Revision of Regulation 352/2009 on a CSM on risk assessment - UIP

Risk Management and Risk Assessment"Hazard" and "Risk" Concepts Discovery <strong>of</strong> "theory <strong>of</strong> probability" during XVIIcentury, and later on its mathematical refining, haveactually laid down the mathematical instruments forthe decision making process During XVIII century, shipping insurance companiesfirst use those mathematics and probabilistic toolsfor assessing risks and taking decisions Risk Management and Risk Assessment, as usednowadays, originate from 1960' Motivated by financial benefits, insurancecompanies first introduce "concept <strong>of</strong> risk" in their"process <strong>of</strong> taking decisions"<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 4

Domains <strong>of</strong> application <strong>of</strong>Risk Management and Risk Assessment ToolsConsidered as a necessary modern and proactive instruments forcontrolling safety and taking decisions Finance, banking,capital investment Telecommunications Public PolicyResearch Energy Medicine Petrochemicalindustry Nuclear Power Aviation Railways<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 5

Prevention <strong>of</strong> accidents in the past &Modern Risk Management For long, in many domains, gradualimprovement <strong>of</strong> safety resulted from costlyexperiences and lessons learned from accidents Prevention <strong>of</strong> similar events was regulatedreactively by state authorities andestablishment <strong>of</strong> new laws, codes <strong>of</strong> practice,rules or standards Development <strong>of</strong> modern and scientific methodsfor "Risk Assessment" and "Risk Management"enabled to substitute those reactive ways <strong>of</strong>controlling safety by a proactive and systematicapproach to manage safety<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 6

Principles <strong>of</strong> modern proactive way for Risk ManagementRather than reacting to events from past, proactive safety management,based on risks, ensures before any problem appears that : A proactive and systematic assessment <strong>of</strong>all reasonably foreseeable problems(hazards) is performed Their causes and consequences (risks) areanalysed Acceptable risk control measuresare defined and implemented:Preventing the hazard (cause)Mitigating the severity <strong>of</strong> theconsequences<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 7

<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Advantages <strong>of</strong> a proactivesafety management based on risk Documented process based on modern science and tools Process reducing subjectivity Enables risk categorisation and setting up <strong>of</strong> priorities forcontrol <strong>of</strong> most important risks Systematic definition <strong>of</strong> appropriate risk controlmeasures Facilitates managers to take consciously decisions(responsibility) Consistent and traceable process Improves transparency within organisation, to (external)independent assessors, as well as to regulatory bodies Builds mutual trust within company as well as amongbusiness partnersSlide N 8

Risk Management is the name givento a logical and systematic method<strong>of</strong> identifying the hazards andanalysing, treating and monitoringthe associated risks involved in anyactivity or process <strong>of</strong> a companyWhat is "Risk Management"? The Risk Management methodologyshall be an integral part <strong>of</strong> thecompany business planning thathelps the managers to make thebest use <strong>of</strong> their available resources<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 9

A general overview on Risk Management - ISO 31000Regardless <strong>of</strong> type <strong>of</strong> business, activity orfunction <strong>of</strong> company, Risk Management is 7step based processDefining context (System Definition)Risk Assessment Hazard/Risk Identification Risk Analysis Risk EvaluationRisk ControlRisk Monitoring and ReviewCommunication with and consult staff oncompany and their activity risksBasic Process Steps‘Risk’ is dynamic and subject to constant change,so Risk Management process includes continuousSystem DefinitionHazard/RiskIdentificationRisk AnalysisRisk EvaluationRisk ControlRisk Monitoring andReviewCommunicate andConsult on risksRisk AssessmentPart <strong>of</strong> SMS<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 10

Risk Management in ISO/IEC Guide 73 and ISO 14 971stepName asdefined byinternationalstandardsIdentify andcharacterisethe hazardHazardIdentificationRisk AnalysisEstimate themagnitude <strong>of</strong>the riskRiskEstimationRisk AssessmentDecide if that riskis acceptable (ortolerable)Risk EvaluationRisk ManagementControlthe riskRiskControlRiskControlRiskControlMonitor theriskRiskMonitoringRiskReportingRisk AuditCovered by <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>(CSM for risk assessment)CSM formonitoringCovered by RU/IM Safety Management System (SMS)<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 11

Link <strong>of</strong> Risk Assessment & Risk Managementwith RU/IM SMS and ECM System <strong>of</strong> Maintenance A documented and structuredframework for safe management<strong>of</strong> all company activities Ensures appropriate processes,procedures and rules exist forcontrolling all company risks Enables identification <strong>of</strong> hazardsand continuous management <strong>of</strong>risks related to the companyactivities, with the aim <strong>of</strong>preventing accidents Uses scientific "risk management"tools to support companymanagers in taking consciouslydecisions for their business<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Proce-duresRulesRiskmanagementProcessesSlide N 12

What is a RISK?What is a HAZARD?It is a source or situation or act with apotential for harm in terms <strong>of</strong> humaninjury or damage to environment or both(e.g. Toxic or flammable substances,electric energy, working at heights etc.) Hazard is something that has apotential to cause harm or injuryCombination <strong>of</strong> the likelihood <strong>of</strong> an occurrence <strong>of</strong>a hazardous event and the severity <strong>of</strong> injury,damage to environment or damage to propertythat may be caused by the event Risk is the likelihood <strong>of</strong> harm resultingfrom a hazardHazard - Risk?<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 13

Relation between Hazard – Risk DefinitionsRisk = [Severity <strong>of</strong> Hazard effect] x [Probability(likelihood <strong>of</strong> occurrence) <strong>of</strong> Hazard]Definitions in <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>Art. 3(13): ‘hazard’ means a condition thatcould lead to an accident;Art. 3(1): ‘risk’ means the frequency <strong>of</strong> occurrence <strong>of</strong> accidentsand incidents resulting in harm (caused by a hazard)and the degree <strong>of</strong> severity <strong>of</strong> that harm;What is then Risk Assessment?A careful examination <strong>of</strong> what could cause harm to people, damageto environment or to property, so that you can weigh up whetheryou have taken enough precautions or you should do more.Aim to make sure that no one gets hurt or nothing is damaged<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 14

Risk ParametersAs shown, risk is typically described in two dimensionsHow <strong>of</strong>ten willan event occur?E.g. once per year,once every 10years, every day…FrequencyRisk= Frequency x SeverityIncreasingRiskSeverity <strong>of</strong> Consequence<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013If the event does occur what couldbe the consequences?E.g. one person injured, €10000damage, multiple fatalitiesSlide N 15

Other "key concepts" to know when talking about RiskIn order to understand ‘risk’, it is important to know following "key concepts"TerminologyAccidentIncidentHazardFrequencyProbabilitySeverityRisk (level<strong>of</strong>...)Explanations (not definitions from EU legislation)Event (or sequence <strong>of</strong> events) that causes harmEvent that could cause harm (but may not)A condition that could lead to an accident or an incidentNumber <strong>of</strong> times the hazard occurs in a specified period <strong>of</strong>timeLikelihood <strong>of</strong> an event occurring (usually per demand)The magnitude <strong>of</strong> harm from a hazardThe combination <strong>of</strong> frequency and severity <strong>of</strong> a specifiedhazard causing defined harm<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 16

Other "key concepts" to know when talking about RiskFrequency <strong>of</strong> the associated hazardFrequency assessmentFrequency can be expressed in a number <strong>of</strong> ways…….A train has derailed one time in 20 years The frequency <strong>of</strong> derailment is 1 in every 20 years The average number <strong>of</strong> years between each derailment is 20years The frequency <strong>of</strong> derailment is 0.05 per year The frequency <strong>of</strong> derailment is 0.05/year The frequency <strong>of</strong> derailment is 5x10 -2 /year The frequency <strong>of</strong> derailment is 5E-02/year<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 17

Risk: definitions and parametersSeverity <strong>of</strong> the associated hazardSeverity assessmentSeverity can be expressed in a number <strong>of</strong> ways…….1 serious injury, damage estimated at EUR 6.5 million The cost <strong>of</strong> damages; Fatalities; Injuries; Hours, minutes <strong>of</strong> service disruption; Environmental impact; Etc.<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 18

Basic principles for assessing the riskIndependently on whether complex or simple, Risk Assessmentfollows a common 4 step processYou 1 st identifyhazards… for each hazardyou estimate risk byestimatingfrequency andseverity… you thenevaluateacceptability <strong>of</strong> riskand prioritise …… If necessary youthen take action tomitigate/control riskIdentifyHazardsEstimateFrequencyEstimateSeverityEstimateRisksReduceRisks whererequired1 2 3 4<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 19

Most important concepts to rememberabout hazards & risksWhat can go wrong?HazardFrequencyHow likely is itto happen?SeverityWhat are the impactsor consequences?What is thelevel <strong>of</strong> risk?Managethe riskRisk = Hazard Frequencyx Hazard SeverityDo not forget that risk management includes control but alsomonitoring <strong>of</strong> risks, as well as communicating these risks<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 20

Why giving importance toRisk Management and Risk Assessment? (1/2) All domains <strong>of</strong> industry previously presented andsocial life consider "risk" as "source <strong>of</strong> danger"and possibility to face damage or accident fortheir company Risk is understood as potential for damage linkedto company activities that can result from currentcompany organisation, current processes andmode <strong>of</strong> operation <strong>of</strong> the company, technicalsystems or from any future events Risk Management is a formal tool to identify andprevent the cause <strong>of</strong> damage or accident to occuror to reduce the consequences if the occurrencecannot be avoided<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 21

WARNINGWhy giving importance toRisk Management and Risk Assessment? (2/2) Risk assessment is a means to an end, not an end in itself.The aim is to keep people safe, not have good paperwork The risk analysis process depends on the experience, knowledge,imagination, creativity and integrity <strong>of</strong> the individuals doing theanalysis. The only application <strong>of</strong> these techniques withoutappropriately talented/competent staff does not ensure a proper andthorough risk analysis result. The most important step in any risk assessment is thathazards can only be controlled if they are identified You must not say ‘never.’ Risk assessment predicts probabilities.Although a particular event may be infinitesimally improbable, theprobability is always greater than zero.<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 22

Remember theseRisk AssessmentWhat can happen?How likely is it to happen?What are the consequencesif it happens?Risk ManagementWhat can be done?What are the benefits, costs andrisks <strong>of</strong> each option?What are the impacts <strong>of</strong> eachoption on future options?Risk assessment is a means to an end, not an end in itself -the aim is to keep people safe, not have good paperwork<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 23

Overview <strong>of</strong> the existing <strong>Regulation</strong> (EU)N°<strong>352</strong>/<strong>2009</strong> on CSM on Risk Assessment<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 24

<strong>Regulation</strong> (EU) N°<strong>352</strong>/<strong>2009</strong> on CSM for Risk AssessmentRequirements in the safety directive 2004/49/ECArticle 6(3)(a) <strong>of</strong> the safety directive 2004/49/EC requires thatthe European Railway Agency develops a common safetymethod that “... shall describe how the safety level… andcompliance with… safety requirements, are assessed byelaborating and defining risk evaluation and assessmentmethods“ Development <strong>of</strong> the Agency recommendation on a CommonSafety Method <strong>of</strong> risk assessmentAdoption by the RISC in <strong>2009</strong>Commission <strong>Regulation</strong> (EC) N°<strong>352</strong>/<strong>2009</strong> on Common SafetyMethods (CSM) on Risk Evaluation and Risk Assessment<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 25

Auth. for placing in service SMS – Syst <strong>of</strong> Maint.RUIMECMContractingEntityApplicantfor an APIS(a)Overview <strong>of</strong> existing <strong>Regulation</strong> N <strong>352</strong>/<strong>2009</strong>WHO shall apply the CSM? The proposer Art. 3(11)a railway undertaking or an infrastructure manager whichimplements risk control measures vs. Art. 4 <strong>of</strong> Directive2004/49;(b) an entity in charge <strong>of</strong> maintenance which implementsmeasures in accordance with Article 14a(3) <strong>of</strong> Directive2004/49;Directive 2004/49 - Through RU/IM SMS & ECM Maintenance System(c)(d)a contracting entity or a manufacturer which invites aNOBO to apply the “EC” verification procedure inaccordance with Article 18(1) <strong>of</strong> Directive 2008/57 or adesignated body according to Article 17(3) <strong>of</strong> that Directive;an applicant for an authorisation for the placing in service<strong>of</strong> structural sub-systems [Manufacturer, RU or Keeper];Directive 2008/57 - Authorisation for placing in service (APIS)<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 26

Overview <strong>of</strong> existing <strong>Regulation</strong> N <strong>352</strong>/<strong>2009</strong>WHEN shall the CSM be applied?WHEN? when making a significant change to railway system whichcan impose new risks on infrastructure or on operations:applied since 2010 for technical systems,applied since 2012 for operational or organisational<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 27

Reasonable use <strong>of</strong> CSM for risk assessmentSignificant – Non Significant in <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>When making a change ask yourself whether change is significant [Article 4]1) Not significant:a) because not safety related: document for transparencyreasons;b) safety related but not significant because either risk is alreadyunder control with existing provisions or it can be controlledby well known measures SMS requires to demonstrate that all risks related to thecompany activities are managed, including thus management<strong>of</strong> changes. So, the proposer has to apply hisprocedures/process for risk management described in SMS2) Significant apply <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong><strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 28

Reasonable use <strong>of</strong> CSM for risk assessmentIs change significant or not Significant (Art. 4)?NOIs the changesafety related?YESApplication <strong>of</strong> all criteria in Article 4(2) <strong>of</strong><strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>Application <strong>of</strong> CSMnot neededYESIs associated riskalready controlled and thusacceptable?NOCan risk bemanaged by well knownmeasures?YESChange is NOT SIGNIFICANTNOChange isSIGNIFICANTDocumentdecision(transparency)<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Application <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> not mandatoryApply company procedures for Risk Assessment &Risk Management - Document decision &activities related to manner risk is controlledFull application <strong>of</strong>CSM for riskassessment andprocess in Annex ISlide N 29

A common risk assessment process(a) Identification <strong>of</strong> hazards/risks &associated safety measures(b) Risk analysis based on exiting riskacceptance principles(c) Risk evaluation for checkingacceptance <strong>of</strong> risk(s)(d) Definition <strong>of</strong> safety requirementsfrom identified safety measuresOverview <strong>of</strong> existing <strong>Regulation</strong> N°<strong>352</strong>/<strong>2009</strong>Risk Management Process and Independent AssessmentCSM for RA is an iterative process defining:Demonstration <strong>of</strong> systemcompliance with identified safetyrequirementsRequirements for mutual recognition:(a) Hazard Management(b) Independent Assessment(Assessment Body)<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013INDEPENDENT ASSESSMENTPreliminarySystemDefinitionCodes <strong>of</strong>PracticeSignificantChange?SYSTEM DEFINITIONRISK ASSESSMENTRISK ANALYSISHAZARD IDENTIFICATIONAND CLASSIFICATIONSimilarReferenceSystemsRISK EVALUATION(vs. Risk Acceptance Criteria)Safety Requirements (i.e. safetymeasures to be implemented)Demonstration <strong>of</strong> Compliance withSafety RequirementsIterative Risk Management Process“triggered” by a Significant ChangeExplicitRiskEstimationHAZARD MANAGEMENTSlide N 30

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> (EU) N <strong>352</strong>/<strong>2009</strong>for the CSM on risk assessment<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 31

Why revising <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>?Commission Mandate - Inputs for revisionIn <strong>352</strong>/<strong>2009</strong> further help needed:1. Independent Assessment Body2. Risk Acceptance Criteria (RAC)3. Understanding <strong>of</strong> CSM2007-<strong>2009</strong>-2011: development R&R <strong>of</strong>AB and other RAC + Dissemination WSCommission mandate in 2010 forrevising by April 2012 CSM on RA vs.1. results <strong>of</strong> further dev nts in WG2. Art. 9(4) <strong>of</strong> Reg. <strong>352</strong>/<strong>2009</strong> report onexperience with CSM [Dec. 2011]1Inputs for revision results <strong>of</strong>:1. TF on R&R <strong>of</strong> AB Regularly2. TF on RACs reported to WG3. Agency report to EC in 2011 onexperience with <strong>352</strong>/<strong>2009</strong> based ondissemination WS & first uses <strong>of</strong> CSM<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 20132Slide N 32

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>Main Changes initially plannedRisk Assessment and Risk Management process (i.e. Annex I) <strong>of</strong><strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> not changedMain changes related to new requirements for Assessment Bodies Article 6: requirements for Accreditation and Recognition schemes Article 7 & Annex III: structure <strong>of</strong> safety assessment report <strong>of</strong> AB Annex II: review <strong>of</strong> existing criteria and setting up <strong>of</strong> additional criteriato be fulfilled by ABMain changes for RAC : mainly in §2.5 <strong>of</strong> Annex I - Introduction <strong>of</strong>additional RAC categories for design targets <strong>of</strong> Technical SystemsSome changes requested at NSA Network meetingsSome minor changes facilitating reading <strong>of</strong> CSM and suggestionscollected through dissemination workshops in <strong>2009</strong> & 2010<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 33

Final Status <strong>of</strong> <strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>Reduced scopeA common view on harmonised and agreed RAC could not be reached amonga majority <strong>of</strong> representatives in WG. Several NSAs (AT, DE, ES, FR, IT)requested more time for analysing deeper RAC Validation work performed byCER and RAC Impact Assessment resultsConsequences: based on needs for clarifying the requirements for theAssessment Bodies in Reg. <strong>352</strong>/<strong>2009</strong>, the EC & Agency decided to:Cancel changes related to RACs and reduce the scope <strong>of</strong> the revision <strong>of</strong><strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>;Difficulties for harmonising RACs documented in Accompanying Report;Give more time to railway sector organisations (CER, EIM, UIP & UNIFE) &NSAs for additional validation and agreements for harmonised RACs;Based on this additional RAC validation work decide on how to makethem legally biding (e.g. a new revision <strong>of</strong> CSM for risk assessment);<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 34

To enable mutual recognition <strong>of</strong> results from CSM, <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong>requires an independent assessments <strong>of</strong> correct application <strong>of</strong> CSM <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> answered "WHO?" can be Assessment Body vs.general criteria contained in Annex II (mainly independence & competence) To establish sufficient trust <strong>of</strong> work performed by the Assessment Body,following questions on <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> needed also an answer: WHEN shall independent assessment be done? WHAT shall be assessed?<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> for Risk AssessmentWhy to revise it whereas RAC not yet agreed? What is the interaction with other assessments (i.e. Safety certification &authorisation process for placing in service structural sub-systems)? What are the additional requirements for the assessment body? HOW assessments shall be performed ? WHICH scheme could ensure similar quality <strong>of</strong> the assessments?<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 35

Changes to <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> forRoles & Responsibilities<strong>of</strong> Assessment Body<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 36

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> for Risk AssessmentAccreditation/Recognition <strong>of</strong> Assessment Body Assessment Body shall be either (Article 7):(a)(b)(c)accredited by the national accreditation bodyusing the criteria defined in Annex II, or;recognised by the recognition bodyusing the criteria defined in Annex II, or;the national safety authority designated by the MemberState as able to conduct independent assessmentArt. 9(2) When Member State recognises NSA as an assessmentbody, it is the responsibility <strong>of</strong> that Member State to ensurethat NSA fulfills requirements set out in Annex II.In this case, Assessment Body functions <strong>of</strong> NSA shall bedemonstrably independent <strong>of</strong> the other functions <strong>of</strong> NSA.<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 37

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> for Risk AssessmentTypes <strong>of</strong> Recognition <strong>of</strong> Assessment Body (Art. 9)(a) recognition by Member State <strong>of</strong> an ECM, an organisation or a part<strong>of</strong> it or an individual;(b) recognition by NSA <strong>of</strong> ability <strong>of</strong> an organisation or a part <strong>of</strong> it oran individual to conduct independent assessment through theassessment and supervision <strong>of</strong> SMS <strong>of</strong> an RU/IM;(c) when NSA is acting as certification body in conformity with Article10 <strong>of</strong> <strong>Regulation</strong> (EU) No 445/2011, recognition by NSA <strong>of</strong> theability <strong>of</strong> an organisation or a part <strong>of</strong> it or an individual to conductindependent assessment through assessment and surveillance <strong>of</strong>System <strong>of</strong> Maintenance <strong>of</strong> an ECM;(d) recognition by a recognition body designated by Member State <strong>of</strong>ability <strong>of</strong> an ECM, an organisation or a part <strong>of</strong> it or an individual toconduct independent assessment.<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 38

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> for Risk AssessmentChangesAnnex I on "risk assessment & risk management process" (includingflowchart) <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> were not changedChanges to ensure similar quality <strong>of</strong> independent assessment work: Accreditation and Recognition schemes for Assessment Body Specification on how to arrive at judgement <strong>of</strong> suitability <strong>of</strong>application <strong>of</strong> CSM and <strong>of</strong> appropriateness <strong>of</strong> its results Common structure for independent safety assessment report Review <strong>of</strong> existing criteria in Annex II to be fulfilled by AssessmentBody and completion with additional criteriaCriteria: use <strong>of</strong> ISO/IEC 17020:2012 standard + specific requirements forCSM for risk assessment (e.g. competence in railways)<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 39

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> for Risk AssessmentChangesThe Member State are allowed to use accreditation or recognition or anycombination <strong>of</strong> these two optionsThere may be several assessment bodies, variously accredited orrecognised, or no assessment bodies at all within a Member StateNote: additional Risk Acceptance Criteria (RAC) for Technical Systems:A common view on additional harmonised RAC could not be reached→ RAC not included in current revision workAgreement to leave more time for a deeper analysis, validation andeconomical impact assessment <strong>of</strong> current practices for accepting riskslinked to failures <strong>of</strong> Technical SystemsBased on this additional RAC validation work decide latter on how tomake them legally biding (e.g. new revision <strong>of</strong> CSM for risk assessment)<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 40

<strong>Revision</strong> <strong>of</strong> <strong>Regulation</strong> <strong>352</strong>/<strong>2009</strong> for Risk AssessmentAccreditation and Recognition schemesEuropean cooperationforaccreditation (EA)MIRROREquivalence to EAOrganiser: EAPeer Reviews by other NABsAssessment & Peer Evaluationsvs. Art. 10 <strong>of</strong> Reg. 765/2008& ISO 17011Organiser: ERAPeer Reviews by otherRecognition BodiesOne per MSActivity in MSNationalAccreditation BodyRecognition Body0, 1 or severalper MSActivity in MS0, 1 or severalper MSActivity in wholeEUAccreditationAccreditedAssessment BodyCheck compliance with Annex II<strong>of</strong> CSM & Surveillance vs. Art. 10<strong>of</strong> Reg. 765/2008 & ISO 17011RecognitionRecognisedAssessment Body0, 1 or severalper MSActivity in wholeEUIndependent SafetyAssessmentCheck suitability with CSM andsuitability <strong>of</strong> resultsIndependent SafetyAssessmentIndependent SafetyAssessment Report<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013One per significantchange that must beaccepted in whole EUIndependent SafetyAssessment ReportSlide N 41

Role <strong>of</strong> the CSM Assessment BodyArticle 6 <strong>of</strong> revised CSM on risk assessment1. An assessment body shall carry out an independent assessment <strong>of</strong>both the suitability <strong>of</strong> the application <strong>of</strong> the risk management processdescribed in Annex I and <strong>of</strong> the appropriateness <strong>of</strong> its results.This assessment body shall meet the criteria listed in Annex II.Where the assessment body is not already identified by EU or existingnational legislation, the proposer shall appoint its own assessmentbody at the earliest appropriate stage <strong>of</strong> the risk assessment process.<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 42

Role <strong>of</strong> the CSM Assessment BodyArticle 6 <strong>of</strong> revised CSM on risk assessment2. To perform the independent assessment, the assessment body shall:(a) ensure it has a thorough understanding <strong>of</strong> the significant changebased on the documentation provided by the proposer;(b) conduct an assessment <strong>of</strong> the processes used for managing thesafety and quality during the design and implementation <strong>of</strong> thesignificant change, if those processes are not already certified by arelevant conformity assessment body;(c) conduct an assessment <strong>of</strong> the application <strong>of</strong> those safety andquality processes during the design and implementation <strong>of</strong> thesignificant change. This assessment shall end up with the delivery<strong>of</strong> the safety assessment report defined in Article 8.<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 43

Example <strong>of</strong> a Risk Assessmentby an ECM<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 44

Example <strong>of</strong> a risk assessmentFunction Hazard CauseAdditionalinformationConsequenceInitialrisklevelRisk ControlMeasureRiskwithRCMResponsibleOtherinformation<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 45

Examples <strong>of</strong> assessment <strong>of</strong>significance <strong>of</strong> a change<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 46

Assessment <strong>of</strong> the significance <strong>of</strong> an ECM ChangeECM becomes responsible for maintenance <strong>of</strong> a new type <strong>of</strong> wagons new fleet must be included in ECM Maintenance Management(Vehicle Maintenance File & Maintenance Plan) CASE 1 : ECM manages maintenance <strong>of</strong> "similar wagons"Characteristics <strong>of</strong> wagons provided to ECM: wagon number, date<strong>of</strong> last maintenance, axle data, etc.Transport carried out by new fleet equivalent or <strong>of</strong> same nature asone <strong>of</strong> similar wagons whose maintenance is managed It can be justified that integration <strong>of</strong> this new type <strong>of</strong> wagons intoECM Maintenance System does not represent a significant changeDecision and justifications documented;Maintenance File(s) must be amended,<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 47

<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Assessment <strong>of</strong> the significance <strong>of</strong> an ECM ChangeECM becomes responsible for maintenance <strong>of</strong> a new type <strong>of</strong> wagons new fleet must be included in ECM Maintenance Plan(Vehicle Maintenance File & Maintenance Plan) CASE 2 : type <strong>of</strong> wagons entirely new for ECMECM must assess impact <strong>of</strong> this change on its management <strong>of</strong>maintenance integration <strong>of</strong> this new type <strong>of</strong> wagons into ECM MaintenanceSystem could represent a significant changeECM can for example compare deviations <strong>of</strong> characteristics <strong>of</strong>new fleet type vs. fleet already managed and update itsMaintenance System with provisions necessary for managingmaintenance <strong>of</strong> new fleet;Decision and justifications documented;Maintenance File(s) must be amended;Slide N 48

Many thanks for your attention!<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 49

Many thanks for your attention!Thank you for your attention!<strong>Revision</strong> <strong>of</strong> CSM for risk assessmentUIP Workshop in Köln, 27 th March 2013Slide N 50