European Railway Agency - ERA

Making the railway system work better for society

Safety management system

A Safety Management System (SMS) is defined in the Safety Directive as “the organisation, arrangements and procedures established by an infrastructure manager or a railway undertaking to ensure the safe management of its operations”. The aim of the SMS is to ensure a high level of safety performance and continuous improvement and to limit the risks in railway operations.

Railway undertakings and infrastructure managers are responsible for the SMS, each one for its own part of the system and its safe operation. Through their SMS, they are required to implement the necessary risk control measures, where appropriate in cooperation with each other and with other actors.

The Member State may exclude local rail systems (metros, trams and other light rail systems) from the scope of the Railway Safety Directive. So, depending on how that Directive is transposed in each Member State, the above mentioned rail systems might (not) require a safety management system to operate.

The roles of railway undertaking and infrastructure manager should be first clearly defined in national legislation in accordance with the definitions set in the Railway Safety Directive (Directive (EU) 2016/798). The railway undertaking and the infrastructure manager shall co-operate together to manage the interface risks.

Through their safety management systems, the railway undertakings and the infrastructure managers have to demonstrate that they have the ability to identify, assess and control risks which arise both from its own activities and those caused by others. This does not require a list of all risks or categories of risk relevant to the applicant, but requires the applicant to show how its systems and procedures are designed and organised to facilitate the assessment of risks and their subsequent control.

There should be arrangements for the provision of safety information, regardless of financial or any other information tagged confidential, between (among others) those applying for a safety certificate or a safety authorisation for operations on the same infrastructure. Establishment of discussion platform or forum between authorities, railway undertakings and infrastructure managers could also help at managing those shared interface risks.

In addition, the national safety authority has still the ability to check effectively the co-operation arrangements put in place by the railway undertakings and infrastructure managers during its supervision activities.

The applicant for the safety certificate/authorisation (i.e. the railway undertaking or the infrastructure manager) has to demonstrate that it has the ability to identify, assess and control risks which arise both from its own activities and those caused by others. Therefore, railway undertakings and infrastructure managers shall identify these activities (or tasks) that give rise to serious risks for safety regardless of the national legislation. They shall achieve a degree of proportionality in approaching the risks and focus primarily on those which have the potential to adversely affect the operation of the trains or the infrastructure. Based on these principles, the railway undertakings and infrastructure managers need to set out adequate arrangements for managing competences of their workers undertaking safety critical tasks (and regardless of their job title). The national legislation supplementing the European legislation, the railway undertakings and infrastructure managers shall ensure that they also develop competences for the tasks identified in their national legislation (after applying a risk based approach on their railway activities). On the contrary, limiting the competence management only to the safety critical tasks identified in the national legislation is not sufficient.

Railway undertakings and infrastructure managers are responsible to continuously control the risks associated to their own activities under all conditions. Of course, it applies to clearly identified risks railway undertakings and infrastructure managers are responsible for (including risks where they have shared interfaces with other entities). Indeed, railway undertakings and infrastructure managers cannot be reasonably asked to address risks that cannot be known or even that can be known but are outside their sphere of control (e.g. air plane crashing on the track).

Railway undertakings and infrastructure managers should bear the full responsibility for the safety of the system, each for their own part, by continuously controlling the (identified) risks associated to their own activities and when necessary to co-operate with each other for shared interface risks.

New/amended rules shall be traced back to the original identified risk. These new/amended rules are changes and therefore, need to be adequately controlled. They could arise from the monitoring of the safety performance that may highlight new or not previously identified risks. Similarly, it is highly recommended to trace existing rules inherited from the past back to the original identified risk.

Depending on the historical background of the railway undertaking or infrastructure manager, it may appear quite difficult to relate numerous old rules to risks. There is no single solution. Therefore, railway undertakings and infrastructure managers are encouraged to discuss possible solutions (e.g. grouping of rules, cross-references through the definition of processes) and their implementation together with the safety certification body.