Tool-based Safety Analysis of Operational Rules

Kurzfassung

Since 2005 the Institute of Transportation Systems at DLR develops a software tool for the examination of technical systems, such as railway vehicles, with regard to the relation to safety of their elements. The starting point of the analysis is the output of the system, i.e. the actions performed which influence the environment, e.g. acceleration, braking or signalling. The tool helps to identify the safety-related signals generated by the various subsystems or components. Knowing the critical paths of information transmission, actions can be taken to reduce error-proneness. It can be analysed to what extent the safety will improve when implementing appropriate products, such as signal relays, or adding redundant or fall-back elements or when changing the related safety levels. However, a system does not only consist of hardware and software components and their interaction, but also, if not essentially, it consists of rules for operation and the staff operating the system. Therefore, it appears necessary to examine the operational rules as well. A first approach to the analysis of operational rules shows, that it is possible to represent rules in a form that comprises all necessary information needed by the tool to perform the analysis. The output of the tool presents the components and information paths which are relevant to the safe operation of the system and where human involvement bears the risk of hazards. With this result it is possible to identify ways to support the staff in its task or even replace the staff by a more reliable electronic system. With those actions the system gets not only safer, but staff can be relieved from safety-related tasks or even deployed in other services. Beside this, system integrators are also interested in the analysis of further characteristics of their systems in order to optimise the design. As the tool works with a data base it is possible to assign a number of attributes to the various components of a system, such as costs or availability. Further interesting attributes could be the kind of processing units of the various functions, e.g. computer, relay or human being, and the communication channel between the functions of a system, e.g. LAN, GSM-R or public networks. The paper discusses the principles of the software tool developed by DLR, its application and potential future developments.