Millennium Model Trains
Downer EDI Rail contracted AMOG to undertake a Software Safety Integrity Level (SIL) Assessment of the design of a new Internal Emergency Door Release (IEDR) being developed. Following the Waterfall rail incident, the NSW transport regulator recommended that all passenger trains be fitted with an internal passenger emergency door release. Downer EDI Rail designed such a system for incorporation into the Millennium Train.
AMOG's role was engaged as the Independent Software Assessor for the IEDR software system and the associated life cycle environment in accordance with the requirements of AS61508. The project required the assessment of the IEDR against the objectives of SIL 1 as defined in the standard.
The study involved a combination of desktop assessments and on-site evaluations in order to understand the existing software assurance processes in place complied with the requirements as set out in EN50128.
Oscar Model Trains
UGL developed the OSCAR Internal Emergency Door Mk II Project for Sydney Trains. The system was developed as a prototype for Tangara, and as such the system architecture, bus design, mission functionality was largely common.
The OSCAR Internal Emergency Door Mk II Project was an embedded distributed system design. The application was mostly FPGA (VHDL) for mission functions and a small amount of C (a dialect) for the Communication bus. A crew system status indicator (SSI) ran as a bus monitor (hardware isolated from the rest of the system) which has embedded Linux and a graphics library.
AMOG’s role was engaged as the Independent Software Assessor for the IEDR software system and the associated life cycle environment in accordance with the requirements of AS61508. The project required the assessment of the IEDR against the objectives of SIL 1 as defined in the standard. This role included assessments at different points in the development lifecycle.
The study involved using a combination of desktop assessments and on-site evaluations. It also included formal guidance on the differences between AS61508-3 and EN50128 for SIL1 software.