Designing a safety strategy for embedded onboard systems in railway applications

Project tasks

• Defining Safety Integrity Level (SIL) classification methods across international regulatory frameworks (CSM DT, CENELEC, RSSB, ANSF, ANSI, GOST, SIRF, IEC 61508 risk graph)
• Describing and applying the interaction between Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA)
• Developing a structured safety strategy (e.g. top-down and function-oriented approaches) for embedded onboard systems
• Establishing a safety case concept based on safety-critical and safety-related functions, including visualisation (e.g. Goal Structuring Notation (GSN))
• Specifying safety evidence documentation, including content, key messages, and effort estimation for Independent Safety Assessor (ISA) approval

Our approach

The project covered the development of a generic application for embedded onboard systems (hardware and software) on rolling stock, intended for use across multiple regions, including the European Union, the United Kingdom, and international markets.

Furthermore, the project included the definition of a safety process and strategy for systems up to Safety Integrity Level 2 (SIL 2), with consideration for scalability to higher integrity levels. The interaction between Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA) was described and demonstrated through application examples.

The project also included the determination of suitable SIL classification methods based on applicable regulatory frameworks such as CSM DT, RSSB, ANSF, ANSI, GOST, SIRF, and CENELEC. In addition, the alignment of qualitative and quantitative safety metrics across these standards was also considered.

Relevant directives ((EU) 402/2013, (EU) 2015/1136) and standards (e.g. EN 50129, EN 50716, IEC 61508) defined the regulatory and methodological framework for the safety process and documentation.

PROSE created a comprehensive safety plan covering system, hardware, software, and communication aspects of a generic onboard application. Our approach combined regulatory analysis with practical safety engineering methods, ensuring alignment between international standards and project-specific requirements.

We defined a structured safety demonstration concept, forming the basis for all safety activities and evidence generation. By aligning methodologies such as Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA), we ensured a consistent safety process.

Customer benefit

The safety plan provides a structured foundation for all safety activities throughout the project lifecycle, covering system, hardware, and software levels. It forms a key part of the documentation submitted to the Independent Safety Assessor (ISA), supporting the development and evaluation of the final safety case.

By establishing a harmonised and reusable safety process, the customer can efficiently apply the strategy to future generic applications while ensuring compliance with CENELEC and International Electrotechnical Commission (IEC) standards.

The defined safety strategy enables scalability from Basic Integrity up to SIL 4 and supports the development of robust safety cases based on clearly structured safety functions. PROSE’s independent and methodical approach ensures transparency, regulatory compliance, and long-term usability across international markets.