In April 2006, the Joint Venture composed of AEGEK - IMPREGILO - Ansaldo T.S.F. - SELI - ANSALDOBREDA won the contract to build the Thessaloniki metro (Greece), whose construction began in June 2006.
The Thessaloniki metro integrates the latest technologies with the most demanding standards related to quality and function, making this subway system one of the most modern in Europe; It includes 13 stations, a line of 9.5 Km, made with two independent single-track tunnel, and a depot of about 50,000 square meters.
The trains will be "ultra-automatic", ie with a fully automatic driveless guidance system
TÜV Rheinland Italy and Atos-Origin, within the ambit of the design and construction of the Thessaloniki Metro, ordered to HINTSW - T & T Systems an advice activities relating to safety issues of BACS systems (Building Automation and Control System) planned for this work :
- The BACS related to the line, with the task of controlling and monitoring the HVAC systems (Heating, Ventilation and Air Conditioning) and systems E & M (Electrical and Mechanical system) within the stations, of the shafts and tunnels, both in terms of normal operation and in emergency conditions.
- The Depot BACS, with the task of controlling and monitoring all HVAC systems and the E & M systems within of Building of Directors, of the Operation Control Center (Operations Control Center - OCC) and of the entire storage/depot area.
The BACS systems communicate with two external systems: the Time Server, for the clock synchronization and the Security Management System (SMS) for the transmission of alarms and events. The general architecture of the BACS systems is realized by integrating two levels:
- the Human Machine Interface (HMI-Level);
- the field (Field-Level).
The HMI level is based on servers, workstations and printers installed in the Operation Control Center (OCC), in the Station Master Room in the Depot and Tower Room. The Field level is instead based on a fail-safe PLC, physically connected to all the field devices and instruments managed by the BACS systems.
The HMI level consists of a client-server distributed architecture based on "UGS Tecnomatix FactoryLink SCADA Framework", which includes:
The operator, via the workstation where the client system is installed, it can interact with the field level, both by monitoring, and by controlling the equipment in the field using the Factory Link Server System connected to the workstation.
The online BACS system has some significant implications for the safety of the public and the workers when operating in emergency situation due to the presence of fire and / or smoke in the stations and in the tunnels, for example, in case of fire.
A wrong use of the HVAC system could have devastating effects on the plant safety, for example by stoking up possible sources of fire, or pushing the fumes inwrong directions, ie directing the fumes towards stations or towards a stationary convoy, instead of evacuating it outwords.
For this reason, the system risk analysis preliminarily set, for the line BACS system, the level SIL 2, as specified by the railway European standards CEI EN 50126, CEI EN 50128 and CEI EN 50129.
The level SIL 2 assigned to the line BACS system, for the part of the system including the field level, involves the usual design and the realization measures, that, although challenging, not have particularly problematic aspects; for the part of the system included in the HMI level, the SIL 2 level instead represents a difficult hurdle to overcome, because the hardware architecture is based on standard computers, and the software architecture on a large number of components of type "Commercial components Off-The-Shelf "(COTS), and then not specially designed for safety-critical applications.
For this reason, the assessor of the line subsystem BACS asked to perform a detailed study to verify the compliance of the hardware and software type "Commercial Off-The-Shelf" with the requirements of railway safety standards for the functional safety IEC 50126 , CEI EN 50128 and CEI EN 50129, or, in the negative case, to identify the possible alternatives or corrective solutions, to be applied to the hardware architecture, software, or both.
Thessaloniki Metro: our activities related to the progetto
For HINTSW - T & T Systems has therefore been asked to verify that the technical solution proposed by Atos-Origin for online BACS was such to can be found compliant with railway standards CEI EN 50126, CEI EN 50128 and CEI EN 50129 by an indipendent Certification Body or, if not, to propose any corrective measures.
To carry out this analysis have been taken into consideration the requirements contained in the cited standards (CEI EN 50126, CEI EN 50128 and CEI EN 50129) verifying the applicability in the design system.
In particular the system and SW life cycles were taken into account, to ensure that the activities, techniques and measures, arranged therein, (for example, for the software, in the tables of Appendix A of the Standard CEI EN 50128) were applicable to the hardware and software architecture, assumed for the construction of the line BACS system. Deepenings were also held on the hazard analysis subsystem, to ensure its compatibility with the system hazard analysis, with the completeness of the hazards identified and with the completeness of the mitigation measures.
At the end the conclusions of the analysis were reached, with the choice of a number of implementative strategies, with the transfer of some hazard to other subsystems, and by identifying some issues open, to be closed with the involvement of the certification body.