|
Railway Safety - The Impact of EMC By Martin Green BSc CEng MIEE, Managing Director, Technology International (Europe) Ltd
The safety of the railway network is critical to all those whose use it. We worry about travel by road, but we expect our railway system to be safe. There are however, as the Hatfield and Paddington accidents have shown, many different ways in which our railways can fail to give the 100% safety that passengers expect.
Railtrack failed to produce the goods and provide the travelling public with the sort of high speed safe network that have come to expect. In correcting the mistakes and omissions resulting from decades of under investment, compounded by a much higher wear rate of the tracks than expected, Railtrack over extended themselves financially and have now been placed in administration by the government. Safety is an expensive aspect of running a high performance railway system.
For all those who work in the railway industry, safety is probably the most important aspect of railway operation. Inherently the railways are safe, much safer than our roads, but when they fail and a safety incident occurs it is usually spectacular. Accidents therefore raise huge levels of public concern. We accept the fact that we may be killed on a road when we are driving, but when we put ourselves in someone else’s hands, be it on a train, a bus, in a plane or wherever, we expect to be conveyed in a 100% safe manner. Of course 100% safety cannot exist. There is always a small indefinable amount of risk associated with railways and public transport in general. It is minimising the risk that is so important.
Where does EMC come in? There are three aspects of performance as far as the EMC requirements for the railway industry is concerned. Railway systems must:
· be safe to operate · perform as designed and operate correctly · meet all legal requirements placed on them.
These are not the same things. It is possible to have a system used on the railways that does not impact safety, fails to operate correctly all the time and meets all the legal requirements for use. But it is not acceptable to use a system on the railways that is unsafe, nevertheless performs as designed and meets the legal EMC requirements placed on it. It is possible to envisage conditions where both these may occur. An example of the first might be the use of a commercially available PC in a railway booking office because, although there might be the odd glitch due to transient noise, as long as the PC reboots and does not lose stored data, it would be legally compliant. There would be no safety issues but it would not operate correctly. Therefore, although legally acceptable it would almost certainly not be acceptable to the user. Could we come to the same conclusion over the performance of a signalling system – no certainly not!
The difference between the two is the role that safety plays in guiding what is, or is not, acceptable.
For those who study the EMC legislation – specifically the EMC directive, you will note that safety is not mentioned anywhere. Indeed efforts are being made in the SLIM initiative to remove all consideration of safety. We might at first glance assume that EMC and safety are not related, but in the railway industry they definitely are.
All railway systems installed and operated within the boundaries of the railway have a Safety Case prepared for them. This is the document that Her Majesty’s Inspector of Railways (HMRI) use as the basis for the judgement as to whether or not the system is safe to operate. Safety Cases include all actions and events that impact on safety and this includes EMC. Hazards and risks are analysed by performing a risk assessment. These assessments look at two aspects of the risk associated with a potential event or hazard:
· frequency of the event · impact the event may have on the system
The combination of these leads to a risk evaluation that may be graded from high to very low. The evidence required to resolve each risk is dependent on the grading of each risk. A very frequent event of low impact may be resolved by placing of a warning label. An event that is infrequent but of very high impact, such as death will almost certainly be resolved by design changes. This approach is used to cover all types of risk, electrical, mechanical, chemical environmental etc.
For EMC events the situation is slightly different. The risks associated with EMC are often not well defined. Equally the effects are also not well known. The question as to whether equipment is susceptible to EMC will often depend on weather conditions as much as anything else. Changes in weather conditions result in changes in radiation patterns, coupling efficiencies, grounding performance etc. EMC effects when transposed from the test lab to the real world are often difficult to replicate. Therefore can EMC events make a railway unsafe and if so what do we do about it?
The answer to the first question is - yes. The answer to the second question is a lot more complicated. Signalling systems can be disrupted by EMI. There is no doubt that if a transmitter has a large enough field strength it can generate currents and resultant circuit voltages that can overload a circuit. The results of this may not be catastrophic. It largely depends on the design of the signalling system. If it is designed such that all the red lights turn to green, this is a “Wrong Side Failure” i.e. the system fails to danger and is potentially disastrous. If all the signals turn to red then all the trains stop and nothing crashes, a “Right Side Failure”, but resulting in total disruption. We do not like any kind of failure with signalling systems and therefore manufacturers of these types of systems spend an inordinate amount of time and effort testing to ensure any failures do not occur.
The question as to how they achieve this assurance is most important. EMC standards for the railway industry have been extremely slow in being generated. The main problem is that no two systems both nationally and internationally are alike. The UK Railway Industries Association (RAI) developed two standards a number of years ago RAI 12 and 18. These standard were relatively unsophisticated and tended to be extremely inward looking. They also did not cater for many newer developments in railway technologies. CENELEC spent many years developing a range of standards for systems located in different areas of the railway environment. They also cover different types of systems. These are the EN50121-X-X standards. As with all standards that have been a long time in their development they have been in danger of being over taken by events. However, they were finally published in 1999 and the transposed British Standards version came out in 2000. They have not been harmonised by the European commission and have not been accepted throughout the EU for EMC certification by self-declaration. As standards, they bear considerable similarity with the generic EMC standards for industrial applications, but there are additional limits and tests. This means that any system placed on the market for use in a railway environment must be demonstrated as being in conformity via the Technical Construction File (TCF) route and be certified as such by a government appointed competent body. This does not stop a railway operator from purchasing equipment certified for use in a different environment and using it in a railway application, but this is done at the purchaser’s risk.
The significant aspect of these standards is that they provide for EMC both within the railway environment and between the railways and the outside world. However, they accept that all aspects of EMC cannot be guaranteed. Therefore, although very useful for determining general levels of EMC they must be treated with caution, particularly when considering EMC risks. For a full analysis of the standards, it is necessary to review them in detail. This article does not present a suitable medium for this. It is sufficient to recognise that whilst the test limits specified, particularly for immunity tests, are relatively onerous, in an uncontrolled environment, the actual threats may be significantly higher than those represented by the limits in the standards.
The basic question is therefore how do we address EMC and ensure that systems used in the railways will be satisfactory. This requirement has been approached well by London Underground Limited (LUL). The LU Network is an extremely complex railway system, with fixed installations and rolling stock covering a considerable age span from brand new (for the Jubilee Line Extension) to more than 40 years old. Locations differ around the network as rolling stock operates with different systems. All stations and lines differ in some major respects. It is extremely difficult to ensure that EMC assurance for the LU Network as a whole is achieved. To provide for a common approach to EMC, the LUL Chief Engineers Department developed two standards to cover EMC performance, these are E 1027 A2 and M1027 A2. The first is a standard describing the management of EMC and referring in detail to the EN 50121-X-X standards and the second is a good practice document describing how EMC design and assurance should be achieved. E 1027 A2 is a Cat 1 standard that requires compliance with its provisions. M 1027 A2 simply takes the provisions of the standard and makes recommendations as to suitable techniques that may be used. Both document when used together, if the CENELEC standards and other LUL specific standards are used, provide for a strong assurance that satisfactory EMC will be achieved.
This is the essence of the approach now being taken by LUL. EMC assurance for all projects is now required. With the break up of the asset side of LUL into different companies, the “Infracos”, each Infraco, of which there are 3, is responsible for providing EMC assurance to the Chief Engineer of LUL for all systems installed. If a safety case is required and HMRI has to examine and approve the system before use then the EMC assurance document is generally included as part of the safety case. EMC assurance is therefore achieved in the same way as any EMC assurance. It is by the preparation of a technical file that describe the system, the performance expectations, EMC test requirements, EMC test results, modelling performed and includes any other data that backs up the claim that the EMC aspects of the design are assured when the system is used in the LUL environment. In all but the certification respects this is a Technical Construction File as described in the EMC directive. For some systems being supplied, such as rolling stock the file may become a TCF. In this case a competent body’s signature on a certificate or report will accompany the file.
The railway industry has come some distance from the times when there was no formal documentation for justifying any EMC performance. It is highly appropriate that this should be the case. We want faster, better, safer railways and this means more power, more complex electronics and greater potential for EMI problems. Only by ensuring a rigorous approach to analysing and providing assurance for EMC, as is now being performed by LUL, will it be possible to provide the confidence that we are operating as risk free a system as is possible.
Martin Green BSc CEng MIEE is Managing Director of Technology International (Europe) Ltd., a UK DTI appointed competent body and notified body for the Low Voltage Directive and Machinery Directive. TI(E) Ltd has provided EMC and safety consulting services to the Channel Tunnel project, Jubilee Line Extension and Infraco JNP. They have been and are involved on the certification of many different systems for suppliers to the railway industry. TI(E) offers a full range of consulting, training and certification services. (tel: +44 1793 783137; fax: +44 1793 782310, sales@iti.co.uk ; www.techintl.com)
|