Keywords

1 Introduction

Safety management systems have become more and more popular due to changing the emphasis from detailed technical safety to issues of decision making at higher level of management, following the conclusions of investigation reports on major disasters such as Piper Alpha in 1988 [1]. In the railway context, the changes were accelerated by structural reforms performed from the 1990s, aiming at vertical separation, i.e. dividing the infrastructure management from other rail activities. As a result, the market was opened to new railway undertakings and all the railway companies were made to adopt safety management systems based on harmonized principles. It was intended to at least maintain the same level of safety in the railway system [2].

The harmonized principles for safety management systems were gathered in European regulations, issued under the Railway Safety Directive [3]. The legislation specifies criteria which must be met by such a system, the first being the implementation of risk-related tools. Much research was done, especially in Central and Eastern Europe, to better understand the requirements and to establish guidelines for companies [4,5,6]. All of the research emphasizes the role of the assessment of risk, which is even regarded as the basis for proper safety management system design, necessary for defining its objectives [7].

The concept of risk in railway infrastructure maintenance is studied from both technical [8] and organizational point of view [9, 10]. Very often the matter of risk is strictly connected with the reliability of the infrastructure elements [11, 12]. However, most of the internationally recognized research is either too general or too specific for direct application in the areas where safety management is still under development and there are not enough resources for complex reliability analyses. One of counterexamples is the paper of Bureika et al. [13] for Lithuanian railways.

Through the present paper, we aim to present a method for estimation and evaluation of risk on railway infrastructure, which could be used by middle-level staff of an infrastructure manager to rank and justify maintenance activities. In Sect. 2, we shortly present the understanding of risk which has been adopted in this paper. In Sect. 3, we present the results of our study and conclude them in Sect. 4.

2 Generalized Risk Model

There are numerous methods applied to assess risk, e.g. Failure Mode and Effect Analysis [14] and models used in occupational safety [15]. All of them can be formally described in a unified way with the use of a generalized risk model [16]. Let:

$$ Z = \left\{ {z_{1} ,z_{2} , \ldots ,z_{n} } \right\}, $$
(1)

be a finite set of hazards which have been identified in the analysis domain. For the decision-making in the risk management we need to introduce a risk metric in the form of value of an R function, given as follows:

$$ R:Z \to V \subset {\mathbf{R,}} $$
(2)

which assigns to each of the hazards from the set Z (Eq. (1)) a value from the subset V of the set of all the real numbers R. Each of the hazards will be assessed according to m criteria \( K_{i} \left( {i = 1,2, \ldots ,m} \right) \), whereas each criterion must refer to either the possibility or the consequences of hazard activation.

The result of the risk assessment of hazard \( z_{k} \left( {k = 1,2 \ldots ,n} \right) \) according to criterion \( K_{i} \left( {i = 1,2, \ldots , m} \right) \) is a risk component \( r_{i} \left( {i = 1,2, \ldots , m} \right) \) which reflects one or more of the hazard attributes from the set \( X_{i} \left( {i = 1,\,2, \ldots ,m} \right) \):

$$ \begin{array}{*{20}c} {r_{i} :X_{i} \to\Omega _{i} ;\,\,\,r_{i} \left( {z_{k} } \right) = \omega_{i, j} ; \,\,\,\omega_{i, j} \in\Omega _{i} ; } \\ {i = 1,2, \ldots ,m;\,\,\,j = 1,2, \ldots ,s_{i} ;\,\,\,k = 1,2, \ldots ,n,} \\ \end{array} $$
(3)

where \( X_{i} \left( {i = 1,2, \ldots , m} \right) \) are sets of hazard attributes (e.g. the history of hazard activation in the analysis domain; the possibility of hazard activation; the number of fatalities caused by hazard activation) and \( \Omega _{i} \left( {i = 1,2, \ldots , m} \right) \) are sets of \( s_{i} \) values (denoted as \( \omega_{i, j} \)), which can be used in the assessment according to the criterion i.

Apart from the values of risk components, in the risk estimation we can include the weight of each of the criteria \( K_{i } \left( {i = 1,2, \ldots ,m} \right) \). Let the set A be defined as:

$$ A = \left\{ {a_{1} ,a_{2} , \ldots , a_{m} } \right\}, $$
(4)

where \( a_{1} \) denotes the weight of the criteria \( K_{1} \) etc. Thus, the risk metrics can be calculated as:

$$ R\left( {z_{k} } \right) = f\left( {a_{i} ,r_{i} \left( {z_{k} } \right)} \right);\quad i = 1,2, \ldots ,m;\quad k = 1,2, \ldots ,n . $$
(5)

The function \( f \) can be given in form of an equation, but it is not obligatory; e.g. risk matrix can be used instead. The obtained value of the risk metrics is then evaluated, i.e. the risk is assigned into one of several categories, such as categories of acceptable, tolerable and unacceptable risk.

3 Results

In the paper, we show a proposal of a risk model designed for estimation and evaluation of risk, which could be performed by railway infrastructure maintenance staff to identify the most urgent needs for maintenance works. For this reason, we propose to split railway lines into segments, according to their accessibility by emergency services:

  • segments, where tracks are located at the same level as their surroundings,

  • segments, where the tracks are in cuttings or on embankments,

  • segments on bridges, viaducts etc.

Our proposal consists of five risk estimation criteria related to the possibility of hazard activation, as well as its anticipated consequences. The risk can be expressed as:

$$ R\left( {z_{k} } \right) = a_{1} \cdot r_{1} \cdot \sum\nolimits_{i = 2}^{5} {a_{i} \cdot r_{i} } , $$
(6)

where \( z_{k} \) denotes the k-th hazard z whose value of risk metrics R is being estimated; a i denotes the weight and r i denotes the value of the risk component according to the criterion \( i = 1,2, \ldots ,5 \). One of the criteria depends on the type of segment. The overview of the risk estimation is shown in Fig. 1.

Fig. 1.
figure 1

Overview of the risk estimation criteria C1…C5 proposed in the model.

Full size image

The criteria can be roughly divided into three groups, where risk is estimated in respect to: the operating conditions, the given segment of infrastructure and the hazard. Each of the criteria, as well as the way of evaluating the risk, will be presented in detail in the following subsections.

3.1 Risk Estimation in Respect to the Operating Conditions

The first criterion proposed in our model is the criterion C1 ‘risk magnifier’, which should reflect the operating conditions on the analysed railway line. The idea of ‘magnifying risk’ comes from [17] and the reason why it is proposed is our belief that the risk of hazards increases with the number of trains operating on the line. This is because a moving train is an inevitable risk factor in formulation of virtually all hazards in the domain. The more trains use the line, the more probable is the coincidence of risk factors which can lead to negative consequences. Additionally, the more trains, the more losses e.g. due to delays.

On the other hand, the influence of the operating conditions cannot be assessed too high, as it could lead to results which are clearly not true, such as intolerable risk for all hazards near main railway stations. Therefore, we propose to use the following formula:

$$ r_{1} = 1 + 0.1 \cdot \frac{TPD}{{TPD_{ \hbox{max} } }}, $$
(7)

where \( TPD \) denotes the number of trains per day on the segment under analysis and \( TPD_{ \hbox{max} } \) denotes the maximum number of trains per day in one segment in the network. Consequently, the criterion C1 ‘risk magnifier’ cannot change the overall risk metrics value by more than 10%.

3.2 Risk Estimation in Respect to the Segment

The second criterion, C2 ‘safety culture indicator’, is meant to describe the overall safety performance of the railway system in the respective Member State. We propose to use the tool which already exists in the EU legislation, i.e. the monitoring of Common Safety Targets (CST). The CST are divided into six groups:

  • risk for passengers,

  • risk for employees,

  • risk for level crossing users,

  • risk for others,

  • risk for unauthorized persons on railway premises,

  • risk for the whole society.

The most suitable for our needs is the last category, represented by CST No. 6. The observed safety performance (OSP) in respect to this CST is defined as follows [18]:

$$ {\text{OSP}} = \frac{\text{total number of FWSIs per year arising from significant accidents}}{\text{number of train - km per year}} $$
(8)

where FWSI means fatalities and weighted serious injuries. The observed safety performance in a Member State, in respect to each of the CST, is then compared with the national reference values. Detailed information on applicable definitions and methodology can be found in the Decision cited above.

The national reference value represents the highest tolerable value of the respective risk metric defined by the CSTs. It can decrease over time, as it should reflect the current level of safety in the Member State. Obviously, the values differ also between the Member States. Therefore, we propose to refer to the national reference value in the qualification scheme for the criterion C2, as shown in the Table 1.

Table 1. Qualification scheme for criterion C2 ‘safety culture indicator’ – observed safety performance (OSP) in respect to the national reference value (NRV) of the maximal tolerable risk to the whole society.
Full size table

For example, the current Polish national reference value for the CST No. 6 amounts to \( 1590 \cdot 10^{ - 9} \), whereas the last reported observed safety performance in 2015 amounted to \( 1050.421 \cdot 10^{ - 9} \) [19]. It means that, according to the scheme for criterium C2, the current level for Poland would be yellow.

The next two criteria are defined separately for each segment. First of them is devoted to the technical state of the infrastructure as was called by us ‘track degradation’ (C3). There are several parameters which can describe this state, such as track geometry values or wavelength of rail surface defects [20]. We decided to base the qualification scheme on the track degradation indicator used on Polish railways [21]:

$$ G = \frac{{G_{r} + G_{s} + G_{b} }}{3} $$
(9)

where G r , G s and G b denote degradation indicators of rails, sleepers and ballast accordingly, and are defined in the infrastructure manager instruction cited above. The instruction also prescribes the way of interpreting the value of G, i.e. regular maintenance works for \( G < 0.6 \), planning of track renovation for \( G > 0.8 \) and detailed analysis of further steps for the values in-between. This was used in the qualification scheme shown in Table 2.

Table 2. Qualification scheme for criterion C3 ‘track degradation’.
Full size table

The criterion C4 ‘accessibility for emergency services’ depends on the type of segment and should represent the most crucial characteristics in respect to the time which will be necessary to bring help in case of a hazard activation. We assumed that for the segments where track is built on the same level as its surroundings (type Plain), the key role is played by the distance from the nearest emergency services. As this data can be difficult to acquire, we propose to assess this criterion by choosing the type of area where the segment is located, as shown in Table 3.

Table 3. Qualification scheme for criterion C4 ‘accessibility for emergency services’.
Full size table

The distance from the nearest emergency services is obviously important for the other types of segments as well. However, in our opinion, their other characteristics prevail. Therefore, for Embankment/Cutting type of segment we decided to use the height of the structure as the decisive factor for the accessibility. The limit values are based on the Polish regulation [22]. For the Bridge type of segment, the decisive parameter will be the length of the bridge or viaduct. The limit values represent the maximum permitted length of train (750 m) and the maximum length of passenger trains (400 m) and should be adjusted to the situation in the analysis domain.

There are other types of segments which could possibly be distinguished. One of the examples is the type Level crossing; some ideas for their description can be found in [23]. It can also be justified to introduce special segments e.g. for places where wild animals often cross railway lines or in the area of possible mining losses.

3.3 Risk Estimation in Respect to a Hazard

The last proposed criterion C5 ‘consequences of hazard activation’ is the only one which depends on the hazard itself and should be used to assess the risk without considering any particular spot on the railway network. Of course, in reality, the consequences may be considerably influenced by factors related to the specific place. Therefore, to make the assessment more transparent and straightforward, we propose to use only three easily distinguishable values, as shown in Table 4.

Table 4. Qualification scheme for criterion C5 ‘consequences of hazard activation’.
Full size table

In the proposed qualification scheme (Table 4) we used the definitions provided by the Railway Safety Directive [3], as they are already well-established on the European railways.

3.4 Overall Risk Estimation

In the Sects. 3.1, 3.2 and 3.3, we have presented a set of five criteria used in the overall risk estimation of a particular hazard. The criteria can be classified into two groups, which are derived from the basic concept of risk:

  1. 1.

    Criteria describing the possibility of hazard activation: C1 ‘risk magnifier’, C2 ‘safety culture indicator’ and C3 ‘track degradation’

  2. 2.

    Criteria describing the consequences of hazard activation: C1 ‘risk magnifier’, C4 ‘accessibility for emergency services’ and C5 ‘consequences of hazard activation’.

The criterion C1 ‘risk magnifier’ can be classified to both groups due to its dual nature. From one side, it describes the possibility of hazard activation – the more often a train comes, the more probable is an event with the train. On the other hand, with greater number of trains the consequences increase, e.g. due to delays and diversions.

The difference between the criterion C1 and the following criteria C2…C5 is reflected also in the set of permissible values. For the criterion C1 ‘risk magnifier’, defined by Eq. (7), it can be stated that:

$$ \Omega _{1} = \left\{ {1 + 0.1 \cdot \frac{1}{{TPD_{ \hbox{max} } }},1 + 0.1 \cdot \frac{2}{{TPD_{ \hbox{max} } }}, \ldots ,1 + 0.1 \cdot \frac{{TPD_{ \hbox{max} } }}{{TPD_{ \hbox{max} } }}} \right\}, $$
(10)

where \( TPD_{ \hbox{max} } \) is the maximum number of trains per day in one segment of the network. For the other criteria, the sets \( \Omega _{i} \) are equal:

$$ \Omega _{i} = \left\{ {1,3,5} \right\},\,\,\,i = 2,..,5. $$
(11)

It is generally approved that the criteria related to the consequences should contribute up to 2 times more to the overall value of risk. Therefore, the following set of weights A is proposed:

$$ A = \left\{ {1,1,2,3,3} \right\}. $$
(12)

With the assumptions given in Tables 1, 2, 3 and 4 and Eqs. (7)–(12), the overall risk can be estimated with the formula given in Eq. (6).

3.5 Risk Evaluation

Let us assume that the risk component according to the criterion C1 equals 1. Then the solution space of Eq. (6) ranges from 9 for all the criteria assessed as ‘green’ up to 45 in case of all criteria assessed as ‘red’. We propose to divide this solution space into three equal parts and use them as limit values for risk categories, as shown in Table 5.

Table 5. Risk evaluation scheme.
Full size table

The proposed risk evaluation scheme (Table 5) deliberately takes no consideration of the criterion C1 to achieve the effect of ‘magnifying’ the overall risk. Depending on the resulting risk category, further actions must be planned. Especially if the risk is evaluated as unacceptable, risk reduction measures (i.e. maintenance activities) must be implemented.

4 Conclusions

The risk model presented in the paper allows to perform the assessment and evaluation of risk related to the railway infrastructure. It is meant to be used by the middle-level staff which is responsible for prioritization of maintenance activities with respect to the available financial means. The criteria proposed by us may be adjusted to better suit the local conditions.

The main purpose of the risk model application is to rank the needs in the infrastructure maintenance and therefore to use the money in a more effective way, i.e. to minimize the risk to the greatest extent possible. However, also the purpose of justification of decisions should not be omitted. As Hokstad and Steiro noticed in their paper [24], in an open and democratic society it is valuable to have a foundation for decisions which can be tested and re-examined if necessary.