Challenge

Assist Rail Safety Systems to develop its sophisticated, low-cost level crossing controller to Safety Integrity Level 3 (SIL3) standards and build the safety case required to gain type approval for trial.

Approach

Leveraging its extensive experience in developing high integrity systems and knowledge of CENELEC standards, Acmena adopted a pragmatic approach to directing the project safety program. Our consultants were responsible for conducting preliminary product specification and hazard analysis, in addition to performing exhaustive quantitative and qualitative analysis to ensure RAXS was developed to SIL 3 standards and demonstrate its compliance with relevant safety requirements.

Outcome

RAXS 2.0 has gained interim type approval from Queensland Rail and is in the final stages of ISA approval. The product is waiting to go into trial.

Acmena’s safety management expertise helps Australian start-up company, Rail Safety Systems, to develop an innovative, low-cost level crossing system to SIL3 standards.

Responding to the drive by state and federal governments to eliminate incidents and fatalities on level crossings throughout Australia by 2025, Rail Safety Systems formed in 201? to develop a high-integrity, low-cost ‘active’ control system that would help authorities to attain their zero-harm objective.

Developed specifically for use in rural and remote areas, where most crossings are currently protected by ‘passive’ signage, the Rail Active Crossing System (RAXS) is an innovative, fully autonomous system aimed at providing rail operators with a safer, cheaper alternative to conventional ‘active’ level crossing controls.

Designed as a modular solution for deployment across a variety of single and double track configurations, RAXS is comprised of three interlinked node types. Central to the system are the twin Active Trackside Road Signs (ATRS). Situated on either side of the tracks, the ATRS units employ a combination of flashing lights (RX5) and signage (RX2) to protect the crossing, with one unit configured to function as the System Controller.

Two Active Early Warning Signs (AEWS) can be installed up to 100m from the crossing to advise motorists of changed conditions ahead, while up to four Train Detection Nodes (TDN) can be used to activate the system from up to 1.3km away.
With each node using wireless technology and powered by its own solar array and battery, RAXS has no mains power or cabling requirements that necessitate expensive earthworks, which substantially reduces installation time and cost.

Safety in Sophistication

To ensure RAXS would function safely and reliably in the harsh operating environments it is intended for, Rail Safety Systems elected to design the system to stringent CENELEC SIL 3 standards, which requires that it must remain safe in the event of any likely failure.

To achieve this standard, both the ATRS and AEWS units feature Fail-to-Safe technology that employs an electromagnetically controlled shutter system to release an RX2 ‘STOP’ sign if a safety-critical fault occurs in one or more nodes. Automatic deployment of the RX2 signage ensures the crossing remains protected, with the system remaining in its fail-to-safe state until it can be repaired by service crews. Given the response time to fix equipment in remote areas can be significant, this is a vital safety consideration.

In addition to the Fail-to-Safe shutter system, RAXS employs a combination of sophisticated techniques and technologies to achieve the required safety level, including the use of polled multi-processor architecture in each node to perform continual system diagnostics and prevent the occurrence a single point of failure (SPOF) in the hardware. Similarly, EN50159 Cat 3 encryption, redundant links and frequency hopping broad spectrum signalling to is used protect the wireless network.

Developing the System to SIL 3 Standards

As RAXS was being designed to SIL 3 standards, developing such a complex system and demonstrating that it meets the required criteria for RAMS (EN50126), software (EN50128) and communications (EN50129) would require extensive analysis and testing, in addition to significant expertise and experience in the application of CENELEC standards. Subsequently, to support their efforts to pass independent safety assessment and gain type approval for RAXS, Rail Safety Systems engaged Acmena to manage and direct overall product safety, in addition to providing RAMS and validation lead services.

“Acmena played a key role in developing the product’s architecture and its success,” said Rail Safety System’s Chief Technology Officer. “Our engineering team had extensive skills in leading edge technologies that we were incorporating into the product, but did not have extensive experience in applying the CENELEC standards. Acmena not only trained the team, but fundamentally reviewed and assessed the developing product against them and provided pragmatic guidance and direction to ensure full CENELEC compliance.”

Acmena’s consultants performed exhaustive Failure Modes and Effect Analyses (FMEA) at the system-, node- and component levels, analysing over 500 components in total with over 3,400 failure modes considered. The FMEAs were subsequently used to provide input for detailed Fault Tree Analyses, which were performed to demonstrate that each functional hazard met with its specified Tolerable Hazard Rate.

By working closely with Rail Safety Systems personnel, Acmena’s consultants not only played a key role in helping to develop RAXS 2.0 to SIL 3 standards and subsequently demonstrating that the system’s safety requirements had been met, their extensive analysis also resulted in a number of design improvements being identified and implemented, in addition to the establishment of CENELEC-compliant development processes, which RSS can employ for future products.

Utilising their experience in the pragmatic application of CENELEC standards and high integrity product development, Acmena’s consultants have been able to compile a successful safety case for RAXS. The system has been cleared for interim type approval by Queensland Rail, enabling it to go in to trial and full type approval and is in the final stages of ISA approval.

“Acmena complemented our engineering team by ensuring there was rigorous and systematic approach to safety analysis and implementation of safety controls,” said Foster. “A product development of this size and complexity will have a broad range of risks and challenges when it comes to independent safety assessment. Acmena provided extensive support in ensuring that we were ready and prepared for the assessment, that the safety integrity of the product was thoroughly analysed and justified, and the questions, queries and recommendations coming from the ISA were appropriately addressed.”

Expertise

RAMS

Safety Management

Validation Services

For more information