Fundamental Requirements for Train Control Systems This Is a Visual Representation of the IRSE Fundamental Requirements for Train Control Systems (V1 – Dec 2014)

Fundamental requirements for train control systems This is a visual representation of the IRSE Fundamental Requirements for Train Control Systems (v1 – Dec 2014).

1 The fundamental requirements are shown in the orange boxes. The green Core Operational boxes indicate typical train control sub-systems, equipment, design features Requirements and procedures which are used to fulfil the fundamental requirements.

1.1 1.2 1.3 1.4 Facilitate efficient and Safety functionality should Reliability and maintainability Signalling degraded mode effective operation and use of have the minimum necessary must be sufficient to fulfil its operation should be provided infrastructure and rolling stock intrusion into efficient operational requirements to minimise reliance on human operation of railway intervention

Capacity, headway and Optimisation of System architecture Include alternative headways with traffic and design signalling routes in speed calculations for system design optimum traffic flows mix and attainable philosophy to speeds optimise reliability Operational flexibility Override systems to Avoiding excessive Back-up and standby maintain essential (eg. joining/splitting systems for trains, platform locking that constrains functionality operational flexibility maintaining full sharing, shunting) functionality Degraded mode

Mininise impact of signalling and signals Product and system time of operation of reliability testing signalling system prior to operation

Design for economic railway operations (eg minimise traction energy use)

2 Core Functional Safety Requirements

2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 Before a train can be authorised to move Once authority to enter a section of line is given, The train driver (or ATO) Sufficient space should Controls should be in place to prevent or mitigate the Protection Means should The signaller shall be There should There should Facilities onto a section of line, security of the route shall be maintained until shall be provided with be provided between consequences of should be be provided to provided with timely, be be a means for should be (a) (b) (a) (b) unambiguous information following trains to provided for protect unambiguous and communication preventing a provided to a) a train passing c) a train (or the line should be the line should be EITHER the whole train OR the authority is consistent with permit each to brake b) a train exceeding the public and engineering consistent information systems train being stop a train in the end point of vehicle) moving proved secure proved clear has passed through rescinded and the train controlling the train to a stand safely the maximum trains at level works and control facilities to between the routed onto a an emergency its authority to without has stopped, or has safely permitted speed crossings safely authorise train signaller and line with which move authorisation sufficient space to stop, movements others it is not

short of the section compatible

Block systems Train detection Route holding and Route/speed Braking distance Overlaps Train stabling and Vehicular crossings Possession and Signalling control & Telephone systems Use of operational Emergency stop releasing signalling and calculations starting procedures – various types lock-out systems indication systems procedures and control via Points Permissive working aspect sequences Flank protection & Radio systems timetabling signalling system Lineside signal Approach locking of Lineside signals other interlocking Warning systems Train describers Route setting and spacing protection Pedestrian Routing control via Voice routes for track workers Emergency comms communication locking crossings – various signalling system Lineside signs types Automatic route systems systems Train protection & Imposition of speed setting In-cab displays warning systems Crossing use/abuse restrictions monitoring systems Other automated 3 Automatic train Automatic Train and support Protection systems systems for traffic Essential Supporting operation / driverless trains management Safety Requirements Alarm systems

3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 The level of safety The signalling system and Specification and design of the Any failure of the system The signalling system shall not The signalling system The arrangements for system Personnel who use, operate performance should operating rules should system should take account of should maintain or revert interact unsafely with any shall be resilient to maintenance of modification and maintain the signalling meet specific targets be mutually compatible the human factors associated to a state that preserves other railway systems or unwanted adverse should be appropriate for the system shall be demonstrably with its safe use the safety of the trains equipment external influences safe operation of the system competent

Identification, Integrated Apportionment of Failure modes and Design of interfaces Resilience to Maintenance specs to Selection, training and assessment and approach to design functions between effects analysis to ensure safety external threats eg ensure RAMS targets initial assessment of control of risks of system and rules system and users compatibility cyber terrorism, continue to be met personnel Design philosophy vandalism. Electromagnetic Electromagnetic Design to prevent Specification and Rules for operation Simulate operation (eg fail-safe , fault immunity to non- inadvertent errors Periodic re-assessment demonstration of in degraded modes of system with tolerance) compatibility with during maintenance of competence other railway railway systems safety performance as well as normal users (in all modes) systems Relisience to harsh Condition monitoring Health and fatigue environments, inc and diagnostic aids for management / weather, climate maintenance monitoring of change Ease of modification personnel to system