Florida Department of Transportation District 5

Florida Department of Transportation District 5
DESIGN/BUILD AND MAINTAIN REQUEST FOR PROPOSAL ATTACHMENT: SAFETY, SECURITY AND AVAILABILITY REQUIREMENTS
For
Central Florida Commuter Rail Transit Civil, Systems, and Track Work Volusia, Seminole and Orange Counties, Florida
Financial Projects Number(s): 412994-2-52-01 Federal Aid Project Number(s): TBD

Contract Number: E-5L71
RFP Central Florida Commuter Rail Transit, Civil, Systems, and Track Attachment: Safety, Security and Availability Requirements
SAFETY, SECURITY AND AVAILABILITY REQUIREMENTS PART 1: GENERAL 1.01 DESCRIPTION: A. This section specifies the requirements for the Design/Build Firm to develop and implement a Safety, Security and Availability Program Plan (SSAPP). Human factors and quality assurance, although not specified directly herein, shall be considered in the development of the SSAPP. The Design/Build Firm shall develop and implement a Safety, Security and Availability Program Plan (SSAPP), encompassing system safety, security, reliability and maintainability engineering. Availability shall be defined by reliability and maintainability. The Safety, Security and Availability requirements shall apply to all systems, subsystems and assemblies, software, hardware and firmware provided under the scope of this contract and all interfaces of the Central Florida Commuter Rail Transit (CFCRT) system. The requirements apply to all suppliers and subcontractors during all phases of the work including final design, manufacture, construction, installation, testing, in-service support/ maintenance, warranty, retrofits, and field modifications. This is within the Design/Build Firms overall scope to:
Provide all rail improvements within the right-of-way owned by the Department, CSX Transportation, or other public rights-of-way, Provide the double tracking within the limits specified within the RFP, Provide the permitted highway and pedestrian grade crossings as specified within the RFP, Provide the traffic signal improvements as specified within the RFP, Provide the railroad wayside and crossing signal systems as specified within the RFP, Provide the communications systems as specified within the RFP, Provide the station platforms at the specific locations shown within the concept plans within the milestone dates as specified within the RFP, Provide the Vehicle Storage and Maintenance Facility and Operations Control Center as outlined in the RFP, Provide Railway Maintenance Services as specified within the RFP
The Safety, Security and Availability requirements shall be implemented on systems, subsystems, assemblies and interfaces contained in these contract documents for the CFCRT project, to the extent covered under Design/Build Firms scope, and all their interfaces and intercommunications among Design/Build Firms items amongst themselves, interfaces with other CFCRT system elements and subsystems, and with the operating environment. Transit system element interfaces shall include but not be limited to: Diesel Multiple Unit (DMU)
Page 1 of 33
vehicle, freight cars, locomotives, Amtrak trains, automotive vehicles, pedestrians, passengers, employees, the general public, stations, station amenities, track, grade crossings, facilities, systems, power, and the environment in which the CFCRT system operates. Interface requirements shall encompass facilities, structures, systems, equipment, hardware, software, firmware, internet, wired and wireless communications, radio airwaves and spectrum, man/machine interfaces, operations, maintenance, training, rules and procedures. B. APPLICABLE GUIDELINES: Develop and implement the SSAPP in accordance with the latest revision at time of award of Contract of the following documents: 1. Federal Transit Administration (FTA) Hazard Analysis Guidelines for Transit Projects (2000). 2. Federal Transit Administration (FTA) Handbook for Transit Safety and Security Certification (2002). 3. American Public Transit Association (APTA) Manual for the Development of System Safety Program Plans for Commuter Railroads (2006), including reference standards and FRA regulations in 49 CFR parts contained in Appendix therein. 4. Federal Transit Administration (FTA) Transit Agency Security and Emergency Management Protective Measures (2006) 5. Federal Transit Administration (FTA) Public Transportation System Security and Emergency Preparedness Planning Guide (2003). 6. Federal Transit Administration (FTA) Transit Security Design Considerations (2005). 7. Transit Cooperative Research Program (TCRP) Report 86, Public Transportation Security, Volume 4, Intrusion Detection for Public Transportation Facilities Handbook (2003). 8. Federal Railroad Administration (FRA) Collision Hazard Analysis Guide: Commuter and Intercity Passenger Rail Service, Final (2007) 9. Federal, State and Local Regulations and National Standards referenced in the CFCRT Design Criteria Manual. 10. FRA, FTA, DEPARTMENT and other Federal, State and Local Regulations, and CSXT rules, regulations and procedures referenced in the RFP. 11. CFCRT Safety and Security Management Plan (SSMP). 12. CFCRT Safety and Security Certification Plan (SSCP).
Page 2 of 33
13. Reliability Program for Systems and Equipment Development and Production: MIL-STD-785B. 14. Reliability Modeling and Prediction: MIL-STD 756B. 15. Reliability Testing for Engineering Development, Qualification and Production: Exponential Distribution: MIL-STD-781D. 16. Maintainability Program Requirements (for Systems and Equipment): MIL-STD-470A. 17. Maintainability Prediction: MIL-HDBK-472. 18. Maintainability Demonstration: MIL-STD 471A. 19. System Safety Society, System Safety Analysis Handbook CD-ROM (1999) C. Objectives and Criteria: 1. The primary objective of the SSAPP shall be to optimize the system safety, security reliability, and maintainability characteristics of the systems, subsystems equipment and assemblies provided under this contract, hardware, software and firmware and their interfaces with the CFCRT system by: a. Eliminating critical and catastrophic safety hazards, security threats and vulnerabilities and reducing unacceptable and undesirable risk (defined by severity and probability of occurrence) to an acceptable level, based on risk acceptance criteria provided herein. Providing a high degree of reliability by maximizing mean time between failures (MTBF) of equipment, systems components and assemblies. Minimizing downtime during maintenance and malfunctions, by minimizing mean time to repair (MTTR) of equipment, systems, components and assemblies. Maximizing functional availability of equipment and systems in safety- critical functions required to operate on a continuous basis or on demand by providing redundancy in critical equipment, components and assemblies or software modules such that the equipment remains failoperational and fail-safe.
b.
c.
d.
2.
A secondary objective of the SSAPP shall be to minimize the magnitude and seriousness of those events, malfunctions or
Page 3 of 33
security threats which could result in injury to patrons or personnel and damage to equipment or property, but which cannot be completely eliminated. 3. Formulate and document the Design/Build Firms final design specifications and drawings to satisfy the requirements for systems safety, security, reliability, maintainability and availability through the design, construction, manufacture, installation, testing, commissioning, and start-up phases of the Contract.
D.
During final design and installation of the systems, employ the objectives, requirements, specifications, and methodology stated in the SSAPP to accomplish the goals of safety, security, reliability, maintainability and availability. Apply scientific and engineering principles to identify and analyze potential safety hazards, security threats and vulnerabilities and to recommend the necessary action to eliminate, control, or minimize the safety hazards and security risk. List of Abbreviations: The following abbreviations are used in this section: APTA CDRL CD-ROM CIH CIL COC CSS DB FMECA EOP FRA FTA IOS MIL-HDBK MIL-STD MTBF MTTR NFPA NTP OCC OHA PHA RDT - American Public Transportation Association - Contract Data Requirements List - Compact Disk, Read Only Memory - Central Instrument House - Certifiable Items List - Certificate of Compliance - Central Supervisory Station - Design Build - Failure Modes, Effects and Criticality Analysis - Emergency Operating Procedures - Federal Railroad Administration - Federal Transit Administration - Initial Operation Segment - Military Handbook - Military Standard - Mean time between failures - Mean time to repair - National Fire Protection Association - Notice to Proceed - Operations Control Center - Operating Hazard Analysis - Preliminary Hazard Analysis - Reliability Demonstration Test
Page 4 of 33
E.
F.
RPP SSAPP SSCP SSMP SSP SCADA SCIL SOP TVA 1.02
- Reliability Program Plan - Safety, Security, Availability Program Plan - Safety and Security Certification Plan - Safety and Security Management Plan - System Security Plan - Supervisory Control and Data Acquisition, - Safety (and security) Critical Items List - Standard Operating Procedure - Threat and Vulnerability Analysis
SUBMITTALS: Unless otherwise specified, all submittals shall be in accordance with submittal requirements specified elsewhere in these documents. A. Submit a SSAPP for approval 30 days after NTP, and revise as necessary throughout the project (CDRL). Elements addressed in the SSAPP shall require separate submittals as follows: 1. Rationale for Meeting Safety, Security, Reliability, and Maintainability Criteria (CDRL). Submit 30 days after NTP. 2. Failure Data Collection System (CDRL). Submit 30 days after NTP. 3. System Safety, Reliability, and Availability Test Procedures (CDRL). Submit 30 days before each test, respectively, at the factory , fieldacceptance or system-wide integration test levels 4. System Safety, Reliability, and Availability Test Reports including test data and log summaries (CDRL). Submit 10 days after completion of tests. In the event of a reject decision, provide corrective action recommendations. Submit reports prior to Final Acceptance Audit. 5. As part of the monthly Progress Reports (CDRL), submit the status of system safety, security, reliability, availability and maintainability activities, based on the information gathered on the milestone charts specified in the SSAPP. 6. Completed and Signed Safety and Security Certification Criteria Conformance Checklists to verify Design/Build Firms inclusion of CFCRT Design Criteria in Design/Build Firms specifications and drawings during Final Design. (CDRL). Submit signed checklist of certifiable items list (CIL) during Final Design before start of construction, manufacture or fabrication. 7. Completed and Signed Safety and Security Certification Specification Conformance Checklists to verify Design/Build Firms continuous inclusion of CFCRT Design Criteria and Design/Build Firms specifications and drawings in the as built systems during
Page 5 of 33
construction, installations, testing, commissioning and start-up (CDRL). Submit signed checklist of certifiable items after installation and successful testing before start of pre-revenue operations. 8. Submit, from time to time as requested by the Department, completed, verified and signed safety (and security) certification checklists of Certifiable Items Lists (CILs) and Certificates of Compliance prepared by the Department for the Design/Build Firms signature, in support of the Safety and Security Certification Program. 9. Final Acceptance Audit (CDRL), 10 days after completion of all demonstration testing. B. C. D. Submit System Safety Program Plan (SSPP) (CDRL), 30 days after NTP Submit System Security Plan (SSP) (CDRL), 30 days after NTP. Submit the following system safety analyses: 1. 2. Preliminary Hazard Analysis (PHA) (CDRL), 60 days after NTP. Failure Modes, Effects and Criticality Analysis (FMECA) (CDRL), 90 days after NTP. Software Failure Modes and Effects Analysis (SFMEA), 120 days after NTP. Quantitative analyses such as fault tree or logic network (CDRL), 150 days after NTP. Operating Hazard Analysis (CDRL), 180 days after NTP. Collision and Derailment Hazard Analysis (CDRL), 180 days after NTP, showing Design/Build Firms-scope- items contribution to collisions and derailments for CFCRT Commuter trains, Amtrak and CSXT trains on the Corridor. Conduct analysis in general accordance with FRA Guide.
3.
3.
4. 5.
E. F.
Submit the Safety Critical Items List (CDRL). Submit the Security Threat and Vulnerability Analysis (TVA) (CDRL), 60 days after NTP. Update as necessary during Construction phase. Submit the Security Critical Items List (CDRL). Submit the Safety Test Plan (CDRL).
Page 6 of 33
G. H.
I.
Submit an overall testing report of system safety test results. Include test data, test log summaries, and corrective action recommendations. This report shall be submitted prior to the final acceptance audit (CDRL). Submit Safety and Security Certification Plan encompassing each system and location covered under the scope of this contract (CDRL). Submit completed and signed safety and security certification checklists and applicable Certificates of Compliance for all certifiable items list (CIL), verifying completion of design, construction and testing of safety- and security-related system elements and subsystems, assemblies, software and hardware and all documentation for all locations, in accordance with the scope of this contract. (CDRL) Submit a Reliability Program Plan (RPP) (CDRL). Submit Reliability Calculations and Block Diagram (CDRL). Submit Reliability Demonstration Test (RDT) Plan (CDRL). Submit Reliability Demonstration Test (RDT) Results (CDRL). Submit Maintainability Program Plan (CDRL). Submit Availability Analysis (CDRL). Submit Availability Demonstration Test Plan (CDRL). Submit Availability Demonstration Test Results (CDRL). Upon the Engineers approval, existing analyses and test data which are properly documented and verifiable may be submitted in lieu of select analyses and tests for equipment and applications which are identical with the Engineers approval, or manifestly similar to those required under this contract. Existing analyses shall contain the same data required by analyses guidelines specified herein, presented in a neat, concise, and logical manner. Input to Training Program: Include information on system safety and security methods and procedures, protective devices, and emergency equipment and provide input from safety and security analyses in the form of warnings and caution statements into the training program and into the operating and maintenance/service manuals, for systems, subsystems, equipment hardware, software and firmware provided under this contract.
J.
K.
L. M. N. O. P. Q. R. S. T.
U.
Page 7 of 33
PART 2: PRODUCTS 2.01 SAFETY, SECURITY AND AVAILABILITY PROGRAM PLAN (SSAPP): A. Produce a SSAPP which integrates the system safety, security and availability elements in all phases of this Contract. Incorporate a disciplined approach to evaluate all system designs with regard to system safety, security, reliability, maintainability and availability with the objective of prescribing corrective action in a timely and cost effective manner. Include hazard identification, threat and vulnerability assessment, identification of unreliability, and determination of degree of maintainability and availability. Organize the SSAPP to include specific sections for the disciplines of system safety, security, reliability, maintainability and availability. Describe the procedures to perform the specific tasks necessary to meet system safety, security reliability, maintainability and availability requirements. Clearly define the responsibilities and functions of personnel directly associated with systems safety, security, reliability and maintainability assurance policies and implementation of the program. Describe the systems safety, security, reliability and maintainability assurance organization. Identify and formally document authority delegated to the systems safety, security, reliability and maintainability assurance organization and the relationship between that organization and all other organizational components. Identify systems safety, security, reliability and maintainability interface requirements among the elements, systems and subsystems included in the Design/Build Firms scope of services on this Contract for the CFCRT project, including but not limited to those specified in Paragraph 1.01.A herein. Rationale for Meeting Safety, Security, Reliability, and Maintainability Criteria: As part of the SSAPP, this document shall show how the Design/Build Firm intends to achieve a high degree of safety, security, reliability, and maintainability, and their inter-relationship. Include design, manufacturing and quality control practices; adherence to and implementation of sound safety, security, reliability, and maintainability in design, manufacturing, operation and maintenance; effective control of human factors; and implementation of effective maintenance and repair schedules. Failure Data Collection System: Provide provisions for a closed loop data collection system for collecting, analyzing, and recording all failures that
Page 8 of 33
B.
C.
D.
E.
F.
G.
occur during in-plant tests and those that occur at installation or test sites prior to acceptance. The analysis and recording of failures shall differentiate between those due to design or workmanship and those due to other causes such as error in handling, transporting, storing, and operating the equipment. The failure reporting system shall be on forms approved by the Engineer and include provisions to ensure that problems are detected and investigated, and that effective corrective actions are taken on a timely basis to reduce or prevent repetition of the failures. H. I. System Safety, Reliability and Availability Test Procedures: Submit test procedures for the Engineer's approval, 30 days prior to conduct of tests. System Safety, Reliability, and Availability Test Reports: Within 10 days after each test, submit test results as specified herein and elsewhere in these documents. In the event of test failure or "reject" decision, analyze the cause of the deficiency and make recommendations for corrective action within 10 working days. After approval, implement the recommendations within 20 working days and then repeat the test of the rejected system. In the event of a second reject decision, or failure of the Engineer to approve recommended action, terminate the test. Final Acceptance Audit: Conduct a final acceptance audit at the completion of all demonstration testing to establish the operational baseline of the system. The audit shall include a detailed review and analysis of the test results. Document the results of the audit and assign action items to resolve deficiencies. Provide all support equipment and services required by the test plan.
J.
2.02
SYSTEM SAFETY PROGRAM PLAN: Include a detailed System Safety Program Plan (SSPP) as part of the SSAPP, including: A. B. C. Task listing and time phasing of each task. Organization and responsibility of key personnel. Procedures to accomplish the system safety tasks, including provisions to: 1. Correct system safety deficiencies noted during the final design phase as soon as possible, but not later than system design acceptance. Evaluate system design and design changes. Conduct system safety analyses of each system, subsystem within the Design/Build Firms scope and their interface areas as defined in subsection 1.01.A. Take immediate corrective actions to prevent personal injury or system damage when a Category I or II hazard is identified, and
Page 9 of 33
2. 3.
4.
take action to reduce identified risk (defined as the combination of hazard severity and probability) from Unacceptable and Undesirable risk to a lower risk as defined herein. 5. While Unacceptable risk shall be immediately eliminated, designed-out and controlled to an acceptable level before design acceptance, Undesirable risk shall be prioritized for corrective action based on cost benefit considerations giving precedence to those hazards with the highest risk reduction potential with the most cost-effective mitigation measures. Implement safety changes, which are Design/Build Firm initiated and approved by the Department, and those initiated by the Department, which fall within the Design/Build Firm's area of responsibility. Coordinate the activities of the Design/Build Firm's system safety program and comply with the overall CFCRT Safety and Security Management Plan and Safety and Security Certification Plan.
6.
7.
D.
System safety criteria shall be in consonance with the CFCRT design criteria, and specified guidelines under this contract. Implement the approved criteria throughout all aspects of final design development, test, delivery, installation, and maintenance. The criteria shall include requirements for the following: 1. Design Safety: Employment of system safety techniques that optimize the design to minimize or control hazards identified by failure analyses. Coordination with reliability, maintainability, and design engineers to avoid potential hazards resulting from complexity of design. Maintenance of standardization of design by use of proven standards of the railroad/transit industry and applicable regulatory codes. Potential Failures: Ensure a single-point failure in a dynamic system will not result in an unacceptable or undesirable hazard risk. Ensure elimination or minimization of the hazards by design, except in specific cases where high reliability, failsafe items may be used, based upon a properly documented past history of low failure rate, if approved by the Department after submission of the history of these items. Control of potential failures of less than undesirable risk classification through use of safety devices and approved operating or maintenance procedures. Redundancy: Incorporation of redundant circuits and components in a coordinated system safety, reliability, and maintainability
Page 10 of 33
2.
3.
engineering review to ascertain mutual agreement of system enhancement. 4. Human Factors: Prevent/minimize human error(s) when responding to field and operational conditions by eliminating conflicting or ambiguous alarms, and status indications; conflicting or ambiguous instructions; lengthy or complicated instructions; inherent design errors/problems; unclear or incomplete supporting hardware and software documentation.
E.
Safety Principles: The following safety principles shall be implemented by the Design/Build Firm in the design and operational concepts of the systems, subsystems, functions, assemblies and interfaces, to the extent covered under Design/Build Firms scope in the contract documents for the CFCRT project, within the dynamic environment of the CFCRT Corridor: 1. When the systems are operating normally there shall be no unacceptable or undesirable hazard conditions. The systems design shall ensure successful operation under abnormal (failure recovery) and emergency (e.g., derailment, fire/ smoke) conditions on the railroad and all safety analyses shall evaluate and ensure acceptable hazard risk under normal, abnormal (failure recovery), and emergency conditions. The safety of the systems in the normal automatic operating mode shall not depend on the correctness of actions or procedures used by operating personnel. There shall be no single-point failures or fault conditions in the system that can result in an unacceptable or undesirable hazard condition, under normal, abnormal (failure recovery) or emergency condition. If one failure combined with a second failure can cause an unacceptable or undesirable hazard condition, the first failure shall be detected and the system shall achieve a known safe state before the second failure can occur. Software faults shall not cause an unacceptable or undesirable hazard condition, under normal, abnormal (failure recovery), or emergency conditions. Unacceptable hazards shall be eliminated by design.
2.
3.
4.
5.
6.
7.
Page 11 of 33
8.
Maintenance activities required to preserve or achieve risk levels shall be performed. Personnel qualifications required to adequately implement these activities shall also be identified.
F.
A data collection and feedback system shall be used to establish requirements for redesign, design changes, and corrective actions. Utilize a follow-up procedure to verify results of completed action as follows: 1. During the early phase of final design, the data shall include hazards identified during various analyses. Submit the data to the Department to inform of problems in design and hardware or software development, and to facilitate early remedial action. In the latter stages of final design, and during fabrication, construction and installation, indicate appropriate corrective action, and verify the requirements and results of corrective action taken.
2.
G.
Training: Include information on system safety methods and procedures, protective devices, and emergency equipment and provide input from safety analyses in the form of warnings and caution statements into the training program and into the operating and maintenance/service manuals, for systems, subsystems, equipment hardware, software and firmware provided under this contract.
2.03
SYSTEM SECURITY PLAN: Include a System Security Plan (SSP) as part of the SSAPP, including: A. B. C. Task listing and time phasing of each task. Organization and responsibility of key personnel. Procedures to accomplish the system security tasks, including provisions to: 1. Correct system security deficiencies (vulnerabilities, security breaches) noted during the final design phase as soon as possible, but not later than system design acceptance. Evaluate system design and design changes from the aspects of security threats and vulnerabilities. Conduct a security Threat and Vulnerability Analyses (TVAs) of each CFCRT system element and subsystem within the Design/Build Firms scope of work, and their interfaces as defined in subsection 1.01.A herein. Update the TVA during the
Page 12 of 33
3.
3.
Construction/ Installation/ Testing phases of the project. 4. Take immediate corrective actions to prevent personal injury or system damage when a Category I or II severity is identified, and take action to reduce identified risk (defined as the combination of hazard severity and probability) from Unacceptable and Undesirable risk to a lower risk as defined herein. While Unacceptable risk shall be immediately eliminated, designed-out and controlled to an acceptable level before design acceptance, Undesirable risk shall be prioritized for corrective action based on cost benefit considerations giving precedence to those hazards with the highest risk reduction potential with the most cost-effective mitigation measures. Implement security protections, system hardening changes, which are Design/Build Firm initiated and approved by the Department, and those initiated by the Department, which fall within the Design/Build Firm's area of responsibility. Coordinate the activities of the Design/Build Firm's system security plan and comply with the Departments overall CFCRT Safety and Security Management Plan and Safety and Security Certification Plan.
5.
6.
7.
D.
System security criteria shall be in accordance with the CFCRT design criteria, and specified guidelines under this contract. Implement the approved criteria throughout all aspects of final design development, test, delivery, installation, and maintenance. A data collection and feedback system shall be used to establish requirements for redesign, design changes, and corrective actions. Utilize a follow-up procedure to verify results of completed action as follows: 1. During the early phase of final design, the data shall include vulnerabilities identified during the TVA. Submit the data to the Department to inform of problems in design and hardware or software development, and to facilitate early remedial action. In the latter stages of final design, and during fabrication, construction and installation, indicate appropriate corrective action, and verify the requirements and results of corrective action taken.
E.
2.
F.
Training: Include information on system security protection and system hardening methods and procedures, protective devices, and emergency equipment and provide input from TVAs in the form of warnings and
Page 13 of 33
caution statements into a controlled, classified section titled security sensitive information in the training program and into a classified appendix to the operating and maintenance/service manuals, for systems, subsystems, equipment hardware, software and firmware provided under this contract.
2.04
RELIABILITY PROGRAM: A. Prepare a description of the Design/Build Firm's reliability program as part of the SSAPP, including: 1. 2. Organization and responsibilities of key personnel. Interfaces between reliability, maintainability, system safety, security and other closely related programs, and support to efforts such as: a. b. c. d. e. f. Logistic support and maintenance planning. Design. Quality assurance and quality control. Standardization. Systems engineering. Personnel subsystem program (human engineering, life support, training, and personnel resources).
3.
Provision for source selection, first article inspection, and surveillance of subDesign/Build Firm's reliability activities. Procedures and controls, including piece part selection and screening, manufacturing process controls, procurement controls, and test procedures, to be utilized during production to assure achievement of reliability requirements. Provisions to evaluate operational and design changes for possible effects upon system reliability. Description of methods Design/Build Firm will use to predict compliance with reliability goals. Description of reliability testing Design/Build Firm will perform to
Page 14 of 33
4.
5.
6.
7.
demonstrate achievement of reliability goals. B. Quantitative Goal: Design/Build Firms overall system reliability for all systems, subsystems, assemblies and interfaces contained in these contract documents for CFCRT project, to the extent covered under Design/Build Firms scope, at all field locations and at OCC shall be at least 8,760 hours mean time between failures (MTBF) for the entire IOS system. System elements and subsystems include but are not limited to those specified in Paragraph 1.01.A herein. Mean time between failures (MTBF) shall be calculated as the total number of system operating hours for the entire system consisting of all subsystems, assemblies and interfaces contained in these contract documents for CFCRT project for IOS, at all field locations for IOS and at OCC, divided by the number of failures requiring unscheduled corrective maintenance action anywhere in the system during said total system operating hours. Scheduled preventive maintenance to inspect/ repair/ replace items during non-revenue-service hours, shall not be considered chargeable failure for MTBF calculation. Reliability Calculations and Data: 1. Design/Build Firm shall submit calculations or other data as requested by the Department, to demonstrate its proposed equipment will meet reliability goals. Design/Build Firm shall not furnish any equipment until calculations or data is approved by the Department. Reliability calculations shall be in accordance with MIL-HDBK217, and shall also use reliability block diagram, reliability model, probability of success equation, and preventive maintenance strategies to achieve required MTBF, or for demonstrated reliability calculations, submit test data in accordance with MILSTD-781D and MIL-HDBK-781. Design/Build Firm may propose alternate method of calculating reliability, such as providing service records for proven equipment, upon approval by the Department.
C.
D.
2.
3.
E.
Reliability Demonstration Test: 1. Design/Build Firm shall submit a Reliability Test Plan for approval by the Department. Design/Build Firm shall perform a reliability demonstration in accordance with the approved Plan and submit a Test Report to
Page 15 of 33
2.
verify the specified reliability goal is met. The reliability demonstration shall be conducted during the period commencing with acceptance of each system at the first station plus the warranty period, subsequent to successful completion of field installation and acceptance testing at each location.
2.05
AVAILABILITY: A. For Safety Critical Functions: The Design/Build Firm shall demonstrate through analysis and testing that all systems, subsystems, assemblies and equipment, encompassing hardware, software, firmware, including interfaces, which perform safety critical, or safety-related functions in any and all systems specified under this contract, shall meet the following Availability requirement: The inherent Availability of the safety-related system/ function as measured by the expression: Availability = MTBF__________ MTBF + MTTR
Where: MTTR = Mean time to repair (in hours) MTBF = Mean time between failures (in hours) And when the function is evaluated, analyzed and tested from end-to-end, across all interfaces i.e, from the point of initiating control-command (e.g., at OCC, or at any field CIH location) to the point of execution of the command at the safety-related device in the field, shall be 99.999% or 0.99999. This means that the unavailability to successfully execute a safety-related command from OCC (or from any field location) to a safety-related device in the field, when measured from end-to-end across all interfaces, shall be less than one hour in 100,000 hours of operation. B. The Design/Build Firm shall develop and submit to the engineer for approval Availability analysis and test documentation, listing all systems, subsystems, assemblies and equipment, encompassing hardware, software, firmware, including interfaces, which perform safety critical, or safetyrelated functions in any and all systems specified under this contract. The functions shall be evaluated, analyzed and tested from end-to-end, across all interfaces i.e., from the point of initiating control-command (e.g., at OCC, or at any field CIH location) to the point of execution of the command at the safety-related device in the field. The Design/Build Firm
Page 16 of 33
shall demonstrate through analysis and testing that each safety-related end-to-end system/function exhibits inherent availability of 99.999%. Examples of safety-related end-to-end system/function which must exhibit inherent availability of 99.999% include, but are not limited to, the following: 1. Successfully detecting and transmitting fire/smoke alarm from a CIH field location to OCC and successfully receiving and acknowledging the alarm at the OCC Panel. Successfully detecting and transmitting failure conditions from grade crossing instrument housing at a field location to OCC and successfully receiving and acknowledging the alarm at the OCC Panel.
7.
C.
For Non-Safety Critical Functions, which are Revenue-ServiceCritical: The Design/Build Firm shall demonstrate through analysis and testing that all systems, subsystems, assemblies and equipment, encompassing hardware, software, firmware, including interfaces, which perform nonsafety critical, or non-safety-related functions but which are RevenueService Critical (may cause train or passenger delay exceeding 8 minutes, or cause implementation of failure recovery strategies and SOPs to recover from system failures, fault conditions, loss of control and/or indications) in any and all systems specified under this contract, shall meet the following Availability requirement: The inherent Availability of the non-safety-related system/ function which is revenue-service-critical as measured by the expression: Availability = MTBF__________ MTBF + MTTR
Where: MTTR = Mean time to repair (in hours) MTBF = Mean time between failures (in hours) And when the function is evaluated, analyzed and tested from end-to-end, across all interfaces i.e, from the point of initiating control-command (e.g., at OCC) to the point of execution of the command at the non-safetyrelated, but revenue-service-critical device in the field, shall be 99.96% , or 0.9996. This means that the unavailability to successfully execute a non-safetyrelated but revenue-service-critical command from OCC to a non-safetyrelated but revenue-service-critical device in the field, when measured
Page 17 of 33
from end-to-end across all interfaces, shall be less than four hours in 10,000 hours of operation. D. The Design/Build Firm shall develop and submit to the engineer for approval Availability analysis and test documentation, listing all systems, subsystems, assemblies and equipment, encompassing hardware, software, firmware, including interfaces, which perform non-safety critical, or nonsafety-related functions, but which are revenue-service-critical (may cause train or passenger delay exceeding 8 minutes, or cause implementation of failure recovery strategies and SOPs to recover from system failures, fault conditions, loss of control and/or indications) in any and all systems specified under this contract. The functions shall be evaluated, analyzed and tested from end-to-end, across all interfaces i.e., from the point of initiating control-command (e.g., at OCC) to the point of execution of the command at the non-safety-related, but revenue-service-critical device in the field. The Design/Build Firm shall demonstrate through analysis and testing that each non-safety-related but revenue-service-critical end-to-end system/function exhibits inherent availability of 99.96%. Examples of non-safety-related but revenue-service-critical end-to-end function which must exhibit inherent availability of 99.96% include, but are not limited to, the following: 1. Successfully completing from the CFCRT Operation Control Center (OCC) the selection of a divergent route through an interlocking and displaying a wayside proceed to cross over to a CFCRT train in the field. Successfully restoring a normal route at an interlocking from the CFCRT Operation Control Center (OCC) after a train has crossed over, by selecting a normal route through the interlocking and displaying a wayside proceed straight signal to a CFCRT train in the field.
2.
E.
For Non-Safety Critical Functions, which are also non-revenue-service critical: The Design/Build Firm shall demonstrate through analysis and testing that all systems, subsystems, assemblies and equipment, encompassing hardware, software, firmware, including interfaces, which perform non-safety critical, or non-safety-related functions and which are non- revenue-service critical (may cause train or passenger delay of less than 8 minutes) in any and all systems specified under this contract, shall meet the following Availability requirement: The inherent Availability of the non-safety-related system/ function which is non-revenue-service-critical as measured by the expression:
Page 18 of 33
Availability =
MTBF__________ MTBF + MTTR
Where: MTTR = Mean time to repair (in hours) MTBF = Mean time between failures (in hours) And when the function is evaluated, analyzed and tested from end-to-end, across all interfaces i.e, from the point of initiating control-command (e.g., at OCC) to the point of execution of the command at the non-safetyrelated, non-revenue-service-critical device in the field, shall be 99.9% , or 0.999. This means that the unavailability to successfully execute a non-safetyrelated and non-revenue-service-critical command from OCC (or from any station panel) to a non-safety-related and non-revenue-service-critical device in the field, when measured from end-to-end across all interfaces, shall be less than ten hours in 10,000 hours of operation.
F.
Revenue service is defined as the interval between the time the first revenue service CFCRT Train enters the Mainline, and the time the last revenue service train exits the CFCRT mainline. The revenue service periods and times are outlined elsewhere in these documents. The Design/Build Firm shall meet the System Availability requirements for all installed systems under this contract irrespective of Department schedule changes or additional special events.
2.06
MAINTAINABILITY PROGRAM: A. Prepare a description of the Design/Build Firm's Maintainability Program as part of the SSAPP, including: 1. Provisions of Article 2.04.A.1 through 2.04.A.7 inclusive herein, as they pertain also to system Maintainability. Provisions for early fault detection and rapid fault isolation to the proper service level for minimization of costs and MTTR. Provisions for simplification of fault detection, isolation, and repair so as to minimize the skill levels and training requirements for maintenance personnel by use of maintenance aids or test equipment. Provisions for accessibility for maintenance tasks. Provisions for reduction of the following: complexity of the
Page 19 of 33
2.
3.
4. 5.
maintenance, design-dictated maintenance activities and related costs, maintenance down-time and effects on system operation, maintenance costs, potential for maintenance error, and man/machine interface problems. 6. Provisions to evaluate operational and design changes for possible effects upon maintainability requirements.
2.07
SYSTEM SAFETY ANALYSES: A. General: The Design/Build Firm shall perform system safety analyses to identify safety hazards, assess their risk as a function of hazard severity and probability of occurrence, and apply Department -approved risk acceptance criteria for hazard mitigation and resolution. Hazard Severity Definitions: Hazard severity categories are defined to provide a qualitative measure of the worst credible mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, system, subsystem or component failure, malfunction, or fault condition, as follows: 1. Hazard Category I - Catastrophic: may cause death, system loss or severe environmental damage. Hazard Category II - Critical: may cause severe injury, severe occupational illness, or major system or environmental damage. Hazard Category III - Marginal: may cause minor injury, minor occupational illness, or minor system or environmental damage. Hazard Category IV - Negligible: will result in less than minor injury, minor occupational illness, or less than minor system or environmental damage.
B.
2.
3.
4.
C.
Hazard Probability Definitions: Hazard probability shall be described qualitatively in potential occurrences per units of time (per hour, per year, etc). A hazard probability may be derived from the analysis of commuter rail transit system operating experience, evaluation of similar systems in identical or manifestly similar conditions, and from historical safety data of the systems at other transit systems. The probability rankings are defined as follows: 1. Probability Rank A - Frequent: Likely to occur frequently to an individual item. Continuously experienced in the entire contracted system.
Page 20 of 33
2.
Probability Rank B - Probable: Will occur several times in the life of an item. Will occur frequently in the entire contracted system. Probability Rank C - Occasional: Likely to occur sometime in the life of an item. Will occur several times in the entire contracted system. Probability Rank D - Remote: Unlikely but possible to occur in the life of an item. Unlikely but can be reasonably expected to occur in the entire contracted system. Probability Rank E - Improbable: So unlikely is can be assumed occurrence may not be experienced in the life of an item. Unlikely but possible to occur in the entire contracted system.
3.
4.
5.
B.
Perform safety analyses to identify potentially hazardous conditions. Perform and document quantitative analyses as required to ensure that adequate safety consideration has been given. Apply system safety analyses to: 1. 2. 3. 4. Evaluate alternatives. Evaluate and verify safety requirements of the systems, subsystems and assemblies for the systems under the scope of this contract. Evaluate the operation/emergency procedures and training requirements. Provide visibility of relative safety and risk within system components.
C.
Perform analyses of systems, subsystems and functions to identify potential system safety hazards in system elements, subsystems and assemblies, hardware and software and interfaces, to the extent covered under Design/Build Firms scope, in these contract documents for the CFCRT project. 1. 2. 3. 4. System elements and subsystems to be analyzed include but are not limited to those specified in Paragraph 1.01.A herein. Perform analyses of interfaces between each system and operating and maintenance personnel. Perform analyses of interfaces between each system and other systems that directly interface with it. Perform analyses of potential human errors and fault conditions arising from operations and maintenance manuals.
Page 21 of 33
D.
In performing the required analyses, the depth of detail shall be dictated by hardware and software components, functions and modules called for in the final design, identified critical items, and unresolved potential failures of unacceptable and undesirable risk index. The following analyses shall be utilized: 1. 2. 3. 4. 5. 6. Preliminary Hazard Analysis (PHA). Failure Modes, Effects and Criticality Analysis (FMECA). Software Failure Modes and Effects Analysis (SFMEA). Quantitative analyses such as fault tree or logic network. Operating Hazard Analysis. Collision and Derailment Hazard Analysis (CDRL), showing the contribution of items in Design/Build Firms scope to collisions and derailments among CFCRT Commuter trains, Amtrak and CSXT trains on the Corridor. Conduct analysis in general accordance with FRA Guide.
E.
These analyses shall be documented in general accordance with the guideline documents herein, and industry accepted practices. The Design/Build Firms analysis format shall be approved by the Department. Maintain a compilation of safety-critical items identified during the system safety analyses, in a safety critical items list (SCIL), which shall be maintained and updated by the Design/Build Firm throughout the duration of the contract. Safety critical items shall consist of hazards with Unacceptable and Undesirable risk. The format of the SCIL shall be approved by the Department. Document for approval any rationale in lieu of corrective action. Conduct a special review of unresolved critical items on the SCIL with the Department. Existing analyses and data which are properly documented and verifiable and which present the material in a neat, concise and logical manner may be submitted for equipment and applications that are identical or manifestly similar. For each identified hazard, establish hazard severity category (I through IV), hazard probability ranking (A through E), and a combined hazard risk index reflecting the severity and probability ranking.
F.
G.
H.
Page 22 of 33
I.
Apply risk assessment criteria to identified hazards based on the identified severity and probability of occurrence, to determine acceptance of the risk or the need for corrective action to further reduce the risk. The risk acceptance criteria shall conform to the Federal Transit Administrations (FTAs) Hazard Analysis Guidelines for Transit Projects and the following table:
TABLE A- HAZARD RISK ASSESSMENT MATRIX AND ACCEPTACE CRITERIA

Severity II III Critical Marginal IIA IIIA IIB IIIB IIC IIIC IID IIID IIE IIIE
Frequency of Occurrence (A) Frequent (B) Probable (C) Occasional (D) Remote (E) Improbable
I Catastrophic IA IB IC ID IE
IV Negligible IVA IVB IVC IVD IVE
Legend:
Hazard Risk Index IA, IB, IC, IIA, IIB, IIIA ID, IIC, IID, IIIB, IIIC IE, IIE, IIID, IIIE, IVA, IVB IVC, IVD, IVE
Acceptance Criteria Unacceptable Undesirable (decision required) Acceptable with review Acceptable without review
J.
Analyze hazards which are identified as having an unacceptable or undesirable risk, using logic network analyses (such as fault tree) to determine effectiveness of corrective action. Unacceptable and undesirable risk shall be reduced to an acceptable level before design acceptance. Undesirable risk shall be mitigated on a priority basis using cost-benefit considerations and shall be approved by the Department. Hazards identified as "acceptable with review" may be accepted by the Department in an "as-is" condition with no further corrective action. Alternatively, the Department may require the Design/Build Firm to develop operating and maintenance procedures for periodic tests and inspections of the subject item to ensure an acceptable level of safety is maintained over the life of the system. Hazards with combination of severity and probability IVC, IVD, IVE will be acceptable to the Department.
K.
L.
Page 23 of 33
2.08
SYSTEM SECURITY ANALYSES: A. General: The Design/Build Firm shall perform a security Threat and Vulnerability Analysis (TVA) for each CFCRT system element and subsystem within the Design/Build Firms scope of work, and their interfaces as defined in subsection 1.01.A herein. The TVA will be conducted early in the final design phase to identify security threats and vulnerabilities (weaknesses) in the CFCRT System elements and subsystems, assess their risk as a function of severity and probability of occurrence, and apply Department-approved risk acceptance criteria for security risk mitigation and resolution. The TVA shall be conducted in general accordance with the FTA Guide documents on security except as modified herein. The TVA will be updated by the Design/Build Firm during the Construction/ Installation/ Testing phase of the project. B. Categorization of severity, probability and risk acceptance of security threats and vulnerabilities: The severity of a security hazard and the magnitude of the impact should a threat successfully exploit the vulnerability are rated in terms of their effects on people or property, similarly to safety hazard severity. The ease of a given threat to exploit a given vulnerability provides the probability of occurrence. The combination of severity and probability ratings results in a risk rating (risk index) for a security hazard. Severity Categories I though IV used to categorize safety hazard severity (consequences) in safety analyses, shall be used for Severity categorization in TVA. The Probability ratings A through E used for safety hazard probabilities will be qualitatively used to rank the likelihood of a security hazard. Table A- Hazard Risk Assessment Matrix and Acceptance Criteria shall be used in TVA to provide a Department- approved measure for acceptance of risk and security risk resolution. C. The Design/Build Firm shall maintain a compilation of security critical items identified during the TVA, titled a security critical items list (SCIL). The SCIL shall be maintained and updated by the Design/Build Firm throughout the duration of the contract. Security critical items shall consist of hazards with Unacceptable and Undesirable risk. The format of the SCIL shall be approved by the Department. Document for approval any rationale in lieu of corrective action. Conduct a special review of unresolved critical items on the SCIL with the Department.
Page 24 of 33
2.09
SAFETY TEST AND VERIFICATION PLAN: Verify that design safety requirements shall be met. A combination of analytical and test methods shall be considered. Integrate safety tests into the appropriate test plans developed in accordance with other sections of the documents for system elements, subsystems and assemblies, hardware and software and interfaces contained in these contract documents for the CFCRT project. A. Where complete safety testing in an operational environment is not feasible or could cause system damage, demonstrate and verify safety characteristics in design and procedures by laboratory tests, functional mock-ups, or failure simulation. Use induced or simulated failures to demonstrate an acceptable degree of safety for the failure modes identified as critical (unacceptable and undesirable risk) by the Design/Build Firm's safety analyses. Acceptable safety shall be as defined by the Risk Assessment Matrix and Acceptance Criteria. Verify, by analytical means, failure modes identified during analyses that were resolved by rationale or operating/emergency procedures. Include specific safety test and verification as part of other tests for systems, subsystems, assemblies and interfaces, to the extent covered under Design/Build Firms scope in these contract documents for the CFCRT project. System elements and subsystems include but are not limited to those specified in Paragraph 1.01.A herein. The detailed test plans for all tests will be reviewed to insure that: 1. 2. 3. Safety is adequately demonstrated. Testing will be carried out in a safe manner. Any additional hazard introduced by testing procedures, instrumentation, and test hardware is properly identified and minimized.
B.
C.
D.
F.
Compile all safety test and verification data on simulation and safety testing into a specific section of the overall testing report specified in other sections of testing requirements and reporting in these documents. Include the results of failure documentation. Maintain documentation throughout the program as evidence of proper safety in system design, installation, and operation.
Page 25 of 33
G.
Implement the provisions of the safety test and verification plan throughout other testing specified in these documents. Perform the tests in accordance other sections of these documents in an environment which simulates operation.
2.10
SAFETY AND SECURITY CERTIFICATION PLAN: A. The Design/Build Firm shall develop and implement a Safety and Security Certification Plan in accordance with the Federal Transit Administration (FTA) Handbook for Transit Safety and Security Certification (2002). The Safety and Security Certification process shall include, among others, the development and verification of implementation of safety and security related requirements compiled in two types of safety certification requirement checklists for certifiable items on this project at the following project phases, as follows: 1. Criteria Conformance Checklists, for the Design/Build Firms final design phase of the project. This checklist shall verify that the Design/Build Firm has incorporated into its final design all applicable CFCRT safety and security related design criteria and code requirements, standards and regulatory requirements mandated at the Federal, State and local level, including national standards such as the National Fire Protection Association (NFPA), building codes, and Underwriters Laboratory (UL) listing requirements, FRA and CSXT Rules, etc., as referenced in the CFCRT Design Criteria. 2. Specifications Conformance Checklists, for the Design/Build Firms project phases of construction, manufacture, installation, testing, commissioning, leading to use of the equipment in revenue service. The specifications conformance checklist shall document and verify that all safety and security related requirements in the contract documents have been met by the Design/Build Firm. The following program requirements shall also be included in the Specification Conformance Checklist: a. Safety Analysis and resolution of Safety Critical Items List (SCIL). b. Threat and Vulnerability Analysis (TVA) and resolution of Security Critical Items List (SCIL). c. Traceability Matrices showing how design criteria and specification requirements were met by the Design/Build Firm and subcontractors through design, analysis, construction,
Page 26 of 33
manufacture, installation and testing. d. Testing requirements addressing factory, acceptance, field, static, commissioning, dynamic, systemwide, integration and end-to-end tests. e. Training f. Procedure Development. B. The Design/Build Firm shall develop and submit to the Department a Certifiable Items List (CIL) consisting of the safety certification requirements compiled at the Certifiable Element, sub-element and items. The CIL shall be based on system elements and sub elements encompassing safety (and security) related systems, subsystems, assemblies and interfaces, to the extent covered under Design/Build Firms scope in the contract documents for the CFCRT Project. System elements and subsystems include but are not limited to those specified in Paragraph 1.01.A herein. Early during the Design/Build Firms final design phase of the project, and in accordance with the Design/Build Firms Safety and Security Certification Plan, the Design/Build Firm shall submit to the Department the initial Safety Certification requirement checklists of Criteria Conformance Checklist, encompassing and addressing the Certifiable Items List (CIL). The CIL shall consist of safety and security related system elements at each location under this contract. This checklist, in the Department- approved format, shall be used by the Design/Build Firm to certify the Design/Build Firm has incorporated into its final design all applicable CFCRT Safety and Security related Design Criteria and code requirements, standards and regulatory requirements mandated at the Federal, State and local level, including national standards such as the National Fire Protection Association (NFPA), building codes, and Underwriters Laboratory (UL) listing requirements, FRA and CSXT Rules, etc., as referenced in the CFCRT Design Criteria. Early during the Design/Build Firms Construction phase of the project, and in accordance with the Design/Build Firms Safety and Security Certification Plan, the Design/Build Firm shall submit to the Department the initial Safety and Security Certification requirement checklists of Specification Conformance Checklist, encompassing and addressing the Certifiable Items List (CIL). Prior to revenue service and/or prior to any incremental opening of the line for revenue service, and in accordance with the Design/Build Firms Safety Certification Program Plan, the Design/Build Firm shall submit to
Page 27 of 33
C.
D.
E.
the Department the completed, signed and verified Safety Certification Checklists, consisting of Criteria Conformance Checklists and Specifications Conformance Checklists for the Certifiable Items List (CIL) at all applicable locations. Included among the signed checklists and certifiable items shall be verification of successful completion of : g. Safety Analysis and resolution of Safety Critical Items List (SCIL). h. Threat and Vulnerability Analysis (TVA) and resolution of Security Critical Items List (SCIL). i. Traceability Matrices showing how design criteria and specification requirements were met by the Design/Build Firm and subcontractors through design, analysis, construction, manufacture, installation and testing. j. Testing requirements addressing factory, acceptance, field, static, commissioning, dynamic, systemwide, integration and end-to-end tests. k. Training. l. Procedure Development.
F.
The safety certification checklists signed by the Design/Build Firm shall be supported by documented evidence of Design/Build Firms traceability matrices showing contactor has implemented the design criteria, contract documents and specifications requirements and complied with all safety and security related requirements in design, analysis, testing and verification, for each safety and security related Certifiable Item on the checklists. The Design/Build Firm shall also produce signed Certificates of Compliance (COC) as required by the Safety Certification Plan. The Safety Certification shall ensure all systems, subsystems and assemblies, hardware and software, covered under this Contract at each field location and at OCC have been designed, fabricated, installed and tested in accordance with all applicable codes, criteria, contract documents and are safe for revenue service. The Criteria Conformance Checklists, and Specifications Conformance Checklists and all Certificates of Compliance prepared by the Design/Build Firm shall be signed and dated by the Design/Build Firms Representative to certify the requirements have been successfully met and compliance verified.
G.
Page 28 of 33
H.
The Design/Build Firm may be requested by the Department to submit, from time to time, completed, verified and signed safety (and security) certification checklists of Certifiable Items Lists (CILs) and Certificates of Compliance prepared by the Department for the Design/Build Firms signature, in support of the Safety and Security Certification Program. PART 3: EXECUTION
3.01
PROGRAM PLAN: Implement and maintain the various aspects of the SSAPP during design, construction, installation and testing phases of the Contract. SYSTEM SAFETY AND SECURITY ANALYSES: Perform safety and security analyses, as specified, during the final design phase of the Contract. Update as required during Construction. TEST AND VERIFICATION PLAN: Implement the provisions of the test and verification plan during the design, factory testing, installation, field acceptance and integrated testing period including initial revenue service testing of the equipment. Perform the tests in accordance with other sections in these documents, in an environment that simulates actual operation. COORDINATION: A. Design Impact: Closely coordinate the SSAPP and results of system safety and security analyses with design disciplines, particularly as the results affect design and hardware development. Make recommendations for redesign or modifications to ensure compliance with specified requirements including, as required, installation of test points and built-in test capabilities, installation of in-service status display indicators to facilitate fault isolation and test, utilization of high reliability parts with easy accessibility and quick disconnect connectors, use of mechanical keying to reduce errors during installation, security protection measures, tamper-proof design and system hardening to reduce security risk, etc. Design Problems: Document instances where evaluation or analyses indicate an unresolved problem area, and formulate appropriate recommendations. Maintain records, which show that follow-up action has been taken to resolve the problem. Design Reviews: Assure participation by the system Safety, Security and Availability assurance organization in all design reviews.
3.02
3.03
3.04
B.
C.
3.05
RECORDS MANAGEMENT: Design/Build Firm shall maintain documentation of system safety, security and availability assurance throughout the design, and make it available for examination by the Department.
Page 29 of 33
3.06
DESIGN: During consideration of precedence in the control of unacceptable and undesirable system hazards and vulnerabilities, take cognizance of human limitations as a design constraint. Take corrective action to eliminate or control unacceptable and undesirable hazards and vulnerabilities using the following order of precedence: A. Design for Minimum Risk. Design, redesign or retrofit to eliminate (i.e., design out) the hazards through design selection. If an identified hazard cannot be eliminated, reduce the severity and/or probability of occurrence to an acceptable level. The Design/Build Firm shall use fail-safe devices and principles in design, and incorporate high-reliability systems and components and use of redundancy in hardware and software design. Safety Devices. Hazards that cannot be eliminated or controlled through design selection shall be controlled to an acceptable level through the use of fixed, automatic or other protective safety design features or devices. The Design/Build Firm shall use safety devices such as interlock switches, protective enclosures and safety pins. The Design/Build Firm shall ascertain that the operation of the safety device reduces the loss or risk and does not introduce an additional hazard. Safety devices shall also permit the system to continue to operate in a limited manner. The Design/Build Firm shall make provisions for periodic functional checks of safety devices. Warning Devices. When neither design or safety devices can effectively eliminate or control an identified hazard, the Design/Build Firm shall use devices to detect the condition and to generate an adequate warning signal to correct the hazard or provide for personnel remedial action. The Design/Build Firm shall design warning signals and their application to minimize the probability of incorrect personnel reaction to the signals and shall standardize warning systems within like types of systems. Procedures and Training. Where it is not possible to eliminate or adequately control a hazard through design selection or use of safety and warning devices, the Design/Build Firm shall use procedures and training to control the hazard. Special equipment operating procedures shall be implemented to reduce the probability of a hazardous event and a training program shall be conducted. The level of training required shall be based on the complexity of the task and minimum trainee qualifications contained in training requirements specified for the subject system element and element subsystem. Procedures may include the use of personal protective equipment. The Design/Build Firm shall standardize precautionary notations in manuals. Safety critical tasks, duties and activities related to the system element/subsystem shall require certification of personnel proficiency. However, without specific written approval of the Department, no warning, caution or other form of written
Page 30 of 33
B.
C.
D.
advisory will be used as the only risk reduction method for Category I and II hazards.
PART 4: MEASUREMENT AND PAYMENT 4.01 SAFETY, SECURITY AND AVAILABILITY: A. No separate measurement shall be made for the work required under this Section. No separate payment shall be made for the work required under this Section. All cost in connection therewith will be considered included in the bid items requiring their use. END OF SECTION
B.
Page 31 of 33

Florida Department of Transportation District 5

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Florida Department of Transportation District 5

Hochgeladen von

Copyright:

Verfügbare Formate

Florida Department of Transportation District 5

Financial Projects Number(s): 412994-2-52-01 Federal Aid Project Number(s): TBD

MTBF__________ MTBF + MTTR

TABLE A- HAZARD RISK ASSESSMENT MATRIX AND ACCEPTACE CRITERIA

IV Negligible IVA IVB IVC IVD IVE

Das könnte Ihnen auch gefallen