Section



[Code of Federal Regulations]
[Title 49, Volume 4]
[Revised as of October 1, 2003]
From the U.S. Government Printing Office via GPO Access
[CITE: 49CFR238.105]

[Page 555-556]
 
                        TITLE 49--TRANSPORTATION
 
       CHAPTER II--FEDERAL RAILROAD ADMINISTRATION, DEPARTMENT OF 
                             TRANSPORTATION
 
PART 238--PASSENGER EQUIPMENT SAFETY STANDARDS--Table of Contents
 
           Subpart B--Safety Planning and General Requirements
 
Sec. 238.105  Train electronic hardware and software safety.

    The requirements of this section apply to electronic hardware and 
software used to control or monitor safety functions in passenger 
equipment ordered on or after September 8, 2000, and such components 
implemented or materially modified in new or existing passenger 
equipment on or after September 9, 2002.
    (a) The railroad shall develop and maintain a written hardware and 
software safety program to guide the design, development, testing, 
integration, and verification of software and hardware that controls or 
monitors equipment safety functions.
    (b) The hardware and software safety program shall be based on a 
formal safety methodology that includes a Failure Modes, Effects, 
Criticality Analysis (FMECA); verification and validation testing for 
all hardware and software components and their interfaces; and 
comprehensive hardware and software integration testing to ensure that 
the hardware and software system functions as intended.
    (c) The hardware and software safety program shall include a 
description of how the following will be accomplished, achieved, carried 
out, or implemented to ensure safety and reliability:
    (1) The hardware and software design process;
    (2) The hardware and software design documentation;
    (3) The hardware and software hazard analysis;
    (4) Hardware and software safety reviews;
    (5) Hardware and software hazard monitoring and tracking;
    (6) Hardware and software integration safety testing; and
    (7) Demonstration of overall hardware and software system safety as 
part of the pre-revenue service testing of the equipment.
    (d) (1) Hardware and software that controls or monitors a train's 
primary braking system shall either:
    (i) Fail safely by initiating a full service brake application in 
the event of a hardware or software failure that could impair the 
ability of the engineer to apply or release the brakes; or
    (ii) Access to direct manual control of the primary braking system 
(both service and emergency braking) shall be provided to the engineer.
    (2) Hardware and software that controls or monitors the ability to 
shut down a train's main power and fuel intake system shall either:
    (i) Fail safely by shutting down the main power and cutting off the 
intake of fuel in the event of a hardware or software failure that could 
impair the

[[Page 556]]

ability of the train crew to command that electronic function; or
    (ii) The ability to shut down the main power and fuel intake by non-
electronic means shall be provided to the train crew.
    (e) The railroad shall comply with the elements of its hardware and 
software safety program that affect the safety of the passenger 
equipment.

[67 FR 19990, Apr. 23, 2002]