Wednesday, March 27, 2024

Safety Message: Type Approval

During regulatory activities and interactions, ONRSR identifies both good and poor practice regarding rail equipment type approval.

Safety message rolling stock

Type approval is one of the ways operators introduce or implement new products across a network or across similar applications.

RISSB define type approvals as “approval of a specific item or product of railway equipment, demonstrating so far as is reasonably practicable (SFAIRP) that it is fit for purpose for a defined application meeting the requirements as applicable to the network” (see RISSB AS7702 Railway Equipment Type Approval).

While the scope of the RISSB standard listed above excludes rolling stock, the general principles set out in this safety message can be applied to both rolling stock and rail infrastructure.

The type approval process provides a level of assurance that the safety of new or modified products that are introduced are safe and suited to the condition(s) of their intended application.

Done well, type approvals provide both safety and other benefits, such as streamlining installation and interoperability with other products and components on the railway.

Done poorly, type approvals can introduce safety risks and adversely affect railway operations.

In this safety message, ONRSR highlights some poor practices, how to avoid them and what guidance material can help. Type approval processes can be effective at evaluating new or modified products for use on the railway and ensuring any risks introduced by the products are managed SFAIRP.

For simplicity, type approval processes are discussed under the following five topics:

  1. Not assessing compatibility risks.
  2. Not having appropriate people to review.
  3. Inadequate training, not updating processes/procedures.
  4. Not defining criteria and evidence for approval.
  5. Skipping or not properly completing steps in the process.

1. Not assessing compatibility risks

Most products are designed with standards, technical requirements, application criteria or conditions. However, these are often not specific to the way the product is to be implemented, installed or used within an operator’s railway operations. Not adequately assessing or controlling these compatibility risks can lead to increased risks to safety. For example, introducing a new power conversion unit can create electromagnetic interference which could result in inadvertent energising of a track relay. This could result in a wrong side failure condition where train detection is lost. To ensure that the product is compatible and will not introduce new risks, good practice includes but is not limited to:

  • Ensuring systems and/or subsystems that may be affected by the product are identified.
  • Ensuring fault modes and product compatibility risks are assessed under normal and degraded operating environments, limits and conditions.
  • Using objective information and evidence to undertake risk assessments.
  • Ensuring relevant standards, specifications, application and technical requirements are defined.
  • Ensuring safety and performance criteria are specified.
  • Ensuring tests are done to validate and verify the product performance against set performance criteria are carried out.
  • Ensuring application, conditions of use, and design configuration for installation and functionality of the product are defined (such as in the type approval certificate) to account for identified risks.

2. Not having appropriate people to review

Installing or implementing a new type-approved product may impact different parts of an operator’s railway operations, for example new railway track impacting signalling systems or level crossings. However, often the key people who may be affected by the new product are not included as part of the type approval process. Not having the right people involved could mean risks are not adequately identified, assessed, and controlled. For example, introducing a new alarm system in network control but not including a human factors specialist to understand the potential impact of new alarms on the workload of signallers. To ensure the correct people or divisions are included in the risk assessment and type approval process, good practice includes but is not limited to:

  • Type approval processes that allow for the identification of the rail safety workers that will interact with or use the product.
  • Consultation with subject matter experts to assess the impact of the product on the systems and subsystems it is to be incorporated with or installed in.
  • Consultation with the key people or divisions responsible for the systems and/or subsystems that may be affected by the product.
  • Early engagement with stakeholders and subject matter experts to determine requirements that will mitigate risks for introducing or installing the product.
  • Involving human factors specialists in the type-approval process to take into account issues that may arise as a result of the change.

3. Inadequate training, not updating systems and procedures

Training and updated systems and procedures help rail safety workers know how to safely operate and maintain the product once installed or implemented. However, often such training and updated systems and procedures are either missed or not undertaken prior to the product being installed or implemented. For example, introducing a new type of high voltage switchgear without providing a safe isolation procedure could result in electrical equipment being energised during maintenance resulting in electric shock, arc flash, explosion or fire. To ensure adequate training and updating of systems and procedures, good practice includes but is not limited to:

  • Identification and assessment of gaps in expertise and competencies on the use of the product.
  • Defining new or amended competency and training requirements for each rail safety worker.
  • Development of training courses for implementing, incorporating and using the new product.
  • Setting criteria and requirements for when and how systems and procedures are reviewed and updated.
  • Updating relevant systems and procedures for operations and maintenance, for example updates to:
    • systems and procedures to account for a failure or operation of the product in degraded modes of operation; and
    • design templates, general site or arrangements drawings, and asset configuration and maintenance records.
  • Communicating information to the people who need to undertake the training and/or are impacted by updated systems and procedures.

4. Not defining criteria and evidence for approval

Defining the key performance specifications, criteria and evidence provides clear ‘go’ and ‘no go’ moments for type-approving a product for installation or implementation. However, such criteria are often vague or poorly defined resulting in increased risks to safety. For example, not having defined performance criteria such as, for example timeframes, environmental conditions, locations, and methodology of trials before introducing a new type of interlocking could result in conflicting train movements. To ensure adequate criteria and evidence for type approval is defined, good practice includes:

  • Defined evaluation and performance criteria at the start of the process.
  • Testing and evaluation criteria and plans reflect required outcomes and any relevant hold points.
  • Evidence requirements are defined for product performance, for example gathering others’ experience of product application and recording and evaluation of all test records as detailed in the testing and evaluation plan.
  • Each stage of the type approval process defines the key documents or evidence to be produced , for example calculation and desktop analyses, type approval registers, safety assessments, standards compliance registers, product information packs containing safety and technical characteristics of the product to be installed.
  • Clear authorities and accountabilities to ensure the next stage of the process may only proceed via approval.

5. Skipping or not properly completing steps in the process

The type approval process includes key steps to ensure the new product being implemented or introduced does not result in increased risks to safety. However, often these steps are skipped or not properly completed due to time or budget constraints, or pressure to quickly implement/introduce the product. Skipped steps can result in safety issues if risks are not properly identified or assessed, and therefore controlled. For example, inadequate performance or material specification or poor quality control of raw materials used in the manufacture of composite sleepers (especially plastic sleepers) can lead to excessive sleeper warping, dimensional inability to hold track gauge or inadequate fastener anchoring performance. To ensure steps are completed properly, good practice includes:

  • Clear and unambiguous procedures, processes and templates that are part of the Safety Management System.
  • Clear authorities, responsibilities and accountabilities that ensure that the process can only proceed via approval.
  • Relevant information (such as a type approval register) and documents regarding type approval are available and accessible.
  • Practicable timeframes are provided for completing the type approval requirements and implementing controls.
  • Where steps are required to be bypassed or skipped, clear justification, risk assessments and approvals are documented.
  • Risk assessments are undertaken for any changes to the product post the original type approval, including model or version changes, and this information is documented and communicated to relevant parties.

Key documents and actions

The good practices provided above should be documented in your SMS. You are encouraged to review your SMS to ensure your type approval and change management systems, processes, procedures, and templates take this safety message into account.

Guidance material that can assist you review your type approval systems and procedures include:

Last updated: Apr 2, 2024, 9:25:35 AM