SIGNAL + DRAHT (103) 10/2012 40 n ETCS the distance between the signal and the danger point is small (e. g. less than 50 m), having the Release Speed calculated by the onboard computer would result in too low a release speed value so that the train would only be able to approach the closed signal with difficulty. Release Speed supervision applies as soon as the train approaches a closed signal (end of authority). The Technical Specifications for Interoperability (TSI) clearly state that the driver is responsible for respecting the end of authority when the train approaches at the Release Speed (Subset-026 v2.3.0, § 4.4.9.3.2). Errors of judgement from the driver may include an incorrect perception of the stop signal’s position or incorrect interpretations of the target distance and/or target speed indicated on the driver machine interface (DMI) when approaching the signal. Human driving error makes a signal overrun incident still possible. Emergency braking is triggered when the Eurobalise antenna overpasses the SBG balise group associated with the closed signal, taking into account the reaction time of the trackside-to-train system. If no data is received from trackside before the end of authority, emergency braking is triggered by the “Min Safe Antenna” (= “Min Safe Front End” position minus the distance between the active Eurobalise antenna and the front of the train) overpasses the end of authority ( Subset-026 v2.3.0 § 3.13.8.1.1). When the SBG balise group associated with the closed signal is passed at a speed V local < Release Speed, the train is tripped and stopped after moving a certain distance. If the stopping distance is greater than the distance between the signal and the danger point to be protected, the train could overlap the gauge of another track with the risk of an outlet in a sling, lateral or frontal collision or derailment. 3.2 Supervision in staff responsible or shunting mode In shunting or staff responsible mode, the movement of the train is supervised with regards to a permitted speed limit which is a national value (V_NVSHUNT or V_NVSTFF). In the same way as for non-equipped trains, the driver of an equipped train is responsible for respecting the instructions given by lineside signals in the shunting or staff responsible mode. When approaching a closed stop signal in shunting or staff responsible mode, the driver’s error of judgement can result from a series of causes similar to those currently observed when shunting or running on-sight at restricted speed: incorrect perception of the signal’s aspect, a signal whose presence is not noticed, late braking, incorrect interpretation of the speed indications on the driver machine interface, etc. For the purpose of standardisation, the same speed limit value is adopted for both shunting and staff responsible modes: V_NVSHUNT = V_NVSTFF = CS (ceiling speed in staff responsible or shunting mode). Some causes of human driving error when shunting or running on-sight will be significantly reduced by acting on the permitted ceiling speed in shunting or staff responsible modes. As well as the requirements for vigilance and respect of the operational driving rules that apply to the driver, the ceiling speed limit is a basic element that inevitably leads to a reduction in the average frequency of signal passed at danger observed in these modes. In ETCS, the hazardous scenario of a train in shunting or staff responsible mode running at a speed V local < ceiling speed and overpassing a closed signal is similar to the case described for Release Speed monitoring (§ 3). 3.3 Cases where ETCS is ineffective This includes all the operational circumstances in which ETCS is not conceptually able to detect errors of drivers who exceed speed or end of authority instructions and to react in time to avoid the closed signal being overpassed. The risk of moving beyond the danger point that results in these circumstances outside ETCS protection is then similar to the risk observed in the current situation with lineside signalling or warning systems. 4 Safety target 4.1 Tolerable hazard rate THR ETCS level 1 supervision contributes to reducing the severity of certain accidents by considerably reducing the kinetic energy of the collision, as the average speed of the train after it has overpassed the end of authority will statistically be lower in comparison with the current lineside signalling situation, all other conditions being equal. This reduction in the severity of consequences, favourable to ETCS level 1, is neglected. Consequently, the global tolerable hazard rate operational safety target is formulated on the basis of a reduction in the frequency of occurrence of overpassing the danger point, this reduction being applied uniformly to the whole range of severity of the consequences of potential accidents. One way of determining the improvement is to use the risk acceptance matrix. Based on this matrix, the level of control and protection of trains in operation required from the ERTMS/ETCS level 1 system and the associated operational rules must be such that the overall residual risk of an accident due to overpassing the danger point is judged to be tolerable within the meaning of the ALARP criterion, regardless of the severity of the accident. Therefore the tolerable hazard rate target defined for the ERTMS/ETCS level 1 system deployed on a rail network could be to reduce the rate of occurrence of the undesired event by one order of magnitude compared with the value observed in the existing situation (lineside signalling or warning systems). 4.2 Compliance with the TSI If the protection of the supervised location (SvL) is ensured, which is the case in several railway applications, the trackside value of the Release Speed will be low enough to ensure that any type of train can be stopped in rear of the supervised location, if tripped (Subset-026 v2.3.0 § 3.13.7.2.2). In the full supervision or on sight modes, the protection of the supervised location is ensured with a probability correlated with the tolerable residual risk. Thus, for an existing infrastructure, compliance with the TSI requirement is ensured by determining a sufficiently low Release Speed value transmitted by the trackside such that the train is stopped before reaching the danger point in the event of emergency brake triggered when overpassing end of authority. This level of protection must be guaranteed with a high enough probability such that the tolerable hazard rate safety target determined in § 4.1 is not compromised. Similarly, in the shunting or staff responsible modes with a limited supervision of speed, a certain level of danger point protection must be provided by triggering the emergency brake when passing the closed stop signal protecting the danger point. This level of protection must be guaranteed by setting the respective national values V_NVSHUNT and V_NVSTFF low enough to force the train to stop in rear of the danger point with a high enough probability such that the tolerable hazard rate safety target determined in § 4.1 is not compromised.
RkJQdWJsaXNoZXIy MjY3NTk=