Key Benefits:
| Chapter 1 | Scope and definitions |
| Chapter 2 | Application for commissioning permission |
| Chapter 3 | Modification of existing railway infrastructure |
| Chapter 4 | Use of the auditors |
| Chapter 5 | Commissioning of railway infrastructure |
| Chapter 6 | Pensation |
| Chapter 7 | Punishment and redress |
| Chapter 8 | Entry into force and transitional provisions |
| Appendix 1 | DEFINITIONS AND CONCEPTS |
| Appendix 2 | RISK ASSESSMENT |
| Appendix 3 | ASSESSOR'S SAFETY ASSESSMENT REPORT |
Completion of the commissioning authorisation for subsystems in the railway infrastructure
In accordance with section 21 h (1) (i), ONE, ONE. pkt., section 21 k, paragraph 1. 5 and 6, section 22, paragraph 1. 6, section 24 c (3). Article 26 (2) and section 26 (2). ONE, ONE. pkt;, in the law of rail, cf. Law Order no. 1249 of 11. In November 2010, according to section 24 h, paragraph, shall be adopted. 1 :
Chapter 1
Scope and definitions
Scope of application
§ 1. The notice shall lay down procedures applicable to the application for commissioning authorisations for the railway infrastructure, cf. however, section 3.
Paragraph 2. The Traffic Management Board may issue commissioning authorizations with terms and conditions, including Fixed Term.
Paragraph 3. The Traffic Management Board may revoke application entitlements for failure to comply.
§ 2. Railway infrastructure not covered by the risk assessment regulation (CSM-RA) shall comply with the risk assessment requirements set out in Annex 1-3 for this notice.
§ 3. The announcement shall not apply to :
1) Veteranlanes.
2) Private railway infrastructure used exclusively for the owner's own freight transport.
Definitions
§ 4. For the purposes of this notice :
1) Applies : A contracting entity, as defined in Article 2 (r) of the interoperability Directive.
2) Accreditation : accreditation, as defined in notification of the accreditation of the accreditation of the railway undertakings.
3) Assessor : An independent and competent, external or internal person, organisation or entity carrying out investigations to reach a decision based on an objective basis of the suitability of a system to meet the safety requirements ; It is made to do so.
4) CSM-RA : Commission implementing regulation no. 402 /2013/EU of 30. April 2013 on the common safety method for risk assessment and-assessment and repealing of Regulation (EC) No 2. 352/2009.
5) Subsystems : The result of the fragmentation of the rail system into structural or functional defined subsystems, cf. Article 2 (e) and Annex II of the Interoperability Directive.
6) Renewal : A greater work that is about to replace a subsystem or part of a subsystem without changing the overall performance of the subsystem, cf. Article 2 (n) of the Interoperability Directive.
7) Proposents : Proposor as defined in CSM-RA Article 3 (s) 11, or Annex 1, section 2, nr. 11, in this procladition.
8) Proposal statement : Written statement as specified in the CSM-RA Article 16 or Annex 1 (7) of this Order.
9) The operating permit for a subsystem in the railway infrastructure means the approval of the security characteristics of the subsystem as well as the compliance of the subsystem in compliance with applicable law.
10) The Interoperability Directive : Directive 2008 /57/EC of the European Parliament and of the Council of 17. June 2008 on the interoperability of the railway system in the Community, carried out by executive order no. 459 of 28. In April 2010, with subsequent changes.
11) Railway infrastructure as defined in Article 3 (2) Three, in the EU-Parliament and Council Directive 2012 /34/EU on the creation of a common European railway area.
12) Upgrade : A larger work that is to replace a subsystem or part of a subsystem that improves the overall performance of the subsystem, cf. Article 2 (m) of the interoperability Directive.
13) Risk assessment : The overall process, which includes a risk analysis and a risk assessment, cf. Article 3 (2), 4, in CSM-RA or Annex 1, Section 2, of this notice.
14) Significant change : a change that affects the security, as specified in Article 4 of the CSM-RA or Annex 1 (3) of this notice.
15) Security Assessment Report : A document containing the conclusions of an assessment carried by an examiner by the system in question, cf. CSM-RA Article 3, nr. 12, or Annex 1, Section 6, of this notice.
16) System Definition : The description of a subsystem or part of a subsystem and its use, interfaces and interaction with all surroundings, cause of the renewal or upgrade, and all identified requirements of the subsystem or part of a part of a subsystem ; the subsystem as described in 2.1.2 of Annex I, CSM-RA, or Annex 2, section 3.1.2, of this notice.
17) TSIs : A technical specification for interoperability adopted under the interoperability directive, applicable to each subsystem or part of a subsystem designed to meet the essential requirements and ensure interoperability of the trans-European rail system.
18) Veteranlane : the infrastructure of the VA, as defined in the notice of non-commercial railway operation.
Chapter 2
Application for commissioning permission
§ 5. Applications for the commissioning permit may take place using the application form of the Traffic Management application. The schedule for the application is on the traffic management website.
Paragraph 2. Where applicants submit documentation written in languages other than Danish or English, the Management Board may require an applicant to translate the documentation into one of the two languages referred to.
§ 6. Railway infrastructure may not be used until the Traffic Management Board has issued commissioning authorisations to the structural subsystems used in the railway infrastructure, as well as that section 11 is met.
Paragraph 2. The application for the Traffic Management Board for a commissioning authorisation for a structural subsystem in the railway infrastructure must be attached :
1) system definition
2) the safety assessment report in accordance with the CSM-RA or Annex 1-3 of this notice drawn up by a examiner, cf. § 10,
3) author ' s written declaration that all identified hazards and risks are kept at an acceptable level, cf. CSM-RA Article 16 and Annex 1, Section 7, of this Order, and
4) a " EC " declaration of verification, cf. Article 18 of the interoperability Directive, the subsystem is covered by a TSI.
Chapter 3
Modification of existing railway infrastructure
Assessment of the change
§ 7. Before a change in an existing railway infrastructure is implemented, the undertaking which is intended to modify the amendment shall assess whether the amendment is significant in accordance with the principles set out in Article 4 (2). 1 and 2, in the CSM-RA or Annex 1 of this notice.
Paragraph 2. Evaluate it that the change, cf. paragraph 1 is significant, the company must submit the traffic management to the Traffic Control as set out in section 9.
Paragraph 3. Evaluate the fact that the change is to consider a renewal or upgrade, cf. The interoperability directive must submit the amendment to the Traffic Control Agency as set out in section 9.
Changes that do not require a new commissioning permission
§ 8. Amendment of a subsystem that is not covered by the evaluation in section 7 (4). 2 or 3 does not require a commissioned authorisation from the Traffic Management Board. Such changes shall be carried out in accordance with the railway infrastructure manager ' s security management system.
Immolation of changes in the railway infrastructure
§ 9. In the event of an alteration of an existing subsystem, which is considered to be significant or which are considered to be a renewal or upgrade, cf. Section 7 (2). 2 or 3 is submitted a project description to the Traffic Management Board before the change is initiated. The Traffic Management Board shall take a decision as to whether the modification requires a new commissioned authorisation in accordance with section 6.
Paragraph 2. The project description shall include the following :
1) Documentation for the impact of the company on the significance of the change, cf. § 7.
2) A preliminary system definition of the change to the subsystem, including information about :
a) the undertaking wants to use documentation from a corresponding change which has previously obtained an approval in Denmark, an EU or the EEA country after identical requirements under corresponding operating conditions, and
b) whether the change according to the company ' s assessment is subject to the TSI requirements.
Chapter 4
Use of the auditors
§ 10. Apples must use an assessor for the assessment of the risk assessment of the applicant in connection with the application for the authorisation for use of the application.
Paragraph 2. Assessor must complete a security assessment report, cf. CSM-RA or Annex 3 of this notice to be included in the application for authorisation for entry into service.
Paragraph 3. The auditor must be accredited by an accreditation body, after notification of the accreditation of the accreditation of the railway undertakings in the railway sector, where this assesses the following changes :
1) Infrastructure project, which has its own land law or document.
2) Amendment, which includes the European train control and signalling system (ERTMS).
3) Amendment, which covers the national establishment of subsystems or nationwide replacement of subsystems.
Paragraph 4. An inspector who is not accredited shall be approved by the Traffic Management Board following the approval of the processors and experts in connection with the approval of railway infrastructure and vehicles.
Chapter 5
Commissioning of railway infrastructure
§ 11. A structural subsystem in the railway infrastructure to which the Traffic Management Board has issued in service authorisation can only be used in the use of railway infrastructure managers.
Paragraph 2. Before using a structural infrastructure subsystem in the railway infrastructure, the railway infrastructure manager shall implement the necessary risk measures in accordance with the rules for the approval of railway infrastructure managers.
Chapter 6
Pensation
§ 12. The Management Board may dispense with the provisions of this notice, where it is, moreover, compatible with EU rules in this field.
Chapter 7
Punishment and redress
Punishment
§ 13. The withdrawal of section 6 (2). Paragraph 1 shall be punished by penalty unless higher penalties are imposed on the rail road by section 22.
Paragraph 2. The person who makes a change without carrying out an assessment as specified in section 7 shall be punished by penalty unless higher penalties are imposed on the rail road.
Paragraph 3. The conditions laid down in section 1 (1) of this Article shall be subject to the conditions laid down in Article 1. Two, punishable by fine.
Paragraph 4. Companies can be imposed on companies, etc. (legal persons) punishable by the rules of the penal code 5. Chapter.
Appeal access
§ 14. Any person who has received a decision on discharges or only partial partial response to an application may, within four weeks, request the Traffic Management Board to re-evaluate the case.
Paragraph 2. where the case referred to in paragraph 1 is renewed, Paragraph 1 does not, in the case of the complainant, be able to reach the Board of Railway, within four weeks of the time being brought before the rail.
Chapter 8
Entry into force and transitional provisions
§ 15. The announcement shall enter into force on the 21. May 2015.
Paragraph 2. Publication no. 1187 of 12. December 2012 on the commissioning authorisation for the infrastructure subsystem in the railway infrastructure, cf. however, paragraph 1 3.
Paragraph 3. For applications for commissioning authorisation received in the Traffic Management Board before 21. In May 2015, the applicable rules have been applied in the past.
Traffic Management, the 8th. May 2015
Carsten Falk Hansen
/ Marianne Callowed Zauner
Appendix 1
DEFINITIONS AND CONCEPTS
1. Scope and scope
This Annex lays down the conditions for risk assessment for the railway systems which are not covered by the CSM RA, cf. Section 2 of the notice.
The risk assessment method shall apply by :
-WHAT? metros, trailers, and letdown systems ; and
-WHAT? nets that are functionally separated from the rest of the rail system, which are designed only for passenger transport in local, urban and suburban areas.
2. Definitions
In the case of risk assessment, the definitions set out in Article 3 of Directive 2004 /49/EC shall apply.
The following definitions shall also apply :
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3. Significante changes
The successful tenderer shall adopt a position on the potential impact of the change in the safety of the rail system. If the proposed change has no effect on security, there is no need to use the risk management process described in section 4 of this Annex.
In the case of the proposed change of security, the author of the proposer on the basis of an expert opinion on the significance of the change shall be based on the following criteria :
1) Dare of failure : a plausible, worst-conceivable scenario in the event of failure of the system under evaluation, in the case of security barriers outside the system ;
2) innovations used to make the change : this applies to both for what is innovative to the railway sector and what is only new to the organisation that implements the change ;
3) The complexity of the change
4) monitoring : failure to control the completed change in the overall life cycle of the system and make appropriate action ;
5) reversibility : inability to revert to the system as it was before the change
6) accumulation : assessment of the significance of the change, taking into account all recent safety-related changes which were not considered significant by the system that has been considered to be assessed.
The tenderer shall keep sufficient evidence to justify its decision.
4. Risk Management Process
The successful tenderer shall be responsible for ensuring that the risk management process described in Annex 2 is applied to a significant change, as specified in Section 3 of this Annex.
The tenderer shall ensure that the risks which are anchors by their suppliers, service providers and their sub-contractors are governed by the requirements of the Annexes to this notice. The successful tenderer may, for this purpose, agree with its suppliers, service providers and their sub-contractors that they have a duty to participate in the risk management process described in Appendix 2.
5. Independent Rating
An independent assessment of the suitability of the suitability of the risk management process in Annex 2 shall be carried out by an independent examiner, and shall be used by an independent examiner. This examiner shall be accredited by an accreditation body, in accordance with the notification of the accreditation of the accreditation of the rail sector or approved by the Traffic Management Board, in accordance with the notice of approval of the processors and experts in the context of the approval of railway infrastructure and vehicles, cf. section 10 of this notice.
In order to carry out the independent assessment, the examiner must :
(a) ensure that the examiner himself has a detailed understanding of the significant change on the basis of the documentation provided by the author of the proposal ;
(b) perform an assessment of the processes used to control the safety and quality during the design and implementation of the significant change if these processes are not already certified by an appropriate ; conformity assessment body,
c) carry out an assessment of the use of these security and quality processes during the design and implementation of the significant change.
When the assessment has been carried out in accordance with points (a), (b) and (c), the examiner shall prepare a safety assessment report as provided for in section 6 of this Annex and in the notice Annex 3 of this Annex.
Doppings must be avoided in the case of the following assessments :
(a) the conformity assessment of the security management system and the maintenance system of the maintenance units responsible for maintenance required by Directive 2004 /49/EC;
(b) any other independent assessment carried out by the examiner in accordance with Annex 1 (3).
6. Security Assessment Reports
Assessor will submit a safety assessment report in accordance with the requirements of Appendix 3 of this Order Decision. The successful tenderer shall be responsible for determining whether and how the conclusions of the safety assessment report shall be taken into account in the acceptance of the assessment of the estimated change. In the end, the author of the proposal is in a position to disagree with part of the safety assessment report, justify and document its position.
If a system or a subsystem has already been accepted as a conclusion of the risk management process specified in Annex 1-3 to this notice, the resulting safety assessment report shall not be called into question by any other director of responsibility ; to carry out a new assessment of the same system. Mutual recognition requires documentation that the system will be applied to the same functional, operational and environmental conditions, as is the case already for the already accepted system and that similar risk acceptance criteria are used.
7. Proposal statement declaration
On the basis of the results of the application of Annex 1-3 of this notice and the assessment report of the assessment shall be made by the author of a written declaration that all identified hazards and risks in these hazards have been kept acceptable ; level.
8. Risk Management System and Revisions
Rail infrastructure managers shall allow audits of the use of the risk assessment safety method to be included in their current audit system for the security management system, cf. Article 9 of Directive 2004 /49/EC.
9. Feedback and technical progress
Each railway infrastructure manager shall report in its annual safety report, cf. Article 9 (1). 4, in Directive 2004 /49/EC, in summary of its experience with the application of this security method for risk assessment. The report shall also contain a summary of the decisions concerning the significance of the change.
Appendix 2
RISK ASSESSMENT
1. Scope and scope
This Annex lays down the conditions for risk assessment for the railway systems which are not covered by the CSM RA, cf. Section 2 of the notice.
The risk assessment method shall apply by :
-WHAT? metros, trackwagons and letdown systems ; and
-WHAT? nets that are functionally separated from the rest of the rail system, which are designed only for passenger transport in local, urban and suburban areas.
2. GENERAL PRINCIPLES OF THE RISK MANAGEMENT PROCESS
2.1. General principles and obligations
2.1.1. The risk-management process is based on a definition of the system assessed and includes the following activities :
(a) the risk-assessment process in which an identification of the risks is made, the risks, the associated security measures and the following safety requirements, which the assessed system must meet ;
(b) the demonstration that the system meets the safety requirements laid down ; and
c) management of all identified hazards and associated security measures.
This risk management process is an iterative process, and it is etc in the diagram in this annex. The process will be completed when it is shown that the system meets all security requirements that are necessary to accept the risks associated with the identified hazards.
2.1.2. The risk-management process must include suitable quality assurance activities and carried out by competent employees. It must be the subject of an independent assessment carried out by one or more of the auditors.
2.1.3. The broadcaster with responsibility for the risk management process leads to an ongoing pharastership according to paragraph 5.
2.1.4. The operators who have already established risk assessment methods or tools may continue to apply these where they are compatible with Annex 1-3 of this notice under the following conditions :
(a) the risk assessment methods or tools are described in a security management system accepted by a national security authority in accordance with Article 10 (1). Paragraph 2 (a) or Article 11 (1). 1 (a) of Directive 2004 /49/EC, or
b) the risk assessment methods or tools are required in accordance with a TSI or meet publicly available recognised standards specified in the national provisions of the notification.
2.1.5. Without prejudice to the laws of the Member States concerning civil liability, the author ' s liability shall be responsible for the risk assessment process. With the consent of the stakeholders concerned, the author of the motion for a motion, in particular, shall decide who is responsible for complying with the safety requirements arising from the risk assessment. The safety requirements to be provided by the author of the proposer shall not be provided outside the scope of their responsibility and control. This decision shall depend on the type of security measures chosen to maintain the risks of an acceptable level. The performance of the safety requirements shall be shown in accordance with point 4.
2.1.6. In the first phase of the risk management process, the author of the Proposal document will document the tasks and the risk management activities of the various actors. The successful tenderer shall be responsible for coordinating close cooperation between the various actors concerned under their respective tasks in order to deal with the dangers and the associated security measures.
2.1.7. It is the responsibility of the independent examiner to evaluate the correct application of the risk management process.
2.2. Interfaces Management
2.2.1. For each interface of relevance for the estimated system and with reservation for interface specifications defined in relevant TSIs, the relevant railway sector operators shall cooperate in order to identify and manage the dangers and take them together ; necessary safety precautions for these interfaces. The successful tenderer coordinates the management of common hazards in the interfaces.
2.2.2. If a stakeholder in fulfils of a safety requirement determines a need for a security measure that the operator may not carry out, the holder shall, by agreement with another operator, arrange the handling of the danger to the latter in question ; according to the process described in paragraph 5.
2.2.3. As far as the estimated system is concerned, any actor who ascertains that a safety measure does not meet the requirements or is inadequate shall be responsible for notifying this to the author who subsequently informs the actor who : implement the safety measure.
2.2.4. The stakeholder who implements the safety measure shall then inform all stakeholders concerned within the terms of the system or-provided that the operator is aware of this-within other existing systems, where it is carried out ; the same safety measure is used.
2.2.5. If there is a difference of opinion between two or more actors, it is up to the author of the motion to find a solution.
2.2.6. If a stakeholder does not meet a requirement in notified national regulations, the author ' s advices shall seek advice from the relevant competent authority.
2.2.7. Independently for the definition of the assessed system, the author is responsible for ensuring that the risk management encomps the system itself and its integration into the overall rail system.
3. DESCRIPTION OF THE RISK ASSESSMENT PROCESS
3.1. General Description
3.1.1. The risk-assessment process is the overall iterative process, which includes :
a) the system definition
b) risk analysis, including hazard identification,
c) risk evaluation.
The risk-assessment process must be included in a interaction with the management of hazards in accordance with paragraph 5.1.
3.1.2. The system definition must, at the very least, address the following areas :
a) a system objective (for the intended purpose),
(b) system functions and elements where appropriate (including human, technical and operational elements)
c) system-limit, including interaction with other systems ;
(d) physical (interacting systems) and functional (functional input and output) interfaces ;
(e) the environment (e.g. energy and heat currents, shock waves, vibrations, electromagnetic interference, operational use),
f) existing security measures and, in accordance with the appropriate iterations, the definition of the safety requirements identified in the risk assessment process ;
and (g) assumptions with a view to the mitigating risk assessment.
3.1.3. A danger identification of the defined system is carried out in accordance with section 3.2.
3.1.4. One or more of the following risk acceptprinciples shall be used in the evaluation of whether the risk of the estimated system is acceptable :
(a) application of recognised practices (3.3) ;
(b) comparison with similar systems (3.4),
c) explicit risk estimation (Section 3.5).
In accordance with the principle set out in 2.1.5, the author of the author of the motion of the motion is to make use of a specific risk acceptance principle.
3.1.5. The successful tenderer is documenting the risk assessment that the selected risk acceptance principle has been applied satisfactorily. The tenderer also checks that the selected risk acceptprinciples are applied consistently.
3.1.6. For the purposes of these risk acceptance principles, possible safety measures that make the risk or the risks of the estimated system be deemed acceptable. Among these safeguards, those selected in order to limit the risk or risks are made to safety requirements that must be met by the system. The documentation for compliance of these safety requirements shall be carried out in accordance with paragraph 4.
3.1.7. The iterative risk assessment process shall be deemed to have been completed when it has been documented that all safety requirements are fulfilled and no further dangers which may reasonably be foreseen are taken into account.
3.2. Hazard identification
3.2.1. The successful tenderer shall be systematically identified and with assistance from a parallel range of competent experts all hazards that may reasonably be foreseen for the overall estimated system, its functions, when relevant, and its interfaces.
All identified hazards are recorded in the pharastery according to point 5.
3.2.2. In order to target the risk assessment measures against the essential risks, the risks must be classified according to the estimated risk they entail. On the basis of an expert opinion, hazards involving generally accepted risks should not be analysed further, but recorded in the pharmacoetal. The classification of these must be justified in such a way as to allow an independent assessor to carry out an independent assessment.
3.2.3. Risks from hazards may be classified as general accepted by the criterion that the risk must be so small that it is not reasonable to implement additional safety measures. The expert opinion must take into account that the contribution of all the general accepted risks must not exceed a fixed share of the overall risk.
3.2.4. The identification of the security measures may be identified in connection with the hazard identification. They shall be recorded in the subject of the pharastery according to point 5.
3.2.5. It is only necessary to carry out the hazard identification at the level of detail necessary to establish where the security measures can be expected to keep the risks under control in accordance with one of the risk acceptance principles that are ; referred to in section 3.1.4. There may be a need for an iterative process between risk analysis and risk evaluation phase until a sufficient level of detail has been obtained with regard to the hazard identification.
3.2.6. Where a recognised practice or a reference system is used to keep the risk under control, the hazard identification may be limited to :
a) a verification of the relevance of the recognised practice or of the reference system,
b) the identification of the deviations from the recognised practice or the reference system.
3.3. Application of recognised practices and risk evaluation
3.3.1. The successful tenderer shall analyse, with the support of other participating stakeholders, of one, several, or all hazards adequately covered by the application of relevant recognised practices.
3.3.2. Anerwell-known practices must at least comply with the following requirements :
(a) They must be generally recognised in the railway sector. If this is not the case, the recognised practices must be justified, and the examiner must be able to accept them.
b) They must be relevant in order to keep the relevant hazards in the assessed system under control. The successful use of recognised practices used in similar cases to manage changes and to effectively control identified hazards in a system in accordance with Annex 1-3 of this notice is sufficient to ensure that it is considered to be : relevant.
c) On request, they must be made available to the auditors in order to assess or, where appropriate, mutually recognise the suitability for use of both the risk management process in accordance with Appendix 1, Section 6 and the results of it.
3.3.3. Where the requirements of Directive 2008 /57/EC require compliance with TSIs and the relevant TSI does not require the application of the risk management process laid down in Annex 1-3 of this notice, the TSI may be regarded as recognised practice for purposes of this Regulation. to keep hazards under the supervision provided that the requirement referred to in (b) in section 3.3.2 is fulfilled.
3.3.4. National regulations notified in accordance with Article 8 of Directive 2004 /49/EC, and Article 17 (1). The third Directive, in Directive 2008 /57/EC, may be considered as recognised practices, provided that the requirements of section 3.3.2 have been met.
3.3.5. If one or more dangers are kept under the control of recognised practices which meet the requirements of 3.3.2, the risks of these hazards shall be considered acceptable. This means :
a) that there is no need to further analyse these risks further ;
b) that the use of a recognised practice must be registered in the pharmaco, as security requirements for the pertinent hazards.
3.3.6. In the event that an alternative approach is not fully in conformity with recognised practices, the author of the proposer must demonstrate that the alternative approach leads to at least the same level of security.
3.3.7. If the risk of a particular risk is not reduced to an acceptable level by applying a recognised practice, additional security measures should be identified by applying one of the two other risk acceptance principles.
3.3.8. When all hazards are kept under the control of recognised practices, the risk management process may be limited to :
(a) Risk identification, cf. item 3.2.6
(b) the registration of the use of a recognised practice in the pharmacostracy, cf. section 3.3.5
c) the documentation of the use of the risk management process, cf. point 6
d) an independent assessment, cf. Annex 1, Section 5.
3.4. Use of a reference system and risk evaluation
3.4.1. The tenderer shall analyse with the assistance of other participating agents, whether one, more or all of the hazards are adequately covered by an equivalent system which could be used as a reference system.
3.4.2. A reference system shall meet at least the following requirements :
(a) It is already in practice to have an acceptable level of safety, and that must therefore be allowed to continue to be approved in the Member State in which the amendment is to be introduced.
b) Its functions and interfaces correspond to the estimated system.
c) It is used under operating conditions corresponding to the estimated system.
(d) It is used in environmental conditions corresponding to the estimated system.
3.4.3. If a reference system is referred to in 3.4.2, the system shall apply to the estimated system that :
(a) the risks of hazards covered by the reference system shall be deemed to be acceptable ;
(b) the safety requirements relating to the dangers covered by the reference system may be derived from security analyses or by an evaluation of the security statements for the reference system,
(c) these safety requirements shall be registered in the pharmaco, as safety requirements for the pertinent hazards.
3.4.4. If the system from the reference system resets the system, it must be documented in the risk evaluation that the estimated system atleast the same level of security as the reference system, by another reference system or one of the other two ; the risk acceptance principles shall be applied. The risks of hazards covered by the reference system shall be regarded as acceptable in such cases.
3.4.5. If a level of safety at least equivalent to the reference system is obtained, further safety measures shall be identified for the derogations, as one of the other two other risk acceptance principles is applied.
3.5. Explicit Risk Estimation and Evaluation
3.5.1. If the risks are not covered by one of the two risk acceptance principles laid down in points 3.3 and 3.4, the risk of the estimated system is acceptable, with an explicit risk estimation and evaluation. The risks arising from these dangers shall be estimated either quantitatively or qualitatively, taking into account existing safety measures.
3.5.2. Evaluation of whether the estimated risks are acceptable is carried out on the basis of risk acceptance criteria either derived from or based on rules in either EU law or in the notification of national regulations. Depending on the risk acceptance criteria, the evaluation of whether the estimated risks are acceptable is carried out either for each associated hazard or overall hazard for all the hazards that are taken into consideration in the explicit risk estimation.
If the estimated risk is not accepted, additional security measures must be identified and implemented to limit the risk to an acceptable level.
3.5.3. If the danger or combination of several hazards is considered acceptable, the security measures identified in the Pharastery shall be recorded.
3.5.4. In the event of danger arising from failure of technical systems which are not covered by the recognised practice or the use of a reference system, the following shall be the following risk acceptance in relation to the design of the technical system :
For technical systems where a malfunction has a plausible direct potential for catastrophic effects, the associated risk is not required to be further limited if the error frequency is less than or equal to 10 -WHAT? 9 per operating hours.
3.5.5. Except as otherwise stated in the procedure laid down in Article 8 of Directive 2004 /49/EC, the application of a stricter criterion for the application of a stricter criterion other than that referred to in section 3.5.4 shall be applied to maintain a national law ; level of security.
3.5.6. develop a technical system during the application of 10 -9 -the criterion, cf. in 3.5.4, the principle of mutual recognition applies.
However, the author of the Proposal may document that the national security level of the Member State of application may be maintained with an error rate higher than 10 ; -9 per in the case of operation, the author of the motion may use this criterion in this Member State.
3.5.7. The explicit risk estimation and evaluation shall meet at least the following requirements :
(a) The methods used for the explicit risk estimation must correctly reflect the estimated system and the parameters (including all operating modes).
b) the results must be sufficiently precise to provide a solid basis for decision-making. Minor changes in the original assumptions or preconditions must not result in significant changes to the requirements.
4. DOCUMENTATION OF COMPLIANCE WITH SAFETY REQUIREMENTS
4.1. In addition to the acceptance of security in connection with the change, the performance of the safety requirements arising from the risk assessment phase shall be documented under the supervision of the proposal.
4.2. This documentation shall be carried out by each of the operators responsible for complying with the safety requirements as determined in accordance with 2.1.5.
4.3. The procedure chosen to document compliance with safety requirements, and the documentation itself must be subjected to an independent assessment of the judgment.
4.4. Any deficiencies in the security measures expected to meet the safety requirements or any dangers detected in the documentation of compliance with the safety requirements shall lead to the possibility of : the author of the motion for a new consideration and evaluates the associated risks in accordance with paragraph 3. The new hazards shall be recorded in the pharastery according to point 5.
5. HAZARD HANDLING
5.1. Merger handling process
5.1.1. One or more of the pharmacist shall be prepared or updated (if they already exist) by the author of the project during the design and implementation phase and until the amendment is accepted, or until the security assessment report is available. The vessel must accompany progress in monitoring the monitoring of risks linked to the identified hazards. Once the system is accepted and operated, the pharmacist shall subsequently be updated by the railway infrastructure manager or the railway undertaking, which bears responsibility for the operation of the system taken up for assessment, as an integral part of ; the security management system.
5.1.2. The Registry shall include all hazards, together with all related security measures and assumptions concerning the system identified in the risk assessment process. It shall contain a clear reference to the origin of the dangers and the selected risk acceptance principles and a clear designation of the person responsible for keeping each of the risks under control.
5.2. Exchange of information
All the hazards and associated safety requirements that cannot be kept under the control of a single actor must be communicated to other relevant actors in order to find a suitable solution together. The hazards recorded in the pharmacery of the operator who entranred them shall be regarded as ' under control ` when the other operator has carried out the evaluation of the risks associated with these hazards, and all parties concerned agree on the solution.
6. DOCUMENTATION FROM THE APPLICATION OF THE RISK MANAGEMENT PROCESS
6.1. The successful tenderer will document the risk management process that is used to assess security levels and compliance with security requirements so that a manager has access to the overall evidence base of the suitability for use the risk management process and the results of it.
6.2. The documentation provided for in paragraph 6.1 of the Proposal shall contain at least :
a) a description of the organization and the experts designated to carry out the risk assessment process ;
b) the results of the various stages of risk assessment and a list of all the necessary safety requirements that must be met to keep the risk at acceptable level ;
c) documentation of the fulfils of all necessary safety requirements ;
(d) all assumptions that are relevant to the integration, operation or maintenance of the system, which has been made in connection with the system definition, project planning and risk assessment.
6.3. The detector shall draw up its conclusions in a safety assessment report in accordance with Annex 3.
The Risk Management Process and the independent assessment
Appendix 3
ASSESSOR'S SAFETY ASSESSMENT REPORT
1. Assessor's safety assessment report shall contain at least the following :
a) identification of the examiner,
(b) the plan for the independent assessment ;
c) the definition of the object and the extent of the independent assessment, as well as the definition of the assessment ;
(d) the results of the independent assessment in particular :
(i) detailed information on the activities carried out in the context of the independent assessment to verify compliance with the provisions of Annex 1-2 of this notice ;
(ii) any identified cases of failure to comply with the provisions of Annex 1-2 of this notice and of the recommendations made by the recommendations ;
(e) the conclusions of the independent evaluation.
