Official Journal of the European Union
COMMISSION REGULATION (EU) No 1169/2010
of 10 December 2010
on a common safety method for assessing conformity with the requirements for obtaining a railway safety authorisation
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive 2004/49/EC of the European Parliament and of the Council of 29 April 2004 on safety on the Community’s railways and amending Council Directive 95/18/EC on the licensing of railway undertakings and Directive 2001/14/EC on the allocation of railway infrastructure capacity and the levying of charges for the use of railway infrastructure and safety certification (Railway Safety Directive) (1), and in particular Article 6(1) thereof,
Having regard to Recommendation ERA/REC/SAF/09-2009 from the European Railway Agency, delivered to the Commission on 18 September 2009, on a common safety method (CSM) for conformity assessment,
The purpose of the common safety method (CSM) to be established is to provide a framework for national safety authorities to harmonise their decision-making criteria across the Union, in accordance with Article 17(4) of Directive 2004/49/EC. It should enable national safety authorities to assess conformity with requirements in a uniform manner.
The CSM should include all the harmonised requirements and assessment methods to enable national safety authorities to issue an infrastructure manager with a safety authorisation covering the adequacy of the safety management system in general and any network-specific authorisation. Furthermore, it is likely that the infrastructure manager will apply for the network-specific part of the authorisation at the same time as it applies for a general authorisation based on its safety management system.
National safety authorities assess the ability of an infrastructure manager to comply with all the requirements required to operate in general and on the specific network for which it is seeking an authorisation by assessing its safety management system at global level.
Each national safety authority needs to put in place arrangements to examine whether the results outlined in the application for a safety authorisation are being delivered in operation after the award of the authorisation and whether all the necessary requirements are complied with on a continuous basis, as required by Article 16(2)(f) and Article 17(2) of Directive 2004/49/EC. This therefore requires the development of a post-award supervision regime based on key fundamental principles in order to ensure a harmonised approach by national safety authorities in each Member State.
The measures provided for in this Regulation are in accordance with the opinion of the Committee referred to in Article 27(1) of Directive 2004/49/EC,
HAS ADOPTED THIS REGULATION:
This Regulation establishes a common safety method (CSM) for assessing conformity with requirements for obtaining safety authorisation as referred to in Article 6(3)(b) of Directive 2004/49/EC.
The CSM includes:
a procedure and criteria for assessing applications by infrastructure managers for safety authorisations as referred to in Article 11(1)(a) and (b) of Directive 2004/49/EC, as set out in Annex I and II to this Regulation;
principles for supervising compliance with the requirements of Directive 2004/49/EC after the national safety authority has granted the authorisation, as set out in Annex III to this Regulation.
For the purposes of this Regulation, the following definition shall apply:
‘supervision’ means the arrangements put in place by the national safety authority to oversee safety performance after it has granted a safety authorisation.
Procedures for assessing applications
1. When examining applications for safety authorisations submitted after the entry into force of this Regulation, national safety authorities shall apply the procedure set out in Annex I to this Regulation for assessing their conformity with requirements in Directive 2004/49/EC. The national safety authorities shall also use the assessment criteria set out in Annex II to this Regulation.
2. During assessment, national safety authorities may accept commitments by applicants that they will manage risks through the use of contracts with third parties. The contracts shall also specify the exchange of information needed to ensure the safe operation of vehicles, especially in areas relating to managing maintenance.
3. Products or services provided by contractors or suppliers to infrastructure managers shall be presumed to conform to safety requirements if the contractors, suppliers, or products are certified in accordance with relevant certification schemes established under Union legislation, for the provision of such products and services.
After granting a safety authorisation, national safety authorities shall supervise infrastructure managers’ continued application of their safety management system and shall apply the principles for supervision set out in Annex III.
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 10 December 2010.
For the Commission
José Manuel BARROSO
(1) OJ L 164, 30.4.2004, p. 44.
Procedure for assessing conformity with requirements for obtaining safety authorisations to be issued in accordance with Article 11(1)(a) and (b) of Directive 2004/49/EC
1. The procedures that a national safety authority puts in place to receive and assess applications and to award safety authorisation shall be built upon the following framework principles.
(a) Setting up and reviewing the assessment process
National safety authorities shall develop structured and auditable processes to be undertaken by suitably competent persons. They shall scrutinise applications against the assessment criteria for safety management systems set out in Annex II. They shall record and give reasons for all decisions. The national safety authority's overall assessment process shall be periodically internally reviewed and continuously improved to secure its continued effectiveness and efficiency.
(b) Quality of the assessment process
National safety authorities shall monitor the quality of their own performance at key stages in the processing of applications for safety authorisations.
(c) Scope of the assessment
The assessment shall be at management-system level and process-driven. Where scrutiny reveals shortcomings, the national safety authority may exercise discretion and, depending on the nature and seriousness of the non-conformity, shall outline the points which need to be enhanced. Ultimately, the national safety authority shall exercise its power to reject an application.
The assessment shall be:
appropriate to the risks, character and extent of operations of the applicant;
based on judgments of the infrastructure manager's overall ability to operate safely as described in its safety management system.
(d) Timing of the assessment
National safety authorities shall complete the assessment within the time required by Article 12 of Directive 2004/49/EC whilst ensuring that the evidence provided by the applicant is sufficiently examined. The national safety authority shall inform infrastructure managers of issues of major concern as early as practically possible during the assessment phase.
(e) Decision making during the assessment
A decision to accept or reject an application for a safety authorisation shall be based on the evidence provided by the applicant and on whether compliance with the relevant requirements has been shown or not.
2. The national safety authority shall assess whether the attached summary of the safety management system manual allows an initial judgment on the quality and appropriateness of the safety management system and shall decide in which areas further information is necessary. The national safety authority may, as part of this request for more information, seek as much detailed information as it deems reasonably necessary to help its assessment of the application.
3. When granting a safety authorisation, compliance of the applicant's safety management system with the assessment criteria shall be documented in relation to each assessment criterion.
4. When identifying a point of query or possible non-compliance, the national safety authority shall be specific and help the applicant to understand the level of detail expected in the response. To do this it shall:
refer accurately to the relevant criteria and ensure that the applicant has understood clearly the identified areas of non-compliance;
identify the relevant part of related regulations, rules, and standards;
state why the assessment criterion is not met;
agree on further commitments, information and any supporting evidence to be provided, as required by the level of detail of the criterion, and specify both the action required by the applicant to rectify the deficiency and the timeframe for compliance;
specify areas which could be subject to further scrutiny through supervision after the award of the authorisation.
Criteria for assessing conformity with the requirements for obtaining safety authorisations to be issued in accordance with Article 11(1)(a) and (b) of Directive 2004/49/EC
A. RISK CONTROL MEASURES FOR ALL RISKS ASSOCIATED WITH THE ACTIVITY OF THE INFRASTRUCTURE MANAGER (1)
There are procedures in place to identify risks associated with railway operations, including those directly arising from work activities, job design or workload and the activities of other organisations/persons.
There are procedures in place to develop and put in place risk control measures.
There are procedures in place to monitor the effectiveness of risk control arrangements and to implement changes when required.
There are procedures in place to recognise the need to work together with other entities (such as railway undertakings, manufacturer, maintenance supplier, entity in charge of maintenance, railway vehicle keeper, service provider and procurement entity), where appropriate, on issues where they have shared interfaces that are likely to affect the putting in place of adequate risk control measures in accordance with Article 4(3) of Directive 2004/49/EC.
There are procedures for agreed documentation and communication with the relevant entities, including the identification of roles and responsibilities of each participating organisation and the specifications for information exchanges.
There are procedures to monitor the effectiveness of these arrangements and to implement changes when required.
B. RISK CONTROL RELATED TO THE SUPPLY OF MAINTENANCE AND MATERIAL (2)
There are procedures to derive maintenance requirements/standards/processes from safety data.
There are procedures to adapt maintenance intervals according to the type and extent of service performed.
There are procedures to ensure that the responsibility for maintenance is clearly defined to identify the competencies required for maintenance posts and to allocate appropriate levels of responsibility.
There are procedures to collect information on malfunctions and defects arising from day-to-day operation and to report them to those responsible for maintenance.
There are procedures to identify and report risks arising from defects and construction non-conformities or malfunctions throughout the lifecycle to interested parties.
There are procedures to verify and control the performance and results of maintenance to ensure that they comply with corporate standards.
C. RISK CONTROL RELATED TO THE USE OF CONTRACTORS AND CONTROL OF SUPPLIERS (3)
There are procedures to verify the competence of contractors (including subcontractors) and suppliers.
There are procedures to verify and control the safety performance and results of all contracted services and products supplied either by the contractor or supplier to ensure that they comply with the requirements set out in the contract.
Responsibilities and tasks relating to railway safety issues are clearly defined, known and allocated between the contracting partners and among all other interested parties.
There are procedures to ensure traceability of safety-related documents and contracts.
There are procedures to ensure that safety tasks, including the exchange of safety-related information, are performed by the contractors or the supplier according to relevant requirements set out in the contract.
D. RISKS ARISING FROM THE ACTIVITIES OF OTHER PARTIES EXTERNAL TO THE RAILWAY SYSTEM (4)
There are procedures to identify potential risks from parties external to the railway system where appropriate and reasonable.
There are procedures to establish control measures to mitigate the risks identified under D1 insofar as the responsibilities of the applicant are concerned.
There are procedures to monitor the effectiveness of the measures identified under D2 and implement changes where appropriate.
E. DOCUMENTATION OF THE SAFETY MANAGEMENT SYSTEM
There is a description of the activity that makes clear the type, extent and risk of operation.
There is a description of the structure of the safety management system, including the allocation of roles and responsibilities.
There is a description of safety management system procedures required by Article 9 and Annex III of Directive 2004/49/EC, consistent with the type and extent of services operated.
Safety-critical processes and tasks relevant to the type of activity/service are listed and briefly described.
F. DISTRIBUTION OF RESPONSIBILITIES (5)
There is a description of how coordination of safety management system activities across the organisation is ensured, based on proven knowledge and lead responsibility at management level.
There are procedures to ensure that staff with delegated responsibilities within the organisation have the authority, competence and appropriate resources to fulfil their duty.
Safety-related areas of responsibility and the distribution of responsibilities to specific functions associated with them, together with their interfaces, are clearly defined.
There is a procedure to ensure that safety tasks are clearly defined and delegated to staff with appropriate competence.
G. SECURING CONTROL BY THE MANAGEMENT ON DIFFERENT LEVELS (6)
There is a description of how responsibilities are allocated for each safety-related process throughout the organisation.
There is a procedure for regular monitoring of task performance assured by the line management chain that must intervene if the tasks are not being properly performed.
There are procedures to identify and manage the impact of other management activities on the safety management system.
There are procedures to hold those with a role in the management of safety accountable for their performance.
There are procedures to allocate resources to deliver the tasks under the safety management system.
H. INVOLVING STAFF AND THEIR REPRESENTATIVES ON ALL LEVELS (7)
There are procedures in place to ensure that staff and staff representatives are adequately represented and consulted in defining, proposing, reviewing and developing the safety aspects of operational procedures that may involve staff.
Staff involvement and consultation arrangements are documented.
I. ENSURING CONTINUOUS IMPROVEMENT (8)
There are procedures in place to ensure, where reasonably practicable, the continuous improvement of the safety management system; these shall include:
procedures for periodic reviews of the safety management system, as found to be necessary;
procedures for describing arrangements to monitor and analyse relevant safety data;
procedures for describing how identified shortcomings are rectified;
procedures for describing the implementation of new safety management rules based on development and lessons learnt;
procedures for describing how internal audit findings are used to bring about improvement in the safety management system.
J. SAFETY POLICY APPROVED BY THE ORGANISATION’S CHIEF EXECUTIVE AND COMMUNICATED TO ALL STAFF (9)
A document describing the organisation’s safety policy exists and is:
communicated and made available to all staff, e.g. via the organisation’s intranet;
appropriate to the type and extent of service;
approved by the organisation’s chief executive.
K. QUALITATIVE AND QUANTATIVE TARGETS OF THE ORGANISATION FOR MAINTAINING AND ENHANCING SAFETY, AND PLANS AND PROCEDURES FOR REACHING THESE TARGETS (10)
There are procedures to determine relevant safety targets in line with the legal framework, and there is a document stating these targets.
There are procedures to determine relevant safety targets consistent with the type and extent of the railway operations covered and the relevant risks.
There are procedures to regularly assess overall safety performance in relation to the organisation's corporate safety targets and to those established at member state level.
There are procedures in place to regularly monitor and review operational arrangements by:
collecting relevant safety data to derive trends in safety performance and assess compliance with targets;
interpreting relevant data and implementing necessary changes.
There are procedures in place by the infrastructure manager to develop plans and procedures for reaching its targets.
L. PROCEDURES TO MEET EXISTING, NEW AND ALTERED TECHNICAL AND OPERATIONAL STANDARDS OR OTHER PRESCRIPTIVE CONDITIONS (11)
For safety-related requirements relevant to the type and extent of operations, there are procedures for:
identifying these requirements and updating relevant procedures to reflect changes made to them (change control management);
monitoring compliance with them;
taking action when non-compliance is identified.
There are procedures in place to ensure that the right staff, procedures, specific documents, equipment and rolling stock are used for the purpose intended.
The safety management system has procedures in place to ensure that maintenance is carried out according to the relevant requirements.
M. PROCEDURES AND METHODS FOR CARRYING OUT RISK EVALUATION AND IMPLEMENTING RISK CONTROL MEASURES WHENEVER A CHANGE OF THE OPERATING CONDITIONS OR NEW MATERIAL IMPOSES NEW RISKS ON THE INFRASTRUCTURE OR ON OPERATION (12)
There are management procedures for changes in equipment, procedures, organisation, staffing or interfaces.
There are risk assessment procedures to manage changes and to apply the CSM on risk evaluation and assessment as referred to in Commission Regulation (EC) No 352/2009 (13) when required.
There are procedures in place to feed the results of risk assessment into other processes within the organisation and make them visible to relevant staff.
N. PROVISION OF STAFF TRAINING PROGRAMMES AND SYSTEMS TO ENSURE THAT STAFF COMPETENCE IS MAINTAINED AND TASKS CARRIED OUT ACCORDINGLY (14)
There is a competence management system that includes at least:
identification of the knowledge and skills required for safety-related tasks;
selection principles (basic educational level, mental aptitude and physical fitness required);
initial training and certification of acquired competence and skills;
ongoing training and periodic update of existing knowledge and skills;
periodic checks of competence where appropriate;
special measures in case of accidents/incidents or long absence from work, as required/where appropriate;
specific safety management system training for staff directly involved in ensuring that the safety management system works.
There are procedures within the competence management system providing for:
the identification of posts that perform safety tasks;
the identification of posts that entail responsibilities for taking operational decisions within the safety management system;
staff to have the necessary knowledge, skills and aptitude (medical and psychological) appropriate to their tasks and periodically undergo retraining;
allocating staff with the competence appropriate to relevant tasks;
monitoring how tasks are performed and implementing corrective actions where required.
O. ARRANGEMENTS FOR THE PROVISION OF SUFFICIENT INFORMATION WITHIN THE ORGANISATION AND, WHERE APPROPRIATE, BETWEEN ORGANISATIONS OPERATING ON THE SAME INFRASTRUCTURE (15)
There are procedures to ensure that:
staff have knowledge and understanding of the safety management system and information is easily accessible; and
appropriate documentation on the safety management system is given to relevant safety personnel.
There are procedures to ensure that:
key operational information is relevant and valid;
staff are aware of its existence before it is applied;
it is available to staff and where required copies are formally given to them.
There are arrangements in place for the sharing of information between the infrastructure manager and other railway undertakings.
P. PROCEDURES AND FORMATS FOR DOCUMENTING SAFETY INFORMATION, AND DESIGNATION OF A PROCEDURE FOR CONFIGURATION CONTROL OF VITAL SAFETY INFORMATION (16)
There are procedures to ensure that all relevant safety information is accurate, complete, consistent, easy to understand, appropriately updated, and duly documented.
There are procedures to:
format, generate, distribute and manage control of changes to all relevant safety documentation;
receive, collect and store all relevant documentation/information on paper or by other registration systems.
There is a procedure for configuration control of vital safety information.
Q. PROCEDURES TO ENSURE THAT ACCIDENTS, INCIDENTS, NEAR MISSES AND OTHER DANGEROUS OCCURRENCES ARE REPORTED, INVESTIGATED AND ANALYSED AND THAT NECESSARY PREVENTIVE MEASURES ARE TAKEN (17)
There are procedures to ensure that accidents, incidents, near misses and other dangerous occurrences:
are reported, logged, investigated and analysed;
are reported, as required by relevant legislation, to national bodies.
There are procedures to ensure that:
recommendations from the national safety authority, from the national investigating body, and from industry/internal investigations are evaluated and implemented if appropriate or mandated;
relevant reports/information from other railway undertakings, infrastructure managers, entities in charge of maintenance and railway vehicle keepers are considered and taken into account.
There are procedures for relevant information relating to the investigation and causes of accidents, incidents, near misses and other dangerous occurrences to be used to learn and, where required, to adopt preventive measures.
R. PROVISION OF PLANS FOR ACTION AND ALERTS AND INFORMATION IN CASE OF EMERGENCY, AGREED UPON WITH THE APPROPRIATE PUBLIC AUTHORITIES (18)
A document identifies all types of emergency, including degraded operations, and there are procedures in place to identify new ones.
There are procedures in place to ensure that, for each identified type of emergency:
the emergency services can be promptly contacted;
the emergency services are provided with all relevant information both in advance, to prepare their emergency response, and at the time of an emergency.
The roles and responsibilities of all parties are identified and set out in a document.
Plans for action, alerts and information exist and include:
procedures to alert all staff with responsibility for emergency management;
arrangements to communicate these to all parties, including emergency instructions for passengers;
arrangements for contacting competent staff immediately so they can take any decisions required.
There is a document describing how resources and means have been allocated and how training requirements have been identified.
There are procedures in place to re-establish normal operating conditions as soon as possible.
There are procedures for testing emergency plans in cooperation with other parties to train staff, test procedures, identify weak points and verify how potential emergency situations are managed.
There are procedures in place to coordinate emergency plans with railway undertakings which operate on the organisation’s infrastructure and any other infrastructure with which it has an interface.
There are arrangements in place to halt operations and railway traffic promptly, if necessary, and to inform all interested parties of the action taken.
S. PROVISIONS FOR RECURRENT INTERNAL AUDITING OF THE SAFETY MANAGEMENT SYSTEM (19)
There is an internal auditing system which is independent and impartial and which acts in a transparent way.
There is a schedule of planned internal audits which can be revised depending on the results of previous audits and monitoring of performance.
There are procedures in place to identify and select suitably competent auditors.
Procedures are in place to:
analyse and evaluate the results of the audits;
recommend follow-up measures;
follow up the effectiveness of measures;
document the execution of audits and the results of audits.
There are procedures to ensure that senior levels of the management chain are aware of the results of audits and take overall responsibility for implementation of changes to the safety management system.
There is a document showing how audits are planned in relation to routine monitoring arrangements to ensure compliance with internal procedures and standards.
T. SAFE DESIGN OF THE RAILWAY INFRASTRUCTURE (20)
There are procedures to ensure the safe design of the infrastructure throughout the life-cycle of the infrastructure, covering design and installation.
There are procedures which take into account technical change of the infrastructure and the management of that change.
There are procedures which show that relevant rules covering the design of the infrastructure and any national safety methods have been identified and that the applicant can comply with them.
U. SAFE OPERATION OF THE INFRASTRUCTURE (21)
There are procedures to ensure that the infrastructure is managed and operated safely, taking into account the number, type and extent of operators running services on the network including all necessary interactions depending on the complexity of the operation.
There are procedures which show how safety is managed at the physical and/or operational borders of the infrastructure.
There are procedures which show how effective cooperation and coordination is managed, both in normal and emergency situations.
There are procedures which show that rules covering the safe operation and management of infrastructure/vehicle interfaces have been identified and that the applicant can comply with them.
V. PROVISION OF MAINTENANCE & MATERIAL (22)
There are procedures to ensure that maintenance of the infrastructure is undertaken safely, including clear management control and documented audit and inspection.
There are procedures which ensure that the maintenance of the infrastructure meets the specific needs of the network.
There are procedures which show that rules covering the supply of maintenance and material have been identified and that the applicant can comply with them.
W. MAINTENANCE AND OPERATION OF THE TRAFFIC CONTROL AND SIGNALLING SYSTEM (23)
There are procedures to ensure that the traffic control and signalling system is operated and maintained so as to ensure the safe operation of the railway.
There are procedures to comply with existing, new and altered technical and operational standards.
There are procedures which set out how safety is managed at the physical and/or operational borders of the traffic control and signalling system, including how cooperation, if necessary, is managed.
There are procedures which show that rules covering the safe operation and maintenance of the traffic control and signalling system have been identified and that the applicant can comply with them.
(1) Article 9(2) of Directive 2004/49/EC.
(2) Article 9(2) of Directive 2004/49/EC.
(3) Article 9(2) of Directive 2004/49/EC.
(4) Article 9(2) of Directive 2004/49/EC.
(5) Annex III to Directive 2004/49/EC, point 1.
(6) Annex III to Directive 2004/49/EC, point 1.
(7) Annex III to Directive 2004/49/EC, point 1.
(8) Annex III to Directive 2004/49/EC, point 1.
(9) Annex III to Directive 2004/49/EC, point 2(a).
(10) Annex III to Directive 2004/49/EC, point 2(b).
(11) Annex III to Directive 2004/49/EC, point 2(c).
(12) Annex III to Directive 2004/49/EC, point 2(d).
(13) OJ L 108, 29.4.2009, p. 4.
(14) Annex III to Directive 2004/49/EC, point 2(e).
(15) Annex III to Directive 2004/49/EC, point 2(f).
(16) Annex III to Directive 2004/49/EC, point 2(g).
(17) Annex III to Directive 2004/49/EC, point 2(h).
(18) Annex III to Directive 2004/49/EC, point 2(i).
(19) Annex III to Directive 2004/49/EC, point 2(j).
(20) Article 11(1)(b) of Directive 2004/49/EC.
(21) Article 11(1)(b) of Directive 2004/49/EC.
(22) Article 11(1)(b) of Directive 2004/49/EC.
(23) Article 11(1)(b) of Directive 2004/49/EC.
Principles for supervision after the award of an authorisation
The approach of national safety authorities to supervision of compliance as referred to in Articles 4(1) and 16(2)(e) of Directive 2004/49/EC shall be based on the following principles. These principles apply to the framework of supervision activities as a whole and to individual cases within that framework.
National safety authorities shall apply the principle of proportionality between enforcement and risk. Action taken by a national safety authority to achieve compliance or bring infrastructure managers to account for not meeting their legal obligations shall be proportionate to any risks to safety or to the potential seriousness of any non-compliance, including any actual or potential harm.
National safety authorities shall apply the principle of consistency of approach to ensure that a national safety authority takes a similar approach in similar circumstances to achieve similar ends.
National safety authority supervision activity shall be targeted primarily at those activities which a national safety authority believes give rise to the most serious risks or where the hazards are least well-controlled. To do so, the national safety authority shall have methods and power to assess the day-to-day safety performance of the infrastructure manager.
National safety authorities shall decide on priorities to use their resources effectively but the decision on how best to do that should rest with each individual national safety authority. Action shall be focused on those who are responsible for the risk and who are best placed to control it.
National safety authorities shall apply the principle of transparency to help infrastructure managers understand what is expected of them (including what they should or should not do) and what they should expect from the national safety authority.
National safety authorities shall be accountable for their decisions in accordance with Article 17(3) of Directive 2004/49/EC. National safety authorities shall therefore have policies and principles by which they can be assessed. Moreover, national safety authorities shall also have a complaints procedure.
National safety authorities shall develop cooperation arrangements between each other in order to share information with each other and to coordinate their response to any breaches of safety. In addition, national safety authorities shall develop cooperation arrangements with other competent authorities in order to share information and to develop unified approaches to issues that impinge on railway safety.