This document is applicable to safety-related electronic systems (including subsystems and equipment) for railway signalling applications.

This document applies to generic systems (i.e. generic products or systems defining a class of applications), as well as to systems for specific applications.

The scope of this document, and its relationship with other CENELEC standards, are shown in Figure 1.

This document is applicable only to the functional safety of systems. It is not intended to deal with other aspects of safety such as the occupational health and safety of personnel. While functional safety of systems clearly can have an impact on the safety of personnel, there are other aspects of system design which can also affect occupational health and safety and which are not covered by this document.

This document applies to all the phases of the life cycle of a safety-related electronic system, focusing in particular on phases from 5 (architecture and apportionment of system requirements) to 10 (system acceptance) as defined in EN 50126-1:2017.

Requirements for systems which are not related to safety are outside the scope of this document.

This document is not applicable to existing systems, subsystems or equipment which had already been accepted prior to the creation of this document. However, so far as reasonably practicable, it should be applied to modifications and extensions to existing systems, subsystems and equipment.

This document is primarily applicable to systems, subsystems or equipment which have been specifically designed and manufactured for railway signalling applications. It should also be applied, so far as reasonably practicable, to general-purpose or industrial equipment (e.g. power supplies, display screens or other commercial off the shelf items), which is procured for use as part of a safety-related electronic system. As a minimum, evidence should be provided in such cases (more information is given in 6.2) to demonstrate either

that the equipment is not relied on for safety, or
that the equipment can be relied on for those functions which relate to safety.

This document is aimed at railway duty holders, railway suppliers, and assessors as well as at safety authorities, although it does not define an approval process to be applied by the safety authorities.

PDF Catalog

PDF Pages	PDF Title
2	undefined
64	Annex A (normative)Safety Integrity Levels A.1 Introduction A.2 Safety requirements
65	A.3 Safety integrity
66	A.4 Determination of safety integrity requirements A.4.1 General
67	A.4.2 Risk Assessment A.4.2.1 General
68	A.4.2.2 System definition A.4.2.3 Risk analysis
69	A.4.2.4 Risk evaluation A.4.3 Hazard Control A.4.3.1 General
71	A.4.3.2 Determination of TFFR and SIL
72	A.4.3.3 Apportionment of hazardous failure rates A.4.3.4 Independence among functions
74	A.4.3.5 Independence from common random causes A.4.3.6 Independence from common systematic causes A.4.4 Identification and treatment of new hazards arising from design
75	A.5 Allocation of SILs A.5.1 General aspects
76	A.5.2 Relationship between SIL and associated TFFR
79	Annex B (normative)Management of faults for safety-related functions B.1 Introduction
80	B.2 General concepts B.2.1 Detection and negation times
81	B.2.2 Composition of two independent items
82	B.3 Effects of faults B.3.1 Effects of single faults
83	B.3.2 Influences between items B.3.2.1 General requirements
84	B.3.2.2 Type A for SIL 3 and SIL 4
85	B.3.2.3 Type C for SIL 3 and SIL 4
86	B.3.2.4 Type A and C for SIL 1 and SIL 2
89	B.3.3 Detection of single faults B.3.3.1 General requirements B.3.3.2 Provisions for SIL 3/SIL 4 composite fail-safety functions (dual electronic structure)
92	B.3.3.3 Provisions for SIL 3/SIL 4 reactive fail-safety functions B.3.4 Action following detection (retention of safe state)
94	B.3.5 Effects of multiple faults B.3.5.1 General requirements B.3.5.2 Provisions for SIL 3/SIL 4 composite fail-safety functions (multiple electronic structure)
97	B.3.6 Defence against systematic faults
98	Annex C (normative)Identification of hardware component failure modes C.1 Introduction C.2 General procedure C.3 Procedure for integrated circuits
99	C.4 Procedure for components with inherent physical properties C.5 General provisions concerning component failure modes
119	Annex D (informative)Example of THR/TFFR/FR apportionment and SIL allocation
121	Annex E (normative)Techniques and measures for the avoidance of systematic faults and the control of random and systematic faults E.1 Introduction
123	E.2 Tables of techniques and measures
132	Annex F (informative)Guidance on User Programmable Integrated Circuits F.1 Introduction F.1.1 Purpose
133	F.1.2 Terminology and context
134	F.2 UPIC life cycle F.2.1 General
136	F.2.2 Organization, roles, responsibilities and personnel competencies F.2.3 UPIC Requirements
137	F.2.4 UPIC Architecture and Design
138	F.2.5 Logic Component Design F.2.6 Logic Component Coding F.2.7 Logic Component Verification F.2.8 UPIC Physical Implementation F.2.9 UPIC Integration F.2.10 UPIC Validation F.2.11 Requirements for use of pre-existing logic components F.3 Detailed technical requirements for UPIC F.3.1 Guidance on safety architecture
139	F.3.2 Protection against random faults – architectural principles F.3.3 Protection against systematic faults – (techniques/measures) F.3.3.1 Applicable Techniques and measures
140	F.3.3.2 Techniques and measures for simple UPIC
141	F.3.3.3 Techniques and measures for complex UPIC
149	Annex G (informative)Changes at this document compared to EN 50129:2003
153	Annex ZZ (informative)Relationship between this European standard and the essential requirements of EU Directive 2008/57/EC [2008 OJ L191] aimed to be covered

Status	Definitive
Title	Railway applications. Communication, signalling and processing systems. Safety related electronic systems for signalling
Corrects	BS EN 50129:2018
Replaces	PD CLC/TR 50506-2:2009, BS EN 50129:2003, PD CLC/TR 50506-1:2007, PD CLC/TR 50451:2007
Publisher	BSI
Committee	GEL/9
Pages	158
Publication Date	2019-05-13
ISBN	978 0 539 04568 0
Standard Number	BS EN 50129:2018
Identical National Standard Of	EN 50129:2018/AC:2019-04
Descriptors	Control systems, Fail-to-safety devices, Signal devices, Approval testing, Electronic equipment and components, Safety measures, Acceptance (approval), Performance testing, Risk assessment, Railway signals, Safety devices, Signals, Quality assurance, Railway equipment, Railway control systems
ICS Codes	93.100 - Construction of railways


PDF Format	Searchable	Printable	Preview Now

BS EN 50129:2018

PDF Catalog

Related products

BS EN 50716:2023

BS EN 50128:2011+A2:2020

BS EN 50128:2011+A2:2020

BS EN 50129:2018:2019 Edition

BS EN 50129:2018:2019 Edition

BS EN 50128:2011+A1:2020