Assessment and Certification Rules for Digital Architectures
Urban and suburban railway networks are facing the need for improvements in cruise speed and reduced headways to enhance track capacity. Signalling systems are now widely computerised, but standardisation and a transition to communications-based solutions instead of hardware-based are pressing needs to improve operational efficiency.
ACRUDA aimed to develop a methodology for safety assessment of safety-critical digital architectures in the field of railway signalling in order to meet particular requirements of end-users and suppliers.
The primary objectives were the development of assessment criteria for safety architectures used in the guided public transport industry, and the specification of mutually recognised certification schemes. The secondary objectives were to ensure consistency with related EC projects and to establish a framework for standardisation of safety architectures.
ACRUDA has produced:
- recommendations on the content of a Quality Handbook that describes a quality system for assessment of safety-critical digital structures;
- a common set of assessment criteria to evaluate the processes and products of the digital architecture with regard to product life cycles - the ACRUDA assessment procedures and criteria for vital computers;
- software assessment criteria that address requirements, planning, design, testing, integration and validation of software products;
- hardware assessment criteria that cover requirements, design and testing with respect to defined standards, such as CEN03 or IEC01.
The following steps have been carried out to validate the assessment framework for practical use:
Three application cases helped gain experience on the use of the assessment methodology, for different types of safety digital structures:
- DIGISAFE, single channel architecture, based on the coded mono-processor;
- ELEKTRA, dual channel architecture, adopting safety bag techniques;
- SARA, modular computer-based architecture including distributed processing and a hierarchical layered control system, adopting hardware redundancy for vital sections.
Close interaction with the ERTMS (European Rail Traffic Management System) project strengthened the technical links for the application of assessment methods on ERTMS test sites.
The framework was tested at two demonstration sites in Paris (Matra) and Naples (Ansaldo).
Two User Group Meetings were organised with the aim of reaching relevant personnel in the European rail industry, especially those involved in ERTMS.
The project's results will be adopted for ongoing validation of ERTMS demonstration sites. ERTMS aims at defining new common standards in signalling and telecommunications systems in order to enhance the interoperability of railway networks. Along with desired increases in performance, the reduction of investment and operational costs is at the core of the ERTMS scheme.
The contribution of the ECARDA project to policy issues is expected to evolve in the overall development of rail traffic management concepts.