sign in sign up
<<
Home , Automatic Train Control, Solid State Interlocking, Work train

ATTACHMENT C PART 2 – ATC SYSTEM

MARYLAND TRANSIT ADMINISTRATION

CONTRACT T-8000-1415 AUTOMATIC CONTROL TECHNICAL SPECIFICATION THIS PAGE INTENTIONALLY LEFT BLANK Contents

1 GENERAL REQUIREMENTS 2 COMMUNICATIONS BASED TRAIN CONTROL REQUIREMENTS 3 MAIN LINE AND STORAGE YARD SOLID STATE REQUIREMENTS 4 AUTOMATIC TRAIN SUPERVISION REQUIREMENTS 5 DATA COMMUNICATIONS SYSTEM REQUIREMENTS 6 AUXILIARY WAYSIDE EQUIPMENT REQUIREMENTS 7 ENVIRONMENTAL AND EMC 8 SYSTEM SAFETY REQUIREMENTS 9 RELIABILITY, AVAILABILITY, AND MAINTAINABILITY REQUIREMENTS 10 INSTALLATION CUTOVER AND CONSTRUCTION REQUIREMENTS 11 ATC TESTING 12 QUALITY ASSURANCE AND CONTROL 13 TECHNICAL SUPPORT 14 TRAINING

Attachment C, Part 2, ATC System T-8000-1415 i September 2015 THIS PAGE INTENTIONALLY LEFT BLANK

Attachment C, Part 2, ATC System T-8000-1415 ii September 2015 SECTION 1 GENERAL REQUIREMENTS

Contents

1.1 GENERAL...... 1-1

1.2 PROJECT OBJECTIVES ...... 1-2

1.2.1 PROVEN DESIGN...... 1-3

1.2.2 COMMISSIONING ON A REVENUE SYSTEM...... 1-3

1.2.3 DESIGN LIFE...... 1-3

1.3 SCOPE OF WORK...... 1-3

1.3.1 ATC SYSTEM TERRITORY ...... 1-4

1.3.2 GENERAL TASKS IN SUPPORT OF THE ATC SYSTEM...... 1-8

1.4 CDRL ITEMS ...... 1-9

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS i September 2015 SECTION 1 GENERAL REQUIREMENTS

1.1 GENERAL A. This Part 2, Technical Specification ATC System, defines requirements for the design, supply, installation, integration, cutover, performance, testing, commissioning, and safety certification of a complete (ATC) system based on service-proven Communications Based Train Control (CBTC) technology, which includes all wayside, carborne, Automatic Train Supervision (ATS), Data Communication System (DCS),Mainline (SSI), Storage Yard Solid State Interlocking (SSI) and Auxiliary Wayside System (AWS) equipment, to replace Maryland Transit Administration’s (MTA) existing cab signal system on the Metro. The Contractor shall manage, design, develop, manufacture, deliver, store, construct, install, integrate, test, commission, cutover, and safety certify the ATC System and related system equipment in accordance with the requirements of this Technical Specification Part 2 ATC System, Part 1 Program Management and Common Technical Requirements, and Part 3 Railcar. B. The new ATC System shall meet all the requirements of this Specification and shall take into account the existing constraints on the wayside and car fleet, interface with existing infrastructure and Metro Operations Control Center (MOCC) to provide Automatic Train Control (ATC) functionality to sustain operations. The new ATC System shall be installed, tested, and safety certified by the Contractor on the currently operating rapid transit system with minimum disruption to existing passenger service. C. The Contractor shall be solely responsible for the detailed design of the ATC System and shall provide a system that is in all respects compliant with this Technical Specification and fully functional. The Contractor’s ATC System shall meet or exceed the functional, performance, operational, and safety requirements of this Technical Specification. D. The implementation of the new ATC system will likely require the construction of temporary facilities to house temporarily the SSI and related equipment. Not all TC&C rooms have sufficient space to permit the installation of all the ATC equipment at once, and therefore as described in section 10, a phased approach which requires temporary room construction will be required. There is available space as necessary for a temporary configuration in each location as follows: 1. Johns Hopkins – Room 105 has 11' × 12' useable space to support the temporary configuration. 2. Shot Tower - Not currently used to house any TC equipment. 3. Charles Center - The east end open area has space to support the temporary configuration. 4. State Center - The west end open area has an 11' × 17' space to support the temporary configuration. 5. Upton - Storage room 313 has a 16' × 18' space that could be used for the temporary configuration.

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-1 September 2015 6. Penn North - Room #305 is 5' × 11' and Room #307 is 6' × 14'. Both are available to support the temporary configuration. 7. Mondawmin - An adjacent area of 12' × 19' could be built-out to support the temporary configuration. 8. Rogers Avenue -A mechanical room of 5' x 19' exist that could support 1 row of temporary configuration racks. 9. Reisterstown Plaza - Within the Traction Power Substation there exists an available 20'x20' space; or, there is space on the platform and at grade to support the temporary configuration. 10. Milford Mill - Room #715 has an 8' × 9'available space; or, there is space available in the station Lobby to support the temporary configuration. 11. McDonogh Road – Space for a separate standalone structure sitting on the ground next to the building with sufficient space to support the temporary configuration. 12. Owings Mills – An existing air shaft that has an 11' × 19' space that could be built-out to support temporary configuration. 13. Yard - Sys Maint Shop-Space for a separate standalone structure sitting on the ground next to the building to support the temporary configuration. 14. There is available space in each of the following TC&C rooms to support a temporary or permanent configuration:

 Lexington Market  Portal  West Cold Spring  Old Court  Yard - Wabash Shop

1.2 PROJECT OBJECTIVES The primary objectives of this project are: A. Procure a complete CBTC-based ATC System to replace the MTA’s existing life-expired cab signal system B. Utilize proven technologies for each system element to minimize development cost and implementation risk C. Provide a complete system that satisfies all the specified requirements for Performance, Reliability, Availability, Maintainability and Safety. D. Implement the new ATC System as an integrated program together with the new project so that the ATC System and the new rail cars can be introduced into service with minimal disruption to ongoing Metro passenger service.

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-2 September 2015 1.2.1 Proven Design A. All major hardware equipment and software elements of the proposed ATC System shall have successful passenger-carrying service experience on an urban rail transit system and shall include the following: 1. Carborne and wayside CBTC subsystems 2. Solid State Interlocking control equipment 3. Automatic Train Supervision system 4. Train Detection systems 5. Data Communication Systems including wayside and carborne data radios 6. Wayside equipment B. It is recognized that a fully integrated, off-the-shelf, service-proven ATC System may not be available to meet all the requirements of this Technical Specification, and that various levels of adaptation, customization of hardware and software elements identified above may be necessary. In some cases, such as interfaces, development of new hardware and software elements may also be required for adaptation. C. The Contractor shall identify any signal equipment or functionality that is not proven in revenue service (CDRL 1-1). 1.2.2 Commissioning on a Revenue System The Contractor shall install, test and safety certify the furnished ATC System and equipment on the project line when allowed access only several hours a night (or weekends) for equipment installation and test. The Contractor shall ensure that all work performed on the MTA Metro system does not result in delays to subsequent revenue service operation, and that any work performed does not create unsafe conditions or result in a degradation of service to the Metro riding public. 1.2.3 Design Life The ATC System shall have a minimum design life of 30 years. The ability of the ATC System to remain in operation to the end of its design life will be supported by long-term availability of parts. The Contractor shall provide all new equipment except where specifically noted in this Technical Specification that the equipment is “by others” or is to be reused as approved by the MTA. 1.3 SCOPE OF WORK A. This Technical Specification Part 2, ATC System, is generally complete and comprehensive, but is not intended to describe all work details to be performed and therefore must be supplemented by the Contractor’s experience in designing, installing, cutting-over, testing, and certifying signal systems to achieve the performance and functional requirements. It is required that the Contractor examine the details of the existing signal system currently supporting Metro operations and become knowledgeable of the constraints of the operations and infrastructure, and apply its detailed design and testing capabilities to meet the requirements described herein as well as those requirements that may not be fully or sufficiently defined but are nonetheless discoverable requirements that sustain the current Metro System operations and maintenance.

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-3 September 2015 B. For all interfaces of the ATC System, the Contractor is responsible for the design, compatibility, termination, and successful testing of its ATC System equipment to any other system that may be provided by others. The Contractor shall supply and install the interface, required cabling, and all equipment required to protect such interfaces, as required in this Technical Specification. If the ATC System interface is to existing signal equipment, the Contractor shall install the interface and new cabling, and successfully test the physical interface connection to its equipment. 1.3.1 ATC System Territory ATC System territory for the furnishing, installation, testing, and cut-over of the ATC System equipment under this Contract shall encompass the entire Metro system revenue territory and Yard tracks as shown in the Project Line Drawings, and the limits described in Section 2. 1.3.1.1 ATC System Equipment A. The Contractor shall provide an integrated system that shall comprise the following subsystems: 1. Wayside Communications Based Train Control equipment including all cables required for the signal equipment rooms and trackside 2. Carborne system equipment required for the new fleet 3. Mainline and Storage Yard Solid State Interlocking equipment including all cables required for interfacing with all associated field equipment 4. Automatic Train Supervision system including OCC servers, workstations, and System Overview Displays and integrated external interfaces (e.g., SCADA system control and monitoring displays) 5. Data Communication System equipment including cables for the wayside and room network, radio network, interface to existing DTS, Code systems, OCC as required 6. Power System equipment including disconnects and cables as required to support all ATC System equipment 7. Auxiliary Wayside System equipment, cabling and interfaces as required to incorporate all trackside equipment into the integrated ATC System B. The Contractor shall furnish all new material except where specifically noted in this Technical Specification that the equipment is “by others” or is to be re-used as approved by the MTA. There are available conduits in existing duct banks that may be utilized when installing new cable. If the available conduits are insufficient for the installation, the contractor shall furnish an acceptable raceway for the cable installation. 1.3.1.2 Wayside Communications Based Train Control System Equipment Wayside CBTC system equipment shall, as applicable, include the following: A. Equipment in TC&C rooms: 1. Vital processor equipment for train tracking and movement authorization logic 2. Vital and non-vital relays / Interface to SSI 3. All circuit protection and security

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-4 September 2015 4. Communication interface to DCS 5. Event/ data loggers 6. Diagnostic equipment and tools 7. Software and databases 8. Cabinets/ racks 9. All wiring and cables required within the rooms 10. Grounding and lightning protection B. Equipment at side: 1. Train position detection equipment (e.g., Transponders) 2. Radio, antennas, and related power and communications equipment and cabling C. All other Wayside CBTC equipment required to meet all ATP, ATO, and ATS/OCC interface requirements as defined in the Technical Specifications. 1.3.1.3 Carborne Communications Based Train Control System Equipment Carborne system equipment shall, as applicable, include the following A. Equipment inside cars/ cab: 1. Train movement enforcement processors and modules 2. Communication equipment wired/ radio 3. Software and databases 4. Car system interface equipment 5. Event/ data logger 6. CBTC radio antenna B. Under car equipment: 1. Speed sensing equipment 2. Antennas (e.g., Transponder) 1.3.1.4 Solid State Interlocking Equipment SSI system equipment shall, as applicable, include the following: A. Equipment in TC&C rooms: 1. Vital processor equipment for signal interlocking and control logic 2. Vital and non-vital relays 3. All circuit protection and security 4. Communication interface to DCS 5. Event/ data loggers Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-5 September 2015 6. Interface to existing AF and PF track circuits 7. New PF equipment as required 8. Maintenance/ operator display/ panel/ work station 9. Diagnostic equipment and tools 10. Software and databases / Boolean logic 11. External cables, conduits, hardware 12. Cabinets/ racks 13. All wiring and cables required within the rooms 14. Grounding and lightning protection B. Equipment at track side: 1. Track circuits as required 2. Cables 3. Junction boxes and wayside cases 4. Cables, conduits, cable support systems 5. Power and signal bonding 1.3.1.5 Automatic Train Supervision Equipment ATS system equipment shall, as applicable, include the following: A. Equipment at OCC: 1. Primary Server system in redundant configuration to support: a. Scheduled revenue operation b. ATS functionality and performance as per requirements in this Specification c. Database management d. Archiving and Incident management e. Operator work stations and Supervisor consoles f. Diagnostic equipment and tools g. Report generation B. Equipment in Backup Center (Wabash): 1. Secondary Server system in redundant configuration to support all ATS functionality upon switchover to the backup system 2. Back-Up Operator work stations and Supervisor consoles 3. Diagnostic equipment and tools 4. ATS training workstations and simulator Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-6 September 2015 C. The MTA will not provide additional information regarding the operating systems at the OCC or the Backup Center. If the Contractor requires additional information, the request shall be made to the equipment supplier (ARINC). The MTA will provide contact information for ARINC as necessary. 1.3.1.6 Data Communication System (DCS) Equipment DCS equipment shall include the following: A. Wired communications network including all backbone infrastructure equipment and cables to support vital and non- vital communication between TC&C rooms and OCC, maintenance shop/ yard, and dispatcher offices as required B. All other data communication equipment required to meet all ATP, ATO, and DCS requirements as defined in the Technical Specification C. Data radio/ wireless communication network as required to support interfaces between the Train and the Wayside D. Software, databases, configuration, and security protocols as required E. Maintenance and diagnostic tools as required 1.3.1.7 Power System Equipment Power System equipment shall, as applicable, include the following: A. Wayside power equipment and distribution system for all ATC System equipment located inside rooms, cases, junction boxes and track side; B. Car borne power equipment and distribution system for the CBTC subsystem located inside and under the cars C. All power cables, terminations, interface racks, and protection as required D. Maintenance and diagnostic tools as required E. Grounding and Lightning Protection 1.3.1.8 Auxiliary Wayside System Equipment The Auxiliary Wayside Equipment, as applicable, include the following: A. Cabling to connect the AWS equipment – Note-Existing Cabling in Wabash Yard is not required to be replaced B. Signals C. Trip Stops if necessary D. PF Track Circuits as necessary E. Wayside Pushbuttons if necessary F. Signal Room equipment to support terminations and communications G. Power equipment H. Local Control Panels

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-7 September 2015 I. Maintenance and Diagnostic Tools 1.3.1.9 Interface and Support Equipment Interface and support equipment shall, as applicable, include the following: A. All equipment, cables, cabling terminations, software, hardware, power, security, protection for interfacing with any existing wayside signal, communication and power equipment, as required B. All carborne interfaces as below: 1. All necessary interface, monitoring, and control equipment to the cab controls and indications, including the train operator console and train operator’s display 2. All necessary interface, monitoring, and control equipment to the on-board propulsion, brake, door, event recorder, vehicle monitoring, trainlines, and networks C. All required interfaces and connections to the OCC, operator, and remote workstations, overview displays, data communication interfaces, and equipment to support revenue operations under the new ATC System D. All CBTC/signal system equipment required to equip a designated Dynamic Test Track for testing of a significant portion of ATP, ATO functionality, and to perform a Daily Test for all entering revenue service E. Any new equipment for the OCC required to meet all ATC System requirements as defined in this Technical Specification F. Simulators, development equipment, and tools 1.3.2 General Tasks in Support of the ATC System The Contractor shall also perform the following: A. Design, test, and safety certify the entire ATC System, including all CBTC system equipment on the cars, wayside, DCS, and interface to the OCC. B. Provide O&M training for MTA staff as per requirements in this Technical Specification. C. Provide technical support through both onsite and on-call personnel throughout the entire Contract up to and including final acceptance and end of the warranty period D. Develop and provide manuals and other documentation necessary for installation, operations, and maintenance of all ATC System equipment. E. Perform safety analysis, safety validations and verification activities, safety certification activities. F. Provide reliability and maintainability analyses and demonstration tests. G. Provide warranty support. H. Provide installation, test and commissioning and cutover tools, equipment and simulators, including diagnostic test equipment (portable and maintenance shop) and special tools. I. Provide initial provisions, modules, subassemblies, equipment, and special tools required for operational and maintenance support. Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-8 September 2015 J. Perform any and all necessary surveys, including communication environmental studies, analyses and tests required to support the design, installation, testing, and commissioning of the ATC System. K. Perform all other tasks, submittals, and provisions as defined in this Technical Specification. L. Perform any signal equipment removals as required. 1.4 CDRL ITEMS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Prior to No. CDR PDR FDR Post FDR Service 1-1 ATC Items Not Proven with Prior Experience X

Attachment C, Part 2, ATC System T-8000-1415 Section 1 – General Requirements TS 1-9 September 2015 SECTION 2 COMMUNICATIONS BASED TRAIN CONTROL REQUIREMENTS

Contents

2.1 GENERAL...... 2-1

2.2 SCOPE OF WORK...... 2-1

2.3 CODES AND STANDARDS...... 2-1

2.4 OPERATING REQUIREMENTS FOR CBTC SYSTEM ...... 2-2

2.4.1 LINE OPERATING REQUIREMENTS...... 2-2

2.4.2 OPERATIONS PLAN SUPPORT REQUIREMENTS...... 2-3

2.4.3 FLEET AND TRAIN CONFIGURATIONS...... 2-4

2.4.4 TRAIN OPERATING MODES ...... 2-4

2.5 PERFORMANCE REQUIREMENTS...... 2-5

2.5.1 CAPACITY REQUIREMENTS...... 2-5

2.5.2 HEADWAY REQUIREMENTS...... 2-5

2.5.3 PERFORMANCE TIMING REQUIREMENTS...... 2-5

2.6 FUNCTIONAL REQUIREMENTS...... 2-6

2.6.1 ATP FUNCTIONAL REQUIREMENTS...... 2-7

2.6.2 ATO FUNCTIONAL REQUIREMENTS...... 2-16

2.6.3 YARD FUNCTIONALITY ...... 2-19

2.6.4 DRIVERLESS OPERATION MODE...... 2-20

2.7 CBTC SYSTEM HARDWARE REQUIREMENTS ...... 2-20

2.7.1 FAULT-TOLERANT DESIGN...... 2-20 Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-2-i September 2015 2.7.2 GROUNDING, SURGE, TRANSIENT AND LIGHTNING PROTECTION...... 2-21

2.7.3 MATERIAL SPECIFICATION ...... 2-22

2.7.4 CBTC SYSTEM ACCESS SECURITY ...... 2-22

2.7.5 ZONING OF EQUIPMENT...... 2-23

2.7.6 TC&C ROOM CBTC EQUIPMENT...... 2-23

2.7.7 TRACKSIDE CBTC EQUIPMENT...... 2-27

2.7.8 POWER SOURCES AND DISTRIBUTION...... 2-28

2.8 SOFTWARE...... 2-29

2.8.1 DOCUMENTATION...... 2-29

2.8.2 SOFTWARE DEVELOPMENT AND CONFIGURATION MANAGEMENT PLAN (SDCMP) 2-30

2.8.3 SOFTWARE REQUIREMENTS SPECIFICATION...... 2-32

2.8.4 SOFTWARE CONFIGURATION ITEMS LIST...... 2-32

2.8.5 DATABASE DESIGN DESCRIPTION...... 2-33

2.8.6 SOFTWARE DESIGN DESCRIPTION...... 2-33

2.8.7 SOFTWARE TEST PLANS ...... 2-34

2.9 CONTRACT DATA REQUIREMENTS LIST ...... 2-34

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-2-ii September 2015 SECTION 2 COMMUNICATIONS BASED TRAIN CONTROL REQUIREMENTS

2.1 GENERAL This Section includes the design, fabrication, and installation requirements of the CBTC system including Operating, Performance, Functional, and Hardware requirements to be provided by the Contractor. 2.2 SCOPE OF WORK The Contractor shall: A. Furnish all labor, materials, tools and equipment to design, build, install, test and commission a CBTC system and make the necessary mechanical and electrical interfaces as specified herein. B. Develop, design, and install the software and assemble the databases for the CBTC system to deliver the performance and functional requirements specified herein. C. Prepare and furnish all documentation and drawings related to the work for both hardware and software for MTA approval for installation and interfacing to existing infrastructure, facilities, power, and communications. D. Prepare comprehensive design reviews of all the work in accordance with the project schedule. E. Perform all necessary field surveys, room measurements, analyses, and tests required to support the design, installation, and commissioning of the CBTC system. F. Design and furnish all the interfacing equipment and cabling required to connect to the existing Metro circuits, power, track, data, control, etc. G. Ship, receive, store, and install all equipment necessary for the complete CBTC system including interfacing to existing Metro equipment and facilities. 2.3 CODES AND STANDARDS The CBTC system equipment provided by the Contractor shall be subject to the requirements of the following codes and standards. A. AREMA Communications and Signals Manual of Recommended Practices; B. All Metro specifications and standards as outlined in Appendices; C. U.S. Department of Transportation, FRA Office of Safety Title 49: Rules and Regulations Governing Railroad Signal and Train Control Systems (Parts 233, 234 and 236); D. IEEE Standard 1474.1-2004, IEEE Standard for Communications-Based Train Control (CBTC) Performance and Functional Requirements Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-1 September 2015 E. IEEE Standard 1483-2000, IEEE Standard for the Verification of Vital Functions in Processor- Based Systems Used in Rail Transit Control. F. Federal Highway Administration, “Manual on Uniform Traffic Control Devices”; G. National Electrical Code; H. National Electrical Safety Code; I. NFPA 130 – Standard for Fixed Guideway Transit and Passenger Rail Systems; J. Local and State Electrical Code; K. Underwriter Laboratory standards. L. IEEE Std. 1475-1999, IEEE Standard for the Functioning of and Interfaces Among Propulsion, Friction Brake, and Train-Borne Master Control on Rail Rapid Transit Vehicles M. IEEE C37.90.1-2002 - IEEE Standard Surge Withstand Capability (SWC) Tests for Relays and Relay Systems Associated with Electric Power Apparatus N. IEEE Standard 1558-2004 - IEEE Standard for Software Documentation for Rail Equipment and Systems O. IEEE Standard 1008-1987 (R2009), Standard for Software Unit Testing 2.4 OPERATING REQUIREMENTS FOR CBTC SYSTEM A. For design purposes, it is to be assumed that MTA Metro system is a 24/7 operating railroad with cars that annually average 56,000 miles per car at a current average speed of 35 mph. B. The CBTC system shall provide command and control of all movement of trains throughout the entire Metro system including all main line, storage, siding, tail, shop, and Yard tracks. Wherever a train can travel, CBTC functionality shall be provided as described herein. 2.4.1 Line Operating Requirements The CBTC system shall be designed to include the following: A. Provision to support a revenue service capacity and operating headways as specified herein. B. Provision to achieve existing headways (at a minimum) with no increase to travel times. The CBTC system shall support the sustained peak operating headway under normal operating conditions on the project line in the normal and reverse direction of travel. The sustained operating headway shall only be limited by Metro’s physical and operational constraints. C. Provision of the required headway while not extending existing scheduled trip times. The architecture of the CBTC system shall be such that the existing terminals are capable of supporting operations at the specified level without changes to the existing track configuration and without changing Metro’s operating practices. D. Provision for vital and complete station berthing of trains used for current service operations to enable full passenger exchange on platforms utilizing all train doors. E. Provision to support existing Metro service route patterns and also support single-track operation on any segment or segments of main track between existing crossover facilities.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-2 September 2015 F. Provision for maximum allowed design speed for the CBTC system in order to maintain passenger comfort and not exceed civil speed and jerk limits. G. Maximum authorized speed for trains not stopping at stations must not exceed 30 mph while passing the platforms. H. The maximum operating speed for the system is 70 mph; civil speed limits by location shall be adhered to. I. Dwell times at all Metro stations shall be assumed to be 30 seconds from wheel-stop to wheel- start. J. If dwell time is increased, the following train shall not be delayed more than the increase in dwell time. K. For terminal dwell times at the ends of the line, the minimum dwell time to be assumed is 3 minutes. L. Minimum turnback times at Johns Hopkins and Owings Mills are assumed to be 6 to 7 minutes. This is essentially the physical time required (i.e., not including signal time) to turn a train back, for the Train Operator to change ends. M. Provision to support the reverse-direction signaled operation for revenue and non-revenue traffic. N. The ability to use designated tracks on the line and yard tracks for turnback operation as needed. O. Provision for train detection and vital separation to allow safe movements of vehicles with failed carborne system equipment. P. Provision to support all train operations, control of , transfer of control and train operating modes, and operational flexibility as currently exists at the OCC for Metro operations. 2.4.2 Operations Plan Support Requirements The CBTC system shall as a minimum allow Metro operations to efficiently, without any degradation, conduct their established operations plan including the following aspects: A. Metro service plan and operating schedule B. Schedule and headway operation functions, and the change from one mode of operation to the other C. Emergency train movement operation D. Train entry/exit from signaled territory E. Turnback and dispatch F. Operation and safety verification procedures G. System recovery procedures H. Train recovery procedures

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-3 September 2015 I. Carborne signal system shutdown, startup, and operating sequences J. Failure recovery procedures K. Train re-start procedures following full service and/or emergency brake applications L. Emergency procedures M. Operation under low adhesion conditions N. Rules and procedures for Metro work vehicles 2.4.3 Fleet and Train Configurations 2.4.3.1 Revenue Trains A. The CBTC system provided by the Contractor shall interface as required and support the utilization of the new 90-car subway fleet train configurations to meet the MTA Metro operating service requirements. B. Trains operate in six-car consists during peak service hours and four-car consists the remainder of the day (station platforms are 450 feet in length, meaning the longest possible consist is six cars). 2.4.3.2 Train Operating Requirements The Contractor shall design and provide a CBTC system which meets the following train operating requirements: A. There shall be an identical carborne system, in an identical configuration, in every married pair. B. The carborne system shall only allow the Train Operator to operate the train from the leading car cab of a train. The carborne system shall allow the selection of train operating modes when the Train Operator is driving the train from lead car cab. C. The Train Operator will only use controls in the lead car to input any required commands to the carborne CBTC system, i.e., no controls shall be active in the non-leading car cab. D. For four and six car consists, in the event of a failure of the “active” carborne system set, the carborne system shall switchover automatically to the redundant unit without braking the train. This carborne system equipment set shall now become the “active” set, and govern train movement (even though the Train Operator will only be able to control the train from the lead cab). 2.4.4 Train Operating Modes The Contractor shall provide a CBTC system that supports the following modes of train operation: A. Automatic Train Operation (ATO) B. Manual C. Yard D. Restricted Manual (RM) E. Driverless Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-4 September 2015 The mode descriptions as well as transitions are described in Appendix C, Part 3, Vehicle Technical Provisions, Section 15. 2.5 PERFORMANCE REQUIREMENTS 2.5.1 Capacity Requirements The CBTC system shall be designed to support, at a minimum, the following: A. Current average capacity of 47,000 passengers daily B. Projected increase in ridership at an average rate of 4% per year for the design life of the signal system being furnished C. Assumption of 129 passengers per car D. Current service train configuration of 4 to 6-car consists 2.5.2 Headway Requirements A. The CBTC system shall be designed to achieve, at a minimum, the existing headway requirements as following: 1. Operating headways of 2 minutes during peak service hours 2. Turn around and recovery headways at either terminals of 6 minutes 3. Single Track operation of 20-minute headways on any specific segment of the line. B. The Contractor shall build a comprehensive computer based prototype demonstrating the technical details of all operating headway requirements as above, incorporating all the constraints, operating parameters of the Metro operations, and the car fleet performance characteristics. In addition, the prototype shall demonstrate the current peak operating headway of 8 minutes on the system. A Performance Analysis report documenting the results shall be submitted for approval (CDRL 2-1). 2.5.3 Performance Timing Requirements 2.5.3.1 Travel Times A. The CBTC system shall: 1. Provide point-to-point travel times between all existing stations that do not result in any deterioration from existing travel times for all periods, including peak and off peak, and for all train configurations used by Metro. 2. Ensure that there is no deterioration in the existing aggregate system-wide round trip times in normal direction of traffic. B. The Contractor shall include the parameters of the new CBTC system with simulated vehicles and the results of the station to station travel times and round trip times in the Performance Analysis report. 2.5.3.2 Performance and Reaction Times The signal system shall meet the following performance and reaction time requirements:

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-5 September 2015 Performance or Reaction Time Parameter Requirement

Accuracy of measured train location for programmed station stop (ATO) 1 Within ±12 inches purposes

2 AllowabledistancebetweenatraininanyATPmodeandabumpingpost 3feet

3 Resolution of train speed measurement for ATP purposes ±0.3 to ±1.25 mph

Accuracy of train speed measurement for ATP purposes in nominal 4 ±1 mph condition (no slip/slide)

5 Rollback detection 3 feet (maximum)

6 Zero speed detection < 0.5 mph

Maximum operational train speed in ATP modes of operation (outdoors 7 70 mph between Old Court and Owings Mills)

8 Maximum operational train speed in ATP modes of operation (tunnel) 50 mph

Time for any route request to throw switches and clear signals to 9 acknowledgement that switches were thrown and signals cleared (including 8 seconds (maximum) trip clear and switch throw times)

Time for any field event to be presented to the OCC interface from the onset 10 2 seconds (maximum) of the event

2 seconds (normal) 11 Time for carborne system to react to a track condition 5 seconds (worst case)

12 Time to perform the Daily Departure Test 2 minutes (maximum)

2.6 FUNCTIONAL REQUIREMENTS A. This Section defines the functional requirements for the new CBTC system to be provided by the Contractor. The CBTC system shall provide ATP and ATO functions as specified herein and detailed in a CBTC System Design Description document submitted for MTA approval (CDRL 2-9). ATP functions shall provide fail-safe protection against collisions, excessive speed, and other hazardous conditions. ATP functions shall have precedence over both the ATO and ATS functions. ATO functions shall control basic operations that would otherwise be performed by the Train Operator, and shall do so within the protection limits imposed by the ATP. ATS functions shall provide system status information and the means to monitor and override the automatic control for various functions of the system. B. The CBTC system train-to-wayside and wayside-to-train data communications interfaces shall be sufficient to support all required ATP, ATO and ATS functions. The datalink shall provide coverage throughout the entire Metro system, and shall support train operations in tunnels, elevated structures, and at grade. The datalink shall support data transfer and shall exhibit sufficiently low latency to support the defined performance requirements. The datalink shall include a protocol structure to support safe, timely, and secure delivery of train control messages. C. The CBTC system response to a safety-critical failure shall be safe and immediate. Failure of any CBTC system or subsystem that would allow an emergency situation or other system failures to go undetected, or would prevent the CBTC system from properly responding to a detected failure or emergency, shall result in a full-service brake application on the effected Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-6 September 2015 train or trains within 3 seconds which shall include time for identification and verification of the conditions. 2.6.1 ATP Functional Requirements A. The ATP subsystem is the Vital life/safety portion of the CBTC system. It is responsible for collision avoidance, route integrity, speed control and enforcement, broken rail detection, and all other life/safety aspects of a traditional transit signal and interlocking system. It shall be designed using fail-safe concepts that assure the result of hardware failure or the effect of software error shall either prohibit the system from assuming or maintaining an unsafe state, or shall cause the system to assume a state known to be safe. All ATP functions shall be Vital functions and shall be designed and implemented in accordance with Section 8, System Safety. The CBTC system shall be capable of providing bidirectional automatic train protection. The carborne CBTC subsystem interfaces to the train brake and propulsion systems shall be independent of other devices provided on the train such that removal of a hold off signal by the ATP subsystem shall result in an emergency brake application and disable the train’s propulsion power. B. All ATP functional requirements shall be provided for all ATP modes of operation, which include ATO and Manual modes. 2.6.1.1 Train Location/Train Speed Determination A. The CBTC system shall establish the location, speed, and travel direction of each CBTC - equipped train operating in CBTC territory in a fail-safe manner. The CBTC train location determination function shall provide sufficient train location resolution and accuracy to support the performance, capacity, and safety requirements of this Technical Specification. The CBTC train location determination function shall be self-initializing and shall automatically detect and establish the location of each CBTC-equipped train as it enters CBTC territory, and on recovery from CBTC equipment failures, without requiring manual input of either train location or train length data. B. The CBTC train location determination subsystem shall safely and accurately establish the location of both the front and rear of the train, and safely and accurately handle trains of varying lengths. The train consist information available from the Railcar Monitoring and Diagnostic System (MDS) could be used as part of this determination. The CBTC system shall determine train lengths to the resolution necessary to meet safety and headway performance requirements. C. The CBTC system shall compensate for the effects of measurement inaccuracies on train location and speed determination. Specifically, if the CBTC train location/speed determination function is dependent upon wheel rotation, the CBTC system shall automatically compensate for position errors induced by the slipping or sliding of wheels, and shall automatically compensate for position errors caused by variation in wheel size due to wear, truing, or replacement. All train axles will be powered and braked. 2.6.1.2 Non-equipped Trains A. Work trains will not be equipped. The MTA will follow existing procedures, modified as necessary, to enable safe movement of work trains. B. There is no requirement of mixed mode operation as a regular scheduled mode of operation, where mixed mode operation is defined as the simultaneous operation of both equipped and Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-7 September 2015 non-equipped trains. Mixed mode operation will, however, be required during the transition period, as the CBTC system is cut-in, and for trains with failed carborne CBTC equipment. 2.6.1.3 Safe Train Separation A. Safe train separation shall be provided between all trains operating in CBTC territory, whether or not the trains are equipped with CBTC equipment (or have failed carborne CBTC equipment). The CBTC system shall provide safe train separation between all trains. Safe train separation shall be based upon the principle of an instantaneous (brick wall) stop of the preceding train. B. The CBTC system shall provide safe train separation for a CBTC-equipped train following a non-CBTC-equipped train or a train with inoperative carborne CBTC equipment. The CBTC system shall limit the movement authority of the following train to the boundary of the section of track occupied by the non-CBTC-equipped or failed train. C. The CBTC safe train separation function shall consist of the following: 1. The calculation of the ATP distance-to-go profile (i.e., the profile of safe speed as a function of train location) derived from fixed ATP data (i.e., permanent speed limits) and variable ATP data (i.e., temporary speed limits and movement authority limit); 2. The supervision and enforcement of the ATP profile calculated by the CBTC system. D. The ATP profile shall be governed by a safe braking model and shall ensure that under no circumstances (including for failures of the CBTC system) shall the movement authority limit be exceeded by a CBTC-equipped train. E. The movement authority limit shall be the most restrictive of the following: 1. Rear of a CBTC equipped train ahead as determined by the CBTC train location function, with allowance for any location uncertainty 2. Boundary of a section of track occupied by a non CBTC equipped train or train with inoperative carborne CBTC equipment, as determined by the secondary train location function 3. End-of-track 4. Entrance to an interlocking, when the route is not verified as aligned and locked 5. Boundary of a section of track with an opposing traffic direction established 6. Boundary of a blocked track, or track in which broken rail has been detected 7. Entrance to a private grade crossing where warning devices are not confirmed to be operating 8. Entrance to a route that is detected to be unsafe for train movement 2.6.1.3.1 Safe Braking Model A. A Safe Braking Model shall be developed by the Contractor (CDRL 2-2). The Safe Braking Model shall, as a minimum, include consideration of the following: 1. Location uncertainty of lead train, including rollback tolerance

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-8 September 2015 2. Location uncertainty of following train 3. Train length and configuration 4. Allowable overspeed permitted by the CBTC system 5. Maximum CBTC speed measurement error 6. CBTC system reaction times and latencies, both with carborne and wayside equipment 7. Maximum train acceleration rate possible at the time an overspeed condition is detected by the CBTC system 8. Worst-case reaction times to disable the propulsion system and apply the emergency brakes following detection of an overspeed condition by the CBTC system 9. Safe Braking Rate 10. Grade B. The Safe Braking Rate shall be the minimum emergency brake rate achieved by a train on level tangent track under the range of environmental conditions, and worst-case credible latent (i.e., undetected) brake equipment failure modes, which can be anticipated to exist for that train in the specific application. The Safe Braking Rate for the Metro CBTC system shall be identified and provided along with the assumptions as part of the Safe Braking Model. C. The CBTC system shall use distance-to-go methodology to determine its maximum allowable speed based upon its movement authority. The CBTC equipment shall determine its distance- to-go target point as the limit of its movement authority, and calculate the distance-to-go braking profile for each train in CBTC territory based upon the Safe Braking Model. Speed commands based upon the distance-to-go target points shall be in increments of 2 mph or less. D. The distance-to-go profile shall be then updated continuously by the CBTC equipment as it travels along the track, based upon its change in location and/or changes in the distance-to- go target. E. The CBTC shall automatically adjust a train’s safe braking model based upon the actual length of the train for improved capacity performance. F. The Contractor shall outline its distance-to-go profile methodology used in their CBTC system technology in the Safe Braking Model submittal, illustrating the safe braking model envelope, the point at which the brake assurance function commands emergency brakes, the control envelope in which a train in either ATO or Manual mode is governed by the ATP subsystem equipment based upon its distance-to-go profile, and the Manual profile which includes an overspeed warning prior to an automatic application of service brakes. 2.6.1.3.2 Track Database A. The CBTC system shall utilize Contractor prepared databases of the track layout, grades, curves, station locations, platform length, and other fixed information required to calculate the distance-to-go profile and accomplish other specified train control functions. B. This data in the database shall at any given time support all the functional and performance requirements of this Technical Specification. The CBTC system shall manage the distribution

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-9 September 2015 of updates of data to CBTC equipped trains, and shall insure that movement authority is not provided to trains with incorrect database versions within the limits of CBTC territory. C. The CBTC system shall manage and distribute, through the ATS subsystem, current information on temporary slow speed orders, Work Zones, and flagging locations to CBTC- equipped trains. The CBTC system shall not provide movement authority to CBTC-equipped trains that do not have up-to-date information on these items that are applicable within the movement authority limits. D. All data related to location shall be referenced to the stationing as identified in the project drawings, and whenever presented on all user interfaces including the Train Operator Display, LCPs, and the ATS workstation Display. The database output shall be provided in tabular or drawing form correlating and identifying the elements in chainage. E. The Contractor shall provide the application that will enable the representation of the complete track database information on Microsoft Excel or Autocad format (CDRL 2-3). The Contractor shall also provide the functionality to enable the filtering of data such that various diagrams can be printed of the track map, by the user selecting elements to display or not. 2.6.1.4 Overspeed Protection and Brake Assurance A. In establishing, supervising, and enforcing the ATP profile, as governed by the Safe Braking Model, the CBTC system shall ensure that under no circumstances, including failures, shall the train’s actual speed exceed its safe speed. The train’s safe speed shall be derived by considering the most restrictive of the following: 1. Permanent speed limits on sections of track within the ATP profile 2. Any temporary speed restrictions on sections of track within the ATP profile 3. Any speed restrictions enforced on the train because of carborne CBTC equipment failure conditions 4. Maximum speed that would allow the train to stop safely prior to the limit of the train’s movement authority, or to slow down sufficiently to meet appropriate permanent or temporary speed restrictions upon entering that section of track B. Speed limits and restrictions shall apply when any portion of the train is within the speed limit area. Speed enforcement shall be achieved by comparing the actual train speed with the train’s Maximum Authorized Speed (MAS). If the authorized speed is exceeded, the CBTC system shall initiate an immediate brake application in ATO modes of operation. In Manual mode, the Train Operator shall receive an audible and visual warning when the actual train speed is within an authority approved tolerance of the MAS. Should the Train Operator fail to apply/maintain a proper braking level, then the CBTC system shall initiate an automatic brake application. C. This automatic brake application, whether by the CBTC system or via the Train Operator, shall be a supervised service brake application. The CBTC system shall monitor the achieved brake rate to ensure an acceptable brake rate is achieved within a predetermined time frame, and if not, shall then immediately command an emergency brake application. The Safe Braking Model shall include appropriate allowances for reaction times associated with this brake assurance function.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-10 September 2015 2.6.1.5 Rollback Protection A. The CBTC system shall monitor actual train travel direction and compare measured travel direction with the established/commanded direction of traffic. Train motion against the established direction of travel of more than 20 inches shall result in an emergency brake application. B. An ability to reverse the train, with full signal protection, following an overshoot of a station stopping point is not required. 2.6.1.6 End-of-Track Protection A. End-of-track protection shall be incorporated into, or function in conjunction with, overspeed protection to prevent trains from overtraveling the end-of-track. Train approach toward all end-of-track locations shall be achieved in a smooth manner with no intermediate stop. B. End-of-track protection design shall be based on the Safe Braking Model. 2.6.1.7 Parted Train Protection and Coupling/Uncoupling of Trains A. The CBTC system shall detect and protect against parted trains. Detection of a parted train shall result in an emergency brake application. B. The CBTC system shall also automatically determine the number of railcars within the train, and automatically update the train length in the event of coupling/uncoupling beyond the next station. 2.6.1.8 Zero Speed Detection Zero speed detection shall be a required ATP function for the CBTC system, and shall be in accordance with the requirements of 5.10 of IEEE Std. 1475-1999. Zero speed shall be determined when the speed of the train is less than 0.5 mph. 2.6.1.9 Door Control The vehicle will have a 2-position switch called the CBTC Door Mode Switch which the Contractor shall interface its carborne CBTC equipment with. The two modes of door control shall function as follows: A. ATP. Under this door control mode, door operation shall be subject to the ATP functions as specified in this Section; B. Cutout. Under this door control mode, the Train Operator will have the ability to control doors and the ATP subsystem interlocks will be bypassed. Once doors are closed by the Train Operator, the CBTC system shall allow continued train operation. Cutout door control mode will allow the following actions independent of the CBTC system: 1. The train crew can open/close doors for a train that is not properly berthed at a station (i.e., overshoot). 2. The train crew can prevent doors from opening in ATO Mode in the event of an emergency on the platform. 3. The train crew can open doors for a train berthed at a station normally. 2.6.1.9.1 Door Opening Interlocks and Control

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-11 September 2015 A. Door opening control interlocks shall be provided by the ATP subsystem, and shall ensure that the following conditions are satisfied prior to enabling the opening of the train doors: 1. The train is properly aligned at a designated stopping point (i.e., properly berthed) such that the train doors are within station platform boundaries in ATO and Manual modes. The Contractor shall permit a larger tolerance for station stopping accuracy in Manual mode to allow the Train Operator to control the train to a stop at an acceptable berthing position. 2. There is a designated stopping point within the platform boundary on the side of the train for which the door opening is allowed. 3. Zero speed is detected. 4. The train is constrained against motion. B. The above door open control interlocks shall be bypassed in Yard, and CBTC Bypass modes of operation. The door control interlocks shall prevent doors opening on the non-platform side of the train during station stops, even if the Train Operator were to request door opening on the “wrong” side, in ATO and Manual modes. The door open control interlocks shall also be bypassed when the door control is placed in Cutout mode with the train operating in any CBTC mode. C. The door-unlock command by the ATP subsystem shall be vital, and the door status inputs shall be treated as vital. D. The maximum time delay between the moment the carborne CBTC equipment establishes that the door-open conditions have been satisfied, to the moment when the door-unlock and open commands are issued, shall not be greater than 0.25 second. E. Door control interlocks shall not preclude individual doors being opened by crew switches for Administration employee drop-off/pick-up or for other emergency reasons when the train is not berthed at a station. F. Overruns of scheduled stops by CBTC-equipped trains shall be reported to the ATS subsystem and logged, and indicated on the Train Operator’s Display and at the OCC. An overrun of a station stop is defined to occur when a door(s) on the train is beyond the station platform boundary. The ATP subsystem shall prevent the train doors from opening in the event that the train overruns a station platform. The Train Operator shall have the option to place the door control mode into Cutout, and open train doors without ATP. 2.6.1.9.2 Door Closing Interlock and Control A. The CBTC system shall have interlocks provided to prevent a stationary train from moving unless all train doors are properly closed and locked in accordance with the requirements of 5.14 of IEEE Std. 1475-1999. B. When the carborne CBTC equipment receives an indication of doors not closed and locked on a train moving between stations, the carborne CBTC equipment shall command a full service brake application. The CBTC system shall not respond to this indication until it lasts for at least 0.2 seconds. The MTA may request for a different time delay, upon actual car testing. The time delay between the moment the indication is received by the carborne CBTC equipment, and the moment the full service brake command is issued, shall not exceed 0.5

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-12 September 2015 second. Once stopped, the train shall not be allowed to depart until the situation is acknowledged after either the doors are closed and locked, or the fault is cleared or bypassed. C. Door closing interlocks and controls shall be bypassed in Yard and CBTC Bypass modes of operation. 2.6.1.9.3 Train Departure Control A. A train shall not depart from a stop in any ATP mode of operation unless the following conditions, at a minimum, have been met: 1. Doors closed and locked status has been established for all doors on the train. 2. A valid speed command or movement authority has been received by the carborne CBTC equipment. 3. The Train Hold command is not in effect for the train. B. Train departure control shall be subject to the distance-to-go profile criteria, and safe braking distance. 2.6.1.10 Route Interlocking A. The CBTC system shall operate in conjunction with new solid state interlockings to prevent train collisions and derailments. Sectional release shall only be provided when clearance is confirmed. These interlocking functions shall include the following: 1. Time or approach locking 2. Route locking 3. Detector locking 4. Indication Locking 5. Traffic Locking 6. Loss of shunt protection B. Movement authority shall not be advanced into an interlocking until the appropriate route is set and locked. Once a movement authority has been advanced through an interlocking, the affected route shall not be released and conflicting routes cleared unless either the train has traveled through and is verified clear of the interlocking, or the movement authority is pulled back short of the interlocking and is in effect. C. In the event of loss of any indication or device that could affect the safe movement authority issued through an interlocking, the CBTC system shall pull back the movement authority to the entrance of the interlocking. If a train is already within a safe braking distance of the switch, the CBTC system shall initiate an immediate emergency brake application. 2.6.1.11 Traffic Direction Reversal Interlocks A. Traffic direction reversal interlocks shall be provided to support reversal of train direction at terminal stations and to support intermediate turnbacks, and shuttle modes of operation. It shall not be possible to extend the movement authority for a train into a section of track where an opposing traffic direction has already been established. A traffic direction shall typically be established for each section of single track between two interlockings. Where required to Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-13 September 2015 support specific train movements, a split in traffic shall be supported at pre-defined locations between interlockings. B. Once a train is within, or has been cleared to enter, a section of track, a reversal of traffic direction within that section of track shall only be possible after all trains have exited that section of track. 2.6.1.12 Work Zone and Work Train Protection A. General Orders, for wayside maintenance activities on the right-of-way, may place a track out-of-service, place a switch or switches within an interlocking out of service, a station and one or all of its platforms out of service, and may impose temporary speed restrictions. The CBTC system shall provide a means for Metro to block track and switches, establish Work Zones for any reason, including blue signal protection, and apply temporary speed restrictions (slow speed orders), and remove them as necessary through the MOCC ATS workstation. The CBTC design for the work zone and work train protection shall be submitted to the MTA for approval (CDRL 2-4). B. The ATS subsystem implementation of a General Order affecting train movement shall be transmitted to the CBTC system. The CBTC system shall then incorporate this information into its determination of the train’s movement authority, and display the appropriate text messages to the Train Operator via the Train Operator Display. The CBTC system shall preclude train operations into out-of-service (blocked) tracks or prevent movement of blocked switches, and shall enforce restricted speeds on approach to and through defined Work Zones. C. The CBTC system shall preclude the ATO mode of operation through an established Work Zone. The CBTC system shall enforce the speed restriction through the entire work zone. The CBTC system enforced speed through the work zone shall be 12 mph or as defined by Metro. D. Work Zones shall be defined by MOCC by selecting either signal locations or chainage markers as boundaries for the Work Zone. The CBTC system shall ensure that Work Zones do not overlap or conflict unless approved manually by the MOCC. E. Upon the setting of the Work Zone, the CBTC system shall store the Work Zone that was scheduled and allow additional Work Zones to be created. If overlapping work zones are necessary, then MOCC will calculate the boundaries of the work zone containing the work zone, and manually enter the work zones. The Work Zone shall not be deleted once the blocking device is applied. The CBTC system shall, to the extent possible, ensure that redundant means are employed to set up and protect Work Zones. F. On recovery from CBTC equipment failures, the ATS shall provide a function that provides the list of restrictions established prior to the failure to MOCC, and shall prevent the release of the system until the previous restrictions are either re-established or their removal is confirmed by MOCC. 2.6.1.12.1Track Out-of-Service, Track and Switch Blocking A. The CBTC system shall not grant movement authority to trains to operate into or out of out- of-service track. Out-of-Service tracks are set only at station tracks. The CBTC system shall include facilities to allow Metro to block and unblock track sections and block switches from movement. Track blocking, switch blocking and track out-of-service shall be able to be applied with or without trains occupying the section of track. Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-14 September 2015 B. Trains routed into a section of track that is later blocked or taken out of service at a terminal station before the train arrives shall be re-routed automatically to the alternate platform. Track Out-of-Service prevents trains from entering and exiting the track whereas Track blocking permits exit while preventing entry. C. Switch blocking locks the switch in its current position and permits use of the switch as part of a route. 2.6.1.12.2Temporary Speed Restriction (Slow Speed Orders) A. The ATS subsystem shall allow Metro to enter the limits of a temporary speed restriction area and applicable temporary speed restriction. The maximum speed authorized in a temporary speed restriction area shall be adjustable in steps of 5 mph. Slow Speed Orders (SSO) shall be defined by MOCC through the use of the ATS workstation by selecting either signal locations or chainage markers as boundaries for the SSO. If the ATP subsystem determines that it cannot comply with the slow speed order request, a non-compliance message shall be sent to the ATS subsystem and visually displayed. SSO requests in an area with an equipped train traveling through the area shall be complied with. B. The temporary speed restriction shall be enforced in a similar manner to civil speeds on CBTC-equipped trains. CBTC-equipped trains that already have movement authority through the slow speed order ahead that can comply with the slow speed order shall do so. In the event that a temporary speed restriction is received by a train that encompasses an area within a safe braking distance of the train, and the restriction would place the train in an overspeed condition, the carborne CBTC equipment shall brake the train into compliance. If the train fails to respond to the service brake application, then the carborne CBTC equipment shall command an emergency brake application. C. On recovery from CBTC equipment failures, the ATS shall provide a function that provides the list of restrictions established prior to the failure to the MOCC, and shall prevent the release of the system until the previous restrictions are either re-established or their removal is confirmed by MOCC. 2.6.1.12.3Flagging The following requirements apply to train movement and protection of work crews: A. The MOCC shall be able to enter the boundary of a work zone using the ATS workstation. B. The CBTC system shall send applicable messages to carborne CBTC equipment regarding the Work Zone boundary. The ATS subsystem shall prompt the MOCC to notify the Train Operator of any unequipped trains approaching a work zone. C. The Train Operator Display in the cab shall alert the Train Operator to a work zone ahead. D. The Train Operator Display shall display a speed restriction that applies to the work zone. The speed restriction through the work zone and adjacent track shall be in accordance to the Metro Rules. E. The train shall operate in ATO at the work zone speed, and resume normal operation when the rear of the train clears the work zone. If the Train is in Manual mode, the CBTC shall supervise the speed of the train in accordance with 2.6.1.4.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-15 September 2015 F. The Train Operator Display shall alert the Train Operator that the work zone has been cleared, and normal speed and operating modes can be resumed. G. When the work activity has been completed, Metro can cancel the speed restriction through the MOCC ATS workstation. 2.6.1.13 Initialization Test A. An Initialization Test to interrogate and verify correct operation of the complete carborne CBTC equipment shall be provided, and performed automatically before clearance of a route onto a revenue track. Initialization Tests shall be successfully completed prior to Metro trains entering service or when trains are coupled/uncoupled. This test shall also be capable of being initiated by controls within the cab. The Initialization Test shall verify the integrity of the entire carborne CBTC equipment, including antennas, speed determination equipment, overspeed simulations with audible and visual alarms, door control, and the train emergency brake circuit. B. Upon completion of the test, a text message shall be displayed to the Train Operator and MOCC, and subsequently date and time stamped and logged in memory. If a fault is detected during the Initialization Test, the carborne CBTC equipment shall date, time stamp, and log the fault, and annunciate to the Train Operator and MOCC that the test has failed. The carborne CBTC equipment then shall not allow the train to proceed in an ATP mode of operation onto a main revenue track until the Initialization Test is successfully completed. C. The CBTC system shall log the results of the test of each vehicle at the MOCC. D. The initialization test locations, installation and design details shall be submitted to the MTA for approval (CDRL 2-5). 2.6.1.14 Braking Rates A. The Contractor’s CBTC System shall provide a reduced level of brake rate to be used under low adhesion conditions such as ice, snow and rain. The MOCC shall be provided the capability to select the different level of brake rate on a system-wide basis or on an individual train basis for a train operating throughout the system. B. The brake rate when applied system-wide shall be the default (normal) when the train is operating inside the tunnel. Train(s) operating inside the tunnel when the brake rate is commanded shall transition to the new brake rate when operating in the open area. Where a train is affected by a transition from one brake level to another, the train shall only adopt the new level after stopping in accordance with the previous level prior to the new assignment. C. The brake rate when applied to an individual train shall be in effect throughout the system. Indications shall be provided to the MOCC for all trains using a non-normal brake rate. 2.6.2 ATO Functional Requirements A. The ATO subsystem shall be a Non-Vital portion of the CBTC system responsible for automating many of the functions in accordance with commands received from the Vital ATP subsystem. These functions include automatically governing train speeds through use of propulsion and braking systems, train door control, and precise programmed station stopping. The operation of the ATO subsystem shall be continually monitored for safety by the ATP subsystem. Communication between the wayside and train, and vice-versa shall be sufficient to support all ATO subsystem functions. Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-16 September 2015 B. ATO functions outlined in this Section are required in ATO mode of operation. C. Full provision of a driverless mode shall be included as described below. This future operating capability shall be designed, installed, tested, commissioned, and safety certified under this Contract for future implementation by the MTA. 2.6.2.1 Automatic Speed Regulation A. The starting, stopping, and speed regulation of the train as it travels between stations shall be automatically and continuously controlled by the CBTC system so that the cruise speed, acceleration, deceleration, and jerk rates are within the specified passenger comfort limits, and that the train speed is maintained below the overspeed limits imposed by the ATP subsystem. The ATO subsystem shall support multiple cruise speeds, acceleration and service brake rates (i.e., performance levels). The train speed controlled by the CBTC equipment shall not vary more than ± 1 mph from the ATO operation profile. The ATO system shall provide provisions for multiple ATO profiles. The overspeed protection profile shall accommodate this speed variation. B. The specified passenger comfort limits of the ATO subsystem shall be consistent with the requirements of the vehicle specification per the Interface Control Document. 2.6.2.2 Platform Berthing Control A. The ATO subsystem shall smoothly decelerate a train in ATO mode to a complete stop at station platforms, and properly align the train such that the train doors are within station platform boundaries. The ATO subsystem shall use as high a deceleration rate as is safe and practical (i.e., full-speed run-in) in order to reduce inter-station run times and so as to not constrain the rapid turnaround of trains at terminal and turnback tracks, and be consistent with possible energy saving strategies produced by the ATS. The Contractor’s platform berthing design, equipment and methodology shall be approved by the Administration (CDRL 2-6). B. The Contractor shall provide at least a second performance level for use during low wheel to rail adhesion conditions such as snow, rain and sleet. These performance levels shall ensure accurate station stops by braking the trains earlier from a lower entry speed in the approach to station stop to minimize slide. This shall be applicable to single or multiple trains or geographical areas or system wide depending on the situation. 2.6.2.2.1 Station Stopping A. The CBTC system shall provide automatic station stopping in the ATO mode of operation. Since the station stopping accuracy is widely dependent on wheel to rail adhesion conditions and vehicle performance, the CBTC imposed station stopping accuracy under ATO mode of operation shall be: 1. For all platforms, trains shall be normally controlled to stop within ±12 inches of the defined stop position. B. The CBTC system shall not enforce station stops in Manual mode (i.e., station stops are not to be treated as movement authority limits) unless a home signal is at the leaving end of a platform and is unable to be cleared. C. The ATO subsystem shall provide different berthing points at all stations such that either trains of various lengths will be centered at the platform, or all trains of any length berth at

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-17 September 2015 the end of the station platform. The berthing point shall be selected by Metro on a station-by- station basis (i.e., different stations can have either centered berthing points or platform end berthing points). D. The ATO subsystem shall allow a train to enter a platform, if the preceding train has a movement authority which shall allow it to fully leave the platform area, and it has begun to move out of the station. The CBTC system shall not, as part of normal operations, issue a movement authority for a train to partially leave a station (i.e., the movement authority for a train departing a platform shall be sufficient to allow the train to completely clear the station platform and thereby allow the following train to berth). It shall be possible, however, to manually override this restriction through the ATS subsystem. 2.6.2.2.2 Station Bypass A. The CBTC system shall provide a station bypass function. When selected and commanded through the MOCC, the specified station(s) shall be bypassed by all trains, or specific trains. If the train is in either ATO or Manual mode of operation, the train shall automatically skip the appropriate station(s). The CBTC system shall alarm the MOCC and reject requests to bypass terminal stations. B. An indication of the station bypass shall be provided to the Train Operator. The carborne CBTC equipment shall also provide a trigger for the vehicle PA system to make announcements to passengers automatically regarding the station bypass. However, the Train Operator or MOCC personnel through the ATS workstation shall have the option to bypass this announcement of the station bypass. C. The CBTC equipment shall suppress station stop overrun notices to the Train Operator Display and the MOCC when the station has been designated to be skipped. The CBTC system shall allow trains to travel through stations being bypassed at a maximum of 30 mph when allowed by their movement authorities. 2.6.2.3 ATO Door Control A. The CBTC system shall automatically open and close train doors on the platform side of stations in accordance with the requirements of this Section. B. In ATO mode only, the ATO subsystem shall automatically control train doors opening at a station platform to enable passenger boarding and discharging. Manually disabling or cutting out the operation of any door shall not affect the automatic operation of other unaffected doors on the train. C. Continuous automatic dwell time adjustment shall be provided for schedule adherence, and upon command of the MOCC through the ATS workstation. The amount of time the train doors shall remain open at the station shall then be automatically controlled by the ATO subsystem. Dwell times at each platform shall be adjustable in increments of 1 second, between 5 and 999 seconds for each direction (where applicable). D. In Manual mode, the Train Operator shall be responsible for the opening and closing of doors. 2.6.2.3.1 Train Operator Dwell Time Warning In ATO and Manual modes, the carborne CBTC system shall annunciate to the Train Operator, both visually and audibly, that the Train Operator should command the doors to close and depart the station. This shall be displayed visually to the Train Operator via the Train Operator Display, and

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-18 September 2015 audibly. The carborne CBTC subsystem shall trigger this display and departing announcement, with the trigger taking place at the end of the scheduled dwell time. This dwell time shall be identical to the time provided for schedule and/or headway adherence, and upon command of the MOCC. 2.6.2.4 Automatic Turnback The CBTC system shall have the ability to use yard tracks and all other mainline crossover switches for turnback operation. The CBTC system shall allow the development of default tracks for automatic turnbacks at each terminal location, and the ability to change default tracks as required. Turnback operation and methodology shall be similar to, and consistent with, the existing Metro operating manual. 2.6.2.4.1 Turnback Entry Specific turnback track locations shall be determined by the availability of an unoccupied turnback location. From this, the CBTC system shall determine the specific turnback location for each train prior to that trains arrival at the turnback area based upon schedule and train operations optimization. 2.6.2.4.2 Exiting Turnback No manual intervention by Metro shall be required for turnback operation (unless the turnback location is selected by MOCC. Other than keying up the cab, selecting train modes and closing of the doors, no manual operation by the Train Operator shall be required for turnback operation. If in Manual mode, the Train Operator will be required to operate the train manually governed by the CBTC system. The turnback operation shall not result in the loss of any CBTC system data and information, particularly with carborne CBTC equipment, due to the switching of cab ends. 2.6.2.4.3 Turnback at the Platform A. At Owings Mills and Johns Hopkins, the following shall occur after the train has stopped at the platform and unloaded passengers: 1. The Train Operator switches ends of the train after keying down the train. 2. The Train Operator keys up the train. 3. The Train Operator selects an appropriate mode of operation. B. The CBTC system automatically routes the train from the station platform location in accordance to the schedule or headway requirement. 2.6.3 Yard Functionality The CBTC system shall provide complete command, control, and communications throughout all areas of the Wabash Yard and railcar maintenance shop. There shall be no areas of insufficient communication coverage under all operating conditions including the storage of the entire 90-car fleet in the Yard. The Yard CBTC shall be designed to communicate, track and allow for movement in Yard mode for all 90 cars without limitation. 2.6.3.1 Speed Control Train movement shall be under Manual mode operation in the Yard. Movement from and to the Main Line shall only be permitted with the train in Manual mode. The transition locations to and from the Main Line shall be provided to MTA for approval. The speed of all movements shall be limited under ATP protection to not greater than 12 mph. The Train Operator Display shall show that the train is in Yard mode and speed is restricted to less than 12 mph.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-19 September 2015 2.6.3.2 Switch Control The ATS shall provide MOCC or BOCC control of the switches and routing. Routes will be established and indication provided to the Train Operator, via wayside signal and via the TOD, that it is safe to proceed. The TOD shall display the Maximum Allowed Limit of travel. 2.6.3.3 Bumper Protection The CBTC shall provide safe movement of trains up to the end-of-track Bumpers. The approach speed shall consider the train design elements in the Safe Braking Model. 2.6.3.4 Coupling/Uncoupling and Close-up (Head to Head) The CBTC shall provide speed control and supervision of trains when uncoupling and also when one train approaches another in a close-up move in order to couple. The CBTC shall allow head to head train movement under conditions when it is safe to do so. The Contractor shall describe the provision and submit for MTA approval. 2.6.4 Driverless Operation Mode The CBTC system shall include the future implementation of Driverless operation, and require the following: A. All the hardware, software, design, analysis, verification, validation, testing, commissioning, and safety certification shall be provided under this Contract. B. The Driverless mode shall be vitally inhibited through the use of hardware until such time in the future the MTA places the mode into service. Software inhibition alone will not be permitted. C. The inhibition feature shall be protected from accidental activation, physically secured (i.e., key locked, sealed), and not accessible by any routine maintenance activity. Alternatively, the feature may be a plug that is installed to enable the Driverless mode. D. The activation of the Driverless mode shall not require any irrevocable alteration of hardware or software, and shall be demonstrated. The inhibition design shall be submitted for MTA review and approval. E. All necessary interfaces between the CBTC and infrastructure to support safe driverless operation shall be planned, implemented, and tested at a minimum in the factory. 2.7 CBTC SYSTEM HARDWARE REQUIREMENTS This Section outlines the hardware design requirements of the wayside CBTC system to be provided by the Contractor. All CBTC system equipment to be installed within the Metro infrastructure and vehicles shall be subject to approval by the MTA. 2.7.1 Fault-Tolerant Design A. All CBTC equipment critical to continued operation of the Metro system in ATP modes of operation shall be of fault-tolerant design to the extent necessary to meet the Contract availability requirements. Fault tolerance shall be achieved with architectures that have been demonstrated previously in revenue rapid transit service. B. In general, the reliability requirements shall be achieved through the use of highly reliable components and subsystems. Non-Vital processors, communications links, and related CBTC system equipment shall be redundant. Vital processors are not required to be redundant. If

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-20 September 2015 redundant processor-based equipment is provided, non-controlling processors shall operate in hot stand-by adjacent to controlling processors such that, upon failure of the controlling processor, the non-controlling processor takes control seamlessly and without disruption to revenue service operation (i.e., the hot stand-by processor shall receive all inputs and perform identical calculations as the controlling processor, but its outputs shall be disconnected until the controlling processor experiences a failure). C. The Contractor shall utilize an approach for running Non-Vital communications-type cable in separate tunnels when designing primary and secondary data transmission lines. This is to insure that normal and secondary data transmission lines are not disrupted if a cable break occurs in a single tunnel. In addition, Vital signal cables are run only in the tunnel where the signal equipment is located for the same reason. D. No aspect of the fault-tolerant design shall compromise system safety. 2.7.2 Grounding, Surge, Transient and Lightning Protection A. All methods for ground, surge, transient and lightning protection shall be subject to approval by the Administration. B. The CBTC system equipment grounds shall be designed to: 1. Protect personnel and equipment from electrical hazards, including lightning, to the maximum extent possible. 2. Reduce potentials to grounding equipment neutrals. 3. Reduce or eliminate the effect of electromagnetic interference and electrostatic interference arising within the CBTC system. 4. Provide a single point grounding system and associated ground rods, as applicable, for equipment enclosures (bungalows, TC&C rooms, junction boxes and Wayside Instrument Cases), cabinets, drawers, assemblies, and sub-assemblies. 5. Each rack shall be separately grounded such that in the event a ground fault occurs, the rack can be easily isolated for troubleshooting purposes. C. Surge and transient protection shall be provided for all CBTC system equipment, particularly for solid state equipment, for protection against ac or dc power line surges or transients. Surge and transient protection devices shall include external indications that illustrate its ability to continue functioning properly. Field signals (i.e., signals between Contractor supplied equipment and non-Contractor supplied equipment) shall be tested to, and successfully pass, the ANSI/IEEE C37.90a, Guide for Surge Withstand Capability Tests. All communication and data transmission signal terminals shall be tested to, and successfully pass, the ANSI/IEEE C37.90a, Guide for Surge Withstand Capability Tests. The Contractor shall ensure that the protection of intra-system signals is sufficient for the electrical environment in which the CBTC system is installed. D. Lightning arrestors shall be provided by the Contractor as required to protect its CBTC system equipment in those areas outside the tunnels.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-21 September 2015 2.7.3 Material Specification A. All apparatus, connections and cabling shall be designed and arranged to minimize the risk of fire and any damage which might be caused in the event of fire. B. Materials shall be used that do not support combustion and that do not give off smoke, or corrosive or toxic fumes, when heated. 2.7.4 CBTC System Access Security A. The Contractor shall submit a mechanism for defining, controlling, and assigning user access to all PC systems including all Train Operator Displays, LCPs, ATS Workstation Displays, PTE, BTE, etc. (CDRL 2-7). The CBTC system shall include a function to enable an individual(s) with sufficiently high authorization to define and assign access capabilities for each console and user. As such, upon log-on, the assigned user can access the PC but will only be allowed to perform functions as defined by the higher authority. A default set of functional access for each user shall be able to be established and maintained as an attribute of the user. The default functional access setting shall be granted upon log-on. Users shall be able to be granted additional access which shall be available to the user until the user logs-off, or prior to log-off, the access is removed by an authorized individual with function assignment capability. B. A password security feature shall be provided that permits only authorized users to access the CBTC system. Users shall log-on by entering a user name and password. A means shall be provided for changing operating shifts without reassignment of access capabilities at a console or PC, and without logging-off and logging-on again. A valid user log-on shall automatically log-off the previous user log-on. The console shall be in monitor only mode until an authorized user logs on. C. Each log-on and log-off shall be reported as an event, and time stamped and dated. The name of the console, location, and name of the user shall be logged. D. A secure method shall be provided in which the administrator can change user passwords and identification. E. The CBTC system shall prevent anyone other than the administrator from loading any programs, with the exception of SSI vital and non-vital software which are not subject to this requirement. F. The CBTC system shall include a set of user classifications that define a level of authorization for each user classification within MTA. Each user in a user classification shall be assigned a subset of functional capabilities that may be performed by personnel in the user classification. A high level of authorization shall be provided for the ability to make changes to CBTC system software, with this user requiring approval from a higher level of authorization to allow the software changes to be accepted by the CBTC system, with the exception of SSI vital and non-vital software which are not subject to this requirement. G. Authorization levels will be determined by the MTA during the system design development. H. Categories of alarms shall be assignable by user classification and console functional assignments.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-22 September 2015 I. The CBTC system shall allow one user to quickly and conveniently transfer control of all or part of his/her assigned activity to another user subject to the concurrence of both users. J. The CBTC system shall alarm any attempted access reconfiguration or user logout which would leave areas of CBTC territory or functional capabilities unassigned. K. All CBTC system computers shall be configured with applicable up to date anti-virus software updated at the time of acceptance. 2.7.5 Zoning of Equipment Because Metro is a two-track railroad, it is required that only one of the two tracks in any interlocking area be removed from service for any reason including maintenance, equipment failure/upgrades and/or software upgrades that may require testing prior to being placed back into service. Interlockings shall be zoned to control only a line or track section of the railroad in the event that there is a failure or upgrade. This will allow the MTA to continue to operate and control trains by routing around an area that has experienced an interlocking failure or upgrade. 2.7.5.1 Zoning of Zone Controllers For zone controllers, zoning shall be provided to ensure that all trains within a line or significant portion of the Metro railroad are not affected by the failure of an adjacent or other zone controller. A. Zoning of zone controllers shall be provided to ensure that the failure of one zone controller only affects a limited section of the line. B. The failure of the Zone Controller controlling Owings Mills shall not affect short turnback operation in CBTC at Old Court, where the CBTC train shall turnback using the switches at Old Court. C. The failure of the Zone Controller controlling Johns Hopkins shall not preclude turnback operations in CBTC at Shot Tower. D. The failure of a Yard Zone Controller shall not affect CBTC operation on the Mainline. Conversely, failure of Zone Controllers on the Mainline shall not affect CBTC operation within the Yard. 2.7.6 TC&C ROOM CBTC EQUIPMENT 2.7.6.1 CBTC System Equipment The Contractor shall provide all CBTC system equipment required to meet the Technical Specification requirements. Any upgrades, replacement, or retrofit of existing TC&C rooms required to house the Contractor’s CBTC system equipment shall be performed by the Contractor. Materials provided by the Contractor for the CBTC system shall not be flammable and/or made of wood. For each stage of the cutover, the Contractor shall provide an installation procedure that details how the CBTC system equipment including signal power equipment shall be constructed and installed in TC&C rooms (CDRL 2-10). 2.7.6.2 Zone Controller The Contractor shall provide Zone Controllers and all their interfaces to other subsystems of the CBTC system to meet the requirements of this Technical Specification (CDRL 2-8). The Zone Controller, at a minimum, shall:

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-23 September 2015 A. Provide a component set of the Vital ATP functions as described in and provide a component set of the non-ATP functions. B. Determine the limit of movement authority information for each equipped train in its control zone, and transmit this Vital information to each train in its control zone. C. Safely and efficiently handle the transfer of trains, both equipped and unequipped, into its control zone from an adjacent zone controller territory, unequipped territory or yard, and out of the control zone into an adjacent zone controller territory, unequipped territory or yard. D. Receive status of wayside CBTC equipment including switches, track circuits, and of the Vital logic controlling those devices. E. Send route locking requests to the interlockings, as movement authorities are set through interlockings, and send override commands to interlocking logic to clear a route. F. Respond to requests from the ATS subsystem by processing data and sending transmissions to trains, to interlockings and to adjacent zone controllers. G. Facilitate all operational modes by transferring and routing Vital and Non-Vital database information between CBTC subsystems to meet the requirements of this Technical Specification. H. Consist of zoned microprocessors to control only a portion of the trains within its control zone in the event that there is a failure. 2.7.6.3 Zone Controller Hardware A Zone Controller shall be comprised of two Wayside Control Units (WCU) arranged in a redundant manner and housed in individual cabinets (two WCU cabinets per ZC). The design, manufacture and installation of the CBTC wayside subsystem shall (at a minimum) be as per the following hardware requirements: A. The CBTC wayside subsystem equipment shall be designed for durability in a hostile subway environment. The Contractor shall provide for adequate fans in the cabinets/enclosures for ventilation, cooling and prevention of dust. The CBTC wayside subsystem equipment supplied shall be fully functional, capable of normal operation within the environmental extremes described. The maximum heat dissipation from all CBTC wayside equipment in any typical room location with one set of zone controller equipment shall not exceed 16,000 BTU/hr. B. Equipment shall be designed to be rugged, and withstand not only the environmental conditions described but also the handling in troubleshooting, and preventive maintenance scenarios over the life cycle of the subsystem. C. Electronic circuit boards shall be mounted within a protective rack or cage, with secure edge or similar connectors. Boards shall only be capable of being secured in the rack when fully inserted in the correct location. D. Boards and plug connectors shall be keyed with the rack such that only the correct part numbered board/ plug connector can be inserted into a slot/ receptacle. E. Interconnecting cables between modules, sub racks, and racks that can be disconnected shall be kept to a minimum. Where provided, the connectors shall be heavy duty and durable, Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-24 September 2015 capable of being disconnected and connected many thousands of times during the life cycle of the equipment without dislodging of the pins and sockets and without the breaking of wires and their connections. F. The design of the CBTC wayside subsystem equipment and the zone controller network shall ensure that all equipment planned for each CBTC equipment room fits in the space allocated in the room layouts as indicated in the existing As-Built Drawings, and fits through the existing facility door openings. The Contractor shall verify site conditions by physical survey prior to the Preliminary Design Review. G. All cabinets and enclosures housing electronic equipment shall be provided with adequate protection against electrostatic discharge during installation and maintenance of equipment. The Contractor shall furnish and install anti-static floor mats in front and rear of cabinets and racks for CBTC wayside equipment for ESD mitigation. All cabinets and enclosures housing electronic equipment shall be provided with a grounded wrist band with appropriate lead length for ESD mitigation during maintenance/ installation or removal of equipment. H. Cabinets and equipment cases shall be located so as to allow free and easy installation and maintenance access to the equipment inside. At least 3 feet of unobstructed space shall be provided in the front and rear of all equipment cabinets for providing normal access to circuit boards, power supply units, connecting cables, and terminal strips. I. All equipment planned for installation in the CBTC room shall be designed for a floor loading not to exceed 150 lbs/ square foot. J. The Contractor shall coordinate and perform “clipboard” site surveys with Metro prior to locating any field equipment and receive approval of suitability of location prior to actual installation. K. Furnish two WCU equipment cabinets that are welded steel, non-modular, shock-mounted, free standing, single door, dual access (single doors on front and rear) or two door dual access (overlapping doors on front and rear), EMI/RFI type, NEMA 12, as manufactured by Hoffman, Electromate (Rital) or the Saginaw Control and Engineering Company, or approved equal, modified to meet the requirements of these Specifications. The Cabinets shall not be joined together. Preferred heights for cabinets are 84 inches, 72 inches, and 60 inches. L. The size of the cabinets shall be compatible with the electronic equipment to be furnished at each location and all requirements specified elsewhere herein. Equipment shall not be mounted at a height of more than 6 feet from the finish floor of the room. There shall be a minimum of 25 percent free shelf space in each cabinet. M. The salient characteristics of the cabinets shall be as follows: 1. The cabinets shall meet NEMA standard 12 and be of all welded construction. Construct the equipment cabinets of 12 gauge steel with 12 gauge steel doors, and include shielding. 2. Doors shall have continuous, removable, stainless steel hinges. Seams shall be continuously welded and ground smooth with no holes or knockouts and stiffeners welded to the back of each door. Furnish three point latching on each door and latching rods with rollers. The latching mechanism shall be operated by an oil tight key-locking handle. Equip each door with a door stop kit with 90 degree, 130 degree and 160 degree stop points, as manufactured by Saginaw or approved equal. Furnish doors with EMI type oil resistant door gaskets Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-25 September 2015 attached with electrically conductive oil resistant adhesive and held in place with steel retaining strips. Door handles shall have provisions for locking. 3. Furnish and install each cabinet with two manually operated lighting packages, one in front and one in back. Furnish and install a remote mounted door activated switch in series with each of the electric line energizing the front lighting package and the rear lighting package. In addition to bulb with each lighting package, furnish four bulbs for each enclosure. Furnish and install each cabinet with a duplex convenience outlet (in addition to outlet with lighting package). For each cabinet, energize the lighting package and convenience outlets from a circuit breaker separate from the one used for energizing electronics in the cabinet. 4. Furnish and install a removable print pocket on the inside of each back door. 5. Furnish a minimum of four lifting eyes on the top surface. 6. Furnish and install mounting channels and all hardware and miscellaneous materials required for the installation of cables and equipment, for each cabinet. Secure the channels horizontally to interior body sides at top, bottom and center. Furnish and install a non-PVC conduit assembly on each side of the enclosure. 7. Fully insulate each cabinet during manufacture with a 1/2" foil-backed, non-flammable, non-toxic, foam insulation, as manufactured by Saginaw or approved equal. Increase the thickness if required based on the heat dissipation analysis. 8. Phosphatize all surfaces prior to painting. Finish the interiors and exteriors with a polyester urethane (powder) in accordance with ANSI 61. The interior shall have a white finish coat. The color of the exterior finish coat of paint shall be grey. 9. Cabinets shall include temperature monitoring to transmit an over -temperature alarm to the MOCC on the ATS. N. Cables shall be segregated by cable type. Separate entrances shall be made for power cable, data cable, and cable for control and indication. Cable holes shall be cut in the factory only. Size cable holes appropriately. Design all entrances and openings in the cabinets to maintain the NEMA 12 rating of the cabinet. Furnish all cable, conduit and equipment entrances and openings with flanges, stiffeners and environmental resistant EMI/RFI gaskets. All cable openings where cables enter shall be closed with a soft, easily removable insulating compound, or otherwise sealed in an approved manner. O. The equipment cabinets shall have right or left opening doors depending upon the location of the equipment cabinets. The minimum clearance distance between the edge of a door opened at 90 degrees and the nearest equipment shall be three inches or greater. At those locations where single door dual access cabinets cannot comply with the minimum clearance distance, furnish two door dual access cabinets. Determine the existing clearance from field measurements at each work site. The furnishing and installing of right or left opening doors and number of doors shall be as approved by the Engineer. P. The cabinet shall include an internal copper bus bar vertically mounted between the top and bottom of the cabinet. All equipment within the cabinet shall be grounded to the bus bar. The bus bar shall be grounded to a ground stud on the top of the cabinet. The ground stud shall be grounded with a 12-inch long, No. 6 AWG wire to the room grounding bus.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-26 September 2015 Q. Furnish materials to ground all electronic equipment cabinets to the room ground bus. The room grounding bus shall be located within 12 inches from the ground stud of the cabinet. The bus bar extension shall be the same size as the room ground bus bar. Furnish a two-inch wide tin plated copper braided ground strap between the cabinet ground terminal and the bus bar. R. All electronic equipment cabinets, shall have engraved aluminum signs designating the equipment enclosed, (i.e., “WCU A, WCU B”), and the number and identification of the system in accordance with the Contract Drawings. Mechanically fasten all the engraved aluminum signs to the front and rear doors of the electronic equipment cabinets. S. Shock-mount each equipment cabinet with helical cable isolator type shock-mounts as manufactured by Aeroflex or approved equal. Furnish additional hardware to facilitate electrical isolation and top supports to prevent the cabinets from swaying. Submit site specific cabinet installation details for the approval of the MTA. T. For each configuration of cabinet, prepare and submit a detailed heat dissipation analysis with all calculations, proposed cabinet layouts and cooling units for approval of the Engineer prior to manufacturing the cabinets. Perform the analysis of the cabinets assuming the input module load to be full and the output load to be 60 percent on. U. The Installation requirements include: 1. Design the cabinets to be anchored to the TC&C room floors and grout spaces as required. Replace floor tiles as required. 2. All cables shall be neatly trained to cable supports in the rear of the cabinet with ty-wraps. For equipment identification within and outside of the cabinets furnish engraved tags, white lettering on a black background and attach with permanent brass rivets. 3. All equipment mounted on or within the electronic equipment cabinets shall be furnished with all brackets, hardware and rubber matting and shock mounted to reduce vibrations to an acceptable level. The type and size of the shock mounts furnished shall be based on the design. The use of tie-wraps or velcro type materials to secure the equipment within the cabinets shall not be permitted. 4. Furnish all conduit, wire, circuit breakers and fuses for power supplies, communications lines, data cables and equipment for the operation of the code systems. Ethernet and data cables shall be run in conduit separate from other conductors. Ethernet and data cables may also be placed in a separate partition in conduit subject to approval of the Engineer. 5. When going through walls, crossing tracks or along the ceilings, design cabling so the fiber optic, Ethernet and coaxial cables are in GRS conduit. Furnish plenum rated inner duct to protect the cables entering and leaving the conduits or in areas where hazardous conditions may cause damage to the cables. 6. Provide a minimum of 3 feet of clear work space wherever access is provided by a door. 2.7.7 TRACKSIDE CBTC EQUIPMENT A. Equipment mounted along the track shall be kept to an absolute minimum and shall be restricted to those items providing a direct interface with the track, trains or personnel.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-27 September 2015 B. In tunnel areas, the Contractor shall ensure that equipment to be mounted between the running rails shall be kept to an absolute minimum. It is strongly preferred that only bonds, cables and necessary transponders be installed between the rails. C. Devices mounted between the running rails shall be protected from damage by ramps and covers designed to support 300 pounds. These ramps and covers shall be sufficiently strong to withstand impact from equipment hanging from passing trains. The top of such ramps and covers shall not extend above the top of the running rail. This requirement does not apply to bonds and/or transponders. D. The covers shall be easily removable for maintenance purposes. The equipment and covers shall be located such that it cannot be damaged by mechanical tamping equipment. E. Trackside equipment shall be located by the Contractor such that: 1. Any equipment not accessible from the ground shall be submitted to the MTA for approval prior to preliminary design review. 2. No part of the equipment other than direct cable connections can come into contact with the traction power or running rails. 3. Staff working on the equipment cannot accidentally come in contact with the traction rails. 4. It does not obstruct walkways or other areas of safety, and does not foul the dynamic envelope. 5. No other equipment needs to be removed in order to gain access to signaling equipment. 6. No signaling equipment needs to be removed in order to gain access to other equipment. F. All CBTC system equipment trackside shall be designed and installed so that any doors cannot remain open in such a way as to foul the vehicle dynamic envelope. . For each stage of the cutover, the Contractor shall provide an installation procedure that details how the CBTC system trackside equipment shall be constructed and installed in the trackway and TC&C rooms (CDRL 2-11). 2.7.8 Power Sources and Distribution 2.7.8.1 Equipment The Contractor shall furnish all power supply equipment required for the rated loads of the zone controllers located in the CBTC equipment room inclusive of cabling, and terminations. All power supply equipment for the Zone Controllers equipment shall be housed within a power rack. The Contractor shall provide a power requirement estimate for the input power supply required. 2.7.8.2 Connection Input AC power to equipment rooms shall be available as indicated on existing As-Built Drawings and as specified below. The Contractor shall take into consideration the available power supply feeder and the backup time for the design of the CBTC wayside subsystem. The input power feeders shall be made available on a wall mounted, terminated, fused disconnect switch of appropriate rating provided by the Contractor. Contractor must verify correct availability of input phases prior to designing and installing power distribution for CBTC external and internal loads. Under no circumstances shall the Contractor utilize the input AC phase allocated for powering 60 Hz AC track circuits (currently Phase C). All power connections, busing, protection and distribution to the CBTC Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-28 September 2015 equipment in the room after the input disconnect switch shall be in the Contractor’s scope of work. Electrical Input Power feeder characteristics for the two Phases provided for CBTC equipment use shall be as follows: A. Voltage: 120V RMS, AC single phase ± 2% regulation B. Frequency Range: 60 Hz ± 3Hz C. Waveform; Sinusoidal D. Connection: Terminated on wall mounted, fused disconnect DPDT (double pole, double throw) switch provided by the Contractor. 2.8 SOFTWARE This section describes requirements for the modification, adaptation, configuration, and control of Contractor existing CBTC software. The Contractor shall use as the basis, software that has a documented history of prior use in train control. It is understood that the integration of baseline software will require modification and adaptation to meet the specific requirements of the Metro system. The scope of this work includes: A. The Contractor shall furnish all tested software required for the CBTC system and its subsystems, including central, wayside, carborne and data communication subsystems. B. The Contractor shall demonstrate that software executables can be created from furnished design documentation, source code and support tools for the CBTC system software, including software applications for the Automatic Train Supervision (ATS), Carborne Controller (CC), Zone Controller (ZC) and Data Communication System (DCS) subsystems. Documentation associated with the CBTC system and subsystems software shall be provided by the Contractor. C. The Contractor shall provide complete up-to-date software documentation to the MTA upon Project Completion. D. The software requirements specified herein shall be applicable to all Contractor, subcontractor and Original Equipment Manufacturers (OEMs) that are responsible for delivering software products for the CBTC system and its subsystems. All required software documentation shall describe the processes that will be followed by the Contractor, subcontractors and OEMs. 2.8.1 Documentation The Contractor shall submit the following documents, which are subject to review and approval by the MTA. A. Software Development and Configuration Management Plan, which includes the following elements in a complete and comprehensive Plan (CDRL 2-13): 1. Software Project Management 2. Software Development and Adaptation 3. Software Configuration Management 4. Software Verification and Validation

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-29 September 2015 5. Software Quality Assurance B. Software Requirements Specification (CDRL 2-14) C. Software Configuration Items List (CDRL 2-15) D. Database Design Description (CDRL 2-16) E. Software Design Description (CDRL 2-17) F. Software Test Plans (CDRL 2-18) 2.8.2 Software Development and Configuration Management Plan (SDCMP) A. The Contractor shall develop and submit a Software Development and Configuration Management Plan (SDCMP) that defines the technical and managerial processes or activities necessary to satisfy the software project requirements. The adaptation of custom CBTC system software shall be supported by the use of software development, prototyping and management tools where applicable. The SDCMP shall define all proposed software development, prototyping, and management tools that are intended to be used during the preparation of the CBTC system software. The latest version of all software tools shall be utilized for the CBTC system. B. The SDCMP shall be developed in accordance with IEEE Standard 1558, Procurement Type 5. The SDCMP shall be the controlling document for managing the CBTC system software preparation. 2.8.2.1 Software Development and Adaptation A. The SDCMP shall include a Software Development Plan that defines the CBTC system software processes to be used to adapt, factory test, and field test the CBTC system. The SDP shall define the software adaptation methods to be used for each phase of software development, including descriptions of the manual and automated tools and procedures to be used in support of these methods. B. The SDP shall define the software review, audit, walkthrough and inspection types to be applied during software preparation; the procedures associated with each review, audit, walkthrough, and inspection; and the type to be applied for each software life-cycle activity. C. The SDP shall define the process to be implemented to assure the correctness and completeness of all test systems, simulators, and other custom support tools. The SDP shall define the process to validate all support tools implemented as part of the CBTC system, including those tools provided in support of adaptation, development, test, or maintenance. 2.8.2.2 Software Configuration Management A. The Contractor shall describe Software Configuration Management, which shall define the procedures for software configuration management including SCIL management, software version control, software change control and software build management. The management shall be developed in accordance IEEE Standard 1558, Procurement Type 5, and shall include guidelines for the use of the configuration management/version control tool as well as the procedures for controlling the files during all phase of the project life-cycle. These guidelines shall address the structure of working directories, impose limitations on multiple program copies, and identify the criteria for retrieving and storing versions to control.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-30 September 2015 B. The Software Configuration Management section of the SDCMP shall include the following: 1. The Contractor’s approach to managing all software items documented in the SCIL. 2. Methods and facilities used to maintain, store, secure and document controlled versions of the identified software developed as well as externally acquired COTS products. Version control methods shall provide an easy means to determine which version currently resides in all ATC MOCC, wayside and carborne CBTC equipment and also which versions were used in the past. 3. Content requirements, format and the approval cycle of Configuration Management reports shall be included in the SDCMP. Report formats shall be consistent and tool- independent. 4. A procedure for updating and reviewing all application documents. C. The Contractor shall document modifications to software design subsequent to the Final Design Review milestone within a Software Change Report. The Software Change Report shall be kept current, reflecting all agreed upon changes to the baselined software. The SDCMP shall describe the content of the Software Change Report and the frequency of generation of the report. All printed documents that are submitted to MTA shall contain a version number and revision dates. 2.8.2.3 Software Verification and Validation A. The Contractor shall document the approach for software verification and validation in the Software Verification and Validation (SV&V) section of the SDCMP. The SV&V shall be developed in accordance IEEE Standard 1558, Procurement Type 5. B. The SV&V shall address all verification tasks that assure that the CBTC System software will meet all the defined software safety requirements. All software verification and validation processes shall be performed by an organization, which is independent of the software development organization. The SV&V shall describe the independent organization and how they shall interact with the software development team. C. The Contractor shall verify all CBTC system software required under the Contract in accordance with the MTA approved SDCMP and shall provide the required documentation under the to demonstrate conformance to the satisfaction of the MTA. The Contractor Software Verification and Validation shall describe the integration of the subsystems to cover the requirements of the entire system. D. The SV&V shall define the content and format for all outputs and reports to be provided. 2.8.2.4 Software Quality Assurance A. The Contractor shall develop and document the approach for performing effective software quality assurance and for identifying individuals responsible for performing Software Quality Assurance activities in the Software Quality Assurance (SQA) section of the SDCMP. The SQA shall be developed in accordance IEEE Standard 1558, Procurement Type 5. The SQA shall be applicable to all software developed specifically for the Metro CBTC system. B. The section shall describe how the Software Quality Assurance (SQA) processes and procedures assure ATC system safety. The SQA section shall address both scheduled and unscheduled audits of software development processes, by the Contractor’s internal Quality Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-31 September 2015 Assurance organization, and shall include a process for resolution/tracking of any defects identified by this audit. The SQA section shall describe how the results of internal development reviews and audits are recorded and resolved. C. The SQA section shall describe how non-conformance is identified and the methods that are used for tracking and resolving non-conformance issues. Note that non-conformances shall include software development process problems, as well as software product anomalies. D. The SQA section shall include the plan for reporting the Contractor’s and Subcontractor’s software quality assurance activities. Software quality assurance activities shall include software process compliance evaluations and software product reviews. The Contractor shall ensure that the SDCMP will be adopted and followed by the Subcontractors. 2.8.3 Software Requirements Specification A. The Contractor shall develop and submit a Software Requirements Specification (SRS) for the CBTC system and its subsystems. The SRS shall be developed in accordance with IEEE Standard 1558, Procurement Type 5. The SRS shall address each CBTC subsystem software requirement defined within this Technical Specification and allocated to software. All software requirements shall be fully analyzed and documented in the SRS. The SRS shall be kept up-to-date throughout the life of the project and shall reflect all MTA-approved changes to the software requirements. B. The SRS shall include graphic representations of software functions (such as data flow diagrams), which conform to the requirement analysis methodology defined in the approved SDCMP. The graphic representations are intended to assist the MTA in understanding the functional descriptions of the software items and the hierarchy of the software functions. Data definitions and database requirements shall be defined in the SRS. Graphical representation of the data hierarchy shall be provided and a complete data dictionary shall be generated for all SRS data. 2.8.4 Software Configuration Items List A. The Contractor shall prepare, deliver, and maintain a detailed inventory of all Software Configuration Items (SCIs) in a Software Configuration Item List (SCIL). The SCIL shall include all documentation and all software maintained under the CBTC Software Configuration Management System necessary for the development, design, and execution of the CBTC system, including Vital software, Non-Vital software, and Configuration Data. The SCIL shall include all CBTC system equipment, including CBTC user interfaces (i.e., carborne CBTC equipment, MOCC CBTC equipment, PTE, BTE, etc.) on the MTA property. B. As the ATC subsystem software development progresses, the lowest level to which the software is defined during that phase shall be the level to which the software inventory is documented. The SCIL shall document the evolution or changes that occur to each SCI. The Contractor shall update the SCIL as each SCI changes, throughout the Contract period. C. Description of whether the SCI can be modified by MTA and if so which specific portions can be modified. The Contractor shall submit a final SCIL which defines all software products residing on each railcar, at all field locations and at all OCC locations at the time of Acceptance or Conditional Acceptance.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-32 September 2015 2.8.5 Database Design Description A. The Contractor shall develop and submit Database Design Description (DBDD) documentation. The DBDD shall be developed in accordance to IEEE Standard 1558, Procurement Type 5. The DBDD documents shall reflect a level of design that is consistent with the PDR and the FDR project milestones. The Contractor shall ensure that all requirements for the SCI are allocated to the appropriate database elements. The Contractor shall provide both textual and graphical descriptions according to the MTA approved development methodology described in the SDCMP. B. The DBDD shall describe the structure and content of the ATC system databases; provide descriptions and procedures for creating and maintaining the databases, and documentation on the preparation of database data. The DBDD shall define the individual elements (files, records, fields, and tables) of each sub-database and describe the interrelationships to elements of different sub-databases. A comprehensive description of the structures that integrate the individual database elements shall be provided in the DBDD, using both text and diagrams to show the interrelationships of these elements. 2.8.6 Software Design Description A. The Contractor shall develop and submit Software Design Description (SDD) documentation. The SDD shall be developed in accordance to IEEE Standard 1558, Procurement Type 5. The SDD documents shall reflect a level of design that is consistent with the requirements for the Preliminary Design Review (PDR) and the Final Design Review (FDR) milestones. The SDD shall be submitted to the MTA in accordance with these milestones. The Contractor shall ensure that all requirements for the SCI are allocated to its software components. The Contractor shall provide both textual and graphical descriptions according to the Authority approved development methodology described in the SDCMP. B. For the PDR, the Contractor shall transform the software requirements for each SCI into a software architecture that describes the top-level structure and identifies the software components. The SDD documentation for PDR shall include the following: 1. Description of the hierarchy and structure of the software including decomposition to modules or components, data decomposition, external interface and message and inter- process communications 2. Software component definitions including algorithms and data structures, input and output descriptions, static relationships to other software components or units, and reuse identification 3. Description of the internal and system databases used by the software, including a description of all inputs required and outputs produced by each software module. 4. Detailed program specifications for each component describing the software component concept of execution, including data flow and control flow 5. Resource and design limitations such as maximum quantity of data items, which can be processed C. For the FDR, the Contractor shall develop a detailed design for each software component defined as part of the software architecture. The software components shall be refined into lower levels containing software units that can be coded, compiled, and tested. A formal Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-33 September 2015 baseline of all software design shall be created and placed under configuration management upon completion and MTA approval of the FDR milestone. No changes shall be made to baselined software design unless the MTA gives prior approval. 2.8.7 Software Test Plans A. The Contractor shall develop and submit a Software Test Plan (STP) that describes the overall software developmental test processes, including the responsibilities of individuals and the documentation of the test results. The STP shall address unit level, component and Software Integration testing. The STP shall be developed in accordance IEEE Standard 1558, Procurement Type 5. In addition, the STP shall conform to the latest edition of IEEE Standard 1008, Standard for Software Unit Testing. B. The Contractor shall develop test procedures and test reports for Software Integration Testing. The Software Test Procedure documentation shall provide a complete and comprehensive test of all the software requirements and functionality allocated to each SCI. The Contractor shall ensure that each CBTC subsystem software requirement defined within this Technical Specification and allocated to software has been addressed within the software test procedures. All test plans and procedures shall be submitted for approval by the MTA prior to conducting the tests. The test procedures shall address the following test requirements: 1. Complete exercising of the software component logic 2. Testing the full range of inputs against expected outputs 3. Stressing the software unit at the limits of its requirements 4. Test scenarios that will expose errors, omissions, and unexpected results C. All software testing shall be fully documented and maintained by the Contractor. D. The Contractor shall document all deficiencies. All tests necessary to verify the effectiveness of the corrective action shall be repeated after correction of a deficiency. All deficiencies found during the testing of software executables shall be subject to regression testing. Upon correction of the deficiency, the Contractor shall create a new version of software and perform regression testing on the new version. Regression testing shall verify that no unexpected results occur from the correction of deficiencies. The Contractor shall ensure proper execution of all associated test procedures. E. Software testing shall be automated and modular as far as practicable, in order to facilitate regression testing. Following satisfactory completion of all software testing and the approval by the MTA, formal factory and field tests shall be performed. 2.9 CONTRACT DATA REQUIREMENTS LIST The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications.

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-34 September 2015 Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 2-1 Performance Analysis XX

2-2 Safe Braking Model X X

2-3 Database Application XX

2-4 Work Zone and Work Train Protection X X 2-5 Initialization Test XX 2-6 Platform Berthing X X 2-7 System Access Security XX

2-8 Zone Controller XXX

2-9 CBTC System Design Description XXX

2-10 TC&C Retro-fit Installation XX

2-11 Wayside CBTC Equipment Design and Installation X X X

2-12 As-Built Drawings X Software Development and Configuration 2-13 X X Management Plan 2-14 Software Requirements Specification XX

2-15 Software Configuration Items List XX

2-16 Database Design Description XX

2-17 Software Design Description XX

2-18 Software Test Plans X

Attachment C, Part 2, ATC T-8000-1415 Section 2 – Communications Based Train Control Requirements TS 2-35 September 2015 SECTION 3 MAINLINE AND STORAGE YARD SOLID STATE INTERLOCKING REQUIREMENTS

Contents

3.1 GENERAL...... 3-1

3.2 SCOPE OF WORK...... 3-1

3.3 CODES AND STANDARDS...... 3-2

3.4 PRODUCTS...... 3-2

3.4.1 OPERATING AND FUNCTIONAL REQUIREMENTS ...... 3-2

3.4.2 HARDWARE REQUIREMENTS ...... 3-6

3.4.3 INTERFACE REQUIREMENTS...... 3-8

3.4.4 SOFTWARE REQUIREMENTS ...... 3-9

3.5 EXECUTION...... 3-11

3.5.1 CABLING ...... 3-11

3.5.2 IDENTIFICATION...... 3-11

3.5.3 TESTING ...... 3-11

3.6 SUBMITTALS ...... 3-11

3.7 REQUIRED CDRLS...... 3-13

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Mainline and Storage Yard Solid State Interlocking Requirements TS 3-i September 2015 SECTION 3 MAINLINE AND STORAGE YARD SOLID STATE INTERLOCKING REQUIREMENTS

3.1 GENERAL This section defines the requirements for the Solid State Interlocking (SSI) system to be used for all interlockings furnished for the project line under the scope of this Contract. The SSI system shall provide all control logic necessary to monitor vital inputs from CBTC system and vital relays, interface with other vital systems as necessary, interface with non-vital systems as necessary, process vital logic, and deliver vital control outputs for all interlocking and interface functions in a vital, fail- safe manner. In addition, the SSI system shall fulfill the following: A. Safety Requirements specified in Section 8 B. Reliability, Availability and Maintainability requirements specified in Section 9 C. Training requirements specified in Section 14 D. Testing requirements as per Section 11 to verify and validate all hardware, software and interface requirements as specified in this section E. Maintenance and Support services as specified in Section 13 F. Environmental requirements as specified for Wayside subsystems in Section 7 G. Electromagnetic Compatibility requirements as specified in Section 7 3.2 SCOPE OF WORK The Scope of Work for the SSI system includes the following tasks: A. Furnish all labor, materials, tools and equipment, and perform all activities necessary to design and build the SSI system and its interfaces as specified herein. B. Develop, design, and install the system and application firmware for the SSI system to deliver the performance, functional, and interface requirements as specified herein, in conjunction with the Auxiliary Wayside System (AWS) requirements described in Section 6. C. Develop and furnish all documentation, drawings pertaining to design (hardware and software) and installation, maintenance, training of the SSI system and its interfaces. D. Furnish all electronic equipment enclosures, interface racks, cable termination racks, power equipment racks and other necessary associated equipment as per the Technical Specification to completely house all the components of the SSI system and its interface cable connections. Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-1 September 2015 E. Ship, receive, unload, store and install all equipment necessary for the complete SSI system and all its interfaces. F. Perform all site surveys, environmental studies, analyses, certification and tests to support the design, installation, testing and commissioning of the SSI system. G. Perform Post Commissioning activities and provide necessary support to maintain system operation during warranty period. H. Furnish all special test equipment, spare part initial provisioning, and all special tools required for the troubleshooting, maintenance and repair of the SSI system and its interfaces. 3.3 CODES AND STANDARDS Codes, and standards referenced in this Specification shall be the latest edition in effect at the time of bid, and are considered to be part of this Specification as applicable. Codes and standards include: A. Authority Typical Signal Circuit drawings. B. American Railway Engineering and Maintenance of Way Association (AREMA) – Communications & Signals Manual of Recommended Practices, 2006 edition: 1. Section 16 – Vital Circuit and Software Design 2. Section 11.4.5: Recommended instructions for protecting Electronic equipment modules and sensitive components from ESD for field locations. 3. Section 11.3.3: Recommended design criteria for surge withstand capability of Electronic Signal equipment for Signal systems. 4. Section 16.3.2: Recommended Application Design Guidelines for Isolation of Power supplies used in vital signal systems. 5. Section 19.1.20: Recommendations for an ESD Control Program C. IEEE 1483-2000- Standard for Verification of Vital Functions in Processor Based Systems Used in Rail Transit Control. 3.4 PRODUCTS 3.4.1 Operating and Functional Requirements Requirements for the SSI system are listed below: A. The SSI system shall interface with: 1. The existing relay based signaling systems in adjacent interlockings as needed for intermediate phasing of the deployment on the Project Line 2. New SSI systems in adjacent interlockings as needed to support the final configuration and deployment on the Project Line B. The SSI system shall interface with all wayside equipment in use within the existing signal system and any wayside /CBTC equipment supplied under this Contract as needed to provide safe, uninterrupted, and certified revenue operation during all phases of the project including staged cutovers (CDRL 3-1).

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-2 September 2015 C. The SSI system shall interface with existing wayside/ signal equipment / existing AF track circuit modules as required to support the operation of existing fleet in revenue service during all phases of the project. Vital safe separation of revenue/ non-revenue vehicles shall be provided during all phases of the project and under all circumstances. D. The SSI system design shall provide uninterrupted, safe operation under the worst case timing parameters as defined by the CBTC system to meet overall performance requirements in Section 2. The SSI system shall include a design margin of 30% from the CBTC defined, allowable timing parameters for any message transmission/ reception times with other systems such as CBTC Wayside zone controllers, PLCs, and ATS. E. The equipment reaction times for SSI system, in conjunction with that of the interface equipment such as relays, switch machines, trip stops as planned for use on the supporting signal system for this Project shall comply with the worst case timing parameters as defined by the CBTC system to meet performance requirements in Section 2. The SSI system shall include a design margin of 30% from the CBTC defined, allowable timing parameters for equipment reaction times as specified above. F. The SSI system shall meet the Environmental requirements specified in Section 7 as applicable for equipment under Class C and D. G. The SSI system shall meet the Electromagnetic Compatibility requirements specified in Section 7. The Contractor shall provide EMI mitigation, surge suppression and lightning protection devices as required to mitigate the effects of noise, transients and grounds that may appear on inputs and outputs to the SSI system. The SSI system and its interfaces shall meet functional and performance requirements as specified in this Section and processor reset or processor shut down shall not be a normal response or mitigation to respond to input and output conditions resulting from induced transients due to traction power or exposure of interfaces and cables to water. H. The SSI system shall meet the Safety Assurance and Certification requirements as specified in Section 8. I. The SSI system and its interfaces to the CBTC system shall meet the Reliability, Availability and Maintainability requirements as specified in Section 9. J. The SSI system testing shall verify and validate all non-vital and vital software functions, hardware configurations and interfaces as specified in this Section and the process described in Section 11 for all phases of the project. In addition, the Contractor shall coordinate and provide the phasing and testing to put the new interlocking in service, and tie-in with existing signaling as required to maintain seamless operation through the affected territory. K. The SSI system processor’s speed, system throughput, communications throughput and memory shall have adequate capacity to meet all specified system performance and functional requirements. In addition, 25 percent spare installed input/output capacity and 50 percent spare memory capacity (logic equation capacity) shall be provided. L. Any processor architecture, redundant system configuration for seamless and instantaneous switchover in event of failure of the active/on-line processor, shall account for safe train operation through the interlocking when one unit of a redundant set fails. Note: Any storage yard SSI system is not required to be a redundant system.

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-3 September 2015 M. Shared processor architecture that geographically partitions an interlocking plant shall apply only to larger, multi-track or multi-switch configurations where the capacity (logic equation, input/output points, throughput or any combination thereof) of a single SSI system is not sufficient to control the entire plant. The Contractor shall submit and obtain design approval for any SSI shared architecture approach from the Engineer. N. The architecture among any shared systems shall consist of full diversity of interconnecting paths. Each unit shall have a separate redundant path to communicate with the other unit in the architecture. O. If a shared architecture is used to partition an interlocking plant, or set of tracks, failure of one complete SSI unit or processor within the architecture shall not cause disruption of safe, signaled operation of trains through sections controlled via other healthy SSI units or processor(s). P. Track switch status shall be provided to all units controlling a crossover such that failure of a processor(s) for one track shall not preclude safe train movement over the switch on the other track. Q. Duplicated logic in multiple processors in a shared architecture shall allow operation to continue on critical routes when a failure occurs in one of the shared processors controlling the interlocking. R. The circuits and designs resulting from this specification shall be in accordance with MTA standards and typical circuits. S. The SSI system shall support externally adjustable timers with a secure external means or by means of a verifiable configuration file to set their time without requiring a change to vital application software or Boolean logic. T. The Contractor shall provide a minimum 25 percent spare, installed capacity for vital and non-vital input and output discrete interfaces for the SSI system. U. The SSI system shall have a secure, hard-wired location code as an input to the system. This code shall be verified against a fixed application firmware code to ensure proper application/location match is attained prior to operation of the system. V. The SSI system shall provide onboard hardware and software diagnostics to detect malfunctions and failed printed circuit boards or other hardware components. These diagnostics shall be made available to the ATS subsystem as specified in Section 4. Diagnostics shall be designed to support the maintainability requirements in this specification section and Section 9 and shall include but not be limited to: 1. Indicators shall be provided for proper operation, status and/or fault conditions on PCBs, including I/Os. 2. Logging of faults that caused a system shutdown in non-volatile memory shall be provided. 3. The revision level of all installed printed circuit cards, the platform and Application firmware shall be captured and displayed. W. The SSI system shall support portable test units with diagnostic software with the ability to:

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-4 September 2015 1. Interrogate and display the status of all internal logic variables. Processors shall be provided with exclusive local diagnostic ports in order to maintain system operation in redundant mode when connected to portable test equipment 2. Monitor the vital and non-vital communication links and display diagnostics including but not limited to serial data capture, decoding and display; control and indication signal status; error rate measurement; error detection verification; and message retransmission. X. Failover management for any redundant architecture shall be transparent to operations. When a critical failure is detected by the system for any of the system elements, fault conditions shall be logged for ease of troubleshooting and failover initiated to the stand-by unit. Fault status information shall be made available to the ATS through the non-vital interfaces. Note: Any storage yard SSI is not required to be a redundant system. Y. In case of complete SSI shutdown, all vital outputs controlling signal aspects and train stops shall be placed in the most restrictive state (stop aspect, track switch locked and trip arm at danger). Z. The design shall manage safe system restart following a SSI system failure. Switches shall remain locked and signals shall be at stop until all interlocking detector track circuits indicate unoccupied and all other conditions have been met before producing a less restrictive output. AA. The design of the SSI System shall provide for a fallback mode of operation to enable safe train movement in the normal direction of traffic in the event of complete failure/ shutdown of the interface to the ATS. The scheme for the fallback mode operation shall be reviewed and approved by MTA prior to implementation. BB. A data recorder shall be provided as an internal function within the memory of the SSI system and shall be accessible remotely. It shall log all events, including but not limited to, results of all application logic expressions, input/output changes, operational communications messages and status of all diagnostic/fault indicators. Each event shall be stored for a minimum of 96 hours, with a time stamp synchronized to a master clock and with a resolution of 0.1 second. The time stamp shall be applied at the time the event occurs. In case of insufficient internal memory to meet the data logging requirement, the data shall be transferred to a central repository such as the ATS archive server, to avoid loss and capture of events. CC. The SSI system shall provide non-vital communication ports for non-vital communication of data between the vital processor and a separate non-vital logic control system or the unit’s own non-vital supervisory control processor if applicable. Non-vital communications with external non-vital logic control systems/processors such as the Modicon PLCs (Quantum Automation Series PLC) and Siemens PLCs (Simatic S7-414H Series PLC) shall be fully compatible and support EIA RS-232, RS-423 (using the Modbus or Modbus Plus protocols), Profibus, and Ethernet TCP/IP standards via use of appropriate network adapters as needed. Ethernet 10/100Base T or faster, with full duplex capability shall be supported. DD. The SSI system shall provide the capability to interface with a Local Control Panel (LCP) and support the LCP functions as specified in Section 6.

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-5 September 2015 3.4.2 Hardware Requirements The SSI system shall consist of: A. Redundant processors housed in cabinets with required memory, inputs/output interfaces, communications links and peripherals plug connectors, data transmission equipment, power supplies, power conditioning devices, terminal boards, wire connectors, and other equipment required to achieve a complete, standalone system to meet the specifications in this Section. Note: aAny storage yard SSI is not required to be a redundant system. B. Vital serial communications links as required to enable interface to other vital processors, CBTC system wayside zone controllers, and future adjacent SSI systems. C. Non-vital serial communication links as required to enable interface to other non-vital processors or non-vital logic control systems (PLCs). The communication architecture shall incorporate diversity of paths; i.e. each unit shall have a separate path to each other unit it communicates within the architecture D. Vital, discrete input and output circuits to enable direct interface with field equipment from each unit in a redundant configuration such as track circuits, switch machines, Traffic circuits, Trip stops, signal aspects, CBTC wayside zone controller as applicable to the interlockings on the Metro. E. Isolated, redundant Power equipment as required including any noise filtering, housed within the cabinets to provide system power to the SSI system F. Isolated redundant Power equipment, as required, housed within a power rack to provide power to the input / output interfaces as required to meet the functional and performance requirements of the interlocking. G. Input AC power to equipment rooms for SSI system equipment will be provided for rated load. The Contractor shall take into consideration the following requirements for the design of the SSI system: 1. The input power feeders will be made available on a wall mounted, terminated, fused disconnect switch of appropriate rating. 2. Contractor shall verify correct availability of input phases prior to designing and installing power distribution for SSI system loads. 3. Contractor shall utilize separate input AC power Phases for internal power distribution utilized for SSI system equipment within the room. 4. All power connections, busing, protection and distribution to the equipment in the room after the input disconnect switch shall be in the Contractor’s scope of work. 5. Input Power feeder characteristics for the Phases provided for SSI system equipment use will be as follows: a. Electrical Input: b. Voltage: 120V RMS, AC single phase +/- 2% regulation c. Frequency Range: 60 Hz +/- 3Hz

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-6 September 2015 d. Waveform; Sinusoidal e. Connection: Terminated on wall mounted, fused disconnect DPDT (double pole, double throw) switch (to be provided by the Contractor). H. All equipment furnished for the SSI system shall fit in the space allocated in the room layout as indicated in the existing Drawings and site conditions. I. All electronic equipment enclosures (SSI system cabinets, power rack, interface relay rack) shall be installed as per requirements specified and shall completely house all the components of the SSI system and its interface cable connections. J. All cabinets, enclosures housing electronic equipment shall be provided with adequate protection against electrostatic discharge during installation, maintenance of equipment. The Contractor shall furnish and install anti-static floor mats in front and rear of cabinets and racks for SSI system equipment for ESD mitigation. All cabinets, enclosures housing electronic equipment shall be provided with a grounded wrist band with appropriate lead length for ESD mitigation during maintenance/ installation or removal of equipment. K. All Cabinets, enclosures and racks shall be located so as to allow free and easy installation and maintenance access to the equipment inside. At least 3 feet of unobstructed space shall be provided in the front and rear of all equipment cabinets for providing normal access to circuit boards, power supply units, connecting cables, and terminal strips. L. The SSI equipment shall be designed for durability in the MTA subway environment. The equipment supplied shall be fully functional, capable of normal operation within the environmental extremes described in Section 7. M. All inputs and outputs shall be protected against contact bounce and spurious surges that may potentially contribute to unstable operations, resets and system shut down. N. Spurious noise on inputs shall not be detected as a fault. All inputs shall effectively filter noise that can be detrimental to stable system operation. O. Filter outputs to prevent transient interference that could result in an unsafe condition or inadvertent system shutdown. P. Outputs shall be capable of proper operation into loads with mild grounds without being declared failed. Q. Ground detectors employed on external wiring shall not cause detectable faults that would cause a failover. R. Equipment shall be designed to be rugged, and withstand the handling in troubleshooting, and preventive maintenance scenarios over the life cycle of the subsystem. The following requirements shall be met: 1. Electronic circuit boards shall be mounted within a protective rack or cage, with secure edge or similar connectors. Boards shall only be capable of being secured in the rack when fully inserted in the correct location. 2. Boards and plug connectors shall be keyed with the rack such that only the correct part numbered board/ plug connector can be inserted into a slot/ receptacle.

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-7 September 2015 3. Interconnecting cables between modules, sub racks, and racks that can be disconnected shall be kept to a minimum. Where provided, the connectors shall be heavy duty and durable, capable of being disconnected and connected many thousands of times during the life cycle of the equipment without dislodging of the pins and sockets and without the breaking of wires and their connections. 4. Each PC board or module shall be given a unique part number. PC boards or modules that are not interchangeable shall have different part numbers, even if only the firmware is different. 5. Individual printed circuit boards shall be able to be removed and replaced without removing power from the entire system. Each redundant system shall be supplied power from separate source feeds. Each sub-rack of each redundant system shall be supplied power from separate circuit breakers located in each rack to provide power removal to each separate sub-rack. Removal of power to any sub-rack shall cause the system to failover to the redundant system. S. Provide sufficient input /output terminals on the cabinets/ racks to accommodate the required functions. 3.4.3 Interface Requirements Interface requirements include: A. All connections to external circuits shall be designed to interface to standard MTA signal equipment operating at normal voltages for the type of equipment. B. All vital inputs and outputs shall have at least 3000 VAC RMS isolation from the rest of the SSI system. Adequate I/O PCBs shall be provided for interfaces including but not limited to: 1. Directly drive the signal lighting circuits for color light LED signal aspects without any interfacing relays. 2. Control output circuits to drive the interfacing vital relays controlling functions including switch operation, Trip stops, Traffic circuits, and CBTC wayside zone controller functions. 3. Input Circuits to accept functions including Track Circuits, Switch Indications, Trip Stop indications, Traffic circuits, CBTC vital wayside zone controller functions. C. All interfaces to field equipment via vital relays shall be minimum and limited to one interface relay rack. The Contractor should provide for solid state direct interfaces for interfacing with field equipment such as Signal Aspects, Switch machines, Trip Stops to the extent possible to minimize the number of racks/ cabinets for housing the SSI System. For all cases where vital relays are planned for interfaces, Contractor shall seek approval from MTA. D. The SSI system shall provide interfaces with, but not limited to, the following: 1. CBTC Wayside zone controllers- The Contractor shall provide for a direct interface to the Wayside zone controllers without utilizing vital relays. For all cases where vital relays are planned for interface between Wayside zone controllers and SSI System, Contractor shall seek approval from MTA prior to proceeding with system design. 2. Traffic circuits – The interface shall comply with the MTA typical Traffic Circuit drawings

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-8 September 2015 3. Field Input Equipment – Track Relays, Switch position relays, Trip Stop position relays 4. Field Output Equipment – Switch Control Relays, Signal Aspects, Trip Stop Operation 5. Non- Vital PLC equipment for controls and indications 6. Interface to ATS 7. Temporary interface to the existing AIMS system either directly or through the existing code system interface. 3.4.4 Software Requirements Software requirements include: A. Software for the SSI system shall be clearly categorized into platform (application independent) and application dependent portions. The platform software shall be stored in Read-only memory devices on the system. The application software shall be stored in solid state EPROM chips or in flash memory. B. User defined/configurable parameters shall be structured separately. Relocation, addition or deletion of switches, signals, their associated interlocking logic, etc. by MTA shall be provided for and shall not affect the safety validation of the platform software. C. Software for the SSI system shall meet all safety requirements specified in Section 8. D. All functions required for system integrity evaluation, error logging, hardware interface, timing, data communications, application logic execution, and the application of power to the vital controller shall be implemented in a safe manner using a design approach reviewed and approved by the Engineer. E. The Application Software shall be designed, installed, tested, validated to perform all interlocking functions including but not limited to: 1. Route Check 2. Signal Control 3. Signal Lighting 4. Signal Indication 5. Light out function and detection 6. Overrun Detection 7. Time locking 8. Route Locking 9. Detector Locking 10. Approach Locking 11. Switch Control 12. Switch Indication

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-9 September 2015 13. Switch Correspondence 14. Loss of Shunt 15. Trip Stop control and indication 16. Force and Lock 17. Traffic between interlockings 18. All CBTC interface controls and indications 19. Transition to degraded mode(s) 20. Vital control and indication interface processing 21. Interface to existing AF Track circuit and Cab modules for supporting existing fleet operation 22. Interfaces to non-vital functions including the non-vital processor F. The Application Software shall be designed, installed, tested, validated to perform all non- vital functions including but not limited to: 1. Switch Request and Indication 2. Signal Request and Indication 3. Local Control Panel (LCP) Control Mode Request and Indication 4. Snowmelter Request and Indication 5. Absolute Block Request and Indication 6. Terminal Mode Operation and Indication (as required) 7. Hold Exit Indications 8. Track Occupancy Indication (as required) 9. Alarm Indication 10. Route Indication G. The Application software shall be written and compiled using programming tools that enables the system logic to be expressed in terms familiar to the MTA signal engineers and Maintainers, using relay logic circuit and ladder logic diagrams or approved equivalent method. H. The Application Software shall be written using the existing naming convention for each assigned variable.

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-10 September 2015 3.5 EXECUTION 3.5.1 Cabling Instructions for cabling include: A. Segregate cabling for all power and signal connections for the SSI system to eliminate interference from noise sources. B. Segregate clean cabling, which has proper noise suppression, from dirty cabling, which may have high levels of noise, in the field and in equipment rooms. C. Isolate field wiring connected directly to the vital processor interlocking inputs and outputs from cables that experience surges and noise spikes from high energy sources such as the rolling stock, traction power system and operation of track switches, train stops and other noise sources. D. Route wiring in equipment rooms to eliminate coupling from nearby noise sources such as the collapsing magnetic fields of relay coils, incoming power sources and track circuit and other field wiring. 3.5.2 Identification Mount a typed or machine printed indelible name tag for each SSI system cardfile/cabinet on the front plate of the cabinet. The name tag shall be easily replaceable, but shall not come off during normal service. 3.5.3 Testing All Interlocking testing requirements shall be in accordance with the process specified in Section 11. The Contractor shall comply with these requirements for the SSI system and perform activities as required as approved by the Engineer. If any of the Work does not meet the requirements of the Contract Documents and does not pass the required tests, implement any necessary design changes, repairs, adjustments or replacements to the Work so as to correct any item such that the test requirements are met. 3.6 SUBMITTALS Prepare and submit the following documents for review and approval by the Engineer: A. SSI System Design Description of the systems architecture and configuration including processor(s), communication interfaces, discrete input/output and support elements for each application required for the system. Include interconnection and operation details for the redundant control schemes used to meet overall system availability requirements. Include Power and space calculations to meet project infrastructural and environmental requirements. Also include for when the vital microprocessor system is used for performing all non-vital functions in lieu of a separate PLC. B. Detailed Design shop drawings, catalog cuts, and detailed descriptions giving complete performance, capability, and environmental data of the SSI system and support equipment, its development, testing, and programming tools, and its graphical user interface. Any changes made after FDR shall be resubmitted to MTA within 10 working days.

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-11 September 2015 C. Book of Plans containing layout, cabling, Interfaces, I/O configuration, Mechanical and circuit drawings, PCB configurations, communication interfaces to other vital and non-vital systems as applicable to specific location(s) on the Project. D. Interface Document containing details of the SSI system interface with vital, non-vital systems, adjacent vital relay systems, traffic circuits, supervisory control systems (ATS), CBTC Wayside zone controllers, PLCs as required. E. Timing Analysis Document for the SSI system shall include a detailed timing analyses breakdown of the various components and the corresponding processing time associated with that component as well as any specific engineering rules, priorities, constraints, and/or limitations that need to be respected (i.e., wayside element distribution, as when an interlocking is divided to allow control by more than one Vital Microprocessor within the limits of the distribution, I/O assignments). The various components shall include the following: 1. All communication interfaces 2. All discrete input scans including relay pick up, drop away times (Track circuits, Switch position indication, Trip Stop position indication, etc.) 3. Delivery of discrete outputs including relay pick up, drop away times 4. Diagnostics and monitoring 5. Application Logic processing F. Failure Management Plan detailing all fault scenarios related to application and responses of the system to failures. G. Equivalent circuit drawings to MTA typical circuit standards to substantiate software design adherence to MTA design standards and Interlocking rules and to demonstrate that they meet the signaling conventions, functionality, and operating procedures. The proof of equivalent circuits can be provided in the form of ladder logic, functional diagrams/tables, Boolean equations/expressions, and other representation methods approved by the Engineer. Where equivalent vital logic circuits differ from MTA Standards, approval from the Engineer shall be required. H. Factory Test Plan, Test Procedures for testing of SSI system and its simulated interfaces at the Contractor’s premises. I. Certified Factory Test Reports. J. Installation Drawings, Room and Rack Layouts containing equipment clearances for maintenance, and adjustment settings including a tabulation of all units, assemblies, subassemblies and miscellaneous parts required for the field installation at the project site location. K. Field Test Plan, Test Procedures for testing, installation, and functioning of the SSI system and its interfaces at the project site location. L. Certified Field Test reports.

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-12 September 2015 M. Maintenance Support Documentation of the development tools, their capabilities and graphical user interfaces required for application software development and installation, operation, maintenance and, monitoring of the system. Includes Documentation to manage post revenue changes. N. As-built Documentation including drawings, application firmware listings, and equivalent relay circuits for the vital microprocessor system and associated equipment showing actual in service conditions. O. Hardware list installed in their final configuration which shall include unique identifying numbers for each component. Any changes made after installation shall be resubmitted to MTA 3.7 REQUIRED CDRLS Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 3-1 SSI System Description X

3-2 Detailed Design XX

3-3 Book of Plans by Location XX

3-4 Interfaces Document X 3-5 Timing Analysis X 3-6 Failure Management Plan X 3-7 Equivalent Circuit Drawings XX 90 days 3-8 Factory Test Plan, Procedures prior to test 30 days post 3-9 Certified Factory test Reports test 3-10 Installation Drawings, Room & Rack Layouts X 90 days 3-11 Field Test Plan, Procedures prior to test 30 days post 3-12 Certified Field Test Reports test 3-13 Maintenance Support Documentation X

3-14 As- Built Documentation X

3-15 Hardware Listing for final Configuration X

Attachment C, Part 2, ATC System T-8000-1415 Section 3 – Solid State and Storage Yard Interlocking Requirements TS 3-13 September 2015 SECTION 4 AUTOMATIC TRAIN SUPERVISION REQUIREMENTS

Contents

4.1 ATS GENERAL REQUIREMENTS...... 4-1

4.2 SCOPE OF WORK...... 4-2

4.3 ATC TRAIN IDENTIFICATION AND TRAIN TRACKING...... 4-3

4.4 AUTOMATIC TRAIN REGULATION...... 4-3

4.4.1 TRAIN OPERATIONS OPTIMIZATION...... 4-3

4.4.2 AUTOMATIC TRAIN ROUTING ...... 4-3

4.4.3 AUTOMATIC DISPATCHING...... 4-4

4.4.4 AUTOMATIC SCHEDULE AND HEADWAY MANAGEMENT ...... 4-5

4.4.5 CHANGES TO SCHEDULES ...... 4-5

4.5 HOLD FUNCTIONS...... 4-6

4.5.1 TRAIN HOLD ...... 4-7

4.5.2 SYSTEM HOLD...... 4-7

4.5.3 STATION HOLD ...... 4-7

4.6 DE-ENERGIZED THIRD RAIL...... 4-7

4.7 RESTRICTING TRAIN OPERATIONS...... 4-7

4.8 CUSTOMER INFORMATION SYSTEM (CIS)...... 4-8

4.8.1 STATION PLATFORM ANNOUNCEMENTS ...... 4-8

4.8.2 GOOGLE TRANSIT ...... 4-8

4.9 ENERGY OPTIMIZATION AND MINIMIZATION...... 4-9

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-i September 2015 4.10 FAULT REPORTING...... 4-9

4.10.1 MOCC ALARMS DISPLAYED...... 4-9

4.10.2 INFORMATION WITH MOCC ALARMS ...... 4-10

4.10.3 ALARMS DISPLAYED TO THE TRAIN OPERATOR...... 4-11

4.10.4 SOFTWARE VERSION...... 4-11

4.11 FAILURE AND OPERATIONS-AFFECTING EVENT MANAGEMENT...... 4-11

4.12 DATA RECORDING AND REPORTING...... 4-11

4.12.1 DATA RECORDING...... 4-11

4.12.2 DATA REPORTS...... 4-14

4.12.3 FAILURE SUMMARY REPORT...... 4-14

4.12.4 DAILY SUMMARY REPORT...... 4-15

4.12.5 MILEAGE REPORT ...... 4-15

4.12.6 GENERAL REPORTING REQUIREMENTS: ...... 4-15

4.13 ATS HARDWARE REQUIREMENTS...... 4-15

4.13.1 SERVER EQUIPMENT...... 4-16

4.13.2 ALL WORKSTATION COMPUTERS ...... 4-17

4.13.3 PRINTERS...... 4-18

4.14 SCADA INTERFACE ...... 4-18

4.15 ATS HUMAN INTERFACE DEVELOPMENT...... 4-18

4.15.1 ERGONOMICS...... 4-19

4.15.2 ATS ACCESS CONTROL ...... 4-20

4.16 CDRL ITEMS ...... 4-21

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-ii September 2015 SECTION 4 AUTOMATIC TRAIN SUPERVISION REQUIREMENTS

4.1 ATS GENERAL REQUIREMENTS A. The ATS is a Non-Vital portion of the ATC system responsible for the centralized traffic control of interlocking, terminals, and various miscellaneous supervisory functions from the Metro Operations Control Center (MOCC), which includes the Backup BOCC, and Local Control Panels (LCP). The ATS subsystem shall be operational at all times, and under all modes of operation. The ATS subsystem shall allow local operation of interlockings through the ATS workstations and LCPs in field locations. Local control of small portions of ATC territory shall not affect ATS functions from being implemented automatically in all other portions of ATC territory. Remote manual control shall not adversely impact normal revenue operations or authorized train speeds. B. The ATS system shall replace certain elements of the Metro Central Supervisory Control System (CSCS) at MOCC. The Contractor shall integrate all the functionality of the SCADA portions of the CSCS into the ATS design with implementation such that the interaction with the Central Control Operator is no different than the current system being replaced. The replacement will result in a new CSCS that includes the new ATS, replacing the Train Traffic Management, with the seamless integration of the SCADA system. C. The ATS subsystem shall provide all information, indications, and alarms necessary for rapid and accurate operational decision-making by the Administration. The ATS subsystem shall provide the MOCC train status and alarm information on a real-time basis, and shall permit the MOCC to issue commands to exert control functions over the entire system, portions of the system, and individual components of the system, including individual trains and switches. D. The ATS subsystem shall provide a means for the MOCC to direct a train to discharge its passengers at designated stations. The carborne CBTC equipment shall notify the Train Operator via the Train Operator Display. The carborne CBTC equipment shall also provide a trigger for the vehicle PA system to make announcements to passengers automatically. E. The ATS subsystem shall be designed such that any action or inaction by the MOCC, or any function or malfunction of the ATS subsystem, shall neither subvert nor compromise any ATP subsystem functions. F. ATS subsystem functional features shall, at a minimum, include the following: 1. Complete traffic controls and indications 2. Entrance-Exit control of all interlockings 3. Fleeting and call-on of signals 4. Train tracking using distinctive colors and labels based upon origin/destination station

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-1 September 2015 pair 5. Automatic train dispatching and routing for all routine and normal train operations as defined in this Technical Specification. This includes “preferred terminal track” functionality 6. Work zone, temporary speed restrictions and train protection functionality 7. Special controls and indications for all interlocking railroad crossings 8. Performance levels to assist with automatic train regulation 9. Display and annunciation of pertinent alarms G. ATC system features shall normally function automatically based on state-of-the-art central logic when the MOCC and field locations are in communication with each other. In the event that communication is lost between the MOCC and field locations or if MOCC fails, the ATC system shall automatically switch to the Backup (BOCC) and continue to function automatically. In the event that communication is lost at both MOCC and BOCC locations, the ATS subsystem functions shall be transferred automatically to field locations such that it can function automatically through the field Remote Supervisory Control Displays and LCP without affecting revenue service operations. H. The ATS subsystem shall provide chainage of any element when selected on the line overview display. Similarly, the ATS subsystem shall point to the location when a chainage is selected. I. The ATS shall connect to and provide message data to the Metro Next Train Arrival system as described herein. J. The ATS shall interface to Google Transit as described herein. 4.2 SCOPE OF WORK The provision of the ATS system in summary shall include the following. The Contractor shall provide a “turn-key” system wherein the detailed design, development, prototyping, delivery, installation, testing, training, maintenance support, and documentation are a part. A. Design of an integrated computer system to control and monitor train movement and interface with SCADA (CDRL 4-1) B. Provide a sufficient number of Servers to deliver the functionality of the ATS and SCADA C. Provide three MOCC workstation sets of hardware complete with 6 flat panel monitors D. Design, develop and furnish software for the ATS and SCADA interface (CDRL 4-3) E. Integrate the elements of the SCADA system seamlessly with no less functionality than is currently provided. There will be new functionality that is presently not included on the as-built drawings. The new functions will provide control and monitoring of the third rail heaters. These functions shall be included in the Contractors final design. F. Develop and furnish the Next Train Arrival data messaging and interface, as well as data to Google Transit. G. Provide the Back-up (BOCC) workstations at Wabash H. Provide the BOCC Server Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-2 September 2015 I. Provide the Remote Workstations J. Develop and provide the ATS Reporting functionality K. Design and deliver the Simulator and training workstations L. Interface to the Metro Master clock and use the time for all of the ATC systems M. Plan, develop, and deliver 6 ATS prototyping work sessions N. Plan and implement a migration sequence for transitioning to the new ATS. O. Prepare the ATS Equipment Functional Specification for MTA review and approval (CDRL 4-4). P. Prepare the Interface Design Document for ATS to AWS equipment for MTA review and approval (CDRL 4-9). 4.3 ATC TRAIN IDENTIFICATION AND TRAIN TRACKING Each CBTC-equipped train operating within CBTC territory shall be automatically assigned a train identification number indicating the mode of operation of the train, the vehicle number of each railcar in the train, route, terminal station, origin and interval (i.e., time in minutes of scheduled departure from the terminal station), with train length being displayed either proportionally, or as a standard length icon supplemented by textual train length data and other pertinent information about the train. The ATC system shall provide Metro with the ability to change the train identification number if required. The ATC system shall automatically track, maintain records of, and display all the train identification information as specified in this Section. 4.4 AUTOMATIC TRAIN REGULATION A. The ATS subsystem shall have the capability to automatically monitor and regulate the performance of trains, in relation to schedule and/or headway adherence. B. Schedule and headway regulation shall be by means of dwell time variance and control of run times between stations, and through the use of performance levels (i.e. in ATO and Manual modes through adjustments to commanded train speed). C. Since performance levels are part of the ATS subsystem, they shall not be used to ensure safe train separation. 4.4.1 Train Operations Optimization A. The ATS subsystem shall provide automatic train operations optimization to regulate the performance of trains in relation to schedule and/or headway adherence. The goal of train operations optimization shall be to keep as many trains as possible on schedule. The ATC system shall automatically implement strategies to recover the delay of trains, and maximize the capacity of the system without introducing longer run times. B. The ATS subsystem shall incorporate any optimization strategies, individually or in combination, to provide optimal train movement control. 4.4.2 Automatic Train Routing A. The ATS subsystem shall have the capability to manually and automatically route trains based on train location reports and in accordance with the train service data, predefined Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-3 September 2015 routing rules, and any ATS user-directed service strategy. Train routes shall be indicated on the ATS workstation display. Trains shall be automatically routed prior to departure from terminal stations in the ATO and Manual modes of operation. B. The ATS subsystem shall include automatic routing capability for any and all interlockings. C. The ATC system shall automatically route work trains with minimum disruption to revenue service operations. If the move is of high priority, the MOCC Operator can manually command the move with passenger service trains safely slowing down or stopping to accommodate the move. D. The automatic-routing function of the ATS subsystem shall not be able to automatically route a train against the normal direction of traffic except at certain locations where this may be appropriate, such as terminal stations and pocket interlockings. Manual routing, or at the minimum, manual confirmation, shall be required when a train is to be routed against the normal direction of traffic. When single tracking (i.e., a Work Zone in the adjacent track), the automatic routing function of the ATS subsystem shall be automatic. E. The ATS subsystem shall provide wrong route protection and notification through the ATS workstation display and Local Control Panels. F. The ATS subsystem shall allow some manual inputs by MOCC personnel, and/or field-based Remote Supervisory Controls, to allow them to route an inbound train at a terminal before the central logic would automatically do so. G. The design of the ATS subsystem shall minimize time delays in resetting/realigning interlocking routes for successive trains due to transmission and/or processing delays. Any route request to throw switches and clear signals from the ATS subsystem shall be acknowledged and completed within 8 seconds, including switch throw times and answer back. H. If a destination is changed en-route, the train passenger information systems shall automatically be set for the new destination. 4.4.3 Automatic Dispatching A. The ATS subsystem shall include the capability for automatic dispatching at the various Administration terminals based upon schedule. At a minimum, this functionality shall automatically request a departing route in accordance with current Metro design and operating practices, and control train movement out of the terminal station at the end of the dwell time in ATO mode after the Train Operator pushes the Door Close button. B. The ATS system shall allow Metro to manually dispatch trains from terminal stations through the ATS workstation or LCP. The ATS system shall provide the option that a single train only be dispatched manually from the terminal station by Metro, or a group of trains dispatched manually within a timeframe as determined by Metro and defined through the ATS workstation or LCP. When trains are dispatched manually, a route initiated manually through the ATS workstation. Field locations shall have the flexibility to allow Metro personnel to initiate train departures, etc., through the ATS workstation and LCP without the MOCC transferring entire control to the field location.

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-4 September 2015 4.4.4 Automatic Schedule and Headway Management A. The ATS subsystem shall allow the MOCC to select which of the two supervision modes to use, either schedule or headway. Supervision of trains operating in ATO and Manual modes, both to schedule and to headway, shall be performed automatically. Supervision of trains operating in Manual mode to schedule and to headway shall be performed by adjusting the distance-to-go profile which the Train Operator would follow (i.e., limiting authorized speeds). If headway operation is selected, the trains shall be controlled through the system in order of their arrival at a starting point. If schedule operation is selected, the trains shall be controlled to a schedule selected from 20 available schedules to be provided by the Contractor and approved by the Administration. B. In schedule operation mode, trains shall be dispatched from terminal stations according to the operating schedule, or at the next available headway position, whichever is later. During headway operation, trains shall be dispatched from terminal stations immediately, or at the next available headway position at the currently defined headway setting, whichever is later. The ATS subsystem shall have the ability to manually reset any hold placed on a train due to schedule or headway operations conditions and dispatch a train immediately, subject to the safe train separation provisions. C. When operation is switched from schedule to headway, the ATC system shall immediately cease schedule operation and begin headway operation. When operation is switched from headway to schedule, the ATC system shall begin schedule operation with the next train. All following trains shall be operated to the selected schedule. All preceding trains shall be matched against the selected schedule automatically, and shall be operated as close to the selected schedule as possible based upon train position. D. If headway operation is selected, the ATC system shall allow the ATS subsystem to define a headway (time in seconds) value within the constraints of the system. If none is defined, the ATS subsystem shall use a predefined headway value, a default value. E. It shall be possible to prepare a schedule for a complete operating day, from the start of train insertion onto the Main Line in the early morning, to when the last trip occurs and the final train is routed automatically out of service and laid up at the Wabash Yard at the end of the operating day. 4.4.5 Changes to Schedules A. Schedules can be changed and/or updated by Metro as described below: 1. Supplements to schedules consisting of temporary modifications to schedules (or portions of a schedule) and updates to schedules shall be facilitated at any time. The ATS system shall rapidly modify and re-issue schedules based upon Metro input prior to and during the course of a day. The ATS system shall provide the facilities to enable authorized users to modify either the active schedules currently being utilized by the ATC system, or an inactive schedule which will be utilized by the ATS system at a predetermined time and date. 2. The types of schedule modifications (in addition to inserting/removing supplements) that shall be supported by the ATC system include, but are not limited, to the following: a. Editing the attributes of a train or group of trains in the schedule

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-5 September 2015 b. Adding a revenue or non-revenue train(s) c. Deleting a revenue or non-revenue train(s) d. Adjusting the schedule and/or headway for an individual train or group of trains e. Adjusting the route for an individual train or group of trains f. Adjusting the time and destination affected by an update g. Modify the dwell at stations 3. The ATS system shall automatically calculate new expected run times, arriving and departing times for trains that are rerouted or otherwise delayed. However, for schedule performance reporting purposes, lateness will be calculated against the original schedule and not the expected/adjusted running time. 4. All schedule modification shall be logged by the ATS system. The ATS system shall include the original schedule data, as well as the modifications to the schedule. Pre- modified data of schedules shall be available for performance reporting at all times, with users through the ATS workstation display being able to utilize the data. 5. When a train is added or deleted from a schedule, the MOCC shall have the option of having the ATS system automatically modify the schedules of other trains to accommodate the addition/deletion of a train (i.e., maintaining a uniform headway by either lengthening headway due to the deletion of a train, or shortening headway if a train is added to the system), or of simply making the addition/deletion without other schedule modifications. B. The ATS system shall allow the MOCC to load a new schedule without requiring the removal of the old schedule. Provisions shall be made to allow the new schedule to be modified off- line. The ATS Simulator shall allow the newly created schedules to be loaded and simulate operations to determine effectiveness of the schedule. The new schedules can be loaded through any ATS workstation location. C. The ATS should automatically factor in day light savings time such that trains shall not be determined to be either early or late due to the beginning of or ending of day light savings time. 4.5 HOLD FUNCTIONS A. The ATS system shall have the capability of issuing hold commands to individual or all trains in the system. The following hold functions shall be provided: 1. Train hold 2. System hold 3. Platform hold 4. Station hold B. If a train in ATO mode of operation affected by a hold function is already stopped at a station, it shall remain stopped. ATO mode trains affected by a hold function shall open or permit to

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-6 September 2015 be opened, only the doors on the platform side when stopped at a station. The Train Operator has the option to close the doors of an ATO mode train that is being held by a hold function. C. If a train affected by a hold function has begun its door-close cycle, it will close the doors and then re-open them on the platform side only. No hold function shall result in an emergency brake application. The Train Operator shall be informed by the Train Operator’s Display (TOD) that a train hold is in effect. D. The ATC system design shall allow trains to be held while in ATO mode of operation and continue operation in any mode after the hold is cancelled. The ATC system shall provide the flexibility to cancel the issued hold request by the Train Operator, either manually by the Train Operator via the touch screen push button on the TOD, or by MOCC. The Train Operator shall be alerted via the TOD that the Hold has been cancelled. 4.5.1 Train Hold A command shall be available to hold a specific train at the next downstream platform. When commanded by the ATS subsystem, the affected train shall not depart until specifically commanded to do so by the ATS subsystem. 4.5.2 System Hold A command shall be available to hold trains at their next downstream platform. The command shall be configured to hold all trains within the system. Trains that cannot hold at the downstream platform due to preceding train occupancy shall stop as close to the downstream platform as permitted by safe braking restrictions. The affected trains shall not depart until specifically commanded to do so by the ATS subsystem on a system-wide basis or an individual train basis. 4.5.3 Station Hold A command shall be available to hold the next trains approaching a selected station, or a selected platform at a station. Trains that cannot hold at the selected station (or platform) due to preceding train occupancy shall stop as close to the selected station as permitted by safe braking restrictions. The affected trains shall not depart until specifically commanded to do so by the ATS subsystem. 4.6 DE-ENERGIZED THIRD RAIL The ATS system shall alert the Central Control Operator when a section of third rail is de-energized (i.e., no traction voltage). The ATS system shall interface to the Metro SCADA system to receive an input that a section of third rail is de-energized. Upon notification, the MOCC can then restrict train operations through this section of third rail via the ATS workstation (i.e., the ATS systems shall not automatically restrict train operations unless commanded by the MOCC). The alarm shall be displayed and section of track in which the third rail is de-energized shall be illustrated on all ATS user interfaces including Field Workstations and MOCC overview displays. 4.7 RESTRICTING TRAIN OPERATIONS A. The ATS subsystem shall include means to stop a single train or group of trains in a region, track, or entire Metro system immediately. Selection of a group of trains will be constrained by the Central Control Operator’s level of authority. B. The ATS subsystem shall include facilities to block (and subsequently unblock) a switch, platform, station, signal, or a section of track.

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-7 September 2015 C. The ATS subsystem shall include facilities to establish (and subsequently remove) temporary Work Zones for the protection of work crews and work trains. The ATS subsystem shall include facilities to impose (and remove) temporary speed restrictions on any section of track. The ATC system shall enforce reduced speeds on approach to and through defined Work Zones and shall preclude ATO operation through the Work Zone. The Work Zone speed will be identified during design review. D. The ATS subsystem shall be able to implement speed restrictions at any location along the alignment, and for any one or more trains. The speed restrictions shall be applied in 10 mph increments from the minimum speed to 60 mph. The minimum speed will be identified during design review. E. The ATS display shall graphically show the application of the Work Zone or speed restriction command, including the stationing limits, train(s), and speed value. F. The ATS subsystem shall be able to automatically limit the number of trains that are permitted within any one tunnel ventilation zone at one time. The ATS shall provide an alarm should manual routing of trains cause a violation of the restriction. 4.8 CUSTOMER INFORMATION SYSTEM (CIS) A. The Contractor shall design, test and interface to the existing passenger information systems on the wayside, and provide real-time train location data (CDRL 4-10). B. The ATS system shall allow the MOCC to override passenger announcement systems on both car and wayside to issue security-critical or service messages to the riding public. The communication of this information would be via the CBTC data communications system. 4.8.1 Station Platform Announcements A. The ATS subsystem shall interface digitally with the CIS system, and shall provide train arrival time and identification in a format compatible with the existing system. The ATS shall also have the capability to provide messages to the station platforms at a regular time based interval, such as “Please stand back from the platform edge”, security reminder messages, as well as other messages to be defined by the MTA during design. The Contractor shall work with Metro to ensure that all interface requirements are met. B. The Contractor will terminate the physical interface connection from the ATC system to the station passenger information systems. The Contractor shall be responsible for all other Work required to achieve the specified functionality. 4.8.2 Google Transit The ATS shall send a separate data stream in GTFS format to an MTA provided server that is separate from the CIS Penta server. A. The ATS shall interface to Google Transit with real-time information as specified in the Google GTFS real time specification, http://developers.google.com/transit/gtfs-realtime/. B. The ATS shall provide real time data for the following three types of information. The updates shall be posted to the feed within 5 seconds of its posting to the Penta system. The MTA will provide a publicly accessible Internet Web Server that is also accessible from the MTA network for real time information updates.

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-8 September 2015 1. Trip Updates – delays, cancellations, changed routes, 2. Service Alerts – stop moved, unforeseen events affecting a station, route or the entire network, 3. Vehicle Positions – information about the vehicles including location and congestion level. 4.9 ENERGY OPTIMIZATION AND MINIMIZATION The ATS subsystem shall be able to implement energy optimization algorithms for CBTC equipped trains through the real time control and coordination of train acceleration, train coasting, and train braking. The objective of these capabilities are for trains to draw, as nearly as possible, a consistent level of power from the traction power supply system in order to minimize peak demands from the utility supply and also to minimize the total energy demands for a given level of service (CDRL 4-5). 4.10 FAULT REPORTING Failures and out-of-tolerance conditions detected by, or input to, the ATC system, and any conditions requiring ATS user attention, shall be automatically indicated on the ATS workstation Display, and all Diagnostic Computer locations. 4.10.1 MOCC Alarms Displayed A. Alarm indications shall be provided by the ATS subsystem to the MOCC. Alarms shall be categorized and prioritized into critical and non-critical alarms and logged. Both the alarm priorities shall be software configurable and assigned priority using software parameters. Critical alarms shall be audio annunciated in addition to being visually displayed. All critical alarms shall require acknowledgement by MOCC. The duration and sound level of the alarm tone shall be adjustable to a minimum level as approved by the MTA. The MOCC personnel shall be allowed to temporarily disable the audible alarm. Non-critical alarms need only be visually displayed. B. Critical alarms shall include, at a minimum, the following: 1. An ATC or Train Operator commanded emergency brake application 2. An ATC-commanded service brake application 3. Signal overrun 4. Station stop overrun 5. Track circuit failure 6. Any failure of the ATC equipment 7. Train in CBTC Bypass Mode 8. Improper reverse movement for a train operating in ATO 9. Excessive rollback 10. Door mode switch set to cutout 11. Uncommanded loss of door closed status

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-9 September 2015 12. Overspeed 13. Uncommanded motion detected while train is parked 14. Failure of a train to leave a station platform when it is commanded to do so 15. Failure of a vehicle or wayside subsystem monitored by the ATC system that might compromise operation of the train, e.g., CBTC radio, transponder, speed sensor, etc. 16. Failure of Initialization Test 17. Train being delayed alarm warning for a train that has a favorable signal/aspect, but is failing to proceed 18. Train (or trains) significantly behind schedule (i.e., more than 1 minute) 19. Field alarms including ac/dc power on/off, fire alarms, microprocessor failures, loss of communication with radio, loss of power to the radio, intrusion alarms, temperature, status of functional equipment, etc. 20. Section of track with de-energized third rail, ground detection or blown fuse 21. Functional failures of the ATC system C. A list of all alarms, both critical and non-critical, shall be developed by the Contractor and subject to MTA approval (CDRL 4-7)). A means shall be provided such that critical alarms are logged for a large period of time (6 months or more) without being overwritten due to the accumulation of non-critical alarms or rapidly changing alarm conditions. D. The alarms shall be displayed as soon as they are received. All critical active alarms shall be displayed until both acknowledged and cleared, while non-critical active alarms shall be displayed until cleared. All alarm descriptions shall be detailed enough to allow the MOCC to initiate appropriate action, in addition to any automatic failure management strategies provided by the ATC system. E. Text describing all the alarms shall be provided in the Data Reports, and shall include the information listed in the following paragraphs. F. All processors, computers, and ATC user interfaces provided by the Contractor, with the exception of SSI vital processors, shall have the identical clock time as that displayed on the overview display at the MOCC. This time shall be synchronized with the MOCC time every 12 hours. The time shall be automatically updated at the beginning of and end of day light savings time. The MOCC shall have the local time, the time of incident, and the elapsed time (from time of incident) displayed to MOCC personnel. 4.10.2 Information with MOCC Alarms A. Information for each train alarm shall include the following: 1. Train identification number 2. Time and date of alarm 3. Location of train 4. Mode of operation Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-10 September 2015 5. Train speed and acceleration/deceleration rate 6. Nature of the alarm B. Information for each wayside alarm shall include: 1. Time and date of alarm 2. Equipment which triggered the alarm, and equipment affected by the fault 3. Location of alarm 4. Nature of the alarm 4.10.3 Alarms Displayed to the Train Operator A. The Train Operating Display shall display critical carborne CBTC equipment fault information to the Train Operator, which includes the following: 1. Carborne ATC equipment failures: 2. Failure to complete the Daily or Initialization test. B. All alarms displayed to the Train Operator shall also be displayed at the MOCC. 4.10.4 Software Version A. The ATS shall be capable of interrogating all CBTC subsystems and field equipment to obtain and display the current software version for all configurable ATC items (e.g., Carborne CBTC, Carborne CBTC Database, DCS subsystem, Zone Controller and ATS etc.). 4.11 FAILURE AND OPERATIONS-AFFECTING EVENT MANAGEMENT A. The ATS subsystem shall provide automatic failure response functionality. B. The ATS system shall provide options to the MOCC after the occurrence of a failure or an operations-affecting event that shall permit limited or degraded operation. Options shall be provided, at a minimum, for the following: 1. Immobilized train 2. Interlocking failures 3. Other emergency conditions C. Options shall be provided to the MOCC upon positive identification by the ATC system that a failure or operations-affecting event has occurred. The options shall provide a selection of initial responses to aid in the recovery from a failure process. 4.12 DATA RECORDING AND REPORTING The ATS subsystem shall provide complete data recording and reporting as outlined below. 4.12.1 Data Recording A. The ATS system shall record and retain selected alarm information, indications, status, outputs and inputs of all MOCC data and field data. Data from all these sources shall be time

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-11 September 2015 stamped and recorded to the same time interval as the vital cycle time of the respective processor, and stored on the ATS servers at the MOCC and BOCC. The ATC system data shall be made available at all locations through the ATC fiber network system from the ATC server. The ATC local field equipment shall provide a timestamp for each occurrence. B. A copy of the data shall be retained on-line for up to 6 months. Metro can select any portion of the on-line data to be viewed, searched and/or printed. Data shall also be retained on the archival system for bulk transfer to a computer-based information reporting subsystem. The data shall be in an easily readable format. The data shall be recorded in a database format for subsequent use in an approved commercial, off-the-shelf, database management software program or a tool provided to allow the data to be displayed in a Microsoft application. The collected data shall permit the speed, distance, location and movement authority limits (MAL) to be plotted. The contractor shall supply a computer based tool (CDRL 4-8)) that uses the ATS archive data to generate data reports and graphs that enable rapid analysis of incidents. The reports shall be generated for any two trains in relation to each other and to fixed objects including signals, switch points, fouling points, and station berthing limits. The tool shall be able to plot curves for the two trains showing: 1. Location by stationing versus time 2. Speed versus stationing 3. Speed versus time 4. MAL versus stationing 5. MAL versus time C. The tool shall be capable of plotting information such as location, speed and MAL versus time on the same plot. The ATS archive information that is referenced in terms of ATC distances will be converted to railroad stationing in chainage. The tool shall also be capable of locating markers on the graphs. The tool shall be able to download in a user friendly format, the reports of data and data exchange between the zone controller (ZC) and carborne ATC equipment, the zone controller and solid state interlocking (SSI), MAL, ZC Vital and Non- vital Inputs, ZC Vital and Non-Vital outputs, and train tracking locations. This data shall also be able to be input to the graphical representation. D. All collected data shall be selectively transferable by commercial media in the standard database form for archival; it shall be possible to readily import such transferred data into the database management software program. Periodic archiving (for example monthly) of the oldest data onto an approved storage medium shall be provided such that no data is overwritten or lost due to storage capacity limitations. The information shall be stored in a circular file that will overwrite the oldest data that has been stored when the disk is full. An alarm shall be provided when the on line data storage approaches a predefined capacity threshold. E. Data shall be searchable by time, piece of equipment (such as switch machine or signal number), location, railcar number and/or Train Operator. F. Data to be recorded and retained shall include, at a minimum, the following: 1. MOCC operator log on/off;

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-12 September 2015 2. All alarms, including information for each alarm; 3. Schedule/headway operating mode, and performance level; 4. MOCC control mode, field control identified along with user, control transfers, etc.; 5. ATC equipment failures; 6. All ATC field equipment position and indication data (i.e., track occupancy, switch position, signal aspect, route locks, traffic direction, etc.) G. For each train, the following shall be recorded (at a minimum): 1. Train identification 2. Train location 3. All signals sent to and received from other carborne systems 4. All signals sent to and received from trackside system equipment 5. Consist configuration and length 6. The time at which the turnback was completed 7. Train and door mode of operation and other ATC-related operation actions 8. Train delay totals 9. Train operating mode changes 10. Penalty brake applications 11. Emergency brake applications 12. Carborne ATC equipment failures 13. Train delays at each station 14. Dwell times at each station 15. Run times for each train 16. MOCC commands and inputs 17. Responses to all MOCC commands and inputs 18. Holds 19. Track Out of service and Work Zone declarations 20. Speed restriction declarations 21. Schedule in effect 22. Headway 23. Brake rates

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-13 September 2015 4.12.2 Data Reports A. Upon command from the MOCC, the ATS subsystem shall generate reports automatically from the data recorded and retained on-line. Playback functionality shall also be provided that illustrates a previously recorded scenario of railway operations stored by the ATS subsystem. Playback speed shall be adjustable from 0.25 to 5 times the normal speed. Reports shall include the following: A. Metro operations and performance detail and summary; B. Vehicle system and carborne ATC equipment failures; C. Vehicle emergencies and overspeed violations; D. On-time performance data (peak and off-peak, daily, weekly, monthly, etc.); E. Critical and non-critical alarms; F. Historical failure statistic report, which would allow the Authority to review what elements of the ATC system are failing most often, and provide a means to confirm MTBF figures over the life of the ATC system; G. Consist sheets and equipment reports, recording car mileage statistics for each married pair; H. Record of Blocking Device Protection; I. System availabilities including qualifying incidents and revenue service operating time. B. The Metro operations and performance detail and summary report shall enable the MTA to review the operating history of the entire system. The information contained in this report shall include, at a minimum, the following: 1. Train delay totals 2. Number of trains processed through the system in peak and off-peak periods, daily and weekly, and the average headways achieved during these periods 3. Total actual revenue hours, total actual revenue miles, actual car miles, actual car revenue miles, actual car hours, actual car revenue hours, etc. 4. Run times for each line during peak and non-peak service 4.12.3 Failure Summary Report In addition to the above a Failure Summary Report which summarizes the failures for a user-selected time period shall be provided. The Failure Summary Report shall include the following: A. Failure Type B. Total Incidents associated with the Failure C. Total Delayed Trips associated with the Failure D. Total Annulled Trips associated with the Failure E. Total Gaps associated with the Failure

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-14 September 2015 4.12.4 Daily Summary Report The Contractor shall provide the ability to generate a Daily Summary Report for a user selected date. The Daily Summary Report shall include the following for the 24-Hour Period and the Peak Period: A. Number of Scheduled Trains B. Number of Annulments C. Number of Trains Operated D. Number of Trains Delayed (3 minutes or more) E. Number of Trains On Time F. Number of Trains Scheduled; G. Percentage of on-time performance over the 24-hour period; H. Number of Peak Trains On Time I. Number of Peak Trains Scheduled J. Percentage of on-time performance over the peak period K. Number of Gap Trains 4.12.5 Mileage Report The Contractor shall include a Mileage Report which provides mileage statistics on a service basis for a user-selected time period. The mileage data collected from onboard the vehicle shall be used to produce the Mileage Report. The Mileage Report shall include weekday, weekend and grand total statistics for each Service as follows: A. Number of trips B. Number of miles for that service C. Number of train annulled D. Number of gap trains E. Number of revenue car miles F. Number of revenue train miles 4.12.6 General Reporting Requirements: All reports shall be capable of being scheduled to execute on a periodic interval (i.e. every day, every week, every month) or upon demand by the user. Each report shall be formatted for on-line review and in a printer-friendly format for printing on 8-1/2 x 11 paper. The Header of the report shall include the date the report was generated and Page X of Y. If a specific Date or Date Range was entered, the Report Header shall also include the Date/Date Range. 4.13 ATS HARDWARE REQUIREMENTS The Contractor shall design, furnish and install all the hardware, cabling, and terminations necessary to make the interface and functionality described operational (CDRL 4-6). The Contractor shall

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-15 September 2015 survey the site locations where each element of ATS equipment is to be located, and affirm that the site conditions can accommodate the Contractor design solution. The Contractor shall prepare for MTA review and approval an ATS Hardware Design Document that describes fully the hardware, and the specifications for each hardware element (CDRL 4-12). 4.13.1 Server Equipment The ATS servers shall as a minimum be furnished in the following configuration. A. Each server unit of a redundant set shall be configured with its own keyboard/mouse/video monitor configuration for ease in use, maintenance, and access. B. Server Processor/CPU – The central processing units to be used by the servers shall be dual processors that are classified as premium processors, provide high clock speeds, make use of multi-level memory caches, use the latest and most advanced technology offered by Intel, Sun Microsystems, or AMD. C. Server Manager – shall be provided for complete server management, to include alarm, version, computer resource, and startup, and performance. Server manager utilities shall allow Administrators to quickly determine connection utilization, kb/s receiving rates, kb/s sending rates, total number of opened files and users accessing them, server processor utilization per user, requests per second, inactivity time, or time of login. Server manager shall be capable of storing server performance metrics for later trend analysis. Server manager shall also present a list of connected workstations as well as individual statistics regarding each workstation. D. Memory – RAM shall be DDR RAM with ECC or compatible, sized with sufficient margin for performance needs, 16 GB minimum E. Drive Bays – CD±ROM, DVD±RW, Backup Tape Cartridge F. Hard Drive – shall use the latest Storage Controller and Drive technology available at the time of hardware implementation - RAID Level 5 data storage scheme shall be employed G. Network Interface Card/LAN Adapter – support dual RJ45 connections for redundancy. H. The Operating System for the Servers shall be designed for handling and managing mission- critical server workloads, typical of ATS systems applications that also support print, file, mail, caching, and web services. The Operating System shall support the requirements of the CBTC-ATS network architecture and its intended operation and user environment. In addition: 1. The Operating System shall deliver high reliability, availability, security, performance, and scalability. 2. The Operating System shall be a proven industry standard, typical of Solaris/Unix, Microsoft Windows 2012 Server, or Novell Netware. 3. The Operating System shall provide the following features: a. A full-function server operating system that supports up to eight processors. b. Support clustering of servers if necessary (up to eight nodes and support up to 32 GB of memory).

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-16 September 2015 c. Support for premium processors such as Intel (Itanium, Xeon), Sun UltraSPARC, and AMD Opteron processors. d. Support node/cluster failovers and network load balancing across nodes in a cluster. I. The Operating System shall simplify systems administration, resource management, and maintenance, reducing planned and unplanned downtime. J. The Operating System shall provide and support secured and convenient access control through single/multiple sign-on and deter unauthorized users from accessing the workstation, server, or network. K. The Operating System shall, as a minimum, support terminal services where application execution is performed at the server(s), network time protocol, resource/volume manager software, directory services, patch management software, dynamic reconfiguration, failover capabilities, network load balancing capabilities and web installation software. L. The Operating System shall, as a minimum, support network multi-pathing, hot patching, system crash dump utility, faster reboot, and driver fault injection. M. The Operating System shall, as a minimum, provide Java Platform Support, support network caching, support network file system, support Dynamic Systems domain, support directory and application integration. 4.13.2 All Workstation Computers A. Each workstation computer shall be a professional computer made to provide higher levels of performance and quality than a standard consumer desktop/tower computer. Each workstation computer shall be equipped with: 1. Computer cabinets/chassis that provide convenient and quick maintenance access to the installed hardware devices such as the motherboard, fan units, memory cards/chips, bus controllers, hard drive, graphics card, sound card, expansion slots, and network cards. 2. Excellent thermal management that is tested to withstand full-time (24/7) operation at 100% CPU-use within the specified ambient temperature range. 3. Most up-to-date processor technology 4. Fully configurable system with respect to processor, main memory, hard disk, accessible drives, and add-on boards 5. Integrated Smart Card reader as an option 6. Offer best-of-class performance, robust, and reliable processor, designed and built to provide high performance 7. Support for dual Gigabit Ethernet (100/1000Base-T) connections B. Workstation computers shall be configured with more than adequate computer resources (RAM, CPU processing speed, etc.) to handle and permit other software applications, provided under this Contract, to run alongside the main-purpose application in a multi- tasking environment without impact to performance and response times.

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-17 September 2015 C. Enhanced Access security, as a minimum, shall be provided and be always in effect at the workstation level, prior to launching the ATS application, and after the application is launched. 4.13.3 Printers Eight color printers shall be provided, connected to the network, and enabled for printing from the ATS workstations. The printers shall be HP Color Laserjet M750xh, or MTA approved equivalent. 4.14 SCADA INTERFACE A. The ATS shall interface with the current Metro SCADA system and provide various workstation arrangements that have all the current seamless system functionality, but with the ATS replacing the Train Traffic Management portion. The current system is a Rockwell Collins ARINC AIM system implementation operating on two Local Area Networks for redundancy. The contact at Rockwell Collins for the Consolidated Control Center project at this time is David Gunther, Project Manager, (410) 266-2927 or [email protected]. B. The Contractor shall develop a design for MTA approval that provides all the ATS user access and displays at all the current OCC, BOCC, and 15 other remote workstation locations (CDRL 4-11). The development of the GUI shall be in accordance with the requirements of Section 4.15. The interface is anticipated to be at the designated servers located at the Central Supervisory and Control System at 301 Eutaw St. and the back-up server location at the Wabash Yard Control Tower. Remote locations at the Old Court Maintenance facility and Wabash Shop shall include additional workstations for a quantity of 15 total. This is in addition to those located for MOCC and BOCC. Two training workstations and one training simulator shall also be located in the Wabash Yard Tower. 4.15 ATS HUMAN INTERFACE DEVELOPMENT The ATS Human Machine Interface shall be developed and furnished with the following included: A. The ATS GUI displays shall be based on an integrated GUI solution that amalgamates both CBTC-ATS application-specific GUIs and externally interfaced subsystem GUIs, such as SCADA into one cohesive GUI system to support overall service management for the Metro and provide for a single consistent user interface (CDRL 4-14). The ATS GUI display(s) shall provide all the necessary GUIs to control and monitor all the functions, parameters, alarms, and states as defined in Section 2, CBTC. B. The ATS System shall facilitate the ability for a Systems Administrator to modify the alarm names and descriptions that are displayed to the ATS users, as well as to change the value of specific ATS parameters (i.e., threshold values that trigger when a train is late/very late, when a train is to classified as late) without the need to modify the software code. C. The Contractor shall employ a prototyping process involving end-users to help system designers to build an ATS GUI that is intuitive, easy to manipulate, and highly usable to the end-users. D. The ATS GUI prototyping process shall be an iterative process that is part of the analysis phase of the systems/software development lifecycle. The Contractor shall plan for 6 Prototypes to be delivered and demonstrated, and reviewed and commented upon by MTA (CDRL 4-2).

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-18 September 2015 E. The ATS GUI display(s) shall be logically derived and intuitively designed around the users and their distinct duties and operating environments and not require a steep learning curve, a great deal of time, or high mental load requirements for end-users to learn how to use and operate the system (CDRL 4-15). F. The ATS GUI shall provide an intuitive path or clear indication to the user of what is required next and easy navigation to get to the next screen, display, or function. G. To ensure Contractor understands what is required of the ATS GUI design for the Metro, the Contractor shall gather information, study existing line operations, service strategies, ATS dispatcher operations at the MOCC, conduct user interviews, collect documentation, and learn about Metro Operations with respect to: 1. Current operating rules and procedures 2. Current Central Control Operator duties and responsibilities 3. Incident reporting 4. Crew management and reporting 5. General Orders application 6. Management and handling of schedules, supplements, and service adjustments a. Train movements between mainline and yard (“pull-out”, “pull-in”) H. Prior to prototyping, the Contractor shall become familiarized with the Metro CSCS GUI screens and displays by requesting the MTA to provide hands-on exposure and live demonstrations on the Training Simulators. 4.15.1 Ergonomics A. All CBTC equipment that has a man-machine interface with Metro personnel shall be designed for effective ergonomics. The Contractor shall provide specialist human factors and industrial engineers to supplement the regular hardware/software design engineering function. Since most of the CBTC user interfaces are PC-based, the intent is that the Contractor seriously address that with the exception of engineers, the default knowledge for MTA personnel shall be a high school graduate level with limited computer literacy skills. MOCC, train operator consoles and displays, ATS workstations and special maintenance equipment, shall be demonstrated, or mock-up’s provided. B. The MOCC prototype shall consist of: 1. A machine executable program using the same application that will be used for the real ATS. 2. The prototype shall include line overviews, alarm screens, performance information screens and any other views being planned. 3. The mimic screen containing the geographical representation of the Metro system with all associated pocket tracks, yard, mainline track, switches, signals, tunnels, stations, platforms, etc. A sample set of track circuits shall also be included as part of the mimic presentation.

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-19 September 2015 4. A sample of train icons on the mimic representing trains in several operating modes and states such as door, schedule, etc. 5. Zoom specific track elements. For example if certain track elements are to be shown at some zoom levels, but not others. 6. The functions being planned for changing the views such as scrolling and zooming. 7. If pull down menus are planned to be used, all such pull down menus. Pull down menu items that invoke dialog boxes shall be functional; 8. All dialog boxes that are planned to be used. All dialog boxes will contain all the intended controls (edit boxes, static text boxes, list boxes, etc.). These controls should have text or choices inserted into them. 9. The feature of “double clicking” on graphical symbols on the mimic is planned to be used, to retrieve information regarding that item (i.e., train, platform, switch, etc.). 10. Any other software features needed to produce a prototype that will represent what the end product will look and function like. 4.15.2 ATS Access Control The Contractor shall provide a means for defining, controlling and assigning user access to the ATS at all workstations and include the following: A. Access to individual ATS system functions, displays, dialogs, forms, and reports shall be assignable as monitor or view-only access. B. Users that do not have access to a function shall be able to view displays associated with the functions unless they are denied access to the display for other reasons, such as confidentiality of the data. C. Users with access to the displays but not control actions associated with a function shall be prohibited from interacting with the displays to change data or initiate actions. D. Function access assignments shall remain active until the user either logs-off, or prior to log- off, access is removed by an authorized ATS user. E. ATS users shall be required to log-on to the ATS system by entering a valid user name and password. F. The ATS system shall prohibit an ATS user from performing a log-on if that same user is currently logged on at another ATS workstation. G. The log-on/log-off function shall be an application level log-on/log-off for access at the particular ATS workstation. H. Execution of log-on/log-off shall not affect any application processes except those applicable at the affected ATS workstation. I. The log-on/log-off function shall not cause the ATS workstation processor to change state (i.e., shutdown, standby, or perform an operating system log-off).

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-20 September 2015 J. ATS users shall be able to perform a concurrent log-on/log-off as part of a shift change, where an authorized ATS user is already logged on. K. At concurrent log-on, the ATS system shall require the authorized ATS user currently logged- in at the workstation to acknowledge the shift change by entering his/her user name and password before automatic log-off begins. L. Concurrent log-on shall automatically log-off the currently authorized ATS user, upon user acknowledgement and verification of sufficient access rights for the transfer of control. M. The ATS system shall execute the log-off only after it has been verified that no territory or functional capability will be left unassigned. N. The ATS system shall have a provision to display all logged on, current workstation users. This list of users shall be archived periodically with log on/ log off date and time stamp and shall be available for review. O. The ATS system shall require that each ATS user change their password at a time interval established by the System Administrator. 4.16 CDRL ITEMS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 4-1 Network System Diagram X X

4-2 ATS GUI Prototyping Plan X

4-3 ATS Software Design Document X

4-4 ATS Equipment Functional Specification X Energy Optimization and Minimization Design 4-5 XX Document 4-6 Catalog Data Sheet for each COTS product X 4-7 ATS Alarm List X 4-8 Incident Analysis Tool Design X X Interface Design Document for ATS to AWS 4-9 XX equipment 4-10 Interface Design Document for ATS to CIS XX 4-11 Interface Design Document for ATS to SCADA XX 4-12 Hardware Design Document XX 4-13 ATS Rack and Enclosure Assembly Drawings X

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-21 September 2015 Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 4-14 GUI Screen Specification X 4-15 GUI Screen Display Design X 4-16 ATS Equipment and Cable Installation Specification X 4-17 ATS Operations Manual X

Attachment C, Part 2, ATC System T-8000-1415 Section 4 – Automatic Train Supervision Requirements TS 4-22 September 2015 SECTION 5 DATA COMMUNICATIONS SYSTEM REQUIREMENTS

Contents 5.1 GENERAL...... 5-1

5.2 SCOPE OF WORK...... 5-1

5.3 CODES, STANDARDS AND SPECIFICATIONS...... 5-2

5.4 PRODUCTS...... 5-2

5.4.1 EQUIPMENT ...... 5-2

5.4.2 DESIGN ...... 5-3

5.5 EXECUTION...... 5-5

5.6 SUBMITTALS ...... 5-6

5.7 REQUIRED CDRLS...... 5-7

Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-i September 2015 SECTION 5 DATA COMMUNICATIONS SYSTEM REQUIREMENTS

5.1 GENERAL This section defines the requirements for the Data Communication System (DCS) for the Complete ATC System to be designed, furnished, installed and commissioned by the Contractor. The DCS shall, at a minimum, consist of the following: A. A fully redundant fiber optic wayside network for communication between subsystem elements of the Complete ATC System located in the TC&C rooms, MOCC, Back-up OCC (Wabash), and track side. There shall be two new 72 fiber optic single mode cables installed along the entire right-of-way to provide a fully redundant fiber optic ring. The two cables shall be separated to the extent possible. Separate duct banks shall be utilized when available. If the cables need to be installed in the same duct bank, they must be installed in separate conduits. Thirty (30) fibers must be terminated at each location requiring fiber optic communications for ATS, processors between adjacent TC & C rooms, and SCADA. B. All wireless /radio frequency (RF) network elements installed on the wayside for communication to/ from carborne systems C. Carborne RF network elements installed on the cars for communication to/from wayside systems D. Carborne communications network interface for communication between the carborne system elements and car subsystems, as required E. Temporary interfaces as required to existing Data Transmission System (DTS) and communication network to the Advanced Information Management (AIM) system to facilitate continuity of existing operations, staging, and final configuration of the communications network for the new Complete ATC System. 5.2 SCOPE OF WORK The Contractor shall: A. Perform any and all necessary site surveys, communications environment studies, analyses, and tests required to support the design, installation, testing, and commissioning of the DCS. B. Furnish all labor, materials, tools and equipment, and perform all operations necessary to design, build, ship, receive, unload, store, install, and test the DCS as required and specified herein. The DCS shall include all interface equipment, system network interface processors, communications routing equipment, data radios, backbone wayside equipment, onboard wiring and interfaces, and other system elements necessary to implement a complete end-to- end data communications network to support the integrated wayside and carborne elements Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-1 September 2015 of the Complete ATC System. C. Following approval of the installation plan, install the complete DCS in accordance with all applicable standards, specifications, and regulations. D. Test the DCS in accordance with applicable requirements of this Technical Specification. 5.3 CODES, STANDARDS AND SPECIFICATIONS The Contractor shall provide equipment which meet the codes, standards, and specifications referenced below: A. AREMA Communications and Signaling Manual of Recommended Practices (2006 edition), part 11.4.5 and part 9.1.1 B. Code of Federal Regulations 47, Part 15, Radio Frequency Devices (47 CFR 15) C. FCC Office of Engineering & Technology Bulletin 65 (edition 97-01), Evaluating Compliance with FCC Guidelines for Human Exposure to RF Electromagnetic Fields D. Code of Federal Regulations 47, Part 90, Private Land Mobile Radio Services (47 CFR 90) E. Wireless Network Security, 802.11, Bluetooth and Handheld Devices, National Institute of Standards and Technology (NIST), special publication 800-48 (Nov. 2002) 5.4 PRODUCTS 5.4.1 Equipment The DCS shall consist, at a minimum, of the following: A. Hardware, software, cabling, connectors and other devices as required in TC&C rooms, shops, remote dispatcher locations, MOCC, Back-up OCC to interface and communicate between subsystems via an optical network to be provided by the Contractor. Furnishing and installation of all cables shall be performed in accordance with Interior & Exterior Cable requirements specified in Attachment F of the Construction Standards. All data communications shall use redundant optical fibers and make use of the primary and backup paths for information flow. B. Data radios or other RF data communications devices as required to be installed on sections of the alignment. C. Power equipment, cabling for the DCS equipment in the TC&C rooms, MOCC, Back-up OCC, wayside equipment/radio cases. Power for the wayside radio cases shall be provided from the TC&C rooms. D. Communications hardware, software, cabling, and other devices as required to interface between vital and non-vital processor equipment inside rooms and other distributed wayside equipment, data radios or other RF data communications devices. E. Data radios or other RF data communications devices as required to be installed on trains. F. Communications hardware, software, cabling, and other devices as required to interface the carborne system with other onboard systems.

Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-2 September 2015 G. All mounting hardware, brackets, cases, racks, messenger cables, or other items required for system installation. 5.4.2 Design The following design requirements shall be applicable to the DCS: A. Any RF coverage required shall be continuous over all mainline tracks, storage tracks, and yard tracks. Any continuous RF coverage provided shall be at a signal level not less than -80 decibel-milliwatts (dBm) and a frame error rate no more than 10-2 at all times. B. Loss of communications/ failure within any DCS equipment shall be alarmed. C. Be capable of supporting separate and simultaneous communications to the maximum number of cars and/or trains that can be present in any area of the Metro system. D. Support all messages/ message sizes required for the maximum number of operating trains, from short location reports to large database downloads with no service-impacting delay. Messages shall be prioritized to reduce delays. E. Meet the reliability, availability, and maintainability requirements specified in Section 9 of this Technical Specification. F. Employ an addressing scheme that supports safety, flexibility, and message delivery reliability requirements. G. Provide a 25 percent capacity reserve design margin. H. Have characteristics that make the DCS capable of transferring safety-critical data, such as movement authorities, system timing, acknowledgments, position reports, and other data that may be used by the ATC system to perform ATP and related functions. I. Exhibit sufficiently low latency to continuously maintain the required message delivery rates (both inbound and outbound). J. Include security protocol for ensuring that commands are accepted only from an authorized source. K. Include a specially designed protocol structure for the wired and any RF network to ensure safe, timely, and secure delivery of critical train control messages. The system must provide protection against spoofing, hacking, and sabotage from outside the system. L. Be designed to meet performance and safety-critical characteristics for the integrated ATC System to achieve functional, performance, and safety requirements. M. Be of a modular design that will support replacement of the equipment without significant impact on other aspects of the system design or operation. N. The radio network shall include provisions to monitor and overcome interference, such as but not limited to the following: 1. Providing sufficient performance to minimize the potential from interference from either narrowband or spread spectrum radio systems.

Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-3 September 2015 2. Providing the capability for radios to be re-programmed remotely to avoid interference sources that may be identified over time. 3. Utilizing spread spectrum techniques and spreading codes that can be easily re- programmed from a single central location in the event the original codes are compromised or to overcome interference from other radios. 4. Utilizing a system design that makes it easy to add wayside radios stations to overcome localized interference. 5. Provide a means of continuously recording RF noise/interference on the operating channels. The system shall be capable of alerting ATS whenever RF interference is encountered that approaches or exceeds a predetermined threshold as defined by the RF link budget. The location, duration, frequency and peak and average levels of RF interference shall be recorded. O. The following apply to provisions of the DCS: 1. All solid-state equipment installed shall be protected, as a package, from lightning discharges, electrostatic discharge, power line surges, and electromagnetic interference as per industry standards for transit applications in tunnel and open areas subject to a hostile environment. All protection installed shall be approved by the MTA. 2. All solid-state devices shall be of heavy duty, rugged, industrial or commercial types. All solid-state devices furnished under this Contract shall be commercially available from at least two manufacturers. 3. All printed circuit boards that connect by means of connectors shall be keyed to prevent them from being incorrectly inserted in the sockets. 4. All printed circuit boards shall have conformal coatings to protect against dust, humidity, etc. 5. Assemblies shall be hardened with no fans, and dual redundant hot swappable CPU. Interface chassis(s) shall be 10 slot. 6. Power supplies shall be dual redundant. 7. The network shall support ring and meshed topology, have sub 50ms backbone reconfiguration, be capable of 10G, and upgradable to 40G. 8. The network shall have migration ability, be able to pick-up the MTA old system load, and include MPLS-TP protocol. 9. There shall be no external data communications connections to the DCS other than as listed in this Technical Specification. 10. Wayside cases, as required to support the DCS, shall be National Electrical Manufacturers Association (NEMA) four enclosures, and meet the environmental requirements of Section 7. 11. All data communications equipment furnished and installed shall continue to function during, and shall not be damaged by, switching of primary power by the automatic transfer panels. Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-4 September 2015 12. No single failure of field or wayside elements (including a single DCS cable failure) shall lead to an outage of data communications or RF coverage in any location. Multiple failures shall only result in localized communication system failure. Availability and Maintainability performance for the DCS shall be met as defined in Section 9 of this Technical Specification. 13. The DCS shall be capable of self-monitoring and reporting down to the lowest replaceable card/board/module for all network elements on the wayside and aboard the train. A Network Management System shall be provided and be fully GUI based. 14. No “daisy-chain” connections (i.e., sequential connections) of wayside equipment shall be permitted for any communication connectivity. Only point to point and ring type connections shall be allowed for wayside equipment. 15. There shall be two new 72 fiber optic single mode cables installed along the entire right of way to provide a fully redundant fiber optic ring. The two cables shall be separated to the extent possible. Separate duct banks shall be utilized when available. If the cables need to be installed in the same duct bank, they must be installed in separate conduits. Thirty (30) fibers must be terminated at each location requiring fiber optic communications for ATS, processors between adjacent TC & C rooms and SCADA. The fibers not used by the Contractor will be for future use by the MTA. 16. All single mode and multimode fiber optic cables used (including jumpers) must be identified using a color scheme and not cable tags. 5.5 EXECUTION A. The Contractor shall obtain any FCC Grant of Equipment Authorizations required under Part 15 for intentional radiators prior to the start of any field testing. The Contractor shall obtain all necessary FCC licenses and/or permits in the name of the Authority required for operation of the equipment. The Contractor shall complete and submit all documentation, attend all FCC meetings and pay all fees necessary for obtaining the licenses and/or permits and to support FCC inspections, tests and inquiries. B. The Contractor shall install the DCS in accordance with these specifications and as follows: 1. Furnish and install all equipment, software, wire, cable, electrical components and materials required to implement the DCS design as approved at the FDR level, including temporary changes to any existing communications circuits as required. 2. Where practical, and as approved by the MTA, use existing messenger cables, cable troughs, and other fixtures. Where existing fixtures are not available or not approved for use, provide all new mounting and fastening materials for equipment installed in the final layout 3. Design, furnish, and install all temporary circuits and wiring required during the performance of the work. Maintain existing systems in operation until they are replaced by the new systems and the new systems are made fully operational. Remove all temporary circuits and wiring when no longer needed. 4. All radio cases, and antennas and associated hardware shall be installed outside station platform limits and in conformity with FCC authorization specifications. As much as

Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-5 September 2015 practical, the number of equipment enclosures and items on the wayside shall be kept to a minimum. 5. Data communications equipment, including wires and cables, shall not be mounted on ties. 6. All Wire and cable installation (including optical fiber cables) shall follow MTA standards as per Attachment F of the Construction Standards included in this Specification. 5.6 SUBMITTALS The Contractor shall submit the following documents for approval by the Authority as required at each phase of the project: A. A complete description of DCS design (including hardware and software), and all subsystem interfaces. This description shall include the capacity of each communications link or interface, an estimate of the expected peak load on each link or interface and a preliminary allocation of the DCS requirements to functional subsystem elements. B. Design Criteria and Analysis including: 1. Optical link budget analysis (which includes all possible losses from test points, splices, etc., and distances of all lengths of cable used). 2. Complete definition of data transmission requirements (i.e., throughput), interface devices, and associated cabling details to optical network.

3. As applicable, RF link budget analysis including justification that a frame error rate of 10-2 is acceptable to overall DCS performance. RF link budget analysis shall be based on the planned DCS operating frequency. 4. Performance characteristics of individual LRUs including timing, testability, sizing, throughput, memory requirements that support analysis of DCS performance. C. Installation and Layout Drawings including complete equipment and cabling installation and layout, interface information for all wayside and carborne elements, and power connections. D. RF Analysis of the DCS showing compliance with Federal Communications Commission (FCC) Office of Engineering and Technology (OET) Bulletin 65 for human exposure to RF EM fields. E. Catalog cut sheets and equipment specification sheets for all supplied DCS equipment. F. A wireless LAN security audit (if applicable) in accordance with National Institute of Standards and Technology (NIST) special publication 800-48, Sections 2.4, 3.5, 3.8, and 3.9. The report should analyze all risks and present reasonable mitigation measures for any potential adverse findings. G. Factory Test Procedures to validate design in the factory. H. Field Test Procedures to validate installed system at site. I. Test Reports certifying test results in the factory and field. J. Maintenance Plan & procedures covering failure management.

Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-6 September 2015 K. As Built Drawings for all DCS equipment. L. Final Hardware Configuration Listing. 5.7 REQUIRED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 5-1 DCS Description X

5-2 DCS Design Criteria & Analysis XX

5-3 Installation & Layout Drawings X

5-4 RF Analysis X 5-5 Catalog Cut sheets X 5-6 Wireless LAN Security Audit X 90 days 5-7 Factory Test Plan, Procedures prior to test 90 days 5-8 Field Test Plan, Procedures prior to test 30 days post 5-9 Certified Test Reports test 5-10 Maintenance Support Documentation X

5-11 As- Built Documentation X

5-12 Hardware Listing for final Configuration X

Attachment C, Part 2, ATC System T-8000-1415 Section 5 – Data Communications System Requirements TS 5-7 September 2015 SECTION 6 AUXILIARY WAYSIDE EQUIPMENT REQUIREMENTS Contents 6.1 GENERAL...... 6-1

6.2 SCOPE OF WORK...... 6-1

6.3 PRODUCTS...... 6-2

6.4 TRACKSIDE EQUIPMENT...... 6-2

6.5 TRACK CIRCUIT DETECTION REQUIRMENTS...... 6-5

6.6 ROOM EQUIPMENT ...... 6-6

6.7 POWER SUPPLY AND DISTRIBUTION...... 6-6

6.8 LOCAL CONTROL PANELS/ WORK STATIONS...... 6-6

6.9 OCC INTERFACE ...... 6-7

6.10 TEST TRACK...... 6-7

6.11 SPECIAL TOOLS ...... 6-7

6.12 SURVEY MARKERS...... 6-7

6.13 REQUIRED CDRLS...... 6-7

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-i September 2015 SECTION 6 AUXILIARY WAYSIDE EQUIPMENT REQUIREMENTS

6.1 GENERAL

This Section contains the requirements for the Auxiliary Wayside System (AWS) that consists of the following: A. All new signal equipment, accessories and cabling installed inside the TC&C rooms that shall work in conjunction with the SSI system to provide a complete signal system to support the CBTC implementation. B. All new trackside equipment, accessories and cables C. All necessary interfaces between existing signal system and the SSI or CBTC wayside system, including any temporary interfaces to or relocation of in-service equipment that will be eventually retired or replaced D. Temporarily retained existing signal equipment such as AF track circuits, cab loops for interfacing to the new SSI system to support revenue operations with existing MTA fleet. (These existing equipment shall be decommissioned and retired upon the final cutover of the new CBTC-based ATC System) E. Two Alternatives for flawed/broken rail detection. A minimum of one solution is to be included by the Contractor. 6.2 SCOPE OF WORK The Scope of Work for the AWS includes the following: A. Furnish all labor, materials, tools and equipment, and perform all activities necessary to design and build the AWS and its interfaces as specified herein. B. Develop, design, and install the components of the AWS to work in conjunction with the SSI and CBTC systems to deliver the performance, functional, and interface requirements as specified herein. C. Develop and furnish all documentation, drawings pertaining to design, installation, maintenance, training for all components of the AWS. D. Furnish all equipment enclosures, racks, cable termination racks, power equipment racks and other necessary associated equipment as per the Technical Specification to completely house all the components of the AWS and its interface cable connections. E. Ship, receive, unload, store and install all equipment necessary for the complete AWS and its interfaces.

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-1 September 2015 F. Perform all site surveys, environmental studies, analyses, certification and tests to support the design, installation, testing and commissioning of the components of the AWS. G. Perform Post Commissioning activities and provide necessary support to maintain AWS operation during warranty period H. Furnish all special test equipment, spare part initial provisioning, and all special tools required for the troubleshooting, maintenance and repair of components of the AWS and its interfaces. 6.3 PRODUCTS A. The Contractor shall furnish, install, test, and commission a complete AWS including any existing subsystems that may be potentially retained and any required interfaces. B. All products, materials, tools, equipment, or designs required for a fully functional AWS to work in conjunction with the specified SSI and CBTC systems shall be provided. C. All features and functions required to efficiently support the existing Metro operation shall be provided. 6.4 TRACKSIDE EQUIPMENT 6.4.1 General A. The Contractor shall conduct a test on each new piece of installed trackside equipment and each piece of field equipment with a modified enclosure to demonstrate that the enclosure is watertight. B. Each trackside equipment enclosure and support shall be grounded including new equipment and any existing equipment that may be retained. Minimum resistance of the ground shall be 25 ohms. The Contractor shall verify the ground resistance by testing. C. For all existing equipment to be temporarily retained to support staging or phasing of the new CBTC/ AWS or SSI system. Any visible damage on the equipment or their support including the gaskets shall be repaired by the Contractor. Any visible rust or damages to the finish shall be scraped, primed, and painted by the Contractor. A condition assessment of all equipment is provided in Appendix D. D. The Contractor shall relocate or modify existing trackside equipment as required to accommodate the installation or operation of new wayside equipment. E. All equipment required for the AWS shall be furnished and installed. F. The failure of one wayside equipment/ device shall not affect operation of other Wayside equipment connected to the same network. G. The loss of communications at one wayside equipment/device shall not affect other Wayside equipment connected to it from communicating through the same network. H. Any component identified for refurbishing may be replaced with a new component at the discretion of the Contractor at no cost to MTA Metro. Any new components planned for this purpose shall be submitted for approval by the MTA.

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-2 September 2015 I. Control or indication equipment as required for any trackside equipment shall meet the following requirements: 1. The equipment does not require periodic maintenance more often than 30 days. 2. The equipment is easily accessible for scheduled maintenance and trouble response. J. The Contractor is responsible for designing and implementing any changes to the negative return system that are required to accommodate the configuration of the AWS system furnished under this Contract. If any changes are required, the impact of the change to broken rail detection, rail current imbalance, traction power return, and other affected subsystems shall be calculated and submitted for approval (CDRL). All connections to the negative return system shall be installed by the Contractor. All temporary disconnections to the negative return system shall be performed by the Contractor. K. The Contractor shall decommission and remove the Next Train signs located at terminal platforms as part of the final design. L. The Contractor shall maintain the existing naming conventions all AWS equipment that is being replaced per the requirements of this Technical Specification. 6.4.2 Cable A. All cable required for the SSI and CBTC system and any field elements required as part of the final ATC configuration shall be furnished and installed by the Contractor. B. In addition, the following cables shall be furnished and installed for field elements as listed: a. Cables from TC&C rooms to Signals (not required in storage yard locations) b. Cables from TC&C rooms to Switch machines (not required in storage yard locations) c. Cables for all Power Frequency Track circuits from TC&C rooms to connection to rails (not required in storage yard locations) d. Cables from TC&C rooms to Snowmelter cases (not required in storage yard locations). Local cables from Snowmelter cases to devices does not require replacement. e. Cables from TC&C rooms to Wayside Pushbutton boxes f. Cables from TC&C rooms to Trip Stops (not required in storage yard locations) g. Cables from TC&C rooms to Approach Warning systems located at tunnel portals h. Cables from TC&C rooms to Traction Power Substations. The cables are part of an existing subsystem that provides TP breaker status to the signaling system. The signaling system removes the associated cab signaling when the TP breakers are tripped. C. Existing cable made obsolete by the new system shall be disconnected at both ends at the terminals. Indoor ends shall be bundled at the entrance to the room. Outdoor ends shall be bundled at the messenger, trough, pipe, roadbed surface, or other raceway. The existing tags and eyes on each wire shall remain in place. Cable ends shall be permanently bagged and

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-3 September 2015 tagged, identifying the location of the other end, the prior function, and the date the cable is removed from service. D. When more than one conductor of a cable is simultaneously disconnected, the circuits in that cable must be breakdown tested on either side of the cable prior to being returned to service. 6.4.3 Signal Heads A. Existing signal heads may be re-used. The existing aspects shall be replaced with LED aspects. Any modifications required for the new system shall be done by the Contractor. B. Any new signal heads furnished by the Contractor shall have LED aspects. C. All LED aspects furnished by the Contractor shall have LEDs of the same make and model number. D. Signals may be removed from the field for off-property or shop work. Temporary signal heads shall be installed to maintain the operation of the wayside signal system. Temporary signals for this purpose shall be provided by the Contractor in adequate quantity to maintain the project schedule and with no disruption to existing Metro operations. 6.4.4 Switch Machines A. Yard YM2000 switch machines for the entire yard will be furnished and installed by others. B. The Contractor shall design, furnish, install and test all control and indication interfaces required between the SSI, AWS, and the switch machines in the yard and mainline for this project. C. The Contractor shall inspect and test operation of all existing installed switch machines on the project line prior to furnishing and testing the SSI/AWS interfaces to these switch machines. 6.4.5 Crossing Gates The existing crossing gate field equipment may be re-used. The crossing gate logic shall be implemented in new equipment provided under this contract. 6.4.6 Tripstops A. Any tripstops required for the new system shall be new, and furnished and installed by the Contractor. The Contractor shall submit manufacturer details, product design details, catalog sheets for tripstops for approval by the MTA as part of the detailed design documentation. B. If not required for the new system, the existing tripstops shall be removed. 6.4.7 Flawed Rail Detection The Contractor shall provide at least one alternative described below that delivers a running rail flaw/break detection solution. 6.4.7.1 Broken Rail Detection Using Track Circuits – Alternative #1 A. New PF track circuits shall be installed within the interlocking. B. Track circuits shall be provided on all tracks where authorized speed can exceed 12mph. Broken rail detection sections shall be less than 6,000feet. Broken rail detection section

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-4 September 2015 boundaries need not align with any block boundaries used for train control. Both running rails shall be detected. C. For track circuits, pre- and post-shunt distances at block boundaries shall not exceed 10 feet; this shall be demonstrated by testing. For example, if track circuits are used, the Contractor shall apply a .06 ohm shunt 10 feet from both sides of each track circuit and verify that only the track circuit containing the shunt indicates occupancy, and the track circuit under test continues to indicate vacancy. D. There shall be no gap in train detection greater than 25 feet on any track. 6.4.7.2 Flawed – Alternative #2 A high-rail vehicle shall be provided that will conduct ultrasonic inspection of both running rails simultaneously at a speed of not less than 20 mph. The results of the inspection will be used to determine whether passenger train service is safe to operate. The vehicle shall be able to inspect all yard and mainline track. This solution shall include all the provisions of Sections 8, 11, 12, 13, and 14. 6.4.8 Wayside Pushbuttons A. Any wayside push buttons and associated cabling required for the new system shall be new, furnished and installed by the Contractor. B. If not required for the new system, the existing wayside pushbuttons shall be removed. 6.5 TRACK CIRCUIT DETECTION REQUIRMENTS For any track circuits furnished by the Contractor, the following requirements shall apply: A. Track circuits shall vitally detect the presence of a train throughout each section of track. Calculations shall demonstrate that track circuits shall shunt reliably at .06 ohm (CDRL). Each track circuit shall be tested with a .06 ohm shunt at each end and the middle. B. Where double rail track circuits are present in the existing system, and in any new double rail track circuits installed, the track circuits shall indicate occupancy under broken rail conditions. This shall be demonstrated for all locations by submitted calculations (CDRL), and by opening a joint in the running rail at five locations selected by the MTA. C. For any double rail PF track circuits furnished and installed, the impedance bond shall have a rating of no less than 3,000 amps per rail. The track circuit shall function properly with an imbalance of DC propulsion return rail currents of up to 12 percent and ac ripple currents of up to 17 percent. The track circuits shall also function properly with up to 100 percent imbalance of propulsion return rail currents in special work areas (areas including switches, frogs, or non-standard rail configurations) where there are interfaces with power frequency track circuits. The DC resistance of the impedance bond shall not exceed 0.0003 ohm. This shall be demonstrated by the OEM-certified product description (CDRL). D. A failure of any insulated joint of less than .06 ohm shall cause at least one track circuit to indicate occupancy. This shall be demonstrated by testing. A .06 ohm shunt shall be applied across each insulated joint after the adjacent track circuits are adjusted and observe that at least one of the adjacent track circuits indicates occupancy. Test results shall be submitted for approval (CDRL).

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-5 September 2015 E. Track circuits shall perform their intended functions reliably in the existing MTA environment. 6.6 ROOM EQUIPMENT A. All indoor signal equipment shall be provided by the Contractor. B. Any communications or other equipment required to support the new signal equipment shall be provided by the Contractor as per requirements in Section 5 of this Technical Specification. C. Signal room equipment shall be configured as required to meet the reliability and availability requirements as per requirements in Section 9 of this Technical Specification. D. Signal room equipment shall have sufficient diagnostics to meet requirements for mean time to repair and to expedite regular maintenance as per the maintainability requirements in Section 9 of this Technical Specification. 6.7 POWER SUPPLY AND DISTRIBUTION A. The provided system shall be compatible with the existing room power available in the TC&C rooms. No panel or circuit breaker shall operate at more than 75 percent of its capacity. Any modifications required to circuit breaker panels shall be performed by the Contractor. B. All power supply equipment required for new equipment in the rooms (SSI, CBTC wayside, DCS, train detection, LCP) and on the way side shall be furnished, installed, tested and commissioned by the Contractor. C. If during construction or staging periods the new and existing equipment operate simultaneously, or additional power is required for construction or other purposes, the Contractor shall provide the additional power. D. The provided equipment shall be grounded per National Fire Protection Association (NFPA) 70 National Electric Code. The Contractor shall perform the required modifications to the existing room bus bars or grounding equipment. 6.8 LOCAL CONTROL PANELS/ WORK STATIONS A. All signal system controls, indications, and maintenance tools needed for interlockings shall be available at the corresponding local control panel/ work station installed in the TC&C rooms. LCP shall include: 1. All indications and controls for signaling/ train control for the LCP location. 2. Temporary speed restrictions and track blocks. 3. Alarms, diagnostics, and maintenance tools. 4. The status of the connection to each adjacent subsystem, including OCC and communications links to adjacent interlockings. 5. The health status of all equipment including equipment in standby. B. The LCP may consist of one or more LCD screens. All screen indications shall be clear, uncluttered and easily accessible. The Contractor shall develop three prototyping sessions with the MTA to develop the Human Machine Interface (HMI). A final design, and user

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-6 September 2015 operating manual for the LCP shall be submitted for approval as part of the detailed design documentation at FDR. C. An installation manual for the LCP including hardware and software and setup shall be submitted for approval as part of the Maintenance support documentation. D. The LCP signal system controls and indications shall be as similar to the MOCC as practical. E. Any failure in any new equipment, including operating and redundant equipment, event recording, etc. shall be indicated on the nearest LCP. 6.9 OCC INTERFACE A. Any proposed interface to the MOCC from the TC&C rooms or track wayside locations to implement the new CBTC and SSI shall be submitted for approval (CDRL). B. All equipment, cabling required to achieve any new interface to the new MOCC from the TC&C rooms or required for a temporary interface to the existing MOCC for staging purposes shall be designed, installed, tested and commissioned by the Contractor. All detailed design documentation for each stage for the complete interface shall be submitted for approval (CDRL). 6.10 TEST TRACK One track in the yard shall be a test track. Detailed requirements for the test track shall be developed as part of the design. 6.11 SPECIAL TOOLS “Special Tools” refers to any tool not commonly found in a retail hardware store. A minimum quantity of three for each special tool recommended by the OEM for use in installation, maintenance, setup, test, or adjustment of products provided under this Contract, including hardware and software, shall be provided. 6.12 SURVEY MARKERS For all trackside elements required for the CBTC and SSI systems to support database verification, validation and configuration management, permanent survey markers with foundations and hardware shall be provided, and installed. Design of these survey markers shall be submitted for approval as part of the detailed design documentation. 6.13 SUBMITTALS Prepare and submit the following documents for review and approval by the Engineer: A. Detailed Design shop drawings, catalog cuts, and detailed descriptions giving complete performance, capability, and environmental data of all components of the AWS equipment and specific configuration and interfaces for this project. Any changes made after FDR shall be resubmitted to MTA within 10 working days. B. Factory Test Plan, Test Procedures for testing of the components of the AWS and its simulated interfaces at the Contractor’s premises. C. Certified Factory Test Reports.

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-7 September 2015 D. Installation Drawings, Room and Rack Layouts containing equipment clearances for maintenance, and adjustment settings including a tabulation of all units, assemblies, subassemblies and miscellaneous parts required for the field installation at the project site location. E. Field Test Plan, Test Procedures for testing, installation, and functioning of the AWS interfaced to the project infrastructure, SSI, DCS and wayside CBTC. F. Certified Field Test reports. G. Maintenance Support Documentation H. As-built Documentation including drawings for all equipment within the AWS scope of work.

I. Hardware list installed in their final configuration which shall include unique identifying numbers for each component. Any changes made after installation shall be resubmitted to MTA. 6.14 REQUIRED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 6-1 Detailed Design X 90 days 6-2 Factory Test Plan, Procedures prior to test 30 days post 6-3 Certified Factory test Reports test 6-4 Installation Drawings, Room & Rack Layouts X 90 days 6-5 Field Test Plan, Procedures prior to test 30 days post 6-6 Certified Field Test Reports test 6-7 Maintenance Support Documentation X

6-8 As- Built Documentation X

6-9 Hardware Listing for final Configuration X

6-10 Negative Return Analysis (as required) X

6-11 Track Circuit Detection Analysis (as required) X

6-12 Temporary Interface to existing MOCC & Staging X X

6-13 Interface to new MOCC & Staging XXX

Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-8 September 2015 Attachment C, Part 2, ATC System T-8000-1415 Section 6 – Auxiliary Wayside Equipment Requirements TS 6-9 September 2015 SECTION 7 ENVIRONMENT AND EMC REQUIREMENTS

Contents 7.1 GENERAL...... 7-1

7.2 SCOPE OF WORK...... 7-2

7.3 CODES AND STANDARDS...... 7-2

7.4 ENVIRONMENTAL REQUIREMENTS ...... 7-2

7.4.1 GENERAL ...... 7-2

7.4.2 WAYSIDE EQUIPMENT ...... 7-3

7.4.3 CARBORNE EQUIPMENT ...... 7-3

7.5 ELECTROMAGNETIC COMPATIBILITY AND INTERFERENCE...... 7-3

7.5.1 GENERAL ...... 7-3

7.5.2 EMC CONTROL PLAN...... 7-4

7.5.3 EMC ENVIRONMENT TESTING AND REPORT...... 7-5

7.5.4 EMC DESIGN REPORT...... 7-6

7.5.5 EMC LABORATORY TEST REQUIREMENTS...... 7-8

7.5.6 FINAL FIELD EMC TESTING ...... 7-9

7.6 EMC SIGNALING COMPATIBILITY ANALYSIS...... 7-11

7.6.1 EMC SAFETY ANALYSIS...... 7-12

7.7 EXECUTION...... 7-12

7.7.1 GENERAL ...... 7-12

7.7.2 TEST ON TYPICAL PRODUCTION EQUIPMENT...... 7-13

7.7.3 DISPOSAL OF TESTED EQUIPMENT...... 7-13

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS i September 2015 7.7.4 SERVICE TEST...... 7-13

7.7.5 EQUIPMENT FAILING A TEST...... 7-13

7.8 REQUIRED CDRLS...... 7-14

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS ii September 2015 SECTION 7 ENVIRONMENT AND EMC REQUIREMENTS

7.1 GENERAL This section defines the Environmental and Electromagnetic Compatibility (EMC) requirements for the complete ATC System, including the wayside CBTC system, carborne CBTC system, DCS, ATS, SSI equipment, and AWS. All requirements in this section applicable to the complete ATC System are applicable to each of the above components of the system. A. All equipment provided under this Contract shall function completely and reliably in the MTA environment. B. The test requirements specified in this section shall also serve as criteria for equipment design. C. The requirements specified in this Section shall apply to all work performed and equipment supplied under this Contract. D. Results of testing performed prior to the start of this Contract will be accepted in lieu of testing under this Contract only if the following conditions are met: 1. The equipment that was previously tested is identical to the equipment proposed for this Contract. 2. The equipment was tested to standards that meet or exceed the requirements of this Contract. 3. The testing was performed by qualified laboratories, and the results are certified by the test laboratory. E. For each instance where the Contractor wishes to rely on the results of previous testing, the full test report must be submitted for Approval, as well as a description of the equipment tested including any differences between the tested equipment and that being provided under this Contract. F. Equipment to be in service less than 120 days may be Approved for use without environmental testing if the Contractor can demonstrate that the equipment will function reliably in its intended application by other means. This shall be at the sole discretion of MTA. G. The Contractor shall provide proof that the test lab is certified by the National Voluntary Laboratory Accreditation Program (NVLAP) or The American Association for Laboratory Accreditation (A2LA) (CDRL 7-1).

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-1 September 2015 7.2 SCOPE OF WORK The Contractor shall demonstrate through rigorous analysis and test, as described in this section that the complete ATC system will meet all of the Environmental and EMC requirements of this section. 7.3 CODES AND STANDARDS Codes and standards referenced in this section are to be the latest edition in effect at the time of Contract award unless otherwise noted, and are considered to be a part of this Specification as applicable. A. American Railway Engineering and Maintenance Association (AREMA) – Communications & Signals Manual of Recommended Practices, 2014 edition, Part 11.5.1- Recommended Environmental Requirements for Electrical and Electronic Railroad Signal System Equipment B. EN 50121-1:2006, “Railway Applications – Electromagnetic Compatibility, Part 1: General” (IEC Equivalent: IEC 62236 Part 1) C. EN 50121-2:2006, “Railway Applications – Electromagnetic Compatibility, Part 2: Emission of the whole railway to the outside world” (IEC Equivalent: IEC 62236 Part 2) D. EN 50121-3-1:2006, “Railway Applications – Electromagnetic Compatibility, Part 3-1: Rolling stock – Train and complete vehicle” (IEC Equivalent: IEC 62236 Part 3-1) E. EN 50121-3-2:2006, “Railway Applications – Electromagnetic Compatibility, Part 3-2: Rolling stock – Apparatus” (IEC Equivalent: IEC 62236 Part 3-2) F. EN 50121-4:2006, “Railway Applications – Electromagnetic Compatibility, Part 4: Emission and Immunity of the Signaling and Telecommunications apparatus” (IEC Equivalent: IEC 62236 Part 4) G. FCC Regulations, Code of Federal Regulations (CFR), title 47, part 15 H. IEC 60571 Electronic Equipment used on Rail Vehicles, Ed. 3.0, 2012 I. UPTA-MA-06-0153-85-6, “Conductive Interference in Rapid Transit Signaling System – Volume 2: Suggested Test Procedures” J. UPTA-MA-06-0153-85-8, “Inductive Interference in Rapid Transit Signaling System – Volume 2: Suggested Test Procedures” 7.4 ENVIRONMENTAL REQUIREMENTS 7.4.1 General A. The Contractor shall prepare and submit an overall Environmental Test Plan (CDRL 7-2) to the MTA. The Test Plan shall include information on the test lab to be used, the test personnel, the test schedule, test standards, test levels, test equipment, failure criteria. Sample test report sheets shall be included in the test plan. B. The Contractor shall submit detailed Environmental Test Procedures (CDRL 7-3) to the MTA for review and approval. The test procedures shall detail the specific test setup for each test to be performed on a piece of equipment. The tests standards, test levels, detailed equipment setup, mode of operation during testing, and failure criteria shall be detailed. The detailed test procedures shall contain diagrams showing the exact arrangement of the equipment for each test including the detailed mounting arrangement, all brackets, associated mounting

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-2 September 2015 hardware, and sensor placement for the shock and vibration testing. The test procedures shall also outline specific mode of operation for the equipment under tests as well as the failure criteria. C. The Contractor shall submit Environmental Test Reports (CDRL 7-4) to the MTA for review and approval for each piece of equipment tested within 30 days of completion of the test. The test reports shall include all test setup information including equipment calibration reports. The reports shall also include the pass/fail results for all tests. Any deviation from the test procedure shall be reported. All test failures shall be reported as well as resolutions. D. If any failures are observed during the laboratory testing, the testing shall be stopped immediately and MTA shall be notified. The Contractor shall analyze the failure and implement a corrective action plan. The failed test shall be rerun with the corrective action(s) implemented. This process shall be repeated until the test has passed. The MTA has the right to request retesting of any previously passed tests if the design change will affect those tests. Any design changes required to pass the test shall be reported to the MTA for review and incorporated into the final design upon review and approval from the MTA. All failed tests and implemented changes shall be recorded in the test report. 7.4.2 Wayside Equipment All new wayside equipment included in the ATC System shall meet the requirements of AREMA C&S Manual, Section 11.5.1. Equipment to be located in the OCC, Wabash Systems Building, and Wabash Maintenance facility may be considered class E (computer room) equipment. 7.4.3 Carborne Equipment All new ATC carborne electronic equipment furnished and installed under this Contract shall meet the Environmental requirements for all carborne systems as specified in Attachment C, Part III, Section T 02. 7.5 ELECTROMAGNETIC COMPATIBILITY AND INTERFERENCE 7.5.1 General A. All equipment provided under this Contract shall: 1. Be electromagnetically compatible within itself, with other equipment provided by the Contractor, with all MTA Trains, communications systems, and with other electronic equipment and with all electronic equipment operating adjacent to MTA’s property. 2. Operate within the performance requirements specified herein without any degradation of performance, malfunctions, unacceptable or undesirable responses, or damages, caused by radiated or conducted electromagnetic signals, noise transients or spikes existing or introduced by radio equipment at the locations where the equipment shall be installed and operated. 3. Not generate electromagnetic signals, noise, transients or spikes that shall interfere with the operation of other equipment. B. The Contractor shall conduct a program which achieves and documents electromagnetic compatibility (EMC). The Contractor shall apply the EMC program requirements to all subsystems and suppliers.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-3 September 2015 C. The complete ATC System shall comply in all respects to FCC Regulations defined in CFR Title 47, part 15 for incidental, intentional and unintentional radiators including digital devices and FCC OET Bulletin 65 regarding human exposure to radiofrequency electromagnetic fields. D. The complete ATC System electromagnetic emissions shall also comply with applicable portions of FCC Regulations, including those related to FCC OET Bulletin 65 regarding human exposure to radiofrequency electromagnetic fields. E. Approval of the Contractor’s proposed EMI/EMC program and/or any portion thereof by the Authority does not negate the Contractor’s sole and total responsibility to provide Work that complies with the EMI/EMC requirements of this section. F. The requirements in evaluating electromagnetic compatibility shall include, but not be limited to the following: 1. Degradation Criteria. Degradation criteria shall be established by the Contractor for each system/equipment and approved by the Authority. These criteria shall be used to define and evaluate malfunctions, unacceptable and undesirable responses. When available, the results of system/equipment laboratory interference tests shall be used in establishing or defining the criteria. 2. Safety Margins. Safety margins shall be established for systems/equipment. Existing test points shall be used, and use of special equipment manufacturers or circuit breakouts shall be minimized. Unless otherwise specified in the Contract, safety margins less than 6 dB shall not be used. When safety margins have been established and approved for systems/equipment the inputs, outputs or other test points shall be monitored on a continuous basis and reports of monitoring submitted to the Authority. 3. Instrumentation. Approved equipment intended for use with the system shall be used to monitor systems/equipment and provide data records. 4. Acceptance Criteria. Compliance with these Technical Specifications shall have been achieved when compatible operation, including any approved safety margins, is demonstrated without unacceptable responses or malfunctions. 5. Equipment performing vital functions shall not be affected by portable radio transmitters/receivers operated in the vicinity of the equipment when the equipment case is open. 7.5.2 EMC Control Plan The Contractor shall submit an EMC Control Plan (CDRL 7-5) that will document the process of EMC Management, outlining the criteria to be met and the methods used by the Contractor to meet the specified requirements and achieve EMC. The EMC Control Plan shall be updated whenever there are major changes to any part of the design that relates to EMI/EMC. The EMC Control Plan shall contain the following: A. Organizational responsibilities that clearly shows the reporting relationship between the EMI/EMC Engineer, the Systems Integrator and all other key team personnel involved in the design, integration and installation of the complete ATC System B. Name, address and relevant certification of any EMI/EMC Test Laboratory or organization that the Contractor has or is proposing to use Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-4 September 2015 C. EMI/EMC Engineer Qualifications D. Schedule of EMC document submissions, audits, tasks and milestones E. Summary of EMC requirements passed to sub-contractors by the Contractor F. EMC Cable Management strategy G. Details of the installation guidelines, cable classification and segregation system used to achieve systems EMC H. Approach for determining the EMC environment, and organization of the EMC Environment Report I. Approach for analysis of EMC design characteristics, emissions, susceptibility, and margin of the complete ATC System, and organization of the EMC Design Report J. Approach for analysis of EMC safety impacts, and organization of the EMC Safety Analysis K. Frequency matrix showing clock and other operating frequencies of all equipment 7.5.3 EMC Environment Testing and Report A. The Contractor shall determine and report on the MTA EMI/EMC environment for the Wayside and Car-borne components of the complete ATC System. The Contractor shall adequately determine the EMI/EMC environment, so that the Contractor can ensure that the Wayside and Car-borne system emissions do not interfere with other MTA and neighboring equipment, and so the Contractor can ensure that the safe and reliable operation of the Wayside and Car-borne systems, and to show that they are not adversely affected by emissions of the MTA EMI/EMC environment. EMC site surveys shall be conducted at all locations where equipment is to be installed to determine the maximum EMI levels present. B. The Contractor shall conduct all necessary tests and surveys of the MTA EMI/EMC environment to determine the emission levels and susceptibility levels of MTA equipment which could interact with the complete ATC System. C. Specifically, the EMC Environment Report (CDRL 7-6) shall include sections covering but not limited to: 1. Train Emissions: The Train Emissions section shall identify train emissions related to carborne and wayside system equipment. Train worst-case emissions including operation of any or all train equipment alone or in combination, and in normal, abnormal, failure, and emergency conditions shall be considered. The tests shall be in accordance with the following procedures: a. Train and Complete Vehicle: Radiated emission shall be measured in accordance with the procedures contained in “Railway Applications – Electromagnetic Compatibility, Part 3-1: Rolling Stock – Train and complete Vehicle, EN 50121-3-1”. Test shall be performed with the train in static and dynamic mode. b. Railway Emissions: Emissions shall be measured in accordance with the procedures contained in “Railway Applications – Electromagnetic Compatibility, EN 50121-2: Emissions of Whole railway to the outside world.”

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-5 September 2015 c. Carborne system: Carborne system emissions and susceptibility shall be measured in accordance with the procedures contained in “Railway Applications – Electromagnetic Compatibility, Part 3-2: Rolling Stock – Apparatus, EN 50121-3-2.” 2. Radio Frequency (RF) Data Link: The RF Data Link section shall identify emissions or ambient conditions which could interfere with operation of the Data Communications System and Wayside and Car-borne system’s RF data link. 3. Ambient at Equipment Locations: The Ambient at Equipment Locations section shall determine and report on the ambient that applies to equipment installation locations, for items installed on trains, along the trackside, and in equipment rooms. Determination of the RF ambient shall include: a. New and existing onboard communications systems b. New and existing MTA and Baltimore Public Safety communications systems c. Cellular and PCS systems d. Wireless LAN devices D. Particular attention shall be paid to the pass band of the DCS equipment, and the surrounding frequencies. The Contractor shall propose, for approval by the MTA, a suitable frequency range for test. Such equipment could include On-Board and Wayside Radios, Antenna Systems (Active or Passive), Radio Frequency (RF) Distribution Systems, Repeaters, Regenerators, or any other device that would be susceptible to RF interference. The purpose of this testing is to characterize the environment so that the Contractor can show by design, analysis, and test, that at least a 6dB margin is maintained at all times. All tests shall measure H-Field and E-Field. E. The EMC Environment Report may emphasize operating frequencies which correspond to operating frequencies of Wayside and Car-borne system equipment and other critical frequencies, to the extent those frequencies are documented in the Contractor’s EMC Design Report. F. The Environmental Test Report shall include a comparison of the ambient levels found at each location and the CENELEC standard EMC limits. Recommend specific modifications to the emissions and susceptibility limits in the CENELEC standards as required to for compatibility with the ambient EMI levels. 7.5.4 EMC Design Report A. The Contractor shall analyze and report on EMC design characteristics of the Wayside and Carborne System equipment as well as the DCS Equipment. B. The Contractor shall include all EMI/EMC design methods and techniques to be utilized at the system, subsystem, and individual equipment level to ensure electromagnetic compatibility. The techniques shall integrate the operation of all subsystems of the complete ATC System. C. The EMC Design Report (CDRL 7-7) shall include but not be limited to the following sections: 1. EMC Equipment Identification: The EMC Design Report Equipment Identification section shall identify all equipment with significant emissions or susceptibility with respect to the MTA EMC environment.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-6 September 2015 2. All EMI/EMC documentation shall be identified together with all EMI/EMC specifications that are to be used in the design and validation. 3. An analysis of any corrosion threats, issues and mitigations. 4. Maintenance requirements needed to maintain the system’s immunity to EMI and preserve its EMC. 5. Intended installation location and identify which parts of the system are contained within an equipment room, which are external and estimated separation distances. 6. EMC Equipment Characteristics: For identified equipment, the EMC Design Report Equipment Characteristics section shall provide a complete description, statement, and analysis of equipment operating parameters and characteristics related to emission and immunity, including but not limited to operating frequencies, sensitivity levels, circuit configurations and impedances, modulation, coding, error detection, and emission levels. The information in the section shall fully describe all design aspects related to EMC, including protections against interference such as message coding and checking. 7. For equipment in which EMC performance could be affected by changes to configuration or parameters of the software or firmware, provide complete documentation of the software or firmware, and an approved configuration control record for the delivered and tested software or firmware version. 8. Grounding plan which states the Contractor’s grounding approach and implementation. The plan shall include system grounds, safety grounding, power grounding, applications of single point grounding, applications of multipoint grounding, applications of hybrid grounding, use of ground planes, rack grounding, equipment grounding, cable shield grounding, and circuit grounding. A grounding diagram shall be used to show the grounding topology. 9. Cable routing plan which states the cable routing approach and implementation. The plan shall separate signals and electromagnetic noise from high level signal circuits and power circuits and equipment from coupling into low level circuits. The plan shall include cable routing on messenger and in precast channel, within rooms and enclosures and on racks. 10. Details of filter characteristic and component values of power line filters. If filter pins are to be employed in the design, the attenuation and peak rating characteristic shall be included. A description of construction materials employed in the design shall be given. Bonding surfaces shall be identified, together with details of any surface treatment used to achieve compliance. 11. The EMC Design Report shall contain details of mechanical design as related to EMC. Materials shall be described, as well as procedures and methods to be used for purposes of attenuating electromagnetic emissions and reducing susceptibilities of equipment to the specified electromagnetic threats. A description shall be given for internal shielding and filtering methods used to achieve compliance. Mechanical drawings shall be used to identify the locations and physical characteristic of possible apertures, electrical connectors and panel mounted components, and design details of RFI gaskets.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-7 September 2015 7.5.5 EMC Laboratory Test Requirements 7.5.5.1 General A. The Contractor shall prepare and submit an overall EMC Test Plan (CDRL 7-8) to the MTA. The Test Plans shall include information on the test lab to be used, the test personnel, the test schedule, test standards, test levels, test equipment, failure criteria. Sample test report sheets shall be included in the test plan. B. The Contractor shall submit detailed EMC Test Procedures (CDRL 7-9) to the MTA for review and approval. The test procedures will detail the specific test setup for each test to be performed on a piece of equipment. The tests standards, test levels, detailed equipment setup, mode of operation during testing, and failure criteria shall be detailed. The detailed test procedures shall include diagrams showing the exact arrangement of the equipment for each test. This shall include the detailed mounting arrangement, including all brackets, associated mounting hardware, and sensor placement for the shock and vibration testing. The test procedures shall also outline specific mode of operation for the equipment under tests as well as the failure criteria. C. The Contractor shall submit EMC Test Reports (CDRL 7-10) to the MTA for review and approval for each piece of equipment tested within 30 days of completion of the test. The test reports shall include all test setup information including equipment calibration reports. The reports shall also include the pass/fail results for all tests. Any deviation from the test procedure shall be reported. All test failures shall be reported as well as resolutions. D. If any failures are observed during the laboratory testing, the testing shall be stopped immediately and the MTA shall be notified. The Contractor shall analyze the failure and implement a corrective action plan. The failed test shall be rerun with the corrective action(s) implemented. This process shall be repeated until the test has passed. The MTA has the right to request retesting of any previously passed tests if the design change will affect those tests. Any design changes required to pass the test shall be reported to the MTA for review and incorporated into the final design upon review and approval from the MTA. All failed tests and implemented changes shall be recorded in the test report. E. Where any EMI levels are observed during the EMC Environmental Testing that exceeds the levels described in the sections below the levels observed during the Environmental test shall apply. 7.5.5.2 Wayside Equipment A. All new wayside equipment included in the complete ATC System shall meet the requirements of EN 50121-4. B. Equipment to be located in the OCC, Wabash Systems Building, and Wabash Maintenance facility may be tested to CENELEC product standards for the specific equipment. The proposed test standard shall be approved for each item prior to testing. 7.5.5.3 Carborne Equipment A. All new carborne electronic equipment shall meet the requirements of EN 50121-3-2. In addition to the requirements of EN 50121-3-2, Radiated Emission Levels shall be measured between 1 GHz and 6 GHz. The limit shall be 50 dBμV/m quasi-peak. In addition to the requirements of EN 50121-3-2, Radiated Immunity Levels shall be measured up to 6 GHz. The immunity test level from 80 MHz to 6 GHz shall be 20 V/m.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-8 September 2015 B. All new carborne electronic equipment shall meet the requirements of IEC 60571, Section 3.1 for Fluctuation and Interruption of Voltage Supply. 7.5.6 Final Field EMC Testing A. The Contractor shall develop an EMC test strategy that enables the demonstration of the complete ATC System in compliance with the requirements of EN 50121. B. After the all installation work is complete, the Contractor shall perform the Final Field EMC Tests on all equipment furnished and installed under this Contract in accordance with the EN 50121 series of standards and this section. C. The Final Field EMC test performed by the Contractor shall be witnessed by the MTA and shall demonstrate EMC between all subsystems and/or equipment (both vital and non-vital) during all modes of operation while the subsystems and/or equipment are individually or collectively operated. Final Field EMC tests shall be completed and approved by the MTA prior to the request for putting equipment into service. D. The Contractor shall execute testing as per the guidelines of FCC OET Bulletin 65 regarding human exposure to radiofrequency electromagnetic fields. E. The Contractor shall execute the following steps: 1. Establish procedures for the Final Field EMC tests: For each item, prepare a Test Plan, in which the Contractor will quantitatively demonstrate that the item achieves the margin identified in the EMC Design Report worst case conditions. At a minimum, the Test Plan shall include the following sections: Introduction, Schedule, Equipment Configuration Under Test, Test Track, Test Equipment Configuration and Calibration, Test Runs, Test Methods, Test Data Collection Procedures, and Test Report Format. Each Test Plan shall include the following: a. Test conditions and procedures for all electronic and electrical systems/ equipment installed in or associated with the system and equipment under test. b. Modes of operation and monitoring points for each system and equipment. c. Methods to be used to select critical circuits to be monitored for compliance with the degradation and safety margin. d. Procedures used for developing failure criteria and limits. e. Evaluation and degradation criteria for each system and equipment. f. Use of approved results from laboratory interference tests on systems and equipment. g. Details concerning frequency ranges, channels, and combinations to be specifically tested such as image frequencies, intermediate frequencies, local oscillator, and transmitter fundamental and harmonically related frequencies. Systems susceptibility criteria identified during laboratory testing shall be included. h. Tests with a portable radio/cellular telephone operating at VHF, UHF and common cellular frequencies as follows: 160 MHz, 460 MHz, 800 MHz, 915 MHz, 1.9 GHz, 2.4 GHz and 5.8 GHz. This test would be performed with the portable radio/cellular telephone in transmit mode within 6 inches of equipment with cabinet doors closed.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-9 September 2015 Tests performed on programmable logic controllers and automatic transfer panels shall be conducted with cabinet doors open and closed. i. The sequence for operating systems/equipment during tests. j. Adjustment and settings of variable controls. k. Methods and procedures for data readout and analysis. l. Calibration schedules and description of instrumentation for measuring electrical, electronic, video, and mechanical outputs of equipment and systems to be monitored during the testing. m. Personnel required for the Contractor and MTA. 2. Perform tests: For each identified item, perform and document the test per the approved test procedures. Coordinate in advance with MTA for access to, control of, and safe operation of MTA staff, track, trains, equipment, and facilities. 3. Test Report (CDRL 7-10): For each tested item, prepare an Final Field EMC Test Report which shall document the results of the follow: a. At a minimum, each test report shall include the following sections: Introduction, Schedule, Equipment Configuration Under Test, Test Track, Test Equipment Configuration and Calibration, Test Runs, Test Methods, Test Data Collection Procedures. b. Analyze the results of each Final Field EMC test and determine if the equipment as built is suitable for deployment in the MTA environment. A margin of at least 12 dB shall be maintained in vital circuits and 6 dB on all non-vital microprocessor based equipment. Techniques for minimizing the effects of unfavorable tests results, or analysis showing the test results will not result in degradation in the safety, reliability, or performance of the system shall be submitted. The MTA will have unilateral authority to approve the design recommendations or analysis submitted. If the Contractor recommended solution is not approved, the Contractor must identify a suitable design to meet the requirements specified herein at no additional cost to MTA, and shall submit the modified design for approval, with test results which show the design meets the requirements. c. As part of each Final Field EMC test report, the Contractor shall prepare a compliance matrix to record test results of individual equipment/systems in the presence of other equipment/systems. d. Approval: The MTA will be the sole approving authority for Final Field EMC Test Reports submitted by the Contractor. The MTA will approve the Contractor’s Final Field EMC Test Reports and equipment if the Contractor has demonstrated satisfactory operation in worst case operating modes with approved margins. 4. In the case that the Contractor selects to provide new Track Circuits for the AWS, the Contractor shall demonstrate that the new Track Circuits are electromagnetically compatible with the existing and new rolling stock. The Conducted Emissions and Inductive Emissions from the train shall be completely characterized. The susceptibility of the new Track Circuits shall be completely characterized as installed in the field and the worst case determined. The Contractor shall demonstrate that that the conducted and Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-10 September 2015 inductive emissions from the rolling stock are at least 6dB below the susceptibility of the worst case track circuit for impulse emissions and 12dB below the susceptibility of the worst case track circuit for repeated broadband and harmonic emissions for all possible length trains operating in all possible modes. Any required Field Conducted EMI testing shall be based on UMTA-MA-06-0153-85-6. Any required Field Inductive EMI testing shall be based on UMTA-MA-06-0153-85-8. The Contractor shall submit test procedures and test reports for Conducted EMI testing, Inductive EMI testing and Track Circuit Susceptibility testing as required. 7.6 EMC SIGNALING COMPATIBILITY ANALYSIS A. The EMC Signaling Compatibility Analysis shall demonstrate that the Wayside and Carborne systems will operate as intended in the MTA operating environment and that it will not cause degradation of performance, under normal and credible failure conditions to any pre-existing system or third party assets. B. The analysis shall include all operating frequencies from DC to 10 GHz. For frequencies not covered by the IEC 50121 series of standards the Contractor shall propose other test methods and standards to the MTA for approval. C. The EMC Signaling Compatibility Analysis (CDRL 7-11) shall be submitted to the MTA for review and approval after all field and laboratory EMI/EMC testing has been completed. The purpose of the analysis is to show that the measured environmental and equipment emissions are within the tolerances of the measured equipment susceptibility for all equipment, with the required margins taken into account. D. Equipment Susceptibility: The Equipment susceptibility section shall provide a documented analysis of the susceptibility of the identified equipment with respect to the MTA EMC environment. For each identified piece of equipment with significant susceptibility, the Equipment Susceptibility section shall provide an analysis with: 1. Level and type of signal to which the identified equipment is EMI-susceptible. 2. Worst-case and typical predicted level of the signal in the MTA environment, from the EMC Environment Report. 3. Contractor’s proposed worst-case margin against disruption of safe and reliable operation of the identified complete ATC System by the MTA EMC environment. Where appropriate, the section may include statistical or signal analysis to describe system-level protections against interference. E. Equipment Emissions: The Equipment Emissions section shall provide a documented analysis of the emission of the identified systems with respect to the MTA EMC Environment. For each identified piece of equipment with significant emissions, the Emissions section shall provide an analysis with: 1. Worst-case and typical level and type of emission for each piece of identified equipment. 2. Identification of MTA environment items which may be affected by an emission from the equipment, such as train or other two-way radio services. 3. Predicted susceptibility level of the environment item which may be affected by the equipment.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-11 September 2015 4. Contractor’s proposed worst-case margin against disruption of the environment item by the identified equipment. Where appropriate, the section may include statistical or signal analysis to describe system-level protections against interference. 5. The Emissions section shall include but not limited to an analysis of the RF Data Link and the Data Communications System’s Data Link. Worst case radiated emissions shall include variable RF propagation characteristics. F. Induced Voltages: The Contractor shall ensure and demonstrate with evidence that any cables supplied under the Contract other than power cables used by the System are properly shielded, grounded and terminated to prevent noise and/or electric shock. G. Operation Requirements: The Operating Requirements section shall provide the Contractor’s statement of operating or maintenance restrictions to control susceptibility and/or emissions, such as keeping equipment covers closed when operating portable radios, or keeping radios off near certain equipment. H. Internal Interface EMC: The internal interface EMC section shall state and detail the Contractor’s selected standard for achieving electromagnetic compatibility at interfaces between modules and elements which make up the complete ATC System. The Contractor may select a standard published by a standard-making body, e.g. IEEE-STD-1100, EN 300 253, or may select a proven project standard created by the Contractor and approved by MTA. 7.6.1 EMC Safety Analysis A. The Contractor shall perform and document an EMC Safety Analysis (CDRL 7-12) that shall include a comprehensive and detailed study demonstrating that all EMI related risks and hazard that may affect the functionality of the complete ATC System has been identified and mitigated. This shall be submitted to MTA for approval. B. The EMC Safety Analysis shall include an assessment of the threat of electromagnetic disturbance to the complete ATC System. This should take into the account the intended electromagnetic environment of use. C. The EMC Safety Analysis report shall include: 1. An assessment of the safety impact to the complete ATC System and actions to be taken to achieve the desired safety integrity level. The report shall include provision to prevent EMC hazards due to changes in software or firmware parameters. 2. An assessment of the complete ATC System emissions and its impact on neighboring equipment. 7.7 EXECUTION 7.7.1 General A. Any temporary wires installed to accommodate testing (or for any other purpose) shall be run fully exposed and be colored red. Both ends shall be tagged if the wire is to remain on while it is part of an operating system. B. MTA shall be given notice 7 to 14 days prior to the execution of any test being done in the Baltimore area. MTA shall be given notice 30 to 60 days prior to the execution of any test being done outside the Baltimore area. MTA or MTA representatives shall witness the test at the sole discretion of MTA.

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-12 September 2015 C. Within 1 week of any testing done, the original test data sheet and procedure used in the field will be delivered to MTA. This is separate from the updates of the Test Program Plan described elsewhere in this section. D. The equipment under test shall operate continuously during testing for the parameters being tested. The equipment shall be monitored so that any interruption in the operation of the equipment is detected, at which point the equipment is considered to have failed the test. E. If the equipment is altered as a result of the test, the equipment is considered to have failed the test. Altered includes the loosening of fasteners, cracks, changes to the finish or gaskets, corrosion or rust, etc. F. Environmental testing is to be completed 30 days prior to equipment of the same type being placed into service. G. Vibration and shock tests are to be video recorded, with the recordings submitted with the test data sheets. They are to be in electronic format: MPEG 4, 60 frames per second, 1920 x 1080 or approved equal. 7.7.2 Test on Typical Production Equipment Tests shall be conducted on equipment identical to that which will be installed on MTA. The equipment shall be arranged and functioning during the testing as close as possible to the final configuration for revenue service. 7.7.3 Disposal of Tested Equipment A. All equipment subjected to environmental testing shall be permanently marked as such, including the date and type of test. B. Equipment subjected to an environmental test that passes and remains undamaged may be used for subsequent environmental tests. Equipment subjected to environmental tests shall not be used for permanent installation, spare parts, or BTE parts. Equipment subjected to environmental testing which passes without damage may be installed in training racks. All tested equipment is to be returned to MTA at the conclusion of the tests. 7.7.4 Service Test Any equipment failing within 12 months of being placed into service shall be evaluated to determine if the cause of the failure was due to incompatibility with the MTA environment or with other equipment installed under this Contract. If this is found to be the case: A. The environment shall be quantitatively measured. B. An evaluation shall be submitted comparing the environment that the equipment failed into the environment the equipment can tolerate. C. The response shall be the same as to any other failed environmental test, see “EQUIPMENT FAILING A TEST” in this section. 7.7.5 Equipment Failing a Test Any equipment failing within 12 months of being placed into service shall be evaluated to determine if the cause of the failure was due to incompatibility with the MTA environment or with other equipment installed under this Contract. If this is found to be the case:

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-13 September 2015 A. The equipment shall be modified to function completely and reliably within the actual MTA environment and the requirements of this section. B. All equipment performing the same function shall be modified so that all such equipment is similar and compatible with the environment of the failed equipment. This includes permanently installed equipment and equipment provided as spare parts, training or BTE equipment. 7.8 REQUIRED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 7-1 Test Lab Accreditation X

7-2 Environmental Test Plan X 90 days 7-3 Environmental test Procedures prior to test 30 days post 7-4 Environmental Test Reports test 7-5 EMC Control Plan X 7-6 EMC Environment Report X

7-7 EMC Design Report X

7-8 EMC Test Plan X 90 days 7-9 EMC Test Procedures prior to test 30 days post 7-10 Final Field EMC Test Report test 7-11 EMC Signaling Compatibility Analysis X

7-12 EMC Safety Analysis X

Attachment C, Part 2, ATC System T-8000-1415 Section 7 – Environment and EMC Requirements TS 7-14 September 2015 SECTION 8 SYSTEM SAFETY AND SECURITY REQUIREMENTS

Contents 8.1 GENERAL...... 8-1

8.2 SYSTEM SAFETY AND SECURITY PROGRAM PLAN (SSSPP)...... 8-2

8.2.1 SAFETY AND SECURITY CERTIFICATION MANAGER...... 8-4

8.2.2 SSSPP CONTENTS...... 8-4

8.3 SYSTEM SAFETY AND SECURITY ANALYSES ...... 8-5

8.3.1 PRELIMINARY HAZARD LIST...... 8-7

8.3.2 PRELIMINARY HAZARD ANALYSIS/HAZARD TRACKING LOG...... 8-7

8.3.3 FAILURE MODES, EFFECTS AND CRITICALITY ANALYSES...... 12

8.3.4 OPERATING AND SUPPORT HAZARD ANALYSES...... 13

8.3.5 FAULT TREE ANALYSES...... 14

8.3.6 SAFETY HAZARD ASSESSMENT CRITERIA...... 14

8.3.7 OPEN ITEMS LOG...... 17

8.3.8 THREAT AND VULNERABILITY ASSESSMENT (TVA)...... 17

8.4 HAZARD RESOLUTION PROCESS ...... 18

8.4.1 HAZARD REDUCTION PRECEDENCE...... 18

8.4.2 GENERAL SAFETY DESIGN CRITERIA...... 19

8.4.3 FAIL-SAFE DESIGN REQUIREMENTS...... 19

8.4.4 DESIGN SAFETY FOR HUMAN ENGINEERING ...... 21

8.5 SAFETY AND SECURITY CERTICATION ...... 22

8.5.1 CERTIFIABLE ELEMENT LIST...... 22 Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-i September 2015 8.5.2 DESIGN CRITERIA AND CONSTRUCTION SPECIFICATION CONFORMANCE CHECKLISTS...... 22

8.5.3 CERTIFICATES OF CONFORMANCE ...... 23

8.5.4 PROJECT SAFETY AND SECURITY CERTIFICATE...... 23

8.5.5 SAFETY AND SECURITY CERTIFICATION VERIFICATION REPORT (SSCVR)...... 24

8.6 SYSTEM INTEGRATION TESTING AND PRE-REVENUE OPERATION...... 24

8.7 FLAMMABILITY, SMOKE EMISSION AND TOXICITY TESTING REQUIREMENTS...... 24

8.7.1 GENERAL ...... 24

8.7.2 FIRE HAZARD ANALYSIS (FHA)...... 24

8.7.3 MATERIAL TESTING REQUIREMENTS AND MATRIX...... 25

8.7.4 MATERIALS EXEMPT FROM TESTING REQUIREMENTS...... 26

8.7.5 MATERIALS REQUESTED FOR WAIVER OR DEVIATION...... 26

8.7.6 FLAMMABILITY AND SMOKE EMISSION TEST PROCEDURES AND PERFORMANCE CRITERIA 27

8.7.7 TOXICITY TEST PROCEDURES AND PERFORMANCE CRITERIA...... 27

8.7.8 ELECTRICAL FIRE SAFETY...... 27

8.8 DESIGN COORDINATION ...... 27

8.9 RECORDS MANAGEMENT...... 28

8.10 REFERENCED CDRLS...... 28

8.11 REFERENCED STANDARDS...... 29

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-ii September 2015 SECTION 8 SYSTEM SAFETY AND SECURITY REQUIREMENTS

8.1 GENERAL The Contractor shall conduct a safety program, which ensures to the greatest extent possible, that all actions involving selection of materials, sources, suppliers, inspection and testing, and commissioning are operationally safe and secure for use by the MTA. The Contractor’s Safety and Security efforts shall be in compliance with the requirements of the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) and Federal Transit Administration (FTA) standards and guidelines. The Contractor shall establish, implement, and execute a comprehensive system to assure that all aspects of the work are safe and in conformance with the MTA’s Contract. The MTA reserves the right to perform required and/or continuous safety audits and inspections, at the MTA’s discretion, during the Contractor’s execution of the Contract. The inspections may be performed independent of and in addition to the Contractor’s system safety functions. These monitoring functions will confirm that Deliverables and Submittals conform to the Technical Specifications and MTA approved drawings and documentation. The MTA’s system safety activities will in no way waive, abrogate, replace, negate, override, or lessen the Contractor’s obligations under the Contract. Where there are differences between the specification requirements contained in this section and referenced standards and guidelines, the more restrictive shall apply. For all referenced standards and guidelines, the Contractor shall utilize the latest edition at the time of NTP. The Contractor shall designate a Safety and Security Certification Manager (SSCM) for carrying out the Contractor’s System Safety and Security Program, and to serve as a point of contact to the MTA. The Contractor’s SSCM shall also serve on the committee established by the MTA for safety and security certification. The Contractor’s System Safety and Security Program shall support the MTA’s Safety and Security Certification Program efforts and generate the following documents and analyses: A. System Safety and Security Program Plan (CDRL 8-1) – Describes the planned tasks and activities to be used by the Contractor to implement the required system safety program. B. Preliminary Hazard Analysis (CDRL 8-2) – Initial risk assessment performed by the Contractor to identify, assess, and make recommendations on the resolution of potential hazards. This analysis will form the basis for the Hazard Tracking Log. C. Hazard Tracking Log (CDRL 8-3) – Developed from inputs of the PHA, this document shall serve as the primary tool used by the Contractor and the Safety and Security Certification Committee to identify, assess and make closure recommendations during the hazard resolution process. D. Failure Modes, Effects, and Criticality Analysis (CDRL 8-4) – Performed by the Contractor to identify potential system and subsystem failure modes and their subsequent effects on the entire system.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-1 September 2015 E. Operating and Support Hazard Analysis (CDRL 8-5) – Performed by the Contractor to evaluate activities for hazards or risks introduced into the system by operational and support procedures and to evaluate their adequacy. F. Fault Tree Analyses (CDRL 8-6) – Performed qualitatively or quantitatively by the Contractor to assess undesired top-level events by systematically analyzing the order of faults for the event to occur. G. Open Items Log (CDRL 8-7) – This document shall serve as the primary tool used by the Contractor and the Safety and Security Certification Committee to capture those hazards unable to be closed prior to the system entering revenue service. H. Certifiable Element List (CDRL 8-8) – List of safety and security certifiable elements and sub-elements identified by the Contractor that will form the basis for Design Criteria and Construction Specification Conformance Checklists. I. Design Criteria and Construction Specification Conformance Checklist (CDRL 8-9) – The Contractor shall develop Specification Conformance Checklists in accordance with FTA guidelines consisting of safety and security certifiable elements, sub-elements, and items. The Signaling System subsystems such as Wayside Signal System Equipment and Car born System Equipment shall be assigned as certifiable sub-elements. The Specification Conformance Checklist shall document the Contractor’s conformance to design and construction requirements identified in the technical specification for each safety and security certifiable element and sub-element. J. Certificates of Conformance (CDRL 8-10) – Certificates prepared by the Contractor for each safety and security certifiable element to demonstrate all items in the associated conformance checklist conform to the technical specification requirements. K. Project Safety and Security Certificate (CDRL 8-11) – The Contractor shall prepare, date, and sign a Project Safety and Security Certificate once all Certificates of Conformance have been approved by the MTA. L. Safety and Security Certification Verification Report (SSCVR) (CDRL 8-12) – The Contractor shall maintain a report documenting all safety and security activities performed through any incremental, phased start-up or intermediate revenue service occurring during the life of the Project. M. Fire Hazard Analysis (CDRL 8-13) – Performed by the Contractor to assess the fire performance of Signaling System materials and assemblies in the context of actual use. N. Flammability, Smoke Emission, and Toxicity Test Matrix (CDRL 8-14) – Document submitted by the Contractor to verify that combustible materials required for testing meet the flammability and smoke emission performance criteria of NFPA-130 and the toxicity performance criteria of this specification. 8.2 SYSTEM SAFETY AND SECURITY PROGRAM PLAN (SSSPP) A. The Contractor shall submit a System Safety and Security Program Plan (SSSPP) to the MTA for review and approval (CDRL 8-1). The SSSPP shall include design, manufacturing, and quality control practices; adherence to and implementation of sound

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-2 September 2015 safety and security practices in design, manufacturing, operation and maintenance; and effective control of human factors outlined in the latest revision of MIL STD 882 at NTP. The SSSPP shall also encompass system safety and security requirements that shall apply to all systems, subsystems and assemblies, software, hardware and firmware provided under the scope of this contract and all interfaces of the Metro project line. The requirements shall apply to all suppliers and subcontractors during all phases of the work including design, manufacture, construction, installation and testing, commissioning, and pre-revenue operations of the Metro project line. The Contractor shall integrate the system safety and security elements along with the Reliability, Availability, and Maintainability requirements (as per Section 9 of this Technical Specification) in all phases of this Contract. B. With its SSSPP submission, the Contractor shall clearly define the responsibilities and functions of personnel directly associated with system safety and security. The SSSPP shall identify and formally document the authority delegated to the system safety and security organization and the relationship between that organization and all other organizational components. The SSSPP shall identify and designate a qualified Safety and Security Certification Manager (SSCM) for carrying out the Contractor’s SSSPP and to serve as a point of contact to the MTA. The SSCM shall serve on the committee established by the MTA for safety and security certification. The SSCM shall be responsible for carrying out the safety and security requirements on systems, subsystems, assemblies and interfaces contained in these Contract documents for the Metro project line, to the extent covered under the Contractor’s scope, and all their interfaces with other Metro project line system elements, subsystems, and the operating environment. Metro project line system element interfaces shall include but not be limited to: Metro Cars, hi-rail vehicles, maintenance cars, and maintenance personnel, track, grade crossings, facilities, systems, power, the general public interfacing with the yard, and the environment in which the Metro project line operates. Interface requirements shall encompass facilities, structures, systems, equipment, hardware, software, firmware, wired and wireless communications, man/machine interfaces, operations, maintenance, training, rules and procedures. C. The Contractor shall develop a System Safety and Security Program Plan (SSSPP) that defines activities, management controls, and monitoring processes to be used by the Contractor to ensure that safety and security considerations, compatible with other system requirements, are incorporated into the design of the systems. D. The SSSPP must demonstrate that the Contractor has a clear understanding of the system safety and security requirements and has an organization in place that is capable identifying safety hazards and performing analyses to verify that they have been eliminated or adequately mitigated. The Contractor’s approach to system safety and security shall minimize system risks due to hazards and vulnerabilities within the constraints of cost, schedule, design requirements, and system effectiveness. The fundamental objective of the system safety process shall be to identify, eliminate or control, and document system hazards throughout the system life cycle. The Contractor’s technical approach must analyze the safety and security signaling systems and subsystems, system interfaces, and interrelationships with such factors as facilities, communications and signaling systems, support equipment, operational procedures and environments, and maintenance programs.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-3 September 2015 8.2.1 SAFETY AND SECURITY CERTIFICATION MANAGER Responsibilities of the Contractor’s SSCM include, but are not limited to: A. Ensuring adequate Contractor resources are available to support the MTA’s requirements for system safety described in this Specification. B. Supporting the timely delivery of system safety CDRLs and deliverables. C. Interfacing with design, manufacturing, and testing personnel to verify safety performance D. Proposing design modifications and corrective actions that address safety hazards and security vulnerabilities. E. Analyzing safety performance of systems, and comparing results with contractual requirements. F. Providing technical support for safety and security issues related to design, manufacturing, testing, operations, and maintenance. G. Reporting on the status and progress of Contractor program activities during Safety and Security Certification Committee meetings. H. Attending all Safety and Security Certification Committee meetings and providing essential input to resolve safety and security critical issues. I. Ensuring attendance of other Contractor personnel to Safety and Security Certification Committee meetings to provide technical expertise on an as-needed basis. 8.2.2 SSSPP Contents The SSSPP shall be structured in accordance with the latest revision of MIL-STD-882 at the time of NTP, and shall contain the following information as a minimum: A. Section indicating that it has been reviewed, approved, and signed off by the Contractor’s Project Manager and SSCM. B. Specific information showing how the Contractor shall verify attainment of system safety and security requirements during design and test phases. C. Description of organizational relationships and personnel responsible for system safety and security. The Contractor’s SSCM shall report to or have direct access to the Contractor’s Program Manager. D. System Safety and Security program schedule indicating key milestones, tasks, and CDRL submittal dates to ensure that system safety and security activities are performed and documentation is submitted consistent with the Master Project Schedule. The schedule shall depict when safety and security analyses shall be submitted to the MTA with respect to the signaling system design, manufacturing, and test schedule. E. Procedures for the Contractor’s SSCM and other personnel as required to participate in all design reviews, review and approve design changes and drawings, and approve all safety and security-related elements of the Contract. Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-4 September 2015 F. Description of the Contractor’s process for hazard identification, analysis, elimination, or control. G. Description of the Contractor’s process for security vulnerability identification, analysis, elimination, or control. H. Description of the procedures for the reporting, recording, and resolution of hazards identified during design, construction, assembly, installation, and testing. I. Description of the Contractor’s process for supporting Safety and Security Certification of the system. This includes a description of the Contractor’s process for the development and completion of the Certifiable Element List, Design Criteria and Construction Specification Conformance Checklists, and Certificates of Conformance. J. Description of the Contractor’s process for ensuring system safety and security considerations have been incorporated into the design of interfaces between the signaling system and vehicles. K. Description of the Contractor’s process for verification and validation of Systems Integration Testing for safety and security certifiable elements. 8.3 SYSTEM SAFETY AND SECURITY ANALYSES A. The Contractor’s approach to system safety shall minimize system risks due to hazards within the constraints of cost, schedule, design requirements, and system effectiveness. A hazard is defined as “any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of a system, equipment, or property; or damage to the environment.” The fundamental objective of the system safety process shall be to identify, eliminate or control, and document system hazards throughout the system life cycle. B. Consideration must be given to systems, system interfaces, and interrelationships with such factors as facilities, support equipment, operational procedures and environments, and maintenance programs. C. The Contractor shall perform safety analyses to identify potentially hazardous conditions. Perform and document quantitative analyses as required to ensure that adequate safety consideration has been given. System safety analyses performed by the contractor shall: 1. Evaluate alternatives. 2. Evaluate and verify safety requirements of the systems, subsystems and assemblies for the systems under the scope of this contract. 3. Evaluate the operation/emergency procedures and training requirements. 4. Provide visibility of relative safety and risk within system components. D. The Contractor shall perform analyses of systems, subsystems and functions to identify potential system safety hazards in system elements, subsystems and assemblies, hardware and software and interfaces, to the extent covered under Contractor’s scope including: 1. System elements and subsystems for the complete signal system. Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-5 September 2015 2. Interfaces between each system and operating and maintenance personnel. 3. Interfaces between each system and other systems that directly interface with it. 4. Potential human errors and fault conditions arising from operations and maintenance manuals. E. The system safety process shall study the signaling system and its interfaces with the MTA’s entire system under all possible operating conditions to identify potential hazards. Safety is defined as “the freedom from personnel injury, damage to equipment, or loss of resources (especially critical resources)” and there are numerous system components that must be considered. The total system is a composite of personnel, procedures, materials, tools, equipment, facilities, and software. F. The system safety program shall ensure: 1. Safety, consistent with system operating requirements, is designed into the system in a timely, cost-effective manner. 2. Hazards are identified, evaluated, and eliminated; or the associated risk is reduced to a level acceptable to the MTA throughout the entire life cycle of a system. 3. Historical safety data, including lessons learned from other systems, are considered and used. 4. Minimum risk is sought in accepting and using new designs, materials, and production and test techniques. 5. Actions taken to eliminate hazards or reduce risk to a level acceptable to the MTA are documented. 6. Retrofit actions are minimized. 7. Changes in design, configuration, or mission requirements are accomplished in a manner that maintains a risk level acceptable to the MTA. 8. Consideration is given to safety and ease of disposal of any hazardous materials associated with the system. 9. Hazards identified after production are minimized consistent with program restraints. G. The Contractors shall employ a systematic approach to safety program management, consisting of:

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-6 September 2015 1. Defining the physical and functional characteristics of the system. 2. Identifying and documenting identified hazards. 3. Assessing identified hazards to determine severity and probability. 4. Resolving hazards by implementing corrective action or accepting the risk. 5. Following up to monitor for effectiveness of the hazard resolution effort and to monitor for unexpected results. H. The above shall be accomplished by applying the following hazard management and hazard analysis methodologies. 8.3.1 Preliminary Hazard List A. The Contractor shall develop a Preliminary Hazard List (PHL) to identify and list hazards or areas of concern related to people, procedures, equipment or facilities. The PHL shall be the initial document for the safety effort. The following hazard identification methods shall be used to identify the energy sources, hazardous operations, procedures, and potential accidents that may result in injury to personnel or damage to equipment or facilities: 1. Review the specification and design information. 2. Interview MTA personnel. 3. Review lessons learned. 4. Analyze available technical data. 5. Review requirements documents. 6. Review the Project Management Plan. B. Alone, any of these methods will identify some hazards, but a logical completion of all or a combination of these steps will result in the development of a more thorough PHL. Once the PHL is completed, it shall be used to help determine what hazards exist in the system or facility. The PHL shall provide input for the Preliminary Hazard Analysis (PHA). The PHL can be prepared in any logical format that allows the free flow of ideas. 8.3.2 Preliminary Hazard Analysis/Hazard Tracking Log A. The Preliminary Hazard Analysis (PHA) is built upon the Preliminary Hazard List; however, this analysis shall be more detailed. The PHA shall provide useful safety input for the decision- making process used in trade-off studies, design criteria, and operational goals. The PHA is a systematic method to identify, evaluate and document identified hazards and recommendations. The analysis shall include an assessment of the systems and subsystems, operations, processes, equipment, personnel, environment, and materials. The term “Preliminary” relates to the stage when the PHA is produced within the project. However, this analysis shall remain a tracking tool throughout the life cycle of the system.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-7 September 2015 B. The PHA shall identify, evaluate, and make recommendations for the elimination, control, or acceptance of hazards that could potentially cause: 1. Loss of life and/or serious injury to personnel 2. Serious damage to facilities and/or equipment resulting in large dollar loss 3. Failures with serious adverse impact on mission capability, mission operability, or public opinion 4. Detrimental harm to the environment and the surrounding community. C. The Contractor shall prepare a PHA prior to reaching the 30% design level and shall submit the PHA to the MTA for approval. The Contractor shall perform a PHA on the entire system (using the PHA Data Sheet shown in Exhibit 8-1), and shall ensure that hazards associated with the safety-critical functions of the system are eliminated or mitigated to an acceptable level. D. The following hazards shall be included in the PHA: 1. Loss of power to signaling system 2. Multiple system and component failures 3. Software errors 4. Electromagnetic interference 5. Loss of safety grounds, or other failure, that exposes persons to injurious voltages. E. The above hazards all have the potential to generate. Catastrophic events, and must comply with the highest mitigation (Risk Index 1). F. The PHA shall form the basis for the “Hazard Tracking Log” (HTL), and shall serve as the primary tool used by the Safety and Security Certification Committee to track identified hazards and their recommended closure actions during the program. The HTL, developed and maintained by the Contractor’s SSCM, shall initially be populated with the hazards identified during the PHA. All subsequent hazards identified shall be documented in the HTL. At a minimum, the HTL shall be updated monthly by the Contractor’s SSCM. The MTA may request the Contractor’s SSCM to submit an updated version of the HTL at any time during the program. The Contractor’s final submission of the HTL is subject to approval. The Contractor’s SSCM will continue to maintain and update the HTL until the document is approved. G. The potential hazards identified in the PHA, and later the HTL, shall be organized by functional area, and shall be subdivided into distinct areas of concern, types of hazards, and/or design disciplines. The following is an explanation of the various entries in Exhibit 8-1, Hazard Analysis Data Sheet. 1. Control Number - The first column of the data sheet provides the “Control Number” for that particular hazard. The control number is related to the System/Subsystem provided in the heading.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-8 September 2015 2. Hazard Description - The second column, “Hazard Description,” identifies the source that generates the hazard. This entry may also indicate the immediate cause for concern, such as a fire or explosion. 3. Causes - The third column, “Causes,” describes those items that create or significantly contribute to the existence of the hazard. This entry will usually include the major causes of the hazard, including items or conditions that increase the severity of the hazard. 4. Effects - The fourth column, “Effects,” describes the potential detrimental effects of the hazard, and analyzes the flow of energy between the source and the object that is to be protected. The data provided in this entry are used in assigning a severity to the hazard. 5. Initial S-P - The fifth column contains the initial Severity and Probability, “S-P 1,” assigned to the hazard, based on Exhibits 8-2 and 8-3. The Severity and Probability recorded here relate to the hazard prior to any mitigation measures being implemented. 6. Initial HRI - The sixth column translates the “S-P 1” into an HRI of 1, 2, 3, or 4, as explained in Section 8.3.6.3 and Exhibit 8-4. This first Hazard Risk Index (HRI-1) is assigned based on the severity and probability from S-P 1 with the assumption that no action has been taken to protect against the hazard. The HRI is used to assist management in deciding the best course of action for resolving the hazard. 7. Recommendations - The seventh column, “Recommendations,” provides recommendations, including design revisions or safety measures, to eliminate or control the hazard. If applicable, cite the required codes, standards, guidelines, and good industry practices upon which the recommendation was made. 8. Final S-P and HRI - The eighth and ninth columns reflect the revised or residual Severity and Probability, “S-P 2,” and Hazard Risk Index, “HRI-2,” after the recommendation has been addressed and the identified action has been taken to eliminate or control the hazard. It should be noted that for the S-P 2 the potential severity of the hazard is unlikely to be able to be decreased by design modifications or addition of safety measures; however, the probability of hazard occurrence can be greatly reduced, and thus, the Hazard Risk Index can be decreased. 9. Responsible - The tenth column, “Responsible,” indicates the organizational element responsible for the identified hazard. This is used to track the implementation of the hazard and its corrective action to eliminate or control the hazard to an acceptable level. 10. Status - The eleventh column, “Status,” lists whether the hazard is “OPEN,” “CLOSED,” or “ACCEPTED RISK,” and to which phase of the signaling system life cycle the hazard applies (Concept, Design, Installation, Integration and Test, Operations and Maintenance, or Disposal). The eleventh column includes an explanation of how and/or why the hazard is open or closed. The column also lists appropriate references and correspondence if applicable. In order for a hazard to be closed, appropriate written documentation with verification is required. Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-9 September 2015 Attachment C, Part 2, ATC System T-8000-1415 Section 8 – Systems Safety and Security Requirements TS 8-10 September 2015 EXHIBIT 8-1 Hazard Analysis Data Sheet

Preliminary Hazard Analysis

Project: Date: Hazard Category: Page: Prepared by:

Initial Final Control Hazard Description Causes Effects Recommendations Responsible Status Number S-P HRI S-P HRI

Attachment C, Part II, ATC System T-8000-1415 Section 8 – Safety and Security Requirements TS 8-11 September 2015 8.3.3 Failure Modes, Effects and Criticality Analyses A. The Contractor shall submit a Failure Modes, Effects and Criticality Analysis (FMECA) to assess the failure modes of the major systems and subsystems. (CDRL 8-4) The FMECA shall provide input to signaling system design and development. The FMECA shall consider: 1. Equipment failure modes 2. Software errors 3. Component failures 4. Systematic component failures 5. Interface issues B. An FMECA is a bottom up analysis tool that identifies the ways a particular component can fail. The analysis then derives the related effects and the criticality of those effects on the subsystem, system and vehicle. C. The Contractor and its suppliers shall conduct FMECAs addressing safety and reliability effects for all major systems. The FMECA shall address: 1. The safety effects of all systems or subsystems that produce or contribute to hazards with a Hazard Risk Index of 1 or 2. 2. The reliability effects of all items that produce or contribute to Reliability Category events with a Reliability Category of R1 to R5. D. Information provided in the FMECA shall include: 1. System overview including schematics 2. Complete list of system and subsystem components, interfaces, and software that will be analyzed 3. Assessment of the effects of the failure on the system (safety and reliability) 4. Determination of methods to eliminate or control the identified failure 5. Identification of single-point failures and hazard-level categorization, which should confirm the adequacy of fail-safe design features. 6. The worksheet shall include: a. Unique LRU number b. LRU identification c. LRU function d. Failure mode e. Failure effect on the subsystem

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 12 September 2015 f. Failure effect on the system g. Failure effect on the vehicle h. Criticality of the failure (safety and reliability), and failure occurrence probability i. Criticality of the failure (safety and reliability), and failure occurrence probability j. Assessment of the resulting system delay k. Immediate detection means E. The FMECA shall be updated throughout system design, development and commissioning to address safety and reliability and failure mode issues identified throughout the development lifecycle of the signaling system. F. The FMECAs developed by the Contractor and systems and subsystem suppliers shall use a standard format. The Contractor shall submit a template for the FMECA within the System Safety Program Plan for approval. G. As an element of the FMECA submittal, the Contractor shall identify to the MTA all dormant failures that have the potential to lead to a Category I or II failure. The Contractor shall provide sufficient evidence to the MTA to justify the acceptability of the dormant failures. H. The FMECA shall be considered a concurrent part of the system design process. The FMECA shall be started early in the design effort. The FMECA shall initially consider high-level functions, and shall be iteratively expanded and revised as the design progresses. As it is being developed, the FMECA shall systematically challenge the design by probing the ways the system can fail and assessing the effects of these failures. The FMECA will normally be required to be expanded down to the lowest level component of the system or subsystem under consideration. However, this will be dependent on the hazards associated with the items being analyzed. This provides continuing insights into possible design weaknesses that may warrant modification. Such modifications can then be readily implemented as a natural part of the design development cycle. I. As the system design progresses through the development phase, and design modifications are made in response to discovered needs, the FMECA shall be updated to reflect the changed design and is used in the process of evaluating and approving the changes. In addition to consideration of the effect of single failures on the safety of the system the FMECA shall be used to consider reliability effects. The FMECA produced shall be reviewed for reliability implications so the project obtains maximum benefit from a single analysis. 8.3.4 Operating and Support Hazard Analyses A. The purpose of the Operating and Support Hazard Analysis (O&SHA) is to evaluate the adequacy of procedures. The O&SHA shall examine the potential for hazards introduced by human errors. The analysis shall be applied to operating and maintenance procedures for critical systems to ensure that unwanted system effects are not caused by human errors or incorrect maintenance. The O&SHA shall be carried out in a similar fashion as the

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 13 September 2015 FMECA, except that “tasks” and “error modes” are examined instead of “functions” and “failure modes.” B. Each O&SHA shall begin with a description of the procedure selected for analysis, and a listing of all the tasks or subtasks within the procedure. Each task shall be systematically evaluated for potential errors and their effects on the subsystem and transit system. The analysis shall identify specific tasks within each procedure that are prone to critical human errors, and make recommendations for reducing or eliminating the chances of those errors. C. The Contractor shall include in the O&SHA operating and maintenance procedures for signaling subsystems found by the PHA to have a Hazard Risk Index of 1 or 2 shall be reviewed and addressed by the O&SHA. (CDRL 8-5) Analyses should be performed as early in the design process as possible so that results can have a meaningful impact on final designs. 8.3.5 Fault Tree Analyses A. A Fault Tree Analysis (FTA) is a graphical method commonly used in both reliability engineering and system safety engineering. It is a deductive qualitative or quantitative analysis tool. Once a “top level” event is identified, then the system shall be systematically analyzed listing the various sequential and parallel events or combination of faults that must occur for the top event to occur. B. After review of the PHA, the MTA will identify hazards requiring further analysis. The Contractor shall analyze these hazards using FTA unless, as determined by the MTA, another hazard resolution or control methodology is more appropriate. The results of the analysis shall be submitted to the MTA for approval. (CDRL 8-6) The FTA provides analysis of the results of multiple failures, thus it is appropriate for use on systems with redundancy or where multiple failures are required. The FTA must consider all interfacing items, which in conjunction with the analyzed system, can lead to the occurrence of the identified hazard. 8.3.6 Safety Hazard Assessment Criteria Identified hazards shall be assessed to determine severity and probability, and to recommend means for their elimination or control. 8.3.6.1 Hazard Severity Hazards do not necessarily result in mishaps. However, if a hazard does occur, it creates the potential for mishaps of certain severity. Mishap severity categories to be applied to all identified hazards are shown in Exhibit 8-2, Severity Categories are defined to provide a qualitative measure of the worst credible mishap resulting from personnel error, environmental conditions; design inadequacies; procedural deficiencies; or system, subsystem, or component failure or malfunction.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 14 September 2015 EXHIBIT 8-2 Severity Categories Description Category Severity Definition

Could result in equipment failures, human errors, severe injury, fatalities, extensive equipment, property, or environmental damage exceeding $1 million CATASTROPHIC I such that affected segments of the Administration cannot operate for an extended period.

Could result in equipment failures, human errors, serious or disabling injury, extensive, equipment, property, or environmental damage exceeding CRITICAL II $200,000 but less than $1 million, higher workload or physical distress such that the Train Operator could not be relied upon to perform safety tasks accurately or completely, or adverse effects on the traveling public.

Could result in equipment failures, human errors, non-disabling jury, MARGINAL III equipment, property, or environmental damage exceeding $10,000 but less than $200,000.

Could result in equipment failures, human errors, minor injury, equipment, NEGLIGIBLE IV property, or the environment damage exceeding $2,000 but less than $10,000.

8.3.6.2 Hazard Probability The probability that a hazard will be created during the planned life expectancy of the system can be described in potential occurrences per unit of time, events, population, items, or activity. Probability levels are generally qualitative but can be quantitative. The probability for all identified hazards shall be in accordance with the guidelines presented in Exhibit 8-3, Hazard Probability Levels.

EXHIBIT 8-3 Hazard Probability Levels Description Level Specific Individual Item Fleet or Inventory

Likely to occur frequently. MTBE* is less than 1,000 FREQUENT A Continuously experienced operating hours.

Will occur several times in the life of an item. MTBE PERIODIC B is equal to or greater than 1,000 operating hours and Will occur frequently less than 100,000 operating hours.

Likely to occur sometime in the life of the item. MTBE OCCASIONAL C is equal to or greater than 100,000 operating hours Will occur several times and less than 1,000,000 operating hours.

Unlikely,butpossibleto occurinlifeofanitem.MTBE Unlikely, but can be reasonably be REMOTE D is greater than 1,000,000 operating hours and less expected to occur and 100,000,000 operating hours.

So unlikely it can be assumed occurrence many not IMPROBABLE E be experienced. MTBE is greater than 100,000,000 Unlikely to occur, but possible operating hours.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 15 September 2015 8.3.6.3 Hazard Risk Index A. The Hazard Risk Index (HRI) Matrix defines a number derived by considering both the severity and the probability of a hazard. The HRI shall be used to prioritize resources to resolve risks due to hazards and to standardize hazard notification or response actions. The HRI values are shown in Exhibit 8-4. The HRI presents hazard analysis data in a format that provides clear, concise information to enable decisions regarding whether hazards should be eliminated, controlled, or accepted. This process provides the basis for logical management decision-making, considering both the severity and probability of a hazard. EXHIBIT 8-4 Hazard Risk Index Matrix Severity of Occurrence Probability of Occurrence Catastrophic (I) Critical (II) Marginal (III) Negligible (IV)

A Frequent 1 3 7 13

B Probable 2 5 9 16

C Occasional 4 6 11 18

D Remote 8 10 14 19

E Unlikely 12 15 17 20

B. Hazard risk assessment values are used in grouping individual hazards into hazard categories, which can then be used to generate specific action such as mandatory reporting of the most severe hazards to management for action. Exhibit 8-5 lists the hazard risk categories, their level of priority for resolution, and associated assessment values. EXHIBIT 8-5 Hazard Priority Levels Hazard Risk Assessment Priority Hazard Risk Category Hazard Risk Acceptance/Approval Level Value

1-5 1 High Administrator/OSQARM

6-9 2 Serious Director Level/OSQARM

10-17 3 Medium Director Level/OSQARM

18-20 4 Low Department Level/OSQARM

1. Priority 1 Hazards – Unacceptable – Develop new hazard controls to lower the priority to a priority 2, 3, or 4. 2. Priority 2 Hazards – Undesirable – Shall only be accepted if proven to the Administration that no reasonable alternatives can be implemented. Shall require additional safety or warning devices and procedural controls to be implemented. 3. Priority 3 Hazards – Shall be resolved using standard fail-safe engineering practices. May be acceptable with review and approval by the Administration.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 16 September 2015 4. Priority 4 Hazards – May be acceptable without review. 8.3.7 Open Items Log A. The Contractor shall generate an Open Items Log from the HTL, capturing those hazards that are unable to be resolved prior to the system entering revenue service. (CDRL 8-7) These hazards typically rely on documentation not finalized until the Contractor’s safety program is completed. Typically, such documentation is associated with maintenance and training manuals. Hazards that remain open after completion of the Contractor’s safety program must not result in unacceptable risk levels. B. The Contractor’s final submission of the Open Items Log shall be submitted to the MTA for approval. The Contractor shall continue to maintain and update the Open Items Log until the document is approved. 8.3.8 Threat and Vulnerability Assessment (TVA) A. The MTA shall conduct a TVA of the signaling system in accordance with its System Security and Emergency Preparedness Plan (SSEPP) and the guidelines presented in the latest revision of the FTA System Security and Emergency Preparedness Guide. At a minimum, the scope of the system TVA shall examine the threat impacts and security vulnerabilities associated with the following scenarios: 1. The possibility of covert tampering/ disabling of subsystems on/under rolling stock when parked at the Wabash Yard or Johns Hopkins Station, intended to create unsafe operating conditions during revenue service. 2. The possibility of covert entry by intruder into rolling stock when parked at the Wabash Storage Yard or Johns Hopkins Station, intended to cause harm to passengers during revenue service. 3. The possibility of covert entry by intruder(s) into the TC&C rooms or wayside, and tamper with signal system equipment, intended to cause harm to passengers during revenue service. B. The Contractor shall support the TVA process and provide information to the MTA demonstrating that identified security vulnerabilities have been eliminated mitigated to an acceptable level of risk. The Contractor shall be responsible for the following: 1. Designing signaling systems, subsystems, equipment and software for minimal security risk 2. Supporting the identification, analysis, and mitigation of security vulnerabilities associated with signaling systems, subsystems, equipment, and software 3. Conducting engineering studies and analysis, when necessary or as requested by the MTA, to demonstrate that identified security vulnerabilities have been eliminated or mitigated to an acceptable level of risk 4. Provide documentation to the MTA that shall serve as evidence to demonstrate the elimination or mitigation of identified security vulnerabilities.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 17 September 2015 8.4 HAZARD RESOLUTION PROCESS A. The overall goal of a system safety program is to design systems that do not contain hazards. However, the nature of most complex systems makes it impossible or impractical to design them completely hazard-free. As hazard analyses are performed, hazards will be identified that will require resolution. Risk management is a decision-making process consisting of evaluation and control of the severity and probability of a potentially hazardous event. B. By assigning an HRI, a determination can be made as to whether hazards should be eliminated, controlled, or accepted. The alternatives for eliminating the specific hazard or controlling its associated risk shall be evaluated so that an acceptable method for risk reduction can be pursued. C. It is not possible to remove all potential hazards from a transit system; therefore, a means for determining which hazards are acceptable is required. In general, the more severe the hazard, the more unlikely it should be. For the MTA’s signaling system, the following requirements have been established: 1. Hazards with an initial Hazard Risk Index of 1 or 2 shall be mitigated such that the Hazard Risk Index is reduced to HRI 3 or 4. Where it is not possible to reduce the risk to Level 3 or 4, specific detailed analysis shall be provided by the Contractor to obtain approval of the MTA. It should be noted that the MTA would normally expect the Contractor to introduce design changes to reduce the risk to an acceptable level. Items with an HRI of 1 shall not be accepted. Items with an HRI of 2 will only be accepted when it is proven to the satisfaction of the MTA that the Contractor has exhausted all reasonable alternative approaches. 8.4.1 Hazard Reduction Precedence A. The order of precedence for satisfying system safety requirements and resolving identified hazards is: 1. Design for Minimum Risk. Design to eliminate hazards. If an identified hazard cannot be eliminated, reduce the associated risk to an acceptable level, as defined by the MTA, through design selection. Defining minimum risk is not a simple matter. It is not a “cookbook” process that can be numerically developed without considerable thought. Minimum risk will vary from program to program. 2. Incorporate Safety Devices. If identified hazards cannot be eliminated or their associated risk adequately reduced through design selection, that risk shall be reduced to a level acceptable to the MTA through the use of fixed, automatic, or other protective safety design features or devices. Provisions shall be made for periodic functional checks of safety devices when applicable. 3. Provide Warning Devices. When neither design nor safety devices can effectively eliminate identified hazards or adequately reduce associated risk, devices shall be used to detect the condition and to produce an adequate warning signal to alert personnel of the hazard. Warning signals and their application shall be designed to minimize the probability of incorrect personnel reaction to the signals and shall be standardized within like types of systems.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 18 September 2015 4. Develop Procedures and Training. Where it is impractical to eliminate hazards through design selection or adequately reduce the associated risk with safety and warning devices, procedures and training shall be used. However, without a specific waiver, no warning, caution, or other form of written advisory shall be used as the only risk reduction method for a hazard with a Hazard Risk Index of 1 or 2. Procedures shall require the use of appropriate personal protective equipment. B. Precautionary notes in manuals shall be standardized. Safety critical tasks shall require certification of personnel. 8.4.2 General Safety Design Criteria A. Criteria for system design, for all equipment with safety-critical characteristics, and for operational procedures shall assure that system safety objectives are implemented throughout design development, testing, delivery, operations, and maintenance. B. The following criteria shall be incorporated as a minimum: 1. No single-point failure shall result in a hazard with a Hazard Risk Index of 1 or 2. Multiple, latent, undetected failure modes shall be considered as a single-point failure. 2. System design shall include component interlocks wherever an out-of-sequence operation can result in a hazard with a Hazard Risk Index of 1 or 2. 3. Emergency equipment for public use shall be clearly identified and accessible. 8.4.3 Fail-Safe Design Requirements A. In establishing fail-safe criteria for electronic circuitry, components shall be considered to be able to fail in either the open or shorted position. It shall be assumed that multi- terminal devices can fail with any combination of opens, shorts, or partial shorts between terminals. It shall also be assumed that any amplifier can break into spurious oscillation at any frequency. B. All safety-critical applications shall be designed to be fail-safe. The Contractor may propose equivalent methods with substantiation for approval. C. Fail-safe circuits shall be based on closed-loop principles; e.g., broken wires, damaged or dirty contacts, a relay failing to respond when energized, or a loss of power supply energy shall not result in unsafe conditions. D. Self-detecting component or system failures that adversely affect the safe operation of the train shall cause the train to stop or run at a safer, more restricted speed than that permitted with no failure. E. Component or system failures that are not self-detecting shall not cause unsafe conditions or consequences, even if they occur in conjunction with other failures. F. Any number of simultaneous component or system failures attributable to the same cause or related causes shall not cause unsafe conditions. G. Any component or wire becoming grounded or any combination of such grounds shall not cause unsafe conditions.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 19 September 2015 H. All designs, material, and equipment associated directly with speed control and the control of train movement shall be to fail-safe (vital) standards whereby any single fault, breakage, or disconnection shall result in a more restrictive condition being applied. The fault, breakage or disconnection shall be capable of being detected and rectified with such speed that there is a very low probability of a second fault occurring which, in combination with the first, may lead to a dangerous situation. I. All systems shall be designed to prevent single point failures from negating the ability of such systems to perform safely as intended. J. In regard to fail-safe design criteria for the friction brake system, the criteria specified in this section, and the following are established as guidelines: 1. Self-detecting component failures that adversely affect the safe operation of the train at normal speed profiles shall cause a “white light” condition. 2. Non-self-detecting component failures shall not cause unsafe consequences and shall not, when added to other failures, cause unsafe consequences. 3. Any number of simultaneous component failures attributable to the same cause or related causes will not cause unsafe consequences. 4. Broken wires, damaged or dirty contacts, relays failing to respond when energized, or loss of power shall not result in an unsafe condition. 5. All relays used shall be vital relays. As an alternative, the use of non-vital relays or electronic circuits will be acceptable for any application that would call for vital relays, provided that sufficient checks are incorporated to detect welded relay contacts, stuck armatures, or if the electronic circuitry meets fail-safe criteria. 6. In establishing fail-safe criteria for electronic circuitry, components shall be considered to be able to fail in either the open or shorted position. It shall be assumed that multi-terminal devices can fail with any combination of opens, shorts, or partial shorts between terminals. It shall also be assumed that any amplifier can break into spurious oscillation at any frequency. K. Access control and alarm systems shall be designed to minimize the potential for unauthorized or inadvertent changes to equipment. L. The use of microprocessors in vital circuits shall be as approved by the MTA on a case- by-case basis. M. Should an alternative for a relay or device specified for vital circuits, as defined by the AREMA Signal Manual, be proposed for a use that is an independent direct item replacement for the relay or device specified, the alternative shall be evaluated on the basis of its physical materials and construction, electrical characteristics, circuit analysis, reliability, and other technical data accompanying the submittal. The acceptance of such an alternative does will not preclude the requirement for further factory and field tests to determine that the alternate device, in actual operation, complies with the specified fail-safe criteria. Should the alternative device fail to meet the fail-safe criteria, the

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 20 September 2015 Contractor shall furnish the specified relay or device to meet the requirements for a vital circuit in the service intended at no increase in cost to the MTA. N. All equipment, circuits, material and designs shall be so designed that faults or malfunctions are self-revealing, if not in the course of normal operation then by special means. For processor-based equipment used for vital purposes, the probability of an unsafe failure of that equipment shall, as a minimum, be less than that of non-processor based vital equipment that it replaces. O. Should an alternative be proposed for a specified system, or components thereof, whose function affects the safety of train operation and because of its magnitude and integration parameters precludes absolute fail-safe engineering analysis, the MTA will require definitive factory and field tests and documentation of research and development tests, prior to granting approval of the alternative. The acceptance of such an alternative system or subsystem does not preclude the requirement for further factory tests and field tests to determine that the alternate system or subsystem, in actual operation, complies with the fail-safe criteria. Should the alternate system or subsystem fail to meet the fail-safe criteria, the Contractor shall furnish the specified system or component at no increase in cost to the MTA. P. Electronic fail-safe circuit design shall provide protection against the following types of component failures: 1. Two-terminal devices: Open, short, partial open, or partial shorts. 2. Multi-terminal devices: Any combination of opens, shorts, partial opens, or partial shorts. Q. Any amplifier breaking into spurious oscillations shall not result in an unsafe condition. R. Filters used in fail-safe circuits, except for code-rate detectors, shall be passive and shall be designed to prevent undesired signals from passing through the filter at a level that could cause unsafe conditions, even in the event of component failures within the filter. S. Fail-safe equipment proposed for this contract must be proven by in-service experience or made available for type acceptance testing. Type acceptance testing of components shall consist of bench tests on breadboard or prototype units as directed by the MTA. Type acceptance testing of systems or subsystems shall consist of bench testing of operational systems or subsystems and/or field testing of same at the discretion of and as directed by the MTA. 8.4.4 Design Safety for Human Engineering In considering system hazards during the design process, the Contractor shall take actions to satisfy the system requirements while taking account of human limitations as a design constraint. The following order of precedence shall be followed: A. Incorporation of fail-safe or vital features that will cause the system to transfer from high loss or risk mode to a lower loss or risk mode upon the occurrence of a critical failure. B. Reduction of the probability of occurrence of a failure by increased component reliability, or by provision of redundant components.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 21 September 2015 C. Use of safety devices to reduce the magnitude of the loss or risk once a hazardous mode has been entered while ensuring that the safety device does not introduce an additional hazard or system malfunction. D. Use of warning devices and systems which are an audio/visual portion of a vital system in which the human is the responder. E. Implement special operating procedures to reduce the probability of a hazardous event, including the provision of any training requirements. (The level of training shall be based on the complexity of the task and the anticipated trainee qualifications.) 8.5 SAFETY AND SECURITY CERTICATION A Safety and Security Certification Program shall be administered by the MTA for this project as required by the MTA’s System Safety Program Plan (SSPP). The MTA shall develop a project- specific Safety and Security Certification Plan (SSCP) in accordance with the FTA Handbook for Transit Safety and Security Certification, latest revision. The SSCP will describe the methodology for meeting safety and security certification requirements and shall address elements of Fire/Life Safety, System Safety, Occupational Safety, and Public Safety. 8.5.1 Certifiable Element List The Contractor shall identify project safety and security certifiable elements and sub-elements (CEL) for the project. (CDRL 8-8) The Contractor’s CEL shall be prepared in accordance with the guidelines presented in the FTA Handbook for Transit Safety and Security Certification. The CEL shall be submitted to the MTA for review and approval. 8.5.2 Design Criteria and Construction Specification Conformance Checklists A. The CEL shall for the basis for the Contractor’s development of Design Criteria and Construction Specification Conformance Checklists (Conformance Checklists). (CDRL 8- 9) The Contractor shall prepare Conformance Checklists for each safety and security certifiable element to demonstrate compliance with the technical specification requirements. Conformance Checklists shall apply to the Contractor’s project phases of design, construction, manufacture, installation, testing, and pre-revenue operations leading to use of the signaling system in revenue service. Conformance Checklists shall be submitted to the MTA for review and approval. B. Conformance Checklists shall explicitly document the traceability of safety and security- related design and construction requirements to the technical specification. Utilizing the FTA guidelines, the Contractor may develop the Conformance Checklist format to include two sections – one section to document design criteria conformance and another to document construction specification conformance of certifiable elements and sub- elements. The Contractor shall submit its Conformance Checklist template to the MTA for review and approval. Conformance Checklists shall verify the following: 1. Design Criteria Conformance – The Contractor’s design criteria conformance checklist for each certifiable element and sub-element shall be generated to document safety and security design criteria. The Contractor’s means of verification for conformance to design related safety and security certifiable sub elements and items may include, but is not

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 22 September 2015 limited to the following: Metro Signaling System Technical Specification (i.e., CDRLs), safety and security design criteria, applicable codes, and industry standards. 2. Construction Specification Conformance – The Contractor’s construction specification conformance checklist for each certifiable element and sub-element shall document that the as-built system has been manufactured in accordance with the Technical Specification. The Contractor’s means of verification for conformance to construction related safety and security certifiable sub-elements and items may include, but is not limited to the following: First Article Inspections, factory and field test procedures and test reports, factory and field inspection reports, and Contractor or Subcontractor certifications. C. Verification documentation for Design Criteria and Construction Specification Conformance Checklist shall be determined by the MTA in accordance with FTA guidelines. Supporting verification documentation will consist of, but is not limited to the documentation described in the aforementioned sections above. D. Prior to revenue service and/or prior to any incremental commissioning of the system for revenue service, and in accordance with the MTA’s SSSCP, the Contractor shall submit to the MTA the completed, signed and verified Conformance Checklists and support documentation, consisting of Specifications Conformance Checklists, and, as requested by MTA. E. The Conformance Checklists signed by the Contractor shall be supported by documented evidence of Contractor’s Traceability Matrices showing the Contactor has implemented the contract documents requirements and complied with all safety (and security) related requirements in design, analysis, testing and verification, training, and procedure development for each safety- and security-related Certifiable Item on the checklists. 8.5.3 Certificates of Conformance A. The Contractor shall prepare, date, and sign Certificates of Conformance for each certifiable sub-element and submit to the MTA for review and approval. (CDRL 8-10) Certificates of Conformance shall be signed by the Contractor’s SSCM and Project Manager and explicitly state that the Contractor has certified that all safety and security requirements for the subject certifiable elements or sub-element have been successfully met and verified. Certificates of Conformance shall not be approved until all the requirements of all safety and security certifiable elements, sub–elements, and items have been completely satisfied. Certificates of Conformance must be submitted in accordance with these requirements and approved by the MTA prior to acceptance and commissioning for revenue service. B. The Contractor shall prepare Interim Certificates of Conformance for certifiable elements or sub-elements that require incremental, phased start-up, or intermediate opening of the system. Interim Certificates of Conformance shall be dated, signed, and submitted to the MTA for review and approval in the same manner as above. 8.5.4 Project Safety and Security Certificate A. The Contractor shall prepare, date, and sign a Project Safety and Security Certificate once all Certificates of Conformance have been approved by the MTA. The Final Project Safety and Security Certificate will be issued for the completed Project, which includes activation

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 23 September 2015 of all system elements. (CDRL 8-11) The Final Project Safety and Security Certificate shall be signed by the Contractor’s SSCM and Project Manager and explicitly state that the Contractor has certified that the Project is safe and secure for revenue service and for use by passengers, patrons, employees, emergency responders, and the general public. The Project Safety and Certificate must be submitted in accordance with these requirements and approved by the MTA prior to acceptance and commissioning for revenue service. B. The Contractor shall prepare an Interim Project Safety and Security Certificate for any incremental, phased start-up, or intermediate revenue service opening of the system. The Interim Project Safety and Security Certificate shall be dated, signed, and submitted to the MTA for review and approval in the same manner as above. 8.5.5 Safety and Security Certification Verification Report (SSCVR) The Contractor shall prepare and submit Safety and Security Certification Verification Reports (SSCVR) (CDRL 8-12) documenting all safety and security activities performed through any incremental, phased start-up or intermediate revenue service occurring during the life of the Project (as per Part 1, Section 2 of this Technical Specification). The SSCVR shall be continuously updated to reflect certifiable elements proposed for certification and resubmitted to the MTA for approval prior to any activation, cutover, incremental or phased start-up, or any operation of intermediate revenue service. 8.6 SYSTEM INTEGRATION TESTING AND PRE-REVENUE OPERATION The Contractor shall integrate the system safety and security elements along with the Installation Staging and Cutover requirements (as per Section 10 of this Technical Specification) and ATC Testing requirements (as per Section 11 of this Technical Specification) in all phases of this Contract. 8.7 FLAMMABILITY, SMOKE EMISSION AND TOXICITY TESTING REQUIREMENTS 8.7.1 General All combustible materials used in the construction of the system shall meet the requirements of this section and NFPA 130 – Standard for Fixed Guideway Transit and Passenger Rail Systems, 2007 Edition, or the latest issue of that document at the time of bid. In addition, the Contractor shall conduct a fire hazard analysis of the system in accordance with the guidelines of NFPA 130 and APTA’s RP-PS-005-00 “Recommended Practice for Fire Safety Analysis of Existing Passenger Rail Equipment.” The results of the fire hazard analysis (FHA) shall be submitted to the MTA for review and approval. In the event of disapproval, the Contractor shall provide engineering support until the fire hazard analysis is approved. 8.7.2 Fire Hazard Analysis (FHA) The purpose of the FHA is to provide a reasonable understanding of the fire performance of system materials and assemblies in the context of actual use. (CDRL 8-13) All hazards identified during the FHA shall be documented in the HTL according to the particular system/subsystem in which the risk is posed and tracked until closure. The FHA shall be submitted by the Contractor to the MTA for review and approval and shall follow the steps outlined in NFPA-130. Approval of FHA shall be granted only when all identified fire hazards are eliminated, controlled, or reduced to an acceptable level of risk.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 24 September 2015 8.7.3 Material Testing Requirements and Matrix A. MTA-approved, independent laboratory test results indicating successful compliance with the flammability, smoke emission, and toxicity (FST) test procedures and performance criteria cited in this specification are required for all applicable combustible materials. Combustible materials not required to be tested per the requirements contained in NFPA-130 are outlined in Section 1.06.4. Test reports older than 3 years at the date of Notice-To-Proceed are not acceptable. The Contractor shall be responsible for complete conformance with these test procedures and performance criteria for itself and its subcontractors and suppliers. The Contractor may select any industry-accepted test method for determining the heating value and peak heat release rate material properties. B. The design of the signaling system shall minimize the total combustible material content of the system. Each combustible material required to be tested, including those requested for waiver or deviation to the Specification, shall be assigned an FST Index Number. The FST Index Number shall be included on all correspondence submitted by the Contractor regarding a specific material to the MTA in order to track materials throughout the testing and approval process. C. The Contractor shall provide an FST Matrix, which shall be submitted during detailed design review. (CDRL 8-14) The FST Matrix shall identify the following: 1. FST Index Number 2. Material Name 3. Supplier 4. Function of Material 5. Combustible Material Weight 6. Location of Material 7. Heating Value (BTU/lb or BTU/hr)

8. Peak Heat Release Rate (kW/m2) 9. Correspondence Letter Number for Submission of Test Results 10. Date of Test 11. Test Procedure 12. Test Facility 13. Test Facility Report Number 14. Test Result Values 15. Pass/Fail Summary 16. Waiver/Deviation Requested (must be accompanied by a formal Waiver/Deviation Request outlined in Section 1.06.5)

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 25 September 2015 17. Additional Comments 8.7.4 Materials Exempt from Testing Requirements A. Materials used to fabricate miscellaneous, discontinuous small parts that will not contribute materially to fire growth in end use configuration shall be exempt from flammability, smoke emission, and toxicity testing requirements. Exempt parts must be less than 16 inches2 in end use configuration and may include, but are not limited to, the following: 1. Knobs 2. Rollers 3. Fasteners 4. Clips 5. Grommets 6. Small electrical parts B. Combustible operational and safety signage shall not be required to meet FST requirements if the combustible mass of a single sign does not exceed 1.1 lb. (500g) and the cumulative area of combustible signage does not exceed one square-foot per foot of the system length. C. The Contractor shall provide the type of material used, location(s) in the system, and the quantity for exempt parts that shall be addressed in the Contractor’s fire hazard analysis. The fire hazard analysis shall address the vulnerability of these parts to ignition and contribution to flame spread. Exempt parts must not contribute to an unacceptable hazard, otherwise the Contractor shall make the necessary modifications to eliminate, control, or reduce the hazard to an acceptable level. 8.7.5 Materials Requested for Waiver or Deviation A. The Contractor may request for a waiver from material testing requirements or a deviation from the technical specification for materials and/or parts that do not meet the exemption criteria. The Contractor shall provide any previous FST test reports available for the material. The Contractor’s request for waiver shall be submitted in writing and include the following: 1. FST Index Number 2. Material Supplier 3. Material Description (trade name and specific formulation) 4. Location 5. Material Weight in Location (less any noncombustible material) 6. Reason for Waiver/Deviation Request 7. Contractor’s Justification for Waiver/Deviation

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 26 September 2015 B. The Contractor’s fire hazard analysis shall address the vulnerability of these materials and/or parts to ignition and contribution of flame spread. Materials requested for waiver must not contribute to an unacceptable hazard, otherwise the Contractor shall make the necessary modification to eliminate the hazard or reduce the hazard to an acceptable level. 8.7.6 Flammability and Smoke Emission Test Procedures and Performance Criteria Materials used in the system shall be tested to demonstrate compliance with the requirements of this section. The Contractor shall follow the test procedures and meet the performance criteria for flammability and smoke emission testing for the signaling system found in NFPA-130. 8.7.7 Toxicity Test Procedures and Performance Criteria A. Materials and products that have highly toxic products of combustion shall not be used. Combustible materials, except those identified as exempt in Section 8.7.4 of this Specification, shall be tested for toxicity using Boeing Specification Support Standard BSS-7239.Materials shall meet the following maximum toxic gas release limits (ppm) given in Exhibit 8-6 as determined per BSS-7239.

EXHIBIT 8-6 Toxicity Test Procedures and Performance Criteria for Passenger System Material Fire Risk Assessment

Toxic Gas Test Procedure Release Limit (ppm)

Carbon Monoxide (CO) BSS-7239 2,500

Hydrogen Fluoride (HF) BSS-7239 150

Nitrogen Dioxide (NO2) BSS-7239 100

Hydrogen Chloride (HCL) BSS-7239 300

Hydrogen Cyanide (HCN) BSS-7239 100

Sulfur Dioxide (SO2) BSS-7239 100

B. The tests shall be run in the flaming mode after 240 seconds using the NBS Smoke Density Chamber for sample combustion. The gas sampling may be conducted during the smoke density test. The test report shall indicate the maximum concentration (ppm) for each of the above gases at the specified sampling time. 8.7.8 Electrical Fire Safety Except when otherwise approved or where more restrictive requirements are imposed by this Specification, electrical equipment shall conform to the electrical fire safety for the system section of NFPA 130 (latest edition). 8.8 DESIGN COORDINATION A. Closely coordinate the SSSPP and results of system safety and security analyses with design disciplines, particularly as the results affect design and hardware development.

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 27 September 2015 Make recommendations for redesign or modifications to ensure compliance with specified requirements including, as required, installation of test points and built-in test capabilities, installation of in-service status display indicators to facilitate fault isolation and test, utilization of high reliability parts with easy accessibility and quick disconnect connectors, use of mechanical keying to reduce errors during installation, security protection measures, tamper-proof design, and system “hardening” to reduce security risk, etc. B. All system safety and security plans, analyses, logs/list, certificates and reports shall be completed and submitted to the MTA for review by the project Design Review Submittal Milestone as referenced in section 8.10 (Referenced CDRLS). 8.9 RECORDS MANAGEMENT Contractor shall maintain documentation of system Safety and security assurance throughout the design, and make it available for examination by the MTA. 8.10 REFERENCED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications.

Design Review Submittal Milestone

CDRL No. CDRL Title CDR PDR FDR Post FDR Prior to Service

8-1 System Safety and Security Program Plan X X

8-2 Preliminary Hazard Analysis XXX

8-3 Hazard Tracking Log XX

8-4 Failure Mode, Effects and Criticality Analysis XX

8-5 Operating and Support Hazard Analyses XX

8-6 Failure Tree Analyses XX

8-7 Open Items Log XXX

8-8 Certifiable Element List XX

Design Criteria and Construction Specification Conformance 8-9 XXX Checklist

8-10 Certificate of Conformance X

8-11 Project Safety and Security Certificate X

8-12 Safety and Security Certification Verification Report (SSCVR) X

8-13 Fire Hazard Analysis XX

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 28 September 2015 8-14 Flammability, Smoke Emission, and Toxicity Matrix XX 8.11 REFERENCED STANDARDS The following standards are referenced in this section: A. APTA - Manual for the Development of Rail Transit System Safety Program Plans B. APTA RP-PS-005-00 - Recommended Practice for Fire Safety Analysis of Existing Passenger Rail Equipment C. ASTM-C-1166 - Standard Test Method for Flame Propagation of Dense and Cellular Elastomeric Gaskets and Accessories D. ASTM D2724 - Standard Test Methods for Bonded, Fused, and Laminated Apparel Fabrics E. ASTM D3574 - Standard Test Methods for Flexible Cellular Materials Made from Olefin Polymers F. ASTM D3675 - Standard Test Method for Surface Flammability of Flexible Cellular Materials Using a Radiant Heat Energy Source G. ASTM E119 - Standard Test Methods for Fire Tests of Building Construction and Materials H. ASTM E162 - Standard Test Method for Surface Flammability of Materials Using a Radiant Heat Energy Source I. ASTM E662 - Standard Test Method for Specific Optical Density of Smoke Generated by Solid J. BSS-7239 - Boeing Specification Standard K. FAR 25.853 - Federal Aviation Regulations Flammability Requirements for Aircraft Seat Cushions L. FTA - Handbook for Transit Safety and Security Certification M. FTA - Hazard Analysis Guidelines for Transit Projects N. FTA - Safety and Security Management Guidance for Major Capital Project (FTA C 5800.1) O. MIL-STD 882 - System Safety Program Plan Requirements P. MIL-STD 2155 - Failure Reporting Analysis and Corrective Action Q. NFPA 130 - Standard for Fixed Guideway Transit and Passenger Rail Systems

Attachment C, Part 2, ATC System T-8000-1415 Section 8 – System Safety and Security Requirements TS 8 - 29 September 2015 SECTION 9 RELIABILITY, AVAILABILITY, AND MAINTAINABILITY REQUIREMENTS

Contents 9.1 GENERAL...... 9-1

9.2 CODES AND STANDARDS...... 9-1

9.3 RELIABILITY REQUIREMENTS...... 9-1

9.3.1 RELIABILITY CRITERIA...... 9-1

9.4 SUBSYSTEM AND EQUIPMENT REQUIREMENTS ...... 9-2

9.5 AVAILABILITY REQUIREMENTS ...... 9-2

9.6 MAINTAINABILITY REQUIREMENTS...... 9-3

9.6.1 MEAN TIME TO REPAIR...... 9-4

9.6.2 MODULAR DESIGN...... 9-4

9.6.3 INTERCHANGEABILITY...... 9-4

9.6.4 ACCESSIBILITY...... 9-4

9.6.5 PREVENTIVE MAINTENANCE...... 9-5

9.6.6 SOFTWARE MAINTAINABILITY REQUIREMENTS...... 9-5

9.7 REQUIRED CDRLS...... 9-5

Attachment C, Part II, ATC System T-8000-1415 Section 9 – Reliability, Availability, and Maintainability Requirements TS 9-i September 2015 SECTION 9 RELIABILITY, AVAILABILITY, AND MAINTAINABILITY REQUIREMENTS

9.1 GENERAL This Section provides the requirements for the ATC system for Reliability, Availability, and Maintainability. 9.2 CODES AND STANDARDS A. MIL-HDBK 217F, Reliability Prediction of Electronic Equipment B. EN 50126: 1999, Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) C. MIL-STD 785B, Reliability Program for Systems and Equipment Development and Production. 9.3 RELIABILITY REQUIREMENTS A. Reliability shall be measured based upon both functional failures of the ATC system, and relevant hardware failures of the ATC system equipment. A functional failure occurs when an item of equipment ceases to perform its intended function. B. Each set of ATC system equipment furnished shall be designed for maximum reliability in the intended environment. Reliability of each set of ATC system equipment shall be measured based upon Relevant Failures of a given set. Mean Time Between Failures (MTBF) of a set shall be calculated in conformance with applicable sections of MIL-HDBK-217. C. Certified field failure data shall be used to establish predicted failure rates. In the absence of certified field failure data, the Contractor shall submit a reliability prediction that quantitatively demonstrates that the MTBF and Mean Time Between Functional Failures (MTBFF) as defined in this Section shall be achieved. The reliability prediction for carborne system equipment shall use the MIL-HDBK-217 part stress method for the “ground mobile” environment, and the “ground fixed” environment for all other ATC equipment. The Contractor shall submit a Reliability Calculation for approval by the MTA. 9.3.1 Reliability Criteria A. Components and materials shall be selected, and appropriate standards of quality control and test procedures shall be employed, to ensure the lowest practical hardware failure rates for individual items of ATC system equipment (i.e., maximize the ATC system MTBF). At a minimum, all components shall be screened to the latest version of MIL-STD-883, or an approved equivalent. Components shall have conservative de-ratings and margins between actual operating conditions and manufacturer’s specifications. Exceptions may be made for widely used, off-the-shelf service equipment that has demonstrated failure histories, subject to approval by the MTA.

Attachment C, Part 2, ATC System T-8000-1415 Section 9 – Reliability, Availability, and Maintainability Requirements TS 9-1 September 2015 B. Appropriate levels of equipment redundancy shall be employed such that the failure of a single component, processor, or device will not render the ATC system unavailable, a train inoperable for service, or an operationally critical function non-operative (i.e., maximize the ATC system MTBFF). 9.4 SUBSYSTEM AND EQUIPMENT REQUIREMENTS Below are the MTBF and MTBFF requirements for ATC system equipment defined in hours and miles. A. Carborne System Equipment. The Train set (4-car and 6-car) of carborne CBTC system equipment (which includes processors, antennas, speed sensors, position detection equipment, displays, power supplies, and interface equipment) shall have an MDBFF of no less than 250,000 miles. Each married pair equipment unit shall have an MDBF of no less than 150,000 miles. B. Zone Controller System Equipment. Each CBTC zone controller shall have an MTBFF of no less than 100,000 hours. Zone controller unit shall have a MTBF of no less than 10,000 hours. C. Solid State Interlocking. Each Solid State Interlocking set of equipment shall have an MTBFF of no less than 100,000 hours. Each SSI unit shall have a MTBF of no less than 10,000 hours. D. Data Communication System Equipment. Data communication system and communication equipment between the train and wayside shall have an MTBFF of no less than 1,000,000 hours. The wayside DCS equipment shall have an MTBF of no less than 50,000 hours. E. Control Center Equipment. The Control Center equipment of the ATS, including duplicate equipment located at the back-up Control Center shall have a MTBFF of no less than 50,000 hours. Each control center equipment unit shall meet the following reliability requirements: 1. The ATS servers (including redundancy) shall have a MTBF of no less than 15,000 hours. 2. Each ATS workstation (including its monitor screen) shall have a MTBF of no less than 10,000 hours. 9.5 AVAILABILITY REQUIREMENTS A. The availability criteria for the ATC system shall be specified in terms of the system’s contribution to the desired on-time performance of the Metro system and shall include functional failures, as well as the time to restore service. The ATC system shall incorporate degraded modes of operation to minimize the operational impacts of equipment failures and to permit train movements to continue safely (i.e., maximize system availability). B. The ATC system availability criteria shall take into account the delays experienced by passengers. C. The ATC system availability criteria shall also consider other than functional failure types, to the extent that such failures impact fleet availability. For example, even if a carborne system equipment failure does not immediately impact the on-time performance, it may subsequently result in missed revenue service trips if the failure repair time results in the train being unavailable for service. D. Measurements of system availability, system MTBFF, and system MTBF predictions shall consider only hardware failures. Attachment C, Part 2, ATC System T-8000-1415 Section 9 – Reliability, Availability, and Maintainability Requirements TS 9-2 September 2015 E. The system availability is defined as the probability that a system is capable of operating at a random point in time. Availability depends upon MTBFF, MTTR, and Mean Repair Travel Time (MRTT), and can be expressed as follows: A(s) = MTBFF/(MTBFF + MTTR + MRTT)

F. The MTBFF for the CBTC system is specified earlier in this section. The MTTR and MRTT depend on the subsystem and on the location to be reached by the maintenance staff. G. The MRTT for the field locations (wayside, data communication, rooms) shall be defined for this Contract as 30 minutes. H. For the carborne system, a total time of 90 minutes will be assumed for the calculation of the availability (this includes both the MTTR and MRTT). I. All the MTTR used for the availability calculation shall be as specified in this Section 9, except for the carborne system equipment as explained above. J. The ATC system, excluding the field equipment (track-circuits, switches, signals and trip stops), shall have a total availability of no less than 99.85 percent for the entire MTA Metro system. This includes all vital and non-vital processors and field input modules. K. The Contractor shall submit an Availability Analysis, which quantitatively demonstrates that the availability requirements as defined in this Section shall be achieved. The analysis shall be based upon an availability block diagram, and shall state the MTBF and MTTR of all CBTC system components down to the Lowest Level Replaceable Unit (LLRU). The analysis report shall describe the historical, statistical, and experimental basis for the analysis. All assumptions shall contain the level of training of maintenance personnel, availability of parts, and preventative maintenance for each device. 9.6 MAINTAINABILITY REQUIREMENTS A. The ATC system shall be designed to minimize required maintenance (both preventative and corrective) by maximizing the ATC system MTBF and by including features that provide for ease of maintenance by MTA Metro staff. B. No wayside ATC system equipment shall be required to be reset more often than once per year. No carborne equipment shall be required to be reset. C. Any failed ATC system equipment shall restart automatically. If redundancy of supplied equipment requires switchover between redundant units on a periodic basis, such switchovers shall be automated, as is the case with the carborne set of CBTC equipment. D. Achievable repair times shall be driven by equipment diagnostic provisions and Contractor- supplied test equipment, as well as the quality of the maintenance manuals and training. The ATC system shall, therefore, include maintenance and diagnostic capabilities to detect and react to equipment failures. This shall include remote diagnostics capabilities, and other fault displays for troubleshooting, and the timely identification of failed components and functions. The contractor shall submit a Maintainability Analysis for approval by the MTA.

Attachment C, Part 2, ATC System T-8000-1415 Section 9 – Reliability, Availability, and Maintainability Requirements TS 9-3 September 2015 9.6.1 Mean Time to Repair A. The Mean Time to Repair (MTTR) of a failed piece of in-service ATC system equipment on the wayside (rooms or trackside first-level repair) shall be no greater than 30 minutes. This time shall include onsite diagnostics, the replacement of the failed components, and the testing of the repaired units, subsystems, or systems, but shall exclude travel time to the site and logistic time to acquire the replacement. B. The MTTR of a failed piece of in-service carborne equipment installed within the car shall be no greater than 30 minutes. The MTTR of carborne equipment installed either on the axle or car body shall be no greater than 60 minutes. 9.6.2 Modular Design A. Components of subassemblies requiring removal for preventive maintenance or occasional corrective maintenance shall be plug-in units. Units weighing more than 15 pounds shall have effective handling devices. Items over 50 pounds shall be supplied with adequate lifting tools and have provisions for one-person removal and replacement. Modular design of replaceable assemblies shall augment fault isolation and post-replacement test procedures. B. Modular design concepts shall be used as follows: 1. Components and assemblies shall be mounted within appropriate equipment cabinets with standard 19-inch width. Cabinets shall not be forced-air ventilated. 2. Electrical and mechanical components shall be organized in rack-mounted plug-in assemblies. 3. The mixing of equipment associated with more than one sub-system in a single plug-in assembly shall be avoided; 4. Equipment serving similar functions shall be in the same relative position on all racks, with similar packaging techniques to be used wherever practical for equipment of similar type and function. 5. All printed circuit boards, relays, connectors, plug-in assemblies, and similar items shall be designed to incorporate mechanical and/or electrical keying to prevent improper insertion or operation either accidental or deliberate. C. All Commercially Off The Shelf (COTS) products, with self-diagnostic or embedded diagnostic capability, shall include a full description of the diagnostics as provided in the maintenance manuals. D. Built-in test points, indicating lamps, and LEDs shall be provided on applicable hardware equipment. Failure indicators shall also be provided, where applicable. 9.6.3 Interchangeability All CBTC system carborne, wayside components, subassemblies, and assemblies that perform or are able to perform identical functions shall be fully interchangeable. 9.6.4 Accessibility A. Accessibility of items shall be designed for effective preventive and corrective maintenance. Test points and indicators shall be provided, whenever required, for effective maintenance.

Attachment C, Part 2, ATC System T-8000-1415 Section 9 – Reliability, Availability, and Maintainability Requirements TS 9-4 September 2015 B. Removal and replacement of LRUs except data communications antennas and axle-mounted equipment shall be achievable within 5 minutes, excluding time to diagnose the fault. Removal and replacement time shall be consistent with the overall system availability goals and requirements. C. Panels and other access points shall be located for ease of maintenance. Fasteners shall be captive. Special tools shall not be required unless necessary to prevent vandalism. 9.6.5 Preventive Maintenance A. All systems and components serviced, as part of periodic preventive maintenance, shall be readily accessible for service and inspection. It shall be unnecessary to physically remove or move components unrelated to the specific maintenance and/or repair tasks involved. A preventative-maintenance checklist shall be provided in the maintainer’s manual defining the Original Equipment Manufacturer (OEM) recommendations. B. Preventive maintenance except for carborne equipment, for each LRU of the ATC system equipment shall not be required more often than one time per year. Carborne equipment shall not require preventive maintenance more often than one time every 90 days. C. The Contractor shall list each item of ATC system that requires periodic maintenance and for each item identify the general procedures to be performed and the minimum time interval at which the maintenance must be performed. 9.6.6 Software Maintainability Requirements New releases and/or versions of the installed base of software shall be capable of being applied by MTA Metro personnel with minimal, if any, support from the manufacturer or supplier of the software. User-configurable parameters shall be capable of being applied by MTA Metro personnel with no support required from the manufacturer or supplier of the software. In addition, the changes shall be applied without a system restart. Such parameters shall be kept in initialization files or registry. 9.7 REQUIRED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service

9-1 Reliability Calculation XP XF

9-2 Availability Analysis XP XF

9-3 Maintainability Analysis X ATC Equipment List Requiring Periodic 9-4 X Maintenance P = Preliminary version, F = Final update

Attachment C, Part 2, ATC System T-8000-1415 Section 9 – Reliability, Availability, and Maintainability Requirements TS 9-5 September 2015 SECTION 10 INSTALLATION CUTOVER AND CONSTRUCTION REQUIREMENTS

Contents

10.1 GENERAL...... 10-1

10.2 SCOPE OF WORK...... 10-1

10.3 INSTALLATION SEQUENCE AND CUTOVER...... 10-1

10.3.1 BASELINE CUTOVER APPROACH...... 10-2

10.3.2 INSTALLATION STAGING AND CUTOVER PLAN ...... 10-2

10.4 SITE-SPECIFIC INSTALLATION PLANNING AND DESIGN...... 10-3

10.4.1 SITE-SPECIFIC INSTALLATION PLANNING AND DESIGN ...... 10-3

10.4.2 INSTALLATION PROCEDURES ...... 10-4

10.5 CONSTRUCTION MANAGEMENT ...... 10-4

10.6 MTA CONSTRAINTS...... 10-5

10.7 REQUIRED CDRLS...... 10-7

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-i September 2015 SECTION 10 INSTALLATION CUTOVER AND CONSTRUCTION REQUIREMENTS

10.1 GENERAL This Section defines requirements for Installation, Cutover and Construction of the Complete ATC System (wayside, car-borne, ATS, DCS, SSI and AWS) by the Contractor, and the constraints that need to be taken into account for planning how the new system will be cut over into service. The Contractor shall be responsible for developing and executing a comprehensive program plan for design, installation, testing and cutover of the entire ATC System. ATC System implementation planning shall be closely coordinated with the Rolling Stock project in order to satisfy critical program objectives: A. Introduction of the new ATC System and the new rolling stock shall be done in such a way as to minimize the overall impact on ongoing Metro revenue service operation. B. Implementation and cutover planning for the SSI shall minimize the amount of temporary work or re-work. C. Introduction of the new ATC System shall be planned and coordinated to support the testing and fleet introduction of new CBTC-equipped vehicles. D. In cases where the installation and cutover approach requires an interim operating mode – the Contractor shall provide all necessary training for MTA Operations and Maintenance Staff in order to allow Metro operations to continue safely and seamlessly. 10.2 SCOPE OF WORK The Contractor shall: A. Install all AWS, SSI, CBTC, and ATS equipment in accordance with an approved Staging and Cutover plan B. Install all Carborne CBTC equipment on the new fleet C. Install and then subsequently remove all temporary equipment for supporting the cutover staging. D. Provide documentation, training and maintenance for all interim, temporary rail operations to support the phased cutover 10.3 INSTALLATION SEQUENCE AND CUTOVER The MTA has established a baseline Installation Staging and Cutover approach for ATC System consistent with the overall program objectives stated above. The Contractor may propose an alternative approach, subject to MTA approval.

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-1 September 2015 10.3.1 Baseline Cutover Approach The baseline approach to the program is based on the following concept: A. The ATC System elements are to be first installed as an overlay to the existing cab-signal system so that MTA may continue to operate the existing railcar fleet, without modification, while the new ATC System is installed. B. With the new CBTC-based ATC System overlay in place, the Contractor will test, demonstrate and safety-certify CBTC operation with new, CBTC-equipped rolling stock. C. The initial implementation of the CBTC-based ATC system will allow new CBCT-equipped rolling stock (with no cab signaling equipment) to operate safely in revenue service while existing rolling stock continues to operate using the existing cab signal system. D. As additional new CBTC-equipped rolling stock is introduced into service, a corresponding number of existing rolling stock will be removed from service until the fleet has been changed out for all-new rolling stock. E. Once all existing cab signal-based rolling stock have been retired from service, the existing wayside cab signal equipment can be removed, and the system will be converted to the final configuration of the new ATC System. The details and phasing of this baseline concept are described below. 10.3.2 Installation Staging and Cutover Plan The MTA will allow flexibility regarding the track limits for each cutover stage, but the intent is to cutover the outdoor non-revenue service portions of the Metro first, and subsequently the revenue service tracks. The MTA has devised a preferred program concept for the incremental implementation. A. The Contractor shall submit an Installation Staging & Cutover Plan (CDRL) after taking into account this baseline staging plan, the overall project schedule, the constraints of the operating Metro system and targeting minimal disruption to existing passenger service. B. The Installation Staging & Cutover Plan shall include the cutovers planned for the entire project line; separate cutover stages shall require a specific Installation Procedure C. The major cutover phases preferred by the MTA are as follows: 1. Phase 1: Install and commission the DCS for the entire project line to provide the wayside and radio network backbone for the new ATC System. This can be done in sequence covering Yard, Section B, Section A and Section C. 2. Phase 2: Replace existing interlockings with SSI following the sequence of the wayside DCS deployment. Remove existing relay racks and prepare space requirements for future CBTC room equipment. Install new interlocking track circuits, interfaces with switch machines, signals and associated cabling. New SSI systems will interface with existing track circuits to continue to provide cab signal codes and train detection. Interface with the existing AIM system at OCC through the new DCS or existing connectivity. Continue revenue operation with existing fleet. 3. Phase 3A: Install and commission the ATS back-up system at Wabash utilizing the DCS

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-2 September 2015 to interface with the new SSI systems. Disconnect existing AIM system from the Wabash site. 4. Phase 3B: Install and commission primary ATS system at OCC utilizing the DCS to interface with the SSI and external systems. Remove existing AIM. 5. Phase 4: Install and commission CBTC wayside and room equipment in the sequence as below: a. Segment 1: Designated Test Track in Yard and Yard limits; commence equipping of trains. b. Segment 2: Owings Mill to Old Court (Section B); c. Segment 3: Old Court to Reisterstown Plaza (Section B); d. Segment 4: Reisterstown Plaza to Portal (Section A); e. Segment 5: Portal to Charles Center (Section A) f. Segment 5: Charles Center to Johns Hopkins (Section C). 6. Phase 5: Complete installation and dynamic testing of all new car equipment commencing from Phase 4 above and introduce into service on an incremental basis; decommission existing cars incrementally. 7. Phase 6: Remove AF track circuits in each section between interlockings. D. The Installation Staging & Cutover Plan shall, at a minimum, describe integration of wayside systems, car-borne systems, DCS and ATS for each phase. Details of minor or temporary tie-ins within each major cutover phase such as field work, DCS connectivity, tie- ins, etc. shall also be described. E. The Installation Staging & Cutover Plan shall include an estimate of the time required to install the new ATC System, including shutdowns, locations of shutdowns, and any nights/weekends. F. The Installation Staging & Cutover Plan shall be reviewed and updated to reflect lessons learned at the end of each cutover as necessary. 10.4 SITE-SPECIFIC INSTALLATION PLANNING AND DESIGN The Contractor shall develop detailed installation plans and designs in order to ensure that all site activities are conducted as efficiently as possible, with a minimum of rework. The Contractor shall coordinate with the MTA the shipping, receiving, unloading, storing, installation, and securing all equipment and facilities required for installation of equipment for each phase. 10.4.1 Site-Specific Installation Planning and Design The Contractor shall develop site-specific installation plans and designs to support the implementation of the Installation Staging and Cutover Plan. A. The Contractor shall conduct a survey of the Relay rooms, wayside tracks to assess the availability of any required temporary space and shall submit the proposed locations, support requirements such as power and utility requirements as part of each site-specific installation plan, for Approval by the MTA (CDRL). The approved temporary spaces Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-3 September 2015 identified shall be used to assist to stage any equipment required for assisting in the cutover from the existing signal system to the new ATC System. If additional space or flexibility is required, the Contractor may perform temporary moves/ sub stages involving existing signal equipment on a case-by-case basis. All temporary moves shall be subject to the Approval of the MTA. B. Attachment methods to tunnel surfaces, any part of the alignment shall adhere to MTA Construction Standards governing attaching items. Existing cables may be used for temporary cabling only subject to MTA approval based on the submission of a documented approach/ plan for use, and eventual removal within the duration of the project. C. Methods for transitioning from existing interlocking control to SSI control in phases shall be included in the installation plans and submitted for Approval by the MTA. In the final installation/ configuration, all of the intermediate/ temporary wiring, temporary equipment such as switches, relays, and terminations shall be removed. D. It shall be the Contractor’s responsibility to perform all quality control and/or revenue service tests on the car-borne system equipment prior to commissioning the trains into revenue service. 10.4.2 Installation Procedures The Contractor shall provide an Installation Procedure for each cutover phase (CDRL) at least 60 days prior to commencing any field installation work in a particular section of the alignment. The Contractor’s Installation procedure shall be achievable within the constraints imposed by the operating requirements of the Metro system as provided in this Specification and shall be structured to maintain the current level of passenger service. The Installation Procedure shall include, at a minimum, the following elements: A. Site specific details for equipment installation/mounting and layout arrangement drawings for all CBTC/ AWS/SSI wayside equipment (indoor and outdoor) including (at a minimum) microprocessor based vital, non-vital processors, DCS equipment, power equipment, interface equipment, racks, cabinets, tags/transponders, etc. B. A list of the existing signal system equipment to be removed C. A narrative of the safeguards and procedures used to ensure safety during construction and installation during the entire installation and testing process D. The amount of resources to be applied to each construction and installation activity E. A description of the Contractor’s installation personnel, and the level-of-effort and responsibilities required of the MTA during these activities 10.5 CONSTRUCTION MANAGEMENT The construction and installation of the ATC System shall be carried out in a safe manner at all times, whether part installed or part constructed. All hazards shall be adequately mitigated. The Contractor shall meet the following requirements: A. Any installation or construction which affects existing train operations shall be done during the hours agreed upon during the track access meetings. The installation or construction must be completed in sufficient time to allow adequate inspection, testing of the work

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-4 September 2015 performed at site prior to normal train service. It shall be the Contractor’s responsibility to supply sufficient personnel and resources to ensure restoration of scheduled service within the allotted time. It shall be the Contractor’s responsibility to ensure that the Metro system is in a fully operational state at the end of each shift. B. The Contractor shall adequately staff on a 24/7 basis if required during site activity utilizing track access to ensure coordination and proper supervision of its activities including subcontractors. A field representative shall be assigned whose responsibility will be to plan, coordinate and interface all field activities with MTA’s field representative and operations staff. C. The Contractor shall be responsible for furnishing all required personal protective equipment, and radios for communication during installation, testing activities at site for their staff. D. The Contractor shall coordinate with MTA ahead of time and arrange for power for any and all tools required during installation, testing and commissioning phases. E. All Contractor site personnel shall require track safety training and shall be authorized for track access by the MTA. F. The Contractor may be allowed to construct and install the ATC System equipment in designated TC&C locations during non-rush hour revenue service operation, governed under MTA work procedures and policies and as approved by the MTA. However, work on and in the immediate vicinity of operating circuits shall not be permitted. For work during revenue service, the Contractor personnel shall be technicians approved by the MTA for performing in a working environment with specific experience in vital circuits. No work on and around in-service equipment shall be permitted from 5:00 AM to 9:30 AM and 2:30 PM to 7:00 PM in TC&C rooms. Access is limited in the in-service equipment rooms during these peak periods. 10.6 MTA CONSTRAINTS The Contractor shall take into account the existing MTA constraints and guidelines as below under which all work under this Contract is to be performed: A. Due to MTA resource constraints, and revenue service obligations, a maximum of 15 major cutover stages shall be allowed to cutover the new ATC System across the entire project and vehicle fleet. It is estimated that a cutover for a section would be planned to occur over two weekends (depending on the size and complexity), and would be performed approximately within the duration of a month. B. Forty (40) long weekend single tracking work blocks per calendar year will be available. A long weekend work block starts at 2000 h Fridays and ends at 0400 h Mondays. Contractor work shall be scheduled to be continuous during the work block time period. C. A single weekday single tracking work block per week will be available on Thursdays from 2000 h to 0400 h Fridays. D. Work blocks of time will be available for other days from 0100 h to 0400 h as approved by the MTA.

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-5 September 2015 E. Work at an area of the Right of Way that requires crossing or obstructing tracks within 10 feet of right-of-way, or in any way interferes with or interrupts MTA train operations, will require work limits be established. F. Access to operating portions of MTA is granted at weekly track allocation meetings as long as access requests to primary (first choice) and secondary (second choice) locations were made in writing at least 2 weeks prior to the track allocation meeting. G. The Contractor’s request for access for certain locations may not be granted by the MTA at all times due to other contracts or to MTA maintenance requirements. The requests for MTA resources such as Work Trains, train crews, operators, Flagmen/Watchmen, Power personnel, etc. shall be made in writing, with at least 2 weeks prior to track allocation meeting, to the MTA. H. Access to railcars, maintenance shops, shop labor, etc., shall be coordinated with and approved by the MTA. I. The availability of work trains is limited. Work trains will be available for Contractor’s use. Dispatch of a work train shall count as one shift. One shift shall last up to 6 hours and includes travel to and from the Work site. MTA will operate at no cost to the Contractor. The work train can be used for transporting Contractor’s personnel and for transporting material and equipment. Each work train will be operated by a MTA Train Engineer/ Operator. J. A MTA employee’s (excluding train crews) work shift consists of 8 consecutive hours. The shift includes a 30-minute lunch period and any travel time to the Work location. A shift shall not be split. K. The MTA will assume responsibility for the final termination of the interface with existing signal equipment. Any wiring up to, but not including the final termination shall be performed by the Contractor. The voltages, frequencies, and polarities should match when interfacing to existing MTA equipment. L. A representative of the MTA must escort/ or be present with any Contractor personnel on MTA property at all times. This representative is responsible for communicating with the OCC. Separate representatives are required when work is being performed at different locations. MTA will make its best efforts to provide a reasonable number of representatives. M. MTA will delegate personnel to support each cutover phase of the system at no cost to the Contractor. During the week of the cutovers and any extended weekend shutdowns, the Contractor shall include the number of MTA personnel required to support the cutover in the Installation Procedure. N. Additional support in the form of MTA personnel, work trains and railcars can be supplemented depending on the nature of the task when the request is made in advance. O. All MTA passenger vehicles are equipped with trip stop equipment such that it is governed by the existing signal equipment. P. MTA Traction Power services to shut-off or turn-on traction power through proper request or other utility or service to support Contractor’s test and installation activities, may be made available, when the request is made in advance.

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-6 September 2015 Q. MTA will provide an operator for any MOW equipment to support the Contractor’s test and installation activities for a 6-hour shift per pilot within the track allocation rights of the Contractor. The requests for operators shall be made in writing, with 2 weeks’ notice, to the MTA.

R. There are thirteen (13) days per year where special events in the city will prohibit any service disruption or alteration. Certain Contractor work may also be prohibited as determined by the MTA to be intrusive. The dates of these events will be shared with the Contractor as soon as they are known. 10.7 REQUIRED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title Post FDR Prior to No. CDR PDR FDR Service 10-1 Installation Staging & Cutover Plan XXX

10-2 Site-Specific Installation Plans X 60 days 10-3 Installation Procedures (for each phase) prior to cutover

Attachment C, Part 2, ATC System T-8000-1415 Section 10 – Installation Cutover and Construction Requirements TS 10-7 September 2015 SECTION 11 ATC TESTING

Contents 11.1 GENERAL...... 11-1

11.2 SCOPE OF WORK...... 11-1

11.3 CODES AND STANDARDS...... 11-1

11.4 INSPECTION AND TEST PLAN...... 11-1

11.4.1 SYSTEM TEST PLAN...... 11-2

11.4.2 MAINTAINABILITY INSPECTION AND TEST PLAN...... 11-2

11.4.3 FIRST ARTICLE INSPECTION PLAN...... 11-3

11.4.4 FACTORY TEST PLAN...... 11-3

11.4.5 POST INSTALLATION CHECK-OUT (PICO) PLAN ...... 11-4

11.4.6 FIELD TEST PLAN...... 11-4

11.4.7 CUTOVER TEST PLAN ...... 11-6

11.5 EXECUTION...... 11-6

11.5.1 TEST SIMULATION ...... 11-6

11.5.2 TEST WITNESSING...... 11-7

11.5.3 TEST INITIATION ...... 11-7

11.5.4 TEST REPORTS AND INSPECTION REPORTS...... 11-7

11.5.5 FAILURE REPORTING...... 11-8

11.5.6 TEST TRACK ...... 11-8

11.5.7 RELIABILITY DEMONSTRATION TEST ...... 11-9

11.6 CDRL ITEMS ...... 11-10

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-i September 2015 11.1 GENERAL This section includes requirements for inspection and testing of the ATC system. All materials and equipment furnished and all work performed under these Specifications shall be inspected and tested. Should any inspections or tests indicate that specific hardware, software, or documentation do not meet the specified requirements, the impacted items shall be repaired, replaced, upgraded, or modified as necessary to correct the noted deficiencies by the Contractor at no additional cost to MTA. After correction of a deficiency, all tests necessary to verify the effectiveness of the corrective action shall be repeated. In the event that changes and/or modifications are made during, or resulting from testing, the MTA has sole authority to determine any and all inspections/tests that the Contractor shall repeat and/or additional inspections/tests that shall be performed. 11.2 SCOPE OF WORK A. Develop, organize and implement a test program that tests and verifies the adequacy of the ATC system to meet all functional, Reliability, Availability, Maintainability, Safety and performance requirements as per the Specification. B. Perform the following inspections/ tests for all CBTC equipment and subsystems as a minimum: 1. Maintainability inspections/ tests 2. First Article Inspections (FAI) 3. Factory Tests 4. Post Installation Inspections/Check out 5. Field/ Site Tests 6. Cutover/Phasing Tests 11.3 CODES AND STANDARDS The CBTC system equipment provided by the Contractor shall be subject to the requirements of the following codes and standards: A. AREMA Communications and Signals Manual of Recommended Practices B. IEEE 829-2008 Standard for Software and System Test Documentation C. IEEE 1008-1987 Standard for Software Unit Testing D. IEEE 1474.4-2011 Recommended Practice for Functional Testing of a Communications Based Train Control (CBTC) System 11.4 INSPECTION AND TEST PLAN The Contractor shall submit for MTA approval Inspection and Test Plans establishing the work to be undertaken to meet the requirement of this section, identifying the tests or group of tests within each category of testing listed above. The plans shall provide for the full testing of all ATC systems, subsystems, equipment and materials and the documentation of tests (specifications, procedures, schedules, reports, and certificates) to ensure a complete, safe and operable Metro system.

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-1 September 2015 11.4.1 System Test Plan A. A System Test Plan (CDRL 11-1) shall be submitted to MTA for approval. The plan shall contain, as a minimum, the following: 1. A flow diagram indicating the logical sequence of tests starting with material receiving inspections and tests, and concluding with system demonstration tests 2. Test methodology, test categorization and test readiness reviews 3. Inspection and test organization showing the reporting structure within the Contractor’s organization 4. Inspection and test documentation – flow and sequence of documentation submission, formal, internal documentation; traceability management of test documentation to approved design requirements 5. Organization and resources required for performing tests 6. Procedures for monitoring, correcting, and re-testing including Punch List items 7. Procedures for controlling and documenting all changes made to the hardware and software during all stages of the test program, including procedures for handling changes during a particular phase of testing 8. Locations at which all tests/inspections will be performed 9. Field testing strategies that minimize service disruptions by restricting the number of service interlockings affected as much as possible B. The System Test Plan shall reflect the ATC System Test Sequence as described throughout the Technical Specifications, including all the subsystems such as SSI, DCS, CBTC, ATS, and AWS. C. After initial approval of the System Test Plan, the plan shall be revised as required by the Contractor during the life of the Contract to reflect changes in system design or identification of additional testing requirements. Each revision shall be submitted for approval. 11.4.2 Maintainability Inspection and Test Plan A Maintainability Inspection and Test Plan (CDRL 11-2) shall be submitted to the MTA for approval. A maintainability test shall be conducted for all furnished ATC equipment and supporting hardware. The primary purpose of this pre-production equipment review is to enable MTA to evaluate the ATC equipment design prior to the commencement of final hardware design. The plan shall contain, as a minimum, the following: A. List of ATC Subsystem assemblies/hardware components & Line Replaceable Units (LRU) for the wayside, Carborne, DCS, and ATS that are proposed for a fit test on the host environment at site (e.g., A cars, B cars, CBTC rooms, wayside track locations). B. Process and check off lists for all prototype hardware reviewed by MTA for fit, form, maintainability, repair and replacement of LRUs, accessibility and other general design aspects.

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-2 September 2015 C. List of typical supporting documentation, drawings, Bill of Materials/ workmanship, illustrated parts and assembly notes that will be submitted along with check off lists for the proposed equipment. D. Locations proposed for the maintainability tests for each proposed equipment with planned durations and MTA resources needed. E. List of prerequisites to be achieved prior to the start of the maintainability tests. F. Process for documenting results, corrective actions and retests as needed. 11.4.3 First Article Inspection Plan A First Article Inspection (FAI) Plan (CDRL 11-3) shall be submitted to the MTA for approval. First Article Inspections shall be conducted on the first production unit of each ATC subsystem prior to the commencement of the production manufacturing run. The FAI plan shall contain, as a minimum, the following: A. The process for inspection to be conducted including the items to be verified/ inspected at each FAI including Fail/Pass criteria B. List of ATC Subsystem assemblies/ hardware components & LRUs (wayside, Carborne, DCS and ATS) that are proposed for a FAI along with specific FAI check off / verification lists for each type of equipment C. List of required documentation/ drawings/ Bill of Materials/ workmanship and assembly notes that will be submitted along with FAI check off lists for the proposed equipment D. Locations proposed for the FAI for each equipment with planned durations E. List of prerequisites to be achieved prior to the start of FAI F. Process for documenting results, and corrective actions as needed 11.4.4 Factory Test Plan The Factory Test Plan (CDRL 11-4) shall be submitted for MTA approval, and shall describe the test process followed during factory acceptance tests at the Contractor’s premises, to ensure that all ATC equipment including the CBTC-ATS, CBTC wayside, DCS, and CBTC carborne subsystem software and hardware are fully tested to the extent practicable before being released to the field. The Contractor shall make checks on the subsystems by simulating all control inputs, response combinations, and failure injection scenarios. The Factory Test Plan shall contain the following: A. Test approach to Hardware, Software Integration and Validation, and Factory Acceptance B. Block diagrams of the hardware test configuration including external interfaces, and detailed descriptions of all test and simulation equipment and tools C. Test sequencing and pre-requisites D. Test categories including Hardware Qualification Testing, Hardware production/ series Factory Acceptance Tests (FATs), Software validation and verification, Unit testing, subsystem integration E. Complete list of tests with brief description, Test ID, Test objectives, estimated Test Durations, Resources and location or target equipment

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-3 September 2015 F. Procedures for monitoring, correcting, and re-testing G. Procedures for controlling and documenting all changes made to the hardware and software after the start of testing H. Suite of Regression tests to be performed on each modified software release to ensure that no degradation of baseline functionality has occurred I. Suite of tests to be performed to verify the functionality of the newly implemented features 11.4.5 Post Installation Check-Out (PICO) Plan A. Post Installation testing shall be performed by the Contractor to determine that the equipment has not been damaged subsequent to shipment from the factory, has been installed correctly, reacts properly with field conditions, and to ensure that all equipment is in conformance with the Contract. The testing shall progress systematically so that subsystem elements are tested in a sequential and logical manner from an established starting point to a pre-determined completion point prior to the commencement of testing of complete subsystem. The PICO plan (CDRL 11-5) shall be submitted to the MTA for approval and shall cover all ATC subsystems: 1. Wayside installation 2. ATS and ATS Interface installation 3. DCS (wayside wired network and wayside radio network) installation 4. Carborne equipment installation 5. Solid State Interlocking (SSI) B. The Plan shall address the following aspects for each subsystem: 1. Methodology and approach implemented for proper installation of the correct equipment configuration in the specified field environment conditions in which the equipment operates 2. Conformance of equipment wiring, cabling and grounding to cable plans, manufacturer’s specifications, electrical codes and standards of workmanship 3. Process followed to ensure proper installation of equipment according to specified technical requirements including mounting specifications, layout, interconnections, and external connections 4. Process of verification that completed assemblies are properly interconnected per approved drawings 5. Complete list of PICO tests, test IDs, test objectives, resources, and test durations 6. Plan for Submission of Test Documentation – Procedures and Reports; procedures shall be submitted to the MTA for approval. Reports shall be issued to certify that all equipment has been installed, interconnected and successfully passed the tests 11.4.6 Field Test Plan A. The Field Test Plan (CDRL 11-6) shall describe the test process followed during integration and functional tests in the field to ensure that all ATC equipment including the ATS, Zone Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-4 September 2015 Controller, DCS, Carborne Controller, and SSI are correctly functioning together. The field tests shall identify defects, demonstrate that defects have been removed and system adequately re-tested successfully. The field tests shall also verify that the modules perform their intended functions as stated in the specification. The Field Test Plan shall contain the following: 1. Complete list and sequence of field tests, Test IDs, test objectives, proposed test locations, resources required, Service Diversions required, estimated test durations, specific identification of safety related tests and an initial test schedule 2. Complete list of tests that are planned to be performed at the Test Track area, in between revenue service trains and under Service Diversions 3. Block diagrams of the hardware test configuration including external transmission interfaces, and detailed descriptions of any and all test and/or simulation equipment 4. Traceability matrix that identifies the tests and test groups to functional requirements 5. Flow of test program and prerequisites required for starting each test 6. Equipment and instrumentation required 7. Coordination needed from Metro Operations and Maintenance Department 8. Pre-test briefings 9. Process for monitoring, correcting, and re-testing Punch List items 10. Process for controlling and documenting all changes made to the hardware and software after the start of testing 11. Configuration management of software/ system version releases for all subsystems 12. Suite of field regression tests that is to be performed on each modified software release to ensure that no degradation of baseline functionality has occurred 13. Suite of tests to be performed to verify the functionality of the newly implemented features 14. Set of criteria from which the scope of any retest can be determined 15. MTA resources needed to perform each test, of critical importance are the number of units and trains together with the operating crew requirements 16. Description of how the track under test will be isolated from the revenue tracks 17. Description of how the outputs of the CBTC system will be isolated from impacting the revenue system when the CBTC system is under test B. It is recognized that for a system such as CBTC, not every test needs be conducted on every section of the wayside or on every unit. Submit justification for this approach, where adopted in the plan for MTA approval prior to finalizing the detailed matrix. Include in the plan a detailed matrix of tests that indicate where tests are conducted at all locations, on every unit, at one location, and on one or two units.

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-5 September 2015 11.4.7 Cutover Test Plan The Cutover Test Plan (CDRL 11-7) shall describe all stages involved in making the transition from the existing train control system to the final ATC system, including tests, and shall contain as a minimum the following: A. The sequence of placing sections in service. B. Prerequisite tests to be completed. C. Testing on one section while other sections are in service. D. Test location. E. Summary of service diversions required to support testing and installation. F. Equipment and instrumentation required including MTA resources needed to perform each test, of critical importance are the number of units and trains together with the operating crew requirements. G. Coordination needed from MTA Operations and Maintenance Department. H. Estimated duration of each test and phase. I. Phasing/ hand over of ATS operation, CBTC operation at each stage including the functionality proposed for each stage, the status and changes if any to different disciplines for revenue service, e.g., ATS operations, LCP operation, Maintenance, Train operation. The descriptions of this phasing shall be presented in a clear visual format for each stage and shall also list the limitations/ operating or maintenance constraints to be considered when transitioning between each stage. 11.5 EXECUTION 11.5.1 Test Simulation The Contractor shall utilize all testing hardware (host and target) and software, including all simulation and emulation equipment required to allow the ATC system to be thoroughly tested in a factory environment. The simulation hardware and software to be provided by the Contractor for testing the ATC system shall support the following capabilities: A. Simulate interfaces to other MTA infrastructure and systems being interfaced to the ATC system. B. The simulator shall be capable of simulating the entire line in terms of physical characteristics of the system, such as grades, stations, etc. C. Simulate system loading in accordance with the performance requirements defined in these Specifications. D. Simulate the AWS inputs to the Zone Controller (for example: track-circuits, signals, switch positions). Simulate the AWS response to zone controller outputs so that the simulated AWS subsystem reacts accordingly. E. Simulate various device failure conditions to demonstrate the proper CBTC system responses to these failures.

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-6 September 2015 F. The Contractor factory test facilities shall allow thorough testing of all the system and subsystem functions in order to minimize the field-testing activities. Test scenarios shall be included that are aggressive and place stress on the subsystems and system. Stress tests shall include scenarios that increase the number of trains running in the scenario until the system saturates. Train movements shall include abnormal moves made under procedure as well as normal moves under the control of the system. 11.5.2 Test Witnessing The MTA reserves the right to witness any and all testing. To facilitate the witnessing of testing, the Contractor shall give notice in writing a minimum of 45 days in advance of each test/inspection and include a detailed schedule of the inspection and/or the test. 11.5.3 Test Initiation A. The following conditions must be satisfied before starting any test: 1. All test plans and procedures for the test shall be approved by the MTA. 2. All planned and scheduled hardware and software engineering design change orders shall be incorporated into the system under test. 3. All relevant documentation including drawings, lists of deliverables, software functional and design documents, and user manuals shall be approved by the MTA. 4. Other documentation such as simulator manuals and scripts that are relevant prerequisite to testing has been completed and approved by the MTA as required. 5. A briefing shall be conducted for all personnel involved in the test, including testers, MTA operations and maintenance personnel supporting the test, and MTA test witnesses. 6. The Contractor shall submit a detailed Test Matrix for the test area to be covered for a period of 4 weeks at least 2 weeks prior to the planned test date. This matrix shall be updated to indicate the outcome of testing within 3 days of completion of the attempted tests and submitted for review. 7. The Contractor shall submit a configuration list for hardware and software to be installed, actively in operation, or removed from subsystems 1 week prior to the planned date of the test. The Configuration sheet shall be signed off at the end of the test session by the person in charge of the test and the MTA. B. A complete, clean (error free) dry run of each factory test using the approved test plans and procedures shall be conducted by the Contractor. Written confirmation that the dry run has been successfully completed shall be provided to the Engineer at least 1 week prior to the start of the formally witnessed Factory Acceptance Test (FAT). 11.5.4 Test Reports and Inspection Reports Complete certified Test Reports, Inspection Reports and Punch Lists of all factory and site acceptance tests results shall be maintained by the Contractor and delivered to the MTA. All test reports shall be certified and signed by the tester and a reviewer. Test failures shall be recorded in the form of Punch Lists that clearly describe the nature of the problem and the actions to be taken to correct the problems. The reports shall be linked to the test procedures.

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-7 September 2015 11.5.5 Failure Reporting A. The Contractor shall prepare and submit punch list (or discrepancy list/ Defect tracking list) reports to the MTA for deviations from the requirements of these Specifications or failures detected during any test. The report shall include a complete description of the problem or failure. B. Upon the identification of an event requiring a problem report, the Contractor and MTA representatives shall agree on one of the following courses of action: 1. Testing will immediately stop and the Contractor will evaluate and correct the problem before testing is resumed. 2. Testing will continue and the problem will be evaluated and corrected at a mutually agreed upon time. C. The Contractor shall review with the MTA the Contractor’s Punch List(s) periodically and bring them to closure. D. All actions taken to correct problems shall be documented on the punch list by the Contractor. Sufficient information shall be provided to enable the MTA representative to determine the need for and extent of re-testing, the need for testing interactions of the correction with any previously tested hardware or software, the need for new additional testing not previously included and the need for updating appropriate documentation. A problem shall be deemed resolved only when all re-testing has been performed to the satisfaction of the MTA and after the Contractor and the MTA representatives acknowledge correction of the problem on the punch list. 11.5.6 Test Track A. For the purposes of early testing of the CBTC subsystems and system in the field, track #3 shall be used as the CBTC test track. The track area shall be equipped and be fully functional. The test section shall include the first set of all field tests including field integration, functional, and system tests. B. The test track section shall be capable of supporting all CBTC functions and at least the following test configuration: 1. Radio coverage. 2. Zone controller including connection to an interlocking. 3. DCS connection 4. ATS control from Wabash Tower BOCC 5. Transponders. 6. Track circuits. 7. Pseudo-stations C. The test track area shall also be utilized to perform all prototype and production level tests of CBTC-equipped units before they are released into revenue service (e.g., dynamic testing of CBTC-equipped cars).

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-8 September 2015 11.5.7 Reliability Demonstration Test A. Upon cut-over of the entire ATC system and the start of revenue service of the first new train, a Reliability Demonstration test shall begin. A continuous monitoring and recording shall be conducted to verify the ATC system’s ability to meet the specified reliability and availability requirements (per Section 9) while in revenue service. The Reliability Demonstration is applicable to the entire ATC system and includes the Zone Controllers, Carborne Controllers, ATS, SSI, Data Communication equipment, and all miscellaneous equipment provided under the Contract. The test will conclude 60 days after the last married pair enters revenue service. B. In addition to meeting the availability and reliability requirements, the reliability of the ATC system shall be such that no more than two system restarts, processor functional failures, or device functional failures of any kind shall occur during any 6-month period. A functional failure occurs when an item of equipment ceases to perform its intended function. Failures are only counted for Contractor's scope of supply. The goal of the test is to demonstrate the compliance with Section 9. C. The types of failures that will be taken into account are: 1. Failure of a PF track circuit; 2. Failure of a switch to move to a required position and/or the loss of detected position; 3. The loss of any workstation in either MOCC or BOCC in which visibility of the line overview is lost, and/or ability to send any ATS command to the field is lost. A subsequent loss of workstation displays and functions at field locations will be considered a second failure; 4. The failure of the ATS to request routes at interlockings within eight seconds; 5. The loss of automatic schedule regulation function; 6. The inability to implement updates to the current operating schedule; 7. The loss of train tracking function; 8. The loss of system and subsystem indications and alarms. This includes all ATS (MOCC and BOCC) and Car TOD (unless the failure is due to a carborne equipment not in the scope of the Contractor); 9. Failure of event recording function. The recorded data will be audited once a week during the test period and a sample of four hours of continuous data will be checked to determine if a loss of data occurred; 10. Inability at any time on the main line tracks or during transitions to and from the main line tracks to operate in the normal operating modes of ATO and Manual. If the train cannot proceed in ATO mode but can proceed in Manual due to a failure of ATC equipment, this will be considered a failure; 11. Nuisance emergency brake applications commanded by the ATC system in excess of four per month for the entire system. In the event that multiple emergency brake applications are experienced by one train, the train will be removed from service and only one failure will be counted;

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-9 September 2015 12. Failure of ATC to enable doors when doors are under ATC control and train is properly berthed at a station; 13. Inability to set or remove slow speed orders at the first attempt; 14. Inability to set or remove work zones at the first attempt; 15. Failure of a train to berth at any station; 16. Inability to set or release a hold command at the first attempt. The hold commands include train, system, platform and station holds; 17. Inability to set or release switch and track blocking at the first attempt; 18. In the event of a switchover occurring for which no subsequent identified failure is found, an excess of two failovers in a 24-hour period will be counted as one failure.; 19. Carborne ATC related failures will be counted for trains that fail on the mainline revenue service as well as in the Yard. 20. Software errors that cause a functional failure. D. Restarts and functional failures that are not the responsibility of the Contractor such as passenger induced delays, interruptions caused by intrusion of unauthorized persons or non- system induced loss of service (example loss of electrical power) shall not be counted in the reliability test statistics. In the event system restarts and functional failures exceed the limits listed above, the demonstration test shall be considered failed. E. The Contractor shall develop a reporting process for failure and corrective actions. For each incident, the Contractor shall indicate the type of failure and whether or not the failure should be counted. The classification shall be reviewed and approved by the MTA. The Contractor shall provide a formal report at the end of the test period (CDRL 11-9). The process shall be documented and provided to the MTA for monitoring of the system performance. The Contractor shall develop the Reliability Demonstration Plan and test procedures (CDRL 11-8) and submit for MTA approval. 11.6 CDRL ITEMS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title CDR PDR FDR Post FDR Prior to No. Service 11-1 System Test Plan X

11-2 Maintainability Inspection and Test Plan X

11-3 First Article Inspection Plan X

11-4 Factory Test Plan X

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-10 September 2015 Design Review Submittal Milestone CDRL CDRL Title CDR PDR FDR Post FDR Prior to No. Service 11-5 Post Installation Check Out (PICO) Plan X 11-6 Field Test Plan X 11-7 Cut-Over Test Plan X 11-8 Reliability Demonstration Test Plan and Procedure X 11-9 Reliability Demonstration Test Report WITHIN 30 DAYS AFTER TEST

Attachment C, Part 2, ATC System T-8000-1415 Section 11, ATC Testing TS 11-11 September 2015 SECTION 12 QUALITY ASSURANCE AND QUALITY CONTROL

Contents 12.1 GENERAL...... 12-1

12.2 SCOPE OF WORK...... 12-1

12.3 CODES AND STANDARDS...... 12-2

12.4 QUALITY ASSURANCE PROGRAM PLAN ...... 12-2

12.4.1 SUBCONTRACTOR QUALITY ASSURANCE MANUAL...... 12-3

12.4.2 QUALITY ASSURANCE PROGRAM ASSESSMENT...... 12-4

12.4.3 QUALITY ASSURANCE REQUIREMENTS...... 12-4

12.5 QUALITY CONTROL...... 12-9

12.5.1 SCHEDULING INSPECTIONS...... 12-10

12.5.2 CONTRACTOR PROVISIONS FOR MTA INSPECTION...... 12-10

12.5.3 LEVELS OF INSPECTION...... 12-10

12.5.4 STATISTICAL QUALITY CONTROL ...... 12-10

12.5.5 INSPECTION STATUS...... 12-11

12.5.6 RECEIVING INSPECTION AND SOURCE INSPECTION...... 12-11

12.5.7 FIRST ARTICLE INSPECTIONS ...... 12-11

12.5.8 INSPECTION OF WORK IN-PROCESS ...... 12-11

12.5.9 HOLD POINT INSPECTION...... 12-11

12.5.10 FINAL INSPECTIONS ...... 12-12

12.5.11 SHIPPING INSPECTION ...... 12-12

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-i September 2015 12.5.12 PRE-SHIPMENT TESTING...... 12-12

12.5.13 RETROFIT INSPECTION...... 12-12

12.5.14 INSTALLATION INSPECTION...... 12-12

12.6 QUALITY ASSURANCE AUDITS ...... 12-13

12.6.1 AUDITS OF THE CONTRACTOR...... 12-13

12.6.2 CONTRACTOR AUDIT OF SUBCONTRACTORS...... 12-14

12.6.3 AUDIT REPORTS...... 12-14

12.7 CHANGE CLASSIFICATION...... 12-14

12.7.1 CLASS 1 CHANGE ...... 12-14

12.7.2 CLASS 2 CHANGE ...... 12-15

12.7.3 ACCOUNTABILITY...... 12-15

12.7.4 CONTRACTOR CHANGE REQUIREMENTS...... 12-15

12.8 CDRL ITEMS ...... 12-16

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-ii September 2015 SECTION 12 QUALITY ASSURANCE AND CONTROLGENERAL A. The Contractor shall plan and implement a Quality Assurance (QA) Program to assure delivery of a quality product to the MTA under the terms of this Contract. The elements of the program shall be imposed on the Contractor’s entire organization and all Subcontractors that perform contract work. The QA Program shall assure that all aspects of the Contract are in conformance with the design, materials and workmanship requirements provided in this Technical Specification and that those requirements shall be provided in a timely manner. The Program shall also require the Contractor to document inspection of the design and manufacturing operations. B. The Contractor shall be solely responsible for all of the quality assurance functions required by this Contract. The Contractor shall assure Contract compliance by Subcontractors. Surveillance of Subcontractors shall include sampling and review of products, records, procedures, processes, manufacturing operations and quality control methods. C. This Section contains the quality assurance and quality control requirements for this Contract. The Contractor's quality assurance efforts shall be in compliance with the requirements of the FTA Quality Management System Guidelines document FTA-PA-27-5194-12.1. 12.2 SCOPE OF WORK A. The Contractor shall maintain a comprehensive QA/QC plan to regulate methods, procedures, and processes to assure compliance with the Contract requirements, including design quality and software quality assurance. B. QA programs shall be applied to all activities related to quality of equipment, including designing, purchasing, inspecting, assembling, fabricating, testing, storing, shipping, installation, and warranty work. QA personnel shall have sufficient, well-defined responsibility and organizational freedom to: 1. Identify and evaluate quality problems. 2. Initiate, recommend, or provide solutions. 3. Verify implementation of solutions. 4. Control further processing, delivery, or installation of a nonconforming item until proper disposition has been obtained. C. The Contractor shall have demonstrably established specifications for procurement and procedures for transmission of information and data to Subcontractors, if any, and assurance of Subcontractor compliance with procedures. In addition, adequate inspection and testing programs for manufacturing and installation activities shall be evidenced and documented. Finally, program surveillance, with configuration control of hardware and software changes, and verification of physical conformance of equipment manufactured and installed under this Contract, shall be demonstrated.

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-1 September 2015 D. Statistical analysis, tests, and other quality control procedures may be used when appropriate in the quality assurance processes. 12.3 CODES AND STANDARDS The Quality Assurance Program provided by the Contractor shall be subject to the requirements of the following codes and standards: A. FTA-PA-27-5194-12.1, FTA Quality Management System Guidelines document B. ISO 9001:2008, Quality Management Systems C. IEEE 828-2012 - IEEE Standard for Configuration Management in Systems and Software Engineering D. IEEE 730-2014 - IEEE Standard for Software Quality Assurance Processes E. IEEE 1558-2004 - IEEE Standard for Software Documentation for Rail Equipment and Systems F. ANSI/ASQ Z1.4–2003 (R2013): Sampling Procedures and Tables for Inspection by Attributes G. ANSI/ASQ Z1.9–2003 (R2013): Sampling Procedures and Tables for Inspection by Variables for Percent Nonconforming 12.4 QUALITY ASSURANCE PROGRAM PLAN A. The Contractor shall develop and submit to the MTA a comprehensive Quality Assurance Program Plan (CDRL 12-1) designed to ensure the quality of all activities, including design, purchasing, inspection, handling, documentation, assembly, fabrication, testing, storage, shipping, and warranty/repair work. The plan shall describe all quality control procedures and the quality audit process of the Contractor and any Subcontractors. In addition to addressing the fifteen elements of the FTA Guidelines, the Contractor shall also identify the following: 1. Quality organization 2. Software quality assurance plan 3. Configuration management plan 4. Receiving, handling, storage, and control of materials and equipment 5. Subcontractor control 6. Inspection and testing plan 7. Control of construction processes 8. Control of measuring and test equipment 9. Preventive action and control of nonconforming conditions 10. Contractor internal audit 11. Submittal management and design process control 12. All procedures identified in this Section

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-2 September 2015 B. The Contractor shall submit for approval the Quality Assurance Program Plan within 45 days after NTP. As a condition of having the Plan approved, the Contractor shall incorporate written procedures defining methods to implement and maintain its QA Program. All subcontractor engineering, procurement, manufacturing, inspection and test plans and procedures shall be developed using the methods and procedures found in the referenced Quality Assurance Manuals. It shall clearly define the authority of the Quality Assurance Department and the responsibilities of every department for quality. An organization chart shall be included to show the reporting relationships of all management staff. The Plan shall clearly indicate that Quality Assurance personnel shall have sufficient authority and organizational freedom to ensure that a nonconforming or discrepant product or service will not be delivered to MTA. The responsibility for the quality assurance function shall be so placed in the Contractor's own organization that meeting schedule and cost projections will not compromise the quality of products or services delivered under the terms of the Contract. The Plan shall also contain or refer to a comprehensive collection of forms for documentation of quality control activities. Forms shall be designed to assure compliance of materials, processes, personnel, and products to the approved design drawings and applicable specifications. C. The Plan shall include work-specific quality organization charts for the Contractor and all Subcontractors at various manufacturing and assembly operations for critical quality functions such as receiving inspection; source inspection, in-process and final inspection, non- conforming material, Material Review Board, testing product, Contract compliance and corrective action procedures. Software QA requirements described herein shall be included. Description of Contractor quality assurance personnel qualifications and certifications shall be included with the Quality Assurance Program Plan. For the duration of the project, updates shall be furnished to MTA when QA management personnel and certification status changes occur. D. The Quality Assurance Program Plan shall include an Inspection and Test Plan. The Inspection and Test Plan shall show major manufacturing and inspection milestones on a schedule, including planned dates for submittals. This Plan shall identify customer witness and hold point inspection and will be used by the MTA quality assurance representative to identify the Contractor's inspection and test witness points. This Plan, and its attendant schedule, shall be updated as milestone dates or other significant items change. Revisions shall be submitted to MTA for review. Contract work that is performed prior to approval of the Quality Assurance Program Plan shall be at the Contractor’s risk. E. The Contractor's Quality Assurance Program Plan shall provide procedures to control the activities defined in this Section. The approved Quality Assurance Program Plan and supplemental manuals, procedures, and instructions shall be subject to periodic audits by the Contractor and as determined by MTA. Audits will assess implementation of the quality assurance program. 12.4.1 Subcontractor Quality Assurance Manual The Contractor’s Quality Assurance Manual (CDRL 21-2) shall be submitted for approval. The manual shall define the organizations’ quality policies and designate a company representative with the defined responsibility and authority to ensure that the quality assurance program is implemented. All quality functions and relationships shall be defined in the Quality Manual.

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-3 September 2015 12.4.2 Quality Assurance Program Assessment A. MTA shall have the right to visit facilities of the Contractor and Subcontractors to assess their quality assurance programs. This assessment will determine if the quality assurance programs will assure product compliance with the Technical Specification requirements. During the assessment, MTA may inspect production facilities, examine operations in progress, and review documentation. If deficiencies are noted, the Contractor shall ensure that corrective action is accomplished and approved. B. After NTP, MTA shall have free access to the shops of the Contractor and Subcontractors for quality assurance inspections. MTA may perform quality assurance inspections during the Contractor's execution of the Contract to ensure that the Contractor is meeting all of its Quality Assurance Program requirements. The inspections will be performed independent of and in addition to the Contractor's quality assurance function. These monitoring functions will confirm that all deliverables under the Contract, and approved Contractor drawings and documentation conform to the Technical Specification. MTA quality assurance activities will in no way replace, negate, override, or lessen the Contractor's quality assurance and other obligations. C. Quality Assurance responsibilities required by this Technical Specification include planning, establishing and maintaining a Quality Assurance program; performing all work required by the quality assurance program; and conducting regular QA program audits. D. Upon written request by the MTA, the Contractor shall demonstrate compliance with any requirement of the Technical Specification. Requests will normally be made such that the demonstration can be scheduled in advance of the delivery of ATC system equipment. Other demonstrations may be requested after delivery. The demonstrations shall consist of formal tests conducted on representative production equipment and witnessed by the MTA and/or its representatives. In lieu of conducting tests, the demonstration requirement may be satisfied by a comprehensive analysis of sufficient scope and quality to show specification compliance. In case of analysis, the methodology and scope of the analysis shall be approved by the MTA. 12.4.3 Quality Assurance Requirements 12.4.3.1 Design Control A. Written procedures shall be implemented to assure designs are clearly defined. Design reviews shall verify adequacy of the designs. Design inputs from technical specifications, regulatory requirements, industry codes, and other referenced standards shall be identified and documented. Procedures shall be developed for translating these design inputs into design specifications and drawings. These design documents shall be the basis for purchase, manufacture, fabrication, test, inspection, and quality standards of the Contractor and Subcontractors. Design changes shall be made using the same design and drafting tool, format, and procedures that controlled creation and presentation of the original design. Contractor and Subcontractor procedures for document control shall ensure that current documents are made available wherever they are needed for the effective functioning of the quality system. B. The Contractor shall establish and maintain objective evidence of compliance with all of the requirements of this Technical Specification and accepted design control procedures.

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-4 September 2015 C. The Contractor shall submit a Configuration Management Plan (CDRL 12-3) that maintains and assures the latest drawing and software configuration to MTA for review. Once approved, the Contractor shall implement this plan and ensure that requirements for the effective point of changes are met and that obsolete contract drawings and requirements are promptly removed from the system. Means of tracking the effective points shall be employed and made available to MTA. D. The Configuration Management Plan for software elements shall comply with ANSI/IEEE Standard 828, and shall describe the methods for: 1. Identifying the software configuration items 2. Controlling and implementing changes 3. Recording and reporting change and discrepancy reports implementation status 4. Conducting configuration audits 5. Identifying review and approval cycle as well as signature authority 6. Identifying the personnel responsible for maintaining the baselines and distributing the Quality Assurance Program Plan 7. Controlling the software release process, such as the creation of a version description document 12.4.3.2 Purchasing A. The Contractor shall outline the methods to be used for selection and control of Subcontractors. The Contractor shall be responsible for ensuring that all supplies and services procured conform to Contract requirements. The Subcontractor quality function shall be reviewed and assessed by the Contractor at intervals consistent with product complexity and quality requirements. B. Purchase specifications shall require all purchased materials, equipment, and services to comply with the Contractor's material, quality, workmanship, and performance criteria. Purchase specifications shall transmit quality requirements, specifications, and standards to Subcontractors. Purchased materials shall be inspected by the Contractor upon receipt to verify conformance to design and test requirements. Purchase order requirements shall ensure that the Subcontractor will notify and obtain approval from the Contractor for design changes and use of certificates of compliance (where applicable), prior to implementation. The Contractor shall meet with Subcontractors as needed to clarify provisions of the purchase contracts. Evidence of compliance with the purchase specifications shall be available for MTA audit and review up to five years after the last Contract deliverable is furnished. C. MTA reserves the right to inspect, at the source, any supplies furnished or services rendered under the Contract. The Contractor shall assure MTA’s right to make contact with Subcontractors to discuss scheduling, design, or quality issues. MTA shall coordinate with the Contractor regarding any action required due to discussions with the Contractor's Subcontractors. When MTA elects to inspect at a Subcontractor's facility, such inspection shall not be used by the Contractor as evidence of effective quality control of the Subcontractor.

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-5 September 2015 12.4.3.3 Material Control A. Written procedures shall be implemented to assure purchased material conforms to requirements of the purchase specifications. These measures shall include source inspection, receipt inspection, evaluation of production facilities, and review of material certifications, quality assurance manuals for Suppliers of systems, and procedures. There shall also be procedures for the qualification and acceptance of material Suppliers. B. The Contractor shall submit written procedures for identification and control of product. The written procedures shall assure items are handled, stored, and shipped properly to prevent damage and loss. There shall be instructions for serialization and part identification, precautionary signs, protection against weathering and corrosion, drying agents, moisture barriers, and control of shelf life. C. If MTA believes defective work has occurred, or defective materials have been used, the Contractor shall furnish the appliances and labor to inspect. Defective construction or materials that may be disclosed shall be corrected promptly. D. Parts and apparatus damaged during construction, testing, or shipment shall be made good at the expense of the Contractor. All repaired components shall be documented as repaired by the Contractor and describe the repair and record the repair completion date. Repair procedures shall be subject to approval. E. Written procedures shall be implemented to prevent use of items that do not conform to this Technical Specification. These controls shall provide instructions to identify and document noncompliance. The procedures shall instruct personnel to segregate noncompliant parts, require disposition by the appropriate department, and notify the affected organizations. Defective items shall be tagged, documented, and segregated in a holding area pending disposition. 12.4.3.4 Manufacturing and Process Control A. Written procedures shall be developed to control manufacturing and production processes shown on the approved manufacturing and inspection plans. These plans shall be approved before the start of any work. The manufacturing plan shall include a product work-flow block diagram. It shall show significant operations and related points for critical inspections, examinations, and tests. Control/hold points for inspections, examinations, and tests shall be established to prevent out-of-sequence installation and ensure that no work will be hidden from inspection or test by succeeding assembly. Items installed out of order or found hidden by succeeding assembly shall be inspected and tested to provide the same assurance as the approved inspection and test plan. B. Certain special manufacturing and production processes shall be performed by certified personnel using qualified procedures under specified environmental conditions. Procedures shall be controlled to assure compliance with Technical Specification requirements. Applicable codes, standards, regulations, and acceptance criteria for special processes and tests shall be cited by procedures, drawings, and checklists. Copies of personnel certifications for special processes shall be included in the manufacturing or inspection plan, as applicable. C. Conditions which adversely affect product quality shall be identified, controlled, and eliminated. Evidence of corrective actions to prevent recurrence of such conditions shall be verified and documented.

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-6 September 2015 D. Materials used in manufacturing operations shall be identified. Documents that trace items throughout receipt, storage, fabrication, repair, and shipment shall be filed. Markings shall be transferred to each part of an identified item when subdivided. Markings shall not be hidden by surface treatments. Manufacturing history of items shall be documented on forms that accompany parts and assemblies as they are processed. 12.4.3.5 Inspection and Test A. The Contractor shall establish formal inspection and test procedures. All inspection and tests shall be performed to demonstrate compliance with Technical Specification requirements, confirm elimination of deficiencies, and provide information on ATC system technical characteristics. B. Written procedures shall be implemented to assure all items will perform satisfactorily in service. Functional, operational, and acceptance testing shall be performed under controlled conditions, using appropriate test equipment. Test equipment shall be operated by persons who have received adequate indoctrination and training. Test procedures shall reference test objectives and list prerequisites to be met. Test instrumentation requirements shall also be listed for each test procedure. Pass/fail criteria shall be clearly described in each test procedure. The Contractor's inspectors shall monitor tests and verify that specified conditions are satisfied. 12.4.3.6 Inspection, Measuring and Test Equipment A. The Contractor shall ensure that inspection, measuring, and test equipment shall be identified, controlled, calibrated, and maintained in order to demonstrate the conformance of work to Technical Specification requirements. B. Written procedures shall be implemented to assure tools and inspection and test equipment are calibrated. Tooling and fixtures used as a medium of inspection shall be included in these procedures. Calibrations and adjustments shall be performed at prescribed intervals no greater than a year apart. Calibration standards shall be traceable to the National Institute of Standards and Technology or approved equal. Calibration status shall be labeled on the controlled item and recorded to assure adherence to calibration schedules. Calibration labels shall identify the date of current calibration, who performed the calibration, and when the next calibration is due. 12.4.3.7 Inspection and Test Status The Contractor shall provide written procedures to identify the inspection and test status of work during production and installation. The procedures shall be capable of identifying the progressive inspection status of components or materials as to their acceptance, rejection, or non-inspection status. The procedures shall ensure that only work passing the required inspections and tests is accepted. Nonconforming items shall be identified by physical segregation and status indicators such as markings, serialization, stamps, tags and inspection records. 12.4.3.8 Nonconforming Material A. The Contractor shall provide written procedures for control of nonconforming material, including procedures for its identification, segregation, identification of root cause, and disposition. Disposition to use "as-is" or repair of nonconforming material shall require approval and shall be documented by the Contractor. All nonconforming material shall be positively identified to prevent unauthorized use, shipment or mixing with conforming

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-7 September 2015 material. Holding areas shall be established by the Contractor as necessary to segregate nonconforming items from the regular production process flow. B. The Contractor is required to present Corrective Action statements for all documented discrepant material or activity so that recurring nonconformance will be prevented. Corrective action shall extend to all Subcontractors. 12.4.3.9 Engineering Change Control Written procedures shall be implemented to ensure inspections and tests are based on latest approved designs. The change control system shall require controlled documents to be prepared, issued, and revised. This system shall assure that all materials, replacement parts lists, and operation and maintenance data reflect the latest configuration of parts and equipment. Engineering change procedures shall be included in the Configuration Management Plan. 12.4.3.10 Record Keeping A. Written procedures shall be implemented to verify that QA records demonstrate compliance with requirements of the purchase specifications. These procedures shall include a QA records list that will define which records will be kept and who has responsibility for preparing, collecting, maintaining, storing and disposing of them according to a defined quality records retention policy. The records list shall include results of examinations, inspections, tests, process controls, certification of processes and personnel, non- conformances (including disposition), calibrations, corrective action, audits and any other quality requirements defined by the contract. These records shall be controlled and available to MTA upon request. B. Exceptions to the quality of workmanship taken by MTA on any ATC equipment, system, or component shall be posted conspicuously and in a convenient location for review. These notices shall be distributed to departments whose input is needed for resolution. A means to obtain and translate input into corrective action shall be established. Contractor’s inspection personnel shall keep these notices current so rejection or approval status of each exception may be readily determined throughout manufacturing. 12.4.3.11 Qualification of Personnel A. Contractor personnel performing work, inspections or tests shall be qualified for such activity by virtue of prior experience and training, and verified by testing where applicable. Records of personnel certification and qualifications shall be maintained and submitted for MTA review as part of the Contractor’s Quality Assurance Program Plan. Personnel certification records of qualifications shall be updated by the Contractor and kept current. B. Contractor’s on-site personnel must undergo background checks for security purposes, and MTA’s safety training prior to access to MTA facilities. They are also required to adhere to all MTA Rules and Regulations, per the Appendices. 12.4.3.12 Quality Assurance Procedures The Contractor shall submit the written procedures listed below to assure effective implementation of the QA activities. The Contractor shall evaluate the training needs of personnel who perform activities affecting quality and provide training necessary to ensure that responsibilities with respect to these procedures are fully understood. A. Design control, including technical documentation and engineering changes B. Transmission of all QA requirements to procurement sources Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-8 September 2015 C. Surveillance of Subcontractors D. Receiving, source, in-process, and final inspections E. Production and process control F. Operator certifications and qualifications G. Functional testing H. Discrepancy control I. Measuring and test equipment calibration and certification J. Drawing control K. QA records L. Shipping, handling, and storing M. Selection of qualified procurement sources N. Evaluation and assessment of Subcontractors’ QA programs O. Monitoring of Subcontractor QA performance; P. Evaluation of procured articles against purchase order requirements 12.4.3.13 Software Quality Assurance Plan A. The Contractor shall provide a Software Quality Assurance Plan as a part of the Quality Assurance Program Plan. The Software Quality Assurance Plan shall comply with IEEE Standard for Software Quality Assurance Plans (ANSI/IEEE 730), and the Contractor shall design its software in accordance with the Software Quality Assurance Plan. For the purpose of this standard, all software developed and/or delivered pursuant to this Technical Specification shall comply with the Software Quality Assurance Plan. B. All software provided by the Contractor for the ATC system, whether standard, custom, or commercial-off-the-shelf, shall be properly tested for their application. At a minimum, ANSI/IEEE Standard 730 and IEEE Standard 1558, Procurement Type 5 requirements for documentation and configuration management shall apply to all software provided by the Contractor. 12.5 QUALITY CONTROL A. Inspection and verification of compliance shall be assured by the Contractor at the facilities of the Contractor, or its Subcontractors. Further inspection at the Contractor and MTA facilities to assess transportation damage to equipment shall also be required. B. All entities within the Contractor’s organization shall enforce the QA program. Schedule and cost decisions shall not compromise quality. If a conflict arises as a result of this provision, details shall be explained to the MTA Project Manager by the Contractor's QA designee. Such matters shall be resolved to the satisfaction of MTA before shipment of affected items. The Contractor shall employ sufficient staff to perform effective quality control. C. The Contractor’s quality control program shall implement written procedures for enforcement of receiving, source, in-process, first article, final, and acceptance inspections tests. Enforcement shall assure that products are manufactured correctly, marked with Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-9 September 2015 appropriate identification, successfully tested, and packed to preclude damage during shipment. Preparation for shipment of each piece of ATC system equipment shall be confirmed by completed checklists for each shipment. D. MTA may also make inspections of items, completed or in-progress, with, without, or in addition to the Contractor’s inspection. This shall in no way delete, lessen or take the place of the Contractor’s obligation to conduct thorough inspections. E. MTA reserves the right to reject all materials and workmanship which do not fully conform to this Technical Specification. Repetitious rejections at either the Contractor’s or Subcontractors’ facilities shall be cause to withdraw MTA inspection. In such case, the work in question shall be stopped until a satisfactory corrective action agreement is reached between MTA and the Contractor. 12.5.1 Scheduling Inspections A. The Contractor shall give ten calendar days notice before each vendor shipment of major items to its plant; this, so MTA can be present during the pre-shipment inspection. The Contractor shall not schedule more than two vendor inspections on the same date without prior approval. After notice by the Contractor, MTA will advise within five calendar days whether or not an inspector will be present for the inspection. Work shall follow the Contractor’s manufacturing and inspection plans and not be moved from sites without notice to MTA. Equipment shall be operational before shipment. B. All inspection and testing times and dates shall be mutually agreed to between the Contractor and the MTA. 12.5.2 Contractor Provisions for MTA Inspection The Contractor shall extend to MTA its full cooperation and, at no cost to MTA, provide facilities to be used by the MTA and designees in the Contractor’s manufacturing plants, including any final assembly sites. These facilities shall enable convenient inspection of materials, work, and equipment. Copies of all drawings, diagrams, schedules, changes, deviations, and data shall also be furnished. Data shall be adequate to verify design, construction, assembly, installation, workmanship, clearance, tolerance, and functionality of the ATC system. 12.5.3 Levels of Inspection The Contractor shall specify 100 percent, or sampling inspection, for discrete items of work. If sampling plans are proposed, the Contractor shall submit complete details of the plans for approval. Sampling procedures which determine Acceptable Quality Levels (AQL) and/or Average Outgoing Quality Levels (AOQL) shall be performed under ANSI/ASQ Z 1.4 or Dodge Romig tables for attribute sampling, ANSI/ASQ Z1.9 for variables sampling, or other approved plan. 12.5.4 Statistical Quality Control Statistical quality control methods may be used to accept parts and materials and to evaluate processes. If used, such methods shall be performed using published guidelines and may include both traditional Shewhart style and short run statistical process control techniques, where applicable. A list of parts and material to be inspected by statistical quality control methods shall be presented for approval (CDRL 12-4).

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-10 September 2015 12.5.5 Inspection Status The Contractor shall maintain a system to identify acceptance, rejection, or non-inspection status of materials and components. Inspection status shall be identified by tags and stamps. 12.5.6 Receiving Inspection and Source Inspection Written procedures shall be implemented to assure items are inspected at the source and upon receipt to verify conformance to acceptance criteria of specifications and drawings. All inspections will be performed to Contract requirements and/or Technical Specification requirements. Material certifications and test reports shall be retained. Contractor shall specify 100 percent or sampling source inspection for all major subsystem equipment to be purchased. 12.5.7 First Article Inspections A. First Article Inspections (FAI) will be performed jointly, by MTA and the Contractor, on all major subassemblies and final assemblies. Equipment shall be shipped from the point of manufacture only after an FAI has been offered and either passed or waived by MTA. B. The FAI will evaluate component and system maintainability, including the use of the portable test equipment. Line Replaceable Unit (LRU) and Lowest Level Replaceable Unit (LLRU) removal and replacement will be reviewed for acceptability by MTA. FAI will only be performed on a component built using approved production processes and tooling, and shall establish the quality of workmanship for the balance of like components. The quality level shall be established jointly by MTA and the Contractor. C. Copies of any photographs and/or video recordings of the component/assembly that is the subject of each FAI shall be furnished to MTA with the Contractor’s FAI report. Video recordings, if any, shall be submitted in DVD format. 12.5.8 Inspection of Work In-Process The Contractor's Quality Assurance Department shall maintain and direct a force of inspectors, independent of production, to verify that work in its shops is performed in compliance with the approved design drawings. This quality assurance verification is required in addition to any quality control checks and corrections by the production workforce. Discrepancies in the work shall be recorded, and departments responsible for the work shall be notified of the need for corrections. Repairs and corrections shall be inspected for conformance to drawings and approved rework instructions, as needed. Re-inspection acceptance status shall be indicated by the Contractor’s inspectors by stamp or initials on the original of the discrepancy report. Responsible manufacturing supervision shall be notified of rework that is rejected. 12.5.9 Hold Point Inspection The Contractor shall establish hold points in the manufacturing process to provide critical inspections. Hold points shall be utilized to inspect completed operations and installations. Hold points shall also be used to inspect items that are about to be covered by succeeding assembly operations. The Contractor shall use inspection forms to record the list of discrepancies noted. Nonconforming products shall not be released from a hold point area until all discrepancies have been corrected. The inspection forms shall be posted at or near the point of inspection for each major assembly and subassembly when all discrepancies have been eliminated. The Contractor shall submit a list of hold point inspections for review and approval (CDRL 12-5).

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-11 September 2015 12.5.10 Final Inspections A. The Contractor shall schedule a minimum of one day for MTA inspection of any major assembly before each shipment. The Contractor shall provide confirmation notification of at least 14 calendar days to MTA as to when such final inspection will take place. Any travel outside of the Baltimore area will require advance notification. After all work is completed, the Contractor shall perform final inspection to written procedures prior to MTA inspection. Workmanship items covered by prior inspection reports shall be corrected before final inspection begins. B. The Contractor shall provide a qualified supervisor to accompany MTA during final inspection to assure that proper corrective action is taken. The Contractor shall provide labor and appropriate tools to remove or open and reapply covers and doors. During final inspection, all systems shall be operational with use of approved types of special equipment or power supplies. 12.5.11 Shipping Inspection The Contractor shall prepare written procedures to ensure completion of manufacture prior to shipment from each manufacturing facility and that all shipments are adequately prepared to preclude damage during shipment. These procedures shall include assembly, shipping, preparation instructions and inspection procedures for assemblies scheduled for shipment to the next manufacturing facility or acceptance site. 12.5.12 Pre-Shipment Testing The Contractor shall test equipment functions and performance at the manufacturing site to assure compliance with all technical requirements of this Contract. Conformance tests shall be performed to approved procedures. The results shall be documented and included in record books. Corrective measures shall be made and tests shall be repeated until successful. Final inspection shall not be permitted until conformance testing is successfully completed and accepted. 12.5.13 Retrofit Inspection The Contractor shall provide written procedures to inspect retrofits or changes made to the ATC system on MTA property. When a retrofit or change is made by MTA upon direction and supervision of the Contractor, it shall be to the entire ATC system in kind. Quality Control by the Contractor shall verify and document completion status of changes. 12.5.14 Installation Inspection The Contractor shall inspect and verify that for each installation: A. Proper methods of cabling, terminating, earthing and identification have been utilized, B. Positioning and orientation of equipment and hardware are in agreement with the approved drawings, C. Completeness and workmanship meet contractual workmanship standards, D. Measuring and test equipment used in field installation or testing are certified to be in calibration at the time of use, and E. Adequate information to identify location, type of equipment, contract number and name, date and name of contractor’s inspector, designated place where items can be checked for

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-12 September 2015 acceptance or rejection, and discrepancy sheet to list noted deficiencies and corrective action taken have been provided. Once installation activities have started for major assemblies, summary reports shall be generated and submitted to the MTA monthly verifying the conformance to the requirements and acceptability of all elements of the work (CDRL 12-6). These reports shall include the following: A. Outline of activities and actions of the QA/QC staff as indicated in the QAPP, B. Summary of inspection activities and inspection results, C. Outline of conditions adverse to quality and the corrective actions implemented. 12.6 QUALITY ASSURANCE AUDITS A. The Contractor shall conduct internal QA audits according to its documented procedure and audit plan to ensure that its quality system is functioning as required. Audits and follow-up actions shall be documented as evidence that corrective actions are taken by responsible persons within the Contractor organization. Audits shall be performed to approved checklists by personnel other than those who performed the work. Internal Contractor and Subcontractor audit reports shall be accessible to MTA representatives at the Contractor facilities upon request. B. MTA will audit the Contractor’s QA activities to determine compliance with the approved Quality Assurance Program Plan. The audit will be conducted as per the schedule. During the initial audit of the Contractor's QA functions, MTA reserves the right to audit the QA programs of Subcontractors. C. MTA will notify the Contractor of any noncompliance found during audits. The Contractor shall correct noncompliance promptly and request approval. Noncompliance with any part of the approved Quality Assurance Program Plan shall be cause for rejection of Contract work. If the Contractor is responsible for the deficiency, work on the Contract shall be rejected. D. After corrective action of the noncompliance has been verified, the Contractor will be notified; Contract work may resume. Schedule delays caused by non-compliance with the approved Quality Assurance Program Plan shall not justify an extension of time under the Contract. E. Audits shall report on the degree of compliance with the approved Quality Assurance Program Plan and QA procedures. 12.6.1 Audits of the Contractor MTA may audit the Contractor’s QA program at the following times: A. Prior to production of major ATC equipment assemblies and subassemblies. This audit shall include the Contractors and Subcontractors; B. After completion of major ATC equipment assemblies and subassemblies before installation of equipment; C. 30 days after installation of ATC equipment assemblies and subassemblies onto MTA property; D. Any time prior to use of ATC equipment assemblies and subassemblies in revenue service operation; Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-13 September 2015 E. Any time MTA determines an audit to be appropriate. 12.6.2 Contractor Audit of Subcontractors The Contractor shall conduct QA audits of its Subcontractors as a condition of the Subcontract or purchase order before the start of work, and within 30 days before the Contractor's acceptance of the FAI, or of supplied items and services. The Contractor shall notify MTA in advance of any scheduled audit. Audits of the Contractor and Subcontractor may be witnessed by MTA. 12.6.3 Audit Reports Audit reports shall be submitted as follows: A. Within 4 weeks following audits, MTA will furnish the Contractor with a report of each audit. The audit report will describe scope of the audit and procedures followed. The report will identify deficiencies, corrective actions, and date when corrective action for each deficiency is required; B. The Contractor shall prepare a similar report for submittal to MTA for each audit of Subcontractors; C. The Contractor shall submit a formal written response to MTA within 10 working days following the receipt of each audit report. The response shall request approval for the proposed methods and timetables to achieve compliance with the audit report. 12.7 CHANGE CLASSIFICATION Changes to the ATC system design after approval of FDR by the MTA shall be subject to Engineering Change Proposals (ECPs) in accordance with the procedures described herein (CDRL 12-7). All ECPs shall be reviewed by the Contractor’s organization responsible for configuration control for total impact evaluation prior to recommendation and submittal to the MTA for review and approval. 12.7.1 Class 1 Change A. A proposed engineering change to any part, assembly, or equipment item for the Contractor’s ATC system shall be designated as a Class I change when one or more of the following is affected: 1. Form, fit, and functional interchangeability 2. Reliability and maintainability 3. Weight or balance (where it is a factor) 4. MTA-furnished equipment 5. Safety 6. Electromagnetic interference characteristics 7. Delivered product (retrofit) 8. Delivered training, operation, or maintenance manuals (where additional Contract funds are required to revise manuals) 9. Sources of repairable items (source control drawings) 10. Schedules or deliverables

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-14 September 2015 11. Initial provisioning 12. Performance of equipment 13. Training B. A proposed change to any ATC system software shall be designated as a Class I change when one or more of the following factors are affected: 1. Function, performance, including reliability, maintainability, correctness, efficiency, flexibility, testability, usability, and outside tolerance 2. Interface characteristics 3. Cost 4. Schedules 5. MTA-furnished equipment 6. Safety 7. Skill levels, training or human engineering design 12.7.2 Class 2 Change Any engineering change not affecting form, fit, function, or interchangeability, nor falling within the preceding definition of a Class I change shall be designated as a Class II change. Some examples of Class II changes are correction and clarification of documents and drawings, substituting alternative materials or hardware, and those changes which do not affect the preceding listed Class I factors. 12.7.3 Accountability The Contractor shall: A. Maintain records such that configuration of any item being delivered shall be definable in terms of its component part numbers. B. Account for differences between the as-built configuration and engineering released documentation. C. Record status of change approvals and incorporation at each point in product development, test, production, or operational usage. D. Maintain a serialization and configuration record, and the status of interface specifications, control documents, and plans. E. Maintain status of software once a baseline has been defined (i.e., after approval of FDR by the MTA). 12.7.4 Contractor Change Requirements A. The Contractor shall process each Class I change as an ECP and submit to the MTA for approval prior to initiating any implementation action. Any action or cost necessary to correct problems in the product or documentation arising from Contractor’s misclassification shall be borne by the Contractor. The Contractor shall also classify and control changes originating from Subcontractors. The Contractor shall submit the ECP to the MTA accompanied by technical documentation and the cost information necessary to fully evaluate the change.

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-15 September 2015 B. The Contractor shall report all Class I changes which affect safety immediately. The Contractor shall identify the change by ECP number if reported verbally, and confirm the change in writing to the MTA within 24 hours. C. Class II ECPs shall be submitted to the MTA by the Contractor for information. 12.8 CDRL ITEMS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications. Design Review Submittal Milestone CDRL CDRL Title CDR PDR FDR Post FDR Prior to No. Service NTP+ 12-1 Quality Assurance Program Plan 45 12-2 Quality Assurance Manual X

12-3 Configuration Management Plan X List of Parts and Materials to be Inspected by 12-4 X Statistical Quality Methods 12-5 List of Hold Point Inspections X 12-6 Installation Inspection Reports MONTHLY 12-7 Engineering Change Proposals AS REQUIRED

Attachment C, Part 2, ATC System T-8000-1415 Section 12, ATC Quality Assurance TS 12-16 September 2015 SECTION 13 TECHNICAL SUPPORT

Contents

SECTION 13 TECHNICAL SUPPORT...... 13-I

13.1 General13-1

13.2 Scope of Work ...... 13-1

13.3 Codes, Standards, and Specifications ...... 13-1

13.4 Definitions ...... 13-1

13.5 Submittals...... 13-2

13.6 PRODUCTS...... 13-3

13.6.1 Manuals and Guides ...... 13-3

13.6.2 CBTC System Description Manual ...... 13-4

13.6.3 Operations Manuals...... 13-5

13.6.4 Field Service Maintenance Manuals...... 13-6

13.6.5 Shop Repair Manuals...... 13-8

13.6.6 Troubleshooting Guides...... 13-11

13.6.7 Site Description Manuals ...... 13-12

13.6.8 Special Tools, Diagnostic and Test Equipment Manuals...... 13-12

13.6.9 Manual Formats and Quantities...... 13-13

13.6.10 Manual Updates...... 13-14

13.6.11 Software Documentation, Requirements and Maintenance Manuals...... 13-14

13.6.12 Diagnostics ...... 13-15 Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-i September 2015 13.6.13 Portable Test Equipment ...... 13-16

13.6.14 Bench Test Equipment...... 13-17

13.6.15 Special Tools...... 13-22

13.6.16 Solid State Interlocking Development Tools...... 13-24

13.6.17 Test Tracks...... 13-25

13.6.18 Illustrated Part Catalogs...... 13-25

13.6.19 ATC Spares ...... 13-25

13.6.20 Data for MTA Metro Rail Maintenance ...... 13-28

13.7 EXECUTION...... 13-28

13.8 CONTRACTOR SUPPORT FOR SYSTEM STABILIZATION PERIOD...... 13-31

13.9 REQUIRED CDRLS...... 13-31

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-ii September 2015 SECTION 13 TECHNICAL SUPPORT

13.1 GENERAL This Section specifies the requirements for technical support, operating and maintenance manuals, diagnostic and test equipment, special tools, and the initial provisioning of spare parts. 13.2 SCOPE OF WORK

A. Provide technical support to maintain the equipment comprising the CBTC/AWS system throughout the warranty periods of all equipment supplied.

B. Supply all operating and maintenance manuals and parts catalogs for all equipment provided for the CBTC/AWS system as implemented on the Metro Subway line.

C. Provide Diagnostic and Test Equipment for all CBTC/AWS subsystems. Diagnostic and Test Equipment shall include portable test equipment and bench test equipment. In addition, supply special tools required to maintain each subsystem.

D. Prior to entry into revenue service, supply spare parts, modules, subassemblies, equipment, and special tools required to maintain full operation of the system.

E. Determine requirements of the existing maintenance departments. Provide spare parts and maintenance procedures data for MTA Metro maintenance.

F. Additionally, maintenance and support functions shall be implemented to address the requirements of 49CFR236 subpart H. 13.3 CODES, STANDARDS, AND SPECIFICATIONS The operating and maintenance manuals from the Metro Subway Line are available as reference materials from the Engineer. Each manual shall follow the format and structure of the equivalent document(s) provided. 13.4 DEFINITIONS

A. For the purposes of this section, Level 1 is defined as troubleshooting and maintenance of equipment down to the LRU (Line Replaceable Unit) level.

B. Level 2 is defined as troubleshooting and maintenance of equipment down to the LLRU (Lowest Level Replaceable Unit) level.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-1 September 2015 C. Level 3 is defined as troubleshooting and maintenance of equipment down to discrete or integrated circuit component level, including but not limited to board repair, component replacement procedures, relevant QA procedures accompanying repairs and validation procedures for authorizing use for safety application.

D. Level 1, Level 2 and Level 3 schematics, diagnostics and test equipment shall be included in the Contractor’s scope of work. Level 3 support services specified in this section includes all CBTC subsystems except for CBTC-ATS and SSI. 13.5 SUBMITTALS A. System Support Plan (CDRL 13-1). The System Support Plan shall identify the activities, resources, organization, schedule, and means for providing each element of the system support services. The system support elements shall include, but not be limited to: 1. Onsite support to resolve operational and maintenance problems 2. On-call support services 3. Support services during the warranty period 4. Support during testing and revenue service 5. Duration of support services 6. Support staffing requirements 7. Transition Plan at the end of Contractor supplied support services B. Maintenance Plan (CDRL 13-2). The Maintenance Plan shall describe all required preventive and corrective maintenance activities and shall define the maintenance environment recommended for the equipment. The Maintenance Plan shall address, as a minimum: 1. Maintainability approach 2. System overview 3. Maintenance resources, staffing levels and qualification requirements. 4. List and descriptions of Line Replaceable Units (LRU), and Lowest Level Replaceable Units (LLRU) 5. Preventive maintenance approach, including recommended preventive maintenance schedule intervals that align with MTA Metro carborne equipment inspection cycles 6. Corrective maintenance approach a. In-house work vs. outsourced work b. Estimated mean time to restore/repair each LRU 7. Special tools, diagnostic and test equipment descriptions 8. Description of the interface to the MTA Metro Rail Maintenance system

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-2 September 2015 9. Spare parts system descriptions 10. Manual descriptions C. Master Manual List (CDRL 13-3) D. Outlines of all of the manuals and guides (CDRL 13-4) E. Draft and final revisions of the operations and maintenance manuals and guides covering all CBTC/AWS equipment. F. Diagnostic Systems Demonstrations Plan (CDRL 13-14) G. Illustrated Parts Catalogs (CDRL 13-15) H. Spare Parts List (CDRL 13-16) I. Data for uploading into the MTA Metro Rail maintenance Management Information System (CDRL 13-17). 13.6 PRODUCTS 13.6.1 Manuals and Guides A. General Classification of Manuals and Guides 1. Supply manuals covering all CBTC/AWS equipment for use by all CBTC operations and maintenance personnel, which includes both signaling and car equipment personnel. The manuals and guides to be provided as part of this Contract include: a. CBTC System Description Manual (CDRL 13-5) b. Operations Manuals (CDRL 13-6) c. Field Service Maintenance Manuals (CDRL 13-7) d. Shop Repair Manuals (CDRL 13-8) e. Troubleshooting Guides (CDRL 13-9) f. Site Description Manuals (CDRL 13-11) g. Special Tools, Diagnostic and Test Equipment Manuals (CDRL 13-12) h. Software User Manual (CDRL 13-13) 2. Specific Manuals for MTA Metro Rail. Supply the following manuals to the MTA for approval: a. CBTC Work Manual (CDRL 13-25) b. Overhaul Process Manual (CDRL 13-26) c. Illustrated Parts Manual (CDRL 13-27) d. Portable Test Equipment (PTE) Operating Manual (CDRL 13-24)

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-3 September 2015 3. Specific Manuals for MTA Metro Rail maintenance. Supply the following manuals to the MTA for approval: a. PTE Operating Manual b. Bench Test Equipment (BTE) Overhaul Manual B. Each operating and maintenance manual or guide shall be submitted to the MTA and shall achieve “approved” or “approved with comments” status prior to the first draft submittal of any related Instructor’s Guide or Participant’s Guide for training. C. The content of all manuals shall be thorough, concise, clear and complete, and shall take into consideration all user groups as the target audience. Technical words shall be used only when no other word can convey the intended meaning.

D. The Contractor shall support a range of compatible publishing software applications or open source publishing software as approved by the MTA for all manuals and submittals as utilized by the MTA. The applications shall be of the latest releases. The applications shall include but not be limited to the following: 1. Adobe InDesign 2. Microsoft Word 3. Quark XPress 4. Adobe Pagemaker

E. Manuals for conventional signaling equipment (signals, switch machines, track circuits, automatic train stops, PLC, etc.) shall not normally be provided except for equipment new to the MTA and supplied and approved as part of this Contract.

F. Usability of the field service maintenance manuals, Shop Repair Manuals and troubleshooting guides shall be demonstrated to the satisfaction of the MTA. 13.6.2 CBTC System Description Manual A. The CBTC System Description Manual shall serve as a reference document for all users of the CBTC system. The CBTC user group includes staff at all levels in the following divisions: 1. Maintenance of Way Signals 2. Maintenance of Way Communications 3. Maintenance of Way Engineering 4. MTA Metro Rail Electronics Shop 5. Operations and Maintenance Training B. The manual shall contain general information on the CBTC/AWS system, its structure, main components and links between them, as well as the principle of operation of the system and its components.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-4 September 2015 C. The manual shall be written such that staff at all levels in the above divisions can understand the specifics of the system. The content of the manual shall serve as reference material in all training courses that are to be organized for MTA employees and as specified in Section 14 of the Technical Specification. 13.6.3 Operations Manuals. A. The following Operations Manuals shall be supplied for the use of operations personnel including Train Operators and dispatchers: 1. CBTC-ATS Operator’s Manual (covering all workstations) 2. Maintainer’s Control Panel Operator’s Manual 3. Train Operator’s Manual B. The Operations Manuals shall contain all information necessary for the safe operation of the CBTC/AWS system or designated component of it (e.g., rail vehicle) under the operator’s responsibility. C. The Operations Manuals shall include general system familiarization material, such as: 1. Location, function and operation of all control elements, gauges, indicators, switches, and other functions designed for users 2. Description of elements of the CBTC/AWS system which execute the operator’s control commands and which the operator may not be in the position to control or adjust, but of which the operator should have some basic knowledge 3. Procedures shall be in step-by-step format and detail how each step is performed, which parameters can be adjusted, and the effects obtained by varying each parameter 4. Emergency procedures 5. Trouble symptoms and diagnosis methods 6. Operator corrective actions, if any D. The Operations manuals shall include: 1. User guidance and error messages, along with the steps necessary to recover from errors 2. Illustration of each type of user display used in the CBTC/AWS system, along with a description of each dynamic data field 3. User instructions for all operator interactive procedures associated with the data fields on each display associated with the system functions E. The Contractor shall review existing MTA Metro Rail operating rules, regulations, procedures and bulletins for CBTC operations, detail any changes required to ensure technical accuracy with respect to the CBTC/AWS system furnished under this Contract, and ensure the Operations Manuals are consistent with the MTA Metro Rail operating rules, regulations, procedures and bulletins.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-5 September 2015 13.6.4 Field Service Maintenance Manuals A. Field Service Maintenance manuals shall provide all information needed for troubleshooting in-service failures and for performing scheduled maintenance, inspection, and adjustment. B. Field Service Maintenance manuals shall be supplied for each of the following items (subsystems) of the CBTC/AWS system: 1. CBTC-ATS Equipment 2. Zone Controller 3. Carborne CBTC Equipment 4. Data Communication System (DCS) including radio 5. Interface between wayside CBTC and Auxiliary Wayside System (AWS) 6. Solid State Interlockings C. Field Service Maintenance Manual shall include: 1. A description of the equipment, which shall contain at a minimum: a. An overview discussion for each major unit/subunit, operating modes and setup, equipment startup and shutdown, control and monitoring functions and other functions, electrical supplies, physical arrangement, and typical operating characteristics. 2. Theory of Operations, which shall contain at a minimum: a. A functional narrative written to facilitate the understanding of the electronic equipment necessary to support fault isolation to the depth needed for field maintenance. The operation of the equipment and related system/components shall be presented in a logical flow based on the description of comprehensive standard scenarios. The description shall include any issues associated with interfaces between multiple CBTC subsystem supplier equipment, in particular to ensure clear, consistent fault isolation capabilities for all CBTC/AWS configurations. b. Identification of significant input, output signals and internal circuits with minimum and maximum operating ranges. c. Functional block diagrams to support the text. d. An explanation of all operating modes. e. Standard messages and screen shots for the operator’s wayside and carborne, based on the defined scenarios above. 3. Preventive Maintenance/Inspection procedures, which shall contain at a minimum: a. A model check list suitable for duplication and use, stating locations of all items to be inspected, adjusted, tested, cleaned, etc. under normal and abnormal conditions. b. Safety precautions/warnings/guidelines which also identify personal protection equipment, material lists, and lead times (mean times to restore/repair). Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-6 September 2015 c. Electrostatic discharge warnings and methods of protection/mitigation. d. A description of all the steps in each maintenance procedure, detailing for each step the purpose, location, tools, and supplies required, measurement settings and minimum tolerances, condemning values, instrumentation adjustments, and suitable diagrams and/or photographs. e. Recommended inspection and maintenance frequencies for each LRU, with lead times (mean times to restore/repair). f. Early warning detection of equipment problems and recommended measures for resolving problems. 4. Detailed and complete documentation of the operation and function of all local and remote diagnostics systems. 5. Troubleshooting Procedures. a. Procedures for detection, isolation and correction of equipment system failures or malfunctions. The tasks shall include methods of determining the cause and isolation of the fault to a replaceable part, interface wires or mechanical linkage. Troubleshooting procedures, in conjunction with testing procedures, shall include steps required to enable the maintainer/technician to isolate equipment failures or malfunctions. In addition, instructions shall direct repair or replacement of parts authorized for repair or replacement, at the field level of maintenance. Schematics are required as backup data, and shall integrate mechanical, electrical and electronic components as applicable. b. Troubleshooting and diagnostic functionality shall be included in the CBTC/AWS software in order to check the software status and data. This functionality shall guide the user in an efficient way through this system. c. One of the following formats for troubleshooting procedures are acceptable: logic tree format; fault logic text; procedural text; or fault, probable cause, remedy table. d. Troubleshooting procedures shall utilize self-diagnostic programs embedded into the system, and shall generally not rely solely on manual procedures. 6. Repair (Removal and Replacement) Procedures. a. Each procedure shall incorporate all the MTA safety regulations, appropriate lists of parts that are authorized to be replaced at the field level of maintenance, and tests necessary to validate the proper repair and installation of the equipment. b. A list of all steps in the procedure, giving for each step the tools and supplies required, measurement settings, and diagrams supplementing the list of steps where practicable. c. Removal and Replacement procedures shall identify how to return material to the vendor with complete contact information and copies of the form used to return components.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-7 September 2015 7. System Schematic Diagrams. a. The use of block diagrams, exploded view, illustrated parts breakdowns, and schematic drawings shall be maximized to facilitate descriptions of assemblies and the relationship of components, subsystems and systems. Where applicable, as-built drawings shall be incorporated into each field service / running maintenance manual. b. Wiring documentation shall be prepared to ensure the understanding of the functions, system states, messages, and the makeup of each power, control, network and signal interface with the mechanical system. This documentation shall contain complete details on Level 1, 2 and Level 3 records where required. c. An explanation of the wire identification method and the equipment and the terminal board identification used. d. All wiring information including inter-module connections, plug coupler harnesses, pin connections, back panel and assembly wiring diagrams for all installed systems, subsystems and equipment. e. Specific wire and connector repair information, as required. f. Equipment Layout drawings showing component types and positions. g. Printed circuit board schematics and pin interface drawings. h. Other electrical, electronic, and mechanical data shall be provided. Mechanical dimensions shall utilize English units. 8. Inputs and outputs. A detailed listing of I/O port assignments, which shall also include function assignments by name, description, and for each input and output function. Spare input and output ports shall be included in this listing. 9. Product specifications and catalog cut sheets. 13.6.5 Shop Repair Manuals A. The Shop Repair Manuals shall be designed for use by overhaul and shop personnel with basic knowledge of electricity and electronics for the purpose of diagnosing and repairing/rebuilding LRUs sent from the field, to the level of LLRU replacement. Shop Repair Manuals shall be required for Bench Test Equipment and Portable Test Equipment. Shop Repair Manual requirements for Bench Test Equipment shall be applicable for the BTE Overhaul Manual. Support equipment maintenance procedures not included in separate support equipment maintenance manuals shall be provided. B. The Shop Repair Manuals shall be supplied for each of the following items (subsystems) of the CBTC/AWS system: 1. CBTC-ATS Equipment (excluding standard COTS hardware) 2. Zone Controller 3. Carborne CBTC Equipment 4. Data Communication System (DCS) including radio

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-8 September 2015 5. Solid State Interlockings (except for Level 3) C. Shop Repair Manual shall include: 1. Description of the equipment, which shall contain at a minimum an overview discussion for: a. Each major unit/subunit b. Operating modes and setup c. Equipment startup and shutdown d. Control and monitoring functions and other functions e. Electrical supplies f. Physical arrangement g. Typical operating characteristics 2. Theory of Operations, which shall contain at a minimum: a. A functional narrative written to facilitate the understanding of the electronic equipment necessary to support fault isolation to the depth needed for field maintenance. The operation of the equipment and related system/components shall be presented in a logical flow based on the description of comprehensive standard scenarios. b. Identification of significant input, output signals and internal circuits with minimum and maximum operating ranges. c. Functional block diagrams to support the text. d. An explanation of all operating modes. e. Standard messages and screen shots for the operator’s wayside and trainborne, based on the defined scenarios above. 3. Product Specifications and catalog cut sheets 4. Wiring and Assembly Diagrams. These shall be provided in sufficient detail that it will be possible to trace individual signals and for the MTA to rebuild all components, including cables. 5. Complete Parts List. Complete parts lists for all of the printed circuit cards, backplanes, and cables contained within the diagnostic test equipment and those that are tested by the diagnostic test equipment shall be provided. The complete parts list shall include Commercial Generic Parts References wherever possible. For programmed devices, the supplier shall supply the commercial part number of the un-programmed part as well as supplying the associated download file for a DATA-I/O programmer on CDROM. 6. Troubleshooting Procedures

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-9 September 2015 a. Shop repair level procedures for detection, isolation and correction of equipment system failures or malfunctions. The tasks shall describe methods of determining the cause and isolating the fault to a single component or single circuit, interface wires or mechanical linkage. Troubleshooting procedures, in conjunction with testing procedures, shall include steps required to identify equipment failures or malfunctions. Instructions shall direct repair or replacement of parts authorized for repair or replacement at the shop level of maintenance. Schematics and other diagrams shall supplement the text where practicable. b. Troubleshooting and diagnostic functionality shall be included in the CBTC/AWS software in order to check the software status and data. This functionality shall guide the user in an efficient way through this system. c. Troubleshooting data, combined with operational check procedures, shall guide the technician, in as practical a manner as possible, to the cause of equipment failure or malfunction and its repair. d. One of the following formats for troubleshooting procedures is acceptable: logic tree format; fault logic text; procedural text; or fault, probable cause, remedy table. e. Troubleshooting procedures shall incorporate the use of test equipment such as, but not limited to, dedicated test units, digital meters, oscilloscopes, and specialized test gauges and equipment. f. Procedures shall be detailed to identify failures to the LLRU level. g. Procedures shall be provided to verify and validate the safety and operations of the repaired equipment. h. Procedures shall be detailed to list steps required to reload all bench test equipment onto a new workstation. 7. LLRU Replacement Procedures a. Procedures shall direct technicians in the proper practice of replacing parts authorized for Level 2 or Level 3 maintenance. b. Clearance, dimensions, torque, maximum and minimum values and ranges, and other similar data. c. Step-by-step procedures for any alignment adjustment or calibration required as a result of the replacement of any LLRU. d. Specific instructions for any precautions or special maintenance required. In particular specific instructions shall be included for maintenance under extreme environmental conditions, such as inspection of seals or items susceptible to electrostatic discharge. e. Special procedures for preparation of the equipment for shipping and storage. Special precautions necessary to prevent damage in shipment and other storage procedures peculiar to the equipment shall be included. 8. Test Procedures. Detailed step-by-step test procedures including all equipment and materials required for testing. Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-10 September 2015 9. Schematics a. Schematics shall be provided to include wiring diagrams and assembly schematics illustrating discrete level and integrated circuit components on LLRUs to support Level 1, Level 2 and Level 3. b. Schematics shall be provided for all printed circuit boards as well as the custom components. The use of block diagrams, exploded view, illustrated parts breakdowns, and schematic drawings shall be maximized to facilitate descriptions of assemblies and the relationship of components, subsystems and systems. Where applicable, as-built drawings shall be incorporated into Shop Repair Manual. 10. Safety a. Safety precautions, guidelines, and warnings shall be provided to protect equipment and personnel. The precautions shall take into consideration extreme environmental operating conditions. b. Electrostatic discharge warnings and precautions shall be provided. 11. Test fixtures. a. Provide test fixtures to support Level 1, Level 2, and Level 3 repairs. b. Instructions and recommendations for the use of each type of test fixture provided under this Contract applicable to the system to which the manual refers. A description and wiring diagram of the test fixtures and the theory of operation shall be provided. 12. Installation details. Step-by-step installation instructions, including dimensions, and tolerances, detailing all procedures, tools, equipment, and materials required for installation of the equipment. 13.6.6 Troubleshooting Guides A. Supply troubleshooting guides for signal maintainers and road car inspectors. For the signal maintainer, the guide is for their easy reference in the process of isolating the cause of equipment malfunction and repairing the faults. For the road car inspector, the guide is for their easy reference in recovery of trains and their removal from the mainline. B. The content shall be concise to facilitate ease of understanding. Wherever possible, diagrams shall be provided to aid understanding and reduce voluminous text. The troubleshooting guides shall be prepared as follows: 1. Troubleshooting guides shall be a compact reference tool with a plastic cover and laminated pages. The guide shall be designed to be carried in the field by MTA personnel and kept in a toolbox or pocket. Actual dimensions and bindings to be approved by the Engineer. 2. Troubleshooting guides shall be tear-resistant and feature multi-color printing (minimum of three colors). 3. Troubleshooting guides shall provide, in a flow chart format, the most basic information required to diagnose and troubleshoot a problem.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-11 September 2015 4. Troubleshooting guides shall briefly describe in outline format the procedures required to operate and troubleshoot and make temporary/permanent repairs to the equipment. 5. Troubleshooting guides shall indicate references to the Maintenance Manual sections, which provide the detailed procedures. 6. The Contractor shall submit a sample of the troubleshooting guide, prior to the submittal of the training materials, to the Engineer for review and approval. 7. Troubleshooting guides shall include diagrams and photographs of excellent visual quality that illustrate the typical configurations of installed CBTC/AWS equipment. C. The signal maintainer troubleshooting guides shall also contain: 1. A logical sequence of steps, so that the maintainer can locate the defective component. 2. A Logical sequence of steps to determine the defective sub-unit. 3. Precautionary measures to be taken when troubleshooting and maintaining equipment for safe train operation and protection of personnel. 4. Testing requirements to return the repaired or replaced unit back into service. D. The road car inspector troubleshooting guides shall also contain: 1. A logical sequence of steps, so that the maintainer can prepare the car to be manually driven or propelled by another vehicle off of the mainline. 2. Precautionary measures to be taken when operating the car under special conditions 13.6.7 Site Description Manuals Supply a detailed manual of information for every equipment room. The purpose of the manual is to provide MTA signal maintenance personnel with a comprehensive description of the equipment at each location. The manuals shall include information of what equipment and supplies are in the room, how the equipment is wired, and the configuration of all hardware. Text descriptions shall be supplemented with detailed drawings and tables to provide a clear understanding of the site and hardware layout. 13.6.8 Special Tools, Diagnostic and Test Equipment Manuals Provide special tools, diagnostic and test equipment manuals describing the efficient, safe, and effective use of the tools and diagnostic equipment supplied. The manual content shall include:

A. Description of the tools, diagnostic and test equipment and its applications. B. Detailed and safe setup of operation and use of procedures. C. Adjustment, calibration, troubleshooting, and maintenance procedures for the equipment and tools. All tools are to be calibrated in accordance with OEM standards and applicable national standards. D. Detailed schematic diagrams of the equipment. E. Storage and transport requirements.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-12 September 2015 F. Maintenance and inspection schedule. G. Equipment manufacturer contact information. H. Bill of materials. 13.6.9 Manual Formats and Quantities A. The manuals furnished by the Contractor (except for Commercial Off-The-Shelf products) shall conform to the format requirements herein. For COTS equipment, the requirements shall apply where possible and with prior approval of Engineer. B. Manuals prepared for all CBTC/AWS subsystems shall be designed for continuous long-term use in a field or maintenance shop environment. Manuals shall lie flat when opened and shall permit adding and replacing pages. Manuals shall be resistant to oil, water and wear. All manuals shall have a table of contents, list of figures, list of tables, list of schematics and illustrations, a subject index, a term glossary, a list of abbreviations, and any applicable symbol conventions. C. All manuals shall be prepared as follows: 1. Loose leaf, five-ring with elliptical rings; stiff cover with covering resistant to oil, water and wear; reinforced hinges; label holder on spine; mechanical device to open, close and lock rings; and sheet lifters. Size shall be 8.5-inch by 11-inch paper. 2. Color and lettering will be approved by the Engineer. 3. When the assembled data exceeds the capacity of the binder, provide additional binders as necessary. 4. Catalog data: Offset printed copy on white paper, with plastic reinforced edge. 5. Standard pages: 8.5 inches by 11 inches. If 11-inch by 17-inch pages must be used, place pages in a separate 11-inch by 17-inch binder. 6. Holes punched for standard five-ring binders. Reinforcement labels shall be used for all pages that do not meet the dimensions of the 8.5 inches by 11 inches standard page. 7. Manuals shall be segmented into tabbed sections. D. The manual quantities listed below are base quantities for bid. The Contractor shall provide cost information on a pro rata basis. The quantities of each of the various manuals required for each type of equipment under this Contract are: 1. Three CBTC System Description Manuals (one copy laminated) 2. Three Operating Manuals of all kinds (all copies laminated) 3. Three Field Service Maintenance manuals (all copies laminated) 4. Three Shop Repair Manuals (one copy laminated) 5. Three Troubleshooting Guides for Signal Maintainers (all copies laminated) 6. Five Troubleshooting Guides for Road Car Inspectors (all copies laminated)

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-13 September 2015 7. Four Site Description Manuals per site (two copies laminated) 8. Three Special Tools and Diagnostic Equipment Manuals (one copy laminated) 9. Two BTE Overhaul Manuals (no copies laminated) E. All manuals shall be delivered to a location to be directed by the MTA. F. The final approved version of all manuals furnished by the Contractor, not original equipment manufacturer (OEM) documentation, shall also be furnished in standard computer readable form, as defined below, and be electronically reproducible on a separate technical publishing system. All manuals specified to be furnished shall be of original printed quality. G. CD-ROM. 1. Furnish five sets of all final manuals on PC compatible, clearly labeled, indexed CD-ROM disks or other approved data storage media which are correctly formatted for accessibility on standard, off-the-shelf, commercially available CD-ROM/CD-R/W or DVD hardware drives or equivalent on PC compatible or equivalent personal computers or laptops. 2. The manuals recorded on CD-ROM disks shall contain all text and drawings, be configured for editing and reproducing, and be compatible with the latest version of Microsoft Office software, two licensed copies of which shall also be supplied. The manuals shall be formatted correctly and be ready for printing on office-type laser printers. 13.6.10 Manual Updates A. All manuals, drawings and guides supplied as final documentation shall be updated to include all changes made to the CBTC/AWS system from the design through the time of shipment from the Contractor’s factory until final acceptance. Updates to the manuals, drawings and guides shall be provided to the MTA prior to any major modification of any in service CBTC subsystem. B. Supply any revisions or changes necessitated by inaccuracies, installation requirements, omissions determined by usage, and design or production alterations to the system until Final Site Acceptance. Revisions to final draft and approved manuals shall be recorded on a control list in the front of each manual. The list shall be issued with each revision and shall show the date of each revision and the page reference. Updated lists and revisions shall be maintained in the manuals by the Contractor until the warranty period expires. Revisions shall be prepared before the arrival of altered components and as soon as possible after procedures are changed or errors are found. Manuals shall be numbered. Revisions to the manuals shall be issued by manual number. Revisions related to alterations of subsystems or assemblies shall be issued before the arrival of components. 13.6.11 Software Documentation, Requirements and Maintenance Manuals A. Provide full and complete documentation for all aspects of the CBTC/AWS software systems for possible future configuration and database modifications and enhancements defined beyond substantial completion and system acceptance of the Project by the MTA. B. Provide all software documentation for all software development and maintenance utilities. C. Software Maintenance Manual.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-14 September 2015 1. Provide 10 copies of a software maintenance manual that addresses the processes and tools that shall be used by the MTA to administer and maintain the CBTC/AWS software. The manual shall include a system operation description (hardware and software) as it relates to the user’s tasks. The manual shall be prepared specifically for the system delivered to the MTA under this Contract. The software maintenance manual will not include standard descriptions that do not apply to the delivered CBTC/AWS equipment. 2. Describe the processes for performing version control and define the configuration management procedures as described in the approved Software Configuration Management Plan. 3. Describe how to perform routine maintenance and how to recover from system problems. Include descriptions of system notifications for routine maintenance and alarm conditions, how to monitor the performance of the CBTC/AWS system software, how to modify the database, and how to track and load software versions using the tools and utilities provided. 4. Describe procedures to be followed as a result of computer system restarts, failures, and failovers. The manual shall have sufficient information to guide the operator through starting and configuring the CBTC/AWS system, initiating diagnostics, and interpreting diagnostic and error output. 5. The software maintenance manual shall include a functional explanation and description of application programs, modules and their role. This manual shall not be written as a programmer’s document. Documentation shall include both hard copy and copies in magnetic or other acceptable electronic storage media, such as CD-ROM, fully programmed target equipment memory modules, which can be duplicated for replacement purposes. 13.6.12 Diagnostics A. Provide a comprehensive set of remote and local fault diagnostics for all CBTC/AWS carborne, wayside, and CBTC-ATS subsystems. B. The output from subsystem and equipment internal health monitoring routines shall be accessible by a combination of status reports at the ATS level, indications such as LEDs and similar displays on the equipment itself, and by accessing data and displaying the monitoring and built in tests results in a user-friendly HMI using portable test equipment. C. Provide a diagnostic tool for Carborne CBTC communication network management which shall monitor all communication interfaces and links of the carborne CBTC. This tool shall diagnose and display any faults between the CBTC Network and the Car network. This tool shall allow additional troubleshooting and diagnostics by supporting navigation of user screen displays to indicate specific connection points/ nodes to isolate location of faults. D. Carborne CBTC subsystem and equipment health status shall be sent to the carborne MDS subsystem, and the carborne event recorder E. Detailed diagnostic results shall be readily displayed and capable of being downloaded from CBTC-ATS workstations. Labels used on diagnostic results along with a brief description of function shall be submitted for the MTA approval. F. Test equipment that is specially designed to diagnose hardware and software failures of the CBTC/AWS system shall be supplied. Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-15 September 2015 G. All tools and diagnostic equipment are to be calibrated in accordance with OEM’s specifications and internationally applicable standards. The Contractor shall identify places where all tools and diagnostic test equipment can be sent for recalibration and the frequency of calibration for the lifecycle of the equipment. Tools and diagnostic equipment shall be calibrated by the Contractor from award of Contract until the warranty period expires. H. Remote Diagnostic Function. Refer to Sections 2 and 3 of Attachment C Part 2 for remote diagnostic functionality requirements. I. Local Diagnostic Function. 1. Provide all equipment required to indicate trouble indications including LCD displays, LED displays, LED segment displays, or similar. The displays shall be clearly visible from the front of the equipment and shall be clearly labeled, or the display shall spell out in text form the nature of the problem. 2. The displays shall not be coded. J. Operating and Maintenance manuals shall describe in detail the operation and use of the local and remote diagnostic functions of the CBTC/AWS system. 13.6.13 Portable Test Equipment A. Whenever possible, embedded diagnostics and annunciation shall detect, diagnose, and isolate subsystem failures. Portable test equipment (PTE) shall be supplied to enable troubleshooting in the event that the embedded diagnostics do not identify the cause of the problem. The portable test equipment shall enable a technician to quickly verify proper operation of a subsystem and troubleshoot failures of LRUs and LLRUs. Portable test equipment shall conform to the following guidelines: 1. Connections to the subsystem under test shall be made with a single multiple-pin connector. 2. Where practical, it shall not be necessary to break any mechanical or electrical connection to or within the subsystem under test when portable test equipment is used. 3. Portable test equipment shall be suitable for use in MTA site locations and environment conditions. Each unit shall weigh no more than 15 pounds. 4. All laptop computers and handheld devices used as PTE shall be designed for use in environmentally hostile locations and be state-of-the-art equipment with upgrade capabilities. Laptop computers shall be Rugged types from either Dell, Panasonic, or approved alternate. Each computer or handheld device shall operate on the latest operating system as available at the time of bid. Each laptop computer shall contain a CD/DVD reader/writer and be capable of reading all documentation, particularly drawings, manuals and training material, supplied in that format as part of this Contract. 5. Wherever practical, the MTA shall have the capability of creating and modifying diagnostic internal variables of PTE software to monitor the status of functions of a CBTC subsystem. 6. The portable test equipment shall be suitably buffered to protect against failure of the portable test equipment when testing and troubleshooting defective LRUs. The insertion of

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-16 September 2015 portable test equipment shall not introduce hazards or create additional faults to CBTC subsystems. 7. PTE shall have Ethernet network connectivity for ease of data transmission and reception. 8. PTE equipment shall be ergonomically designed for the operating conditions for maintenance personnel. B. Portable test equipment shall be supplied in the following quantities: 1. Eight sets of equipment for CBTC wayside and CBTC-ATS subsystems. 2. Ten sets of equipment for the carborne subsystem. C. LRU and LLRU Test and Verification Equipment. 1. Furnish test equipment to verify the correct functional operation of LRUs and LLRUs. The test equipment shall be capable of conducting “GO/NO GO” level of tests, as well as providing full diagnostics. 2. The test equipment will be used to confirm the status of LRUs and LLRUs prior to placing them in the spares pool and to confirm a failure diagnosis prior to sending an LRU or LLRU for repair. D. The Contractor shall schedule and conduct First Article Inspections (FAI) and Factory Acceptance Tests for the PTE equipment, with a minimum four week notice for the MTA to witness for each test (CDRL13-21). E. Submit PTE operating manuals (CDRL 13-24), which shall include the following: 1. Detailed and safe setup of PTE operating procedures 2. Adjustment, calibration, troubleshooting, and maintenance procedures for the PTE equipment 3. Detailed schematic diagrams, including wiring diagrams 4. Storage and transport requirements 5. Maintenance and inspection schedule 6. Equipment manufacturer contact information 7. Bill of materials F. Submit PTE design packages for review at the preliminary design review (CDRL 13-29) and final design review (CDRL 13-30) stages. 13.6.14 Bench Test Equipment A. Bench test equipment (BTE) shall be supplied by the Contractor to support back shop repair and maintenance activities. The bench test equipment shall be designed for the purpose of testing, troubleshooting, and calibrating all electrical and electronic components of the CBTC subsystem. This equipment shall require minimal input from the operator and shall run automatically using computer aided routines/programs. Sufficient dedicated metering shall be

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-17 September 2015 installed so that the technician does not need to manually probe test points or manually switch selector switches. B. Bench test equipment shall be provided for the following subsystems 1. Zone Controller

2. Carborne CBTC Equipment

3. Data Communication System (DCS), including spread spectrum radio frequency equipment

4. Solid State Interlocking Equipment

C. The Contractor may utilize commercially-available test equipment approved by the MTA for Line Replaceable Unit (LRU) and Lower Line Replaceable Unit (LLRU; the LRU printed circuit board and/or subassembly) level testing, with the following conditions being satisfied: 1. LRU GO/NO-GO End-to-End functional testing and LLRU fault detection shall be performed automatically, with the exception of performing manual testing on items embedded within the LRU design that require operator intervention (switches, LEDs, displays, etc.). 2. The LRU shall not require disassembly in any way to perform GO/NO-GO functional testing. BTE connections to the LRU shall utilize all available LRU level connectors that were designed for either mating that LRU to next higher assembly or providing test signal port interfaces to and from that LRU. 3. LLRU (printed circuit board and/or subassembly) GO/NO-GO End-to-End functional testing and fault detection shall be performed automatically, with the exception of performing manual testing on items embedded within the LLRU design that require operator intervention (switches, LEDs, displays, etc.). 4. During GO/NO-GO End-to-End functional testing, all BTE connections to the LLRU shall utilize all available on-board connectors that were designed for either mating that LLRU to printed circuit boards or subassemblies, providing test signal port interfaces to and from that LLRU, or interfacing that LLRU to the next higher assembly. 5. Removal of conformal coating shall not be required from the LLRU prior to the detection of a failure during GO/NO-GO End-to-End functional testing. 6. Any type of test probe, outside of interfacing with any available printed circuit board connectors, shall not be required to be attached to the LLRU printed circuit board during GO/NO-GO End-to-End functional testing. 7. The BTE test program shall provide the operator the option to perform a specified number of “loop testing” during LRU and LLRU testing. D. The BTE shall be designed to enable a technician to perform Level 1, Level 2 and Level 3 testing and repairs, as defined in the testing requirements herein. The BTE diagnostic software shall detect all failures in the Unit-Under-Test (UUT) that results in any car-borne or wayside system performance degradation. This includes, but is not limited to: each and every type of electronic circuit board, including mother boards and backplane wiring. The bench test equipment shall Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-18 September 2015 include a full complement of support devices to enable testing to be performed on the UUT without the need to remove additional equipment to support use of the BTE. The BTE shall be ergonomically designed for operating conditions at the Metro electronics shop. The BTE shall generate automatic test reports and permit screen capture. Test report format and operator interface formatting shall be approved by the MTA. E. BTE Level 1 and Level 2 Testing. The bench test equipment diagnostic software shall detect all failures in the Unit-Under-Test (UUT) that results in performance degradation of any CBTC subsystem. The BTE shall produce all of the operating commands and other input signals supplying the UUT and the BTE shall monitor the outputs and responses of the UUT to completely exercise all bench-repairable components. Prior to applying the main power to the UUT, the program shall make sufficient measurements to ensure that the BTE, and correct UUT are properly connected (UUT Signature Test) and main power can be applied (UUT Safe-To- Turn-On Test). The BTE diagnostic software shall initially execute a “GO/NOGO” End-to-End testing sequence to determine if UUT is functioning properly (within MTA operating parameters). The results of the “GO/NOGO” test shall be displayed to the operator and the option to print the results of this functional testing shall be presented. The hierarchical level of testing for a UUT shall begin from the Lowest Replaceable Unit (LRU) of the CBTC subsystems. In the event that the LRU does not pass the diagnostic end-to-end BTE testing, program execution shall continue testing the UUT so that the malfunctioning printed circuit board is identified. F. BTE Level 3 Testing: Level 3 Testing is required for: 1. All CBTC LLRUs classified as non-vital within the CBTC on-board equipment 2. All CBTC LLRUs classified as non-vital within the CBTC wayside equipment G. An independently executable LLRU Test Program shall perform diagnostic testing of the printed circuit board or subassembly to the component level. The printed circuit board or subassembly shall be tested as a stand-alone device (disconnected from its next higher assembly). The bench test equipment test program execution shall test the LLRU so that the suspected malfunctioning discrete component is identified. In the instance where the discrete component cannot be uniquely defined, all possible suspected failed components, both active and passive, shall be identified. H. The BTE shall generate automatic test reports and permit screen capture. Test report and operator interface formatting shall be approved by the MTA. I. The BTE shall identify the following information on screen and on the automatically generated test reports: 1. The individual printed circuit board that is malfunctioning. 2. Detailed fault information for error codes, including appropriate error codes on I/O PCBs e.g., “INPUT BIT X on PCB Y not detected.” 3. Failed discrete or integrated circuit components on the malfunctioning printed circuit board. 4. All firmware revisions of all printed circuit boards undergoing test. This shall be incorporated into the final test report. Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-19 September 2015 J. The BTE shall be capable of uploading all software/firmware onto the UUT. K. Extender boards shall be provided for each BTE. Each extender must provide means for easily interrupting any signal via jumper removal and shall not affect the performance of the UUT. L. The BTE shall be used for calibrating all of the CBTC equipment used in Carborne and Wayside systems, and testing complete assemblies of these same equipment when removed from the field. M. The BTE shall produce all of the operating commands and other input signals necessary to completely exercise all bench-repairable components; and to measure or indicate all of the signals, responses and outputs produced by a component by means of indicators such as LEDs, meters, oscilloscopes, or gauges. N. Dummy loads shall be applied to all outputs to simulate maximum design electrical loads. Where fiber optic and radio equipment is being tested, suitable engineered attenuators shall be provided for insertion to ensure that the lowest specified output level shall drive the least sensitive input equipment. All outputs that are self-powered shall have their outputs individually measured under the maximum design load. This includes any outputs that are open collector switches or equivalent. All other outputs that are not included above shall also have their outputs individually tested. All inputs shall be capable of being individually tested utilizing the minimum input design voltage. Provisions shall be made to allow the operator to set, via software control, any value of the power supply voltage to the UUT that is within the design range for that UUT O. The bench test equipment shall be suitably buffered to protect against failure of the bench test equipment when testing and troubleshooting defective units. P. To minimize MTA operator training requirements, BTE shall be designed with operator interfaces having a consistent look and feel wherever possible. BTE application software shall be formatted with consistent controls and on-screen tools. Exiting the test software shall return the operator to the computer’s operating system, which shall be of the latest release at the time of bid. Q. The Contractor shall schedule and conduct First Article Inspections (FAI) and Factory Acceptance Tests for the BTE equipment, with a minimum four week notice for the MTA to witness for each test. Factory acceptance tests for the BTE shall not be conducted prior to the PDR phase. Factory acceptance tests for the BTE shall be conducted at least 4 weeks prior to revenue service operation. Revenue service operation will not be allowed to start until the BTEs are delivered and installed at Metro and the appropriate training classes are held. Further, the BTE documentation must be delivered to the MTA a minimum of 4 weeks prior to the BTE Factory Acceptance Tests. R. The BTE shall be designed with self-test capability of its resident instrumentation and internal components. The BTE self-test shall exercise the bench test equipment instrumentation and supporting hardware within the operating ranges that have been exercised for those instruments or components during UUT testing. Testing of all BTE interface cabling shall be achieved via a wrap-around self-test feature to verify the operational integrity of all BTE instrumentation. In the event the bench test equipment is configured as a passive device (wiring only), a wrap-around self-test feature must be incorporated into the BTE design. The BTE self-

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-20 September 2015 test shall determine if the bench test equipment is functioning properly (“GO/NOGO”), with a probability of detection greater than 98%. In the instance where the BTE self-test fails, the possible failed BTE instruments and associated internal cabling shall be listed by probability of failure. The items identified shall be based on the designation defined in the schematics for the BTE. The results of the BTE self-test shall be printable and displayed to the operator. Upon encountering a failure during self-test, diagnostic testing shall continue testing so that the malfunctioning instrumentation is defined. Complete details (diagnostic flowcharts, test procedures, illustrated parts breakdown, etc.) for troubleshooting and repairing the BTE shall be provided. Complete parts lists and schematic diagrams of the bench test equipment shall be provided to enable its repair. The bench test equipment shall conform to the materials and workmanship, and documentation requirements of this specification. S. Details for troubleshooting and repairing the bench test equipment shall be provided, including complete parts lists and schematic diagrams of the bench test equipment. T. Wherever practical, the MTA shall have the capability of creating and modifying diagnostic internal variables to monitor the status of functions of a CBTC subsystem. U. All BTE shall be connected with the local area network (LAN) at Metro Rail Division. One additional computer system shall be furnished for interconnecting BTE and sending/transmitting test reports, etc. via the LAN. All connections to the local area network shall be through appropriate cabling, the connection to the local area network shall not be through wireless connections. V. Each BTE set shall have at least a 17-inch thin screen desktop display and be controlled by a desktop PC with a “QWERTY”-style keyboard. To the extent possible, all BTE supplied under this Contract shall utilize commercial off the shelf (COTS) equipment such as, without limitation, oscilloscopes, function generators, frequency counters, Digital Multi-Meters, barcode scanners, power supplies, CPUs, printers, and displays to minimize the MTA spare parts inventories. In order to avoid interference with operations or measuring equipment, no wireless mouse, keyboard or other such transmitting devices shall be used as part of the BTE. All such interface connections (e.g., mouse, keyboard, hard drive, local area network) shall be connected using appropriate cabling. W. Submit a BTE Overhaul Manual (CDRL 13-23), which shall be evaluated during all design reviews and shall include: 1. All wiring and assembly diagrams of the BTE 2. Detailed BTE troubleshooting instructions augments 3. Instructions for reloading BTE software onto a workstation 4. All BTE electrical schematics, assembly drawings, and Bill of Materials 5. BTE printed circuit board design documents and specifications X. BTE Design Reviews: The Contractor shall provide a proposed BTE design submittal, to be presented during Preliminary Design Review (CDRL 13-31) and Final Design Review (CDRL 13-32) as specified in the Contract for MTA approval.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-21 September 2015 Y. Bench Test Equipment Training & Certification. The Contractor shall provide the MTA with: 1. All training required for operational use and maintenance of the Bench Test Equipment 2. All training required for performing Level I and Level III testing/ diagnostics of LLRUs within the CBTC on-board and wayside equipment 3. Certifications (if applicable) to perform Level III testing and diagnostics on: a. All CBTC LLRUs classified as non-vital within the CBTC on-board equipment b. All CBTC LLRUs classified as non-vital within the CBTC wayside equipment Z. Bench Test Equipment First Article Acceptance (CDRL 13-22). First Article Acceptance of the bench test equipment shall be performed as an acceptance/commissioning test. 13.6.15 Special Tools A. Furnish special tools required to maintain each subsystem. Special tools are those tools and test equipment required to install, maintain and test the CBTC system which are not readily available. Special tools shall become property of the MTA. The Contractor shall provide a list of special tools (CDRL 13-28). B. Sufficient special tool sets shall be furnished to equip the MTA’s CBTC maintenance personnel and two sets shall also be supplied for training purposes. C. Furnish all support items and software required to maintain the CBTC/AWS system operational software, including test scripts and simulators. Provide complete software maintenance utility tools for the CBTC/AWS system prior to completion of the field functional tests. The software maintenance utility tools shall include the workstation hardware. The software maintenance utility tools shall include: 1. Software installation procedures 2. Interfaces to target hardware 3. Real time debugging and system monitoring facility 4. Utility to force change of state of specific variables and monitoring of variables 5. Debugging and monitoring reports in text format 6. Utility to allow upload of software/ database for all CBTC subsystems, verification of configuration of software including timers D. COTS Software Executables. 1. Provide all COTS products used in the development of the CBTC/AWS system and those COTS products that are integrated into the operational CBTC/AWS systems, to the MTA on CD-ROM disks. 2. The Contractor shall provide two licenses for installation of the software development and maintenance utility tools. E. The following specific tools shall be furnished for providing CBTC System and subsystem level reporting requirements: Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-22 September 2015 1. Computer based tool for graphic displays and enhanced reporting for Incident investigation: a. The Contractor shall supply a computer based tool that uses the CBTC-ATS archive data to generate data reports and graphs that enable rapid analysis of incidents such as a reported falsely permissive Movement Authority Limits (MAL). The reports shall be generated for any two trains in relation to each other and to fixed objects including signals, switch points, fouling points, and station berthing limits. The tool shall be able to generate graph curves for the two trains showing location by stationing versus time and speed versus stationing or time for two trains as well as the Authority Limits for each train. All location information shall use references to absolute civil stationing. The tool shall also be capable of locating survey control points on the graphs so that other objects can be plotted on the output charts. The tool shall be able to download in a user friendly format, such as Excel, the following reports of data and data exchange from the ATS Archive: ZC to CC, ZC MAL, CC MAL, ZC Vital and Non-vital Inputs, ZC Vital and Non- vital outputs, Train tracking locations, Virtual blocks and AWS relay reports. This data shall also be able to be represented in a graphical format for viewing and printing. b. The above tool shall also have the facility to use CBTC-ATS archive data and provide a graphical animation of the ZC data such as status of the Virtual blocks, movement tracking of train and train localization status. 2. Centralized software based radio network performance monitoring/ troubleshooting tool to identify trends that are symptoms of unexpected perturbations to the radio communication network, environmental configuration (buildings, other infrastructure) and hardware degradation of the subsystem connectivity such as antenna, cabling, calibration etc. This tool shall be capable of measuring error rates and transmission parameters- actual, max levels on a subsystem element level such as antenna, each Carborne radio unit on the system, each radio wayside case on the system and at a per train level. 3. Transponder Location Measurement Tool a. The Contractor shall provide a software tool to perform measurement of the position of the transponders on the track that could be loaded onto a PTE. b. With the PTE connected to the Carborne CBTC, this software shall be able to record and display the position of the transponders during train movement on the alignment. The display and the recorded data shall provide as a minimum the following information: (1) Display in a user-friendly manner the transponders on the track (2) Transponder ID (3) Stationing in feet using the line track stationing reference system (4) Detailed positioning location with respect to any track segments used for the CBTC database

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-23 September 2015 F. Event Recorder Data Analysis. Supply equipment necessary for the analysis of downloaded event recorder data. Submit for the Engineer’s approval the format and content of all reports (CDRL 13-18). G. Transponder Interrogator Antenna (TIA) Tester. Provide a means of testing the successful operation of the TIA and associated cabling installed on the cars within the Metro Rail Division facility prior to allowing train into revenue service on the main line. H. Submit matrix of special tools required for the Project. 13.6.16 Solid State Interlocking Development Tools A. Provide development tools including hardware and software to support the solid state interlocking control system as defined herein. B. The development tools shall include PC-compatible personal computers, preinstalled with utilities/ applications that support loading of specific application software for designed location, modifications to configurable parameters, timers, parameters and database elements to allow modifications, enhancements to the solid state interlocking configuration and performance. The tools shall also support utilities to confirm final changes to the above configurable items and based on specific user initiated commands produce version controlled, vitally verified executable files/ data that may be loaded/ installed onto target SSI hardware for operational checks. The tool shall be capable of delivering executable files/ data in formats suitable for direct installation/ loading onto target revenue service ready SSI systems (after validation and verification through separate processes defined elsewhere in this Specification). C. The tool shall produce configuration listings and reports to assist in configuration control and debugging. In addition, equivalent relay circuit plots shall be provided as an output for circuit checking and ongoing support. The circuits shall be in drawing standard format and readily understood by maintenance and engineering level staff. D. Provide tools to assist in comparing application program data and to identify all differences between versions. Differences shall be clearly identified for ease in verifying changes made to the application data. E. Programming tools shall be capable of accepting inputs in the form of standard horizontal ladder logic and Boolean equations. F. Simulation tools shall allow off-line testing and simulation of the application logic. Provide tools to display and document the operation of the control system program logic for the specific location layout being tested. The system shall be capable of graphical display of the operation of the plant, allowing for status display of all inputs, outputs, timers, and internal logic variables. It shall be able to simulate the entire geographical partitioned systems operating together. Provide user programmable parameters to define field equipment and other system performance and delays for accurate operation of the simulation process. G. Provide all equipment and software utilities to enable loading/ installation of software to target SSI systems, complete with all cables and documentation.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-24 September 2015 13.6.17 Test Tracks A. The CBTC subsystem components furnished for the test track(s) (transponders, zone controllers, radio cases, etc.) shall be configured and maintained by the Contractor until Acceptance of the CBTC system. The inspection and maintenance schedule for this equipment shall be in compliance with practices and standards approved by the MTA and shall not interfere with adjacent revenue service. B. The functional requirements of the test tracks are described in Part II Section 11 of the Technical Specification. 13.6.18 Illustrated Part Catalogs A. Illustrated Part Catalogs shall be supplied separately for the following CBTC/AWS system equipment: 1. CBTC-ATS Equipment. 2. Zone Controller. 3. Carborne CBTC Equipment. 4. Data Communication System (DCS). 5. Solid State Interlockings. B. Parts list including a complete list of each and every part used in each subsystem assembly and LLRU to the level of the lowest replaceable component (i.e., resistor, capacitor, integrated circuit packages, etc.). Each component shall be referenced by an assigned part number and, where applicable, the OEM’s part number as well as the component manufacturer’s part number. Equivalent parts available from other manufacturers shall be identified. C. Catalogs shall include illustrated part breakdowns and schematic drawings to facilitate descriptions of parts and assemblies. Illustrated part breakdowns shall be detailed enough to identify each individual part. D. One electronic copy of the IPC shall be provided to the MTA. All tables within this copy shall be provided in excel format. 13.6.19 ATC Spares The requirements for the provision, quantity determination, availability, and identification of spare parts for the ATC equipment are included in the following for both Mandatory Spares and Recommended Spares. Mandatory spares are those parts specifically identified and listed herein which shall be provided at the quantities shown as part of this Contract. Recommended spares are those parts, identified during design, recommended by the Contractor in quantities necessary to ensure the system availability. The purchase of the Recommended Spares will be done after the list is complete and negotiations concluded.

A. Spare parts shall be readily available prior to entry into revenue service of any part of the ATC system. Wherever practicable, spares shall be ordered at the same time as the production run. B. Mandatory Spare parts for the ATC system shall include the following: Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-25 September 2015 Item Qty Description

1 2 Complete Zone Controller cabinet sets of equipment including but not limited to: CPU subracks, I/O subracks, power supplies, connectors, connector cables, circuit breakers, fans, switches, Vital relays, Non-Vital relays.

2 2 Complete Data Communications System cabinet sets of equipment including but not limited to: switches, routers, converters, power supplies, radio, fans, connectors, connector cables, circuit breakers

3 2 Complete Solid State Interlocking cabinet sets of equipment including but not limited to: processor subracks, I/O subracks, local control panel, power supplies, connectors, connector cables, circuit breakers, fans, Vital relays, Non- Vital relays.

4 2 ATS workstations complete with software, monitors, key boards.

5 2 ATS Server sets of LRU subracks

6 10 Transponders

7 4 Complete Wayside Radio (Access Point) cabinet sets of equipment

8 4 Data Radio Antennas of every type used

Car ATC Equipment Spares

9 4 Complete Car Controller sets of equipment including but not limited to: Onboard Control Unit assembly, interface subracks, radio, A and B car rack equipment, transponder interrogator antenna, tachometers, connectors, connector cables, power supplies, circuit breakers, accelerometers

C. At FDR, the Contractor shall furnish to the MTA a comprehensive list of Recommended Spare parts, modules, subassemblies, equipment, and tools required to maintain full operation of the system being placed in operation. A draft Recommended Spare parts list shall be provided at PDR.

D. The Recommended Spare parts quantity shall be derived from a Poisson distribution calculation that includes the following parameters. No spare part quantity shall be less than two. The quantity calculation shall be performed for each LRU spare part, and a sample calculation shall be provided with the narrative text as part of the Spare Parts CDRL submittal (CDRL 13-16). 1. The total quantity of the installed LRU 2. The LRU expected failure rate 3. The repair turnaround time guaranteed by the Contractor 4. All installed components and LRUs are assumed in use 24 hours per day 5. The time period spares are to be available in MTA inventory is 5 years 6. The confidence level shall be 95%

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-26 September 2015 E. The Recommended list shall consist of: part description; part number; price of the part; range of time the prices are to be in effect; quantity of each of the parts installed under this Contract; and the number of spares to be ordered for each part as recommended by the manufacturer. To the extent practicable, each part shall be cross-referenced to at least two other manufacturers. F. Once the list is submitted and approved by the Engineer, variance will be fixed and negotiation will be done through the Contract prior to delivery of the spares. G. The quantity of spares provided during the five year period must be in compliance and consistent with the reliability analysis described in Part II Section 9 of the Technical Specification. H. Spares ordered for MTA use shall not be used by the Contractor during testing. The Contractor shall provide a sufficient number of spare parts to support the Contractors’ own activities during testing. Any unused spare parts remaining after testing and commissioning are completed shall be offered to the MTA for purchase as part of the overall spare parts negotiation process. I. Provide any additions to this list during the life of the Contract, so that spare parts and equipment can be ordered before the new equipment is placed in operation. J. Spare parts shall be interchangeable with their corresponding part. All spare parts shall be reconfigured to the latest in-service revision during the warranty period. At least two manufacturing sources shall be available for spare parts such as electronic components, lamps, fuses, and other consumable and high-use items. Spare parts recommendations shall include: 1. Grouping by subsystem, diagnostic test equipment, and special tools, as applicable, for stocking identification. 2. Generic name, trade name, description rating, accuracy, Contractor’s part number, manufacturer’s name, manufacturer’s part number, second source information, drawing references, and correlation with the maintenance manuals. 3. Correlation of the recommended quantities with reliability requirements and lead time on the basis of the following classifications: a. Wear: parts that may be expected to require regular replacement under normal maintenance schedules. b. Consumables: parts with an expected life of less than five years, such as indicator lamps. c. One Shot: parts that normally require replacement after performing their function one time, such as fuses, lightning arrestors, etc. d. Long Lead: parts that are not readily available from distributors or the manufacturer, such as specially made components. e. Exchange assemblies: assemblies that shall be exchanged with failed units (or units that are not responding as specified) on the supplied equipment and that must be inventoried as complete assemblies. 4. A cross-reference and indexing system for replacement components common to more than one subsystem. Such components shall have only one part number. Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-27 September 2015 K. The spare parts list, parts categorization, and cross-reference shall be subject to MTA approval. L. The actual type and quantity of the initial provisioning of spare parts material shall be determined and refined by the MTA during the course of the Contract. Refinement to increase or decrease spare parts quantity may be based on analysis of actual usage due to wear and tear and failure rates reported during the testing and demonstration period. M. All spare parts for which a BTE exists shall be delivered directly to the MTA for initial BTE testing and Quality Control Inspection prior to being entered into the storeroom system. Spare parts shall be delivered to MTA Metro Rail Division 5801 Wabash Ave. Baltimore, MD 21215-3331 13.6.20 Data for MTA Metro Rail Maintenance A. During FDR, furnish to the MTA, electronic data for all subsystems that constitute the CBTC/AWS system. B. The electronic data shall be provided in a format that is ready for upload to the MTA system to support: 1. Planning and scheduling maintenance tasks. 2. Creating preventative and corrective maintenance work orders, including information on maintenance procedures, staffing levels, scheduled lead times, material lists, tool and diagnostic test equipment lists, and safety procedures. 3. Tracking maintenance actions, including information on work conducted, materials or components replaced or repaired, and labor time. 4. Tracking warranty items that require maintenance action. 5. Tracking spare part and consumable item inventory levels. 6. Purchasing spare parts and consumable items from vendors. 7. Tracking of all CBTC equipment (including LRUs and LLRUs) furnished under this Contract utilizing the approved barcoding scheme. 8. Software tracking and version control. C. The actual type and format of the electronic data to be provided will be determined by the MTA during the course of the Contract. 13.7 EXECUTION A. General. 1. Provide technical support to the MTA during the course of the Contract, in addition to the level of support needed to satisfy the warranty provisions of the Contract. Technical support shall be provided by the Contractor to achieve reliability and availability targets in Part II Section 9 of the Technical Specification.

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-28 September 2015 2. After successful start of revenue service, provide on-site technical and operational support services for a period of 24 months. The MTA may extend support services with a one-year extension. The beginning of the support services period is in effect when the Contractor provides a continuous, successfully tested CBTC system with the first revenue service train in operation, and ends 24 months later 3. In the event of any corrective software releases, or hardware changes being necessary to fix functional and performance shortfalls, the duration of services shall be extended at no additional cost to the MTA until the major software release or hardware update is successfully implemented. 4. Six months before beginning the technical support services, resumes shall be provided to the MTA for all personnel proposed for the on-site services for review and approval of proposed staff (CDRL 13-19). All proposed staff shall have at least an associate’s degree in electronics engineering technology or equivalent. 5. Use the initial provisioning spare parts supplied under this Contract to repair equipment and subsystems. Consumable items shall be supplied by the MTA. 6. Beginning 4months before the end of the technical support services, implement a Transition Plan for the handover of primary responsibilities to MTA maintenance personnel for both corrective and preventive maintenance activities (CDRL 13-20). The Transition Plan shall be a part of the system support plan. B. Support Services to be provided shall include: 1. From the introduction of Revenue Service: a. At the Operations Control Center, provide a senior CBTC supervisory technician with significant troubleshooting expertise and extensive knowledge of the carborne CBTC, wayside CBTC, CBTC-ATS, DCS sub-systems, PTE and the MTA rules and procedures. The technician shall be deployed as troubleshooting / repair personnel in the event of CBTC system failures system wide. The technician shall also assist the MTA in performing corrective maintenance actions and recovery operations. The technician shall actively monitor system performance logs, string charts, event recording logs, and other data for diagnosis and resolution of CBTC-related problems. This position shall be staffed continuously (24 hours / 7 days) for the first 6 months of revenue service. At the end of the six month period, this CBTC technician shall be available from 0600 hours to 2200 hours Eastern Standard Time (EST), Monday through Friday and be available on-call (24 hours / 7 days) through the end of performance period. The On- Call response time for support services provided under this requirement shall be 10minutes for a phone call back to the Operations center/ MTA desk initiating the request and 60minutes for physical, equipped, prepared presence of technician at local site of the trouble report. b. Provide a CBTC wayside technician to be located on the MTA Metro Subway Line alignment. The position shall be staffed continuously (24 hours/ 7 days) for the first 6 months of the revenue service. At the end of the six month period, the wayside CBTC technician shall be available from 0600 hours to 2200 hours EST, Monday through Friday for a period of 18 months. The wayside technician shall troubleshoot CBTC and

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-29 September 2015 solid state interlocking wayside problems and coordinate with MTA wayside signal maintainers for correcting CBTC-related and/or solid state interlocking problems. The On- Call response time for support services provided under this requirement shall be 10 minutes for a phone call back to the Operations center/ MTA desk initiating the request and sixty minutes for physical, equipped, prepared presence of technician at local site of the trouble report. c. Provide a CBTC carborne technician located at Metro Rail Division to assist in troubleshooting and repairing CBTC carborne equipment. The position shall be staffed from 1400 hours to 2200 hours EST, Monday through Friday. The position shall be staffed for 24 months after the start of revenue service. d. For CBTC subsystems that have interfaces with other MTA sub-systems (i.e., rolling stock), the Contractor’s technicians shall coordinate and work with other personnel when troubleshooting CBTC interface-related problems. e. Involvement at the site of the failure, including wayside attendance as required to address the problem. In addition to attendance of actual failures as they are happening, support shall include on-site activities for problem investigation and special testing for indistinct problems, the cause of which cannot be immediately identified, and/or the symptoms readily recreated. Submit maintenance reports to the MTA which shall contain, at a minimum: time of trouble call, time to arrive on site, logistics, equipment problems and/or replacements, personnel notified, environmental conditions, time to detect and repair. These reports shall be submitted no later than two days after repairs have been completed by the Contractor. f. Assist the MTA in generating failure reports, maintaining the MTA database of equipment performance history, and submitting a monthly report on all maintenance actions taken, preventive maintenance status, and corrective maintenance. g. Engineering and implementation support on a task order basis. This support shall include Preliminary Evaluations, Detailed Evaluations, and Implementation Services for requested modifications to the CBTC/AWS system as directed by the MTA. h. An additional four complete sets of first line portable test equipment units (PTEs) for particular special investigations and measurements. These four sets of PTEs shall become MTA property at the end of the Contract. i. Supply a temporary communications link protected via firewall protection between the MTA Operations Control Center and the Contractor’s technical/engineering support office to facilitate remote ATS monitoring and troubleshooting from out-of-state or country locations. j. An automobile for use by Contractor onsite personnel. k. Mobile telephones for Contractor maintenance personnel in the field, to provide rapid response for remote technical support. 2. For the duration of the warranty period:

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-30 September 2015 a. Specialists, including subcontractor and Contractor technical personnel, on-call to respond within 24 hours to requests by the MTA for additional assistance, warranty- related repairs, or the investigation of major failures. 13.8 CONTRACTOR SUPPORT FOR SYSTEM STABILIZATION PERIOD A. The Metro Rail CBTC Project requires the system integration of multiple, complex software based subsystems as specified in the Technical Specification. B. In order to ensure that the software for all the subsystems within the scope of this Contract are functionally robust and meet the operational and maintenance goals for the Metro Rail Subway, a time period of 24 months commencing after Substantial Completion shall be allocated by the Contractor for provision of support to achieve System stabilization during revenue service. The MTA will request the Contractor to perform specific support items, as defined in paragraph c., as needed. C. During the Stabilization period, a consistent monitoring program of trouble reports, operations, maintenance calls will be in place. A review panel consisting of members from the MTA user groups and Contractor staff (as needed) will be responsible for conducting the monitoring program to achieve stabilization of the CBTC/AWS system. The Contractor shall provide the following support as required for this monitoring program: 1. Provide relevant engineering and project staff to attend meetings conducted by the review panel/ focus group upon invitation by the Engineer. 2. Respond to action items pertaining to the CBTC/ AWS system that are required based on review panel/ focus group discussions and recommendations. These action items shall include but not be limited to the following: a. Monitor / review System performance logs, string charts, event recording logs, symptom trends and other maintenance/ operations data derived from diagnostic capability of the subsystems provided under this Contract. b. Provide analysis and recommendations to the review panel/focus group in order to mitigate/ resolve/ isolate problems observed or monitored. c. Implement agreed solutions to resolve problems that are attributable to CBTC System or subsystem based on review panel/ focus group decisions including installation/ replacement/ software revision upgrades as necessary. 3. Provide a report upon request by the Engineer to the review panel/ focus group on status of problems observed/ monitored, resolution steps and target dates for closure. 4. Provide a final report at the end of the Stabilization period on status of all CBTC System/ subsystem related issues for acceptance by the review panel/ focus group prior to achievement of Final Completion milestone for the project. 13.9 REQUIRED CDRLS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information required by this list and by the applicable sections of this Technical Specification. The MTA may

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-31 September 2015 require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications.

Design Review Submittal Milestone CDRL Solid State CDRL Title Prior to No. Interlocking CDR PDR FDR Revenue Service

13-1 System Support Plan X X

13-2 Maintenance Plan X X

13-3 Master Manual List X

13-4 Outlines of all manuals and guides X X

13-5 CBTC System Description Manual X

13-6 Operations Manuals X X

13-7 Field Service Maintenance Manuals X X

13-8 Shop Repair Manuals X X

13-9 Troubleshooting Guides X X

13-11 Site Description Manuals X X

13-12 Special Tools, Diagnostic and Test X X Equipment Manuals

13-13 Software User Manual X X

13-14 Diagnostic Systems Demonstration Plan X X

13-15 Illustrated Part Catalogs X X

13-16 Spare Parts List X XX

13-17 Data for Maintenance Management X X Information System

13-18 Content and format of all event X X recorder analysis reports

13-19 Resumes of on-site personnel – X

13-20 Transition Plan for end of technical support period – due 90 days after start X of support services

13-21 First Article Inspections and Factory X X Acceptance Tests for PTE sets

13-22 First Article Inspections and Factory X X Acceptance Tests for BTE sets

13-23 BTE Overhaul Manual X X

13-24 PTE Operating Manuals X X

13-25 CBTC Work Manual X Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-32 September 2015 Design Review Submittal Milestone CDRL Solid State CDRL Title Prior to No. Interlocking CDR PDR FDR Revenue Service

13-26 Overhaul Process Manual X

13-27 Illustrated Parts Manual X

13-28 Matrix of special tools X

13-29 Design Review Package for PTE X X

13-30 Final Design Review Package for PTE X X

13-31 Design Review Package for BTE X X

13-32 Final Design Review Package for BTE X X

Attachment C, Part 2, ATC System T-8000-1415

Section 13 – Technical Support TS 13-33 September 2015 SECTION 14 ATC TRAINING

Contents 14.1 GENERAL...... 14-1

14.2 SCOPE OF WORK...... 14-1

14.3 TRAINING PROGRAM PLAN...... 14-2

14.3.1 INSTRUCTOR QUALIFICATIONS ...... 14-3

14.3.2 PERSONNEL TO BE TRAINED ...... 14-4

14.3.3 TRAINING PROGRAM CONTENT...... 14-5

14.4 TRAINING AIDS AND MATERIALS...... 14-7

14.4.1 INSTRUCTOR GUIDES...... 14-8

14.4.2 STUDENT GUIDES...... 14-9

14.4.3 TRAINING AIDS ...... 14-9

14.5 ATS SIMULATOR...... 14-10

14.6 CDRL ITEMS ...... 14-10

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-i September 2015 14.1 GENERAL A. The Contractor shall develop a comprehensive training program to train MTA Instructors, Superintendents, Managers, Supervisors, Central Control Operators, and Metro Maintenance personnel in the operation and maintenance of the ATC system. B. Training of Central Control Operators shall be conducted early enough to provide sufficient resources to support testing. The Contractor shall coordinate training courses with the testing schedule. All training of MTA personnel shall be completed 90 days prior to revenue service operation of any part of the ATC system. 14.2 SCOPE OF WORK The Contractor shall provide a program to educate, train, and teach MTA personnel in all details of the ATC system equipment as required, enabling the MTA to operate, troubleshoot, overhaul, maintain, repair, service, and inspect the equipment satisfactorily. The program shall include: A. Classroom training given by Contractor personnel on MTA property at a site determined by the MTA. B. Develop within the MTA the capability to perform similar training in the future under its own training program subsequent to the Contractor’s involvement. C. Clearly identify, during training courses, those areas which affect the safety of the ATC system. D. Training designed to be delivered by an instructor in the classroom and, when appropriate, in the field or shop when actual equipment is used. E. Video record each different type of classroom presentation for MTA use. The format shall be MP4 and SCORM compliant for e-learning. F. Delivery of all materials used in the programs, including but not limited to models, mock- ups, and drawings, and which shall be of durable construction and shall become the property of the MTA. G. Courses that shall consist of a combination of classroom and hands-on instruction. For training of equipment and systems that involve operation, servicing, troubleshooting, maintenance, and overhaul, the expected portion of training time to be spent on hands-on activities shall be at least thirty (40) percent and of sufficient amount to allow the newly trained MTA staff to perform operation, servicing, maintenance, troubleshooting and overhaul functions. H. Training modules where the Contractor shall assume that MTA staff being trained have no prior knowledge of the features of the ATC System, and shall design the training program to bring the knowledge of the student to a fully adequate level allowing him/her to safely and satisfactorily operate, service, troubleshoot, maintain, and overhaul all portions of the ATC System. I. Preparing all courses in the English language. J. Training which shall provide in-depth instruction covering all subjects and systems within the ATC system, their inter-operational working relationships and their resulting impacts on

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-1 September 2015 location, troubleshooting, removal, replacement, as well as any other interfaces with other systems or vehicles. K. Training modules, where the Contractor shall furnish written certifications for each person trained to certify that they have passed a written test and demonstrated hands-on proficiency in the subject, and that they have acquired the knowledge and skills necessary to perform all required safety-related tasks. The Contractor shall apply the Kirkpatrick model for evaluations. Certifications shall also identify the equipment on which they have been qualified and the number of training hours they have completed. Particular emphasis shall be paid to the certification of the Train Operators and the Central Controllers. L. Training required to meet this Technical Specification performed by qualified instructors supplied by the Contractor and approved by the MTA. All instructors shall have relevant experience and be knowledgeable with the hardware and software elements of the ATC system, and courses shall be tailored to the ATC system. M. Instructors to be utilized by the Contractor, prior to the initiation of classroom instruction, shall attend a two-day orientation at Metro to become familiar with MTA safety regulations and facilities, and to be advised of student qualifications and expectations. N. Demonstration of each training class (Pilot) conducted at the MTA prior to the commencement of actual training to determine its acceptability in meeting the requirements of this Section. The Contractor shall incorporate all MTA-requested changes and submit the revised course materials for review and approval no later than thirty (30) days after receiving MTA comments. O. Use of the new ATS Training Simulator at Wabash for training and certifying Central Controllers. P. Contractor provided refresher training for all Maintenance, Train Operator, Central Controller, and user courses. Training shall be provided as directed by the MTA during the period following initial training until the 20th married pair enters service. 14.3 TRAINING PROGRAM PLAN A. The Contractor shall submit for MTA review and approval a Training Program Plan (CDRL 14-1) in accordance with the criteria described herein. A narrative description that documents the approach to training MTA personnel including supervisors, operators, and maintenance and repair personnel shall be developed. B. The Training Program Plan shall include an educational program outline and a schedule for approval that identifies milestones for submitting the course outlines, lesson plans, instructor and student guides, audiovisual and other training aids, simulators, written and practical skills evaluations, and conducting classes. The program outline shall identify each module of instruction, the general topics to be taught, module objectives, pre-requisites, required training materials, module duration, and indicate the order in which modules will be presented. C. The description for each module of instruction shall include the following, at a minimum: 1. Training objectives, and conditions under which training will occur, and the measures and standards to be applied.

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-2 September 2015 2. The sequence of learning activities. The training classes shall be organized to be logical in sequence, and shall avoid overlapping or concurrent classes. 3. The schedule of learning activities based upon the number of hours of instruction estimated by the Contractor. 4. An outline of the contents. 5. Learning strategies to be used (i.e., classroom presentation, hands-on practical, paper and pencil exercises, e-learning personal computer program, etc.). 6. Methods and criteria for evaluating performance in accordance with the Kirkpatrick model, including an objective system for grading personnel (with pass or fail criteria) to report progress of trainees during the training and identify areas in the training program that need additional instruction time and/or training resources. 7. Location of each training activity. 8. Safety training as defined in the System Safety Plan. 9. Resources required, and who is to provide the resources as directed in the Contract, such as equipment, shop space, digital video disc (DVD) recorders, etc. 10. Approximate hours required for training, including classroom training and field training, together with a breakdown of the hours necessary for each subject. 11. Any pre-requisites required prior to the start of training. D. The Contractor shall include, as part of the plan, a list of proposed ATC system and subsystem groupings. Training shall include demonstration of mean time to repair, and accessibility of ATC system equipment components and subsystems. Training for maintainers shall cover test equipment and subassembly bench repair and calibration. E. The Training Program Plan shall include a comprehensive schedule for the conduct of the training courses that illustrates all training will be done prior to Cutover. This includes temporary cutovers of the DCS and SSI equipment. 14.3.1 Instructor Qualifications A. All of the instructors provided by the Contractor shall be fully capable of conveying in-depth technical information that can be understood by participants. A detailed resume for each instructor shall be provided for approval, no less than 90 days prior to commencement of scheduled course instruction (CDRL 14-2). B. MTA will recognize the instructor as qualified when the individual: 1. Can communicate, in English, in a manner that allows the participants to understand. 2. Has been trained in adult teaching principles and methods, and has had experience in conducting technical training courses. 3. Has an in-depth knowledge of the system under discussion, the interface components functionality, the procedures for isolating faults and troubleshooting, and is able to communicate that information to students in an effective manner.

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-3 September 2015 4. Is able to design practical and written tests to determine the extent to which students understand and can apply the information that has been taught based on the objectives of the particular module. 5. Has an in-depth knowledge of MTA Policies and Procedures concerning train operation and maintenance practices, procedures, inspections, troubleshooting philosophies and techniques. 6. Is able to successfully deliver the training program. 14.3.2 Personnel to be Trained A. Instructors shall assume that MTA personnel are skilled in the duties they perform but not those required when the ATC system enters revenue service. The default level of knowledge for MTA personnel shall be a high school graduate level with basic computer literacy skills. B. The Contractor shall establish actual class sizes with MTA prior to beginning each phase of training. Actual class sizes may deviate from the estimated participation that follows. The numbers of individuals to be trained by the Contractor are anticipated as follows:

Course Delivery Of Course Number Of Number Of Participants Classes

MTA Safety Regulations As Determined By MTA All Contractor 1 and Practices Instructors

Management 210 days Prior to Cutover 10 2 Familiarization (Pilot)

Management 60 Days Prior to Cutover 30 3 Familiarization (Final)

Signal Supervisor and Begin 150 days Prior to 40 8 Maintainer (including DCS Cutover (Maximum of 5 SSI, CBTC, ATS, and AWS per class) equipment)

Railcar Equipment Begin 150 days Prior to 40 8 Maintainer Service

System Administrator Complete 120 days Prior to 5 2 Revenue Service of the Entire System

Central Controllers Begin 150 days Prior to 25 5 Cutover

Electronic Repair Begin 100 days Prior to 15 3 Personnel Cutover

C. Training shall be conducted and scheduled to accommodate the work schedules of the MTA personnel. The Contractor shall note that it will not be possible to train all MTA employees during one shift, and that multiple training sessions shall be provided during days, nights and weekends. Training shall be limited to 8 hours per day, including breaks, for all MTA Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-4 September 2015 personnel and coordinated with their applicable shifts. All training classes shall target an average of 5 MTA employees for any scheduled class unless specified above. D. Training and instruction shall be accomplished with minimum disruption to MTA’s operation and maintenance facility. In this regard, MTA, at its sole discretion, shall determine the availability of facilities and cars/vehicles/systems or shops that can be used for instruction and training. The MTA will establish the training locations and classrooms availability. E. The Contractor shall supervise and provide guidance to the first classes taught by MTA trainers who have been trained and certified by the Contractor. 14.3.3 Training Program Content The basic requirements for the training sessions are outlined below. 14.3.3.1 Management Familiarization Course A summary course shall be provided, familiarizing generalists with the new equipment. The course shall cover, in executive summary fashion, all subjects covered in the other training courses. 14.3.3.2 MTA Instructors Training A plan for training MTA trainers to deliver the training subsequent to the Contractor’s involvement shall be included. It shall describe the Contractor’s approach, resources and hours required, and any training aids that might be included. 14.3.3.3 ATC Maintenance Training A. Designated MTA personnel shall be trained for troubleshooting and maintaining all ATC equipment provided by the Contractor, including all wayside, data communications and OCC ATC system and subsystem equipment (i.e., training for application software changes, Solid State Interlocking, and track circuit testing and adjustment). B. Maintenance training for signal supervisors, signal engineers and signal maintainers, shall be conducted in two parts. 1. The first part of the MTA ATC maintenance training shall consist of theory of operation, system and component description, inspection procedures, troubleshooting procedures and use of portable test equipment, the diagnostic computer, and special tools, and removal and replacement procedures to the LRU level. The training program shall clearly illustrate the use of manuals, illustrated parts catalogs, test equipment manuals and wiring diagrams for use by MTA. MTA employees shall be exposed to the depth of detail necessary for performance of all preventive (scheduled) and corrective (unscheduled) maintenance operations for all aspects for the ATC equipment. Students shall be afforded the opportunity to perform the more complex maintenance functions on the wayside and OCC and in the shop, in addition to troubleshooting systems with faults artificially introduced in the equipment while using the appropriate ATC system and subsystem test devices. The Contractor shall also include, as a part of its overall training program, a parts catalog seminar (or course of instruction) covering ATC component familiarization for MTA personnel. The course given to each class shall include both classroom and field component familiarization.

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-5 September 2015 Classroom instruction for maintenance courses shall include not only the details and functioning of parts under discussion, but the essentials of their routine care, including lubrication schedules, materials, Contractor's recommendations for test frequency, tolerance limits, and methods for testing, including instruments required, when applicable. When methods of access, removal, dismantling, or application are not self- evident, the instruction shall cover these matters. 2. The second part shall consist of three courses: a. Inspection, Maintenance and Bench Test Equipment Course. This course shall emphasize the details of performing hardware maintenance, troubleshooting of ATC failures or problems, and the rebuilding of selected ATC components with the use of Shop Test Equipment and Shop Test ATC Modules. b. Software Test Equipment Course. This course shall outline program assembly methods used in the ATC system that allow the MTA to load SSI application software programs in the future. It shall emphasize the details for troubleshooting software failures or errors, creating new or modifying existing ATC application software, and testing of the new/revised ATC application software through the use of the Signal Design Test Rack, Diagnostic Computer, or other special tools provided by the Contractor; c. Parts Catalog Seminar. 14.3.3.4 Central Controllers Course A. Training sessions shall be geared to acquaint OCC personnel with the operations and system responses of the ATC system control equipment. Special emphasis shall be placed on the man- machine interface between these MTA personnel and all ATC control stations, particularly with the Operator’s Display. Training shall include access and execution of all the ATS commands as well as the commands and interface to SCADA and the Next Train Arrival system. Use of the ATS Simulator for this training is required. B. Topics to be covered in the training program shall include, but not be limited to the following: 1. Overall ATC system territory, control system, and limits of control 2. Theory of ATC system operation 3. MTA service plan and operating schedules 4. ATC controls and indicators 5. Modes of operation 6. Entry/exit to and from Main Line ATC territory 7. Turnback and terminal mode operations 8. Local Control 9. Line, emergency and/or express train movement operation 10. Schedule and headway management, and revision of existing schedules 11. Operation and safety verification procedures

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-6 September 2015 12. ATC system and train recovery procedures 13. Failure recovery procedures 14. Any other operations as detailed in the corresponding manuals 15. Modify or change the schedules 14.3.3.5 Car Shop Personnel These sessions shall provide the Car Shop personnel with the basic knowledge necessary to use the maintenance manuals, special tools and test equipment, and to safely perform preventive maintenance, troubleshooting, repairs and overhauls on all equipment provided by the Contractor. 14.3.3.6 System Administrator Personnel Training sessions shall be geared to acquaint System Administration personnel to administer the ATS system and network. Topics to be covered in the training program shall include, but not be limited to the following: A. Performance and monitoring of server backup; B. Administration of servers, including installation and maintenance of software; C. Maintenance of the security of the network; D. Testing of new software releases; E. Database updates, with the exception of CBTC vital application databases; F. Definition, control, and assignment of user access to all PC systems including: all Control Operator’s Displays, LCPs, PTE, BTE, simulators, etc.; G. Assignment of console functions. 14.3.3.7 Electronic Repair Personnel Training of the Electronic Repair personnel shall include the use of all the Bench Test Equipment (BTE) and Portable Test Equipment (PTE) for wayside and onboard ATC equipment. The course shall also include the repair and calibration of the BTE and PTE equipment. The use of any other special tools or test equipment shall be included. 14.4 TRAINING AIDS AND MATERIALS A. The Contractor shall be responsible for providing audio/visual materials, supplies and other required equipment for training (CDRL 14-3). B. The Contractor shall use actual equipment for use as training aids in lieu of mock-ups and for demonstration of, and practical exercises in, adjusting, testing, disassembly and assembly of equipment. However, the Contractor shall be responsible for ensuring that such parts are not damaged or modified in any way. If directed by MTA, these parts shall pass re-inspection and acceptance tests prior to their resubmission to MTA as additional spares. C. The Contractor shall submit for MTA review and approval Training Aids and Materials. The Contractor shall provide all training aids and materials necessary to train all MTA personnel for revenue service operation, including those personnel taught by MTA training and supervisory personnel. The Contractor shall provide 20% more than the amount of material as the number of individuals to be trained as listed in the table in Section 14.3.2.

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-7 September 2015 D. As training aids and materials are being developed, the Contractor shall work closely with MTA staff to prepare the course organization, content, objectives, training materials, schedule, and other issues necessary for a successful training program. All training aids and materials that are used during the Contractor supplied training will become the property of MTA at the conclusion of that module. E. All material prepared shall become the property of the MTA and shall be provided in the native computer file format. 14.4.1 Instructor Guides A. Instructor guides shall include all information to enable a trained MTA instructor to present the course again at a later time. They shall be provided for all modules, including Contractor’s training given directly to MTA personnel. They shall include at a minimum, schedules for each course, outlines for the training modules, lesson plans, durations of each module, target audience and pre-requisites for each course, objectives, sequential lists of training materials, including instructions on how to present any working models or advanced technology training aids, copies of training aids for presentation (and hard copies for annotation), skills inventories (with answers), references to support materials, and any additional information deemed necessary for accurate reconstruction of the course. B. Instructor guides shall be developed prior to the training course. Instructor guides shall be modified as required and delivered, with all changes made, to the MTA within 30 days of the completion of the applicable training course. C. Instructor guides shall be submitted both as a hardcopy that allows easy reproduction, and in electronic format (i.e., PowerPoint, Microsoft Word, MP4, etc.). The MTA will provide a list of preferred COTS products and versions soon after NTP. D. Lesson plans shall include instructor’s notes explaining the methodology for a particular section and information to be emphasized. Particular attention must be given to safety concerns or dangers within the equipment. The lesson plans shall indicate when training aids will be used, or referred to, during the course instruction. The instructor guides must note references to the student guides. E. The Contractor shall provide an instructor guide for each training course. The guides shall include: 1. Course agendas 2. Course Syllabus 3. Course objectives 4. Procedures for managing training sessions 5. Resources and facilities required 6. Guidelines for preparing for training 7. Detailed lesson plans, including outlined presentations and discussion guides 8. Criteria and methodology for measuring performance in the classroom and in the shop/field 9. Instructions for using any audiovisual support, mock-ups, and scale models Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-8 September 2015 10. Detailed instructions for managing on-the-job training with sign-off tracking by the instructor 11. Skills inventories (with answers) 12. Required Tools and Test Equipment 14.4.2 Student Guides A. Student guides shall be in addition to any Maintenance Manuals provided to participants. The guides shall include training aids used by the instructor, including, annotated schematics, selected screen shots from technology-based training, and key clips from video footage. Training aids proposed by the Contractor shall be reviewed and approved by MTA. The Student Guides shall also include a list of referenced materials, including manuals provided for the training. B. Student guides shall be submitted both as a hardcopy that allows easy reproduction, and in an editable electronic format (i.e., PowerPoint, Microsoft Word, etc.). C. The student guide for the signal maintainer must contain an approved inspection checklist. The applicable sections from all Maintenance Manuals shall be included in an Appendix at the back of the signal maintainer, car inspector and car maintainer program student guide. 14.4.3 Training Aids A. Training aids shall include e-learning presentations or alternate as approved, annotated enlargements of schematics, videos, custom simulators, computer-based training modules, or other appropriate technology-based training. B. PowerPoint presentations for use with a laptop computer and data projector shall illustrate subassemblies showing component locations, component cutaways, schematics, and wiring diagrams. All illustrations/diagrams shall display the equipment as they would be seen from the viewpoint of a person actually performing the test, troubleshooting or doing the repair. Diagrams shall be displayed with sufficient scale and clarity to permit all students to see clearly. C. The Contractor shall also use actual sets of equipment as training aids. 14.4.3.1 Video Recordings The Contractor shall record one of each different type of training session and provide to the MTA in an MP4 format (or current MTA approved format) for their future use. Digital Video recordings shall capture both classroom and field training. 14.4.3.2 Presentation Equipment/Computers A. Two presentation 17-inch laptop computers, DVD/CD-ROM equipped, capable of updating and modifying manuals, catalogs, drawings and computer-based or computer-generated training aids, are to be provided by the Contractor. The laptops shall have pre-installed the commercially available or custom-designed software used to generate and/or present the deliverable manuals and training aids and presentations. Software shall be the version used to create the deliverables rather than an earlier or later version, and full developer versions, where applicable, rather than "run-time" versions. Instructions for the use of this equipment by maintenance personnel shall be included in the training program.

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-9 September 2015 B. Documentation for this equipment shall include original manufacturer documentation and any special instructions needed to supplement that documentation and allow MTA to update and modify the deliverable documents and training aids during the life of the system. The Contractor shall be responsible to maintain all deliverable documents and training materials (including training aids) until the end of the warranty period. The Contractor is also required to furnish all updates, modifications, and warranties for the training equipment for this same period. 14.5 ATS SIMULATOR A. The Contractor shall furnish and install one ATS System Simulator as described in Section 4 to be used for initial training, and permanently for MTA training thereafter. The ATS system simulator shall be installed and commissioned at the MTA Wabash Tower prior to the commencement of any training sessions. The Contractor shall provide all user manuals and supporting documentation (CDRL 14-4). B. The instructor shall be able to select operating locations, change signals, change switches, insert and remove trains, create system faults, and perform other actions to create meaningful exercises for the student. These exercises shall mimic the indications and controls of the Central Controller’s Panel as defined in Section 4. The system shall allow the instructor to program and store test sequences for the student. The simulator shall include 20 pre- programmed exercises, as approved. The instructor shall be able to dynamically introduce other conditions into the programmed sequences. C. The ATS simulator shall allow as a minimum: 1. Selection of control locations 2. Change of signals, routes, end destinations, and switches 3. Insertion and removal of trains from the system 4. Recovery of system schedule in failure scenarios (e.g., dead train) 5. Response to vehicle faults 6. Other exercises as required for MTA personnel to perform their ATS functions, and as required by the MTA 7. Simulate operations to determine effectiveness of new schedules D. Input devices and displays for the ATC system simulator shall support multiple screens with dynamic menus and shall include a mouse with which menus can be selected, and a laser printer. E. The simulator equipment shall log operations and create reports identifying the date, time, instructor, student, and complete details on the simulation and the student actions, including occurrences of rule and operation violations. The simulator computers shall be sophisticated current models. The system shall include a laser printer, CD writer, DVD writer, and be ready to connect to an MTA network. 14.6 CDRL ITEMS The Contractor shall submit the CDRL items shown in the following tabulation in accordance with the approved Contract Schedule. The CDRL item submittals shall provide all of the information

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-10 September 2015 required by this list and by the applicable sections of this Technical Specification. The MTA may require additional information necessary for verification of the Contractor’s compliance with these Technical Specifications.

Design Review Submittal Milestone CDRL No. CDRL Title CDR PDR FDR Post FDR Prior to Service 14-1 Training Program Plan X

14-2 Instructor Qualifications X

14-3 Training Aids and Materials (Instructor and Student Guides) X

14-4 ATS Training Simulator User Manual X

Attachment C, Part 2, ATC System T-8000-1415 Section 14, ATC Training TS 14-11 September 2015