010/18

Recommendation Date
Recipient Name
KiwiRail
Text
KiwiRail’s change management process for upgrading the signal box display had not ensured that the mimic screen matched the physical track layout, and had not detected the absence of an interlock to prevent the signallers setting the points to a configuration over which it was not possible for rail traffic to travel.
On 23 May 2018 the Commission recommended that the Chief Executive of KiwiRail review KiwiRail’s change management processes for modifying existing and building new safety-critical systems, and ensure that these change management processes include a full failure mode effect analysis and require functional testing before the new or modified systems are put into service.
Reply Text
In response to recommendation 010/18 KiwiRail will add the following steps to the process for scoping, design and testing of significant changes to safety significant control systems:

- At the scoping phase the identification of potential failure modes in consultation with stakeholders via a safety in design risk assessment;
- Formal documentation of issues discovered and resulting changes undertaken throughthe testing process – this testing includes both technical and end-user;
- Formal technical and user signoff before changes are released for implementation; and
- A post implementation review and associated issues tracking to capture and resolve and residual issues.

Functional testing of changes is already part of existing processes.
Related Investigation(s)