Why was EN 50657 created separate from EN 50128?

EN 50657 was created to separate the rolling stock domain from the signaling domain. This allows train manufacturers to follow a standard tailored to their specific supply chain and system architecture (TCMS) without being burdened by requirements specific to trackside signaling infrastructure.

Does EN 50657 apply to TCMS?

Yes, EN 50657 is the primary standard for the software running on the Train Control and Monitoring System (TCMS), as well as subsystem software for brakes, doors, and HVAC.

What is the difference between Verification and Validation in EN 50657?

Verification asks 'Are we building the product right?' (checking code against specs at each step). Validation asks 'Are we building the right product?' (testing the final software to ensure it meets the user's safety and operational needs).

Code on the Rails: Navigating EN 50657 for Rolling Stock Software

Explore EN 50657, the definitive standard for rolling stock software. Understand the V-Model, SIL requirements, and the shift from EN 50128 for onboard systems.

January 18, 2024 6:04 pm

What is EN 50657?

EN 50657 is the specific European Standard titled “Railways Applications – Rolling stock applications – Software on Board Rolling Stock.” It governs the development, testing, and maintenance of software specifically installed on railway vehicles, such as the Train Control and Monitoring System (TCMS), door control units, and traction control software.

Historically, all railway software fell under EN 50128. However, as the industry matured, a split occurred: EN 50128 became dedicated to “Signalling and Telecommunications” (infrastructure/trackside), while EN 50657 was created to address the specific needs of the “Rolling Stock” (on-board) domain. While technically very similar, EN 50657 is tailored to the lifecycle and supply chain realities of train manufacturers rather than signaling companies.

The Software V-Model Lifecycle

Like its predecessor, EN 50657 mandates the use of the V-Model for software development. This ensures that every line of code can be traced back to a specific safety requirement.

Left Side (Design): Software Requirements Specification → Architecture → Design → Coding.
Right Side (Verification): Unit Testing → Integration Testing → Software Validation → System Acceptance.
Process: It requires strict independence between the person who writes the code and the person who tests it, especially for higher safety levels.

Software Safety Integrity Levels (SIL)

Not all software on a train is equally critical. EN 50657 categorizes software based on the risk associated with its failure (derived from EN 50126).

Basic Integrity: Software for non-critical functions (e.g., Passenger Information Displays). Failure causes inconvenience but no safety risk.
SIL 1 & SIL 2: Mid-level safety functions (e.g., slip/slide protection).
SIL 3 & SIL 4: High-risk functions (e.g., Door control, Emergency Braking). These require the most rigorous mathematical proof, formal methods, and extensive validation.

Comparison: EN 50128 vs. EN 50657

Feature	EN 50128	EN 50657
Domain	Signalling & Telecommunications (Trackside/OCC)	Rolling Stock (On-board Vehicle)
Target Audience	Signalling Suppliers (Thales, Siemens Mobility)	Train Builders (Alstom, CRRC, Component Suppliers)
COTS Handling	Strict / Conservative	More flexible regarding industrial electronics integration
Technical Core	Based on IEC 62279	Harmonized with EN 50128 but adapted context

COMMENTS

[ Cancel replying ]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

No comments yet, be the first filling the form below.