Re: SAW/ASW - was Re: Computer Question - DTC

[mauried@commslab.gov.au (Maurie Daly)]

In article <zdY44.81$iZ6.3847@nsw.nnrp.telstra.net> "Notagunzel" <notagunzel@bigfoot.com> writes:
>From: "Notagunzel" <notagunzel@bigfoot.com>
>Subject: Re: SAW/ASW - was Re: Computer Question - DTC
>Date: Mon, 13 Dec 1999 12:46:48 +1100

>Maurie Daly <mauried@commslab.gov.au> wrote in message
>mauried.493.385418F0@commslab.gov.au">news:mauried.493.385418F0@commslab.gov.au...

>> As far as cancelling ASW goes in the interim is not bizzarre at all.
>> In this accident ,the safeworking system (ASW) was directly involved in
>> failing to prevent it .
>> Until an inquiry is held and ASW is cleared of any failure,continuing to
>use
>> it is effectively pre-empting the outcome of any inquiry, ie the operators
>of
>> the safeworking system are effectively saying that theres nothing wrong
>with
>> it. (Ie its safe).

>If there is an Aeroplane crash, is Air Traffic Control shut down until the
>enquiry clears it?

Obviously not , as there are no alternative systems that can be used.

In the case of Rail Safeworking systems though there are and whilst 
some may be old , they are at least well tried and proven.
One can hardly say this about ASW though.
Had just about any alternative safe working system other than ASW or TO been 
in place,even TS & T , this accident would not have happened.

>> This type of attitude was also sadly in evidence with the Glenbrook
>> accident with the CEO of SRA indicating on the day of the accident that
>the
>> safeworking system had performed perfectly.

>The CEO was clealy wrong.  If the "safeworking system had performed
>perfectly" the prang wouldn't have happened.  But, the *Signalling* System
>so far looks like being almost free from blame.  (The lack of Train Stop
>bearing very little in the accident).

We must here not confuse signalling systems with safeworking systems.
A signalling system is a part of a safeworking system, in that the 
safeworking comprises visual signals with the addition of a ruleset which 
determines what to do when one meets various signalling aspects.
The whole thing is a safeworking system.
If the ruleset is deficient , then the safeworking system is deficient.
I agree that train stops would have had little bearing on the outcome.


>> With more modern ? safeworking systems like ATC and CTC , we have pilot
>staffs
>> when the safeworking system fails or is cancelled.

>Only in NSW, in Victoria if the Departure Signal fails you get a (correct me
>if I'm wrong) a ATC System Caution Order or CTC System Caution Order, which
>authorises you to pass the Signal at Stop, and IIRC has to be cancelled when
>clear of the section.

What happens when the complete safeworking system fails, eg a major comm 
link failure or  total power failure which puts all the homes to red, and 
wipes out the Radio Base Stations so that no proceed orders can be issued.?
Pilot staffs or manned stations are then the only option.

My concern with these recent accidents is that the inquiries are likely to be 
somewhat muzzled in their findings , in that it will not be acceptable to come 
down with a finding that the accident was in part caused by deficient 
safeworking.
This is exactly what happened with the Zanthus accident.
The following excerpt came from the report on the Zanthus accident.


2.4.2 Risk Management
The Australian and New Zealand standard on Risk Management
acknowledges that the management of risk is an integral part of the
management process. Risks can derive from sources such as natural
events, technological issues and human behaviour.
In October 1997 a risk analysis of safeworking systems was prepared
for Track Access, South Australia. In considering the Train Order
Working system in use on the South Australian portion of the Trans
Australia Railway, the report concluded that; “The primary risk factor
is the almost total reliance on the integrity of the staff using the same
(ie) the human factor …… It is the professional opinion that Train
Order Working as and where employed by Australian National has not
been considered in terms of the human element and the potential for
human error.” That report recommended that the current system be
replaced with a new system designed with human fallibility in mind.

ie for Train Order working to be a successful safeworking system we require 
total reliance on no human error , hardly a reasonable assumption.


If by some mechanism we can blame all rail accidents using "human error" as the
reason , then there is no requirement to do anything about improving 
safeworking to mitigate against human error.
Indeed safeworking will continue to be watered down using cost as an excuse
and accidents will become more frequent,as drivers are asked to work 
longer and longer hours and assume more responsibility.

MD