SAFETY CRITICAL COMPONENTS (SCC) IN THE MAINTENANCE MANAGEMENT SYSTEM FOR RAILWAY VEHICLE

Maintenance management systems have been operating in the European railway market for many years. However, implementation of the new legal regulations means that the impact of the structured system approach is constantly developing. This new approach focuses on management of the safety critical components (SCC), where the main involved parties are rolling stock manufacturers and the certified entities in charge of maintenance (ECM). The aim of this article is to present how changes to legislation affect development of the maintenance systems, both in the context of their requirements and criteria used, as well as in relation to a requirement of rolling the certification process out to all ECMs, irrespectively of the types of vehicles are used by them. Furthermore, the article focuses on critical safety components and respectively challenges faced by entities on the railway market. Therefore, the process of identifying SCC is described and analysed by providing examples of components that most frequently appear on the list of safety critical components which were developed in the Polish railway market.


INTRODUCTION
The development of rail transport, both freight and passenger, is a priority element of the transport policy of the European Union and many of its members. Its advantages as energy efficiency and significantly lower CO2 emissions compared to aviation or road transport, also at the same time increasing speed and comfort of travel make rail transport more and more competitive both on short and long distances [35,37,40]. The 4th Railway Package is a set of legal acts that is to have a positive impact on the long-term process of creating the Single European Union Railway Area (SERA). The legal acts adopted at the European level are divided into two pillars, the market one, which is primarily intended to affect competitiveness and operational efficiency, and the technical pillar, which affects issues related to a unanimous approach to safety, technical and administrative issues facilitating the entry of new entities to the railway market. Directive (EU) 2016/798 of 11 May 2016 on railway safety is the key piece of legislation when discussing maintenance of the railway vehicles. This document, for the first time, includes provisions which indicate that entities in charge of the maintenance (ECM) are responsible for the certification process for not only freight wagons, as it was the case so far, but also for all the other railway vehicles [11,25].
The narrative literature review of safety critical components in the maintenance management systems for railway vehicles is presented in the article. The author has decided to use this method because it is an adequate way to summarize what has been written in the chosen areas of research, taking into consideration critical points of the current knowledge of the described aspects. In the article the comprehensive background of the safety critical components in the railway transport is provided. This information may help to understand current knowledge on these subjects and to highlight the fact that any available analyses of the safety critical components of railway vehicle are not sufficient, still very important though. In addition, legal requirements for the maintenance management systems in the rail transport, which cover, among other things, the management of critical elements, are analysed. In addition, an analysis of the position DIAGNOSTYKA, Vol. 23, No. 4 (2022) Gawlak K.: Safety critical components (SCC) in the maintenance management system for railway vehicle.
2 of the already acquired knowledge of critical elements in the scientific literature shows that research into safety critical components is intended to show that the legislator does not specifically indicate which elements of railway vehicles are critical elements and that leaving this decision to identify safety critical components in the hands of the rail market operators on a case-by-case basis may contribute to a variety of approaches and discrepancies in relation to this matter. On the one hand, this may be a fixed and comprehensive approach, and on the other, an high-risk approach, which may become an issue especially in situations where rolling stock manufacturers are no longer present in the railway market. The author has reviewed the literature on SCCs and their identification, which, according to the legislator, should be based on a risk management process.
Referring to the above, the aim of this article is to indicate difficulties related to the responsibility of various entities of the railway market, i.e. entities responsible for maintenance, manufacturers, railway undertakings which are legally required to accompany the designation of safety critical components of rail vehicles. The article also aims to answer a question on which safety critical components are most often indicated by railway market entities. This is based on an analysis of available publications and data available from Polish entities in charge of maintenance immediately after the entry into force of the new legislation. As far as author is aware, this analysis has not yet been presented in the available scientific publications.

SAFETY CRITICIAL COMPONENTS (SCC)
In this context, the approach to the maintenance of railway vehicles has changed. Until this point, according to the Commission Regulation (EU) No. 445/2011 of 10 May 2011 in relation to a system of certification of entities in charge of maintenance for freight wagons which amended Regulation (EC) No. 652/2007, only freight wagons were covered by the requirements related to providing the maintenance by a certified entity in charge of maintenance [7]. Human life, their safety and health should be considered as superior value, therefore it may seem surprising that they were not passengers vehicles that were the first to be subjected to these requirements. However, it was pointed out that there were the freight wagons that most often crossed the country borders in the European Union. Therefore, a common and united approach to comprehensive maintenance was adopted for them as a priority. Nevertheless, this does not mean that passenger traffic is deprived of regulations governing maintenance of the railway vehicles. Railway undertakings and infrastructure managers are required to develop and implement safety management systems (SMS), and according to the criteria of applicable legal requirements at the European level [4], the system must include appropriate procedures that will cover the process of maintaining the efficiency of railway vehicles, as well as issues related to the welfare of suppliers and their subsequent and regular evaluation.
The European legislator continues the process of developing the competitiveness, openness of the railway market and also enforcing the freedom of movement of the railway vehicles across the European Union. In this context, the European Union bodies decided to extend the scope of some requirements as well as reviewed a group of the recipients which are obligated to meet these criteria.  [7]. Therefore, all entities are obliged to consider the time expected to introduce processes as required by the legislation, which may vary within the European Union. The period may be extended if all those entities submit applications at the same time to the national safety authorities or other relevant authorised bodies that lead the certification process. An exception to this approach may be situations where railway undertakings or infrastructure managers, use their vehicles only for the purposes of their own operations and therefore can demonstrate compliance with the requirements of [7] within the safety management systems implemented as part of the process of obtaining a single safety certificate or safety authorization. In the case of the own operation, it is not allowed to lease and share vehicles to other railway market entities.
In addition to already mentioned change of scope of the entities that are obliged to comply with the requirements in relation to entities in charge of maintenance, the criteria that need to be fulfilled by the certified ECM were also extended. However, when it comes to analysing the criteria related to broadly understood maintenance of railway vehicles, the consistency of actions taken by the European legislator should be emphasized. The approach taken does not propose any revolutionary changes in the legislation at the European level. The process of integrating and harmonizing requirements in relation to the ECM is an evolutionary process. The European Union Regulation [9], which was the first regulation for ECM, defined the functions that must be covered by the ECM maintenance system of the freight wagons. Four separate functions have been distinguished: DIAGNOSTYKA, Vol. 23, No. 4 (2022) Gawlak K.: Safety critical components (SCC) in the maintenance management system for railway vehicle. However, it should be noted that ECM is not obliged to perform all activities related to maintaining the efficiency of the rolling stock with its own resources, neither human nor technical. The performance of selected functions may be outsourced to the external market. The management function related to the coordination and supervision of the remaining functions may not be performed by another entity. This approach was also reinforced in the newly implemented executive act [7]. Therefore, the foundations of the mentioned function of the maintenance management system have been sustained, and only their scope and definition have been adapted to cover all railway vehicles, not just freight wagons ( Fig. 1). At this point, one more important thing should be emphasized. It has been indicated that ECM can use the services of external entities to outsource a very wide range of maintenance activities of railway vehicles. However, the responsibility for the current technical condition of the railway vehicle, and thus a directly related guarantee that it can move safely on the railway network and does not pose a danger to the railway infrastructure and movement of other vehicles, still remains with ECM [16].

RISK ASSESSMENT IN MAINTENANCE
There are some discrepancies how risk management is interpreted. Depending on the industry in which it is applied, the structure and type of organisation, economical and political climate, the concept of risk management can be understood and explained in a number of different ways.
The most important regulation of the European Commission about risk management in the railway system [8] defines risk management as the systematic application of management policies, procedures and practices to the tasks of analysing, evaluating and controlling risks. The ISO Guide in turn presents the following definition: co-ordinated activities to direct and control an organisation with regard to risk. [22] Another definition of the risk management is the set of activities within an organization which are undertaken to deliver the most favorable outcome and reduce the volatility or variability of that outcome [22]. It has to be said that above definitions have a common denominator, which is oriented towards corporate attitude and its impact on the comprehensive identification and subsequent prevention of risks.
In the rail transport, as in many other industries, the risk management process may be divided in the three main stages: risk assessment, risk analysis and risk evaluation. Risk assessment is a phase in the risk management in which an identified risk must be assessed on the basis of criteria with an acceptable level of risk to eliminate the hazard with an unacceptable level of risk [20]. It is commonly used in various industries and fields of science to identify areas, components activities etc. that are particularly sensitive from a safety point of view. In the field of transport, it is widely used both in the context of the design and maintenance of means of transport and infrastructure [1,12,18,28,31,33,36]. In addition, a review of the literature on risk assessment in the field of rail transport, i.e. transport of dangerous goods, road-rail crossings, use of modern traffic control devices or organization of the transport process, is presented in [38]. With regards to railway vehicles and their maintenance, the use of Weibull's probability distribution as the system to predict reliability and thus the risk level is presented in [20]. This assessments are based primarily on a structured analysis of a specific system by describing the system and its parameters, identifying hazards, and a qualitative and quantitative risk analysis based on available experience and knowledge. In terms of data availability and its quality, progressive digitalization associated with increasing the possibilities of collecting, storing, and processing information quickly has a positive impact on carrying out a comprehensive evaluation. Currently, companies collect detailed information on vehicle maintenance and operation through detection systems installed on vehicles or railway infrastructure, as well as gathering data from employees performing routine maintenance.
These processes enable to comprehensively use data to create algorithms and decision-making models, which have a direct impact on development of a risk assessment [17,41].
In rail transport, risk assessment directly derives from legal requirements at the European level. It is used, among others in the process of managing the DIAGNOSTYKA, Vol. 23, No. 4 (2022) Gawlak K.: Safety critical components (SCC) in the maintenance management system for railway vehicle. Nevertheless, in addition to adhering to the legal framework, the methods used or the support of technical resources in the aspect of risk management may differ between different entities on the railway market. Therefore, there is no consistency and different entities manage their maintenance processes and procedures differently.
One solution for better unification is application of Dynamic Risk Assessment (DRA). It is a live system which is based on continuous updating of the level of estimated risk based on the results of the control system, safety barriers, inspection and maintenance activities, organizational and human factor, accidents scenarios [24,27]. Compared to traditional risk assessment methods, the DRA includes an additional function which relates to monitoring and accessing the low probability conditions to revise the estimated risk such as accidents, deviation of key process characteristic from target values. However, it highly depends on the entity which elements and how they are used t. The DRA method is an example of a proactive approach to maintenance in the railway transport. Due to the importance for the smooth and safe operation of vehicles, the critical elements to ensure safety of railway vehicles as discussed in this article require a special supervision. The reason for support for railway vehicle maintenance systems using the DRA method or related methods of active risk management is to reduce the probability of any failure occurring, which could cause a reduction in the safety of the transport, including the necessity to exclude the vehicle from traffic, and thus the related material and reputational losses for the operator. However, the responsible approach of the entities in charge of vehicle maintenance and users of railway vehicles requires involvement at every stage of the product life cycle, from the selection of the manufacturer and the definition of basic technical requirements, through ensuring appropriate human and technical resources, maintenance planning, as well as having an open approach to changing external and internal factors that may initially have an unnoticeable impact on the maintenance process of railway vehicles.

SAFETY CRITICIAL COMPONENTS (SCC)
A completely new issue that was introduced in [7] is the requirement which must be met by entities in charge of maintenance with respect to the management of safety-critical components. This is a new aspect that has been included in the criteria of maintenance management systems. It is said to currently present a great challenge not only for ECM, but also for manufacturers of railway vehicles.
To understand the concept of safety-critical components, it is necessary to demonstrate how the word safety can be interpreted. Definition of safety due to its commonality in various parts of human lives may provide a different understanding and for that reason may be constantly redefined. It lacks a clear and unambiguous interpretation. On one hand, safety has positive connotations of protection from danger, risk, or injury, which may be described 'happiness'. However, it does not provide a very precise definition, which could be understood and used by all organizations consistently. In this case, the clarification of subjective approach both on an individual and organisational level is needed. On the other hand, the safety can be associated with negative aspects, which may be understood as 'the state of not being dangerous' [19]. This understanding appears to be better in the context of ensuring the appropriate level of maintenance of railway vehicles. The safety defined in this way refers to issues related to the construction and maintenance of railway vehicles. Among the elements that are part of the railway vehicles, there are so-called safety-related components, which 'perform safety-relevant functions keeping the vehicle in a safe state and preventing a safety hazard occurring' [11]. In this way, the first division of railway elements is presented, and it represents the positive connotations of safety. Following the step, the possibility of designing the so-called safetyrelevant components (SRC) is presented. In this case, the key phrase seems to be: 'vehicle components that can trigger follow-up events and follow-up actions through a failure, which could turn into serious events'. It is important to highlight that safety-relevant components are subject to traceability obligations as to document maintenance works [23]. Despite the divisions (Fig. 2) already made and the awareness that certain elements of the construction of railway vehicles have a significant impact on the safety of the railway transport system and its environment, there was no specific legal framework that would indicate unanimous requirements for managing their maintenance.
The European legislator introduced in [14] and later in [7] the concept of safety-critical elements. The dictionary definition of the word critical draws attention to two issues -firstly, 'the effect and impact that an element described in this way may haveextremely important because a future situation will be affected by it', and on the other hand, it translates the term critical as 'serious, uncertain, and possibly dangerous' [32]. For this reason, adopting a criticality approach in the context of the elements that make up railway vehicles is crucial to capture the sensitive areas for the maintenance of railway vehicles. Among the [6] safety critical components are defined as 'components for which a single failure has a credible potential to lead directly to a serious accident resulting in stated consequences'. In this DIAGNOSTYKA, Vol. 23, No. 4 (2022) Gawlak K.: Safety critical components (SCC) in the maintenance management system for railway vehicle. 5 definition, the key is to focus on the word direct, to which there is no reference in the definition of safety-relevant elements presented above. It indicates the imminent following effect, not any subsequent events or actions that lead to a serious event. The suggested solutions and the definition of SCC itself are the starting point to consider the responsibilities for the proper management of safetycritical elements, including their appropriate identification [15].

METHODS OF IDENTIFICATION OF THE SAFETY CRTITICAL COMPONENTS (SSC)
The first step in managing safety-critical components, but perhaps the most challenging one, is to identify them. All participants in the railway market face this difficult task, which has a significant impact on the creation of a comprehensive and safe system of maintenance of railway vehicles. In terms of identification of SCC, many aspects should be considered, primarily related to a correct definition of market entities responsible for this task, then the life cycle of a railway vehicle, as well as the operating range and the environment in which it operates. The broad description of the participants of the SCC management process illustrates standard CEN/TR 17696:2021 [10]. It not only covers the entities involved in the maintenance and operation of railway vehicles, but also presents the impact of rail market regulators at the European level on the process [10]. However, for the purposes of this article, attention will be given on the actors that are mainly involved in the identification of safety critical components. These include manufacturer, entity managing the change and entity in charge of maintenance [15]. Their role in the maintenance of railway vehicles is crucial, and as the [10,16] point out, they complement each other. SSC management is not possible without cooperation between the entities mentioned above, and in particular, the constant exchange of information. Such performance should not only be understood as an act a goodwill of the rail market participants, but should be perceived as their duty. To a large extent, it was included in [7], which indicates when and what data should be shared between entities, including, among others, a precondition or evidence indicating the identification of a new critical element or the results of the risk analysis, indicating the solid conclusions in the field of SCC identification. Furthermore, [7,14] point out that the exchange of information that is important from the point of view of safety is an essential element for building and developing a safe rail transport system. It manifests itself in a mutual trust and the monitoring of actions taken by other participants. Therefore, it is extremely important to include the experience and data from the railway undertakings that operate vehicles on a daily basis in this process. Their registers based on the internal notification systems about disturbances on the route related to the proper operation of individual vehicle subsystems or, even more precisely, their components, feed into databases which can later be analysed for the criticality of vehicle components [15,16].
When analysing the entities involved in the critical element management process, it should be remembered that it is the vehicle and its individual characteristics that should be in the centre of this analysis. For this reason, when it comes to identifying critical elements, it should be noted at the very early stages whether it is a new vehicle or an existing vehicle. At the same time, it is necessary to properly understand the definition of a new vehicle, which is understood as a 'vehicle for which an applicant has requested vehicle type authorization for placing on the market'. Authorization is obtained through the Agency One-Stop Shop from the authorizing entity (in Poland National Safety Authority -Urząd Transportu Kolejowego) and complies with [5]. All vehicles that do not meet those criteria are treated as existing vehicles. Such a division makes it possible to define the obligation when and how to start work on the development of a list of the safety-critical elements. In the case of new vehicles, it is the manufacturer who is responsible for identifying critical elements and functions when designing a new vehicle type. The components identified on the basis of the risk analysis should be reflected in the technical documentation of the vehicle. In respect of vehicles that have already been put into service under previous legal regulations, [9] does not impose an obligation to immediately and retrospectively develop a list of critical elements on any of the entities, manufacturer, entities managing the change nor entity in charge of maintenance. These steps should be taken by entity managing the change in the case of engineering change, renewal, upgrading or refurbishment which are fully explained in [10]. However, it only refers to a part of the vehicle which was directly affected by those activities. In such situations, the entity managing the change is treated as the manufacturer. The above interpretation is important because when analysing Polish railway market and the entities in charge of maintenance operating in it, the issue does not seem to be fully understood. On many occasions, these entities, during the construction of the maintenance DIAGNOSTYKA, Vol. 23, No. 4 (2022) Gawlak K.: Safety critical components (SCC) in the maintenance management system for railway vehicle.
6 management system or just after implementation, seek to identify a list of safety critical components for all types of maintained railway vehicles, doing it somehow retrospectively. According to the interpretation above, such an approach is not entirely correct because the list has to be compiled only for new vehicles or when the changes to existing ones are introduced. Nevertheless, an entity in charge of maintenance is obligated by [7] to identify potential safety critical components through monitoring the activities, analysing the data and indicators from the maintenance and exploitation, changes to the maintenance documentation, and taking into account the continuous improvement (Fig. 3). The initial SCC assumptions should be submitted to the rolling stock manufacturer (if this entity is still present/active on the market), to carry out an additional risk assessment in this scope. In a situation, when the manufacturer is no longer operating on the market, so the ECM cannot ask for support in confirming the pre-identified SSC, it undertakes the actions itself. At the same time, as in the case of a producer, the assessment of the SCC should be supported by a risk management process. Focusing on the need to identify a new SCC, it should be noted that the law also allows for the opposite situation. A vehicle element that was initially identified as an SCC, and therefore entered on the SCC-list, may be removed from it. However, also in this case, this decision must be properly proven with evidence resulting from the operation process and maintenance and also supported by the risk management process [15].

LIST OF SAFETY CRITICAL COMPONENTS
As previously mentioned, a list of the critical elements is required for new vehicles. Therefore, rolling stock manufacturers in the design and construction process of railway vehicles should act accordingly, to the extent of their knowledge and technological possibilities, they should minimize the number of such elements. This should be done by making appropriate decisions on the selection of materials, technical solutions, or combining the essential functions of the vehicle within individual elements. However, the technical possibilities and the main functions performed by certain vehicle components may make it impossible to find design solutions for rolling stock in which there will be no SCCs. Based on the risk management process, the producer is obliged to identify the SCC in the design phase. Recognition of such elements has additional implications related to the appropriate preparation of vehicle technical and maintenance documentation. One could say that in this respect the safety-critical elements are to be treated as a priority, and also that the technical documentation itself should highlight the requirements for 'operational, servicing, maintenance; as well as operational, servicing, and maintenance traceability' [7]. At this stage, the manufacturer is also expected to include precedents, rules, and a description of the methods that were used to identify the SCC in the Maintenance Design Justification File (which is the extract of chapter 4.5.2 of annex to TSI Wagons, chapter 4.2.12.3.1. of annex to TSI Loc&Pas and chapter 4.5.1 of annex to TSI CCS). The same approach should be taken for vehicles that undergo change, renewal or upgrading according to this legislation [10,16].
It should be noted that the European Union Railway Agency or the National Safety Authorities do not present the proposed SCC lists. They also do not indicate which specific components should be included in the list. In the publication [16] it is presented the understanding of implementing acts and thus guidelines for rail market participants involved in the process of gradual SCC identification. In addition, the subject of safetycritical components and related topics such as the catalogue of functions and performance of railway vehicle components are taken up by standardization committees [10] also does not present a set of readymade SCCs for individual types of railway vehicles. Instead, it presents an exemplary possibility to conduct a risk assessment, which is commonly used for risk analysis in various industries. As presented in [10] these include, for example, ETA (Event Tree Analysis); FTA (Fault Tree Analysis); FMECA (Failure Mode Effect & Criticality Analysis). These and others methods are among others used to conduct process of identification of the weakest components of rail vehicle [39] (including metro vehicles [30]), evaluate different components of rail vehicles such as bogies [26,29], running gear [34], heating, ventilation and air conditioning system (HVAC) [2], doors [3,13] and others. It is worth noting that the list of methods by which the risk may be assessed is not finite, it is the railway entity that conducts it that makes the choice. However, it assumes full responsibility for its results; therefore, it should exercise due diligence to ensure that the evaluation is as comprehensive as possible.
In order to meet the new requirements of the European law, the entities in charge of maintenance in Poland, attempt in cooperation with the vehicle manufacturers operating on the market (if it is possible) to identify list of safety critical components for the types of vehicles in their rolling stock. The same set of rules apply to all entities when assessing all types of vehicles. According to the requirements adopted by the law and guidelines on this subject, as well as the principles presented in this article, entities conduct the SSC identification on the basis of their own experience, knowledge and history of operation and maintenance of their railway vehicles. Railway accidents, which are caused by the wrong technical condition of vehicles and have serious consequences, play a major role in this process. Therefore, it is expected that all lists of critical safety components being currently created overlap with each other and include components of which improper technical condition cause an increased risk of the railway accidents.
Following this approach, wheelsets and other elements related to their proper operation (axle bearings, wheelset guiding systemshorn plates and columns, guide arms or suspension systems in general (especially primary suspension, between the wheelset and bogie frame) are always included on the list. With reference to the described examples, attention should be given to different approaches when discussing component, which can be reduced to a single part or a set of parts that together play an essential role for the safe operation of the rolling stock. In addition, components of the brake system, couplers and buffers, pantographs cooperating with catenary are also described as critical safety components. Analysing the most recent SCC lists which are available on the Polish market and taking into consideration [14,21,23,39] some regularity may be noticed. It is related to identification of the elements that ensure proper cooperation with the railway infrastructure and correct running of the train. This approach is certainly valid; these are undoubtedly elements that have a huge impact on the safety of rail transport. However, it should be considered whether, when determining the criticality of the obvious components, the issues related to the indirect elements that may also have significant impact are not overlooked. It is particularly important in the case of modern rolling stock, in which more and more complex electronic and IT systems are used, the reliability of which is one of the conditions of the safe operation for example, the GSM-R communication systems, the European Train Control System (ETCS), the active deadman switch, or diagnostic systems on the vehicle that monitor, as example, the temperatures of individual vehicle axle bearings.
Tab. 1 shows a list of the critical elements most frequently identified in the sources mentioned previously, mainly the Polish market. However, one must remember that this list is open and will never be finite. Nevertheless, it is hoped that the list will be reviewed and updated as a result of professional feedback and ongoing analysis carried out during the maintenance activities, and not as a result of railway accidents, which will only show insufficient supervision over individual elements of the vehicle (as was the case in the past).
Tab. 1 Importance of identified safety critical components (own study based on the knowledge of the market, [14,21,23,39] No. Safety critical component Importance Buffer low 13 Cab radio low

SUMMARY
As previously mentioned, Maintenance management systems have been in place for many years in the rail market. However, management of safety critical components is a relatively recent issue in the rail industry. Additionally, along with the implementation of [7] many new bodies in charge of maintenance appeared on the rail market due to the obligation to certify all entities, regardless of the vehicle maintained. Nevertheless, the adopted regulations do not aim to revolutionize the approach to MMS, which still needs to cover the same functions as previously. Furthermore, in the guidance and standards intended to support the entities in charge of maintenance and other bodies involved, the process-oriented approach and the cooperation of various entities of the rail market are highlighted. The identification of SCC by manufacturer during the design and construction of rolling stock, as well as the subsequent gradual identification based on the data collected by the ECM on the operation and maintenance of vehicles, according to the knowledge gained during maintenance activities are to constitute the source of a comprehensive approach to safety critical components. Safe rail is achieved by proactive measures that reduce the risk and prevent the occurrence of possible failures rather than by reacting to various types of errors and neglects after DIAGNOSTYKA, Vol. 23, No. 4 (2022) Gawlak K.: Safety critical components (SCC) in the maintenance management system for railway vehicle. 8 the occurrence of railway accidents, which may lead to a very serious consequences.

Declaration of competing interest:
The author declares no conflict of interest.