Using functional analysis to determine the requirements for changes to critical systems: Railway level crossing case study Joe Silmon, Clive Roberts Centre for Railway Research and Education, Gisbert Kapp Building, University of Birmingham B15 2TT, UK Reliability Engineering and System Safety 95 (2010) 216-225
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Using functional analysis to determine the requirements for changes to critical systems:
Railway level crossing case study
Joe Silmon, Clive Roberts Centre for Railway Research and Education, Gisbert Kapp Building, University of
Birmingham B15 2TT, UK
Reliability Engineering and System Safety 95 (2010) 216-225
Level crossings -> Components of railway networks with the greatest risk of collusion and possibly derailment.
Analysis of functional interactions will inform the choices of asset owners wishing to upgrade their existing systems.
OverviewOverviewOverviewOverview
• Level crossing -> a weak point in terms of railway safety
• The onus has always been on the railway operator to reduce the risk of collusion at level crossings.
• In this paper:
• The factors affecting risk at level crossings are reviewed.
• The case of the automatic half-barrier level crossing (AHB) is examined in detail.
• A hypothetical obstacle detection system is introduced.
• How functional analysis can be used to better understand the operation of the AHB and determine the best points to improve the system?
• A case study -> To provide an example of how functional analysis creates a framework for through examination of a system.
The Objective of the ResearchThe Objective of the ResearchThe Objective of the ResearchThe Objective of the Research
• Hazards: Something which can cause harm.
• Risk: The likelihood that a hazard will cause harm, together with a measure of the severity of the harm caused.
• The hazards presented by a level crossing are:
• Collision between trains and road vehicles
• Collision between trains and pedestrians
• Collision between road vehicles and level crossing equipment
• Slips, trips, and falls by pedestrians
• Collision between pedestrians and level crossing equipment.
Review of hazards, risk and mitigation at level crossingsReview of hazards, risk and mitigation at level crossingsReview of hazards, risk and mitigation at level crossingsReview of hazards, risk and mitigation at level crossings
• According to the British Safety Risk Model, level crossings account for 11.8 “fatalities and weighted injuries (FWI)” per year, comprising 8.4% of the total system risk for the railway network.
...Review of hazards, risk and mitigation at level crossings...Review of hazards, risk and mitigation at level crossings...Review of hazards, risk and mitigation at level crossings...Review of hazards, risk and mitigation at level crossings
• The figure shows the sources of risk for train accidents at level crossings, i.e. collusions between road and rail vehicles.
...Review of hazards, risk and mitigation at level crossings...Review of hazards, risk and mitigation at level crossings...Review of hazards, risk and mitigation at level crossings...Review of hazards, risk and mitigation at level crossings
• AHB was introduced accross Europe in the 1950s and the 1960s.
• It was designed to improve the flow of road traffic by minimising the time the road is closed , and to be more economical by dispensing with manually operated crossing gates.
• Description of the system: Operation is triggered by the approach of a train. A warning sequence starts and is soon followed by the lowering of barriers which extend accross half of the carriageway only, allowing vehicles already on the crossing to exit.
Case study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossing
• AHB history: In Great Britain, the AHB crossing was installed from the mid 1960s. Initially, the time between strike-in and the arrival of a train was designed to be 24 s.
Case study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossing
• The recommendations were carried out, and signage has been improved continuously over the past 35 years.
Case study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossing
• Current warning signs:
Case study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossingCase study: The automatic half-barrier level crossing
• It is desirable to have a means of instructing trains to stop when they are approaching a level crossing which is obstructed.
• The introduction of extra equipment for this function will have a negative impact on the overall reliability of the level crossing system, if the system is configured to depend on the new equipment ->-> Because no equipment can be 100% reliable.
• However, the system will also have a positive effect on safety, because it will reduce the chances of a collision occuring when a road vehicle becomes struct on the crossing.
• The system is assumed to be intelligent enough to tell the difference between a car moving slowly and one that is stationary. -> -> There are no circumstances under which a car should stop on a level crossing, any stationary vehicle on the crossing can be assumed to be in trouble.
• This system is called the future obstacle detection system (FODS).
The future obstacle detection systemThe future obstacle detection systemThe future obstacle detection systemThe future obstacle detection system
• AHB level crossing has been modelled in 2 stages:
• A general model of its operation has been built up by gaining an understanding of how it functions overall
• Then, decomposing this function into smaller parts which interact with each other.
• This has been done for each of the following three variants:
• The original 1960s design
• The modern-day design
• The modern-day design with the addition of the future obstacle detection system
Modelling the operation of the level crossingModelling the operation of the level crossingModelling the operation of the level crossingModelling the operation of the level crossing
The functional modelling of the level crossing begins by defining its function as a whole.
Its function: To manage the road-rail interface in a safe and expedient manner.
Then, the functional model is refined by decomposing this function into smaller functions which interact together to give the desired effect.
Functional decompositionFunctional decompositionFunctional decompositionFunctional decomposition
The interaction between each function is best shown using an enhanced functional flow block diagram (EFFBD), where the functions are sometimes arranged in a different configuration in the hierarchy, according to the order in which the functions are performed.
...Functional decomposition...Functional decomposition...Functional decomposition...Functional decomposition
...Functional decomposition...Functional decomposition...Functional decomposition...Functional decomposition
• It is desirable to obtain a numeric indicator of how effective the level crossing system is, taking into account several other measures which are key to its performance.
• For a level crossing, the important factors are safety and availability.
• MTBF: Mean time between failure
• MTTR: Mean time to repair failure
• Availability (Ai) is a function of MTBF and MTTR.
• 2 factors have been chosen to represent the safety of the system:
• Percentage of failures of the crossing equipment which are safe.
• Probability of a collision on the crossing being avoided, given that a vehicle causes an obstruction at a random time.
• When all 3 are combined, a percentage rating is obtained which indicates how available and safe the system is:
System effectivenessSystem effectivenessSystem effectivenessSystem effectiveness
• Three AHBs were assessed in this study. Using the statistics gathered, it is possible to
determine MTBF and MTTR, and therefore determine Ai using:
AvailabilityAvailabilityAvailabilityAvailability
• Failures can either be right-side or wrong-side.
• Right-side failures result in degraded performance of the system, with disruption to services, but no increase in risk. Ex: Crossing closes the road when no train is approaching.
• Wrong-side failures increase the risk of accidents. Ex: Crossing fails to close when a train is approaching.
Safe failuresSafe failuresSafe failuresSafe failures
• A test scenario has been created in order to simulate the functional model of the crossing in a realistic environment.
Collision probabilitiesCollision probabilitiesCollision probabilitiesCollision probabilities
Calculation of system effectivenessCalculation of system effectivenessCalculation of system effectivenessCalculation of system effectiveness
...Calculation of system effectiveness...Calculation of system effectiveness...Calculation of system effectiveness...Calculation of system effectiveness
• An improvement in safety performance may not justify the expense and disruption of installing new technology for the detection of obstructions on level crossings.
• Consideration must be given to all types of performance requirements when evaluating the use of extra components.
• Using functional modelling and reliability analysis, a fuller picture can be gained of the benefits and disadvantages of introducing new technology.
ConclusionsConclusionsConclusionsConclusions
Related Documents
