On 6 July last year, an unattended 74-car freight train carrying crude oil in Lac-Mégantic, Quebec, ran away, derailed and caused a fire and multiple explosions, killing 47 people.

Just days before, Canada’s auditor general had finished researching a report on Canadian rail safety. Published in November, it revealed a range of issues that Transport Canada needed to address in terms of the safety of its railways – one of these was the implementation and oversight of safety management systems (SMS’s). Although Canada’s railways were required to apply SMS’s 12 years ago, the report suggests that there is little assurance being generated.

In Europe, there are similar requirements about SMS’s, as documented in EU directives and specified in the UK by the Railway and Other Guided Transport Systems (Safety) Regulations. Does the Quebec accident, and the auditor general’s report, provide a wake-up call for anyone running a safety management system?

A positive safety culture

An SMS basically consists of the arrangements and process used by an organisation to effectively manage health and safety to a level that is as low as reasonably practicable. Its objective is to provide the necessary framework around which good performance can be established and maintained, and which will in turn, support the development of a positive safety culture. Most organisations are likely to have something resembling an SMS (even if it’s embedded within general business management processes), but all rail operators and infrastructure managers have to have one by law under ROGS.

This all sounds fine. But the Canadian experience shows that you can have the requirements in place, but if there are insufficient checks and understanding with no assurance given or received that things are actually happening in the way you expect them to happen, then the SMS is probably not going to be providing the level of safety you need.

This gap was identified by the GB rail industry a few years ago, soon after ROGS kicked in. Prior to this, organisations had to submit ‘safety cases’ to the infrastructure owner (Railtrack, or later, Network Rail) in a fairly hierarchical-cum-contractual arrangement. ROGS changed all this, and all organisations became more responsible for safety of the system, both for themselves and their people, but just as importantly, also to the people and organisations they interfaced with, regardless of whether they were in charge of track or trains.

Self-checking now required

Legislation has recently made it clearer with the introduction of the Common Safety Method (CSM) for Monitoring which has, since June 2013, made requirements on SMS holders in relation to their safety assurance processes. In essence, the new regulation requires the self-checking of how effective the SMS is and how it’s applied, including its processes and procedures, plus the checking that it achieves the expected outcomes. It then requires preventative and/or corrective measures to address weaknesses.

Running in conjunction with the CSM for monitoring is the CSM for supervision which places requirements on the ORR to ‘supervise’, i.e. to check on the effectiveness of SMS’s of rail companies, and counterpart systems for entities in charge of maintenance (ECM’s). 2014 will be the first true test of both CSM’s but will require efforts from both transport operators and the regulator.

Guidance from RSSB

As a result, industry has asked RSSB to produce a range of guidance to support companies building SMS’s, and more recently, to specifically address safety assurance.The concept goes back to first principles. It says that if you have good safety assurance (i.e. that you have a strategy, you monitor, you review and then you follow up), that this generates the right momentum to make the SMS effective. The concept is also fairly free-moving and flexible too, it’s not a rigid model, but a way of working which recognises that there is a wide range of information ‘out there’ which can be used to provide safety assurance. Distilling it and getting the right people to absorb it is part of the challenge. It can be applied to three dimensions: at company level, at company-to-company level, and then more holistically at the level of the railway system as a whole.

Acquiring assurance at company level, for example, where an activity is contained completely within an organisation in terms of its scope and impact, is something which most people should be very familiar with. Assurance at the interface is perhaps trickier, but not uncommon either, requiring dialogue between parties with the right level of monitoring and information exchange.An example could be a major re-build at a station, where there are many parties involved and an impact on passenger flows in and around the station – think Kings Cross, Leeds or Reading. The risks to passengers will only be clear once everyone shares information and input through dialogue.

Safety assurance at the system-level, although not led by a single directing mind and less formally applied, does provide feedback loops to the whole rail system. If we are sure that something is considered ‘safe enough’ in one location, then this knowledge could be used in improving the overall safety across the whole system. Reporting through NIR and CIRAS can generate this kind of assurance, and requires us to embrace whole-system thinking. We may not have a documented SMS for the whole rail system (nor do we really need one), but we do collectively apply some aspects of system-level assurance which benefits everyone. These include things like the Annual Safety Performance Report and the Safety Risk Model.

Linking to the business-end

Thinking about the system also helps us to link the safety world more definitively with the business-end of running a railway. Safety assurance is not simply a safety driver, it’s also something which boosts the effectiveness and efficiency of the business, with the potential to bring down costs and generate more output or revenue.

RSSB has sent copies of the guidance to CEO’s at Network Rail, train and freight operating companies and infrastructure contractors, to cascade to relevant directors and heads-of-departments.

It contains many examples of good practice, checklists, tools and templates and hyperlinks to other useful sources. One such tool is the Shared Risk Register which should prove useful in achieving a step-change in the management of interface risks and could also be a practical aid in the development of Joint Safety Improvement Plans.

The key question perhaps to ask is whether the right information is getting to the right decision makers at the right time, and do the right relationships exist internally and externally to make this happen?

For more information about Safety Assurance Guidance, produced by RSSB, contact enquirydesk@rssb.co.uk
Ian Moreton is programme manager, Safety Management Systems at RSSB.