The reporter expressed a safety concern in relation to the Track Occupancy Authority (TOA) form which is used to record a TOA.
Recently a change to Network Rule [number] has allowed a TOA to be applied across multiple areas of control.
The reporter advised that the TOA form has not been changed to clearly reflect the revised TOA procedure. The form can be completed by only one of the affected controllers with no requirement for the controller in charge of the TOA to record the other areas which are affected by the TOA.
The reporter advised that there is a concern that when a TOA is applied across multiple areas of control, all affected network control officers may not be informed, increasing the risk of a train to be unknowingly authorised into a worksite. With no facility on the TOA form to record the affected areas, there is no memory aid to assist in insuring the process is completed in accordance with the network rules
A recent occurrence highlighted this issue when a TOA was issued for a track section near [location] and [location]. The Area Controller, who was still in charge of a portion of the affected track, was not informed of the TOA, as it had been issued by another controller. The oversight was not discovered for some time.
Operator's response (Operator 1)
I refer to your REPCON report of 19 January 2015 regarding allegations that we had made a rule change for Track Occupancy Authorities (TOAs) that was not reflected in the relevant form.
Amendments to the Track Occupancy Authority (TOA) rule, [number] and associated procedure, [number] were implemented on [date].
These amendments were subject to the appropriate safety assurance processes, extensive consultation and notification to the Office of National Rail Safety Regulation. In addition, the proposed amendments were brought before a hearing of Fair Work Australia (FWA) as a result of an application of the relevant union.
The application opposing the implementation of the amendment on safety grounds, included a demand the TOA form be amended to capture the names of those signallers, who in addition to issuing signaller, prevent entry to the limits of the TOA.
The reasons put forward to support the argument, similar to those contained in the REPCON, were unable to withstand scrutiny and the application before FWA failed.
It is not correct to suggest the integrity of the TOA implementation rests entirely upon the compilation of the form. In fact, there are certain circumstances where a form is not required to be compiled at all.
The concept of "controller in charge" of the TOA is misleading, as is the suggestion that there is no requirement to " ... record other areas which are affected by the TOA". TOAs can only be authorised by a train controller after which it may be issued by the signaller to the protection officer requesting it.
The process for implementing a TOA, at the apex of which sits the train controller, mandates a list of assurances that must be obtained prior to authorisation. These assurances include clearly establishing:
- the area or limits required to be occupied, and ,
- the points of entry to those limits that need to be protected from the inadvertent entry of rail traffic.
In practice, the train controller seeks from each signaller involved assurance that all points of entry have been protected upon completion of which the TOA will be authorised and subsequently issued by the signaller. As part of the issuing process the location at which entry to the area occupied by the TOA are recorded on the form and communicated to the requester of the authority.
The proposition that a "... memory aid" is required to " … assist in insuring [sic] the process is completed in accordance with Network Rule [number]", is not accepted based upon the reasons provided above.
The recent occurrence cited in the REPCON as an example that " ... highlighted this issue ... " cannot be commented upon specifically as it could not be located - further information relating to date and time is needed.
Notwithstanding, an occurrence of the type described would constitute a significant failure of the TOA implementation process prescribed in the rules rather than being an issue with the integrity of the rule itself.
Regulator's response (Regulator 1)
The Office of the National Rail Safety Regulator (ONRSR) has reviewed the report, and we are satisfied with the response supplied by the operator.
Initial review of the report indicates there are various aspects which need to be viewed both from a safety and an industrial viewpoint. The reporter appears to focus purely on this operator, therefore the ONRSR have limited our response to those parameters.
The relevant rule states (in effect) that if two signallers are affected, the signallers and train controller must confer and the latter will nominate an issuing signaller; and that the Network Controllers (NCOs) (signallers in this case) must confer to ensure that all points of entry are protected. The procedure essentially indicates the same thing, however, also covers the possibility that more than one train controller will be involved. The controller has to get an assurance from the affected signallers that blocking facilities have been applied to cover all entry points.
It is possible (although debateable) that including a section on a form may reduce the possibility of some types of error, however, it would not eliminate the most severe (i.e. the possibility that a signaller and the train controller may not realise that another signaller should be involved). The operator had conducted a risk assessment that evaluated the hazards deriving from both the inclusion and non-inclusion (especially with regard to giving a 'false sense of security' and increasing complexity) and had concluded that on balance, there was no benefit of its inclusion.
In order to further examine the particular example provided by the reporter, further information (time/date etc) is required.
The ONRSR acknowledges the concerns raised within the ATSB REPCON Report, however, we believe the operator has been adequately responsive. Additionally, the ONRSR's continual review of safeworking incidents and the application of rules have not revealed any ongoing difficulties regarding this matter.
As previously mentioned, the ONRSR notes the concerns raised by the reporter, whereby; we will consider the content of the report for further planning of compliance activities within upcoming audits and inspections.
The ATSB has not passed the dates of the incident in question to the operator as this would identify a particular incident and hence the controllers involved would be identified. The REPCON legislation requires that no person can be identified in a REPCON report.