Business Continuity in Railway Signalling

Author: Wim Coenraad
Day: Aspect day One
Session: Systems

In the context of engineering, resilience can be defined as the ability to continue operating, perhaps at a reduced performance level, when unexpected but plausible events occur, and the ability to recover after such an event referred to as Business Continuity Management. Practices such as the application of redundancy, graceful degradation and "spatial diversity", i.e. allocating corridors comprising of routes and the control of track elements allocated to separate "interlocking machines", such that if one fails at least one (or more) corridors remain available, have long been used and come under this heading. This paper presents an international survey of BCM in railway signalling and how to apply this concept to the digital railway, where the introduction of communications based signalling concepts, such as ERTMS, ATO over ETCS, C-DAS etc. might introduce the sort of "systemic failures", where the risk of occurring is difficult to determine at best, but consequences can have system wide effects, that are difficult to predict and analyse and where mitigations, if they exist and can be afforded, cannot easily be tested for effectiveness.