Railway RAMS Lifecycle Validator
Get Started with This SkillOverview
Elaborate and validate a Safety Case for railway signaling systems per EN 50126. Covers the full V-model lifecycle (Concept to Decommissioning), SIL 1–4 allocation with failure rate consistency checks, hazard analysis, risk assessment, and CENELEC standard compliance for EU railway projects.
The skill targets the most critical aspect of railway signaling safety: demonstrating that safety requirements are traceable from hazard identification through design, validation, and into operation — the core demand of the CENELEC EN 50126/50128/50129 standard family.
- Lifecycle coverage — Validates all 14 EN 50126 V-model phases, from Concept through Decommissioning, with required deliverables per phase.
- SIL consistency — Checks that Safety Integrity Level allocations (SIL 1–4) match Tolerable Hazard Rate (THR) calculations and failure rate data.
- Hazard traceability — Ensures hazards are identified, tracked in a Hazard Log, and linked to safety requirements, design evidence, and verification results.
Getting Started
Add your safety case documentation to the project workspace — either as a single structured markdown document or as a directory of safety case sections. Then activate the Railway RAMS Lifecycle Validator skill. The agent will guide you through Safety Case elaboration phase by phase, from system definition through validation and acceptance.
Example Conversation
Below is an example of how a typical Safety Case elaboration session unfolds. The agent guides you through the EN 50126 lifecycle, performs hazard analysis, allocates SILs, and validates the final document.
You: I need to create a Safety Case for a new computer-based interlocking (CBI) system being deployed at Nordbahnhof junction. The system controls 12 routes and 8 point machines. We’re in Germany, so ERA and EBA are the relevant authorities.
Agent: I’ll guide you through the Safety Case following the EN 50126 V-model lifecycle. Let me start by collecting key project details.
For your CBI system at Nordbahnhof, I need to confirm:
- Signaling principle: Fixed block with track-circuit-based route locking?
- ETCS involvement: Is this a standalone interlocking or interfaced with ETCS?
- Project type: New installation or replacement of an existing relay-based system?
- ISA requirement: For a CBI at SIL 4, an Independent Safety Assessment is mandatory per EN 50129 — do you already have an ISA contractor?
You: Fixed block with axle counters (not track circuits). No ETCS — standalone CBI. It’s replacing a 1970s relay interlocking. We have TÜV Rheinland as our ISA.
Agent: Excellent. I’ve started the Safety Case using the EN 50129 template. Let me begin with Phase 1 (Concept) and Phase 2 (System Definition).
I’ve populated the system description: CBI for Nordbahnhof junction, 12 routes, 8 point machines, axle-counter-based, replacing relay interlocking. Application conditions include standard German railway environment per DB Netz specifications.
Now for Phase 3 — Risk Analysis: I need to build the Hazard Log. For a CBI, the key hazardous functions typically include:
- Route setting: Wrong-side failure could allow conflicting routes
- Point control: Point driven to wrong position under a route
- Signal aspect: Signal shows less restrictive aspect than required
- Axle counter reset: Incorrect track-clear detection
Shall I start with these standard interlocking hazards and then we refine with your specific operational context?
You: Yes, start with those. The main concern from our preliminary analysis is the axle counter reset — we’ve had near-misses with that at other locations.
Agent: Understood. I’ve created the Hazard Log with 6 initial hazards. For HAZ-003 (incorrect axle counter reset leading to false track-clear), I’ve classified it as Catastrophic severity / Remote frequency, giving an Intolerable risk level that requires THR ≤ 10⁻⁹ /h (SIL 4).
Here’s the SIL allocation summary:
Function Hazard THR (/h) SIL Route conflict prevention HAZ-001 1.5×10⁻⁹ SIL 4 Point position verification HAZ-002 5.0×10⁻⁹ SIL 4 Axle counter reset safety HAZ-003 1.0×10⁻⁹ SIL 4 Signal aspect control HAZ-004 3.0×10⁻⁹ SIL 4 I’ve now run both validation tools. The lifecycle validator shows 12 of 14 phases covered (Phases 13 and 14 need brief sections on modification management and decommissioning). The SIL checker confirms all 4 SIL declarations are consistent with their THR values. Shall I add the missing lifecycle sections?
Sample Output Excerpt
Below is a representative excerpt from a Safety Case validation report, showing lifecycle phase coverage and SIL consistency — the two key checks an ISA reviewer looks for first.
EN 50126 RAMS Lifecycle Validation — Nordbahnhof CBI
Lifecycle phases covered: 14 / 14 SIL levels mentioned: SIL 4, SIL 3
Lifecycle Phase Coverage
| Phase | Status |
|---|---|
| Phase 1 — Concept | ✓ |
| Phase 2 — System Definition & Application Conditions | ✓ |
| Phase 3 — Risk Analysis | ✓ |
| Phase 4 — System Requirements | ✓ |
| Phase 5 — Apportionment of System Requirements | ✓ |
| Phase 6 — Design & Implementation | ✓ |
| Phase 7 — Manufacturing | ✓ |
| Phase 8 — Installation | ✓ |
| Phase 9 — System Validation | ✓ |
| Phase 10 — System Acceptance | ✓ |
| Phase 11 — Operation & Maintenance | ✓ |
| Phase 12 — Performance Monitoring | ✓ |
| Phase 13 — Modification & Retrofit | ✓ |
| Phase 14 — Decommissioning | ✓ |
SIL Consistency Check
| Function | Declared SIL | THR | Failure Rate | Status |
|---|---|---|---|---|
| Route conflict prevention | SIL 4 | 1.5×10⁻⁹ /h | 8.2×10⁻¹⁰ /h | PASS |
| Point position verification | SIL 4 | 5.0×10⁻⁹ /h | 2.1×10⁻⁹ /h | PASS |
| Axle counter reset safety | SIL 4 | 1.0×10⁻⁹ /h | 6.5×10⁻¹⁰ /h | PASS |
| Signal aspect control | SIL 4 | 3.0×10⁻⁹ /h | 1.8×10⁻⁹ /h | PASS |
Hazard Traceability
| Hazard | THR | Safety Req. | Design Evidence | Test Evidence | Status |
|---|---|---|---|---|---|
| HAZ-001 | 1.5×10⁻⁹ | SR-001, SR-002 | FMEA-01, FTA-01 | VT-001 | Closed |
| HAZ-002 | 5.0×10⁻⁹ | SR-003 | FMEA-02 | VT-002 | Closed |
| HAZ-003 | 1.0×10⁻⁹ | SR-004, SR-005 | FMEA-03, FTA-02 | VT-003 | Closed |
| HAZ-004 | 3.0×10⁻⁹ | SR-006 | FMEA-04, FTA-03 | VT-004 | Closed |
Result: PASS — Safety Case covers the EN 50126 lifecycle phases and key deliverables.
Built-in Validation Tools
The skill includes two extension tools that automate the most labor-intensive parts of Safety Case review.
What the tools check
| Check Category | rams_lifecycle_validator | sil_level_checker |
|---|---|---|
| Phase 1–14 coverage | All 14 lifecycle phases | — |
| Required deliverables | Safety Plan, Hazard Log, SRS, FMEA, Validation Report, etc. | — |
| CENELEC standard references | EN 50126, EN 50128, EN 50129, CSM-RA | — |
| Hazard log presence | Hazard IDs, risk matrix, THR derivation | — |
| V-model traceability | Verification, validation, traceability links | — |
| SIL ↔ THR consistency | — | SIL declarations vs. THR bands |
| Failure rate matching | — | λ / PFH values vs. declared SIL |
| SIL apportionment gaps | — | Multiple SIL declarations without apportionment discussion |
| Techniques & measures | — | T&M and CCF analysis for high-SIL functions |
| Unfilled placeholders | Flags remaining markers | — |
Severity levels
- ERROR — A missing lifecycle phase, SIL/THR mismatch, or absent safety deliverable that must be resolved before ISA review.
- WARNING — A potential gap or missing reference that should be reviewed depending on project context.
- INFO — Unfilled placeholders, conservative SIL allocations, or informational notes.
Example validation output
======================================================================
EN 50126 RAMS LIFECYCLE VALIDATION REPORT
======================================================================
Path: safety-case/
Content size: 78,450 chars
Lifecycle phases covered: 14 / 14
SIL levels mentioned: SIL 4, SIL 3
--- LIFECYCLE PHASE COVERAGE ---
✓ Phase 1 — Concept
✓ Phase 2 — System Definition & Application Conditions
✓ Phase 3 — Risk Analysis
✓ Phase 4 — System Requirements
✓ Phase 5 — Apportionment of System Requirements
✓ Phase 6 — Design & Implementation
✓ Phase 7 — Manufacturing
✓ Phase 8 — Installation
✓ Phase 9 — System Validation
✓ Phase 10 — System Acceptance
✓ Phase 11 — Operation & Maintenance
✓ Phase 12 — Performance Monitoring
✓ Phase 13 — Modification & Retrofit
✓ Phase 14 — Decommissioning
--- STANDARD REFERENCES ---
Key CENELEC standards found (EN 50126, EN 50128, EN 50129).
--- SAFETY PROCESS ---
Hazard Log with traceable IDs found.
Verification and validation activities documented.
--- SUMMARY ---
Phases covered: 14 / 14
Errors: 0
Warnings: 0
Info: 2
RESULT: PASS — Safety Case covers the EN 50126 lifecycle phases
and key deliverables.
======================================================================
The agent runs both tools iteratively — first the lifecycle validator for structural completeness, then the SIL checker for quantitative consistency — and surfaces findings inline so you can resolve issues before submitting for Independent Safety Assessment.