The US rail industry is charged with developing and implementing interoperable Positive Train Control (PTC) on many lines by 2015. It will be a challenge to assure the overall design safety of this next generation of train control, and there are significant issues with accommodating varying operating methods and different territories. The Federal Railroad Administration (FRA) will also require the railroads to meet the processor-based train control standards in FRA Rule 49CFR236 Sub-Part H (hereinafter FRA Rule 236H) [1], including the requirement for a comparative risk assessment, preferably quantitative. This paper provides an overview of the safety assurance process mandated by the FRA and discusses a cost-effective approach to performing risk assessments on large PTC systems. The paper also recognizes the current FRA and Railroad Safety Advisory Committee (RSAC) effort in developing the new PTC-specific FRA Rule 49CFR236 Sub-Part I to meet the recent PTC legislation requirements. The FRA Rule 236H requires railroads to use a comprehensive approach to generating a risk based, safety case for all PTC-type systems. Following the FRA Rule 236H guidelines helps ensure that all aspects of system safety are addressed, and that a safety conclusion can be successfully drawn from the documented evidence. The FRA requirements for building a safety case are based on time-tested traditional safety analyses which are enhanced to address system-wide safety. A critical new requirement of this standard is the development of a quantitative comparative risk assessment for the system as the formal mechanism for summarizing the safety argument. The FRA Rule 236H requires the comparison of the risk of the new PTC system with the historical risk of the existing system, which will be extremely challenging for the nationwide implementation of interoperable PTC where differing operating methods may be employed on multiple railroads with differing levels of appropriate historical data to reference. These factors must be carefully considered in the risk assessment approach and in the formulation of the overall system safety case argument for this Federally-mandated implementation. The risk assessment process described in this paper is uniquely different from existing quantitative safety assessment approaches that have primarily concentrated on producing a Mean Time Between Hazardous Events (MTBHE) for the various train control components in the system. In contrast to an MTBHE method, FRA rule-compliant comparative risk assessment approaches must evaluate PTC safety in the context of the overall comprehensive system operation, considering the effects of human errors, operating rules/procedures, training practices, system maintenance, equipment failures including any time/sequence dependencies, and the movement of trains and their exposure to potentially hazardous conditions. These considerations have prompted the development of a comprehensive FRA Rule 236H-compliant risk assessment methodology that goes far beyond traditional safety analyses and is well-suited for the assessment of interoperable PTC systems.
Changes in maintenance of railway vehicles as the sources of threats in the railway system
