2010 Q8 - Design Error Management in Commissioning Phase

[gsibanda]

Dave, Wilbert and I have put together our suggested answer to question 8 of the 2010 paper following the Reading study group discussion.

Please comment as you see fit.

[Peter]

Dave, Wilbert and I have put together our suggested answer to question 8 of the 2010 paper following the Reading study group discussion.

Please comment as you see fit.

There is a lot of good stuff in here and I have added some bits in red which are areas that could also be considered, or things that came across to me from the way things were written.

[Jerry1237]

For me, the paper felt generally as if it has the basis for good answer. However, it seems a tad long considering the ~30min timeframe.

Answers 1) and 2) are the same? For me, the likelihood of reversion is not the length of time of commissioning but the level of risk and the implications for not reverting (is a person's life safer due to a few cancelled trains in the morning or no service? - Hatfield suggests the first).

Personally, I would avoid the words like feel (answer 5). They do not line up well with competence and the precision required within the rail discipline.

Answer six should clarify that competent refers to someone other than the designer who has suitable competence (training, experience, certification) to make an engineering decision. The designer will be involved due to the raising of a test log!

Answer seven, all errors can have a significant impact. The hazard and likelihood (i.e. risk) need to be addresses and the actions taken based upon that analysis. Yellowbook deals with risk assessment and is worth a read. Answer eight discusses communication but if the risk/error were that severe, then it is probable that all relevant parties would be involved in the risk analysis anyhow and coming to a mutual agreement about the path to take.

For example, what are the effects of changing one core on forty thousand relays that form an interlocking? What are the hazards? Can one wrong contact cause a WSF? Would a TIC hand back the railway without fully testing the effects of a site-based mark-up?

For answer eight, think about the risks of hand signallers versus a SIL4 application? Also, the location makes a significant impact. Hand-signllers controlling a clipped crossover with signals that cannot clear for a straight line move against handsignllers at Clapham controlling a crossover!

Final thing. Don't forget, an early issue can screw the programme too! If a commissioning is tight, a simple change can generate significant levels of testing. Again, that would be a consideration to whether the work should be abolished (easier if it is an early minor stage) or whether some resourse reallocation, redesign and the viability (risk versus time versus cost versus implications etc).

Overall, the answer makes sense and deals with some of the issues. A few changes of terminology and clarifications would improve what is a solid answer.

Jerry

[KonduriRaghavakumar]

I contributed my ideas regarding this please check it out and suggest me accordingly.

K.Raghavakumar

[PJW]

I think you should have concentrated rather more precisely the testing & commissioning staff- for example what actions they would take in order to get an alteration to the design made. Also your wording suggests that it should be eradicated if possible but didn't say what to do if this is not possible.

Having raised the issue of having identified a design defect within a system component (as opposed to the appication design) in the first section, then you should have made a bit more of it; what about all the other sites on the railway where that failure mode would also presumably exist? Possible need for urgent consideration whether these could remain in traffic use, need for investigation, risk assessment, determine potential short and long term mitigations..... Don't however get drawn too much into this as I don't think it was what the question was primarily about but having written what you had, then an additional sentence would have been good.

I felt that for what was quite a short answer that you spent too much time discussing some tangential items in too much detail- for example discussion of the duration and "block burst" was probably excessive in that there were 3 lines of text that wouldn't have added to your marks.
It would have been better to have used that time to consider the different consequences that various faults would each have-
a) very unsatisfactory, prohibiting any commissioning at all, thus giving the options of putting back as it was (if indeed practicable) / suffering large delay to commissioning with severe operational consequences,
b) an element unsatisfactory but operators could live without it temporarily, permitting the rest of the commissioning and arranging to come back soon to remedy it,
c) unsatisfactory but actually could be adequately mitigated in the short term by a specific operational procedure so could be temporarily commissioned with a suitable restriction- because judged low risk,
d) minor issue which isn't at all unsafe but perhaps inhibits full operation flexibility or may not be reliable long term, full commissioning yet come back to improve at convenient time later.

I thnk that whereas your item ii) did discuss the various options to some extent, that they were a bit hidden in the text. I'd advise a numbered or bullet point list to make them more evident. or perhaps a table with a separate row for each and a column explaining the circumstances in which each might be a suitable option.

Your item iii) seems (but I am not quite sure I interpreted correctly) to be talking of an error that only emerges post commissioning. Certainly true that this sometime happens and in the UK would be treated rather differently; however I don't consider relevant to what was asked. However given that this was only a short description then possibly a gamble worth making- examiner just might give you some small credit.

So I feel that you do understand the scenario from your answer, but you could have presented it better and focussed it a little more to precisely what was asked.

I contributed my ideas regarding this please check it out and suggest me accordingly.

K.Raghavakumar

[Hort]

Hi all,

I am sitting module 1 this year and have attempted question 8 of last year's paper in preparation. I don't think I have written enough to get all of the marks, does anyone have any other ideas?

[Jerry1237]

Hort,

I think it is a very reasonable answer. One comment is testers are not just there to find design errors but build and installation errors too.

Again, the purpose of the exam is to inform the examiner the candidate understands the principles of the answer and not the abilty to write War and Peace.

I'll leave others to critique your answer but it is certainly a good start.

Jerry

[PJW]

Firstly I found a previously mis-filed thread on this question so I have moved it to the correct place and now merged with this new thread; hence it would be worth looking at the attempts posted higher up this combined thread and the comments thereon. Thought I had a sense of deja vu.


This question certainly related purely to a design error so you were right to restrict your answer to that scenario.

I think that I'd have attempted to broaden the interpretation of question to include the pre-testing period as well as the commissioning shift. This allows you to describe more available options which are dependent not only upon the severity of the error but also when it was identified- this clearly affects the possible solutions and the practicability of implementing within the required timescale.

Similarly you could discuss:
a) a missing vital control in interlocking wiring preventing the commissioning of a route; can the operators work the train service without it or do they just lose a facility only rarely needed? Can it be handsignalled?
b) a "cross between two bits" or an "incorrect inversion of a bit" in a software remote control system (i.e. there may have to be a short term "bodge" to get it working adequately functionally by amending wiring and then going back later when there is the ability to put in new data to correct properly and undue the hardware temporary fix),
c) a timing problem that just sometimes prevents a route being set; this isn't right but can be lived with for a bit by the signalman just trying again when it occurs,
d) the Train Describer stepping not working- perhaps a need to employ an extra signaller to compensate for this until it can be corrected,
e) a track circuit with over-long rail leads preventing full energisation of the relay and thus leaving the track prone to rightside failures in wet weather,
f) lack of polarity stagger at an IRJ; can the risk be adequately addressed by regular physical test of the integrity of that IRJ until the design can be amended and implemented?
and so on- you can invent lots of scenarios that all have a different consequence and possible mitigation and therefore explain that the options available depend on such circumstances.

Also could discuss the options available relating to the scale of the job; there may not always be a competent NR Project Engineer available at a time that a decision may be made,; on some minor works there may not even be any design cover on shift and even if they are on call there may only be a few hours in the commissioning period and not enough time to get a mod designed and installed, let alone tested. Alternatively the commissioning may be 54 hours or even more and there may be an office load of designers just waiting for something to do.


I think early on though I'd give the basic options:
1. Abandon the commissioning before the start
2. Get into the commissioning period, discover the error, decide no way forward and thus reverse the changes and re-test as it was before (obviously can't do this if P'Way have changed the track layout in the interim)
3. Modify within the commissioning shift
4. Deliberately overrun the booked shift in order to be able to rectify (having warned appropriate people and got acceptance!)
5. Commission most, but leave something booked off for later rectification.
6. Commission all but place on some operational restriction or procedure as a mitigation to compensate for some undesirable feature; return as soon as possible to resolve.
7. Commission all, but with special technical support to be on hand to overcome a problem as and when it arises, or in other circumstances institute some regular inspection regime to address by other means whatever risk not being controlled in the manner that ideally it should be.

I think your answer went into too much detail re the Test Log procedure; I think sensible to mention as it is a consequential action, and an outline to demonstrate that you know what a Test Log is but specifying all the entries on it went further than needed. Definitely don't need the info re how a T/L is transmitted to a remote design office- although arguably on topic the answer isn't strictly relevant to precisely what was asked and this was OPTIONS AVAILABLE.


Also a few points of detail; the TiC can only propose T/L for deferral, it is the Infrastructure Manager Representative who accepts this proposal. Also would tend to send T/L to design to think about before considering how urgent to resolve (until know potential solution can't judge whether practicable and therefore what options available), though obviously if there are several then the TiC may hold back the ones they consider less important to avoid detracting from the serious one (human nature is that the designer would tend to do the one which is easier, rather than the most urgent / important!).

Also the tester / TiC should definitely NOT suggest a solution to the designer; I know it happens and yes there are times that a certain amount of guidance of what would / would not be practicable to implement on site is appropriate, but it is not something that should be stated in an IRSE Exam answer.

Other than that I agree with Jerry that your answer was on the right lines; I think that structuring as a series of bullet points or as lines of a table would make it far more obvious how many options you were suggesting and in what circumstances each may be applicable.

Your last paragraph was the best and you should have done more in the same vein; hopefully I have suggested above some avenues down which you could have gone to expand the scope of the question to give yourself more scope in describing options.

Obviously this is where experience comes to the fore; I have been a tester for years in a whole range of circumstances and thus I would find no problem in listing a very wide range of circumstances as I have lived through them. Some can be quite bizzare; there was one mechanical signalbox at a train depot where the mechanical ground discs being replaced by LED GPLs. We thought all was fine and commissioned in the small hours of the morning and then the design error became obvious. Train shunted out of depot, across a set of points but there are no track circuits. Signalman says "how the &#$# can I tell that the train has cleared the points before I attempt to move them?; I used to be able to see the backlight from the shunting disc when he had got behind it, now I ain't got a *%$@#ing clue......" We got a tester to donate his head torch and attached it to the GPL as a temporary expedient and the signalman was happy again.

Hort,

I think it is a very reasonable answer. One comment is testers are not just there to find design errors but build and installation errors too.

Again, the purpose of the exam is to inform the examiner the candidate understands the principles of the answer and not the abilty to write War and Peace.

I'll leave others to critique your answer but it is certainly a good start.

Jerry

[Hort]

Thanks Pjw,
normally on the projects i deal with the tic acts as infrastructure manager in doing the EIS hence confusion re t/l deferal.

...someone mention War and Peace?

[PJW]

Noted- it does depend on how much authority has been delegated. However even it is actually the same person as the TiC, then they are making that assessment with the other hat on!

Thanks Pjw,
normally on the projects i deal with the tic acts as infrastructure manager in doing the EIS hence confusion re t/l deferal.

...someone mention War and Peace?