Safety issue

Safety issue description

The Air Digital Engineering generation 3 remote control equipment (RCE) had several safety-related design and integration problems, which were readily identifiable. These included:

  • unintended activation-and-release of emergency braking on the locomotive
  • recovery from an emergency brake application and certain penalty states that was inconsistent with locomotive braking system timeout controls
  • the potential to enter a persistent unsafe state during initialisation, which was unrecoverable without external intervention
  • the absence of a means to detect and respond to an emergency brake application from a source external to the RCE
  • the vigilance and driver-commanded emergency stop functions being unavailable in the absence of an active radio communications link.
Issue number RO-2018-014-SI-16
Issue owner Air Digital Engineering (ADE)
Transport function Rail: Rolling stock
Issue status No longer relevant
Date issue released 18/11/2022
Issue status justification

TasRail advised that it had withdrawn all remote-control technology and ADE advised that the generation 3 remote control equipment has not been offered to, or used by, any other rolling stock operators. ADE advised that it would re-evaluate the generation 3 remote control equipment under system safety design principles if it were to be used for future operations. Accordingly, the safety issue is no longer relevant.

Safety action

Action type Proactive action
Action number RO-2018-014-PSA-06
Organisation Air Digital Engineering
Action date 05/07/2022
Action description

On 5 July 2022 Air Digital Engineering (ADE) advised:

In the future, with any continuation work of the RCE [remote control equipment] product, ADE would appropriately address the points the ATSB has raised. This would also lead to a re-evaluation with reference to AS [Australian Standard] 61508 of the RCE as well as the consideration of new technologies for the practical implementation of a calculated SIL factor using new microprocessor architecture selection, for example two out of two voting processes for the benefit of design safety assurances.

The integration problems and other matters of software / hardware arrangement may be addressed by software design with the necessary testing and documenting in accordance with the AS 61508 standard and changes to hardware also in accordance with the same standard. This could include further references to associated standards that have evolved since the original IEC [International Electrotechnical Commission] 61508 Draft publication in the mid 1990”s as well as the publications mentioned within the ATSB’s draft report and also, taking into account the report’s referencing under: System safety in the Australian rail industry.
Action status Closed