Abstrakt:
In the introduction of this article the purpose and operation principle of railway
interlocking systems is briefly explained. Further there are presented results of an
analysis, which aim was to prove validity of a formula recommended by EN 50129 standard for a hazard rate calculation of the interlocking systems with a redundant
structure 2oo2. Hazard rate was calculated by two independent ways, namely for different
failure rates of single channels and for a different safe-down time. In the first case the formula presented in EN 50129 was used, in the latter case a calculation was carried out by RBD method. Results of both methods were matched. In most cases both results
coincide. Greater diversions arise only in such cases, when a safe-down time of a single
fault is comparable in order of magnitude with a mean time to failure of a single channel of the redundant structure. This can occur for instance during long term system storage, or if an undetected failure occurs during a system operation. Possibility of an undetected failure is not quantitatively captured in EN 50129 standard (each single random failure is considered to be detected at the end of the test), therefore the last aim of the work was to analyse in detail a mechanism of origin, detection and negation of double random faults. The results of this analysis can be used for a quantitative evaluation of the impact of undetected random failures on a hazard rate of a redundant structure 2 out of 2. The main risk for the technical safety of redundant systems, besides common cause failures, are undetected failures. One point of this paper is a recommendation that the data comparison and the fault negation should be carried out in such a way that would minimize or completely eliminate the possibility of undetected malfunction of these key safety functions.