In April 2006, the Joint Venture composed of AEGEK - IMPREGILO - Ansaldo T.S.F. - SELI - ANSALDOBREDA won the contract to build the Thessaloniki metro (Greece), whose construction began in June 2006.


The Thessaloniki metro integrates the latest technologies with the most demanding standards related to quality and function, making  this subway system one of the most modern in Europe; It  includes 13 stations, a line of 9.5 Km, made with two independent single-track tunnel, and a depot of about 50,000 square meters.

The trains will be "ultra-automatic", ie with a fully automatic driveless guidance system

TÜV Rheinland Italy and Atos-Origin, within the ambit of the design and construction of the Thessaloniki Metro, ordered to HINTSW - T & T Systems an advice activities relating to safety issues of BACS systems (Building Automation and Control System) planned for this work :

  • The BACS related to the line, with the task of controlling and monitoring the HVAC systems (Heating, Ventilation and Air Conditioning) and systems E & M (Electrical and Mechanical system) within the stations, of the shafts and tunnels, both in terms of normal operation and in emergency conditions.
  • The Depot BACS, with the task of controlling and monitoring all HVAC systems and the E & M systems within of Building of Directors, of the Operation Control Center (Operations Control Center - OCC) and of the entire storage/depot area.

The BACS systems communicate with two external systems: the Time Server, for the clock synchronization and the Security Management System (SMS) for the transmission of alarms and events. The general architecture of the BACS systems is realized by integrating two levels:

  • the Human Machine Interface (HMI-Level);
  • the field (Field-Level).


The HMI level is based on servers, workstations and printers installed in the Operation Control Center (OCC), in the Station Master Room in the Depot and Tower Room. The Field level  is instead based on a fail-safe PLC, physically connected to all the field devices and  instruments managed by the BACS systems.

OCC-Bacs-ArchThe HMI level consists of a client-server distributed architecture based on "UGS Tecnomatix FactoryLink SCADA Framework", which includes:

  • the Factory Link Server System: is the SCADA server application that communicates with the field PLC and collects, processes, stores and distributes the data to the FactoryLink Client system.
  • the Client System Factory Link: is the SCADA client application that collects data from the distributed server system and displays them on the Graphical User Interface (GUI) specially developed. The GUI also enables the systema to send data to the connected server system.

The operator, via the workstation where the client system is installed, it can interact with the field level, both by monitoring, and by controlling the equipment in the field using the Factory Link Server System connected to the workstation.

The online BACS system has some significant implications for the safety of the public and the workers when operating in emergency situation due to the presence of fire and / or smoke in the stations and in the tunnels, for example, in case of fire.

A wrong use of the HVAC system could have devastating effects on the plant safety, for example by stoking up possible sources of fire, or pushing the fumes inwrong directions, ie directing the fumes towards stations or towards a stationary convoy, instead of evacuating it outwords.


For this reason, the system risk analysis preliminarily set, for the line BACS system, the level SIL 2, as specified by the railway European standards CEI EN 50126, CEI EN 50128 and CEI EN 50129.


The level SIL 2 assigned to the line BACS system, for the part of the system including the field level, involves the usual design   and the realization measures,  that, although challenging,  not have  particularly problematic aspects; for the part of the system included in the HMI level, the SIL 2 level instead represents a difficult hurdle to overcome, because the hardware architecture is based on standard computers, and the software architecture on a large number of components of type "Commercial components Off-The-Shelf "(COTS), and then not specially designed for safety-critical applications.

For this reason, the assessor of the line subsystem BACS asked to perform a detailed study to verify the compliance of the hardware and software type "Commercial Off-The-Shelf" with the requirements of railway safety standards for the functional safety IEC 50126 , CEI EN 50128 and CEI EN 50129, or, in the negative case, to identify the possible alternatives or corrective solutions, to be applied to the hardware architecture, software, or both.

Thessaloniki Metro: our activities related to the progetto


For HINTSW - T & T Systems has therefore been asked to verify that the technical solution proposed by Atos-Origin for online BACS was such to can  be found compliant  with railway standards CEI EN 50126, CEI EN 50128 and CEI EN 50129 by an indipendent Certification  Body or, if not, to propose any corrective measures.

MetroSalonicco-7To carry out this analysis have been taken into consideration the requirements contained in the cited standards (CEI EN 50126, CEI EN 50128 and CEI EN 50129) verifying the applicability in the design system.

In particular the system and   SW life cycles were taken into account, to ensure  that the activities, techniques and measures, arranged therein, (for example, for the software, in the tables of Appendix A of the Standard CEI EN 50128) were applicable to the hardware   and software  architecture,  assumed for the construction of the line BACS system. Deepenings were also held on the hazard analysis subsystem, to ensure its compatibility with the system hazard analysis, with the completeness of the hazards identified and with the completeness of the mitigation measures.

At the end  the conclusions of the analysis were  reached, with the choice of a number of implementative strategies, with the transfer of some hazard to other subsystems, and by identifying some issues open, to be closed with the involvement of the certification body.


Tel.: +39 02.2897.0440; +39 02.2871.305

General info: This email address is being protected from spambots. You need JavaScript enabled to view it.

Commercial info: This email address is being protected from spambots. You need JavaScript enabled to view it.
Commercial contact: +39 348.600.32.82

Registered office: I-20129 Milano, via Plinio 1
Office: I-20127 Milano, via Natale Battaglia, 27

Read more ...



HINTSW - T&T Systems has been operating for over a decade in the field of functional safety concerning the main industrial sectors and public transport.

Read more ...



HINTSW division provides highly professional and specialized consultancy in the development of programmable electronic system used in safety-critical applications.

Read more ...

Safety certification


The safety certification of a system or equipment is often an arduous challenge to win, HINTSW provides all the support and know-how necessary to win.

Read more ...



HINTSW, drawing from their expertise, offers a wide range of services in the field of vocational training.

Read more ...

Go to top