FprEN 50129:2026

SLOVENSKI STANDARD
01-januar-2025
Železniške naprave - Komunikacijski, signalni in procesni sistemi - Signalno-
varnostni elektronski sistemi
Railway Application - Communication, signalling and processing system - Safety related
electronic systems for signalling
Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und
Datenverarbeitungssysteme - Sicherheitsrelevante elektronische Systeme für
Signaltechnik
Applications ferroviaires - Systèmes de signalisation, de télécommunication et de
traitement - Systèmes électroniques de sécurité pour la signalisation
Ta slovenski standard je istoveten z: prEN 50129:2024
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
45.020 Železniška tehnika na Railway engineering in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD DRAFT
prEN 50129
NORME EUROPÉENNE
EUROPÄISCHE NORM
November 2024
ICS  Will supersede EN 50129:2018; EN
50129:2018/AC:2019-04
English Version
Railway Application - Communication, signalling and processing
system - Safety related electronic systems for signalling
Applications ferroviaires - Systèmes de signalisation, de Bahnanwendungen - Telekommunikationstechnik,
télécommunication et de traitement - Systèmes Signaltechnik und Datenverarbeitungssysteme -
électroniques de sécurité pour la signalisation Sicherheitsrelevante elektronische Systeme für
Signaltechnik
This draft European Standard is submitted to CENELEC members for enquiry.
Deadline for CENELEC: 2025-02-07.

It has been drawn up by CLC/SC 9XA.

If this draft becomes a European Standard, CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CENELEC in three official versions (English, French, German).
A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to
the CEN-CENELEC Management Centre has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Project: 77513 Ref. No. prEN 50129:2024 E

prEN 50129:2024 (E)
Contents Page
European foreword . 5
Introduction . 6
1 Scope . 7
2 Normative references . 8
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 19
4 Overall framework of this document . 20
5 Requirements for developing safety-related electronic systems . 21
5.1 General . 21
5.2 The quality management process . 22
5.3 The safety management process . 25
5.3.1 General . 25
5.3.2 Guideline for structuring documentation . 25
5.3.3 Safety life cycle . 26
5.3.4 Safety organization . 27
5.3.5 Safety plan . 28
5.3.6 Hazard log. 29
5.3.7 Safety requirements specification . 29
5.3.8 System design for safety . 29
5.3.9 Safety operation and maintenance plan . 30
5.3.10 Safety verification . 30
5.3.11 Safety validation . 31
5.3.12 Safety qualification tests . 32
5.3.13 Management of safety-related application conditions . 33
5.3.14 Safety justification . 35
5.3.15 Independent safety assessment . 35
6 Requirements for elements following different life cycles . 36
6.1 General . 36
6.2 Use of pre-existing items . 36
6.2.1 General . 36
6.2.2 Requirements for use of complete pre-existing systems . 37
6.2.3 Requirements for use of pre-existing equipment . 37
6.3 Safety-related tools for electronic systems . 38
6.4 Physical security and cybersecurity . 40
7 The safety case: structure and content . 41
7.1 The safety case structure . 41
7.2 The technical safety report . 43
7.3 Generic and specific safety cases . 52
7.4 Provisions for the specific application safety case . 53
7.5 Dependencies between safety cases . 54
8 System safety acceptance and subsequent phases . 54
8.1 System safety acceptance process . 54
8.2 Operation, maintenance and performance monitoring . 58
8.3 Modification and retrofit . 58
8.4 Decommissioning and disposal . 58
Annex A (normative) Safety integrity levels . 59
prEN 50129:2024 (E)
A.1 General . 59
A.2 Safety requirements . 59
A.3 Safety integrity . 60
A.4 Determination of safety integrity requirements . 61
A.4.1 General . 61
A.4.2 Risk assessment . 62
A.4.3 Hazard control . 64
A.4.4 Identification and treatment of new hazards arising from design . 70
A.5 Allocation of SILs . 70
A.5.1 General aspects . 70
A.5.2 Relationship between SIL and associated TFFR . 71
Annex B (normative) Management of faults for safety-related functions . 73
B.1 General . 73
B.2 General concepts . 74
B.2.1 Detection and negation times . 74
B.2.2 Composition of two independent items . 75
B.3 Effects of faults . 76
B.3.1 Effects of single faults . 76
B.3.2 Independence of items. 78
B.3.3 Detection of single faults . 83
B.3.4 Action following detection (retention of safe state) . 86
B.3.5 Effects of multiple faults . 87
B.3.6 Defence against systematic faults . 91
Annex C (normative) Identification of hardware component failure modes . 92
C.1 General . 92
C.2 General procedure . 92
C.3 Procedure for integrated circuits . 92
C.4 Procedure for components with inherent physical properties . 93
C.5 General provisions concerning component failure modes . 93
Annex D (informative) Example of THR/TFFR/FR apportionment and SIL allocation . 111
Annex E (normative) Techniques and measures for the avoidance of systematic faults and the
control of random and systematic faults . 113
E.1 General . 113
E.2 Tables of techniques and measures . 115
Annex F (informative) Guidance on User Programmable Integrated Circuits . 122
F.1 General . 122
F.1.1 Purpose . 122
F.1.2 Terminology and context . 122
F.2 UPIC life cycle . 123
F.2.1 General . 123
prEN 50129:2024 (E)
F.2.2 Organization, roles, responsibilities and personnel competencies . 125
F.2.3 UPIC Requirements . 125
F.2.4 UPIC Architecture and Design. 126
F.2.5 Logic Component Design . 127
F.2.6 Logic Component Coding . 127
F.2.7 Logic Component Verification. 127
F.2.8 UPIC Physical Implementation . 127
F.2.9 UPIC Integration . 127
F.2.10 UPIC Validation . 127
F.2.11 Requirements for use of pre-existing logic components . 127
F.3 Detailed technical requirements for UPIC . 127
F.3.1 Guidance on safety architecture . 127
F.3.2 Protection against random faults – architectural principles . 128
F.3.3 Protection against systematic faults – techniques and measures . 128
Annex G (informative) Changes in this document compared to EN 50129:2018 . 137
Bibliography . 139

prEN 50129:2024 (E)
European foreword
This document (prEN 50129:2024) has been prepared by CLC/SC 9XA “Communication, signalling and
processing systems” of CLC/TC 9X “Electrical and electronic applications for railways”.
This document is currently submitted to the Enquiry.
The following dates are proposed:
• latest date by which the existence of this (doa) dor + 6 months
document has to be announced at national
level
• latest date by which this document has to be (dop) dor + 12 months
implemented at national level by publication of
an identical national standard or by
endorsement
• latest date by which the national standards (dow) dor + 36 months
conflicting with this document have to be (to be confirmed or
withdrawn modified when voting)

This document will supersede EN 50129:2018 and all of its amendments and corrigenda (if any).
prEN 50129:2024 includes the following significant technical changes with respect to EN 50129:2018.
— A better alignment with the rules given in the CEN-CENELEC Internal Regulation Part 3 has been made;
— requirements and guidance have been added on the following topics:
o reuse of pre-existing systems,
o safety-related tools,
o relationship between cybersecurity and safety,
o safety qualification tests,
o basic integrity,
o insulation coordination.
A more detailed comparison of changes between EN 50129:2018 and this document can be found in
Annex G.
prEN 50129:2024 (E)
Introduction
This document defines requirements for the development and acceptance of safety-related electronic systems
in the railway signalling field.
Safety-related electronic systems for signalling include hardware and software aspects. To develop complete
safety-related systems, both aspects need to be taken into account throughout the whole life cycle of the
system. The requirements for the overall safety-related electronic system and for its hardware aspects are
defined in this document. Other requirements are defined in associated CENELEC standards. For safety-
related systems which include software, additional conditions are defined in EN 50716:2023.
Additional requirements for safety-related communication are defined in EN 50159:2010.
This document does not specify the cybersecurity requirements for the development, implementation,
maintenance and operation of security policies, services, or systems where needed, since cyberattacks can
affect also the functional safety of a system. For cybersecurity, appropriate standards apply.
NOTE ISO/IEC and CEN/CENELEC publications that address cybersecurity in depth are EN ISO/IEC 27000 and
ISO/IEC TR 19791. In the field of industrial automation and control systems, the EN IEC 62443 series have been defined.
CLC/TS 50701:2023 addresses cybersecurity for the railway domain and was derived from the EN IEC 62443 series.
The aim of European railway duty holders and of European railway industry is to develop compatible railway
systems based on common standards. Therefore cross-acceptance of safety approvals for systems,
subsystems or equipment by the different national railway duty holders is necessary. This document is the
common European base for safety acceptance of electronic systems for railway signalling applications.
Cross-acceptance is aimed at the acceptance of generic products or generic applications that can be used for
a number of different specific applications, and not at the acceptance of any single specific application. Public
procurement within the European Community concerning safety-related electronic systems for railway
signalling applications will refer to this document.
This document is concerned with the evidence to be presented for the acceptance of safety-related systems.
However, it specifies not only those life cycle activities which need to be completed before the acceptance
stage, but also the additional planned activities to be carried out afterwards. In this way, safety justification will
cover the whole life cycle.
This document is concerned with what evidence is to be presented. Except where considered appropriate, it
does not specify who carries out the necessary work. The necessary work can be carried out by different
people, in different circumstances or organisational structures, provided that independence of roles is
respected.
This document consists of Clauses 1 to 8, which form the main part, and Annexes A, B, C, D, E, F and G. The
requirements defined in Clause 5 to Clause 8 and in Annexes A, B, C and E are normative, whilst Annexes D,
F and G are informative.
This document is in line with, and contains references to:
— EN 50126-1:2017, Railway Applications — The Specification and Demonstration of Reliability,
Availability, Maintainability and Safety (RAMS) — Part 1: Generic RAMS Process,
— EN 50126-2:2017, Railway Applications — The Specification and Demonstration of Reliability,
Availability, Maintainability and Safety (RAMS) — Part 2: Systems Approach to Safety.
This document is based on the system life cycle described in EN 50126-1, EN 50126-2 and is in line with the
EN 61508 series. EN 50126-1 / EN 50126-2 / EN 50716 / EN 50129 comprise the railway sector equivalent of
the EN 61508 series so far as Railway Communication, Signalling and Processing Systems are concerned.
Given that compliance with these documents has been demonstrated, there are no requirements in this
document for further evaluation of compliance with the EN 61508 series.
prEN 50129:2024 (E)
1 Scope
This document is applicable to safety-related electronic systems (including subsystems and equipment) for
railway signalling applications.
This document applies to generic systems (i.e. generic products or systems defining a class of applications),
as well as to systems for specific applications.
The scope of this document, and its relationship with other CENELEC standards, are shown in Figure 1.
This document is applicable only to the functional safety of systems. It does not deal with other aspects of
safety such as the occupational health and safety of personnel. While functional safety of systems clearly can
have an impact on the safety of personnel, there are other aspects of system design which can also affect
occupational health and safety and which are not covered by this document. Cybersecurity aspects of
functional safety are addressed only to the extent consistent with the application of the relevant standards,
where needed.
This document applies to all the phases of the life cycle of a safety-related electronic system, focusing in
particular on phases 5 (architecture and apportionment of system requirements) to 10 (system acceptance) as
defined in EN 50126-1:2017.
Requirements for systems which are not related to safety are outside the scope of this document.
This document is not necessarily applicable to systems, subsystems or equipment which had already been
accepted prior to the date of withdrawal (dow) of this document. However, so far as reasonably practicable, it
is applicable to modifications and extensions to such systems, subsystems and equipment.
This document is primarily applicable to systems, subsystems or equipment which have been specifically
designed and manufactured for railway signalling applications. It is also applicable, to the extent of 6.2, to
general-purpose or industrial equipment (e.g. power supplies, display screens, or other commercial off the
shelf items), which is procured for use as part of a safety-related electronic system.
This document is aimed at railway duty holders, railway suppliers, and assessors as well as at safety
authorities, although it does not define an approval process to be applied by the safety authorities.

Figure 1 — Scope of the main CENELEC railway application standards
prEN 50129:2024 (E)
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
EN IEC 60664-1:2020, Insulation coordination for equipment within low-voltage supply systems — Part 1:
Principles, requirements and tests (IEC 60664-1:2020)
EN 50124-1:2017, Railway applications - Insulation coordination - Part 1: Basic requirements - Clearances
and creepage distances for all electrical and electronic equipment
EN 50125-1:2014, Railway applications - Environmental conditions for equipment - Part 1: Rolling stock and
on-board equipment
EN 50125-3:2003, Railway applications - Environmental conditions for equipment - Part 3: Equipment for
signalling and telecommunications
EN 50126-1:2017, Railway Applications - The Specification and Demonstration of Reliability, Availability,
Maintainability and Safety (RAMS) - Part 1: Generic RAMS Process
EN 50126-2:2017, Railway Applications - The Specification and Demonstration of Reliability, Availability,
Maintainability and Safety (RAMS) - Part 2: Systems Approach to Safety
EN 50159:2010, Railway applications - Communication, signalling and processing systems - Safety-related
communication in transmission systems
EN 50716:2023, Railway Applications - Requirements for software development
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
3.1.1
accident
unintended event or series of events that results in harm
[SOURCE: IEC 60050-821:2017, 821-12-02, modified – “that results in death, injury, loss of a system or
service, or environmental damage” has been replaced with “that results in harm”]
3.1.2
basic insulation
insulation that provides basic protection
Note 1 to entry: This concept does not apply to insulation used exclusively for functional purposes.
[SOURCE: IEC 60050-195:2021, 195-06-06]
prEN 50129:2024 (E)
3.1.3
basic integrity
integrity attribute for a safety-related function with a tolerable functional failure rate equal to, or higher than
−5 −1
(less demanding), 10 h ; or for a non-safety-related function
Note 1 to entry: In this document basic integrity requirements relate only to safety-related functions. If a non-safety-
related function has been given basic integrity requirements on the basis of the process described in EN 50126-2:2017, no
additional requirements are defined in this document.
[SOURCE: EN 50126-1:2017, 3.7, modified – “equal to, or” has been added; Note 1 to entry has been added.]
3.1.4
causal analysis
analysis of the reasons how and why a particular hazard can come into existence
[SOURCE: IEC 60050-821:2017, 821-12-07]
3.1.5
common cause failures, pl
failures of multiple items, which would otherwise be considered independent of one another, resulting from a
single cause
[SOURCE: IEC 60050-192:2015, 192-03-18, modified – Notes 1 and 2 to entry have been deleted.]
3.1.6
configuration
structuring and interconnection of the hardware and software of a system for its intended application
[SOURCE: IEC 60050-821:2017, 821-12-12]
3.1.7
consequence analysis
analysis of events which are likely to happen after a hazard has occurred
[SOURCE: IEC 60050-821:2017, 821-12-14]
3.1.8
cross-acceptance
status achieved by a product that has been accepted by one authority to the relevant standards and is
acceptable to other authorities without the necessity for further assessment
[SOURCE: IEC 60050-821:2017, 821-12-15]
3.1.9
cybersecurity,
set of activities and measures taken with the objective to prevent, detect, and react to unauthorized access or
cyberattack which could lead to an accident, an unsafe situation, or railway application performance
degradation
Note 1 to entry: It is recognized that the term “cybersecurity” has a broader meaning in other standards and guidance,
often including non-malevolent threats, human errors, and protection against natural disasters. Those aspects, except
human errors degrading security controls, are not included in this document.
[SOURCE: CLC/TS 50701:2023, 3.1.32]
prEN 50129:2024 (E)
3.1.10
DC fault model
fault category that includes the following failure modes: stuck-at faults, stuck-open, open or high impedance
outputs and short circuit between signal lines, and for integrated circuits short circuit between any two
connections (pins)
3.1.11
design
activity applied in order to analyse and transform specified requirements into acceptable solutions
[SOURCE: IEC 60050-821:2017, 821-12-16, modified – The end of the definition “design solutions which have
the required safety integrity level” has been replaced with “solutions”.]
3.1.12
diversity
existence of two or more different ways or means of achieving a specified objective
Note 1 to entry: Diversity is specifically provided as a defence against common cause failures. It can be achieved by
providing systems that are physically different from each other or by functional diversity, where similar systems achieve
the specified objective in different ways.
[SOURCE: IEC 60050-395:2014, 395-07-115, modified – The supplementary information has been moved to
a new Note 1 to entry, which replaces the original Note 1 to entry.]
3.1.13
double insulation
insulation comprising both basic insulation and supplementary insulation
Note 1 to entry: In double insulation, each layer shall be able to be tested or analysed separately. In particular:
— the clearance distance shall be the basic distance. In addition, also the supplementary solid layer shall be
dimensioned taking into account the same rated impulse voltage (UNi).
— the creepage distance shall be the sum of basic and supplementary distances. The basic distance shall be
evaluated against the rated insulation voltage (UNm). In addition, also the supplementary distance shall be evaluated
against the same UNm . The UNm shall not be apportioned.
Note 2 to entry: With respect to Note 1 to entry, for definition of rated insulation voltage and rated impulse voltage, see
EN 50124-1:2017. Similar definitions can also be found in EN 60664-1:2020.
[SOURCE: IEC 60050-195:2021, 195-06-08 modified – Notes to entry 1 and 2 have been added.]
3.1.14
electronic component
hardware component
electronic device that cannot be taken apart without destruction or impairment of its intended use
EXAMPLE: Resistors, capacitors, diodes, integrated circuits, hybrids, application specific integrated circuits, wound
components and relays.
[SOURCE: IEC 60050-904:2014, 904-01-09, modified –The preferred terms “electronic part” and “piece part”
have been deleted and a new preferred term “hardware component”” has been added.]
prEN 50129:2024 (E)
3.1.15
equipment
single apparatus or set of devices or apparatuses, or the set of main devices of an installation, or all devices
necessary to perform a specific task
Note 1 to entry: Examples of equipment are a power transformer, the equipment of a substation, measuring equipment.
[SOURCE: IEC 60050-151:2001, 151-11-25]
3.1.16
error
discrepancy between a computed, observed or measured value or condition and the true, specified or
theoretically correct value or condition
Note 1 to entry: An error can be caused by a faulty item, e.g. a computing error made by faulty computer equipment.
Note 2 to entry: A human error can be seen as a human action or inaction that can produce an unintended result.
[SOURCE: IEC 60050-192:2015, 192-03-02, modified – Notes 1 and 2 to entry have been modified.]
3.1.17
fail-safe
able to enter or remain in a safe state in the event of a failure
[SOURCE: IEC 60050-821:2017, 821-01-10]
3.1.18
failure,
loss of ability to perform as required
Note 1 to entry: Qualifiers, such as catastrophic, critical, major, minor, marginal and insignificant, may be used to
categorize failures according to the severity of consequences, the choice and definitions of severity criteria depending
upon the field of application.
Note 2 to entry: Qualifiers, such as misuse, mishandling and weakness, may be used to categorize failures according to
the cause of failure.
Note 3 to entry: “Failure” is an event, as distinguished from “fault”, which is a state.
[SOURCE: IEC 60050-821:2017, 821-11-19, modified – Note 3 to entry has been added.]
3.1.19
failure rate
limit of the ratio of the conditional probability that the instant of time, T, of a failure of a product falls within a
given time interval (t, t + Δt) and the duration of this interval, Δt, when Δt tends towards zero, given that the
item is in an up state at the start of the time interval
Note 1 to entry: For applications where distance travelled or number of cycles of operation is more relevant than time,
the unit of time can be replaced by the unit of distance or cycles, as appropriate.
Note 2 to entry: The term “failure rate” is often used in the sense of “mean failure rate” defined in IEV 192-05-07.
[SOURCE: IEC 60050-821:2017, 821-12-21]
prEN 50129:2024 (E)
3.1.20
fault,
abnormal condition that could lead to an error in a system
Note 1 to entry: A fault can be random or systematic.
[SOURCE: IEC 60050-821:2017, 821-11-20]
3.1.21
fault detection time
time interval between failure and detection of the resulting fault
[SOURCE: IEC 60050-192:2015, 192-07-11, modified – The deprecated term “undetected fault time” as well
as Figures 1 and 2 have been deleted.]
3.1.22
function,
specified action or activity which can be performed by technical means or human beings and has a defined
output in response to a defined input
Note 1 to entry: A function can be specified or described without reference to the physical means of achieving it.
3.1.23
functional safety
part of the overall safety that depends on functional and physical units operating correctly in response to their
inputs
[SOURCE: IEC 60050-351:2013, 351-57-06, modified – Note 1 to entry has been deleted.]
3.1.24
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.1.25
hazard,
condition that can lead to an accident
Note 1 to entry: The equivalent definition in IEC 60050-903:2013, 903-01-02 refers to “harm” instead of “accident.
3.1.26
hazard analysis
process of identifying hazards and analysing their causes, and the derivation of requirements to limit the
likelihood and consequences of hazards to a tolerable level
[SOURCE: IEC 60050-821:2017, 821-11-23]
3.1.27
hazard log
document in which hazards identified, decisions made, solutions adopted, and their implementation status are
recorded or referenced
[SOURCE: IEC 60050-821:2017, 821-12-27]
prEN 50129:2024 (E)
3.1.28
implementation
activity applied in order to transform the specified designs into their realization
[SOURCE: IEC 60050-821:2017, 821-12-29, modified – “physical realization” changed to “realization”.]
3.1.29
independence of roles
freedom from involvement in the same intellectual, commercial or management entity
3.1.30
independent safety assessment
process to determine whether a system or product meets the specified safety requirements and to form a
judgement as to whether the product is fit for its intended purpose in relation to safety
[SOURCE: EN 50126-1:2017, 3.33, modified – “the system/product” has been changed to “a system or
product”. Note 1 to entry has been deleted.]
3.1.31
maintenance
combination of all technical and management actions intended to retain an item in, or restore it to, a state in
which it can perform as required
Note 1 to entry: Management is assumed to include supervision activities.
[SOURCE: IEC 60050-192:2015, 192-06-01]
3.1.32
negation
enforcement of a safe state following detection of a hazardous fault
[SOURCE: IEC 60050-821:2017, 821-12-38]
3.1.33
negation time
time interval which begins when the existence of a fault is detected and ends when a safe state is enforced
[SOURCE: IEC 60050-821:2017, 821-12-39]
3.1.34
pre-existing item
item that already exists and that was not developed specifically for the current project
3.1.35
product,
collection of elements, interconnected to form a system, a subsystem or an equipment, in a manner which
meets the specified requirements
[SOURCE: IEC 60050-821:2017, 821-12-40, modified — The specific use “in signalling” has been made more
general with “in railway”.]
prEN 50129:2024 (E)
3.1.36
railway duty holder
body with the overall accountability for operating a railway system within the legal framework
Note 1 to entry: Railway duty holder accountabilities for the overall system or its parts and life cycle activities are
sometimes split between one or more bodies or entities. For example:
— the owner(s) of one or more parts of the system assets and their purchasing agents;
— the operator of the system;
— the maintainer(s) of one or more parts of the system.
Note 2 to entry: Typically the railway duty holders are railway undertakings and the infrastructure managers.
Such splits are based on either statutory instruments or contractual agreements. Such responsibilities are defined at the
earliest stages of a system life cycle.
[SOURCE: EN 50126-1:2017, 3.48]
3.1.37
random failure integrity
degree to which a system is free from hazardous random faults
Note 1 to entry: This definition can be read as “integrity from failures due to random faults”.
[SOURCE: IEC 60050-821:2017, 821-12-45, modified – Note 1 to entry has been added.]
3.1.38
random fault
unpredictable occurrence of a fault
[SOURCE: IEC 60050-821:2017, 821-12-46]
3.1.39
redundancy,
provision of more than one means for performing a function
[SOURCE: IEC 60050-192: 2015, 192-10-02, modified – Note 1 to entry has been deleted.]
3.1.40
reinforced insulation
insulation that provides a degree of protection against electric shock equivalent to double insulation
Note 1 to entry: Reinforced insulation can comprise several layers which cannot be tested singly as basic insulation or
supplementary insulation.
[SOURCE: IEC 60050-195:2021, 195-06-09]
prEN 50129:2024 (E)
3.1.41
reliability,
ability to perform as required, without failure, for a given time interval, under given conditions
Note 1 to entry: The time interval duration can be expressed in units appropriate to the item concerned, e.g. calendar
time, operating cycles, distance run etc., and the units should always be clearly stated.
Note 2 to entry: Given conditions include aspects that affect reliability, such as: mode of operation, stress levels,
environmental conditions, and maintenance.
Note 3 to entry: Reliability can be quantified using measures defined in IEC 60050-192:2015, Section 192-05, Reliability
related concepts: measures.
[SOURCE: IEC 60050-192:2015, 192-01-24]
3.1.42
repair
direct action taken to effect restoration
Note 1 to entry: Repair includes fault localization (IEV 192-06-19), fault diagnosis (IEV 192-06-20), fault correction
(IEV 192-06-21), and function checkout (IEV 192-06-22).
[SOURCE: IEC 60050-192:2015, 192-06-14]
3.1.43
risk,
combination of the frequency of occurrence of harm and the severity of that harm
[SOURCE: IEC 60050-351:2013, 351-57-03, modified — “probability” has been replaced with “frequency”.]
3.1.44
safe state
condition which continues to preserve safety
[SOURCE: IEC 60050-821:2017, 821-12-49]
3.1.45
safety
freedom from unacceptable risk
[SOURCE: IEC 60050-903:2013, 903-01-19]
3.1.46
safety acceptance
safety status given to a product by the final user
[SOURCE: IEC 60050-821:2017, 821-12-50]
3.1.47
safety approval
safety status given to a product by the requisite authority when the product has fulfilled a set of pre-
determined conditions
[SOURCE: IEC 60050-821:2017, 821-12-51]
prEN 50129:2024 (E)
3.1.48
safety authority
body responsible for delivering the authorization for the operation of the safety-related system
[SOURCE: IEC 60050-821:2017, 821-12-52]
3.1.49
safety case
documented demonstration that the product (e.g. a system, subsystem or equipment) complies with the
specified safety requirements
[SOURCE: IEC 60050-821:2017, 821-12-53]
3.1.50
safety function
function whose sole purpose is to ensure safety
Note 1 to entry: All safety functions are safety-related functions, but not vice versa.
Note 2 to entry: A safety function may contribute to one or more safety barriers. However, a safety barrier is not
necessarily implemented by a safety function.
[SOURCE: EN 50126−1:2017, 3.68]
3.1.51
safety integrity
ability of a
...