The Common Safety Method (CSM) has implications for the way that safety arguments are made on the mainline railway. The CSM is a European Commission (EC) regulation. It is not applicable to all railways for example trams and metros. All changes to the railway after July 2012 will employ the CSM for all changes deemed significant.
The significance of a change is established by considering the failure consequence, novelty, complexity, ability to monitor, reversibility and additionality of a change to the railway. Any non significant changes must be dealt with by a company’s Safety Management System (SMS). An SMS is mandatory for all railway infrastructure managers and railway undertakings as defined in the regulation.
Hazard identification is part of CSM. Identified hazards can be discounted at this point if they are deemed broadly acceptable. Hazards that are not deemed broadly acceptable can be accepted based upon using one or more of the following risk acceptance principles
• application of codes of practice
• comparison with similar systems (reference systems)
• explicit risk estimation.
It has always been possible
to use that fact that a reference system is being used already in a similar
application as part of an ALARP argument. The GAMAB argument discussed in earlier
is similar to this approach. In order to make reference system argument, the
following criteria have been identified :
systems can be used to derive the safety requirements for the new or changed
system. For an existing system to be used as a reference system, a proposer
needs to demonstrate that:
• It has been proven in use and has an acceptable safety level;
• it is accepted in the Member State where the change is to be introduced (it does not apply to superseded technology, for example); and
• the system being assessed is used under similar functional, operational and environmental conditions and has similar interfaces as the reference system.”
The idea behind this is no different than that described in EN50129  for the cross acceptance of equipment based upon safety cases and appropriate independent assessment. It is quite likely that for anything but a simple change, a combination of compliance, reference systems and explicit risk assessment might be used.
CSM gives states the following compliance guidance :
To be used as a code of practice for the CSM Regulation, standards and rules have to meet all the following criteria:
• be widely accepted in the railway sector or otherwise justified to the assessment body; be relevant for the control of the specific hazard; and be publicly available”.
“To be satisfied that a code of practice is relevant for the control of the specific hazards in the system, the proposer needs to:
(a) know what the hazards are;
(b) be able to demonstrate that the code(s) of practice are relevant to the hazards; and
(c) be able to demonstrate that application of the code(s) of practice control the hazards”.
It can be seen the CSM and the Yellow Book are in general agreement on how to make compliance based safety argument.