Unwanted events, defects and counteractions
Control, command and signalling systems (CCS) are vital for the safe operation of the railway. When they are affected by failures, the potential for risk, reduced performance, incidents or accidents increases.
Unwanted events, defects and counteractions
Failures stem from underlying faults and, ultimately, defects either within a system or external to it.
When the Concept of Operations and Rail Industry Standard for the National CCS DRACAS was being developed, it was important to define what ‘defect’ means, and how defects relate to other definitions and events. Cementing these definitions aligns terminology across the industry.
Defects are weaknesses within a system. They can lead to repeated instances of the same negative consequences, like failures. They can also affect multiple implementations of the system, subsystem, equipment, or components, in different places. Recording, investigating, and understanding their underlying causes is key. Doing so makes it possible to identify and implement appropriate actions, and thus prevent the repetition of negative consequences.
Because each defect has repeatable consequences, defects can be detected by analysing failure and fault data. For example, a manufacturer might note that several users report a common failure symptom, or the same failure, at the same time. All these events could be linked by a common fault, but a common system to analyse them is needed to find out what that fault is.
The diagram below shows how every unwanted event is triggered by one or more unwanted actions; either a human action (unintended or intended), a technology action, or both. It also illustrates the chain of circumstances that link the event to the underlying defect that caused it.
The diagram shows that it is good practice for investigations to consider the factors that influence human performance, as well as the technical performance of the implicated CCS system, subsystem or equipment. For instance, a fault within a CCS subsystem can mislead a person or system into an unwanted action, which could then cause a failure or incident.
The National CCS DRACAS can analyse information and data about accidents, incidents, failures, unwanted actions, and system performance-influencing factors. This enables both defects and underlying causes in a CCS subsystem to be identified. Find out more about the National CCS DRACAS
Find out more about the National CCS DRACAS.
Containment, corrective and preventative actions
There are three distinct types of action that can be taken after an unwanted event has occurred:
- Containment action – a reactive and temporary response that mitigates the immediate risk and enables continued operation in the short term. For example, isolating a control command and signalling (CCS) onboard subsystem, in accordance with operational procedures, so that a failed train can be moved clear of the running line. A containment action does not identify why the unwanted event occurred nor does it include any actions to address the underlying cause.
- Corrective – a reactive, permanent response to an unwanted event that mitigates risk by eliminating the cause (defect) to prevent recurrence.
- Preventative action – a proactive, permanent response to prevent an unwanted event that mitigates risk by eliminating the cause (defect) before an event, such as a failure, occurs.
Addressing defects that affect a CCS subsystem is an important part of risk management and continuous safety improvement, as it facilitates the prompt identification of containment and corrective actions. Through the analysis components of the National CCS DRACAS, it will be possible to identify preventative actions as well.
The video below explains all the terms mentioned on this page and provides an example of the terms being applied to a CCS-related incident.
Refer to RIS-0707-CCS for more information on unwanted events, defects and counteractions.
