Author(s)

J. Catmur

Abstract

As railways broaden their potential suppliers of ATC systems they are faced with selecting between systems that have been built at different times and in different countries. The techniques used to manage the development of safety-critical computer systems have evolved over the last 20 years and the way in which they have been applied has varied from country to country and supplier to supplier. This paper examines the difficulty that exists in assessing the safety of computer based ATP systems which have been developed using distinct, and sometimes conflicting, national standards. It is based on extensive practical work in reviewing the protection against systematic failures that the design processes, used in a variety of ATP, systems has given. 1. Introduction Whe

Keywords