ABSTRACT The digitalization and automation of rail operations are expected to enhance (or at least maintain) the high level of railway safety. However, the added complexity introduced by automation makes risk assessment and safety assurance significantly more challenging. Systems‐Theoretic Process Analysis (STPA), a systemic safety approach, is widely advocated by academic researchers and industry practitioners as an effective method for managing the complexities and dynamic scenarios of highly automated systems. A key concept within STPA is the development of a Hierarchical Safety Control Structure (HSCS) for the system under analysis. This structure is essential, as the approach relies on identifying inadequate control scenarios that could lead to hazards. The effectiveness of any STPA analysis is directly dependent on the quality and completeness of the HSCS. This paper addresses the lack of guidance on STPA control structure modelling by proposing a methodology to establish an HSCS for automated railway systems in Europe. The methodology accounts for information available on railway technical specifications, functional and technical architectures developed within European projects, as well as relevant scientific research. To ensure completeness of the HSCS, this work considers the regulatory, organizational, operational and technical levels involved in the development and operation of automated trains. It is applied to establish an HSCS for semi‐automated (Grade of Automation—GoA2) train operations, with a discussion on its extension to unattended (GoA4) train operations. The developed HSCS models and corresponding Capella project files have been made openly accessible via GitHub.
Tonk et al. (Thu,) studied this question.