RSSB for Railway group standards(RGS) on ALARP DC Track Circuits

Bookmark and Share

Cecube technology consulting


There are many thousands of standards applicable to the railway industry, so the only way to enter the system where safety is concerned is from the top, which in the UK used to means the Yellow Book. The Common Safety Method (CSM) on Risk Evaluation and Assessment (REA) replaced Yellow book in July 2012. The CSM on REA defines a common mandatory European risk management process for the rail industry. In addition to national and international standards, there are whole families of standards which have been specifically written for, and apply to, the UK railways. Railway Group Standards are the top level standards for main line operations throughout the UK, defining necessary safety requirements and specifications in the process. See the recommended link. These are administered by Network Rail, and are mandatory upon all members of the Railway Group. Each company then has its own internal standards; e.g. Network Rail company standards, while the various infrastructure and rolling stock contractors have their own work instructions and standards.

Rail Safety and Regulation

The UK Railways defunct Yellow Book

The Railway Safety and Standards Board (RSSB) is the body which oversees the co-ordination and adoption of Railway Group Standards (RGS) in the UK. The rail industry has to manage its activities with standards mandated by different bodies - European (Euronorms and interoperability specifications), the UK Health and Safety Executive (HSE), the RSSB (RGS), and Network Rail company standards. It is the RSSB that is charged with the dissemination of these multiple tiers of standards in a manner better understood and recognized by the industry as a whole. Superimposed on this is the European Harmonisation Standards which are absorbed as individual national (BSI in the UK) standards where possible.

  1. Changes to the safety regulatory structure and the content of safety rules will require harmonisation of national safety rules and national safety authorities to be created.
  2. Removal of obstacles to a functioning single market will require safety certificates to be valid across Member States with Common Safety Targets and Methods to be agreed.
  3. The open market and regulation by public bodies will require greater transparency and communication of information on safety across Member States.
  4. The need to identify root causes of accidents and prevent future occurrences will require the setting up of independent investigation bodies in each Member State.

Consequently, for the new entrant into the industry a wealth of knowledge and expertise has to be acquired to perform any rail related product manufacture or service. It is therefore strongly recommended that any small or medium sized rail enterprise should seek assistance from an established standards advisor.

ALARP - Is this a Standard for Safety?

General Guidance

The principle of risk reducing to As Low As Reasonable Practicable (ALARP) is most effective when applied at concept, feasibility study or requirements capture phase of a project. Therefore, wherever possible or necessary apply this approach during these phases, when design flexibility is at a maximum and resulting design changes have a minimum cost and timescale impact. Modifications during the design, test and construction phases have greater cost and timescale implications. Such changes may also challenge safety standards by introducing disruption, new hazards and uncertainty into an established design. For these reasons vehicle product teams apply a minimum change design philosophy at a system level, a train level, a train / operational boundary level, as well as an operational and maintenance level ALARP strategy.
It is from hazard identification and risk assessments that the requirement for low level application of ALARP is identified. The risk mitigating options are initially considered during the determination of the safeguards. ALARP is applied as required from the identification of the safeguards against each hazard. The level of consideration is guided by preliminary risk ranking within the hazard log, the design flexibility, and the required risk ranking for adequate resolution. These studies are based on identification of options, known as Reduction Options by causal analysis and Containment Options by consequence analysis. Also considered is the impact of these options on risk, an estimate the option costs and consideration of the disruptive effect of modifications on the safety process (i.e. timescale impact, complexity of change, effect on other systems). The safety requirements placed upon hazard owners require justification for the adoption or otherwise of the various design options.

System and Propulsion Level Impact

ALARP at the system level is applied through detailed causal analysis of the train subsystems following the design HAZID. It is a two-tier approach requiring evidence to be presented to justify a subsystem design whenever the residual risk is 'undesirable'. This generally includes listing options based on the preferred safety principles to substantiate the design for ALARP. Evidence must justify not implementing identified safer design options. For residual risk classifications of 'tolerable', then ALARP arguments are required to justify an existing design without improvement.
Each hazard initially falls into 1 of 4 risk ranking categories, namely "acceptable", "tolerable", "undesirable" or "intolerable". Hazards that are initially ranked as "intolerable" must be resolved. Hence, each hazard eventually falls into 1 of 3 final risk categories, namely "acceptable", "tolerable" or "undesirable". A demonstration of ALARP must be given for hazards with the final risk ranking of "tolerable" or "undesirable", with the latter requiring a more rigorous case as explained later. Furthermore, ALARP is interpreted as having been applied if either adequate control of the hazard is judged to be in place or cost benefit analysis has demonstrated that further risk reduction is grossly disproportionate to the benefit gained (or possibly a combination of both). The ALARP judgement would be based on one or more of the following safeguards:

  • Railway Group Standards (or other appropriate standards) application
  • Testing or modelling
  • Engineering calculation and experience
  • Qualitative or quantitative risk assessment
  • Proven operational experience
  • Procedures for maintenance or operation

Where it can be shown that any such suitable and sufficient protection already exists and that as such the design is inherently safe against the identified hazard, then demonstration of this deterministic protection may be sufficient. This can only happen if it is qualitatively judged that ALARP has been demonstrated. A qualitative risk ranking must place the residual risk associated with the hazard into either the "acceptable", or "tolerable and ALARP" classification to justify not applying further risk reduction techniques. The nature and number of deterministic safeguards required to resolve risk by demonstrating ALARP, is dependent on the severity and probability of the hazard resulting.
To ensure effective resolution, the use of any standards, codes of practice, test specifications, simulations, or calculations used in the design to protect against the hazard must be endorsed by the Safety Engineer responsible for the design and approved by an Engineering Manager. Where an operating or maintenance procedure is referenced then it must be an existing procedure already in use by the operator, or a newly approved procedure. For all hazards which cannot be shown to be either "acceptable" or "tolerable and ALARP" further justification is required to improve the residual risk. This is done by applying extra analysis to the options being assessed, by additional assessment of options, or by combining probabilistic analysis and options assessment to apply cost benefit analysis.
This approach ensures that risks are assessed in accordance with regulations and that both engineering and safety resources are directed to those hazards that present the greatest risk.


Delays to the re-signalling programme on the WCML required the Alstom built Class 390 Pendolino trains to operate on the existing infrastructure. This is predominantly DC track circuit signalling over much of the London to Glasgow route, exacerbated by many essential diversionary routes also requiring to compliance to Class 390 DC emissions.
On a consumed power versus DC Amps emitted basis, the Class 390 is probably the best performing locomotive in the UK. However, the high maximum power of the train (7MW) and DC track circuit sensitivity of less than 0.5A made EE&CS compliance difficult. The DC Track Circuit safety analysis submission, performed by Cecube on behalf of Alstom, was a Quantitative Risk Assessment (QRA) using extensive train / track infrastructure modelling techniques. This recommended approach for track infrastructure is detailed in the Network Rail Company Code of Practice Standard (NR/GN/SIG/50004) for DC Track Circuits. When the infrastructure model is augmented by a rolling stock specific DC signature (footprint), a full statistical QRA is possible to mathematically demonstrate compliance.

Contact Details top of page

Railway Group Standards links

Custom Search

Loading news - Please wait

Patents links

End of links