Abstract
A method for apportioning of Tolerable Hazard Rates (THR) on railway signalling equipment through a defined set of related safety critical functions is presented, For this approach to be effective, a number of steps have to be taken, involving political, economical as well as technical considerations: How many casualties pr. year (TLL - Tolerable Loss of Life) due to railway operations shall be accepted by the society? How many of these casualties shall be allowed attributed to the signalling systems? How can this signalling quota be apportioned onto a set of safety critical functions? How can the safety requirements of these functions be further apportioned onto the physical equipment realizing the functions, eventually making it possible to specify and validate the actual equipment being installed: What is the expected Hazard Rate (HR) of the defined safety critical functions and what are the consequences if they fail, i.e. if a hazard occurs? The underlying study of this paper has been carried out as part of a contract with the Norwegian railway authority Jernbaneverket.