “Madrid-Zaragoza-LLeida-Roda de Bara-(Barcelona) HSL
54/161
La Sagra-Toledo Line
•
•
•
•
•
•
•
•
•
•
•
Length: 21 Km
Max slope: ±27,5 o/oo
Viaducts: n.1, total viaduct length: 1,6 Km;.
Maximum speed: 220 Km/h
Switches in main line and speed in side position: n. 2 at 80 Km/h,
Stations: Madrid, Toledo
Interlockings: n.1 Electronic Westrace interlocking (Dimetronic) and the extension
of L 90 Interlocking (Alcatel) at La Sagra
ERTMS implementation: ETCS Levels 1 and Level 2 (Alcatel/Siemens) Versión
2.2.2, SUBSET026, Version 2.2.2
ERTMS equipment: n.16 LEU’s (Alcatel); n. 80 Fixed Eurobalises (Siemens); n. 32
Variable Eurobalises (Siemens); n. 1 RBC (Alcatel); n. 5 GSM-R BTS‘s (Siemens)
Fall-back system: ERTMS Level 1 and ASFA
Figueras-Perpignan line
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Mixed traffic
Length: 44,4 km (19,8 km in Spanish territory and 24,6 in French territory
Max slope: TBC
Tunnels: n.1 Pertús (8,3 km)
Viaducts: n. 9 (5 in Spain, 4 in France)
Bridges: TBC
Maximum speed: 350 km/h in passenger traffic
Permanent speed restrictions: At least 100 km/h in freight trains
Switches in main line and speed in side position: TBC
Stations: No stations
Interlockings: TBC
ERTMS implementation: Levels 2 and 1
ERTMS equipment: CSEE Transport
Fall-back system: ERTMS Level 1
55/161
Córdoba-Antequera line
•
•
•
•
•
•
•
•
•
•
•
Length: 97,4 km
Max slope: 20 mm/m
Viaducts: n. 8, total length: 4,3 km, maximum length: 1,4 km
Tunnels: n. 2, total length: 329 m, maximum length: 275 m
Maximum speed: 350 km/h
Permanent speed restrictions: 220 km/h
Switches in main line and speed in side position: n.1 at 220 km, n. 2 at 100 km
Stations: Puente Genil, Antequera-Santa Ana
Interlockings: n. 4
ERTMS implementation: Levels 2 (Alcatel, Siemens) Vers. 2.22.2, Subset-026,
Vers. 2.2.2
• ERTMS equipment: n. 95 LEU’s; n. 370 fixed and variable Eurobalises; n. 22
GSM-R BTS‘s
• Fall-back system: ERTMS Level 1, LZB and ASFA
The Figure 27 below shows the route of the line “Córdoba-Antequera-Málaga”.
Figure 27 - Córdoba-Antequera-Málaga HSL
56/161
Madrid-Valladolid line
The Figure 28 below shows the route of the line project “Madrid-Valladolid”. Its main
characteristics are:
•
•
•
•
•
•
•
•
•
•
•
Length: 226 Km
Max slope: 29,5 o/oo
Tunnels: n. 9, total tunnel
length: 43,4 Km,
maximum length 28,7
Km
Viaducts: n.11, total
viaducts length: 6035 km,
maximum length: 1,7 km
Bridges: TBC
Maximum speed: 350
Km/h
Permanent speed
restrictions: 275 Km/h
in some tunnels, 220 Km
between,100 Km/h in
Segovia station and
Olmedo, 50 Km/h in
Valladolid Station
Switches in main line:
Speed in side position n.1
at 30 km/h, n. 1 at 45
km/h, n. 2 at 50 km/h, n.
1 at 80 km/h, n. 5 at 100
km/h, n. 2 at 160 km/h
and n. 5 at 220 km/h
Stations: Madrid,
Segovia, Valladolid
Interlockings: n. 9
electronic Westrace
Interlocking (Dimetronic)
Figure 28 - Madrid-Valladolid HSL
•
•
•
ERTMS implementation: Levels 1 and Level 2 (Alcatel/Siemens) Version 4.20,
Subset-026, Version 2.2.2
ERTMS equipment: n. 178 LEU’s (Alcatel); n. 689 fixed Eurobalises (Siemens); n.
377 variable Eurobalises (Siemens); n. 3 RBC’s (Alcatel); n. 44 GSM-R BTS’s
(Siemens)
Fall-back system: ERTMS Level 1 and ASFA
57/161
The tables below indicate the actual status of implementation of ERTMS/ETCS both on
track-side and on board of Rolling Stock.
Line
Supplier
ETCS Length
level
(Km)
Speed
(Km/h)
Status
492
350
In operation (2004)
High speed lines
Madrid-Lleida
Ansaldo
+Siemens
(CSEE) L2+L1
Lleida- Barcelona
Alcatel
L2+L1
90
350
Lleida-Tarragona: In operation (2006)
Tarragona-Barcelona under construction
(end 2007)
La Sagra-Toledo
Alcatel +Siemens
L2+L1
21
300
In operation (2006)
Madrid-Segovia-Valladolid
Alcatel + Siemens
L2+L1
180
350
Under construction (2007)
Córdoba-Málaga
Invensys
L2+L1
155
300
Zaragoza-Huesca
Alstom
L1
80
200
In operation (2006)
Figueras-Perpignan
Ansaldo (CSEE)
L2+L1
30
300
Bombardier
L1
93
L2+L1 160
200
120
In operation (2000)
Conventional lines
Albacete-La Encina
Madrid conmuter
Pending of award
Table 3 - Status of ERTMS implementation – Infrastructure
Series
Suppliers
Number of
trains
Composition
Seats
Train length (m)
Speed (Km/h)
Traction power
(kw)
Signalling
system
Commissioning
Gauge track
S-102
Talgo-Bombardier
16
30
2 tractive heads
12 cars
314 (+2hp)
346 (+2hp)
200
330
8000
S-103
Siemens
16
10
8 powered cars
S-104
CAF- Alstom20
13
4 powered cars
S-120
CAF- Alstom
12
16**
4 powered cars
S-252
Siemens
73
237 (+1hp)
S-130
Talgo-Bombardier
27
18
2 tractive heads
11 cars
298 (+1hp)
402 (+2hp)
200
350
8800
236 (+1hp)
229 (+1hp)
107
250
4000
107
250 (220)*
4000 (2500)*
185
250 (220)*
4800 (4000)*
20,4
200 Km/h
5600
ERTMS+ STM
LZB + ASFA
ERTMS+STM
LZB + ASFA
ERTMS+ STM
LZB + ASFA
ERTMS+ ASFA
ERTMS+ STM LZB +
ASFA + EBICAB
2004
2005
Spanish
2007-2008
Spanish= 1668 mm
ERTMS +
STM LZB +
ASFA
1992
2005
UIC
2007
UIC
values into brackets applies under 3000V DC
Table 4 - Status of ERTMS implementation – Rolling stock
The Technical solutions chosen for the projects are:
•
•
Current system version status: SUBSET026 Version 2.2.2 is applied although the
Initial contracts were based on Version 2.0.0. Migration to Version 2.3.0 is under
consideration. Due to concerns about the backwards compatibility between 2.3.0
and 2.2.2. some mitigation measures were decided: Not using some additional
functions on 2.3.0, applying additional engineering rules CR 458 non compatible,
pending on UNISIG decision.
Fall-back mode: ETCS Level 1 when Level 2 will be in service. ASFA and
conventional signals as secondary fallback
58/161
•
Interfacing with interlocking and conventional signalling system: Level 1 balises are
driven by the Interlocking system via LEU's. LEU's are concentrated at the
interlocking buildings.
• With ETCS Level 2, transition between Madrid-Lleida (RBC by Ansaldo) and
Lleida-Roda de Bará (RBC by Alcatel) is made through Level 1 at max allowed
speed of 300 km/h. No RBC-RBC interconnection is foreseen.
The following implementation status is achieved to date:
•
•
Trackside system: Safety Certificate for Level 1 approved through lab tests and on
line tests according to ADIF protocols, On-going lab and on-line tests for Level 2.
Approval expected at mid 2007. NoBo Certification on process started on 2007.
Train borne systems: Trains series 102 (Siemens) approved on 2006 (16 units); series
103 (SIEMENS ETCS + STM LZB) foreseen on April 2007 (16 units); series 120
(Ansaldo) foreseen by the end of 2007 (12 units); series 130 (Bombardier ETCS +
STM LZB + STM EBICAB) foreseen by 2008 (45 units); locos Series 252
(INVENSYS/Dimetronic) (Number of units and approval date unknown).
Conventional Rail Series 490 trains (INVENSIS) Unknown approval date (10 units)
1.3 Safety targets / RAMS Policy
•
•
The main RAMS concepts applied to the Project: the system performances, the
overall system availability, the maintenance policy, etc.
The higher-level documents used as input for the definition of the RAMS policy.
The document “Erhaltungskonzept Technischer Bericht - Concetto di Manutenzione Relazione Tecnica” defines the basic concepts of line maintenance in accordance with the
CENELEC Norm EN°13306. The maintenance is particularly critical for this particular line
fully included in a long tunnel.
The document “Ausrüstung Technischer Bericht Festlegung der RAM-Anforderungen Attrezzaggio Relazione Tecnica Definizione dei Requisiti RAM” defines some basic concepts
of system availability and then, apportions the required overall system availability figure of
Avtot=0.9995, into availability, reliability and maintainability requirements for all functions
of the control-command, signalling, telecommunication, security and power supply system.
Taking into account mission profile of the line and the maintenance constraints recalled
above, the final target for the availability of the CC&S sub-system has been preliminarily set
to AVccs =0.999865 (this issue is still under discussion to date) with respect to all types of
immobilising failures.
The safety requirements for the staff operating in the tracks imposes that the preventive and
the corrective maintenance activities are only performed during the closure of the service,
that will happen only for a couple of hours during the night. This imposes a high demand in
the availability of the CC&S sub-system functionality that can only be achieved by a high
level of redundancies.
59/161
The document “Tunnelsicherheit Technischer Bericht-Sicherheitkonzept- Sicurezza in
Galleria Relazione Tecnica-Concetto di sicurezza” provides a wide hazard analysis for all
the risks possible in a long tunnel and defines the basic conter-measures able to minimise
their consequences. This document is the master document for the tunnels layout design as
well as for all the hazard analysis of the technical sub-systems.
In particular, the document “Leit-und Sicherungstechnik-Technischer Bericht
Sicherheitplan-Sistemi di Controllo e Comando – Relazione Tecnica – Piano di Sicurezza”
defines in detail the overall design, implementation and verification/validation/approval
process and responsibilities (in accordance with the EN50126 norm) to be followed during
the whole life-cycle. In its annexes the document presents the results of a preliminary
hazard analysis based on results of similar European projects, with the related countermeasures. It finally concludes that the ERTMS/ETCS safety targets of Subset091 are also
applicable to this specific case.
The Austrian project: Vienna – Nickelsdorf
The following basic concepts have been adopted:
•
•
•
•
System performance will be increased by adopting the allowed speed limits
according to the speed limit of the track and switches (the existing rule requires that
a certain speed is valid form the location of the signal onwards).
Availability respectively unavailability requirements are given in the customer
requirements specifications (document Lastenheft-1-00 für das Zugbeeinflussungssystem ERTMS/ETCS Level 1 für die Strecke Wien – Hegyeshalom, 10.12.2001);
The basic safety targets have been deduced form the carried out risk analysis (SIL4
is appropriate) - risk analysis (document 3BU 81400 3003 DUAPC, 12.11.2002).
The risk analysis shows that ETCS targets are acceptable for the tolerable risk level
deduced from accident statistics in Austria.
The maintenance is and will be derived from the specifications and documents of the
manufacturers of the interoperability components.
The TBL1+ system is considered as a “SIL 0” system. The aim of this project is to reduce
the most important risks of at list 80 % of the existing status.
For the lines to be equipped with the ETCS level 1, Infrabel conforms to the TSI,
specifically to SUBSET-091.
For each Project, the complete CENELEC life-cycle is followed, starting with generic safety
cases with EC-verification of conformity, exporting hazards that originate from constituents.
Every step of the process is closely monitored (according to EN50126, EN50128 and
EN50129). There is a technical and operational HAZOP for the whole project as well as a
FMEA (Failure Mode and Effect Analysis). A safety plan stipulates when and by whom
safety tasks are performed.
Every time there is a change, possibilities of export of hazards is considered. It is the
intention of Infrabel to follow both V-cycles of Safety and Functionality in parallel. The
whole process is supervised by an ISA. Pre-existing components are normally used.
60/161
The safety cases issued by suppliers like Siemens, Alstom and Ansaldo are checked by
ISA’s hired for that purpose by the same companies.
For the Safety Approval of a line and its operation, the complete CENELEC cycle is
follwed. Starting from safety cases of track-side constituents (e.g. RBCs, LEUs, Balises,
track-circuits), generic ETCS Level 1 and Level 2 Safety Cases are developped. These
safety cases are then taken as a basis for the L3 and L4 specific tracksiside system safety
cases. The L3 and L4 Engineering and Programming Data Safety Cases are then added to
the above safety cases,. After that, the L3 and L4 safety cases are made, including the
operational rules. In parallel a safety case for the operating system EBP is made as well.
The target operational availability of the ERTMS sub-system is set at 0.99973.
The quantitative aspect to be demonstrated (connected to material breakdowns and
transmission errors) is set at 0.99984. (Ref. Preliminary Safety File, 30 January 2004,
F2SA891)
Unavailability
On board
-6
Kernel (Vital functions)
Kernel (non-Vital functions)
BTM
RTM
MMI
TIU
Odometer
< 10
-6
< 10
-8
< 10
-6
< 10
-7
< 10
-7
< 10
-7
< 10
Non-switchable Balise
Switchable Balise
LEU (Interoperable part)
< 10
-7
< 10
-7
< 10
RBC
< 10
Line
-7
Trackside
-6
Table 5 – Unavailability targets for Interoperability Constituents of the PEEE project
The German project: Berlin-HalleLeipzig
Performance and reliability requirements are specified in the operational specification´s
registers (“Teillastenhefte”, [DB 28]) no. 6 and 7, RAMS onboard equipment and RAMS
trackside.
61/161
The Rome-Naples HSL
The maintenance is and will be derived from the specifications and documents of the
manufacturers of the interoperability components.Rome-Naples HSL. The line was designed
for a maximum line-speed of 300 km/h and a minimum headway of 5 minutes. The basic
requirements for the line were given in RFI 38. The main availability parameter for the
trackside subsystem was given as:
Aintr_HW_SST = MTBF/(MTBF + MTTR) = 0,9999959
In full accordance with the requirements of SUBSET091, the overall safety target adopted
for the implemented ERTMS/ETCS Level 2 system was: THR = 1*10-9
The maintenance policy is shortly described in document [RFI 21]. Both preventive and
corrective maintenance is foreseen. The maintenance interventions have to be performed
during the night, due to heavy diurnal traffic.
The Torino-Novara HSL
The line is designed to run to 300 km/h with minimum headway of 5 minutes. The main
availability parameter for the trackside subsystem is [RFI 21]:
Aintr_HW_SST = MTBF/(MTBF + MTTR) = 0,9999959
Regarding the safety target the project adopted the target specified in SUBSET091.
Both preventive and corrective maintenance is foreseen (see RFI MO-MA-CO-TC-IN DT
INES 002A “Tratta AV/AC Torino-Milano subtratta Torino-Novara Caratteristiche
Infrastrutturali e Programma di Esercizio Complessivo della Sub-Tratta Torino – Novara”
25/11/2005). The maintenance interventions have to be performed during the night, due to
heavy diurnal traffic.
The Dutch projects
Betuweroute
A separate safety case was developed by ProRail for integration of Bev21 with Dutch
Traffic Control system. At May 2007 it resuts available and ISA approved.
ERTMS maintenance systems (LCS, etc) are part of Alstom delivery. Safety assessment is
included in Alstom Bev21 Trackside Safety Case. Exported constraints are transferred to
ProRail and incorporated in ProRail Safety Case (covering integration of the Dutch Traffic
Control System, Bev21 and operation/maintenance).
The compliance with contractual functional requirements is demonstrated in Alstom A15
Trackside Safety Case.
For ETCS, a trackside Safety Plan is available as part of Consortiums A15 Trackside Safety
Case, assessed by ISA (ADL). The Safety Plan addresses the V&V-process in conformity
with CENELEC EN50126.
For ETCS a trackside Quality Plan is available as part of Consortiums A15 Trackside Safety
Case.
62/161
The ProRail Project Plan is part of the ProRail Safety Case and has been assessed by an ISA
(Praxis).
The Scope of the supplier Consortium Alstom-Movares Hazard-log is the Bev21 system,
which includes the ETCS system. The Hazard-log also includes measures to be exported to
infra manager and train operator.
The ProRail Hazard-log covers Bev21 integration with Traffic Control and operational
processes.
An extensive hazard transfer process has taken place between ProRail and Consortium
Alstom-Movares to formally transfer hazards/measures between the two organisations.
Amsterdam – Utrecht
ProRail has to provide the National Railway Authority of the Minister of Transport and
Water management with the complete set of safety cases to demonstrate that the line fulfils
all the technical rules, regulations and safety conditions required for the domestic railway
network.
Figure 29 – Safety case structure for the Amsterdam-Utrecht project
63/161
To build the Overall Safety Case, several related safety cases were tob e prepared in
accordance with the Cenelec EN50129 norm and the transfer of SRAC’s (Safety Related
Application Conditions) from lower level safety case to higher level ones. The following
Figure 29 shows the safety case structure for this project, where PSC stands for Project
Safety Case, GASC stands for Generic Application Safety Case and SASC for Specific
Application Safety Case.
The next Figure 30 shows the responsibility of ProRail for the system integration and, at the
end of the project, for the Overall Safety Case.
Figure 30 – Scope of ProRail Integration and Acceptance plans
HSL ZUID
This (optional) information is not presently available.
64/161
The requirements of the Terms of Reference of the different ERTMS contracts refer to the
general ERTMS specifications, in particular:
•
The ERTMS/ETCS equipment shall conform to the ERTMS/ETCS Class 1 System
Requirements Specification of the UNISIG group, version 2.2.2, or, where
applicable, the latest valid version in force during the construction of the project. It
will also fulfil additional national functions specified by Infrastructure Managers and
in force during the construction of the projects.
• The GSM-R equipment shall conform to EIRENE Projects Requirements
Specification vers. 13 and MORANE for ERTMS/ETCS Class 1 of UNISIG or,
where applicable, the latest approved version available during the construction phase
of the projects. It will also be equipped with the “hands free functionality”.
• The trains will be equipped with a static recorder for recording and storing traffic
conditions and other events. The specifications and functions of this recording
equipment are left to the suplier’s responsibility.. This equipment has to be
compatible with the information supplied by ERTMS and will comply with the
corresponding ERTMS specifications
In connection with the RAMS Policy, the following standards are applicable to the Spanish
projects:
•
•
•
•
EN 50126: “Railway applications – The specification and demonstration of
reliability, availability, maintainability and safety (RAMS)”.
EEIG 96S126: “ERTMS/ETCS RAMS Requirements Specification”. Vers. 6
EEIG 98S711: “ERTMS/ETCS RAMS Requirements” – Informative Part. Vers. 1.
IEC 62278: “Railway applications. The specification and demonstration of of
reliability, availability, maintainability and safety”.
65/161
2
Phase 2 - System definition and application
conditions
2.1 The mission profile of the system
This section is intended to provide the main concepts of the line operation and maintenance:
•
•
•
•
•
•
•
•
•
•
Operational rules regarding the target ERTMS system and its fall-back modes;
The relationship with the applicable national rules;
The rules for international traffic (e.g. border crossing);
The rules and conditions for train/driver allowance in the line;
The way-side signal typology;
The voice communication via GSM-R and other fall-back systems;
The management of emergency and degraded situations,
The management of ordinary (preventive) and extraordinary (corrective)
maintenance;
The scope and the role of the line control centres.
The V&V process to be followed for the validation and the approval of such rules
together with the involved bodies and organisations.
Austria-Italy project: Brenner Basis Tunnel project
This line will be used for mixed traffic, passengers and freight trains. It is part of the TEN
Corridor 1, and such it will be one of the most important link between Italy and the rest of
the North Europe.
At the end of the implementation, an average traffic of 140 trains per day is foreseen. A
peak headway of 7.5 minutes is foreseen. The passenger trains (length up to 400 m) will
have a maximum speed of 200 km/h, while the freight trains (length up to 800 m) run at a
maximum speed of 100 km/h.
The line interconnects just at the Innsbruck main station with the Austrian Network and the
high speed line towards Munich, presently under construction, while at South (at the
Fortezza station) it is connected with the Italian Network and with the high speed line
towards Verona, presently under study.
Austrian project: Vienna – Nickelsdorf
The main concepts of operation and maintenance are based on the classical operation of the
line; additions concerning the operation of the ETCS level 1 are introduced (opeartional
rules, system description and operating conditions for drivers): DV ETCS Level 1 (operation
rule; DV=Dienstvorschrift), DB 823 (description and operation manual) (DB =
Dienstbehelf), DV S80 (on maintenance).
Fallback modes, national emergency rules and rules for degraded situations are based on the
existing rules for the PZB/LZB system (LZB is not actually used in this line). The national
rules DV V2 and DV V3 for the national signalling systems will be applicable. Border
crossing is not considered for the time being.
66/161
The way-side signal typology: use of fixed standard signals, not changed in any way by
ETCS.
Maintenance, line control centre: no ETCS specific regulations; just national situation and
rules.
V&V process: ·standard process according to the manufacturer’s rules, process supervised
by NoBo during validation phase and additional checks by NoBo. Work to be laid down in
test reports.
The L3 and the L4 Lines
The high speed lines L3 (Luik–German/Belgian border) and L4 (Antwerp–Dutch/Belgian
border) are built to achieve a performance of up to 300 km/h and a 3-minute headway under
continuous speed supervision provided by ERTMS/ETCS Level 2, supplemented by
ERTMS/ETCS Level 1, which takes over in case the former experiences a failure while
offering parallel operations in a mixed level application.
The ETCS Level 1 lines
Around the year 2000 the project started and received the name: EUROTBL. At that stage
NMBS (SNCB) was one integrated railway company, i.e. Train Operating Company and
Infrastructure Manager in one organisation.
The basic concepts were:
•
•
Use of ETCS-equipment in the trackside: Eurobalises and LEUs;
New interface equipment in the rolling stock, which extracts “Packet 44” from
ETCS-telegrams and hands the contents to the existing TBL-equipment in the rolling
stock. From here the name EURO-TBL emerged – which is not to be used anymore.
Currently the track-side implementation project is under management of Infrabel.
Train Operating Company NMBS (SNCB) has two options under consideration for the train
borne equipment:
•
•
The solution described above;
A “real” ETCS-on-board-equipment, complemented with an STM-TBL, which could
deal with the “Packet 44” information.
French project: LGV-Est
German project: Berlin-HalleLeipzig
Originally the line had mixed traffic of trains protected by PZB. ETCS Level 2 was installed
in 2002/2003. Since 2006-06 the track is double-equipped with LZB/PZB and ETCS. PZB is
also used as fall back mode in case of total ETCS failure. A dynamic transfer to LZB at
ETCS failure is not implemented. Each train run starts in PZB mode, then being
automatically transferred to ETCS L2 at defined trackside signal locations. In the moment 5
BR 101 locomotives are tested and allowed to run on the BHL track. Apart from ETCS and
LZB they are equipped with both PZB and level 0. The only allowed way to come into the
67/161
protection of ETCS is to start in PZB mode, for regulatory and operational reasons, not for
technical reasons. On the German network no train is allowed to be run without PZB or
PZB/LZB. And up to the present there is no exemption for BHL. Technically any train
equipped with ETCS could also start in level 0. The MFD displays the signal aspects
transferred to the command variables ceiling speed (guidance/supervision speed), target
speed and target distance.
ETCS controlled shunting is not available on BHL. (National) Subsidiary Signals
(Ersatzsignale) allow only 40km/h in the moment. The (national) Caution Signal aspect
(Vorsichtssignal) is displayed to the driver by a special indication. The speed profile is
controlled for 40 km/h. (Ptok/Bode, Signal & Draht, 2005-10, “Realisierung des ETCSStufe-2-Systems auf der deutschen Pilotstrecke“).
One of the first tasks in the context of the development for BHL was the definition of the
required operational processes, providing independency from the UNISIG specification as
far as possible, considering the ETCS system as a ‘Black-box’. (Mense, Signal & Draht,
2003-01/02, “European Train Control System – Von der UNISIG-Spezifikation zur
Pilotanwendung”).
The main functions have been gathered in a customer specification "Lastenheft" LH,
consisting of eight registers [DB 28] explaining common requirements, operational
requirements, technical system requirements, system environment line, RAMS onboard
equipment, RAMS trackside and operational scenarios. The operational specification has
been transferred to "Use Cases", that should [Mense, S&D, 2003/01+02) use the UNISIGSRS functions.
As a main basis for these requirements and the corresponding definition process the findings
at a qualification test period on the test track, an operational analysis and various system
tests have been taken.
When the UNISIG SRS was revised and amended to release 2.2.2 the European spec
became a basis for the technical implementation on BHL as well. Especially for the
operational rules, the handling regulation for onboard and trackside equipment and the
consistency of ETCS with the national rule book ("DB Konzernrichtlinie 408") was proved
to conform to the national regular framework for PZB and LZB.
Similarities and differences of ETCS in contrast to the national modes (LZB, PZB) have
been structured and categorised. Common features of ETCS and LZB should be drafted
equally to be handled in the same or a similar way. Well approved national principles should
be generalised to become commonly valid.
The ETCS pilot is an overlay system to the existing interlockings with a reduced functional
range at the pilot system. [Leißner/Hansen/Beck/Kammel, Signal & Draht, “Erkenntnisse
aus der Risikoanalyse für die ETCS-Pilotanwendung“, 2003-06).
No international rules have been defined yet, since the track does not cross or touch any
member states´ or European borders.
At another phase (operational qualification) the staff (drivers and dispatchers) was trained.
As a result of a national obligation in the allowance for qualification testing currently valid,
drivers dispatchers and maintenance staff need to be trained on the specifics of the ETCS
pilot to be licensed to operate on the BHL line.
68/161
All national signals remained along the track. They are still used in the fall back mode and
for trains protected in normal (non-ETCS) PZB- or LZB mode. In ETCS mode indication,
discrepancy is accepted in the moment; wayside signals are not darkened in ETCS mode but
still apparent to the train driver.
The relation from Jüterbog to Halle was already intended to be equipped with GSM-R
before ETCS had been specified, so that only some adaptations had to been done in this
regard when ETCS was to be installed on the line.
RBC-/LZB centres (Release 1.4) are located at Ludwigsfelde, Jüterbog, Wittenberg and
Bitterfeld. The RBCs, LZB centres and existing interlockings are connected via the
proprietary interface SZS/SAHARA.
The Rome-Naples HSL
In the operative program [RFI 19] the main operative conditions are indicated.
The maximum speed of the line is 300 Km/h. The minimum headway is 5 minutes, with all
passenger trains running at the same speed (homo-kinetic train operation).
To date, the line is mainly used for diurnal passenger traffic for medium and long distance
journeys.
Torino-Novara HSL
In the operative program recalled above the main operative conditions are indicated. The
maximum speed of the line is 300 Km/h with minimum headway of 5 minutes when all
trains are running at the same speed. The line is mainly used for diurnal passenger traffic,
medium and long distance journeys.
The Dutch projects
Betuweroute
Basic information about the line is given above.
The present system consists of eight Interlocking systems for the four tracks. For availability
reasons the line is split up into four Interlockings for the two western tracks and four for the
eastern tracks.
The following Figure 31 gives an overview of the integrated track-side system. The supplier
Bombardier has to interface with a lot of ProRail systems, the most important of which are:
•
•
•
Equipment of the traffic control;
ATM network, communication network between the Central Interlocking computers
and the Object Controllers in the equipment houses along the line;
The object controllers and the outside equipment of ProRail.
69/161
Figure 31 – Track-side architecture of the Amsterdam-Utrecht line
HSL ZUID
The Figueras-Perpignan line is intended for mixed traffic between Spain and France. Traffic
control will be located in Figueras and ERTMS rules will be applicable. Other rules have to
be defined under the responsibility of the TP Ferro Consortium that has the concession of
the line.
All other high speed lines are reserved to passenger traffic only. As they are entirely inside
the Spanish territory ERTMS and Spanish national rules are applicable.
70/161
2.2 The system definition
•
•
•
The architectural layout of the trackside and train-borne sub-systems, with the help
of one or more block-diagrams showing the main system components and their
relationships.
The identification and a short description of all the major constituents and interfaces
of such layouts and their specific configurations.
The list of the basic project documentation regarding the safety process for the
overall system that his available (e.g. the description of the track-side and train-borne
CC&S assemblies, the preliminary hazard analysis, the criteria for risk tolerability,
the list of applicable technical Norms and Specifications (both European and
National), the V&V plans, the safety plans, the quality plans, the available safety
cases and the interoperability certificates for constituents, the plans for system
acceptance.
The Austria-Italy project: Brenner Basis Tunnel
The functional and architectural requirements of the control-command and signalling
subsystem is described in the following basic documents:
•
The document “Betriebe Regelungen-Regolamento di Esercizio” provides the basic
principle for remote operation of the line from the main Control Centre in Innsbruck,
and, in case of its unavailability, from the fall-back system to be located in Verona or
in Bologna. Operation in both normal and degraded conditions is considered. Some
new operational rules for taking into account the ETCS Lev. 2 systems are
considered as well.
• The documents “Systemarchitektur – Architettura di Sistema” and “Leit-und
Sicherungstechnik Technischer Bericht – Sistemi di Controllo e Comando Relazione
Tecnica” provide detailed architectural layouts of the Control-command and
signalling sub-system, including all the security equipment (e.g. emergency power
supply, access control, emergency radio..) required by higher level safety
requirements given in the document .
• The document “Telekommunikation Technischer Bericht – Telecomunicazioni
Relazione Tecnica”, provides a detailed description of the telecommunication subsystem (GSM-R, TETRA, public GSM, fixed telephony, fiber optics newtwork and
all the interconnected security equpment).
The track side CCS system has been designed in details, on the basis of such requirement
specifications. It includes:
•
•
•
•
A centralised Control Centre to be located at Innsbruck main station supplemented
by a reserve Centre to be located in Verona or Bologna;
A couple of Solid State Interlocking (SSI): one SSI to be located at Innsbruck main
station, connected to the only RBC located in the same building and onother SSI to
be located at Fortezza station;
A number of axle counters for train detection in the block sections along the line;
A number of fixed balises for train location references;
71/161
•
•
•
The extension of the Austrian GSM-R network to cover the whole line up to the
CC&S sub-system border in fortezza;
Harmonised Marker Boards at each block section extremity
A number of train protection devices like Hot Box Detectors, Axle Load Monitors
etc.
For ETCS trackside system, the System and Safety requirements specification can be found
in the document "ETCS Level 1 ÖBB Projektierungsanforderungen Streckeneinrichtungen",
3BU 81400 1005 BGAPC, 29.3.2005" and the “Lastenheft-1-00 für das Zugbeeinflussungssystem ERTMS/ETCS Level 1 für die Strecke Wien – Hegyeshalom, 10.12.2001”.
The trackside balises are controlled by LEUs directly from the existing signal; the
information is taken directly from the lamp current of the signal lamps. The main balise
group consists of two balises per main signal. At each distance signal (infill), two in-fill
balises are used. In the stations Euroloop is used as infill. The used interfaces are: the
interface A and the national interface to the signals. Single Repositioning balises are used
where necessary (not often).
The train borne EVC is functionally independent from other equipment in the existing
vehicle (locomotive type 1116). The existing Vehicle bus (MVB) is the interface between
EVC and DMI. . Interface to the braking is via existing groups of components used for LZB.
Further on interfaces are required for electric braking, switching off function for emergency
brake (Notbremsüberbrückung), and driver related operations.
Trackside Interoperability Constituents: constituents are all certified according to the TSI
together with the relevant specifications valid at the start of the project.
Certificates of Interoperability Components:
•
•
•
•
LEUs (from Thales-Alcatel and Siemens): certificates by Arsenal are available.
Eurobalise (Siemens): certificate by EBC is available.
Euroloop (Siemens): certificate by Arsenal is available.
Trainborne equipment: Certificate will be delivered by EBC for only one group of
constituents. It is not yet available.
The high speed lines L3 (Luik – German/Belgian border) and L4 (Antwerp – Dutch/Belgian
border) are built to achieve a performance of up to 300 km/h and a minimum headway of 3
minutes under continuous speed supervision provided by ERTMS/ETCS Level 2,
supplemented by ERTMS/ETCS Level 1, which takes over in case the former experiences a
failure while offering parallel operations in a mixed level application.
The project started at around the year 2000 and received the name: EUROTBL.
At that stage NMBS (SNCB) was one integrated railway company, i.e. Train Operating
Company and Infrastructure Manager in one organisation.
72/161
The basic concepts are:
•
•
To use of ETCS-equipment in the trackside: Eurobalises and LEUs;
New air-gap interface equipment in the rolling stock extracts the “Packet 44” from
ETCS-telegrams and hands the contents to the existing TBL-equipment in the rolling
stock.
From here the name EURO-TBL emerged – which is not to be used anymore.
Currently the track-side implementation project is under the management of Infrabel.
The train operating company NMBS (SNCB) has two options under consideration for the
train borne equipment:
•
•
The solution described above;
A “real” ETCS-on-board-equipment, complemented with an STM-TBL, which could
deal with the “Packet 44” information.
The Figure 32 below shows the overall architecture of track-side and train born systems
foreseen for the PEEE project.
TVM430 / KVB loaded + ETCS level 2 loaded + GSM-R loaded…
FFFIS
Balise KVB*,
crocodile*
All
captors/transmittor
s : CDV, BSP*….
Transmittors:
Eurobalise noncommutable**
FFFIS
Transmittors:
Eurobalise
commutable**
GSM-R
Trackside**
FIS
FFFIS
Other LEU**
Spacing Function
TVM430
LEU**
Other RBC**
RBC**
Other SEI*
SEI*
Engaging Function
Temporar
Signals
Manageme
*
SILAM/SICAM*
Distance command
station
IT Systems Hubs
* Equipment specific to TVM430
** Equipment specific to ERTMS
Equipment in-house, the other
equipment is along the line
In contact w
Connection
managemen
Interoperabil
Figure 32 – Overall Architecture ERTMS superimposed TVM 430/ SEI (ref. prel.
safety file)
A more detailed architectural overview of the track-side system provided by Ansaldo Signal
is given in Figure 33 below.
73/161
Figure 33 – Track-side architecture of the PEEE project
Onboard equipment
To date, five traction units BR 101, one DB train control test car BR 707 and the Siemens
VT 1.0/1.5 "Desiro" (basing on BR VT 642) have been equipped with ETCS functions.
74/161
Figure 34 Train-sets of DBAG equiped with ERTMS/ETCS systems
75/161
The European Vital Computer (EVC) “ETCS L1/L2 Inboard Unit (OBU) ZUB710”
installed in these test trains has been developed by Siemens. The generic ZUB710 core
system was modified for ETCS L1 and L2 applications. Further equipment: Juridical
Recording Unit (JRU) JR DSE 32 Messma, Driver Machine Interface (DMI) E2 Messma,
radar, odometer pulse generator, balise antenna unit S21, radio basis system and a braking
unit.
Trackside
1200 balises S21 (Siemens), 4 RBCs, MMI and diagnostics computer, 20 BTS stations,
marked by (signal) mast signs. Interlockings transmit the status messages in the yard to the
RBCs for the MA generation. Train and RBC communicate via GSM-R, bidirectional.
Leipzig/Halle-Jüterbog only: 100 points, 306 balise groups, 124 wayside signals, 258
gradients, 99 speed ranges; 7300 element attributes, 13.000 data entities.
The Rome-Naples HSL
The document [RFI 21] is the oldest and the highest level document of the Italian high speed
line Project. In this document, the high level system architecture is described (see Figure 35)
76/161
Central Supervisor Room
Central Operative Room
N
O
D
O
PCS
PP
PP
Train
PP
Train
N
O
D
O
PCS
PP
PP
Train
PP
Train
PCS
PP
PP
Train
PP
Train
Figure 35 – Architectural layout of the CCS sub-system for high speed lines
The Torino –Novara HSL
The system architecture is basically the same as in the Rome-Naples HSL outlined in Figure
35 above. This can be seen as a “Specific System Application”, while the Rome-Naples
System can be considered the ERTMS/ETCS Level 2 “Generic Application” and the first
Specific Application, according to the CENELEC definitions.
The trackside subsystem (SST) consists of the following subsystems:
•
•
•
•
Interlocking (GdV) based on the generic product NVP+GAT supplied by ASF and
wayside objects supplied by Alstom;
Train Separation System (DT) based on the generic product RBC and on the
Eurobalise supplied by ASF;
Hot Axel Box detector and braked wheels detector subsystem (RTB) supplied by
BMB;
TLC-LD e GSMR networks (communication systems) supplied by SIRTI.
The Dutch projects
Betuweroute
The Betuweroute is conceived as a pure ERTMS Level 2 system without fall back solutions
for train control and signalling and without dual signalling. Therefore only ERTMS
equipped trains will be admitted.
77/161
HSL ZUID
The trackside architecture in a broader context is illustrated in Figure 36 below.
Figure 36 – HSL ZUID Track-side Architecture
The system architecture follows closely the ERTMS definition according the TSIs that
develop the EC interoperability Directives. The diagram below shows the main components
and relationships in line with the Project definition.
78/161
GSMR
GSMR / EIRENE
ASFA
Conventional
EVC
DMI
Interlocking
Interlocking
Interlocking
RBC
RBC
RBC
Command
Command
Command
Figure 37 – Architectural layout of ETCS Lev. 2 and Lev. 1 lines in Spain
79/161
3
Phase 3 - Risk analysis
3.1 Hazard analysis and system level mitigations
This section is intended to provide the following information about:
•
•
•
•
•
The process for carrying out the system hazard analysis, the higher level documents
that were considered as higher level inputs and the documents produced as output.
Which organisation(s) is (are) involved in this analysis?
The results of the risk assessment: the mitigations introduced for the unacceptable
risks (e.g. additional safety related requirements), the transposition of mitigations to
other sub-systems (e.g. the security sub-system) or to the set of rules and procedures
for operations and maintenance.
The management of the Hazard Log alongside the whole System life cycle, with
emphasis to the adopted measures (procedural and technical) and their effective
implementation, the organisation in charge of maintaining the Hazard Log. How are
the exported constraints communicated to the parties (like Train Operating
Companies) involved?
The relationship between the ETCS safety targets versus its reference mission profile
and the actual case.
Additional hazards, not included in the ERTMS list of hazards, that were eventually
considered and the ways how they were handled.
The Hazard Analysis has started with a document dealing with Trackside Tunnel Safety
Concept including an high level Hazard Analysis with mitigation requirements for the tunnel
safety and protection functions. The CCS Safety Plan, the functional requirements and the
RAM requirements are based on the conclusions of this Hazard Analysis.
The Risk Analysis document (document 3BU 81400 3003 DUAPC, 12.11.2002) was set up
by a project independent collaborator (author) of one manufacturer, on behalf of the Railway
Operator ÖBB. Main basis for the risk analysis (numerical target) has been the statistics of
the total accidents on all lines of the railway operator. An independent safety assessor has
assessed the Risk Analysis and found it appropriate.
The outcome of the Risk analysis is that the specified ETCS safety level and the respective
numerical target value for ETCS is, according to GAMAB/GAME, better than the existing
safety level today.
No specific considerations have been taken concerning procedures for operations and
maintenance.
No hazard log was set up. It seemed not to be required as ETCS is an overlay on the existing
safe system and no further hazards (except the ETCS inherent ones can be introduced).
80/161
For the TBL-application (usage of “Packet 44”), analyses have been taken place, which lead
to the following technical solution:
• Balises at each signal;
• Advance (around 300 m) balises to give early signal-aspect-information.
The advance balises constitute the “+” of the TBL1+ system.
The advance balises and the respective locations are the results of thorough risks analyses.
For the ETCS level 1 application, the HAZOP is nearly finished. The continuation of the
HAZOP / risk analysis process is in progress.
At the start of the project, before the contracting phase, a detailed risk analysis has been
carried out.
The risks are being monitored; a database is maintained in support of the process.
Due to the “GAME” principal (dictating that no developments are allowed that will lead to a
less safe operation) several studies have been conducted before contracting.
This has lead to specific requirements, for example:
•
The train has to be stopped within 20 sec after loss of radio contact (thereby dictating
the T_NV);
•
A double GSMR installation on the train is required mostly for RBC-to-RBC handover management.
The risk analysis for ETCS BHL was performed to derive the targets for the safety
requirements. That these, in turn, are met was demonstrated in the safety cases, supported by
a hazard analysis (not to mix up with "hazard identification"), applied to apportion the safety
requirements down to the subsystems and items of equipment.
As a constraint the figures for random failure given for the onboard and trackside safety
targets (TSI and SUBSET091) had to be adhered.
Unfortunately an assertion to the acceptable amount of hazardous human error (i.e. collapse
of procedures) was - and still is - missing for the analysis. This resulted in a wide scope of
discretion for the apportionment and even interoperability criteria, so that the BHL risk
analysis was strongly influenced by national specifics. In a primary step every hazard was
allocated a THR on basis of an equal distribution of the tolerable risks. Iteratively this
distribution was adapted during the design process.
The degree of itemisation of the risk analysis was limited to the levels above the suppliers´
specific system designs. Hence the resulting operational and functional approach led to the
hazard analysis of technical, human factors and procedures´ segments.
The analysis was mainly performed by DB Systemtechnik, supported by (operational) data
input from the railway authority. It was decided to use a functional hazard analysis
approach, analogue the aviation process, subdivided into the sections system definition,
81/161
hazards´ identification, consequence analysis, risk acceptance analysis and safety
requirements.
The functions ‘plan train run’, ‘prepare train run’, ‘train run disposition’, ‘set up train run´s
preconditions’, ‘accept train run’, ‘perform train run’ and ‘finish train run’ were defined and
detailed down to a level where system specific (technical) design or operational procedures
started. Relevance classifications for the ETCS pilot were added (directly relevant,
indirectly relevant).
At the hazards identification phase concrete hazards were assigned to each (detailed)
function, assessed due to their safety relevance (three categories) and added to the hazard
log. More than 70 hazards identified for the railway operation were filtered, finally 13
remained for ETCS.
The task to determine the accepted level of the new ETCS risk was initially tried to be
solved by a joint study of SNCF and DB, but this intention failed since the results differed
up to a factor of 100 for the acceptable risk.
Hence the accepted risk could only be determined preliminarily, solely based on national
estimation: DB should work out an obliging position as operator responsible for the safe
transport of people and goods. This should be evaluated and authorised by the EBA.
As a reference the current risk for a passenger at a one hour train journey was taken,
conforming [DB 22] and [DB 6]. At an ETCS failure a hazard may not only aim at
passengers, but also track workers, neighbours, third parties, goods and environment, but it
can be assumed that if sufficient safety were provided for passengers, it were implicitly
provided for the others, too.
The hazardous situations stored at the STABAG (“Statisik der Bahnbetriebsunfälle und
gefährlichen Unregelmäßigkeiten”, statistic of railway operation accidents and hazardous
irregularities) database were investigated for those causes that would also have been causing
hazardous failure of the future ETCS system.
The tolerable individual risk for ETCS passengers long distance traffic TIRFETCS-SPFV could
be determined that way. 70% of this risk budget was equally distributed on the 13 ETCS
hazards in a first approximation, 30% left for possible future extensions or changes in ETCS
specifications or the BHL implementation.
By the very simple assumption that every hazard would immediately open out to an accident
the factor for external risk reduction could be set to ‘1’. This reduced the effort for the
consequence analysis to zero. In case the suppliers´ hazard analysis would not be able to
attest the achievement of the THRs, calculated from TIRF, a specific consequence analysis
would have been performed.
CENELEC EN50129 necessitates the coordination of hazards evolved from an operator´s
hazard identification process and those coming from a supplier´s hazard or failure analysis.
Neither a clear borderline between operational and technical hazards is stated in the
standard, nor are any methods proposed for this purpose. For that reason a complex and
extensive "mapping" of one hazards type towards the other was performed. Unfortunately
the underlying system definitions and boundaries were not congruent so this approach did
not fully succeed. Anyhow the achievement of qualitative and quantitative safety targets gained from the risk analysis - could be demonstrated. Parts of the "mapping"
documentation become part of the safety case documentation.
82/161
Several local specialities and certain operational frequencies of occurrence limit the validity
of this risk analysis to the BHL line. As a consequence these specific features need to be
controlled and monitored at revenue service and be adapted from time to time.
As examples may be asserted:
The handling of temporary speed restrictions has been specifically solved at BHL; the safety
related context of a faulty input of such a restriction has not yet been fully captured.
At a signal stop caused by any irregular situation it will be important for the safety of the
system that the respective GSM-R message will not be delayed more than 5 sec in order to
keep the calculated safety target. Hence the accordant GSM-R reliability needs to be
assured.
In case level crossings should be installed in future (for some reason), the RA/HA
(risk/hazard analysis) needed to be recalculated, since no LC´s (and LC hazards) have been
considered in the current RA/HA.
The driver needs to be informed to switch off traction in case an emergency braking is
released by the system, otherwise the safety target could be compromised.
While computing the system hazard analysis some missing vital requirements not being
stated in the UNISIG specifications yet had been identified. Change requests were issued.
Therefore on BHL the incompleteness of the UNISIG specifications had to be compensated
by several differences to the UNISIG specs. Additionally some considerable operational
restrictions needed to be accepted to guarantee a sufficient level of safety.
The Rome-Naples HSL
RFI issued a Preliminary Risk Analysis [RFI 37]. This document was intended as an input
for the Saturno Consortium to start working on System Hazard Analysis. Such activity was
then carried out, under the responsibility of the Saturno Consortium, by a Working Group
including experts of the signalling system suppliers and with the technical support of RFI.
The risk analysis started from the system functions foreseen for the ERTMS/ETCS Lev. 2
system and identifying the risk related to a missed or partial implementation of such
functions.
At the end of this activity the documents [RFI 119] and [RFI 120] were issued in version A.
The documents were then reviewed prior to closing the project (version B).
The deep experience of the work group participants and the working methodology has
guaranteed the completeness of the analysis.
Near the end of the project a final review of the analysis was performed. A new version of
the same documents (version C) and a new document containing the collection of the Safety
System Requirements [RFI 123] were issued
The revealed hazards were inserted in the project Hazard-Log that has been kept alive
during the whole duration of the project.
Besides the two mentioned documents, System FTA and FMEA have been issued as well.
The hazards needing operating procedures for mitigation have been evaluated by the
competent structures of RFI that have issued the corresponding procedures.
83/161
Finally the document [RFI 121] was issued, in which the system HFR (Hazardous Failure
Rate), evaluated in accordance with the methodology indicated in the UNISIG SUBSET091,
is finally reported.
The Turin-Novara system design has been largely based on the ERTMS/ETCS experience
gained in the first ERTMS/ETCS Rome-Naples project. The same safety process has been
put in place for hazard and risk analysis ans well as for the safety approval.
The Dutch projects
Betuweroute
Scope of Consortium Alstom-Movares hazard log is the Bev21 system, which includes the
ETCS system. The hazard log also includes measures to be exported to infra manager and
train operator.
ProRail hazard log covers Bev21 integration with Traffic Control and operational processes.
An extensive hazard transfer process has taken place between ProRail and the Consortium to
formally transfer hazards/measures between the two organisations.
Amsterdam - Utrecht
The line is built in accordance with the present design, installation and test constrains. At
present, the risk analysis is focussed more on the introduction of new signaling equipment
than on the installation of ERTMS.
HSL ZUID
The project organisation HSL Zuid has issued an Integral Safety Plan [HSL Zuid
HAVL/567392, versie 10, 30 September 2004] that outlines the main safety concepts and
allocates risks to be mitigated to each party in the Transportation System.
The following organisations were involved in this analysis:
• Bouwdienst Rijkswaterstaat
• Projectdirectie HSL-Zuid
• Predecessor of IVW; Railned Spoorwegveiligheid
• NS Railinfrabeheer
The responsibility for mitigating risks related to the superstructure (including CCS) has been
allocated to the supplier (Infraspeed consortium, in which Siemens provides the interlocking
and Alcatel provides the RBC). Therefore no risk allocation within the scope of Infraspeed
has been carried out by the Project Organisation; the design responsibility in this respect lies
with the Infraspeed consortium. The interfaces have been designed based on a jointly
established description of the operational system. The Integral Safety Case for the traffic
system consists of prove that the the hazards related to the interfaces are correctly mitigated.
For the Transportation System as a whole an Integral Hazard Log is maintained by the
project organisation HSL Zuid. (ref. HSL document #603704).
Infraspeed maintains the Hazard Log for the HSL Assets (that form the Superstructure
including the CCS sub-system) and for the HSL Activities (that mainly consists of
84/161
maintenance and renewal activities). This is part of the Availability Period Safety Case that
has to be updated by the Infraspeed Consortium on a regular basis during the 25 years of the
Infraprovider Concession.
Infraspeed has performed a risk analysis (ref. “EPC System Hazard Analysis (SHA) IDE
(SYS$TEX&AFF” # 000001) in which 13 top-hazards have been identified.
Two of these top hazards were allocated to the trackside CCS:
•
H4 - Undetected erroneous movement authority/train protection resulting in
derailment or collision, related to function/failure mode:
• Undetected Erroneous SIG (Signalling sub-system) communication to/from train via
balises (due to overspeed)
• Undetected Erroneous or uncommanded SIG communication to train via fixed Balise
or GSM-R (ETCS Level 2)
• Undetected Erroneous communication between SIG interlocking and RBCs
• Undetected Erroneous or uncommanded communication between Neighbour RBC
and RBC (ETCS Level 1)
• Erroneous track profile to RBC
• Loss of earth
• Creating of erroneous route map RBC
• H5 - Undetected erroneous route protection, resulting in derailment or collision or
fire, related to function/failure mode:
• Undetected erroneous failure of trackside status monitoring for high water alarm
• Undetected loss or failure of monitoring of trackside elements
• Undetected Erroneous route setting
• Undetected Erroneous or uncommanded Track occupancy (train integrity)
• Undetected Erroneous communication between RAS (adjacent conventional track)
interlocking and SIG (HSL) interlocking
• Undetected loss of or erroneous information from SIG to AEM allows wrong escape
doors to open when tunnels not train free
• Loss of earth
Other Top Hazards were partly allocated to the trackside CCS:
•
•
•
•
•
•
•
•
•
•
H2 – Loss of free space profile due to:
Movable Water Barrier
Flood Doors
Jet Fan.
H3 – Loss of free space profile due to objects on track:
Vehicles
Vandalism
Animals
TPD catenary system
Landslide/trees
85/161
•
•
•
•
•
•
•
•
•
•
Subsystem parts
Maintenance Equipment
Window penetration.
H6 – Loss of incident mitigation
Self Rescue
Emergency Response
Derailment containment.
H7 – Failure to protect authorized staff (Staff/ Maintenance Personnel).
H8 Undetected flooding of tunnel, cutting or open track
H9 Undetected switch failures
The responsibility for the safety management during the design, manufacturing and
integration has been left to the supplier.
An ISA appointed by the customer (ADIF or RENFE) has made an assessment of the Safety
Documentation brought by the supplier (Risk analysis, Safety case, Test Results, Exported
Rules).
The System Validation and Verification, under ADIF and RENFE test requirements, have
been performed by independent laboratories and safety assessors.
The Safety File compiling all the safety related documents, has been delivered to the Safety
Directorate of Adif, and is the basis for the Safety Certificate that this body delivers to the
National Safety Authority.
The below gives the flowchart of the overall safety process in Spain.
86/161
Beginning
Contracts, regulations,
directives, laws, safety
requirements
Safety planning
Safety case
System description and
delimitation, safety
requirements.
Experience in operation
Hazard and risks
analysis
Safety case
Make changes in the
system
No
Hazard Log
Have safety aims
been achieved?
(Validation
process)
Yes
Safety case conclusion
Conclusion
documentation
End
Figure 38 – Safety process in Spain
87/161
Safety is managed under the supervision of a suitable organisation, as shown in the figure
below.
TECHNICAL MANAGER
OPERATING MANAGER
HEAD
SAFETY TECHNICIAN /
CTC VERIFICATION
ERTMS
ENGINEERING
CONTRACTS
(INSTALLATION)
CTC/ERTMS Design
PROJECT MANAGER
Tests/ERTMS CTC
VALIDATION
Figure 39 – Safety management organisation
Once the system as a whole has been analysed, preliminary risk analysis is carried out, each
manager dealing with reduction of their hazards.
A Hazard Log is created with a record of all application hazards picked out, identified by
techniques.
These records are updated to include hazard monitoring, from their initial reduction to the
final reduction. The following is specified for each hazard:
• ID
• Description
• Severity, probability and risk initially assigned
• Person responsible for risk reduction
• Description of risk reduction
• Severity and reduced probability and remaining risk
• State: open, pending, closed
The Hazard Log remains open throughout the life cycle of the project, it being possible to
add new hazards and reopen closed hazards for repeated analysis if any conditions change.
Hazards are closed by the Safety Manager once it is ensured that the remaining risk
following reduction is tolerable according to the criteria established in CENELEC
Standards.
88/161
From the TOP hazards detected, top level safety requirements are determined and which are
aimed at ensuring fulfilment of system safety functions.
Figure 40 - Hazard Analysis Structure
The preliminary risk analysis (ANNEX VII see RENFE 7) and the preliminary hazard
analysis for the application (ANNEX VIII see RENFE 8) lead to the Safety Requirements
list (ANNEX IX see RENFE 9).
Safety Requirements
The following list gives the top level safety requirements related to ERTMS:
•
•
•
•
•
•
•
The generic data generation process will ensure the right parameters for ERTMS
data thanks to a SIL4 process. (Data entry) (REQ_APR_47)
ENCE and ERTMS system connection (interface) shall ensure information is
transmitted properly. (REQ_APR_48)
In the event of a loss of communication between ERTMS and ENCE, the default
state of each piece of information will ensure system safety. (REQ_APR_49)
The interface between ERTMS system components shall ensure information is
transmitted properly. (REQ_APR_50)
Eurobalises will be installed on the line in accordance with diagrams of every 2 Km
of track. (REQ_APR_51)
The generic data generation process will ensure the right parameter setting for
ERTMS data thanks to a SIL4 process. (REQ_APR_52)
ERTMS L1/L2 system maintenance actions will be carried out in accordance with
the adjustment and maintenance manual. (REQ_APR_53)
89/161
•
•
The ERTMS L1/L2 system will be installed in accordance with the manuals.
(REQ_APR_54)
The functionality supported by the ERTMS L1/L2 shall be SIL4 (REQ_APR_55)
Safety documents generated are checked by the Safety and Engineering managers,
considering technical aspects (design, manufacturing, installation, etc.) and aspects related
to safety (CENELEC standards, safety manual, etc.). Any change or enlargement of the
system will be subjected to checks.
For acceptance of the system installed it is necessary that:
•
•
•
All activities are carried out throughout the life cycle of the application are checked,
filling in the corresponding inspection reports.
The validation phase is completed by the application of test protocols and
justification that specified requirements have been observed, filling in the
corresponding validation report.
The Safety Case is checked by technical staff for the project, and approved by the
senior safety manager at the construction company.
3.2 Specific issues
This section is intended to provide information about the following specific issues:
•
•
•
•
Local needs (e.g., existence of level crossings along the line),
Specific judgement of risk (events that are considered “not dangerous” in one
application might be judged differently in a different environment),
The responsibilities allocated to ERTMS (for example, in a certain application
ERTMS could be responsible of sending emergency messages to stop trains in case
objects are detected on the tracks, while in other applications a physical protection of
the infrastructure against intrusions could be considered sufficient to mitigate this
kind of hazards).
Allocation of responsibility to the driver, with respect to data-entry and display of
information.
The specificity of this line is due by its full extension within a double tube long tunnel. The
safety mitigations in this case are somewhat different from the normal case. A particular
point is due to the fact that, in case of serious accidents (e.g. fire on board) the trains must be
allowed to run up to the next station, the only place where the possibility to escape to the
other tube is existing for the passangers. This requires high availability of the controlcommand functions as well as specific redundant solutions fro telecomminications and
remote control.
As in the Austrian railway system there are many stopping points (e.g. protection signals –
“Schutzsignale”, some standard signals) with too short (or even non-existing) overlap, these
points are the sources of possible dangers.
90/161
According to the ETCS safety principles that take into account inaccurate distance
measurements (1) and the specified braking curves of the vehicle (2), calculated braking
distances are always ending a certain distance before the scheduled stopping point.
In the case of a signal showing a proceed aspect the scheduled stopping point can be reached
by a continuous infill. In case of a stop aspect, this could have disadvantages in e.g. too
short (in comparison with train length, that the rear passenger vehicle does not enter the
station or platform completely) station lengths. Mostly the short stations or platforms cannot
be lengthened due to lack of space.
So the only method found for coping with this problem is the introduction of a certain
release speed (in Austria 20km/h) even in case of 0 m overlap. Otherwise an appropriate
operation of the traffic in the stations would not be possible.
So in these cases the safety of ETCS could decrease due to the introduction of the release
speed.
As infill is only to be used to increase an MA, it could also be used in emergency cases to
transmit a stop aspect to the train (consider that setting a signal immediately to a stop aspect
is also possible in existing interlocking systems). In such an emergency case the effect could
be useful or not (depending on the condition of train and reason), but if it is effective it
could decrease a possible damage.
Driver responsibility: Train data must be entered according to regulation “DV ETCS Level
1”.
See Chap. 3.1.7 above.
The Rome-Naples HSL
There are no particular specific issues in the ERTMS/ETCS system deployed in this line.
Voice communication beween Control Centre and Drivers is performed via GSM-R Cab
Radio installed on board. A redundant on-board GSM-R Data Terminal is used for tracktrain data exchange. The redundant nature of the radio is due for increased availability as
well as for improving availability and response time during the RBC to RBC hand-over
functions.
The Cab Radio and the Data Terminals used on the Alstom trains as well as the Data
Terminal of the Ansaldo trains have got Interoperability Certification by RINA.
Similar considerations as above apply.
91/161
The Dutch projects
Betuweroute
Amsterdam - Utrecht
HSL ZUID
Specific issues including allocation of safety responsibilities to ERTMS are described with
more details in the WP3 Report of this ERA Survey Project.
Specific local needs arise from:
•
•
•
•
Long tunnel (more than 7 km) that is build as a single tube in which the two tracks
have been separated by a wall; the adjacent track is the safe haven in case of
emergency evacuation;
Risk of flooding of polders that lead to application of water barriers/flood doors;
Risk of derailment on the bridge over the Hollands Diep to be mitigated by
measurement of wind speed and (eventually) automated alarm calls;
Driver responsibility, as far as data-entry procedures are concerned.
The Ministry of Transport has established the so-called National Functions, which are the
packets and variables necessary to complete description of the national ERTMS
functionality.
These functions are deemed necessary by the gained experience on the operation of high
Speed Lines. Nevertheless, the opinion of the experts is that National Functions should be
avoided: if they are really necessary, they should be incorporated to TSIs, otherwise should
be suppressed.
These national packets and variables have to be dealt with by the ERTMS system or be
addressed to other external systems, according to the values of the NID_C and NID_XUSER
international variables.
For authorising the commissioning of rolling stock, the latter shall comply with the above
National Functions.
National Infrastructure and Rolling Stock Rules introduce new risk control requirements,
outlined in the Manufacturer’s Risk Analysis.
National Functions, jointly defined by the Ministry of Transport and Adif are as follows:
Ertms National Functions for Trainborne Equipment
•
•
•
•
•
FN-10: Emergency alert
FN-20: Separate management of temporary speed restrictions according to level
FN-23: Multiple revocation of LTV
FN-24: Eurobalise default message management
FN-26: Data input
92/161
•
•
•
•
•
•
•
•
•
•
•
•
FN-27: ERTMS management of independent ASFA equipment
FN-35: Station stopping suggestion
FN-36: Door control supervision
FN-38: Tilting
FN-71: Automatic train operation (ATO)
FN-77: Degraded transition from Level 2 to Level 1 due to loss of contact with RBC
when running on track with Level 1 equipment
FN-40: Degraded transition from Level 1 to STM ASFA Level, running on track
with ASFA equipment
FN-79: Degraded transition from Level 2 to STM ASFA, running on track with
ASFA equipment
FN-122: Degraded transition from Level 1 to Level 0 + ASFA, running on track with
ASFA equipment
FN-123: Degraded transition from Level 2 to Level 0 + ASFA, running on track with
ASFA equipment
FN-121: Inhibition of available levels
FN-124: Link response management
Ertms National Functions for Level 1 track side equipment
•
•
•
•
•
•
•
•
•
•
Tunnel management
Viaduct and bridge management
Neutral zones management
Gauge changer management
Managing passing trains in tunnels
ERTMS/ETCS level transitions
TSR management
SR speed changes
Balise default message management
Detector management
ERTMS introduction has meant the drafting and introduction of a series of rules into the
General Traffic Regulations for using ERTMS, outlined in Chapter 24 of the Operating
Manual (Annex no. 7 see RENFE 7).
93/161
4
Phase 4 - System requirements
•
•
•
The process followed for defining the overall system requirements (including both
the trackside and the train-borne sub-systems), based on the applicable ERTMS
specifications and on the input documents produced in the previous phases, with
consideration of the needs of a generic application case as well as of specific
applications.
The available documents produced for identification of functional (ERTMS
operational modes, ERTMS options, fall-back modes, interaction with non ERTMS
signalling systems like train detection, interlocking, telecoms, etc.), environmental,
EMC and detailed RAMS requirements for the project.
The documents produced for the project management, quality and safety assurance,
version management, V&V, test and certification plans, pre-operation phases and
formalities for the final system acceptance.
4.1 The Austria-Italy project: Brenner Basis Tunnel
This phase of the basic project is still in still progress to date. The system design activity is
closely followed by the BBT Infrastructure Manager and the RABBIT Consortium of
NoBos in relation to the TSI conformity verification and to the fulfilment of the National
Austrian-Italian regulations.
4.2 The Austrian project: Vienna – Nickelsdorf
This Project is as well as a new generic application as well as the first specific application of
ETCS in Austria. The used Subsets are according to V2.2.2.
Basic document on Requirements Specifications on Data Engineering:
•
Lastenheft-1-00 für das Zugbeeinflussungssystem ERTMS/ETCS Level 1 für die
Strecke Wien–Hegyeshalom, 10.12.2001.This documents specifies the Functional
Requirements for the project. It is worth mentioning the specification of the optional
ETCS requirements to be used in a mandatory way for the project (e.g. the use of
Euroloop infill) as well as for trackside requirements as the trainside requirements.
• ETCS Level 1 ÖBB Projektierungsanforderungen Streckeneinrichtungen, 3BU
81400 1005 BGAPC, 29.3.2005.
Some of the considered issues are:
•
•
•
•
•
•
•
Braking distance, speed, gradients, infill,
Positioning of balises, loops and LEUs
Connections (interface C) with balises and loops
Announcement of loops, Ids
Coupling of signal information
End of platform,
Used level transistions
94/161
•
Location reference points, danger points, speed optimization, national values, linking
with link reaction and accuracy
4.3 The Belgian projects
The track side ETCS-sub-system (Balises and LEUs) has to interface with:
•
•
Existing relay interlocking systems; parallel inputs: via potential free contacts.
Existing electronic interlocking systems (PLP); the LEU is adapted for the serial
connection (TFM) which is available from the PLP-system.
The integration of the ETCS track-side subsystem includes:
• Connection to existing interlocking systems.
• Placing balises in the track, according to the Engineering and Dimensioning rules.
As far as the balise installation aspect is considered, Infrabel has defined specific rules, to
take into account other equipment already in the track, like existing TBL-balises, crocodile
(officially: “Memor”) etc. Therefore, Infrabel concluded that a Balise Group can only
consist of a maximum of three balises, due to the sum of all constraints for the On-board
equipment: see Chap. 2.1.7.
4.4 The French project: LGV-Est
4.5 The German project: Berlin-HalleLeipzig
Several parties were participating in the requirements define process. The Deutsche Bahn
Netz AG ("Technik und Beschaffung" and "DB Projektbau") acted as the contracting body.
DB authors of railway rules and frameworks gave input from the operational points of view.
Contributions to the requirements came from trackside operators as well as from traction
and rolling stock operators. Further on GSM-R operators influenced requirements building
to a certain extent. The national safety authority EBA (departments for technical systems
and operational safety) shadowed the progress.
BHL may best be titled to be a Specific Application. Some of the constituents may be also
called Generic Applications since they can be used as modifiable or configurable platforms
or subsystems for the deployment in further specific applications.
4.6 The Italian Projects
The Rome-Naples HSL
Starting from the high level UNISIG specifications listed in section, RFI has issued the
following documents:
•
•
•
•
Functional Requirements of the CCS ETCS Lev. 2 system
System Requirements
Annexes to the system requirements
Requirements for the On Board System and its operational modes
95/161
Following the RFI specifications, the supplier issued the requirement documents:
• Safety Requirements deriving from hazard analysis
• Trackside Subsystem Requirements
• On Board Subsystem Requirements
Such functional requirements have been verified by the Saturno Consortium. Relevant
verification reports have been issued at different stages.
The lower level requirements have been traced against the corresponding upper level ones.
4.7 The Dutch projects
Betuweroute
The ProRail's project plan is part of ProRail safety case and has been assessed by ISA
(Praxis).
The Safety Plan for ETCS trackside is available as part of Consortiums A15 Trackside
safety case. It was assessed by ISA (ADL). Safety plan addresses V&V-process in
accordance with EN50126.
The Quality Plan for ETCS trackside is available as part of Consortiums A15 Trackside
safety case.
Amsterdam - Utrecht
Basic system requirements are given in the above Chap.0.
HSL ZUID
The system requirements activity is carried out under the full responsibility of the Infraspeed
Consortium.
4.8 The Spanish projects
All the technical regulations and standards applicable to the every different ERTMS projects
are gathered in the Annex (see RENFE 1).
96/161
5
Phase 5 – Apportionment of system requirements
•
•
•
The authority that monitored/assessed the suppliers work;
The monitoring procedures adopted;
The formal approving documents of this phase.
This activity is in progress by the system designers, under close control of the Infrastructure
Manager and the NoBos in charge of conformity verification of TSI as well as of national
regulations.
No special apportionments have been found necessary: just using the applicable UNISIG
Subset documents.
The procedure for apportioning the system requirements to subsystems needed to be altered
from the standard process for several reasons.
The change of accountabilities for part systems and substructures among companies with
differing economical interests led to uncertainty, since no arrangement still exists for the
global accountability for the system functions.
Another hurdle for the application of a standard apportionment process seemed to be the
stringent adherence to the TSI and the UNISIG Subsets; obviously there had been
mandatory EU requirements conflicting to habits, economic interest or even national
regulation.
Missing stability of the requirements - both national and European - contributed to timeconsuming iterations, caused by the unfamiliar complexity of accountabilities and processes.
The Rome-Naples HSL
The apportionment of the higher level requirements of the trackside system was done by RFI
together with the suppliers, by issuing the specification of the on board ERTMS/ETCS Lev.
97/161
2 sub-system: “Volume 3” [RFI 124] and the specification of the trackside ERTMS/ETCS
Lev. 2 sub-system “Volume 2” [RFI 122].
For the trackside specification, the structure of “Volume 2” was split into different subvolumes, so achieving a further apportionment of the trackside system requirement
The different sub-volumes are:
• Track-side system: – RAMS Requirements
• Track-side system: Train separation
• Track-side system: RBC sub-system
• Track-side system: RBC sub-system - Interface RBC-IXL
• Track-side system: RBC sub-system - Interfaces – Technical Description
• Track-side system: Eurobalise Sub-system
• Track-side system: RTB Sub-system
• Requirements Specifications for the Interlocking Sub-system
• TLC/LD Telecom Sub-system
• TLC/GSM-R Sub-system
The requirements apportionment has been followed by the responsible of the PATC
department, with the assistance of the responsible of the structure “Specificazione Requisiti
di Sistema e Applicazione Sistemi ATC”, by means of monitoring and technical meetings.
All the Meeting Minutes became official Project documents.
For the trackside specification, the structure of “Volume 2” was split into different subvolumes. This realized explicitly an apportionment of trackside system requirement
The different sub-volumes are:
•
•
•
•
•
•
Specificazione di Sistema
Sottosistema Distanziamento Treni
Sottosistema Interlocking
Interconnessioni
Sottosistema RTB
Sottosistema TLC/LD.
Betuweroute
Amsterdam - Utrecht
The apportionament of system requirements is carried out under the full responsibility of the
System Provider, under high level indications of the Infrastructer Manager.
98/161
HSL ZUID
The activity regarding apportionment of requirements is carried out under the full
responsibility of the Infraspeed Consortium.
As exposed in point 1.2.8.1, the Infrastructure Manager ADIF plays a double role in the
safety monitoring process:
•
•
•
•
•
Adif (construction departments) is the author of the Terms of Reference for the
supply and installation of safety equipment, including ERTMS for each line section,
The corresponding contracts have been each awarded to an unique supplier (usually
a consortium), who has been given the responsibility for the design, manufacturing
and installation, as well as the safety management and the elaboration of the safety
case of the whole delivery.
The supplier has developed and implemented all the needed equipment under the
assessment of an ISA appointed by the supplier himself.
This task has been fully performed and validated by the suppliers.
ADIF (Safety Directorate) - at the request of Adif (construction departments) - does
the Certification of the Compliance with safety conditions required for the railway
operation (Safety Certificate). In this task it is assited by a Technical Committee and
by an appointed ISA.
ADIF (Construction Department) applies to the National Safety Authority – the
General Directorate of Railways within the Ministry of Transport – to get the
authorization for placing in service of ERTMS. This application has to be
accompanied by the Safety Certificate and the supporting documents relative to the
compliance with the implementation of the testing plan at the request of Adif or,
where appropriate, the Railways General Directorate.
99/161
6
Phase 6 – Design and implementation
•
•
•
The formal approving documents of the phase.
This section is not applicable to the present stage of the Project.
The document "Requirements Specifications on Data Engineering" (ETCS Level 1 ÖBB
Projektierungsanforderungen Streckeneinrichtungen, 3BU 81400 1005 BGAPC, 29.3.2005)
has been produced as common work between Railway Operator and the Manufacturers.
The Manufacturer specific procedures for design have been assessed by the NoBo. The
Safety Cases have been approved by an Independent Safety Assessor and after by the NoBo.
6.5 The German project: Berlin-Halle-Leipzig
The Rome-Naples HSL
The design and implementation phase was monitored by ITALFER (Engineering Company
owned by RFI) and the relevant RFI Departments. The supplier and the relevant RFI
structure that assessed each subsystem/product from both the functional and the safety point
of view are indicated in Table 6 and in Table 7 below.
Subsystem
Supplier
RFI Structure in
charge of functional
RFI Structure in
charge of safety
100/161
SST
SSB
Saturno Consortium
AF
SDT
GdV/NVP+GAT
RTB
AF
ASF
BMB
assessment
PATC - SRS
PATC - OSSB
/CESIFER
PATC - OSST
PACS/SS - I
SS - TB
assessment
CC
CC
CC
CC
CC
Table 6 - Assessment of sub-systems
AF stands for Alstom Ferroviaria, ASF for Ansaldo Segnalamento Ferroviario, BMB fore
Bombardier.
Product
RBC
EVC
NVP
Wayside objects
Supplier
AF
AF
ASF
AF
RFI Structure in charge
of functional assessment
PATC- PTI
PATC- PTI
PACS
SS – TB
RFI Structure in charge
of safety assessment
CC
CC
CC
CC
Table 7 - Assessment of products
Alstom Ferroviaria provided the main part of the track-side system including the RBC as
well as the on-board system on the first set of trains enabled for the revenue service.
Ansaldo provided the Interlocking system and the balises (mostly of the fixed type), with
some Encoders for some controlled balises (informing the train about the status of the Hot
Box Detectors).
The project has been monitored, at system level, by the responsible of department PATC by
means of monitoring and technical meetings. During the technical meetings the responsible
of PATC has been assisted in his work by the responsible structures that managed the
specific technical issue. All the Meeting Minutes became official Project documents.
The CENELEC norms have been used as reference for this activity. The assessment activity
consisted in technical meetings, audits, tests witnessing and review of documents.
The trackside subsystem (SST) consists of the following subsystems:
•
Interlocking (GdV) based on the generic product NVP+GAT supplied by ASF and
wayside objects supplied by Alstom;
• Train Separation System (DT) (based on the generic product RBC supplied by AF
and on the Eurobalise supplied by ASF);
• Hot Axel Box detector and braked wheels detector subsystem (RTB) supplied by
BMB;
• TLC-LD e GSMR networks (communication systems)supplied by SIRTI.
In Figure 41 below the trackside system architecture is shown. Each dotted frame contains
the set of the products included in a Generic Application (GdV, DT and SST).
101/161
Figure 41 – Block diagram of the trackside subsystem
The System is composed of:
•
A Central Operating Room (PCS) allocated to the overall line control and Peripheral
Rooms (PPF) distribuited on the line;
• The PPF’s control the wayside objects and are linked to PCS and to the neighbouring
PPF’s (next and previous) with which exchanged vital data.
• The Supervisor system (SCC AV) is linked with signalling system (IS) both with
PPF and PCS. This system was considered out of the trackside signaling system
during the safety approval process.
• TLC-LD network is a ring built in optical fibres that connects all the PPF’s and the
PCS.
• The LF system is the power supplier for all the devices.
The communication system between trackside and on-board is indicated with TT in the
figure.
102/161
The same organisation for products supplying and system assessment as shown in the
Rome-Naples case was put in place for this line, with the only difference that the most part
of the track-side system including RBC and Interlocking were provided by Ansaldo. The
high speed trains firstly used for the revenue service were provided by Alstom while
Ansaldo trains are still under pre-operational service.
In Figure 42 below, the implemented track-side system architecture is shown. Each dotted
frame contains the set of the products included in a Generic Application (GdV, DT and
SST).
Figure 42 – Block diagram of trackside subsystem
The System is composed of:
•
•
•
A Central Operating Room (PCS) allocated to the overall line control and Peripheral
Rooms (PPF) distribuited on the line;
The PPF’s control the wayside objects and are linked to PCS and to the neighbouring
PPF’s (next and previous) with which exchanged vital data.
The Supervisor system (SCC AV) is linked with signalling system (IS) both with
PPF and PCS. This system was considered out of the trackside signaling system
during the safety approval process.
103/161
•
TLC-LD network is a ring built in optical fibres that connects all the PPF’s and the
PCS.
• The LF system is the power supplier of all devices.
The communication system between trackside and on-board is indicated with TT in the
figure.
Betuweroute
Amsterdam - Utrecht
The design and implementation activity is carried out under the full responsibility of the
System Provider. The line equipment does not completely fulfill the CCS TSI.
HSL ZUID
The design and implementation activity is carried out under the full responsibility of the
Infraspeed Consortium.
The comment under Chapter 5.8 applies.
104/161
7
Phase 7 – Manufacturing
•
•
•
The Interoperability Constituents have been manufactured according to the certified process
which has been assessed by the NoBo responsible for the component. The track-side
installation is covered in the next chapter on phase 8.
For the locomotive, the NoBo assessed the process of the equipment of the locomotive with
the interoperability component (in this project the group of components).
For the test trains momentarily running on the BHL line, Siemens AG was charged to
develop/deploy the onboard equipment.
Alcatel SEL AG (now: Thales) developed the trackside equipment.
Bombardier Transportation carried out the adaptation of the machine-technical facilities
(train control computer and machine-technical display).
Deuta performed the adaptation of the recording equipment (DSK) and the displays for the
train protection systems.
The Rome-Naples HSL
The Saturno Consortium was the supplier responsible for the manufacturing and installation
phases. ITALFER has been the controller. The Saturno Consortium issued a guideline for
classifying against the criticality the devices. Furthermore the Consortium issued
procedures/guidelines for managing the manufacturing, the assembly, the installation and
the acceptance phases of the most critical devices.
105/161
The ITALFER verification phases, the formal documents to be issued (“Piano Controllo
Qualità” - PCQ) and their contents have been defined in these procedures. ITALFER has
verified each single document that classified the devices. ITALFER has then witnessed the
test phases on a sample basis.
The main documents issued are “Piano Controllo Qualità” (Quality Control Plan).
In addition to all PCQ’s, for both the supply and the installation phases, the following
documents were issued:
•
•
“Elenco EPC/PCQ di fornitura - A104.00.CI1.CQ.IT.00.0.0.052 rev I” (Supply)
“Elenco PCQ di installazione - A104.00.CI1.CQ.IT.00.0.0.053 rev R” (Installation)
A similar manufacturing control process mainly managed by ITALFER, as for RomeNaples, was put in place.
Betuweroute
Amsterdam - Utrecht
The manufacturing activity is carried out under the full responsibility of the System
Provider, in accordance with the ProRail general regulations.
HSL ZUID
The manufacturing activity is carried out under the full responsibility of the Infraspeed
Consortium.
106/161
8
Phase 8 – Installation
•
•
•
The installation of the balises was performed partly by the Railway Operator and partly by
the manufacturers. The NoBo assessed the quality of installation of balises by assessing each
balise at the main signals and samples at the other locations outside of railway stations. This
corresponds to a sort of “Module F” assessment of the installation, as the NoBo was not
involved in the project from the very beginning.
The installation of the loops was performed partly by the Railway Operator and partly by the
manufacturer. All Loops have been assessed individually by the NoBo. This was due partly
resulting because Module F for the certification of the loops has been used, partly because
the installation of the loops presented problems in the beginning and the NoBo was not
involved in the project from the very beginning.
The results and component installations assessed will be contained in the NoBo report.
Apart from the operational framework for the parallel handling of all three modes (ETCS,
LZB and PZB) a framework for the installation, acceptance procedure and maintenance has
been set up.
The installation was split into several steps, called "ETCS releases".
The first release only served test purposes and was implemented in 2001-07. Experience was
gathered with regard to the GSM-R infrastructure, odometry and general UNISIG
procedures.
Until 2003-07 further tree releases followed, when qualification tests were started in 200312.
107/161
At that time the RBCs were connected to the interlockings and on-board CC infrastructure
was integrated. The track was equipped with the balises. Further releases und upgrades
followed.
The Rome-Naples HSL
See above.
See above.
Betuweroute
Amsterdam - Utrecht
The installation activity is carried out under the full responsibility of the System Provider, in
accordance with the ProRail general regulations.
HSL ZUID
The installation activity is carried out under the full responsibility of the Infraspeed
Consortium.
108/161
9
Phase 9 – System validation
•
•
•
Safety of the existing operational line is not influenced (approval of LEUs by safety
authority) by the ETCS equipment. ISA report and safety cases for project specific design
from manufacturers are available. Detailed technical validation (content of each telegram)
performed by the NoBo.
Safety Cases were delivered by suppliers for the project; V&V plans, quality plans are
referenced therein.
Final Safety Cases for ETCS train borne equipment are not yet available. The conventional
part is nationally approved in 1116 type locomotives, enhanced by ETCS equipment by
Siemens, whose certification work is ongoing.
Compliance verifications with the functional and safety requirements have been carried out
by NoBo. The physical installation of each LEU, balise and loop along the line has also been
checked by the NoBo (see Chapter 8.2 above).
Assessment by the NoBo of the procedures carried out by the manufacturers. A diverse way
of testing all data (content of each telegram) was chosen and done by the NoBo itself but not
with safety responsibility.
The NoBo Report on testing and validation of the telegram data was basis for approval of
running operational tests with trains (locomotive double manned, no passenger transport).
Because the approbatory tests have not fully been carried out up to now, the NoBo
certificate is not available yet.
For interoperability constituents and application related design EN50126 conform within the
manufacturers.
Availability of Certificates for track-side Interoperability Constituents:
• Eurobalise
issued by EBC in 2004
• Euroloop
issued by Arsenal Research in 2004 + 2005
• LEU
issued by Arsenal Research for both suppliers in 2004
• Trainside
not available now, foreseen from EBC
Some sorts of cross tests have been carried out:
109/161
•
•
Runs of the DB ETCS test car (with Siemens software for the EVC) have been
carried out successfully.
Test runs with a Hungarian vehicle from MAV (EVC level 1 without infill, produced
by Alcatel) were successful and showed the necessity of the infill function within the
train-borne equipment.
For the Safety Approval of a line and its operation, the complete CENELEC cycle is
applied. Starting from safety cases for constituents as RBCs, LEUs, Balises and trackcircuits, generic application safety cases are made.
These safety cases are then taken as a basis for the L3 and the L4 and level 1 on the
conventional network specific application safety cases. The L3 and L4 Engineering and
Programming data safety cases are added to these safety cases. After that, the L3 and L4
safety cases are made, including the operational rules.
In parallel a safety case for the operating system EBP is made.
A complete RAMS analyses has been performed.
KEMA Rail Transport Certification is the ISA (Independent Safety Assessor) for this project
and the Notified Body for the track-side assembly.
The contracting entity is: Infrabel, the Infrastructure Manager of the Belgian railway
network.
The lifecycle of CENELEC is used as framework for the ISA activities.
The module SG is used for the EC conformity certification.
KEMA Rail Transport Certification reports to Infrabel, where Infrabel reports to the
Ministry. At important milestones, KEMA Rail Transport Certification presents its results to
Infrabel and to the Ministry in joint meetings.
The supplier is: Siemens for balises, LEUs and for the engineering data, which is required to
program balises and LEUs.
The following tests were carried out:
• Firstly regarding EUROTBL2;
• Secondly regarding TBL1+ (tests are still going on);
• Tests regarding ETCS Lev. 1 are still to be executed.
KEMA Rail Transport Certification (as ISA+NoBo) monitors the supplier’s tests and the
tests executed by Infrabel.
There have been some compatibility problems between the train-borne KVB-system (in
Thalys trains) and Eurobalises. This problem is well known at European level and still under
debate within UNISIG.
110/161
Derogation is foreseen to deal with the KVB vs. Eurobalise compatibility problem, but not
formally defined yet.
Also the integration with LEU’s and existing interlocking systems are not flawless, partly
related to EMC and not precisely defined signal levels.
The safety cases of suppliers as Siemens, Alstom and Ansaldo are checked by ISA’s hired
for that purpose by the same companies.
The system validation has been done via a step by step process by the NSA. The safety case
has been produced by SNCF and evaluated/checked by RFF.
At the moment this report was drafted the safety case was not completed yet.
In order to obtain approval of the safety case tests under real operational conditions, without
real passengers, is necessary in order to have a new certificate. This also requires proof of
the availability of the system. The exact procedure is being discussed with the NSA.
The Eisenbahn-Bundesamt (EBA) was monitoring the whole process from the beginning.
The Rome-Naples HSL
The suppliers have performed the validation activities regarding the Generic Products, the
Generic Application and the first Specific Application. The following Safety Cases were
issued by the suppliers at the end of the validation activities:
• Safety Case for the Trackside Sub-system (Generic and Specific Application);
• Safety Case for the Train Separation Sub-system (Generic and Specific Application);
• Safety Case for the On Board Sub-system.
• Safety Case for the Interlocking Sub-system;
The assessment of Generic Application / First Specific Application was performed on the
Labico–S. Giovanni line stretch (km. 31+933 – km. 115+841) that is representative of all the
characteristics and the equipment of the entire line. On the line stretch Labico–S. Giovanni
all the ERTMS/ETCS lev. 2 functionalities have been tested with a high speed train
especially equipped for functional test and verification purposes.
In addition to the suppliers on field validation activities, RFI has performed some field test
sessions to assess the correct implementation of the signalling system functionalities [see
documents listed in the annex].
The RFI trackside assessment activities are described in the document [RFI 107].
For the first specific application, a Technical Committee of RFI verified, by means of on
field test, the correctness of installation, assembly and system configuration. The activities
of the Technical Committee were performed in compliance with the applicable RFI
directives [see the annex].
111/161
A functional assessment of the Trains Separation System (SDT- both trackside and on board
functions) was carried out. The assessment borders are highlighted by means of a grey box
in Figure 43 below.
TLC
SCC
Conventional
Line
NVP
Information Points
(Eurobalises)
RBC/
RTB
SDT
SSB
Figure 43 - Borders of the Train Separation System - SDT
For the validation and the assessment of the field tests the general contractor has issued
some operational rules to ensure the overall safety during the tests. A general contractor on
board people (IBT) radio linked with a trackside safety responsible (RPT) has been foreseen.
During the test the pertinent suppliers personnel have controlled on site all the interlockings
and the RBCs. In the interconnection test the RFI personnel have ensured the safety of the
trains on the conventional line momentarily closing the commercial services during the tests.
112/161
After the assessment of the products, the generic and the first specific application, on 2005
September the 12th, RFI proceeded to a preliminary acceptance (see phase 10) of the line to
start the approbatory period in compliance with the procedure [RFI 35].
During this period, RFI assessed the following issues:
• Operational rules, especially developed for ERTMS/ETCS Lev. 2
• Rolling stock and infrastructure functionalities and their interfaces
• Organisational model for the commercial operation of the line
• Infrastructure management (effectiveness of the organisation and diagnostic devices)
• Potentiality of the line revenue service.
Furthermore the train Operator TRENITALIA has carried out the assessment of:
• Adequacy of service management;
• Effectiveness of the training courses for the operative personnel;
• Effectiveness of the rolling stock maintenance.
During the approbatory period suppliers and RFI personnel have carried out all the tests
together.
A RFI test manager has been performed the test run on train borne together with IBT.
During the test trains and RBC data have been collected by means of specific tools (Canapè
for the on board data and LDR for RBC). A fine tuning on the products and configurations
has been carried out after the completion of the tests.
The results of the approbatory period tests were made available on monthly reports [RFI
103].
The Torino-Novara HSL/HCL
The suppliers have performed the validation activities regarding the Generic Products,
Generic and Specific Applications. The Safety Cases issued by the suppliers at the end of
the validation activities have been:
• Trackside Subsystem;
• Train Separation Subsystem;
• Interlocking Subsystem;
• On Board Subsystem.
• System integration of Alstom On-bBoard sub-system versus Ansaldo Trackside subsystem.
In addition to the field validation activities carried out by the suppliers, RFI performed some
field test sessions to assess the implementation of the signalling system functionalities.
For the specific application, a technical commission has verified, by means of field test, the
correctness of the installation, the assembly and the system configuration.
A functional assessment of the overall Train Separation System (trackside and on board), as
described in the Rome-Naples line documents, has been carried out.
A similar test management process, as the one adopted for the Rome – Naples line has been
put in place also on the Turin-Novara line for validation and assessment of the field tests.
113/161
After the assessment of the products, generic and specific applications, on 2005 november
the 28th RFI gave a preliminary acceptance of the line, enabling the start the approbatory
period. The results of the approbatory period tests were made available on monthly reports.
Betuweroute
The BR A15 Trackside Safety Case according to EN50126, including ISA report (ADL), for
Alstom-Movares Bev21- A15v3.4 configuration (ERTMS Lev. 2 system), is available.
A separate Safety Case was developed by Prorail for integration of Bev21 with Dutch
Traffic Control system and results to date approved by ISA (Praxis).
The safety assessment included in Alstom Bev21 Trackside Safety Case exported
constraints transferred to ProRail and incorporated in the ProRail Safety Case (covering
integration the Dutch Traffic Control System, Bev21 and operation/maintenance).
The ERTMS maintenance system (LCS, etc) was part of the Alstom delivery.
The compliance with contractual functional requirements is demonstrated in Alstom A15
Trackside safety case. For ETCS a trackside Safety Plan is available as part of Consortiums
A15 Trackside safety case, assessed by ISA (ADL). The safety plan addresses the V&Vprocess in conformity with EN50126.
For ETCS a trackside Quality Plan is available as part of Consortiums A15 Trackside safety
case.
The ProRail project plan is part of the ProRail safety case and has been assessed by an ISA
(Praxis).
The Scope of the supplier Consortium Alstom-Movares hazard log is the Bev21 system,
which includes the ETCS system. The hazard log also includes measures to be exported to
infra manager and train operator.
The ProRail Hazard Log covers Bev21 integration with Traffic Control and operational
processes.
An extensive hazard transfer process has taken place between ProRail and Consortium
Alstom-Movares to formally transfer hazards/measures between the two organisations.
After the NoBo statements and the safety cases for the trackside and train borne subsystem
have been obtained, as well as permission for test exploitation has been granted, a technical
and operational hazard analyses is performed for the integrated trackside and train borne
systems.
On this basis a specific test plan is made on the basis of a default track train integration
testplan. This can lead to a “verklaring van geen bezwaar” (a declaration of no objection) by
IVW.
After a subsequent system qualification test the “inzetcertificaat” (operation certificate) can
be issued. These tests include testing trainborne and trackside sub-systems for 10.000 km,
absolved by a train of a specific type.
The results from monitoring are needed to finalise the trackside as well as the train borne
CENELEC safety cases.
114/161
Amsterdam- Utrecht- HSL
The line is built in accordance with the CENELEC procedures, but the line covers the rules,
regulations and safety requirements of a domestic line. By the end of 2009, the line will be
equipped with dual signaling ERTMS level STM / 2.
ProRail has to provide the National Railway Authority of the Minister of Transport and
Water management with the complete set of safety cases to demonstrate that the line fulfils
all the technical rules, regulations and safety conditions required for the domestic railway
network.
All the safety cases are assessed by an ISA.
HSL ZUID
The authority that monitored the work of the CCS sub-system was the supplier itself (i.e. the
Infraspeed Consortium).
The risk for the performance of the systems is part of the Design-Build-Finance-andMaintain Contract. This is taken into account by means of the Performance Payment
Regime: payments will be done by the State of the Netherlands during the 25 years of the
contract in accordance with the availability performance of the systems.
Validation&Verification guidelines
The validation and verification process is evolving according to the experiences acquired in
the implementation of the different ERTMS implementations. Up to now, the V&V process
is performed following closely the prescriptions of the Railway Sector Act 39/2003 and the
Ministry Order FOM 233/2006, under the survey of the Ministry of Transport.
In particular, this Order develops the following concepts, as a transposition of the EC
Directives:
•
•
•
Technical Specifications for Homologation (Especificaciones Técnicas de
Homologación, ETH), that compile the Safety requirements, the essential
requirements, the functional requirements including interoperability, maintenance
requirements, and evaluation modules for the assessments of conformity and fitness
for use. This ETH should be completed and published by August 2008. In the
meantime, the STI and the National standards are applicable.
Validation procedures, to assess the conformity of constituents and subsystems with
the ETH
CE Verification procedures, how the Notified Bodies certify the compliance with the
Interoperability Directives
In accordance with the above rules, the Validation and Verification processes can be
summarized as follows:
115/161
Validation
CE Verification
Certification Entity
(Accredited by ENAC)
Notified Body
ETH
STI
Object
RAMS, Environment, Health
Interoperability
Scope
National
European Community
Responsible body
Applicable specifications
Validation procedure
The procedures and supporting documents for ERTMS trackside and on board equipment is
very similar. In both cases the Declaration of Conformity is prepared by the supplier who is
also the applicant versus the Certification Body. The Authorization for Operation is issued
by ADIF. The figure below summarizes the procedure:
Validation
CE Verification
Issued by a Certification Entity
Issued by a Notified Body
Authorization to enter in service
Issued by G. Dir. of Railways (NSA)
Interim Authorization for Operation
Issued by Adif
Running tests
specified in ETH
Authorization for Operation
Issued by Adif
Figure 44 - Validation process
The Validation is organized in two separate parts, for the European and the National
functions, as shown in the following table:
116/161
EC pre
declaration
Object
Generic product
+
Specific
application
+
Specific trackside
tests
File contents
Definition of the products and the application
(according to the relevant consolidated TSI in force)
Verification and Validation Dossier
Safety Case
Independent Safety Assessment report for the products
and the trackside or on board unit
Specific trackside tests report
Specific
National
Declaration
National
Functions
+
Specific trackside
tests
Definition of the national application according to NF
Verification and Validation Dossier
Safety case
Independent Safety Assessment
Specific trackside tests
The most significant part in the whole process is the specification of the “complementary
tests”, that has been a joint task of Adif, the manufacturers, the CEDEX laboratory (as
reference laboratory) and Tifsa (as Independent Safety Assessor).
The role of ISA has been played by different entities in each project:
Train series
ISA
102 – 103
SAC
120
Certifer - Tifsa
100 – 104
Certifer - Cetren
Complementary tests (for all series)
Test realisation
Renfe – Adif – Tifsa - CEDEX
Test technical reports
Tifsa - CEDEX
At the present time there is not a consolidated policy related to the endurance tests. For
instance for ERTMS Level 1, the trains of series 102 have had to run 100 000 kms without
incidents before being authorized to operate (at the same time the trackside equipment was
verified). But for trains of series 103 this requirement has been reduced to 50 000 kms. The
criteria that is currently applied for other trains is to complete 30 000 kms under ERTMS
plus 10 000 with STM, without incidents.
Compatibility and Interoperability issues
In all the Spanish ERTMS projects, the ERTMS/ETCS equipment installed is conform to
the ERTMS/ETCS Class 1 System Requirements Specification of the UNISIG group, vers.
2.2.2, plus a number of Change Requests included in the Subset 108.
117/161
There were several technical discussions between the manufacturers, Adif and Renfe, to
assess the interoperability aspects of these Change requests. No problems were identified in
the trackside subassembly, but 15 change requests related to On board Unit require further
analysis. These CR are:
Level 1: CR218, CR219, CR231, CR234, CR633 y CR464
Livel 2: CR226, CR475, CR633, CR441, CR458, CR508, CR512, CR50, CR146 y
CR126.
Alter the discussion it seems that the only CR that produces interoperability problems is the
CR 458. It has been decided to wait for a clarification from UNISIG before its
implementation.
A survey on the implementation of the CRs by the different manufacturers has been done. It
is summarized in the document CHANGE_REQUEST_LIST_.doc.
The EC conformity certificates for the track-side system and the train borne systems are not
yet available. CETREN will be in charge of this task.
118/161
10
Phase 10 – System acceptance
•
•
•
•
•
The process followed for the final acceptance of the trackside (and train-borne subsystems) by the Infrastructure manger, the relevant acceptance formalities regarding
the fulfilment of the operational, functional, RAMS and interoperability
requirements.
The authorisation process followed and the bodies involved in the acceptance of
minor non-conformities evidenced during the previous phases not endangering safety
and interoperability of the sub-systems.
The formalities and the relevant bodies required for authorising the start of revenue
service of the trackside and train-borne sub-systems.
Rules for the operational use;
Rules for (periodic) maintenance.
Trackside subsystem: NoBo Assessments and procedures described in the phases before,
together with an interim report on the safety of the trackside data, the approval authority
(Austrian Ministry for Traffic and Innovation Technologies) allowed the operation.
The EC conformity certificate for the ETCS train-borne subsystem is still unavailable.
Integration tests have been partly carried out together with the validation tests of the vehicle.
Basis for approval of the Ministry is, on one hand, the documentation by the railway
operator and the manufacturers and, on the other hand, the NoBo’s interim assessment
report on the safety of the trackside system.
Train-borne Subsystem: Assessment reports by the Independent Safety Assessors, one for
the ETCS part and an other for the locomotive specific part (national integration of the
ETCS equipment into the locomotive and changes resulting from the use of ETCS in the
national system of the locomotive) led to approval for tests with certain conditions.
Operational Rules: They are summarized in “DV ETCS level 1”, containing rules for the
driver, especially the rules in case of errors of parts of the ETCS system with fallback to the
national signalling system.
No special periodic maintenance for the trackside subsystem is required.
There is no intention to establish an overall safety case for train-borne + track-side together
with operations. There will not be such a document but the NSA will give separate
119/161
certificates for Rolling Stock after different tests. There is a process underway for Proof of
Safety, but not a safety case. It is considered very complicated to match Phases 9 (system
validation) and 10 (system acceptance) of the CENELEC lifecycle with the fulfilment of the
safety requirements.
Infrabel uses the GAME-principle (This stands for: Globalement Aussi Moins Equivalent; in
English: globally at least as good as) with regard to the existing line L2. In principle,
everything (Interlocking, Control Room, Detection, Hot Boxes, Points) is the same. The
apportionment of risks is considered and the industry has to prove that new hazards, such as
the ones related to the Interlocking-RBC interface do not result in greater overall risks.
See previous chapter 9.1.7.
No final acceptance has taken place to date.
The following process has been followed regarding the system acceptance:
The systems acceptance is done via a site-laboratory test in which two RBCs, one EVC and
one BTS are used.
Although cross-acceptance is welcomed, specific homologation tests are deemed
unavoidable for the time being.
Safety procedures plan
TRACKSIDE
ON BOARD
Overall APR
DS
DS
LGV EE
Without C/C
and Signals
MR
Train POS
DS
DS
Total mobile
with full
Bi Std
C/C and
Signals
DPS
DPS
DS
Total mobile
with reduced Bi
Std TVM
DPS
APR
APR
Bi Standard
APR
APR
ERTMS
TVM
DPS
APR
Figure 45 – Plan for the PEEE safety acceptance
120/161
After comprehensive testing in the suppliers´ laboratories, integrative and field testing mostly started in 2003 - both net operator and railway operator performed various system
test runs.
260 operational test scenarios have been derived from the national functional specification
(LH) and the European specifications in order to demonstrate correct concurrence of rolling
stock and network in both regular and fall back mode.
For the purpose of evaluation and faults documentation an integrated fault data base was set
up, depicting and classifying all faults and open points from suppliers´ tests, DB testing, as
well as from risk- and hazard analysis and rules frameworks.
Safety related topics have been extracted to a hazard log. Suppliers and operators assessed
the findings at periodical reviews, corrected, decided upon and finally closed the faults and
open points before the start of the safety probation period. Safety cases have also been
finalized and assessed before starting the probation.
Cross exchange tests on other member states lines or by other member states trains on the
BHL line were not performed.
Before starting full service on the line, qualification testing was conducted in several steps,
accompanied by a theoretical verification of the safety cases. Test classes were defined and
performed: a) Verification of functional requirements on components level and components
interfaces. b) Common testing for principal system interrelations. c) Acceptance of balise
assembly, route atlas, RBC projection, and onboard equipment (Distribution of roles acc. to
national regulations. For every train route - signalling, locations of speed changes - a
separate acceptance procedure was performed). d) System validation of overall system
requirements. e) Safety probation/safety testing of the overall system (track and train) after
successful theoretical safety case verification; performing step-by-step speed enhancements
up to 160 and 200 km/h.
Since the development of trackside and train born equipment went nearly hand-in-hand - the
suppliers in the consortium were working in close contacts - both timeframe and formalities
were very similar.
BHL is in revenue service basing on a national allowance for qualification testing
(“Zustimmung zur Erprobung”) according to [DB 21]. The underlying processes of
development, verification, validation and assessment comply with [DB 1], [DB 2] and [DB
3]. (More detailed information on the approval/acceptance activity of the NSA will be
provided in the final version of this report).
A final approval on the basis of national regulations as well as European requirements [DB
16] could not be issued yet, because no certificates and declarations of conformity or EUverification are available yet. The line is allowed to be run until 2007/12.
Several limitations regarding the fulfilment of the functions as specified by UNISIG have
been found for both trackside and onboard equipment, as e.g. being depicted in [DB 143] for
the trackside equipment: Not all types of OBU messages, packets within the OBU messages,
modes and levels the will be accepted by the RBC. Non-conformities were found, both
resulting from deficiency in the UNISIG specifications and from “national add-ons”.
121/161
In 2004 the suppliers´ consortium applied for conformity examinations at the EBC, Notified
Body. To this day not all conformity and EC certificates could be issued; the process is still
pending.
The assessment of the safety cases started in the middle of 2003. Activity towards
certification started later but was mainly restricted to the RBCs. There have not yet been
issued any conformity or EC certificates and declarations by any Notified Body or operator,
although some examinations have been performed. TÜV InterTraffic GmbH (TÜV
Rheinland Group) performed a "quality assurance, production" investigation according to
Module D for the ETCS2000 RBC at the supplier Alcatel SEL AG on behalf of the Notified
Body EBC, ending up in an Independent Safety Assessment Report of the audit.
For onboard equipment EC verification was not applied for at any Notified Body.
In Germany there was uncertainty in the question if a Notified Body is intended to assess
"the safety" on components and assembly level and if this may be part of any conformity or
EU assessment. The TSI CCS requires the Notified Body "to ensure the completeness of the
safety approval process" ([DB 16], table 6.1, 6.2). However, the German view is that a
module for such an investigation or assessment is not been provided by the TSI. In addition,
the German regulation still prohibits assessment by others than the "Eisenbahn-Bundesamt
EBA" in any question of "safety judgement" ("Sicherheitliches Ermessen"). CENELEC
verification, validation and assessment is mostly done by test control centres ("Prüfleitstelle
PLS"), or independent assessors under strict control of the EBA.
The Rome-Naples HSL
At the end of the assessment activities, carried out during the project lifecycle by the
relevant RFI departments and structures, the signalling system has been accepted. The
activation of the line has been carried out in two subsequent steps:
• Approbatory Period;
• Start of the revenue service.
The suppliers official documents issued for activating the line on the approbatory period
have been three conformity declarations [from [RFI 142] to [RFI 144]), one document for
each of the following subsystems:
• Trains Separation Sub-system;
• Interlocking sub-system;
• Trackside CCS sub-system.
The Generic Applications documents issued for the approbatory period line activation are
listed in Annex. Moreover for the specific application of the Train Separation System, RFI
have issued some technical reports [from RFI 142 to RFI 144] and the final declaration
“Dichiarazione di Applicabilità Tecnica”.
Following the test activities and the assessment of some minor modifications, carried out by
the suppliers during the approbatory period, RFI has issued further documentation.
For putting the line in revenue service, RFI has issued the following documents regarding
the generic ETCS Lev. 2 application [RFI 107 to RFI 116]. These documents have been
122/161
based on the suppliers’ documents [RFI 142 to RFI 144], meanwhile for the specific
applications all the necessary technical reports have been updated.
Moreover to put in service the line, as stated by the RFI directive [RFI 19], the units
“Direzione Movimento”, “Direzione Tecnica” and “Direzione Investimenti e
Manutenzione” have finally assessed the system vs. the maintenance and the service
requirements.
In Italy two track side assembly EC certificates of Verification (under module SH2) have
been issued:
•
Roma - Napoli: CE Certificate no. 1287/6/SH2/2006/CCS/IT/ZN 39 27 0006 of 10
July 2006.
• Torino Novara: CE Certificate no. 1287/6/SH2/2006/CCS/IT/ZN 39 27 0009 of 27
November 2006
This two certificates are both included in the CIRCA Database of NB Rail.
Torino-Novara HSL/HCL
The suppliers have performed the validation activities regarding the Generic Products,
Generic and Specific Applications. The Safety Cases issued by the suppliers at the end of
the validation activities regarded:
• Trackside Subsystem (Ansaldo);
• Train Separation Subsystem (Ansaldo);
• Interlocking Subsystem (Ansaldo);
• On Board Subsystem (Alstom and Ansaldo);
• Integration of On Board equipment by Alstom with the Ansaldo Trackside system.
Besides, the suppliers on field validation activities RFI have performed some on field test
sessions to assess the implementation of the signalling system functionalities.
For specific application a technical commission has verified, by means of on field test, the
correctness of the installation, assembly and system configuration.
A functional assessment of overall train separation system (trackside and on board) as
described in the Roma Napoli line document has been carried out
Test management
Similar rules, issued by the General Contractor, as those applied on the Rome – Naples line
have been adopted on the Torino Novara line for the validation and assessment on field
tests. A general contractor on board people (IBT) radio linked with a trackside safety
responsible (RPT) has been foreseen. During the test the pertinent supplier’s personnel have
controlled on site all the interlockings and the RBCs. In the interconnection test the RFI
personnel have ensured the safety of the trains on the traditional line suspending the
commercial services during the tests.
After the assessment of the products, generic and specific applications on 2005 November
the 28th RFI proceeded to a preliminary acceptance (see phase 10) of the line to start the
probatory period.
During this period RFI assessed the following issues:
123/161
• Operating rules
• Rolling stock and infrastructure functionalities and their interfaces
• Railway Operations model;
• Infrastructure management (effectiveness of the organisation and diagnostic devices)
• Potentiality of the line revenue service.
Furthermore the transport company Trenitalia has carried out the assessment of:
• Adequacy of service management;
• Effectiveness of the training courses for the operative personnel;
• Effectiveness of the rolling stock maintenance.
During the probatory period suppliers and RFI personnel have carried out the tests together.
A RFI test manager has been performed the test run on train borne together with IBT.
During the test trains and RBC data have been collected by means of specific tools
(“Canapè” for the on-board data and LDR for RBC).
A fine tuning on the products and configurations has been carried out after the tests
execution.
The results of the probatory period tests have been reported on monthly reports.
Betuweroute
Steps are not yet taken to have the track certified by a NoBo. Although the Infrastructure
provider ProRail intends to approach the ideal situation as close as possible, it is deemed
impossible at this moment by all parties involved, due to the limited maturity of the TSI’s
and lack of earlier references.
The same is valid for locomotives. At this moment about 100 locomotives (10 different
types) are in different stages of preparation for operation on the Betuweroute. Also in this
case a process is followed that approaches the ERTMS type approval as close as possible.
A starting requirement, however, for a train type is a Declaration of Conformity of all
ERTMS constituents used, certified by a NoBo and a Declaration of Verification for the
Train borne Subsystem, certified by a NoBo as well as a completed CENELEC safety case
for the trainborne Command and Control subsystem, assessed by an ISA, with no blocking
findings.
Also for the trackside certificates of conformance for ERTMS constituents are used as well
as certificates for the trackside subassembly, all certified by NoBo’s.
IVW and ProRail will not allow for operation on the ERTMS track with ERTMS trains on
the basis of NoBo certificates only. Although the Infrastructure provider ProRail intends to
approach the ideal situation as close as possible, it is deemed impossible at this moment by
all parties involved, due to the limited maturity gained on the TSI and lack of earlier
references.
After the NoBo statements and the safety cases for the trackside and train borne subsystem
have been obtained, as well as permission for test exploitation has been granted, a technical
and operational hazard analyses is performed for the integrated trackside and train borne
124/161
systems. On this basis a specific test plan is made on the basis of a default track train
integration test plan.
This can lead to a “verklaring van geen bezwaar” (a declaration of no objection) by IVW.
After a subsequent system qualification test the “inzetcertificaat” (operation certificate) can
be issued. These tests include testing trainborne and trackside equipment for 10.000 km,
absolved by a train of a specific type.
The results of monitoring are needed to finalise the trackside as well as the train borne safety
cases.
Amsterdam - Utrecht
ProRail is the system integrator, the responsible organization on behalf of the Ministry. As
such, it is responsible for the commissioning of the system. The ProRail organization is
responsible for all the activities including system acceptance.
HSL ZUID
The system acceptance consists of several stages.
The first stage is the approval of the evidence that the system is working correctly and
safely. Approval is given by the HSL-Zuid project by acceptance of the “Compliance
Demonstration of the Infrastructure Supplier”.
Important part of the Compliance Demonstration is the delivery of the “Availability Period
Safety Case (APSC)” that has to be approved by an Independent Safety Assessor (i.e.
DeltaRail) (ref. “Report on the safety assessment of the Availability Safety Case (rev E) of
the HSL Assets and HSL Activities”, 23 march 2007).
The supplier has also to deliver interoperability certification for the Trackside Assembly.
To date, the APSC has been approved with remarks; NoBo Conformity Certificates for the
Interoperability Constituents regarding ETCS vers. 2.2.2 are available. Update Safety Case
for vers. 2.3.0 and NoBo Certificates for vers. 2.3.0 are still to be determined.
This approval by HSL-Zuid is a pre-condition for the next stage regarding “Test of Safe
Usage”.
In this stage the behaviour of the system is tested in the context of operational procedures
carried out by operating personnel (i.e. signalmen and train driver). In addition endurance
tests and cross exchange tests are executed during the same stage.
On the base of the test results, Prorail (i.e. the Inframanager) gives the approval for the
folowing stage.
This regards Trial Exploitation. In this stage the train operating company tests its operations
(e.g. logistics, commercial etc). At the successful completion of this stage, the approval has
to be given by the Dutch Safety Authority IVW for the next, final stage that regards Normal
Exploitation.
For the HSL-Zuid the process is complicated by the fact that during this acceptance process
the ERTMS system has to be upgraded from 2.2.2 to 2.3.0 via an intermediate step 2.3.0
minus. After each upgrade, regression tests and delta tests have to be carried out.
The picture below shows the relationship between the differet stages.
125/161
HSL
Appr. for
Testing
PR/IVW
Appr. Test
Exploitation
Infra=OK
Process
Building
Test safe
functioning
Test safe
useage
IVW
Appr.
Expoitation
Headway=OK
Trial exploitation
Normal
exploitation
Test safe
useage
ERTMS 2.2.2
Building
Test safe function.
ERTMS 2.3.0-
Building
Test safe function.
Test safe useage
Trial exploitation
Normal exploitation
ERTMS 2.3.0
Building
Test safe function.
Test safe useage
Trial exploitation
Normal exploitation
Figure 46 – Safety approval proces in HSL ZUID
For approval of Normal Exploitation a number of requirements have to be fulfilled, the most
important of which are:
•
Acceptance of the Integral Safety Case, to be delivered by HSL-Zuid based on the
underlying Safety Cases or Safety Evidence for Track, Rolling Stock and
Operations;
• NoBo Certificate for Track Assembly and OBU;
• Certificate for Deployment (Inzetcertificaat) of Rolling Stock. Approval tests on
HSL-Zuid are foreseen by 2007 with Traxx locomotives, Bombardier OBU, 160 km
/hr. Approval tests for Thalys (CSEE EVS and Alstom STM) at 300 km/h are
foreseen by 2008.
Next to the above, in order to assure the interface of the L4 (connecting Belgium High
Speed Line) and the HSL Zuid to be safe, the Integral Safety Cases of the two lines have to
be aligned. The related process is under construction. To date, this report has been drafted.
As far as rules for operational use are concerned, a number of documents were delivered by
the supplier of the trackside systems (Infraspeed) to assure proper operation:
•
•
•
•
Signalling Rules for the Customer (SIGNALING SUBSYSTEM RULES FOR THE
CUSTOMERS IDE (SIG=S$T&EEC # 000019)
Safety Related application Conditions (SAFETY RELATED APPLICATION
CONDITIONS FOR OPERATION AND MAINTENANCE IDE
(SIG=S$TEX&EQB # 000015)
Operational Restrictions (SIG TEMPORARY RULES FOR OPERATION IDE
(SIG=S$T&EEC # 000027
Temporary Rules (in the phase that additions still have to be made to the deliveries)
(SIG TEMPORARY RULES FOR OPERATION IDE(SIG=S$T&EEC # 000027)
126/161
These rules provide instructions how to use the system, but do not affect any rule in the
referenced TSI’s.
The supplier also is responsible for maintaining the superstructure and has also devised
internal rules for maintenance. Under the performance contract this is the responsibility for
the supplier.
As far as the interoperability certification is concerned, the NoBo for the trackside assembly
(integrated in the traffic system) was contracted in the acceptance phase.
The certification of the on-board assemblies is determined by the rolling stock suppliers.
Complementary tests
The acceptance process has already been described. What can be added here is the concept
of “Complementary tests”
Besides the internal tests performed by the manufacturer, and the agreed acceptance tests,
that were carried out in the Madrid-Lleida line with ERTMS track-side and on-board
equipment delivered by the same manufacturer, the Ministry of Transport, together with
Adif and Renfe, have defined the so-called “Complementary tests”, additional tests to those
already carried out and documented in the verification and validation dossier.
The tests have been specially established for the new Madrid-Lleida line to check the
functionality of the new trainborne equipment. They cover in particular the following topics:
1.
Speed and braking curves supervision
2.
Transitions between ERTMS application levels
3.
Mode transitions
4.
Management of Temporary Speed Restrictions
5.
Failures in balise detection
6.
Management of timing in Movement Authorizations
7.
Odometry
8.
Train Interface
9.
ATO and pre-fixed speed
10.
DMI
11.
National functions
12.
Signal balise group reading in PT mode
This is an additional requirement from the Ministry of Transportfor authorising the
commissioning of rolling stock.
The phases 5 to 10 are summarised in the figure below.
127/161
Delivery record/Receipt of Works
Construction Manager
Coordination
Infrastructure Maintenance Directorate
Investments
Stations/Terminals
Dossier on safety (Safety case, CENELEC standards)
Safety Directorate
Construction Manager
Functional Projects, Verification and
Placing in Service Directorate
Instructions, Notices and News
Installations Directorate
Planning and Deveplopment of Networks Directorate
Functional Projects, Verification
Excutive Traffic Directorate
and Placing in Service Directorate
Executive Infrastructure Maintenance Directorate
Maximum Speed Table
Operative Assets
Excutive Traffic Directorate
Management Directorate
Infrastructures Verification and Recording
(TSI´s )
Ministry of Public Works
and the Distribution List
Reliability Testing / Subsystems Interfaces/ Report on the placing in service
Ministry of Public Works
and the Distribution List
128/161
11
Phases 11-12 Operation, maintenance and
monitoring
•
•
The process followed for collecting statistical data regarding functional and RAMS
performances during the revenue service of the trackside and train-borne subsystems by the Infrastructure owner, for their subsequent evaluation and for planning
the consequent maintenance actions.
The authorisation process followed and the bodies involved in the postponed
solution of minor non-conformities evidenced during the previous phases without
endangering safety and interoperability of the sub-systems.
No statement is available up to now as the system is not in operation.
In Belgium, the national operational rules are conceived for TBL 2. For ERTMS these rules
had to be adapted. There are specific Belgian Rules as “grote beweging en kleine beweging”
meaning large movement and small movement that do not exist in ERTMS. So the ERTMS
term had to comply with one of this types of movement. As far as L3, L4 and other parts of
the network are not uniform, this might be an issue in future.
Infrabel considers European rules to be insufficiently present. Therefore they considered
their own adaptation of national rules necessary. It is self-understood that these rules won´t
be interoperable.
There was a problem to connect with the HSL/Zuid concerning Hot Box Axle Detection
(HBAD). This is not required in the Netherlands. The Belgian party involved would not
allow a train, coming from Holland on their L4 line without detecting possible hot axes.
As a solution, a HBAD was placed on the Dutch side of the border.
There has been joint work on a safety case “border” . Safety requirements and operational
rules, only valid for this transition, were agreed upon jointly
Belgian ETCS level 1 lines
Not applicable, as the system did not pass phase 9 to the present date.
No final acceptance has taken place to date.
129/161
Conforming [DB 24] the Operator is committed to gather any incidents and accidents at a
database. The DB database served as a vital source of information for the risk and hazard
analyses and the migration.
The Rome-Naples HSL
The ERTMS trackside and on board subsystem have been monitored during the approbatory
period. The results have been collected in four monthly reports issued by RFI [0] in
accordance with the procedure [RFI 103]. The evaluations of the performances of the
railway system are collected in such reports. For example, during the first two months of the
approbatory period, 209 train runs between Rome and Naples or vice versa plus 109 not
incomplete runs have been carried out with the following punctuality figures:
• 21% of the trains have arrived on schedule;
• 29% of the trains have suffered a delay up to 15 minutes
• 50% of the trains have suffered a delay longer than 15 minutes.
The summary of the approbatory period troubleshooting is in the [RFI 106].
Torino-Novara HSL
Betuweroute
Amsterdam - Utrecht
On behalf of the Ministry, ProRail has the tasks of Operation, Maintenance and Monitoring
of the line.
HSL ZUID
The only reported malfunction has been the one related with the tele-powering of the
balises.
130/161
The problem has been temporary solved installing a second balise holding identical
information, mounted in an adjacent sleeper. At the present time the origin of this
malfunction is still unknown.
The laboratory tests have always been satisfactory, and line tests performed during several
months with balises of several manufacturers have proven that every balise, including the
new ones developed by the previous manufacturer, works satisfactorily. After the test has
been finished it is very probably that ADIF decides to remove the duplicated balises.
In any case, this is not considered a safety, nor an interoperability problem, but an
operational inconvenience. If a train fails to read a balise, the only consequence is an
unwanted stop.
The operation under ERTMS is very recent, there are not available statistics. There are only
punctual observations that do not allow the deduction of any conclusion about ERTMS
functional and RAMS performances The results of the operation of the Madrid-Lleida
section since 19/06/2006 to 18/12/2006, and of the Madrid – Tarragona sectiom since
10/12/06 to 08/03707 can be summarized as follows:
•
•
•
•
Number of train runs: 4.445
Number of kilometres: 1.767.553
Number of incidences (dealay greater than 5 min):26 (16 of which are due to
odometry malfunction under ice and snow environment)
Punctuality index: 99,5 %
131/161
12
Phase 13 – Modification and retrofit
•
•
The process followed for implementing change request procedures or for the system
updating to the most recent ERTMS baseline, with due consideration of RAMS
implications for such modifications and retrofit.
The authorisation process followed and the bodies involved in the implementation,
validation and acceptance of modifications, without endangering safety and
interoperability of the sub-systems.
12.1 Austria-Italy project: Brenner Basis Tunnel project
12.2 Vienna-Nickelsdorf
It seems to be envisaged by the Railway Operator to upgrade ETCS level 1 to version 2.3.0,
but this is not officially fixed to date.
Because of the use of Euroloop equipment (both track-side and train-borne equipment)
produced and certified according to the old Euroloop Specifications (i.e. before the up-link
signal frequency was changed), it will become necessary to update the frequency relevant
components, according to the presently available Specifications, during a due time.
Also one type of certified LEU doesn´t conform to the present Specifications, due to
technical changes in the Specifications used for the certification. It has not been defined yet,
to date, what will be done as the change of specification has in course of this project no
influence on the function, the safety, the reliability of the component and most important
also no influence on the interoperability of the ETCS railway system.
Not applicable, as the system did not pass phase 9 to the present date.
132/161
The Rome-Naples HSL
Starting from the beginning of approbatory period, the following procedure has been defined
to install new Sw versions or Hw modifications to the sub-systems or to the components:
•
•
•
•
•
•
The modification has to be agreed between RFI and the involved suppliers;
A revision plan has to be issued and agreed upon;
The supplier has to validate the modification, according to his Verification and
Validation Plan (phase 13), and issue the related set of documents;
RFI has to perform the documental assessment;
Based on the extension of the modification, RFI and the suppliers have to carry out a
on field validation and acceptance test session, prior to put in service the new
version. The test sessions are carried out during the night when the commercial
service is suspended.
A positive assessment report has to be issued and accepted by RFI.
Torino-Novara HSL
There are still some tests in progress regarding the evaluation of the Quality of Service of
the GSM-R communications, as a measure to quantify the level of availability of the
complete ERTMS/ETCS system.
Betuweroute
Utrecht-Amsterdam HSL
HSL ZUID
133/161
13
Annex
13.1 References for the Austrian Projects
OEBB 1 DV V2 Signalvorschrift (signalling rules)
OEBB 2 DV V3 Betriebsvorschrift (operation rules)
OEBB 3 DV ETCS level 1 European Train Control System - ETCS Level 1
OEBB 4 DV S80
OEBB 5 DB 823 Beschreibung und Bedienung (description and operation manual)
13.2 References for the German projects
European Directives, Standards and Specifications
EC-Directives
DB 1.
EC-directive 96/48/EC
DB 2.
DB 3.
EC-Standards
DB 4.
EN 50126, Railway applications – The specification and demonstration of
dependability, reliability, availability, maintainability and safety (RAMS), 2000-03
DB 5.
EN 50128, Railway Applications – Communications, signalling and processing systems
– Software for railway control and protection systems, 2001-11
DB 6.
EN 50129, Railway Applications: Safety related electronic systems for signalling, Issue:
2000-11
DB 7.
EN 50159-1 Railway Applications – Communication, signalling and processing systems
– Part 2: Safety related communication in closed transmission systems, 2001
DB 8.
– Part 2: Safety related communication in open transmission systems, 2001-12
DB 9.
EN 45004
DB 10.
EN 50170-2
DB 11.
EN 29000
DB 12.
EN 29001
DB 13.
EN 50121-4
DB 14.
EN 50125-1
134/161
DB 15.
EN 50155
EC-Specifications
DB 16.
TSI Command Control Signalling, 2002-05-30
DB 17.
FFFIS STM
DB 18.
UNISIG Specifications V2.2.2 Class 1, 2002-05-30
Subsets 026, 037, 039, 041, 055, 076, 091, 092, and further
National Rules & Regulations
DB 19.
Eisenbahn-Interoperabilitätsverordnung (EIV), 1999-05-20
DB 20.
Konventioneller Verkehr – Eisenbahn Interoperabilitätsverordnung (KonVEIV)
DB 21.
Verwaltungsvorschrift für die Bauaufsicht über Signal-, Telekommunikation- und
Elektrotechnische Anlagen BAU-STE; 2003-01-01
DB 22.
Eisenbahn-Bau- und Betriebsordnung (EBO); 1967-05-08 ff.
DB 23.
Allgemeines Eisenbahngesetz (AEG); 1993-12-27 ff.
DB 24.
Technische Grundsätze für die Typzulassung von Sicherungsanlagen (Mü 8004)
DBAG Regulations
DB 25.
Konzernrichtlinie 408 (former “Fahrdienstvorschrift”)
DB 26.
further rules and regulations
DBAG Pilot Documentation
DB 27.
Rahmenlastenheft der DB AG; 2.5.1; 2004-07-15
DB 28.
Teillastenhefte Teile 1 bis 8, inkl. Anhängen
DB 29.
Erprobungsplan ETCS Release 1.4/1.3.6 und Doppelausrüstung ETCS/LZB auf BHL
DB 30.
Inbetriebnahmekonzept für Ludwigfelde – Teltow und Lückenschlüsse auf der ETCS
Pilotstrecke Berlin – Halle/Leipzig
DB 31.
Konzept für die Sicherheitserprobung (ZE) für die ETCS Teilsysteme Fahrzeug und
Strecke
Mapping” Risk Analysis – Hazard Analysis
DB 32.
Systemdefinition
DB 33.
Beschreibung betrieblicher Situationen zu den Gefährdungen
DB 34.
Betriebliche Ursachenanalyse – Teil 1
DB 35.
Betriebliche Ursachenanalyse – Teil 2, mit Fehlerbäumen
DB 36.
Quantifizierung, Betriebs- und Infrastrukturparameter, mit Anlagen 1 und 2
DB 37.
Zusammenfassung
135/161
DB 38.
Vorgehensweise
DB 39.
Gutachten zum Mapping RA/GA im Projekt ETCS2000 (not DB AG)
Suppliers´ (“Consortium”) Documentation (RBC Docu as an example)
Concepts and Plans
DB 40.
Safety Case Concept RBC
DB 41.
Safety Concept ETCS 2000 Crypto Module
DB 42.
Sicherheitskonzept des Kryptomoduls von ETCS2000
DB 43.
Sicherheitskonzept Core auf TAS Plattform, Safety
DB 44.
Sicherheitskonzept zur Eingabe von Daten über den RBC Bedienplatz
DB 45.
Sicherheitsnachweiskonzept RBC Release 1
DB 46.
Verification Plan of ETCS2000 RBC
DB 47.
Validation Plan of ETCS 2000 RBC
DB 48.
RBC Validation Plan
DB 49.
Quality Assurance Plan, Project RBC
DB 50.
Sicherheitsplan ETCS 2000 RBC
DB 51.
RBC Safety Plan
DB 52.
RAM Plan (RAMP) System Radio Block Centre (RBC)
DB 53.
Datengenerierungsplan Streckendaten ETCS RBC
DB 54.
Datentestplan der Streckendaten ETCS RBC
DB 55.
Conformity Plan of ETCS2000 RBC
Specifications and Descriptions
DB 56.
Systemanforderungsspezifikation ETCS 2000
DB 57.
Safety Requirements Specification of RBC
DB 58.
Descriptions of RBC equipment (core system, PC´s, monitors, switches, ...)
DB 59.
Anforderungen an die Planung der ETCS-Zentrale
DB 60.
RBC Operator Panel Requirement Specification
DB 61.
Software Architecture RBC Core
DB 62.
Requirement Specification and SW Architecture PCU, Protocol Converter SAHARA RACOON
DB 63.
Interface Specification RBC-IL / Double Equipment /Application Level
DB 64.
Interface Specification RBC-IL / Presentation Layer
136/161
DB 65.
Architecture Design Document Hardware
DB 66.
Insulation Coordination Hardware RBC
DB 67.
Hardware Beschreibung RCS für RBC
DB 68.
System Test Specification for RBC Transitions
Manuals
DB 69.
Handbuch Bedienplatz ETCS-Zentrale
DB 70.
Handbuch Diagnoseterminal ETCS Zentrale
DB 71.
Meldungshandbuch ETCS Zentrale Release 1
DB 72.
Wartungs- und Instandhaltungshandbuch ETCS-Zentrale
Conditions and Obligations
DB 73.
Betreiberhinweise für das ETCS2000 RBC Release x
DB 74.
Safety Application Conditions
DB 75.
Security Gateway: Sicherheitsbezogene Anwendungsvorschriften
DB 76.
Prüfvorschrift FZB Schrank Streckenzentrale
DB 77.
Projektierungsregeln der Streckendaten Release x
Analyses
DB 78.
Systemgefährdungsanalyse ETCS2000 – Fehlerbaumanalyse
DB 79.
RAM Analyse RBC
DB 80.
Implication Analysis (assessment of changes from one RBC release to the next)
Safety Cases
DB 81.
Sicherheitsnachweis Teil 1: Definition dess Systems
DB 82.
Sicherheitsnachweis Teil 2: Qualitätsmanagementbericht für ETCS2000 RBC Release
x
DB 83.
Sicherheitsnachweis Teil 3: Sicherheitsmanagementbericht (SMR)
DB 84.
Sicherheitsnachweis Teil 4: Technischer Sicherheitsbericht (Technical Safety Report)
DB 85.
Sicherheitsnachweis Teil 4: Anhang A, Fehlerbaumanalyse (Fault Tree Analysis)
DB 86.
Sicherheitsnachweis Teil 4: Anhang B, FMEA
DB 87.
Sicherheitsnachweis Teil 4: Anhang B, FMEA Interface IL
DB 88.
Sicherheitsnachweis Teil 4: Anhang B, FMEA PCU
DB 89.
Verfahrenssicherheitsnachweis für den RBC-Bedienplatz
DB 90.
Ergänzende Betrachtung zum Bedienplatz Rel. 1: Einsatz im offenen Netz
137/161
DB 91.
Verfahrenssicherheitsnachweis für die sichere Kommunikation zwischen RBC –
Stellwerk (Alcatel) unter Nutzung des CIRNet Protokolls
DB 92.
Technischer Sicherheitsbericht Verfahren Kommunikation OBU-RBC über EuroRadio
ETCS2000
DB 93.
Verfahrenssicherheitsnachweis für die sichere Kommunikation in geschlossenen
Netzen unter Nutzung des RACOON Stacks
DB 94.
Sicherheitsnachweis Teil 5: Beziehung zu anderen Sicherheitsnachweisen
DB 95.
Sicherheitsnachweis TFT-Monitor für den RBC Bedienplatz
Verification & Validation
DB 96.
Journal Sicherheitslogbuch Projekt RBC
DB 97.
Gefährdungslogbuch RBC
DB 98.
Validation Report of ETCS2000 RBC
DB 99.
Hardware Validation Report of RBC Release x
DB 100.
Validation Test Database RBC Reports and Proofs
DB 101.
Release Notes
DB 102.
Version Descriptions
DB 103.
Qualification Test Report Hardware RBC
Assessment
DB 104.
Sicherheitsgutachten Alcatel SEL RBC Rel. 1
DB 105.
Nachweis der Rückwirkungsfreiheit im Testbetrieb auf der ETCS Teststrecke für die
Zentralen Bitterfeld, Wittenberg und Jüterbog; Schrb. v. TS/AT
DB 106.
Nachweis der Rückwirkungsfreiheit im Testbetrieb auf der ETCS Teststrecke für die
Zentrale Ludwigsfelde; Sicherheitsgutachten RBC Rel. 1
DB 107.
Feldtest-Bericht ETCS L2 Bitterfeld, RBC Wittenberg
Approval & Acceptance
DB 108.
Zustimmung zur Betriebserprobung des Alcatel „Radio Block Centre“ (RBC) auf der
Strecke Jüterbog – Halle/Leipzig, 2003-12-12
DB 109.
Zustimmung zur Betriebserprobung der Fahrzeugeinrichtung ETCS-OBU auf dem
Testcar (BR 707) und DESIRO (BR 642) auf der Strecke Jüterbog – Halle/Leipzig,
2003-12-12
DB 110.
Zustimmung zur Sicherheitserprobung ohne Sicherheitsverantwortung für das SW
Release 1.4 in den RBC-Zentralen Jüterbog, Wittenberg und Bitterfeld der ETCS
Pilotstrecke J-H/L, 2005-05-02
DB 111.
Zustimmung zur Sicherheitserprobung mit Sicherheitsverantwortung von ETCS Level
2 (Strecke / RBC) auf der Pilotstrecke Jüterbog – Halle/Leipzig, 2005-09-14
138/161
DB 112.
2 (Fahrzeug / OBU) auf der Pilotstrecke Jüterbog – Halle/Leipzig, 2005-09-14
DB 113.
Zustimmung zur Zuverlässigkeitserprobung von ETCS Level 2 (Strecke / RBC) auf der
Pilotstrecke Jüterbog – Halle/Leipzig, 2005-11-21
DB 114.
Zustimmung zur Zuverlässigkeitserprobung von ETCS Level 2 (Fahrzeug / OBU) auf
der Pilotstrecke Jüterbog – Halle/Leipzig, 2005-11-21
DB 115.
Zustimmung zur erweiterten Sicherheitserprobung mit Sicherheitsverantwortung von
ETCS Level 2
(Fahrzeug / OBU) zur Durchführung von Hochgeschwindigkeitsfahrten (200 km/h) auf
der Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der RBC Bitterfeld und
Wittenberg; Fortschreibung des Bescheides vom 14.09.2005, 2006-01-31
DB 116.
Zustimmung zur erweiterten Sicherheitserprobung mit Sicherheitsverantwortung von
ETCS Level 2
(Strecke / RBC) zur Durchführung von Hochgeschwindigkeitsfahrten (200 km/h) auf
der Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der RBC Bitterfeld und
Wittenberg;
Fortschreibung des Bescheides vom 14.09.2005, 2006-01-31
DB 117.
DB 118.
Zustimmung zur Sicherheitserprobung ohne Sicherheitsverantwortung von ETCS
Level 2
(Strecke / RBC, Version 1.4) auf der Pilotstrecke Ludwigsfelde – Halle/Leipzig im
Bereich der RBC Bitterfeld, Wittenberg und Jüterbog, 2006-02-14
Zustimmung zur Sicherheitserprobung ohne Sicherheitsverantwortung von ETCS Level
2
(Fahrzeugeinrichtung OBU BR 101) auf der Pilotstrecke Ludwigsfelde – Halle/Leipzig
in den RBC Bereichen Bitterfeld, Wittenberg und Jüterbog, 2006-02-14
DB 119.
Level 2 (Fahrzeugeinrichtung OBU BR 101) auf der Pilotstrecke Ludwigsfelde –
Halle/Leipzig im Bereich des RBC Jüterbog, 2006-03-01
DB 120.
Level 2 (Strecke / RBC, Version 1.4) auf der Pilotstrecke Ludwigsfelde – Halle/Leipzig
im Bereich des RBC Jüterbog, 2006-03-01
DB 121.
Level 2 (Fahrzeugeinrichtung OBU BR 101) in den RBC-Zentralen Wittenberg und
Bitterfeld der ETCS Pilotstrecke J-H/L, 2006-10-04
DB 122.
Zustimmung zur Sicherheitserprobung für das SW Release 1.4 in den RBC-Zentralen
Wittenberg und Bitterfeld der ETCS Pilotstrecke J-H/L, 2006-04-10
DB 123.
Level 2 (Fahrzeugeinrichtung OBU BR 101) in den RBC-Zentralen Jüterbog,
Wittenberg und Bitterfeld der ETCS Pilotstrecke J-H/L, 2006-05-02
Zustimmung zur Sicherheitserprobung mit Sicherheitsverantwortung von ETCS Level 2
(Fahrzeugeinrichtung OBU BR 101) im Bereich des RBC Jüterbog auf der ETCS
Pilotstrecke J-H/L, 2006-05-02
DB 124.
139/161
DB 125.
Zustimmung zur Sicherheitserprobung mit Sicherheitsverantwortung für das SW
Release 1.4 im Bereich des RBC Jüterbog auf der ETCS Pilotstrecke J-H/L, 2006-0502
DB 126.
Zustimmung zur Sicherheitserprobung mit Sicherheitsverantwortung für das SW
Release 1.4 im Bereich der RBC Wittenberg und Bitterfeld auf der ETCS Pilotstrecke
J-H/L, 2006-05-05
Zustimmung zur Sicherheitserprobung mit Sicherheitsverantwortung von ETCS Level 2
(Fahrzeugeinrichtung OBU BR 101) im Bereich der RBC Wittenberg und Bitterfeld auf
der ETCS Pilotstrecke J-H/L, 2006-05-05
DB 127.
DB 128.
Zustimmung zur Zuverlässigkeitserprobung von ETCS Level 2 Streckenzentrale /
RBC, Version 1.4, in Kombination mit der Fahrzeugeinrichtung / OBU, Version 1.3.5.1,
auf der Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der RBC Jüterbog, Wittenberg
und Bitterfeld, 2006-07-03
DB 129.
Zustimmung zur Zuverlässigkeitserprobung von ETCS Level 2 (Fahrzeug / OBU,
Version 1.3.5.1) in Kombination mit der Streckenzentrale / RBC, Version 1.4 auf der
Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der RBC Jüterbog, Wittenberg und
Bitterfeld, 2006-07-03
DB 130.
2 (Streckenzentrale /RBC, Version 1.4, in Kombination mit der Fahrzeugeinrichtung /
OBU, Version 1.3.6.2) auf der Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der
RBC Jüterbog, Wittenberg und Bitterfeld, 2006-07-26
DB 131.
2 (Fahrzeug / OBU, Version 1.3.6.2 in Kombination mit der Streckenzentrale /RBC,
Version 1.4) auf der Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der RBC
Jüterbog, Wittenberg und Bitterfeld, 2006-07-26
DB 132.
DB 133.
Verision 1.3.6.2) in Kombination mit der Streckenzentrale / RBC, Version 1.4, auf der
DB 134.
Zustimmung zum Testbetrieb für das SW Release 1.4.1.6 in den RBC-Zentralen
Bitterfeld, Wittenberg, Jüterbog sowie 1.4.1.4 in der RBC-Zentrale Ludwigsfelde der
ETCS Pilotstrecke B-H/L, 2006-10-24
DB 135.
DB 136.
Version 1.3.6.2) in Kombination mit der Streckenzentrale / RBC, Version 1.4 auf der
140/161
DB 137.
Zustimmung zum Testbetrieb für das SW Release 1.4.1.6 in den RBC-Zentralen
Bitterfeld, Wittenberg, Jüterbog und Ludwigsfelde der ETCS Pilotstrecke B-H/L, 200611-21
DB 138.
Zustimmung zur Sicherheitserprobung ohne Sicherheitsverantwortung von Level 2
(Fahrzeug / OBU, Version 1.3.6.2) in Kombination mit der Streckenzentrale / RBC,
Version 1.4.1.6, auf der Pilotstrecke Jüterbog – Halle/Leipzig im Bereich der RBC
Ludwigsfelde, Jüterbog, Wittenberg und Bitterfeld, 2006-12-21
DB 139.
Zustimmung zur Sicherheitserprobung für das SW Release 1.4.1.6 auf der ETCS
pilotstrecke Berlin – Halle/Leipzig im Bereich der RBC-Zentralen Ludwigsfelde,
Jüterbog, Wittenberg und Bitterfeld, 2006-12-21
Warranty of documents (“Zusicherung”)
DB 140.
Zusicherung für Mapping Dokumente, 2005-11-21
DB 141.
Zusicherung für das Rahmenlastenheft der DB AG, 2.5.1 v. 2004-07-15
DB 142.
Zusicherung der Risikoanalyse
Conformity
DB 143.
Conformity Report of ETCS2000 RBC Release 1.3
DB 144.
Unisig Conformity Matrix (for RBC)
DB 145.
TÜV Intertraffic GmbH: Bericht zum Modul D Audit ETCS2000 RBC
13.3 References for the Italian projects
Laws and Norms
RFI 1.
Direttiva 96/48/CE del Consiglio del 23 luglio 1996 relativa all'Interoperabilità del
Sistema Ferroviario Transeuropeo ad Alta Velocità
RFI 2.
Direttiva 2001/16/CE del Parlamento Europeo e del Consiglio del 19/03/2001 relativa
all’interoperabilità del Sistema Ferroviario Transeuropeo Convenzionale
RFI 3.
Decisione 2002/731/CE della Commissione Europea del 30 maggio 2002 relativa alle
“Specifiche Tecniche di Interoperabilità per il sottosistema controllo-comando e
segnalamento del sistema ferroviario transeuropeo ad alta velocità di cui all’articolo 6,
paragrafo 1, della direttiva 96/48/CE”;
RFI 4.
Decreto Legislativo n. 299 del 24 Maggio 2001 “Attuazione della direttiva 96/48/CE
relativa all’interoperabilità del Sistema Ferroviario Transeuropeo ad Alta Velocità
RFI 5.
Decreto Legislativo n. 268 del 30 Settembre 2004 “Attuazione della direttiva
2001/16/CE in materia di interoperabilità del Sistema Ferroviario Transeuropeo
Convenzionale
141/161
European Norms and Standards
RFI 6.
EN 50126, Railway applications – The specification and demonstration of dependability,
reliability, availability, maintainability and safety (RAMS), Issue: September 1999
RFI 7.
EN 50129, Railway Applications: Safety related electronic systems for signalling, Issue:
February 2003
RFI 8.
EN 50128, Railway Applications – Communications, signalling and processing systems
– Software for railway control and protection systems, Issue: March 2001
RFI 9.
– Part 2: Safety related communication in closed transmission systems, Issue: March
2001
RFI 10.
– Part 2: Safety related communication in open transmission systems, Issue: March 2001
RFI 11.
Subset 026 - issue 2.2.2 UNISIG ERTMS/ETCS - Class 1 – System Requirements
Specification
RFI 12.
Subset 040 rev 2.0.0 Dimensioning and Engineering rules
RFI 13.
Subset 041 rev 2.0.0 Performance Requirements for Interoperability
RFI 14.
Subset 091 rev 2.2.2 Safety Requirements for the Technical Interoperability of ETCS in
Levels 1 & 2
RFI 15.
EIRENE System Requirement Specification ver. 14
RFI 16.
A11 P6001.11 Morane Radio Trasmission FFFIS for Euroradio
RFI 17.
ERTMS/ETCS Class 1 FIS for the RBC/RBC Handover”, issue 2.0.0
RFI Norms and Standards
EC Directives
RFI 18.
Disposizione 16/2003 del 12/08/2003 Norme per il progetto di base, le verifiche, le
consegne e l’attivazione all’esercizio degli impianti di sicurezza e segnalamento,
di controllo e di regolazione della circolazione e di smistamento a gravità
RFI 19.
Disposizione n. 19 del 18 Aprile 2005 Messa in esercizio della tratta Roma-Napoli
e della sub tratta Torino-Novara della linea AV/AC Torino-Milano-Napoli
RFI 20.
Disposizione n. 22 del 27 Aprile 2005 Disciplina operativa per la messa in
esercizio della tratta Roma-Napoli e della sub tratta Torino-Novara della linea
AV/AC Torino-Milano-Napoli
RFI 21.
Disposizione n. 29 del 15/10/2002 “Sviluppo e realizzazione di prodotti e sistemi
tecnologici per il segnalamento ferroviario”
RFI 22.
Disposizione n. 32 del 12/11/2002 “Applicazione della normativa CENELEC di
settore allo sviluppo e realizzazione di sistemi e prodotti elettronici in sicurezza
per il segnalamento ferroviario”
142/161
Standards, Procedures and Specifications
RFI TC PR IS 00 009 Applicazione della normativa CENELEC di settore di
RFI 23. settore allo sviluppo e realizzazione di sistemi e prodotti elettronici in sicurezza
per il segnalamento ferroviario” Rev A del 26/09/2003
RFI 24.
Istruzione per le verifiche che devono precedere l’attivazione degli impianti di
segnalamento (IS46 Ed. 71)
RFI 25.
Norme tecniche per l’esecuzione e la certificazione di verifiche di impianti di
segnalamento effettuate dalla ditta appaltatrice (IS717 Ed. 91),
RFI 26.
Norme tecniche per la progettazione, esecuzione, verifiche e prove di impianti di
segnalamento (IS381 Ed.82),
RFI 27.
Nota RFI-DTC\A0011\P\2005\0000688 Tratta di linea AV/AC Roma-Napoli.
Nomina delle Commissioni di Verifica Tecnica
RFI 28.
Linee Guida per le attività della CVT-SA.TLC del 25/05/2005
RFI 29.
RFI TC PSCC AVSC 27 002 B Istruzioni CVT SCC AV
RFI TC.PATC VT AV02 R01 A “Specifica per verifica tecnica per l’attivazione
RFI 30. degli impianti Rilevamento Temperatura Boccole (RTB) e Temperatura Freni
(RTF) per tratte AV/AC del 13/06/2005
RFI 31.
Procedura “Impianti NVP – Procedura di Verifica Tecnica” Rev. 1 del 30/05/2005
RFI 32.
RFI TC.PATC PR AV 02 R21 Procedura di Valutazione Funzionale Progettazione
e Realizz.ne Applic. Spec.che Sistema di Segnalamento. ERTMS-SST-SDT Rev B
del 08/07/2005
RFI 33.
RFI TC.PATC PR AV 02 R02 Definizione dei Confini di Responsabilità sugli
Elaborati di un Progetto di Base Applicazione Specifica ERTMS/SST/SDT Rev. A
del 09/09/05
RFI 34.
RFI TC.PATC VV AV R12 Piano di omologazione Applicazione Generica – I
Applicazione Specifica SST – ETCS Livello 2 Rev. A
RFI 35.
RFI MO-MA-TC DT PRES 001 Procedura per l’effettuazione del Pre-esercizio
della Linea AV/AC Roma - Napoli Rev A del 02/09/2005
RFI 36.
RFI MO-MA-TC-IN DT INES 001 Tratta AV/AC Roma – Napoli Caratteristiche
Infrastrutturali e Programma di Esercizio Complessivo della Tratta del 01/09/2005
RFI Specifications
RFI 37.
Rif. 1 RFI TC.STEC RS AV 01 G01 Analisi Preliminare del Rischio per la Tratta
AV Roma Napoli Rev 4 del 11/02/02
RFI 38.
XXXX 00 0 IF SP 000.01 001 Sistema Italiano Alta Velocità - Specifiche di Base
del 29/05/1992
143/161
RFI 39.
DI TC PATC SR AV 01 E02 Specifiche dei Requisiti Funzionali del Sistema di
“Controllo Automatico della Marcia del Treno” per la linea ad alta velocità Roma
Napoli Rev 0.2 + allegati
RFI 40.
TC PATC SR AV 01 D01/D02/D03 Linea AV ROMA-NAPOLI - Sistema di
Comando/Controllo della marcia dei treni ERTMS/ETCS L2 - Specifica dei
Requisiti di Sistema – Volume 1 Rev. B
RFI 41.
DI TC PATC AV 01 D06 A, Linea AV ROMA-NAPOLI - Sistema di
Comando/Controllo della marcia dei treni ERTMS/ETCS L2 - Specifica dei
Requisiti di Sistema – Volume 1 - Appendice Gestione Interconnessioni Rev. A01
RFI 42.
RFI TC.PATC AV 01 D07 Alimentazione delle Stazioni Radio Base GSM-R Appendice Volume 1 Rev. A del 12/05/2004
RFI 43.
RFI TC PATC DC AV 01 R01 Funzionalità Essenziali per Attivazione Sistema di
Segnalamento Rev. B del 17/11/2004
RFI 44.
RFI TC PATC AV 01 K01 Specifica dei Requisiti di SSB Generale - Volume 3
Rev. A del 31/01/2003
RFI 45.
RFI TC PATC AV 01 K02 Specifica dei Requisiti di SSB Gestione Stati e Modi
Operativi - Volume 3 Rev A del 31/12/2003
System assessment and approvals
RFI 46.
RFI-DTC.PATC 032 Valutazione Funzionale Specifica dei Requisiti di Sistema Volume
2 Rev. C del 30/01/2004
RFI 47.
RFI-DTC.PATC 126 Linea AV RM-NA. Gestione Interconnessioni - Approvazione
Schemi di Principio per il Cambio Sistema del 29/03/2004
RFI 48.
RFI 49.
RFI-DTC.PATC Approvazione Profili di Linea RTB del 13/02/2004
RFI 50.
RFI TC.PATC VV AV R01 Piano di Valutazione Funzionale Applicazione Generica –
Prima Applicazione Specifica SST ETCS Livello 2 Rev A
RFI 51.
RFI TC.PATC VV AV 02 R01 Valutazione Funzionale Specifiche di Test di Sistema
Saturno Rev B del 02/02/2005
RFI 52.
RFI TC.PATC VV AV 02 R05 Logica RBC - Schemi di principio Rev B del 07/09/2005
RFI 53.
RFI TC.PATC VV AV 02 R04 Gestione Non Conformità/ Punti Aperti Rev D del
09/12/2005
RFI 54.
RFI TC PATC ST AV 01 DBC A Valutazione Funzionale di Sistema ERTMS/ETCS
livello 2 Tratta AV/AC Roma – Napoli, Rev A (presente documento) del 12/12/2005
RFI 55.
RFI TC PATC VV AV 02 R79 A Rapporto di Valutazione Funzionale Test in campo,
Rev. A
144/161
RFI 56.
RFI TC PATC VM AV 01 DBD A Test di Valutazione Funzionale sistema
ERTMS/ETCS Livello 2 Tratta AV/AC Roma - Napoli, Rev. A del 14/12/2005
RFI 57.
Linea AC/AV Roma Napoli Sistema ACS AC/AV – Dossier di Assessment Funzionale –
attivazione all’esercizio ferroviario Rev. A
RFI 58.
RFI TC.PATC VV AV 02 R16 Rapporto di Valutazione Funzionale. Prima Applicazione
Specifica 2a Sottotratta Labico-S.Giovanni Rev C del 07/12/2005
RFI 59.
CVT-SA.SDT1 A104.24 Rapporto di valutazione funzionale Applicazione Specifica
Sottosistema di Terra ETCS livello 2 Tratta AV/AC Roma-Napoli (2° Sottotratta) Rev B
del 07/12/05
RFI 60.
CVT - AS.SS/TT Verbale Verifica Tecnica dell'applicazione Segnalamento/
Telecomunicazione SST ETCS livello 2 Rev B del 15/12/2005
RFI 61.
CVT-SA.SDT1.A104.01 RdV Piani schematici ERTMS Rev A del 09/09/2005
RFI 62.
CVT-SA.SDT1.A104.02 RdV delle Tabelle delle Condizioni di RBC Rev B del
06/09/2005
RFI 63.
CVT – SA.SDT1.A104.3 Rapporto di Valutazione degli Allacciamenti Rev A del
15/07/2005
RFI 64.
CVT – SA.SDT1.A104.4 Rapporto di Valutazione del Layout Interfacce Operatore Rev
A del 15/07/2005
RFI 65.
CVT – SA.SDT1.A104.5 Rapporto di Valutazione del Layout Apparecchiature nei
Locali Rev A del 15/07/2005
RFI 66.
CVT – SA.SDT1.A104.6 Rapporto di Valutazione del Layout Armadi Rev A del
15/07/2005
RFI 67.
CVT-SA.SDT1.A104.7 Rapporto di Valutazione funzionale PI ERTMS/ETCS Rev C del
09/09/2005
RFI 68.
CVT-SA.SDT1.A104.11 Rapporto di Valutazione Funzionale - Misure in Campo Rev C
del 09/09/2005
RFI 69.
CVT – SA.SDT1.A104.13 Rapporto di Valutazione dell’Interfacciamento TLC-LD Rev
A del 09/09/2005
RFI 70.
CVT-SA.SDT1.A104.14 Rapporto di Valutazione sulla corretta fornitura, Installazione e
Configurazione delle apparecchiature ERTMS/ETCS LIVELLO 2 presso PCS Rev B del
09/09/2005
RFI 71.
CVT-SA.SDT1.A104.15 RdV Messaggi Radio Rev A del 04/07/2005
RFI 72.
CVT-SA.SDT1.A104.16 RdV Tabelle Intermedie RBC Rev A del 04/07/2005
RFI 73.
CVT-SA.SDT1.A104.18 Rapporto di Valutazione sulla correttezza concordanze NVPRBC Rev B del 07/09/2005
RFI 74.
CVT – SA.SDT1.A104.19 Rapporto di Valutazione dell’Interfacciamento GSM-R Rev
A del 09/09/2005
145/161
RFI 75.
CVT-SA.SDT1.A104.20 Rapporto di Valutazione Funzionale - Configurazione RBC
(MA, CES) Labico - Supino Rev A del 09/09/2005
RFI 76.
(MA, CES) Ceccano – S. Giovanni Rev A del 09/09/2005
RFI 77.
(MA, CES) Percorsi Deviatoi Labico – S. Giovanni Rev A del 09/09/2005
RFI 78.
(ED) Labico – S. Giovanni Rev A del 09/09/2005
RFI 79.
CVT – SA.SDT1.A104.25 Relazione Tecnica – Evoluzione della configurazione e
relativa analisi di impatto e Non Regressione Rev D del 07/12/2005
RFI 80.
CVT – SA.SDT1.A104.26 Rapporto di valutazione funzionale sulla Progettazione
Applicativa Eurobalise Rev A del 09/09/2005
RFI 81.
CVT – SA.SDT1.A104.27 Rapporto di valutazione funzionale telegrammi Allarmi RTB
Rev B del 07/12/2005
RFI 82.
RFI TC.PATC RR AV 06 R01 Ricognizione sulla linea AV Roma Napoli, PJ Ceccano,
per verifica anormalità CdB Digicode Rev A del 07/09/2005
RFI 83.
NVP Colleferro (PT) – Report CVT delle prove in ambiente reale CVT-SA.GdV C1.1
RFI 84.
NVP Labico (PC) – Report CVT delle prove in ambiente reale CVT-SA.GdV C1.1
RFI 85.
NVP Anagni (PM/PJ) – Report CVT delle prove in ambiente realeCVT-SA.GdV C1.1
RFI 86.
NVP Ceccano (PC) – Report CVT delle prove in ambiente reale CVT-SA.GdV C1.2
RFI 87.
NVP Ceprano (PT) – Report CVT delle prove in ambiente reale CVT-SA.GdV C1.2
RFI 88.
NVP Supino (PT) – Report CVT delle prove in ambiente reale CVT-SA.GdV C1.2
RFI 89.
NVP S. Giovanni (PM) – Report CVT delle prove in ambiente reale CVT-SA.GdV C1.2
Permissions
RFI 90.
RFI TC.PATC VV AV 02 R10 Rapporto di Valutazione Funzionale SST per rilascio
Nulla Osta Distanziamento Treni a velocità < 150 km/h sottotratta Labico-Supino Rev. A
del 04/07/2005
RFI 91.
RFI TC.PATC VV AV 02 R10 Rapporto di Valutazione Funzionale SST per rilascio
Nulla Osta Distanziamento Treni a velocità < 300 km/h sottotratta Labico S.Giovanni
Rev. B del 18/07/2005
RFI 92.
RFI TC PATC SR AV 03 E02 Processo di Omologazione SSB ERTMS Rev. A
RFI 93.
Nulla Osta Installazione ETR 500 59 del 30/12/04
RFI 94.
Nulla Osta SSB per Distanziamento Treni v < 150 Km/h del 25/06/05
RFI 95.
146/161
RFI 96.
RFI 97.
RFI 98.
Linea Roma Napoli Sistema ACS AC/AV - Dossier di Assessment Funzionale –
attivazione al pre-esercizio Rev. A
RFI 99.
RFI TC.PATC RR AV 03 E06 Relazione conclusiva per il rilascio del Nulla Osta al Pre esercizio del Sotto Sistema di Bordo ERTMS/AV Alstom Rev. A
RFI 100.
RFI TC.PATC VV AV 02 R10 Rapporto di Valutazione Funzionale Sottosistema di
Terra ETCS Livello 2 intera tratta Rev C del 09/09/2005
RFI 101.
RFI DT.PATC CO AV 02 Applicazione Generica Sottosistema di Terra ETCS livello 2
della Impresa Alstom Ferroviaria SpA – Certificato per la Accettazione Preliminare Rev
A del 12/09/2005
RFI 102.
RFI/TC.CC/2927 del 09/09/2005 – Risultanze del processo di Safety Assessment
RFI 103.
Rapporti mensili del pre-esercizio della Linea AV/AC Roma (n. 4 rapporti)
RFI 104.
RFI DTC A0011 P 2005 0002025 Rapporto finale sulla esaustività e idoneità del Sistema
Regolamentare del 19/12/2005
RFI 105.
RFI TC PATC VV AV 02 R89 Relazione sull’esito del pre-esercizio della tratta AV/AC
Roma Napoli emesso dalle Direzioni Compartimentali Movimento ed Infrastruttura di
Roma e di Napoli Rev A del 09/12/2005
RFI 106.
RFI TC PATC VV AV 02 R89 Rapporto di Valutazione Funzionale Applicazione
Generica SST ETCS Livello 2 – Risultanze del Pre-esercizio Rev. A
RFI 107.
RFI TC.PATC VV AV 02 R10 Rapporto di Valutazione Funzionale Sottosistema di
Terra ETCS Livello 2 intera tratta Rev D del 09/12/2005
RFI 108.
Nota RFI/DTC – PATC.191 del 16/12/2004
RFI 109.
Nota DI/TC.SS.TB/009/425 del 29/11/1999
RFI 110.
Nota RFI-DTC A0011/P/2005/0001995 del 15/12/2005
RFI 111.
Nota RFI-DTC/A0011/P/2005/000663 del 16/05/2005
RFI 112.
Nota RFI DT PATC CO AV 02 E01 B Applicazione Generica Sottosistema di Terra
ETCS Livello 2 della impresa Alstom Ferroviaria S.p.A. – Certificazione per
l’Accettazione Preliminare
RFI 113.
RFI TC PATC ST AV 01 DBC Rev. A Valutazione Funzionale di Sistema
ERTMS/ETCS Livello 2 – Applicazione Generica - Tratta AV/AC Roma Napoli del
14/12/2005
RFI 114.
RFI TC CC RR AS 11 001 A Rapporto di Valutazione (Assessment Report) relativo al
Sistema di Segnalamento Linea AV Roma – Napoli del 14/12/2005
RFI 115.
Linea AC/AV Roma Napoli Sistema ACS AC/AV - Dossier di Assessment Funzionale –
attivazione all’esercizio ferroviario Rev. B
147/161
RFI 116.
RFI TC PATC RR AV 03E09 Relazione conclusiva per il rilascio del Nulla Osta
all’esercizio del Sotto Sistema di Bordo ERTMS/AV Alstom – Fase 1 (Progetto
ATC/CESIFER) del 09/12/2005
Suppliers Documents
Hazard Analysis
RFI 117.
A104 00 CI1 SQ IS 00 0 0 R07, Fault Tree Analysis – Sistema di Comando e Controllo
della marcia dei treni ERTMS/ETCS Livello 2
RFI 118.
A104 00 CI1 SQ IS 00 0 0 R06, Analisi FMEA – Sistema di Comando e Controllo della
marcia dei treni ERTMS/ETCS Livello 2
RFI 119.
A104 00 CI1 2Z IT 0000 020, Hazard Analysis delle Funzioni del SSAV-SST
RFI 120.
A104 00 CI1 2Z IT 0000 022, Hazard Analysis delle Funzioni del SSAV-SST - Allegato
B - Hazard-Log relativo agli Hazard in Stato “Cancellato”
RFI 121.
A104 00 CI1 2Z IT 0000 039 Analisi dell' Hazardous Failure Rate (HFR) del
Sottosistema di Terra ERTMS/ETCS L2 per la linea AV tratta Roma-Napoli
RFI 122.
Linea AV Roma-Napoli – Specifica dei Requisiti di Sistema, Vol.2 – Sottosistema di
Terra
RFI 123.
A104 00 CI1 2Z IT 0000 063 SSAV-SST - Hazard Analysis delle Funzioni del Sistema
SSAV-SST – Specifica dei Requisiti di Sicurezza, rev. A
RFI 124.
A104 00 CI1 SP IT 0000 003 Linea AV Roma-Napoli Specifica dei Requisiti di Sistema
Volume 3 - Sotto Sistema di Bordo Rev A del 01/08/03
RFI 125.
A104 00 BI1 RP IS 0000 R14 Tabelle delle Condizioni (TdC) di Linea-Stazione 1-2-3
Sottotratta Rev. A del 04/11/2005
RFI 126.
A104 Tabelle delle Condizioni RBC / Integrazione Funzionale di Sottosistema di Terra
RFI 127.
A104 00 BI 1 PX IS 00 00 R01 Piano Schematico As Build rev.B del 04/11/2005
RFI 128.
37X.B22.C.IS.005641 Sottosistema NVP + GAT Applicazione Generica Safety Case
(vers. Logica NVP 5.0) Rev. 00.00
RFI 129.
37X.B22.C.IS.007-641 Sottosistema NVP + GAT Applicazione Generica Safety Case
aggiornamento per le nuove versioni di logica NVP (successive a VLA 5.3C1) Rev.
02.00 del 07/11/2005
RFI 130.
A104 00 CI1 SP IS 0000 AH2B001 Applicazione Generica Gestione della Via Safety
Case (25/01/2005)
RFI 131.
A104 00 CI1 IS0000 AJ0 Applicazione Generica Gestione della Via Safety Case
Aggiornamenti successivi alla versione del 25/01/2005 Rev. C del 30/11/2005
148/161
RFI 132.
A104 00 CI1 SP IS 0000 AJ2 Sottosistema Segnalamento Terra Gestione della Via Applicazione Specifica seconda sottotratta e PPF di S.Giovanni in Carico Safety Case
Aggiornamenti Successivi alla Versione del 16/03/05 Rev. D del 28/11/2005
RFI 133.
A104 00 CI1 IS0000 AJ2 Sottosistema Segnalamento Terra Gestione della Via Applicazione Specifica seconda sottotratta e PPF di S.Giovanni in Carico Safety Case
RFI 134.
A104 00 CI1 IS0000 AJ2 Sottosistema Segnalamento Terra Gestione della Via Applicazione Specifica seconda sottotratta e PPF di S.Giovanni in Carico Safety Case
RFI 135.
A104 00 CI1 SP IS 0000RG5 Tratta AV Roma Napoli Sottosistema Distanziamento
Treni Safety Case di Applicazione Generica del 23/11/2005
RFI 136.
A104 00 CI1 SP IS 0000RN0 Tratta AV Roma Napoli Safety Case SDT Applicazione
Specifica 2 sottotratta Rev G del 29/11/05
RFI 137.
A104 00 CI1 SP IS 0000 RP9 Tratta AV Roma Napoli SDT – Relazione tecnica di
sicurezza Rev G del 06/12/2005
RFI 138.
A104 00 CI1 2Z IT0000036 Tratta AV Roma Napoli Applicazione Generica
Sottosistema di Segnalamento di Terra Safety Case Rev. D del 29/07/2005
RFI 139.
A104 00 CI1 2Z IT0000056 Tratta AV Roma Napoli Sottosistema di Segnalamento di
Terra Applicazione Specifica II Sottotratta - Safety Case Rev. D del 31/07/2005
RFI 140.
A104 00 CI1 2Z IT0000095 Tratta AV Roma Napoli Applicazione Generica –
Applicazione Specifica II Sottotratta Sottosistema di Segnalamento di Terra - Safety
Case aggiornamento Rev. A del 09/12/2005
RFI 141.
[GATC_BSI_RAMS_0040] GATC Trainborne Safety Case, Version 5.4 del 28.10.2005
RFI 142.
Dichiarazione di Conformità di Consorzio Saturno DC/001 del 07/09/2005
RFI 143.
Dichiarazione di Conformità di Alstom Transport n. AV RM/NA 604/05 del 08/09/2005
RFI 144.
Dichiarazione di Conformità di Ansaldo Segnalamento Ferroviario Gestione della Via
ASF/05/7501 del 07/09/2005
RFI 145.
DC002 Linea AV Roma Napoli Applicazione Specifica di I, II e III Sottotratta
Dichiarazione di Conformità del Consorzio Saturno del 09/12/2005
RFI 146.
7513300/1007/05 del 07/12/05 Dichiarazione di Conformità linea AV/AC Milano Napoli
Tratta Roma Napoli (Alstom)
RFI 147.
ASF/05/10636 Linea AV Roma Napoli Applicazione Specifica di I, II e III Sottotratta
Dichiarazione di Conformità di ASF del 09/12/2005
13.4 Specific References for the Turin-Novara Project
RFI Specifications and assessment documents
149/161
RFI 148.
RFI TC PATC SR AV 01 E02 Linea AV Torino Novara Funzionalità essenziali per le
attivazioni Rev. B del 17/11/2004
RFI 149.
RFI-DTC.PATC 187 Valutazione funzionale distanziamento tratta Torino-Novara
Logica RBC del 14/012/2004
RFI 150.
RFI-DTC.PATC 003 Assessment Funzionale SST ETCS L2 Linea AV/AC Tratte RomaNapoli e Torino-Novara. Non conformità/Punti Aperti del 21/01/2005
RFI 151.
RFI-DTC.PATC 078 Assessment Funzionale SST ETCS L2 Linea AV/AC Tratte RomaNapoli e Torino-Novara. Non conformità/Punti Aperti del 21/03/2005
RFI 152.
RFI-DTC.PATC 032 Assessment Funzionale SST ETCS L2 Linea AV/AC Tratta
Torino-Novara. Non conformità/Chiarimenti del 04/08/2005
RFI 153.
RFI-DTC.PATC 347 Sistema Distanziamento Treni ERTMS/ETCS L2 Assessment
Funzionale SST ETCS L2 Tratta Torino – Novara: Azioni correttive e soluzioni per Non
Conformità/Punti aperti del 17/10/2005
RFI 154.
Funzionale SST ETCS L2 Tratta Torino – Novara: del 21/10/2005
RFI 155.
Funzionale SST ETCS L2 Tratta Torino – Novara: del 21/10/2005 Lista delle Non
Conformità del 25/10/2005
RFI 156.
RFI 157.
RFI 158.
RFI TC.PATC VV AV 02 R01 Piano di Valutazione Funzionale Applicazione Generica
– I Applicazione Specifica SST ETCS Livello 2 Rev A
RFI 159.
RFI TC PATC VV AV 02 R79 Rapporto di Valutazione Funzionale Sottosistema di
Terra Sottosistema di Bordo ETCS Liv. 2 Tratta AV/AC Torino Novara Rev. E del
06/02/2006
RFI 160.
RFI TC.PATC VV AV 02 R82 Gestione Non Conformità/ Punti Aperti Rev C del
06/02/2006
RFI 161.
RFI TC PATC VM AV 01 DBE A Valutazione Funzionale di Sistema ERTMS/ETCS
livello 2 Tratta AV/AC Torino-Novara, Rev A (presente documento) del 06/02/2006
RFI 162.
RFI TC PATC VM AV 01 DA3 A Test di Valutazione Funzionale sistema
ERTMS/ETCS Livello 2 Tratta AV/AC Torino – Novara, Rev. A del 06/11/2005
RFI 163.
RFI TC PATC VV AV 01 DA5 A Test Report di Valutazione Funzionale sistema
ERTMS/ETCS Livello 2 Tratta AV/AC Torino – Novara, Rev. A del 04/02/2006
RFI 164.
RFI.TCPA RT SI 08 044 Linea AC/AV Tratta Torino-Novara Sistema ACS AC/AV Dossier di Assessment Funzionale – attivazione all’esercizio ferroviario Rev. B
150/161
RFI 165.
CVT – SA.SDT.A201.24 - Rapporto di valutazione funzionale Applicazione Specifica
Sottosistema di Terra ETCS livello 2 Tratta AV/AC Torino-Novara Applicazione
Specifica Tratta Settimo – Novara da km. 0+786 a km. 84+758 Rev. D del 06/02/06
RFI 166.
CVT – SA.SDT.A201.01 - CVT – SA.SDT Rapporto di Valutazione Funzionale Piano
Schematico ERTMS/ETCS LIVELLO 2 Torino – Novara Tratta Settimo – Novara da
km. 0+786 a km. 84+758 Rev.B del 16/01/06
RFI 167.
CVT-SA.SDT.A201.02 - CVT-SA.SDT Rapporto di valutazione funzionale Tabella
delle Condizioni di RBC Sottosistema di Terra ETCS livello 2 Tratta AV/AC TorinoNovara Applicazione Specifica Tratta Settimo – Novara da km. 0+786 a km. 84+758
Rev. A del 25/10/05
RFI 168.
CVT-SA.SDT.A201.03 - CVT-SA.SDT Rapporto di valutazione funzionale Layout
interfaccia operatore Sottosistema di Terra ETCS livello 2 Tratta AV/AC Torino-Novara
Applicazione Specifica Tratta Settimo – Novara da km. 0+786 a km. 84+758 Rev. A del
25/10/05
RFI 169.
CVT-SA.SDT.A201.04 - CVT-SA.SDT Rapporto di valutazione funzionale
Allacciamenti Sottosistema di Terra ETCS livello 2 Tratta AV/AC Torino-Novara
25/10/05
RFI 170.
apparecchiature nei locali Sottosistema di Terra ETCS livello 2 Tratta AV/AC TorinoNovara Applicazione Specifica Tratta Settimo – Novara da km. 0+786 a km. 84+758
Rev. A del 25/10/05
RFI 171.
Armadi Sottosistema di Terra ETCS livello 2 Tratta AV/AC Torino-Novara
25/10/05
RFI 172.
CVT – SA.SDT.A201.07 - CVT – SA.SDT Rapporto di valutazione funzionale Punti
Informativi ERTMS/ETCS Tratta Settimo – Novara da km. 0+786 a km. 84+758 Rev. B
del 16/01/06
RFI 173.
CVT – SA.SDT.A201.08 -CVT – SA.SDT Rapporto di valutazione funzionale Punti
Informativi ERTMS/ETCS Tratta Settimo – Novara da km. 0+786 a km. 84+758 Letture
Punti Informativi e Confronto con Telegrammi di Progetto Rev. A del 25/10/05
RFI 174.
CVT – SA.SDT.A201.09 - CVT – SA.SDT Rapporto di valutazione funzionale Misure
in Campo ERTMS/ETCS LIVELLO 2 e non Tratta Settimo – Novara da km. 0+786 a
km. 84+758 Tabelle misure (punte scambi, traverse limite, punti informativi, cartelli EoA, giunti elettrici) Rev. A del 25/10/05
RFI 175.
CVT – SA.SDT.A201.11- CVT – SA.SDT Rapporto di valutazione funzionale Misure in
Campo ERTMS/ETCS LIVELLO 2 e non Tratta Settimo – Novara da km. 0+786 a km.
84+758 Rev. B del 16/01/06
151/161
RFI 176.
CVT - SA.SDT.A201.13 - CVT-SA.SDT Rapporto di valutazione funzionale Corretta
Configurazione delle Interfacce TLC-LD Sottosistema di Terra ETCS livello 2 Tratta
AV/AC Torino-Novara Applicazione Specifica Tratta Settimo – Novara da km. 0+786 a
km. 84+758 Rev. A del 25/10/05
RFI 177.
CVT - SA.SDT.A201.14 - CVT-SA.SDT Rapporto di Valutazione Funzionale Fornitura,
Installazione e Configurazione delle apparecchiature ERTMS/ETCS Livello 2 presso
PCS Rev. A del 19/10/05
RFI 178.
CVT-SA.SDT1.A201.15 - CVT-SA.SDT Rapporto di valutazione funzionale Tabelle
delle MA Sottosistema di Terra ETCS livello 2 Tratta AV/AC Torino-Novara
Applicazione Specifica Tratta Settimo – Novara da km. 0+786 a km. 84+758 Rev. B del
17/01/06
RFI 179.
CVT-SA.SDT.A201.18 - CVT-SA.SDT Rapporto di valutazione funzionale
Concordanza dati NVP – RBC Sottosistema di Terra ETCS livello 2 Tratta AV/AC
Torino-Novara Applicazione Specifica Tratta Settimo – Novara da km. 0+786 a km.
84+758 Rev. B del 13/01/06
RFI 180.
CVT - SA.SDT1.A201.19 - CVT - SA.SDT1.A201.19 - CVT-SA.SDT Rapporto di
Valutazione Funzionale Configurazione delle Interfacce GSM-R Rev. A del 19/10/05
RFI 181.
CVT-SA.SDT.A201.20 - CVT-SA.SDT Rapporto di valutazione funzionale della
Configurazione RBC (Tabelle delle Condizioni / Tabelle dei Messaggi Radio)
Sottosistema di Terra ETCS livello 2 Tratta AV/AC Torino-Novara Applicazione
Specifica Intera Sottotratta Rev. B del 17/01/06
RFI 182.
CVT – SA.SDT.A201. 25 - CVT – SA.SDT Relazione Tecnica SSAV To-No SDT
ANSALDO Tratta Settimo – Novara da km. 0+786 a km. 84+758 Evoluzione della
configurazione e relative analisi di impatto e non regressione Rev. D del 05/02/06
RFI 183.
CVT – SA.SDT.A201.26 - CVT – SA.SDT Rapporto di valutazione funzionale
Progettazione Applicativa Eurobalise Tratta Settimo – Novara da km. 0+786 a km.
84+758 Rev. B del 16/01/06
RFI 184.
CVT – SA.SDT.A201.27 - CVT – SA.SDT Rapporto di valutazione funzionale
Progettazione Applicativa Eurobalise RTB Rev A del 21/11/05.
RFI 185.
CVT –SA.SDT/SA.TLC Rapporto di Valutazione Interrelazione CVT SDT – TLC – LD
Rev. A del 09/11/2005
RFI 186.
RFI TC.PATC VV AV 02 R79 Rapporto di Valutazione Funzionale SST e SSB ETCS
L2 per rilascio Nulla Osta Distanziamento Treni a velocità < 150 km/h Rev. B del
30/12/2005
RFI 187.
L2 per rilascio Nulla Osta Distanziamento Treni a velocità < 300 km/h Rev. D del
02/02/2005
RFI 188.
RFI TC PATC SR AV 03 E02 Processo di Omologazione SSB ERTMS Rev. A
RFI 189.
Nulla Osta Installazione ETR 500 59 del 30/12/04
RFI 190.
RFI-DTC/A0011/P/2005/0001853 Nulla Osta SSB per Distanziamento Treni v < 150
Km/h del 24/11/05
152/161
RFI 191.
RFI 192.
RFI 193.
Documents about approbatory period
RFI 194.
RFI.TCPA RT SI 08 044 Linea AC/AV Tratta Torino-Novara Sistema ACS AC/AV Dossier di Assessment Funzionale – attivazione al pre-esercizio Rev. A
RFI 195.
L2 per Pre-esercizio Rev. A del 25/11/2005
RFI 196.
RFI DT PATC CO AV 02 E02 A Applicazione Generica Sottosistema di Terra ETCS
Livello 2 della impresa Ansaldo Segnalamento Ferroviario S.p.A. – Certificazione per
RFI 197.
RFI/TC.CC/2972 del 28/10/2005 – Risultanze del processo di Safety Assessment
Sistema di Segnalamento AV Torino – Novara
RFI 198.
RFI DTC A0011 P 2005 0002025 Rapporto finale sulla esaustività e idoneità del Sistema
Regolamentare del 19/12/2005 (Attività svolta nella fase di pre-esercizio della Roma
Napoli)
RFI 199.
RFI TC PATC VV AV 02 R91 Rapporto di Valutazione Funzionale Applicazione
Generica SST ETCS Livello 2 Tratta Torino – Novara – Risultanze del Pre-esercizio
Rev. A del 06/02/06
Documents about revenue service
RFI 200.
Nota RFI/DTC – PATC.191 del 16/12/2004
RFI 201.
Nota DI/TC.SS.TB/009/425 del 29/11/1999
RFI 202.
RFI 203.
RFI 204.
L2 per Pre-esercizio Rev. E del 06/02/2006
RFI 205.
RFI.TCPA RT SI 08 044 Linea AC/AV Tratta Torino-Novara Sistema ACS AC/AV Dossier di Assessment Funzionale – attivazione all’esercizio ferroviario Rev. B
RFI 206.
RFI DT PATC CO AV 02 E02 B Applicazione Generica Sottosistema di Terra ETCS
Livello 2 della impresa Ansaldo Segnalamento Ferroviario S.p.A. – Certificazione per
RFI 207.
RFI TC PATC VM AV 01 DBE Rev. A Valutazione Funzionale di Sistema
ERTMS/ETCS Livello 2 – Applicazione Generica - Tratta AV/AC Torino Novara del
06/02/2006 (Presente report)
RFI 208.
RFI TC CC RR AS 11 002 A Rapporto di Valutazione (Assessment Report) relativo al
Sistema di Segnalamento Linea AV Torino - Novara del 06/02/2006
153/161
RFI 209.
RFI TC PATC RR AV 03E09 Relazione conclusiva per il rilascio del Nulla Osta
all’esercizio del Sotto Sistema di Bordo ERTMS/AV Alstom – Fase 1 (Progetto
ATC/CESIFER) del 09/12/2005
Suppliers Documents
Hazard Analysis
RFI 210.
A104 00 CI1 SQ IS 00 0 0 R07, Fault Tree Analysis – Sistema di Comando e Controllo
della marcia dei treni ERTMS/ETCS Livello 2
RFI 211.
A104 00 CI1 SQ IS 00 0 0 R06, Analisi FMEA – Sistema di Comando e Controllo della
marcia dei treni ERTMS/ETCS Livello 2
RFI 212.
A104 00 CI1 2Z IT 0000 020, Hazard Analysis delle Funzioni del SSAV-SST
RFI 213.
A104 00 CI1 2Z IT 0000 022, Hazard Analysis delle Funzioni del SSAV-SST - Allegato
B - Hazard-Log relativo agli Hazard in Stato “Cancellato”
RFI 214.
A104 00 CI1 2Z IT 0000 039 Analisi dell' Hazardous Failure Rate (HFR) del
Sottosistema di Terra ERTMS/ETCS L2 per la linea AV tratta Roma-Napoli
RFI 215.
A201 19 C F2 IS 00 0B A01 F Safety Case della integrazione tra SST ASF e SSB
ALSTOM tratto Torino Novara del 04/02/06
Specifications
RFI 216.
A201 19 CF2 1S IS0000 A04 Volume 2 – Specifica Generale di Sistema –Sistema di
Segnalamento Rev. A
RFI 217.
A201 19 CF2 1W IS0000 A01 Volume 2 – Sottosistema di Distanziamento Rev. E
RFI 218.
A201 09 CF2 1W IS0000 A01 Volume 2 – Sottosistema Interlocking Rev. A
RFI 219.
A201 09 CF2 1W IS0000 A01 Volume 2 – Sottosistema Interconnessioni AC/AV –LS
(Transizione L2 LT) Rev. A
RFI 220.
A201 09 CF2 1RLD 0000 X01 Volume 2 – Sottosistema Lunga Distanza-Relazioni
_Architettura di Rete e Descrizione Funzionale Sottosistema Lunga Distanza Rev. B
RFI 221.
A104 00 CI1 2Z IT 0000 063 SSAV-SST - Hazard Analysis delle Funzioni del Sistema
SSAV-SST – Specifica dei Requisiti di Sicurezza, rev. A
RFI 222.
A104 00 CI1 SP IT 0000 003 Linea AV Roma-Napoli Specifica dei Requisiti di Sistema
Volume 3 - Sotto Sistema di Bordo Rev A del 01/08/03
RFI 223.
A201 09 C F2 1T IS 00 0B A02 Tabella delle Condizioni RBC1 (Settimo – Balocco)
Rev E
RFI 224.
A201 09 C F2 1T IS 00 0B A03 Tabella delle Condizioni RBC2 (Recetto – Novara
Ovest) Rev.E
RFI 225.
A201 19 C F2 1P IS 00 00 A01 Piano Schematico di linea ERTMS Liv.2 Tratta TorinoNovara Rev. F
Safety Cases
154/161
RFI 226.
37X.B22.C.IS.005641 Sottosistema NVP + GAT Applicazione Generica Safety Case
(vers. Logica NVP 5.0) Rev. 00.00
RFI 227.
37X.B22.C.IS.007-641 Sottosistema NVP + GAT Applicazione Generica Safety Case
aggiornamento per le nuove versioni di logica NVP (successive a VLA 5.3C1) Rev.
02.00 del 07/11/2005
RFI 228.
A104 00 CI1 SP IS 0000 AH2B001 Applicazione Generica Gestione della Via Safety
Case (25/01/2005)
RFI 229.
A104 00 CI1 IS0000 AJ0 Applicazione Generica Gestione della Via Safety Case
Aggiornamenti successivi alla versione del 25/01/2005 Rev. C del 30/11/2005
RFI 230.
A201 19 C F2 1S IS 00 00 A33 APPLICAZIONE GENERICA GESTIONE DELLA
VIA Safety Case Rev.C 25/10/05
RFI 231.
A201 19 C F2 3W IS 00 00 A21 SOTTOSISTEMA SEGNALAMENTO TERRA GESTIONE DELLA VIA - APPLICAZIONE SPECIFICA - Tratta Torino – Novara SAFETY CASE Rev C del 24/11/05
RFI 232.
A201 19 C F2 3W IS 00 00 A11 Tratta AV Torino-Novara - Applicazione Generica
Sottosistema di Distanziamento Treni - Safety Case Rev. M 15/12/06
RFI 233.
A201 19 C F2 3W IS 00 00 A20 Tratta AV Torino-Novara - Applicazione Specifica
Sottosistema di Distanziamento Treni - Safety Case Rev L Emesso in data: 15/12/06
RFI 234.
A201 19 CF2 3W IS0000 A15 Tratta AV Torino Novara Applicazione Generica
Sottosistema di Segnalamento di Terra Safety Case Rev. D del 31/01/2006
RFI 235.
A201 19 CF2 3W IS0000 A19 Tratta AV Torino Novara Applicazione Specifica
Sottosistema di Segnalamento di Terra - Safety Case Rev. C del 31/01/2006
RFI 236.
[GATC_BSI_RAMS_0040] GATC Trainborne Safety Case, Version 5.4 del 28.10.2005
RFI 237.
RFI 238.
Conformity declarations for the approbatory period
RFI 239.
ASF/2005/10062 Tratta AV Torino Milano Sottotratta Torino Novara Sottosistema di
Segnalamento di Terra Applicazione Specifica Dichiarazione di conformità del 25/11/05
RFI 240.
A201 19 C F2 IS 00 0B A01 A Rapporto delle Verifiche di integrazione tra SST ASF e
SSB ALSTOM del 25/11/05
Conformity declarations for the revenue service
RFI 241.
ASF/RMS 726/2006 Tratta AV Torino Milano Sottotratta Torino Novara Sottosistema di
Segnalamento di Terra Applicazione Specifica Dichiarazione di conformità del 06/02/06
155/161
13.5 References for the Dutch and Belgian projects
PROR 1.
Wikipedia (General information)
PROR 2.
www.infrabel.be
PROR 3.
Implementing ERTMS on the Betuweroute, Signal+Draht 5/2007
PROR 4.
ERTMS/ETCS/GSM-R on the Belgian high speed lines L3 and L4, Signal+Draht
6/2007
PROR 5.
ProRail ERTMS trainborne integration plan A15 tracé, Version 2.0
PROR 6.
www.prorail.nl
13.6 References for the Spanish projects
RENFE 1
Annex 1 – GIF “III Normativa y Recomendaciones de Aplication”
RENFE 2
Annex II – “Condiciones tecnicas de los trenes (CTT)”
RENFE 3
Annex III – SIEMENS TS Rolling Stock “Estudio de la seguridad funcional
Vehiculos Ferroviarios AVE S103”
RENFE 4
Annex IV – SIEMENS “Sicherheitsnachweis S103 EVC España AVE
S102/S103 TRAINGUARD 200 EVC”
RENFE 5
Annex V – SIEMENS “Informe de validacion del sistema del S103 EVC
España AVE S102/S103 TRAINGUARD 200 EVC”
RENFE 6
Annex VI – SIEMENS TS Rolling Stock “Estudio de la seguridad funcional
Vehiculos Ferroviarios AVE S103 – Exported rules ”
RENFE 7
Annex VII – “Alta Velocidad Cordoba-Malaga Analisis preliminar de riesgos
de la aplication especifica de la linea Cordoba-Malaga”
RENFE 8
Annex VIII – “Analisis preliminar de amenacas de la aplication especifica de
la linea Cordoba-Malaga de Dimetronic ”
RENFE 9
Annex IX – “Caso de seguridad-Applicacion Especifica Cordoba-Malaga”
RENFE 10
Annex X – ADIF “Sistema Europeo de circulation de trenes ERTMS/ETCS”
156/161
List of abbreviations and acronyms
AC
Alternating Current
ACS
Apparato Centrale Statico (Italy)
ADIF
Administrador de Infrastructuras Ferroviarias (Spain)
ADL
Arthur D. Little
AEIF
Association Européenne pour l’Interopérabilité Ferroviaire
AF
Alstom Ferroviaria (Italy)
APR
Analyse Préliminaire des Risques (Preliminary Risk Analysis)
ASF
Ansaldo Segnalamento Ferroviario (Italy)
ASFA
Anuncio de Señales y Frenado Automáticoe (Spain)
ATB
Automatische TreinBeïnvloeding
ATO
Automatic Train Operation
ATP
Automatic Train Protection
B
Belgium
BACC
Blocco Automatico a Correnti Codificate (Italy)
BBT
Brenner Basis Tunnel
BHL
Berlin Halle Leipzig
BMB
Bombardier
BSC
Base Station Controller
BTM
Balise Transmission Module
BTS
Base Transceiver Station
CCS
Command, Control and Signalling
CERTIFER
French Notified Body
Cetren
Spanish Notified Body
CIRCA
Communication & Information Resource Centre Administrator
CR
Change Request
CSI
Concentrateur de Systèmes Informatiques (IT Systems Hub)
CTT
Condiciones Tecnica de los Trenes (Spain)
DB
Deutsche Bahn (German Railways)
DC
Direct Current
Designers choice
DMI
Driver Machine Interface
DPS
Dossier Préliminaire de Sécurité (Preliminary Safety File)
DS
Dossier de Sécurité (Safety File)
DTS
Directives pour Travaux de Signalisation (Signalling Works Directives)
DTT
Direction des Transports Terrestres (Land Transport Division)
157/161
DV
Dienstvorschrift (Service order)
EBC
German Notified Body
EC
European Commission
EEIG
European Economic Interest Group
EIRENE
European Integrated Railway radio Enhanced NEtwork
ENCE
Enclavamiento Electrónico (Electronic interlocking)
EOA
End Of movement Authority
EOQA
Expert ou Organisme Qualifié, Agréé (Qualified Approved Expert or
Organisation)
ERA
European Railway Agency
ERTMS
European Rail Traffic Management System
ETCS
European Train Control System
ETG
Elément à Turbine à Gaz (Gas Turbine Element)
ETH
Especificacion Técnica de Homologación (Technical Specification for
Homologation)
EU
European Union
EVC
European Vital Computer
FDMS
Fiabilité, Disponibilité, Maintenabilité, Sécurité (Reliability, Availability,
Maintainability, Safety)
FFFIS
Form Fit Function Interface Specification
FIS
Functional Interface Specification
FMEA
Failure Mode Effect Analysis
FN
Funcion Nacional (National Function)
FS
Full Supervision mode
FTA
Fault Tree Analysis
GAMAB
Globalement Au Moins Aussi Bon (Overall At Least As Good)
GAME
Globalement Au Moins Equivalent (Overall At Least Equivalent)
GASC
Generic Application Safety Case
GAT
Gestione ATtuatori (Italy)
GdV
Gestione della Via (Italy)
GEST
Poste de Gestion des Signalisations Temporaires (Temporary Signals
Management Station)
GSM-R
Global System for Mobile Communications - Railways
HA
Hazard Analysis
HABD
Hot Axle Box Detector
HC/HSL
High Capacity/High Speed Line
HSL
High Speed Line
158/161
IC
Interoperability Constituent
ICE 3
Inter City Express – 3rd generation
IM
Infrastructure Manager
IS
Impianto di Segnalamento (Italy)
ISA
Independent Safety Assessor
IVW
Inspectie Verkeer en Waterstaat (Dutch Safety Authority)
IXL
Interlocking
KMAC
Authentication Key
KMC
Key Management Centre
KVB
Contrôle de Vitesse par Balise (Balise Speed Control)
LAV
Línea de Alta Velocidad (High speed line)
LC
Level crossing
LD
Long Distance
LEU
Line side Electronic Unit
LGV-Est
Ligne à Grande Vitesse Est (French High Speed Line to the East)
LTV
Limitation Temporaire de Vitesse (Temporary Speed Limit)
LZB
Linien ZugBeeinflüssung (German ATP-system)
MA
Movement Authority
MISTRAL
Modules Informatiques de Signalisation, de Transmission et d’Alarmes
(Signal, Transmission and Alarm IT Modules)
MSC
Mobile-services Switching Centre
MTBF
Mean Time Between Failures
MTTR
Mean Time To Repair
NL
The Netherlands
NMBS
Nationale Maatschappij der Belgische Spoorwegen (Belgian Railways)
NoBo
Notified Body
NSA
National Safety Authority
NVP
Nucleo Vitale Periferico (Italy)
OBB
Österreichische Bundesbahn (Austrian Railways)
OBU
On Board Unit
ON
Organisme Notifié (Notified Body)
OS
On Sight mode
OSTI
Organisme ou Service Technique Indépendant (Independent Technical
Organisation or Service)
PCS
Posto Centrale Satellite (Italy)
POS
Paris-Ost-Frankreich-Süd-Deutschland (Paris – Eastern France – Southern
Germany)
159/161
PPF
Posto Periferico Fisso (Italy)
PRCI
Poste a Relais a Commande Informatisée (France)
PSC
Project Safety Case
PZB
Punktförmige ZugBeeinflüssung (German ATP-system)
QoS
Quality of Service
RA
Risk Analysis
RAMS
Reliability, Availability, Maintainability, Safety
RBC
Radio Block Centre
RENFE
Red Nacional de Ferrocarriles Españoles (Spain)
RFF
Réseau Ferré de France (French Infrastructure Manager)
RFI
Rete Ferroviaria Italiana (Italian Infrastructure Manager)
RFIG
Red Ferroviaria de Interes General (Main Railway Network of Spain)
RFU
Recommendation For Use
RTB
Rilevatore Temperature Boccole (Hot Axle Box Detector)
SAM
Système d’Aide à la Maintenance (Maintenance Support System)
SCC-AV
Sistema Controllo e Comando - Alta Velocità (Control-Command System
– High Speed)
SCMT
Sistema Controllo Marcia Treno (Italian ATP-system)
SDT
Sistema Distanziamento Treni (Italy)
SEI
Système d’Enclenchements Intégrés (France)
SH
SHunting mode
SIST
Sécurité des Infrastructures et des Systèmes de Transport (Infrastructure
and Transport Systems Safety)
SMB
StopMerkBorden (Marker Boards)
SNCB
Société Nationale des Chemins de fer Belges (Belgian Railways)
SNCF
Société Nationale des Chemins de Fer (French Railways)
SNCF IES
SNCF Direction Déléguée Système d’Exploitation et Sécurité (SNCF
Operational and Safety System Delegated Division)
SNCF IG.SF
SNCF Direction de l’InGénierie - Signalisation Ferroviaire (SNCF
Engineering Division – Rail Signals)
SNCF
IG.T.ERTMS
SNCF direction de l’InGénierie – Projet ERTMS (SNCF Engineering
Division – ERTMS Project)
SNCF
IG.T.SE
SNCF direction de l’InGénierie – Systèmes et Exploitation (SNCF
Engineering Division – Systems and Operation)
SR
Staff Responsible mode
SRAC
Safety Related Application Condition
SRFN
Sécurité du Réseau Ferré National (France)
SRS
System Requirement Specification
160/161
SSB
Sottosistema di Bordo (On Board assembly)
SST
Sottosistema di Terra (Track side assembly)
STM
Specific Transmission Module
STTE
Signalisations Temporaires propres à la Traction Electrique (Electronic
Traction Temporary Signals)
TAF
Track Ahead Free
TBL
Transmission Balise Locomotive (Belgian ATP-system)
THR
Tolerable Hazard Rate
TIRF
Tolerable Individual Rate of Fatalities
TIU
Train Interface Unit
TLC
Telecommunication
TOC
Train Operating Company
TSI
Technical Specification for Interoperability
TSI CR
Technical Specification for Interoperability Conventional Rail system
TSI HS
Technical Specification for Interoperability High Speed Rail system
TSI OPE
Technical Specification for Interoperability of the subsystem Traffic
Operation and Management
TSR
Temporary Speed Restriction
TVM430
Track to Train Transmission 430 (French ATP-system)
UN
UNfitted mode
UNISIG
UNion Industry of SIGnaling
WP
Work Package
ZN
Zona Neutra (Neutral Zone in catenary system)
161/161

WP2 Final Report - 17 September 2007

Transcription

Similar documents

3InSat – Results

EGNOS for rail applications

Useful advises to help you protect your Child From domestic

Life changes, the household changes Useful advises to help you

Pre-Qualify for the Design-Build of Israel Railway`s ETCS Track

Smart rail infrastructure, maintenance and life cycle costs.