Hazard analysis should assist every system design evaluating the risk level for a system while working. Hazard and Operability (HAZOP) method uses guide words to identify potential deviations from design intents, assessing causes and consequences. The analysis can be time demanding and asking for experienced team to be able to provide all the possible hazard occurrence during operability of the system. To reduce the cost of the HAZOP involvement in a safe design, we propose a reconfigurable model that can represent the hazard occurrence and define new functional and safety statements. The model can be used for a robust design and to simplify the verification phase. We tested this approach on the Vital Control Module (VCM) of the Automatic Train Operation architecture, within the European Railway Traffic Management Signaling Systems framework. The model here proposed insure 100% of hazardous event occurrence against just the 65% of the in use qualitative model.
Dynamic Model for Preliminary Hazard Analysis in Autonomous Railway Application / De Venuto, Daniela; Barbareschi, Mario; Serra, Diana; Scarola, Vincenzo. - ELETTRONICO. - (2026), pp. 314-320. ( APPLEPIES 2025 Torino 11-12 settembre 2025) [10.1007/978-3-032-17174-0_45].
Dynamic Model for Preliminary Hazard Analysis in Autonomous Railway Application
De Venuto, Daniela
Conceptualization
;Scarola, Vincenzo
2026
Abstract
Hazard analysis should assist every system design evaluating the risk level for a system while working. Hazard and Operability (HAZOP) method uses guide words to identify potential deviations from design intents, assessing causes and consequences. The analysis can be time demanding and asking for experienced team to be able to provide all the possible hazard occurrence during operability of the system. To reduce the cost of the HAZOP involvement in a safe design, we propose a reconfigurable model that can represent the hazard occurrence and define new functional and safety statements. The model can be used for a robust design and to simplify the verification phase. We tested this approach on the Vital Control Module (VCM) of the Automatic Train Operation architecture, within the European Railway Traffic Management Signaling Systems framework. The model here proposed insure 100% of hazardous event occurrence against just the 65% of the in use qualitative model.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
