moira - modelling integral risk assessment
Katja Schuitemaker is a PhD student in the research group Design, Production and Management. Her supervisors are dr.ir. G.M. Bonnema and prof.dr.ir. F.J.A.M. van Houten from the Faculty of Engineering Technology.
The European Railway Traffic Management System has become the European standard to facilitate an interoperable railway system throughout Europe. There is a promise of an increase of railway safety by implementation of ERTMS. Several national and international studies, both scientific and industrial, question the safety benefits accompanying ERTMS. Planned expansion of capacity, planned frequency increase and upcoming new systems can put safety aside as happened in the Fyra project in 2013. Past difficulties, but also current challenges to harmonise the large railway projects indicate a need for a more integral perspective to risk assessment. The overarching objective of the present research is to increase integrality of risk assessments within the Dutch railway industry.
For this objective, both the current situation and the desired situation are studied. The current situation is described by a research clarification and by a descriptive study of practice. The desired situation is described by a prescriptive study on the solution and a descriptive study on the evaluation.
In the first part of this thesis, the research clarification, ERTMS challenges are identified through interviews with Dutch ERTMS stakeholders. The topics discussed include the effects observed from inclusion of various ERTMS specifications, the exclusion of a responsible integrator, deregulation, and the effects for risk assessment and safety. Next, literature review is conducted to identify supporting evidence and contradictions. The findings are categorised to 1) findings with regard to sociotechnical safety, and 2) findings with regard to the safety architecture. For the focus of this research project, key factors that are addressed are validity of the risk assessment data, consistency in data processing, fuzziness of boundaries, architectural comprehension and safety overview.
In the second part of this thesis, the first descriptive study, in order to fully understand the current situation, we perform one single-case study on ERTMS, one multiple-case study on the Public Transportation programme on Schiphol – Amsterdam – Almere – Lelystad (OV-SAAL), and one historical study on the Netherlands Railways (NS) risk assessment document of the Train Departure Process (TDP) that has been set up in 2011. Observations that are made in all three cases are the following: 1) risk assessment data concerns mostly system descriptions and expert knowledge, 2) raw data is processed mostly by translating this to short textual descriptions, 3) boundaries, functions, hazards, mitigations and risks are often mapped into tables, 4) for overall safety architecture comprehension, causalities and interactions between technical and operational scenarios are identified inductively or deductively, and 5) all three cases made use of some sort of presentation format.
In the third part of this thesis, the prescriptive study, success criteria are addressed and Modelling Integral Risk Assessment (MOIRA) is developed. For this, success criteria are translated into a top-level “use case diagram” that describes the set of interactions between the users and support. These top-level functionalities: generate safety data, process data, structure information, define interactions, and present view, are decomposed and per sub-functionality, solutions are found through literature review. The final working structure, MOIRA, includes manual data selection, the Systems Modelling Language (SysML), “Safety Case” structure (claim, argument, evidence), six layers (governmental, regulatory, company managerial, technical and operation managerial, physical and environmental), and finally, three presentation views: risk analysis overview, risk evaluation overview, scenario specific view.
In the fourth part of this thesis, the second descriptive study, the impact of MOIRA is evaluated in twofold: one action research evaluation and one large experimental evaluation. Five Key Performance Indicators (KPI’s) are tested that show that MOIRA increases validity of risk assessment data, increases consistency in data processing, decreases the number of fuzzy boundaries, increases overall comprehension of the risk assessment architecture and increases safety overview. Thus, the overall objective is met: the use of MOIRA increases integrality of risk assessments within the Dutch railway industry. In the end, we explain some suggestions for improvement.