Home / Standards / EN 50126
Standard · EN 50126 / 50128 / 50129
EN 50126 — Fault Tree Analysis for Rail RAMS
EN 50126 specifies the Reliability, Availability, Maintainability and Safety (RAMS) lifecycle for rail systems. Together with EN 50128 (software) and EN 50129 (electronic safety-related systems for signalling), it forms the CENELEC suite. Fault Tree Analysis is a primary technique for the SIL 3 and SIL 4 safety functions a modern rail signalling architecture has to support.
Where EN 50126 calls for FTA
EN 50126 organises safety work into a 14-phase lifecycle. FTA appears in:
- Phase 4 — System requirements: hazard analysis to derive safety targets (THR — Tolerable Hazard Rate) for safety-related functions.
- Phase 5 — Apportionment: top-down allocation of THR to subsystems via FTA.
- Phase 6 — Design and implementation: bottom-up verification of architectural choices.
- Phase 9 — Safety case: FTA outputs are part of the SR-01 / SR-02 evidence sections under EN 50129.
SIL targets in CENELEC rail
| SIL | THR (continuous, /h) | FTA recommendation |
|---|---|---|
| SIL 1 | 10⁻⁶ ≤ THR < 10⁻⁵ | Recommended |
| SIL 2 | 10⁻⁷ ≤ THR < 10⁻⁶ | Recommended |
| SIL 3 | 10⁻⁸ ≤ THR < 10⁻⁷ | Highly Recommended |
| SIL 4 | 10⁻⁹ ≤ THR < 10⁻⁸ | Mandatory |
How FTA Studio supports CENELEC rail
- SIL labelling on basic events and on the project header — propagates into IEC JSON export.
- k-out-of-n voting gates — needed for the redundant ATP / interlocking architectures (2-out-of-3, 3-out-of-3 / D, etc.).
- Common-cause modelling — Beta-factor and MGL CCF blocks for shared-power and shared-clock failure modes typical of fault-tolerant signalling.
- Importance ranking — Fussell-Vesely and RAW directly feed the proof-test interval optimisation that EN 50129 expects in the safety case.
- Approval workflow (Enterprise) — locks tree revisions and produces the audit trail rail safety cases require.