CFR 2011 Title49 Vol4 Part236

Federal Railroad Administration, DOT Pt.
236
PART 236—RULES, STANDARDS, 236.56 Shunting sensitivity.

236.57 Shunt and fouling wires.
AND INSTRUCTIONS GOVERNING 236.58 Turnout, fouling section.
THE INSTALLATION, INSPECTION, 236.59 Insulated rail joints.
MAINTENANCE, AND REPAIR OF 236.60 Switch shunting circuit; use re-
stricted.
SIGNAL AND TRAIN CONTROL
SYSTEMS, DEVICES, AND APPLI- WIRES AND CABLES
ANCES 236.71 Signal wires on pole line and aerial
cable.
Sec. 236.72 [Reserved]
236.0 Applicability, minimum requirements, 236.73 Open-wire transmission line; clear-
and penalties. ance to other circuits.
236.74 Protection of insulated wire; splice in
Subpart A—Rules and Instructions: All underground wire.
Systems 236.75 [Reserved]
236.76 Tagging of wires and interference of
GENERAL wires or tags with signal apparatus.
236.1 Plans, where kept. INSPECTIONS AND TESTS; ALL SYSTEMS
236.2 Grounds.
236.3 Locking of signal apparatus housings. 236.101 Purpose of inspection and tests; re-
236.4 Interference with normal functioning moval from service of relay or device
of device. failing to meet test requirements.
236.5 Design of control circuits on closed 236.102 Semaphore or searchlight signal
circuit principle. mechanism.
236.6 Hand-operated switch equipped with 236.103 Switch circuit controller or point
switch circuit controller. detector.
236.7 Circuit controller operated by switch- 236.104 Shunt fouling circuit.
and-lock movement. 236.105 Electric lock.
236.8 Operating characteristics of electro- 236.106 Relays.
magnetic, electronic, or electrical appa- 236.107 Ground tests.
ratus. 236.108 Insulation resistance tests, wires in
236.9 Selection of circuits through indi- trunking and cables.
cating or annunciating instruments. 236.109 Time releases, timing relays and
236.10 Electric locks, force drop type; where timing devices.
required. 236.110 Results of tests.
236.11 Adjustment, repair, or replacement of
component. Subpart B—Automatic Block Signal
236.12 Spring switch signal protection; Systems
where required.
236.13 Spring switch; selection of signal con- STANDARDS
trol circuits through circuit controller. 236.201 Track-circuit control of signals.
236.14 Spring switch signal protection; re- 236.202 Signal governing movements over
quirements. hand-operated switch.
236.15 Timetable instructions. 236.203 Hand operated crossover between
236.16 Electric lock, main track releasing main tracks; protection.
circuit. 236.204 Track signaled for movements in
236.17 Pipe for operating connections, re- both directions, requirements.
quirements. 236.205 Signal control circuits; require-
236.18 Software management control plan. ments.
236.206 Battery or power supply with respect
ROADWAY SIGNALS AND CAB SIGNALS to relay; location.
236.21 Location of roadway signals. 236.207 Electric lock on hand-operated
236.22 Semaphore signal arm; clearance to switch; control.
other objects.
236.23 Aspects and indications. Subpart C—Interlocking
236.24 Spacing of roadway signals.
236.25 [Reserved] STANDARDS
236.26 Buffing device, maintenance. 236.301 Where signals shall be provided.
236.302 Track circuits and route locking.
TRACK CIRCUITS
236.303 Control circuits for signals, selec-
236.51 Track circuit requirements. tion through circuit controller operated
236.52 Relayed cut-section. by switch points or by switch locking
236.53 Track circuit feed at grade crossing. mechanism.
236.54 Minimum length of track circuit. 236.304 Mechanical locking or same protec-
236.55 Dead section; maximum length. tion effected by circuits.
683
VerDate Mar<15>2010 14:14 Nov 15, 2011 Jkt 223217 PO 00000 Frm 00693 Fmt 8010 Sfmt 8010 Q:\49\49V4.TXT ofr150 PsN: PC150
Pt. 236 49 CFR Ch. II (10–1–11 Edition)
236.305 Approach or time locking. Subpart D—Traffic Control Systems
236.306 Facing point lock or switch-and-lock
movement. STANDARDS
236.307 Indication locking. 236.401 Automatic block signal system and
236.308 Mechanical or electric locking or interlocking standards applicable to traf-
electric circuits; requisites. fic control systems.
236.309 Loss of shunt protection; where re- 236.402 Signals controlled by track circuits
quired. and control operator.
236.310 Signal governing approach to home 236.403 Signals at controlled point.
signal. 236.404 Signals at adjacent control points.
236.311 Signal control circuits, selection 236.405 Track signaled for movements in
through track relays or devices func- both directions, change of direction of
tioning as track relays and through sig- traffic.
nal mechanism contacts and time re- 236.406 [Reserved]
leases at automatic interlocking. 236.407 Approach or time locking; where re-
236.312 Movable bridge, interlocking of sig- quired.
nal appliances with bridge devices. 236.408 Route locking.
236.313 [Reserved] 236.409 [Reserved]
236.314 Electric lock for hand-operated 236.410 Locking, hand-operated switch; re-
switch or derail. quirements.
RULES AND INSTRUCTIONS RULES AND INSTRUCTIONS
236.326 Mechanical locking removed or dis- 236.426 Interlocking rules and instructions
arranged; requirement for permitting applicable to traffic control systems.
train movements through interlocking.
236.327 Switch, movable-point frog or split- INSPECTION AND TESTS
point derail.
236.476 Interlocking inspections and tests
236.328 Plunger of facing-point lock.
applicable to traffic control systems.
236.329 Bolt lock.
236.330 Locking dog of switch-and-lock
Subpart E—Automatic Train Stop, Train
movement.
236.331–236.333 [Reserved]
Control and Cab Signal Systems
236.334 Point detector. STANDARDS
236.335 Dogs, stops and trunnions of me-
chanical locking. 236.501 Forestalling device and speed con-
236.336 Locking bed. trol.
236.337 Locking faces of mechanical lock- 236.502 Automatic brake application, initi-
ing; fit. ation by restrictive block conditions
236.338 Mechanical locking required in ac- stopping distance in advance.
cordance with locking sheet and dog 236.503 Automatic brake application; initi-
chart. ation when predetermined rate of speed
236.339 Mechanical locking; maintenance re- exceeded.
quirements. 236.504 Operation interconnected with auto-
236.340 Electromechanical interlocking ma- matic block-signal system.
chine; locking between electrical and 236.505 Proper operative relation between
mechanical levers. parts along roadway and parts on loco-
236.341 Latch shoes, rocker links, and motive.
quandrants. 236.506 Release of brakes after automatic
236.342 Switch circuit controller. application.
236.507 Brake application; full service.
INSPECTION AND TESTS 236.508 Interference with application of
brakes by means of brake valve.
236.376 Mechanical locking. 236.509 Two or more locomotives coupled.
236.377 Approach locking. 236.510 [Reserved]
236.378 Time locking. 236.511 Cab signals controlled in accordance
236.379 Route locking. with block conditions stopping distance
236.380 Indication locking. in advance.
236.381 Traffic locking. 236.512 Cab signal indication when loco-
236.382 Switch obstruction test. motive enters block where restrictive
236.383 Valve locks, valves, and valve conditions obtain.
magnets. 236.513 Audible indicator.
236.384 Cross protection. 236.514 Interconnection of cab signal system
236.385 [Reserved] with roadway signal system.
236.386 Restoring feature on power switches. 236.515 Visibility of cab signals.
236.387 Movable bridge locking. 236.516 Power supply.
684
Federal Railroad Administration, DOT Pt. 236
RULES AND INSTRUCTIONS; ROADWAY 236.590 Pneumatic apparatus.
236.526 Roadway element not functioning Subpart F—Dragging Equipment and Slide
properly.
Detectors and Other Similar Protective
236.527 Roadway element insulation resist-
Devices
ance.
236.528 Restrictive condition resulting from STANDARDS
open hand-operated switch; requirement.
236.601 Signals controlled by devices; loca-
236.529 Roadway element inductor; height tion.
and distance from rail.
236.530 [Reserved] Subpart G—Definitions
236.531 Trip arm; height and distance from
rail. 236.700 Definitions.
236.532 Strap iron inductor; use restricted. 236.701 Application, brake; full service.
236.702 Arm, semaphore.
236.533 [Reserved]
236.703 Aspect.
236.534 Entrance to equipped territory; re- 236.704 [Reserved]
quirements. 236.705 Bar, locking.
236.706 Bed, locking.
RULES AND INSTRUCTIONS; LOCOMOTIVES 236.707 Blade, semaphore.
236.551 Power supply voltage; requirement. 236.708 Block.
236.552 Insulation resistance; requirement. 236.709 Block, absolute.
236.553 Seal, where required. 236.710 Block, latch.
236.711 Bond, rail joint.
236.554 Rate of pressure reduction; equal-
236.712 Brake pipe.
izing reservoir or brake pipe. 236.713 Bridge, movable.
236.555 Repaired or rewound receiver coil. 236.714 Cab.
236.556 Adjustment of relay. 236.715–236.716 [Reserved]
236.557 Receiver; location with respect to 236.717 Characteristics, operating.
rail. 236.718 Chart, dog.
236.558–236.559 [Reserved] 236.719 Circuit, acknowledgment.
236.560 Contact element, mechanical trip 236.720 Circuit, common return.
type; location with respect to rail. 236.721 Circuit, control.
236.561 [Reserved] 236.722 Circuit, cut-in.
236.723 Circuit, double wire; line.
236.562 Minimum rail current required.
236.724 Circuit, shunt fouling.
236.563 Delay time. 236.725 Circuit, switch shunting.
236.564 Acknowledging time. 236.726 Circuit, track.
236.565 Provision made for preventing oper- 236.727 Circuit, track; coded.
ation of pneumatic break-applying appa- 236.728 Circuit, trap.
ratus by double-heading cock; require- 236.729 Cock, double heading.
ment. 236.730 Coil, receiver.
236.566 Locomotive of each train operating 236.731 Controller, circuit.
in train stop, train control or cab signal 236.732 Controller, circuit; switch.
territory; equipped. 236.733 Current, foreign.
236.567 Restrictions imposed when device 236.734 Current of traffic.
236.735 Current, leakage.
fails and/or is cut out en route.
236.736 Cut-section.
236.568 Difference between speeds author- 236.737 Cut-section, relayed.
ized by roadway signal and cab signal; 236.738 Detector, point.
action required. 236.739 Device, acknowledging.
236.740 Device, reset.
INSPECTION AND TESTS; ROADWAY 236.741 Distance, stopping.
236.576 Roadway element. 236.742 Dog, locking.
236.577 Test, acknowledgement, and cut-in 236.743 Dog, swing.
circuits. 236.744 Element, roadway.
236.745 Face, locking.
INSPECTION AND TESTS; LOCOMOTIVE 236.746 Feature, restoring.
236.747 Forestall.
236.586 Daily or after trip test. 236.748 [Reserved]
236.587 Departure test. 236.749 Indication.
236.588 Periodic test. 236.750 Interlocking, automatic.
236.589 Relays. 236.751 Interlocking, manual.
236.752 Joint, rail, insulated.
236.753 Limits, interlocking.
236.754 Line, open wire.
236.755 Link, rocker.
685
Pt. 236 49 CFR Ch. II (10–1–11 Edition)
236.756 Lock, bolt. 236.820 Switch, interlocked.
236.757 Lock, electric. 236.820a Switch, power-operated.
236.758 Lock, electric, forced drop. 236.821 Switch, sectionalizing.
236.759 Lock, facing point. 236.822 Switch, spring.
236.760 Locking, approach. 236.823 Switch, trailing point.
236.761 Locking, electric. 236.824 System, automatic block signal.
236.762 Locking, indication. 236.825 System, automatic train control.
236.763 Locking, latch operated. 236.826 System, automatic train stop.
236.764 Locking, lever operated. 236.827 System, block signal.
236.765 Locking, mechanical. 236.828 System, traffic control.
236.766 Locking, movable bridge. 236.829 Terminal, initial.
236.767 Locking, route. 236.830 Time, acknowledging.
236.768 Locking, time. 236.831 Time, delay.
236.769 Locking, traffic. 236.831a Track, main.
236.770 Locomotive. 236.832 Train.
236.771 Machine, control. 236.833 Train, opposing.
236.772 Machine, interlocking. 236.834 Trip.
236.773 Movements, conflicting. 236.835 Trunking.
236.774 Movement, facing. 236.836 Trunnion.
236.775 Movement, switch-and-lock. 236.837 Valve, electro-pneumatic.
236.776 Movement, trailing. 236.838 Wire, shunt.
236.777 Operator, control.
236.778 Piece, driving. Subpart H—Standards for Processor-Based
236.779 Plate, top. Signal and Train Control Systems
236.780 Plunger, facing point lock.
236.781 [Reserved] 236.901 Purpose and scope.
236.782 Point, controlled. 236.903 Definitions.
236.783 Point, stop-indication. 236.905 Railroad Safety Program Plan
236.784 Position, deenergized. (RSPP).
236.785 Position, false restrictive. 236.907 Product Safety Plan (PSP).
236.786 Principle, closed circuit. 236.909 Minimum performance standard.
236.787 Protection, cross. 236.911 Exclusions.
236.913 Filing and approval of PSPs.
236.787a Railroad.
236.915 Implementation and operation.
236.788 Receiver.
236.917 Retention of records.
236.789 Relay, timing.
236.919 Operations and Maintenance Man-
236.790 Release, time.
ual.
236.791 Release, value.
236.921 Training and qualification program,
236.792 Reservoir, equalizing.
general.
236.793 Rod, lock.
236.923 Task analysis and basic require-
236.794 Rod, up-and-down.
ments.
236.795 Route.
236.925 Training specific to control office
236.796 Routes, conflicting.
personnel.
236.797 Route, interlocked.
236.927 Training specific to locomotive engi-
236.798 Section, dead.
neers and other operating personnel.
236.799 Section, fouling.
236.929 Training specific to roadway work-
236.800 Sheet, locking.
ers.
236.801 Shoe, latch.
236.802 Shunt.
Subpart I—Positive Train Control Systems
236.802a Siding.
236.803 Signal, approach. 236.1001 Purpose and scope.
236.804 Signal, block. 236.1003 Definitions.
236.805 Signal, cab. 236.1005 Requirements for Positive Train
236.806 Signal, home. Control systems.
236.807 Signal, interlocking. 236.1006 Equipping locomotives operating in
236.808 Signals, opposing. PTC territory.
236.809 Signal, slotted mechanical. 236.1007 Additional requirements for high-
236.810 Spectacle, semaphore arm. speed service.
236.811 Speed, medium. 236.1009 Procedural requirements.
236.812 Speed, restricted. 236.1011 PTC Implementation Plan content
236.813 Speed, slow. requirements.
236.813a State, most restrictive. 236.1013 PTC Development Plan and Notice
236.814 Station, control. of Product Intent content requirements
236.815 Stop. and Type Approval.
236.816 Superiority of trains. 236.1015 PTC Safety Plan content require-
236.817 Switch, electro-pneumatic. ments and PTC System Certification.
236.818 Switch, facing point. 236.1017 Independent third party
236.819 Switch, hand operated. Verification and Validation.
686
Federal Railroad Administration, DOT § 236.0
236.1019 Main line track exceptions. (c)(1) Prior to January 17, 2012, where
236.1020 Exclusion of track segments for im- a passenger train is operated at a speed
plementation due to cessation of PIH of 60 or more miles per hour, or a
materials service or rerouting.
236.1021 Discontinuances, material modi- freight train is operated at a speed of
fications, and amendments. 50 or more miles per hour—
236.1023 Errors and malfunctions. (i) A block signal system complying
236.1025 [Reserved] with the provisions of this part shall be
236.1027 PTC system exclusions. installed; or
236.1029 PTC system use and en route fail- (ii) A manual block system shall be
ures.
placed permanently in effect that shall
236.1031 Previously approved PTC systems.
236.1033 Communications and security re- conform to the following conditions:
quirements. (A) A passenger train shall not be ad-
236.1035 Field testing requirements. mitted to a block occupied by another
236.1037 Records retention. train except when absolutely necessary
236.1039 Operations and Maintenance Man- and then only by operating at re-
ual. stricted speed;
236.1041 Training and qualification program,
general.
(B) No train shall be admitted to a
236.1043 Task analysis and basic require- block occupied by a passenger train ex-
ments. cept when absolutely necessary and
236.1045 Training specific to office control then only by operating at restricted
personnel. speed;
236.1047 Training specific to locomotive en- (C) No train shall be admitted to a
gineers and other operating personnel. block occupied by an opposing train ex-
236.1049 Training specific to roadway work-
ers.
cept when absolutely necessary and
then only while one train is stopped
APPENDIX A TO PART 236—CIVIL PENALTIES
APPENDIX B TO PART 236—APPENDIX B TO and the other is operating at restricted
PART 236—RISK ASSESSMENT CRITERIA speed; and
APPENDIX C TO PART 236—SAFETY ASSURANCE (D) A freight train, including a work
CRITERIA AND PROCESSES train, may be authorized to follow a
APPENDIX D TO PART 236—INDEPENDENT RE- freight train, including a work train,
VIEW OF VERIFICATION AND VALIDATION into a block and then only when the
APPENDIX E TO PART 236—HUMAN-MACHINE following train is operating at re-
INTERFACE (HMI) DESIGN
APPENDIX F TO PART 236—MINIMUM REQUIRE- stricted speed.
MENTS OF FRA DIRECTED INDEPENDENT (2) On and after January 17, 2012,
THIRD-PARTY ASSESSMENT OF PTC SYS- where a passenger train is permitted to
TEM SAFETY VERIFICATION AND VALIDA- operate at a speed of 60 or more miles
TION per hour, or a freight train is permitted
AUTHORITY: 49 U.S.C. 20102–20103, 20107, to operate at a speed of 50 or more
20133, 20141, 20157, 20301–20303, 20306, 20501– miles per hour, a block signal system
20505, 20701–20703, 21301–21302, 21304; 28 U.S.C. complying with the provisions of this
2461, note; and 49 CFR 1.49. part shall be installed, unless an FRA
SOURCE: 33 FR 19684, Dec. 25, 1968, unless approved PTC system meeting the re-
otherwise noted. quirements of this part for the subject
speed and other operating conditions is
§ 236.0 Applicability, minimum re- installed.
quirements, and penalties. (d)(1) Prior to December 31, 2015,
(a) Except as provided in paragraph where any train is permitted to operate
(b) of this section, this part applies to at a speed of 80 or more miles per hour,
all railroads and any person as defined an automatic cab signal, automatic
in paragraph (f) of this section. train stop, or automatic train control
(b) This part does not apply to— system complying with the provisions
(1) A railroad that operates only on of this part shall be installed, unless an
track inside an installation that is not FRA approved PTC system meeting the
part of the general railroad system of requirements of this part for the sub-
transportation; or ject speed and other operating condi-
(2) Rapid transit operations in an tions, is installed.
urban area that are not connected to (2) On and after December 31, 2015,
the general railroad system of trans- where any train is permitted to operate
portation. at a speed of 80 or more miles per hour,
687
§ 236.0 49 CFR Ch. II (10–1–11 Edition)
a PTC system complying with the pro- part for a statement of agency civil
visions of subpart I shall be installed penalty policy.
and operational, unless FRA approval (g) A person may also be subject to
to continue to operate with an auto- criminal penalties for knowingly and
matic cab signal, automatic train stop, wilfully making a false entry in a
or automatic train control system record or report required to be made
complying with the provisions of this under this part, filing a false record or
part has been justified to, and approved report, or violating any of the provi-
by, the Associate Administrator. sions of 49 U.S.C. 21311.
(3) Subpart H of this part sets forth
(h) The requirements of subpart H of
requirements for voluntary installa-
this part apply to safety-critical proc-
tion of PTC systems, and subpart I of
this part sets forth requirements for essor-based signal and train control
mandated installation of PTC systems, systems, including subsystems and
each under conditions specified in their components thereof, developed under
respective subpart. the terms and conditions of that sub-
(e) Nothing in this section authorizes part.
the discontinuance of a block signal (i) Preemptive effect. (1) Under 49
system, interlocking, traffic control U.S.C. 20106, issuance of these regula-
system, automatic cab signal, auto- tions preempts any state law, regula-
matic train stop or automatic train tion, or order covering the same sub-
control system, or PTC system, with- ject matter, except an additional or
out approval by the FRA under part 235 more stringent law, regulation, or
of this title. However, a railroad may order that is necessary to eliminate or
apply for approval of discontinuance or reduce an essentially local safety or se-
material modification of a signal or curity hazard; is not incompatible with
train control system in connection a law, regulation, or order of the
with a request for approval of a Posi- United States Government; and that
tive Train Control Development Plan does not impose an unreasonable bur-
(PTCDP) or Positive Train Control den on interstate commerce.
Safety Plan (PTCSP) as provided in
(2) This part establishes federal
subpart I of this part.
standards of care for railroad signal
(f) Any person (an entity of any type
covered under 1 U.S.C. 1, including but and train control systems. This part
not limited to the following: a railroad; does not preempt an action under state
a manager, supervisor, official, or law seeking damages for personal in-
other employee or agent of a railroad; jury, death, or property damage alleg-
any owner, manufacturer, lessor, or ing that a party has failed to comply
lessee of railroad equipment, track, or with the federal standard of care estab-
facilities; any independent contractor lished by this part, including a plan or
providing goods or services to a rail- program required by this part. Provi-
road; and any employee of such owner, sions of a plan or program which ex-
manufacturer, lessor, lessee, or inde- ceed the requirements of this part are
pendent contractor) who violates any not included in the federal standard of
requirement of this part or causes the care.
violation of any such requirement is (3) Under 49 U.S.C. 20701–20703,
subject to a civil penalty of at least issuance of these regulations preempts
$650 and not more than $25,000 per vio- the field of locomotive safety, extend-
lation, except that: Penalties may be ing to the design, the construction, and
assessed against individuals only for the material of every part of the loco-
willful violations, and, where a grossly motive and tender and all appur-
negligent violation or a pattern of re- tenances thereof.
peated violations has created an immi-
nent hazard of death or injury to per- [49 FR 3382, Jan. 26, 1984, as amended at 53
sons, or has caused death or injury, a FR 52936, Dec. 29, 1988; 63 FR 11624, Mar. 10,
penalty not to exceed $100,000 per viola- 1998; 69 FR 30595, May 28, 2004; 70 FR 11095,
tion may be assessed. Each day a viola- Mar. 7, 2005; 72 FR 51198, Sept. 6, 2007; 73 FR
tion continues shall constitute a sepa- 79704, Dec. 30, 2008; 75 FR 2698, Jan. 15, 2010]
rate offense. See appendix A to this
688
Subpart A—Rules and Instructions: the point, or with facing-point lock and
All Systems circuit controller, shall be so main-
tained that when point is open one-
GENERAL fourth inch or more on facing-point
switch and three-eights inch or more
§ 236.1 Plans, where kept. on trailing-point switch, track or con-
As required for maintenance, plans trol circuits will be opened or shunted
shall be kept at all interlockings, auto- or both, and if equipped with facing-
matic signals and controlled points. point lock with circuit controller,
Plans shall be legible and correct. switch cannot be locked. On such hand-
[49 FR 3382, Jan. 26, 1984] operated switch, switch circuit control-
lers, facing-point locks, switch-and-
§ 236.2 Grounds. lock movements, and their connections
Each circuit, the functioning of shall be securely fastened in place, and
which affects the safety of train oper- contacts maintained with an opening
ations, shall be kept free of any ground of not less than one-sixteenth inch
or combination of grounds which will when open.
permit a flow of current equal to or in
excess of 75 percent of the release value § 236.7 Circuit controller operated by
of any relay or other electromagnetic switch-and-lock movement.
device in the circuit, except circuits Circuit controller operated by
which include any track rail and ex-
switch-and-lock movement shall be
cept the common return wires of sin-
maintained so that normally open con-
gle-wire, single-break, signal control
circuits using a grounded common, and tacts will remain closed and normally
alternating current power distribution closed contacts will remain open until
circuits which are grounded in the in- the switch is locked.
terest of safety.
§ 236.8 Operating characteristics of
§ 236.3 Locking of signal apparatus electromagnetic, electronic, or elec-
housings. trical apparatus.
Signal apparatus housings shall be Signal apparatus, the functioning of
secured against unauthorized entry. which affects the safety of train oper-
[49 FR 3382, Jan. 26, 1984]
ation, shall be maintained in accord-
ance with the limits within which the
§ 236.4 Interference with normal func- device is designed to operate.
tioning of device.
[49 FR 3382, Jan. 26, 1984]
The normal functioning of any device
shall not be interfered with in testing § 236.9 Selection of circuits through in-
or otherwise without first taking meas- dicating or annunciating instru-
ures to provide for safety of train oper- ments.
ation which depends on normal func-
Signal control and electric locking
tioning of such device.
circuits shall not be selected through
[49 FR 3382, Jan. 26, 1984] the contacts of instruments designed
primarily for indicating or annun-
§ 236.5 Design of control circuits on
closed circuit principle. ciating purposes in which an indicating
element attached to the armature is
All control circuits the functioning arranged so that it can in itself cause
of which affects safety of train oper-
improper operation of the armature.
ation shall be designed on the closed
circuit principle, except circuits for § 236.10 Electric locks, force drop type;
roadway equipment of intermittent where required.
automatic train stop system.
Electric locks on new installations
§ 236.6 Hand-operated switch equipped and new electric locks applied to exist-
with switch circuit controller. ing installations shall be of the forced
Hand-operated switch equipped with drop type.
switch circuit controller connected to
689
§ 236.11 49 CFR Ch. II (10–1–11 Edition)
§ 236.11 Adjustment, repair, or replace- § 236.14 Spring switch signal protec-

ment of component. tion; requirements.
When any component of a signal sys- (a) The indication of signal governing
tem, the proper functioning of which is movements from siding to main track
essential to the safety of train oper- with the current of traffic on track sig-
ation, fails to perform its intended signaled for movements in only one direc-
naling function or is not in correspond- tion through a spring switch in auto-
ence with known operating conditions, matic block signal territory shall be
the cause shall be determined and the not less restrictive than ‘‘Proceed at
faulty component adjusted, repaired or Restricted Speed’ when the block, into
replaced without undue delay. which movements are governed by the
signal, is occupied, and shall be ‘‘Stop’’
[49 FR 3382, Jan. 26, 1984]
when the main track is occupied by a
§ 236.12 Spring switch signal protec- train approaching the switch within at
tion; where required. least 1,500 feet in approach of the ap-
proach signal located stopping distance
Signal protection shall be provided from the main track signal governing
for facing and trailing movements trailing movements over switch, except
through spring switch within inter- that the indication may be caused to
locking limits and through spring be less restrictive if approach or time
switch installed in automatic block locking is used.
signal, train stop, train control or cab (b) The indication of signal governing
signal territory where train move- movements against the current of traf-
ments over the switch are made at a fic from the reverse main of main
speed exceeding 20 miles per hour, ex- tracks to a single track, or signal gov-
cept that signal protection shall be re- erning movements from a siding to a
quired only with the current of traffic main track signaled for movements in
on track signaled for movement in only either direction, through a spring
one direction. switch, in automatic block signal terri-
NOTE: Does not apply to spring switch in- tory, shall be not less restrictive than
stalled prior to October 1, 1950 in automatic ‘‘Proceed at Restricted Speed’’ when
block signal, automatic train stop, or auto- the block, into which movements are
matic train control territory. governed by the signal, is occupied by
a preceding train, and shall be ‘‘Stop’’
[49 FR 3383, Jan. 26, 1984]
when the block on the single track into
§ 236.13 Spring switch; selection of sig- which the signal governs is occupied by
nal control circuits through circuit an opposing train.
controller. (c) The indication of signal governing
The control circuits of signals gov- movements against the current of traf-
erning facing movements over a main fic from the reverse main of main
tracks to a single track or signal gov-
track spring switch shall be selected
erning movements from a siding to a
through the contacts of a switch cir-
main track signaled for movements in
cuit controller, or through the con-
either direction through a spring
tacts of relay repeating the position of
switch in automatic block signal terri-
such circuit controller, which, when
tory shall be ‘‘Stop’’ when the normal
normally closed switch point is open
direction main track of the double
one-fourth inch or more, will cause track or the single track signaled for
such signals to display their most re- movements in both directions is occu-
strictive aspects, except that where a pied by a train approaching the switch
separate aspect is displayed for facing within at least 1,500 feet in approach of
movements over the switch in the re- the approach signal located stopping
verse position the signal shall display distance from the main track signal
its most restrictive aspect when the governing trailing movements over
switch points are open one-fourth inch switch, except that indication may be
or more from either the normal or re- caused to be less restrictive if approach
verse position. or time locking is used.
690
§ 236.15 Timetable instructions. railroad commencing operations after

Automatic block, traffic control, June 6, 2005, shall adopt a software
train stop, train control and cab signal management control plan for its signal
territory shall be designated in time- and train control systems prior to com-
table instructions. mencing operations.
(b) Within 30 months of the comple-
§ 236.16 Electric lock, main track re- tion of the software management con-
leasing circuit. trol plan, each railroad shall have fully
When an electric lock releasing cir- implemented such plan.
cuit is provided on the main track to (c) For purposes of this section,
permit a train or an engine to diverge ‘‘software management control plan’’
from the main track without time means a plan designed to ensure that
delay, the circuit shall be of such the proper and intended software
length to permit occupancy of the cir- version for each specific site and loca-
cuit to be seen by a crew member station is documented (mapped) and main-
tioned at the switch. When the releas-
tained through the life-cycle of the sys-
ing circuit extends into the fouling cir-
tem. The plan must further describe
cuit, a train or engine on the siding
shall be prevented from occupying the how the proper software configuration
releasing circuit by a derail either is to be identified and confirmed in the
pipe-connected to switch point or event of replacement, modification, or
equipped with an independently oper- disarrangement of any part of the sys-
ated electric lock. tem.
[49 FR 3383, Jan. 26, 1984] [70 FR 11095, Mar. 7, 2005]
§ 236.17 Pipe for operating connec- ROADWAY SIGNALS AND CAB SIGNALS
tions, requirements.
(a) Steel or wrought-iron pipe one § 236.21 Location of roadway signals.
inch or larger, or members of equal Each roadway signal shall be posi-
strength, shall be used for operating tioned and aligned so that its aspects
connections for switches, derails, mov- can be clearly associated with the
able-point frogs, facing-point locks, track it governs.
rail-locking devices of movable bridge
protected by interlocking, and me- [49 FR 3383, Jan. 26, 1984]
chanically operated signals, except up-
and-down rod which may be three- § 236.22 Semaphore signal arm; clear-
ance to other objects.
fourths inch pipe or solid rod. Pipe
shall be fully screwed into coupling and At least one-half inch clearance shall
both ends of each pipe shall be riveted be provided between semaphore signal
to pipe plug with 2 rivets. arm, and any object that may interfere
(b) Pipeline shall not be out of align- with its operation.
ment sufficiently to interfere with
proper operation, shall be properly § 236.23 Aspects and indications.
compensated for temperature changes, (a) Aspects shall be shown by the po-
and supported on carriers spaced not sition of semaphore blades, color of
more than 8 feet apart on tangent and
lights, position of lights, flashing of
curve of less than 2° and not more than
lights, or any combination thereof.
7 feet apart on curve of 2° or more.
With lever in any position, couplings in They may be qualified by marker plate,
pipe line shall not foul carriers. number plate, letter plate, marker
light, shape and color of semaphore
[49 FR 3383, Jan. 26, 1984] blades or any combination thereof, sub-
§ 236.18 Software management control ject to the following conditions:
plan. (1) Night aspects of roadway signals,
except qualifying appurtenances, shall
(a) Within 6 months of June 6, 2005,
be shown by lights; day aspects by
each railroad shall develop and adopt a
software management control plan for lights or semaphore arms. A single
its signal and train control systems. A white light shall not be used.
691
§ 236.24 49 CFR Ch. II (10–1–11 Edition)
(2) Reflector lenses or buttons or playing a restrictive aspect can be

other devices which depend for visi- complied with by means of a brake ap-
bility upon reflected light from an ex- plication, other than an emergency ap-
ternal source shall not be used here- plication, initiated at such signal, ei-
after in night aspects, except quali- ther by stopping at the signal where a
fying appurtenances. stop is required, or by a reduction in
(b) The aspects of cab signals shall be speed to the rate prescribed by the next
shown by lights or by illuminated let- signal in advance where reduced speed
ters or numbers. is required.
(c) Each aspect displayed by a signal
shall be identified by a name and shall § 236.25 [Reserved]
indicate action to be taken. Only one
name and indication shall apply to § 236.26 Buffing device, maintenance.
those aspects indicating the same ac- Buffing device shall be maintained so
tion to be taken; the same aspect shall as not to cause the signal to display a
not be used with any other name and
less restrictive aspect than intended.
indication.
(d) The fundamental indications of TRACK CIRCUITS
signal aspects shall conform to the fol-
lowing: § 236.51 Track circuit requirements.
(1) A red light, a series of horizontal
lights or a semaphore blade in a hori- Track relay controlling home signals
zontal position shall be used to indi- shall be in deenergized position, or de-
cate stop. vice that functions as a track relay
(2) A yellow light, a lunar light, or a controlling home signals shall be in its
series of lights or a semaphore blade in most restrictive state, and the track
the upper or lower quadrant at an circuit of an automatic train stop,
angle of approximately 45 degrees to train control, or cab signal system
the vertical, shall be used to indicate shall be deenergized in the rear of the
that speed is to be restricted and stop point where any of the following condi-
may be required. tions exist:
(3) A green light, a series of vertical (a) When a rail is broken or a rail or
lights, or a semaphore blade in a switch-frog is removed except when a
vertical position in the upper quadrant rail is broken or removed in the shunt
or 60° or 90° in the lower quadrant shall fouling circuit of a turnout or cross-
be used to indicate proceed at author- over, provided, however, that shunt
ized speed. fouling circuit may not be used in a
(e) The names, indications, and as- turnout through which permissible
pects of roadway and cab signals shall speed is greater than 45 miles per hour.
be defined in the carrier’s Operating It shall not be a violation of this re-
Rule Book or Special Instructions. quirement if a track circuit is ener-
Modifications shall be filed with the gized:
FRA within thirty days after such (1) When a break occurs between the
modifications become effective. end of rail and track circuit connector;
(f) The absence of a qualifying appur- within the limits of rail-joint bond, ap-
tenance, the failure of a lamp in a light pliance or other protective device,
signal, or a false restrictive position of which provides a bypath for the elec-
an arm of a semaphore signal shall not tric current, or
cause the display of a less restrictive (2) As result of leakage current or
aspect than intended. foreign current in the rear of a point
[33 FR 19684, Dec. 25, 1968, as amended at 49 where a break occurs.
FR 3383, Jan. 26, 1984] (b) When a train, locomotive, or car
occupies any part of a track circuit, in-
§ 236.24 Spacing of roadway signals. cluding fouling section of turnout ex-
Each roadway signal shall be located cept turnouts of hand-operated main
with respect to the next signal or sig- track crossover. It shall not be a viola-
nals in advance which govern train tion of this requirement where the
movements in the same direction so presence of sand, rust, dirt, grease, or
that the indication of a signal dis- other foreign matter prevents effective
692
shunting, except that where such con- § 236.56 Shunting sensitivity.

ditions are known to exist adequate
Each track circuit controlling home
measures to safeguard train operation
signal or approach locking shall be so
must be taken.
maintained that track relay is in deen-
(c) Where switch shunting circuit is
ergized position, or device that func-
used:
tions as a track relay shall be in its
(1) Switch point is not closed in nor-
most restrictive state if, when track
mal position.
circuit is dry, a shunt of 0.06 ohm re-
(2) A switch is not locked where fac-
sistance is connected across the track
ing-point lock with circuit controller
rails of the circuit, including fouling
is used.
(3) An independently operated foul- sections of turnouts.
ing-point derail equipped with switch [49 FR 3383, Jan. 26, 1984]
circuit controller is not in derailing
position. § 236.57 Shunt and fouling wires.
[33 FR 19684, Dec. 25, 1968, as amended at 49 (a) Except as provided in paragraph
FR 3383, Jan. 26, 1984] (b) of this section, shunt wires and
fouling wires hereafter installed or re-
§ 236.52 Relayed cut-section. placed shall consist of at least two dis-
Where relayed cut-section is used in crete conductors, and each shall be of
territory where noncoded direct-cur- sufficient conductivity and maintained
rent track circuits are in use the en- in such condition that the track relay
ergy circuit to the adjoining track will be in deenergized position, or de-
shall be open and the track circuit vice that functions as a track relay
shunted when the track relay at such will be in its most restrictive state,
cut-section is in deenergized position. when the circuit is shunted.
(b) This rule does not apply to shunt
§ 236.53 Track circuit feed at grade wires where track or control circuit is
crossing. opened by the switch circuit controller.
At grade crossing with an electric [49 FR 3383, Jan. 26, 1984]
railroad where foreign current is
present, the electric energy for § 236.58 Turnout, fouling section.
noncoded direct current track circuit
shall feed away from the crossing. Rail joints within the fouling section
shall be bonded, and fouling section
§ 236.54 Minimum length of track cir- shall extend at least to a point where
cuit. sufficient tract centers and allowance
When a track circuit shorter than for maximum car overhang and width
maximum inner wheelbase of any loco- will prevent interference with train, lo-
motive or car operated over such track comotive, or car movement on the ad-
circuit is used for control of signaling jacent track.
facilities, other means shall be used to [49 FR 3383, Jan. 26, 1984]
provide the equivalent of track circuit
protection. § 236.59 Insulated rail joints.
[49 FR 3383, Jan. 26, 1984] Insulated rail joints shall be main-
tained in condition to prevent suffi-
§ 236.55 Dead section; maximum cient track circuit current from flow-
length. ing between the rails separated by the
Where dead section exceeds 35 feet, a insulation to cause a failure of any
special circuit shall be installed. Where track circuit involved.
shortest outer wheelbase of a loco-
motive operating over such dead sec- § 236.60 Switch shunting circuit; use
tion is less than 35 feet, the maximum restricted.
length of the dead section shall not ex- Switch shunting circuit shall not be
ceed the length of the outer wheelbase hereafter installed, except where tract
of such locomotive unless special cir- or control circuit is opened by the cir-
cuit is used. cuit controller.
[49 FR 3383, Jan. 26, 1984] [49 FR 3384, Jan. 26, 1984]
693
§ 236.71 49 CFR Ch. II (10–1–11 Edition)
WIRES AND CABLES tended function. Electronic device,

relay, or other electromagnetic device
§ 236.71 Signal wires on pole line and which fails to meet the requirements of
aerial cable. specified tests shall be removed from
Signal wire on pole line shall be se- service, and shall not be restored to
curely tied in on insulator properly fas- service until its operating characteris-
tened to crossarm or bracket supported tics are in accordance with the limits
by pole or other support. Signal wire within which such device or relay is de-
shall not interfere with, or be inter- signed to operate.
fered by, other wires on the pole line. [49 FR 3384, Jan. 26, 1984]
Aerial cable shall be supported by mes-
senger. § 236.102 Semaphore or searchlight
signal mechanism.
[49 FR 3384, Jan. 26, 1984]
(a) Semaphore signal mechanism
§ 236.72 [Reserved] shall be inspected at least once every
six months, and tests of the operating
§ 236.73 Open-wire transmission line; characteristics of all parts shall be
clearance to other circuits. made at least once every two years.
Open-wire transmission line oper- (b) Searchlight signal mechanism
ating at voltage of 750 volts or more shall be inspected, and the mechanical
shall be placed not less than 4 feet movement shall be observed while op-
above the nearest crossarm carrying erating the mechanism to all positions,
signal or communication circuits. at least once every six months. Tests of
the operating characteristics shall be
§ 236.74 Protection of insulated wire; made at least once every two years.
splice in underground wire.
[49 FR 3384, Jan. 26, 1984]
Insulated wire shall be protected
from mechanical injury. The insulation § 236.103 Switch circuit controller or
shall not be punctured for test pur- point detector.
poses. Splice in underground wire shall Switch circuit controller, circuit
have insulation resistance at least controller, or point detector operated
equal to the wire spliced. by hand-operated switch or by power-
operated or mechanically-operated
§ 236.75 [Reserved] switch-and-lock movement shall be in-
§ 236.76 Tagging of wires and inter- spected and tested at least once every
ference of wires or tags with signal three months.
apparatus. [49 FR 3384, Jan. 26, 1984]
Each wire shall be tagged or other-
wise so marked that it can be identi- § 236.104 Shunt fouling circuit.
fied at each terminal. Tags and other Shunt fouling circuit shall be in-
marks of identification shall be made spected and tested at least once every
of insulating material and so arranged three months.
that tags and wires do not interfere
with moving parts of apparatus. § 236.105 Electric lock.
Electric lock, except forced-drop
[49 FR 3384, Jan. 26, 1984]
type, shall be tested at least once every
INSPECTIONS AND TESTS; ALL SYSTEMS two years.
§ 236.101 Purpose of inspection and § 236.106 Relays.

tests; removal from service of relay Each relay, the functioning of which
or device failing to meet test re- affects the safety of train operations,
quirements. shall be tested at least once every four
The following inspections and tests years except:
shall be made in accordance with speci- (a) Alternating current centrifugal
fications of the carrier, subject to ap- type relay shall be tested at least once
proval of the FRA, to determine if the every 12 months;
apparatus and/or equipment is main- (b) Alternating current vane type
tained in condition to perform its in- relay and direct current polar type
694
relay shall be tested at least once be maintained at not less than 90 per-
every 2 years; and cent of the predetermined time inter-
(c) Relay with soft iron magnetic val, which shall be shown on the plans
structure shall be tested at least once or marked on the time release, timing
every 2 years. relay, or timing device.
[49 FR 3384, Jan. 26, 1984] [49 FR 3384, Jan. 26, 1984]
§ 236.107 Ground tests. § 236.110 Results of tests.

(a) Except as provided in paragraph (a) Results of tests made in compli-
(b) of this section, a test for grounds on ance with §§ 236.102 to 236.109, inclusive;
each energy bus furnishing power to 236.376 to 236.387, inclusive; 236.576;
circuits, the functioning of which af- 236.577; 236.586 to 236.589, inclusive; and
fects the safety of train operation, 236.917(a) must be recorded on
shall be made when such energy bus is preprinted forms provided by the rail-
placed in service, and shall be made at road or by electronic means, subject to
least once every three months there- approval by the FRA Associate Admin-
after. istrator for Safety. These records must
(b) The provisions of this rule shall show the name of the railroad, place
not apply to track circuit wires, com- and date, equipment tested, results of
mon return wires of grounded common tests, repairs, replacements, adjust-
single-break circuits, or alternating ments made, and condition in which
current power distribution circuits the apparatus was left. Each record
grounded in the interest of safety. must be:
[49 FR 3384, Jan. 26, 1984]
(1) Signed by the employee making
the test, or electronically coded or
§ 236.108 Insulation resistance tests, identified by number of the automated
wires in trunking and cables. test equipment (where applicable);
(2) Unless otherwise noted, filed in
(a) Insulation resistance of wires and
the office of a supervisory official hav-
cables, except wires connected directly
ing jurisdiction; and
to track rails, shall be tested when
(3) Available for inspection and rep-
wires, cables, and insulation are dry.
lication by FRA and FRA-certified
Insulation resistance tests shall be
State inspectors.
made between all conductors and
(b) Results of tests made in compli-
ground, and between conductors in
ance with § 236.587 must be retained for
each multiple conductor cable, and be-
92 days.
tween conductors in trunking, when (c) Results of tests made in compli-
wires or cables are installed and at ance with § 236.917(a) must be retained
least once every ten years thereafter. as follows:
(b) Then insulation resistance of wire (1) Results of tests that pertain to in-
or cable is found to be less than 500,000 stallation or modification must be re-
ohms, prompt action shall be taken to tained for the life-cycle of the equip-
repair or replace the defective wire or ment tested and may be kept in any of-
cable and until such defective wire or fice designated by the railroad; and
cable is replaced, insulation resistance (2) Results of periodic tests required
test shall be made annually. for maintenance or repair of the equip-
(c) In no case shall a circuit be per- ment tested must be retained until the
mitted to function on a conductor hav- next record is filed but in no case less
ing an insulation resistance to ground than one year.
or between conductors of less than (d) Results of all other tests listed in
200,000 ohms during the period required this section must be retained until the
for repair or replacement. next record is filed but in no case less
[49 FR 3384, Jan. 26, 1984] than one year.
(e) Electronic or automated tracking
§ 236.109 Time releases, timing relays systems used to meet the requirements
and timing devices. contained in paragraph (a) of this sec-
Time releases, timing relays and tim- tion must be capable of being reviewed
ing devices shall be tested at least once and monitored by FRA at any time to
every twelve months. The timing shall ensure the integrity of the system.
695
§ 236.201 49 CFR Ch. II (10–1–11 Edition)
FRA’s Associate Administrator for (a) An arrangement of one or more

Safety may prohibit or revoke a rail- track circuits and switch circuit con-
road’s authority to utilize an elec- trollers,
tronic or automated tracking system (b) Facing point locks on both
in lieu of preprinted forms if FRA finds switches of the crossover, with both
that the electronic or automated locks operated by a single lever, or
tracking system is not properly se- (c) Electric locking of the switches of
cured, is inaccessible to FRA, FRA-cer- the crossover. Signals governing move-
tified State inspectors, or railroad em- ments over either switch shall display
ployees requiring access to discharge their most restrictive aspect when any
their assigned duties, or fails to ade- of the following conditions exist:
quately track and monitor the equip- (1) Where protection is provided by
ment. The Associate Administrator for one or more track circuits and switch
Safety will provide the affected rail- circuit controllers, and either switch is
road with a written statement of the open or the crossover is occupied by a
basis for his or her decision prohibiting train, locomotive or car in such a man-
or revoking the railroad from utilizing ner as to foul the main track. It shall
an electronic or automated tracking not be a violation of this requirement
system. where the presence of sand, rust, dirt,
grease or other foreign matter on the
[70 FR 11095, Mar. 7, 2005] rail prevents effective shunting;
(2) Where facing point locks with a
Subpart B—Automatic Block single lever are provided, and either
Signal Systems switch is unlocked;
(3) Where the switches are elec-
STANDARDS trically locked, before the electric
locking releases.
§ 236.201 Track-circuit control of sig-
nals. § 236.204 Track signaled for move-
ments in both directions, require-
The control circuits for home signal ments.
aspects with indications more favor-
able than ‘‘proceed at restricted speed’’ On track signaled for movements in
shall be controlled automatically by both directions, a train shall cause one
or more opposing signals immediately
track circuits extending through the
ahead of it to display the most restric-
entire block.
tive aspect, the indication of which
§ 236.202 Signal governing movements shall be not more favorable than ‘‘pro-
over hand-operated switch. ceed at restricted speed.’’ Signals shall
be so arranged and controlled that if
Signal governing movements over opposing trains can simultaneously
hand-operated switch in the facing di- pass signals displaying proceed aspects
rection shall display its most restric- and the next signal in advance of each
tive aspect when the points are open such signal then displays an aspect re-
one-fourth inch or more and, in the quiring a stop, or its most restrictive
trailing direction, three-eighths inch aspect, the distance between opposing
or more, except that where a separate signals displaying such aspects shall be
aspect is displayed for facing move- not less than the aggregate of the stop-
ments over the switch in the normal ping distances for movements in each
and in the reverse position, the signal direction. Where such opposing signals
shall display its most restrictive aspect are spaced stopping distance apart for
when the switch points are open one- movements in one direction only, sig-
fourth inch or more from either the nals arranged to display restrictive as-
normal or reverse position. pects shall be provided in approach to
at least one of the signals. Where such
§ 236.203 Hand operated crossover be- opposing signals are spaced less than
tween main tracks; protection. stopping distance apart for movements
At hand-operated crossover between in one direction, signals arranged to
main tracks, protection shall be pro- display restrictive aspects shall be pro-
vided by one of the following: vided in approach to both such signals.
696
In absolute permissive block signaling, Subpart C—Interlocking

when a train passes a head block sig-
nal, it shall cause the opposing head STANDARDS
block signal to display an aspect with
an indication not more favorable than § 236.301 Where signals shall be pro-
‘‘stop.’’ vided.
Signals shall be provided to govern
[33 FR 19684, Dec. 25, 1968, as amended at 49
FR 3384, Jan. 26, 1984]
train movements into and through
interlocking limits, except that a sig-
§ 236.205 Signal control circuits; re- nal shall not be required to govern
quirements. movements over a hand-operated
switch into interlocking limits if the
The circuits shall be so installed that switch is provided with an electric lock
each signal governing train movements and a derail at the clearance point, ei-
into a block will display its most re- ther pipe-connected to the switch or
strictive aspect when any of the fol- independently locked, electrically.
lowing conditions obtain within the Electric locks installed under this rule
block: must conform to the time and ap-
(a) Occupancy by a train, locomotive, proach locking requirements of Rule
or car, 314 (without reference to the 20-mile
(b) When points of a switch are not exceptions), and those of either Rule
closed in proper position, 760 or Rule 768, as may be appropriate.
(c) When an independently operated
fouling point derail equipped with § 236.302 Track circuits and route
locking.
switch circuit controller is not in de-
railing position, Track circuits and route locking
(d) When a track relay is in de-ener- shall be provided and shall be effective
gized position or a device which func- when the first pair of wheels of a loco-
tions as a track relay is in its most re- motive or a car passes a point not more
strictive state; or when signal control than 13 feet in advance of the signal
circuit is deenergized. governing its movement, measured
from the center of the mast, or if there
[33 FR 19684, Dec. 25, 1968, as amended at 49 is no mast, from the center of the sig-
FR 3385, Jan. 26, 1984] nal.
§ 236.206 Battery or power supply with [49 FR 3385, Jan. 26, 1984]
respect to relay; location.
§ 236.303 Control circuits for signals,
The battery or power supply for each selection through circuit controller
signal control relay circuit, where an operated by switch points or by
open-wire circuit or a common return switch locking mechanism.
circuit is used, shall be located at the The control circuit for each aspect
end of the circuit farthest from the with indication more favorable than
relay. ‘‘proceed at restricted speed’’ of power
operated signal governing movements
§ 236.207 Electric lock on hand-oper- over switches, movable-point frogs and
ated switch; control. derails shall be selected through cir-
Electric lock on hand-operated cuit controller operated directly by
switch shall be controlled so that it switch points or by switch locking
cannot be unlocked until control cir- mechanism, or through relay con-
cuits of signals governing movements trolled by such circuit controller, for
over such switch have been opened. Ap- each switch, movable-point frog, and
proach or time locking shall be pro- derail in the routes governed by such
vided. signal. Circuits shall be arranged so
that such signal can display an aspect
[49 FR 3385, Jan. 26, 1984] more favorable than ‘‘proceed at re-
stricted speed,’’ only when each switch,
movable-point frog, and derail in the
route is in proper position.
697
§ 236.304 49 CFR Ch. II (10–1–11 Edition)
§ 236.304 Mechanical locking or same showing by an individual carrier to allow op-

protection effected by circuits. posing signals on the same track simulta-
neously to display aspects to proceed
Mechanical locking, or the same pro- through an interlocking which is unat-
tection effected by means of circuits, tended, provided that train movements in
shall be provided. opposite directions on the same track be-
tween stations on either site of the inter-
§ 236.305 Approach or time locking. locking are not permitted at the same time.
Approach or time locking shall be
provided in connection with signals § 236.309 Loss of shunt protection;
displaying aspects with indications where required.
more favorable than ‘‘proceed at re- (a) A loss of shunt of 5 seconds or less
stricted speed.’’ shall not permit an established route
to be changed at an automatic inter-
§ 236.306 Facing point lock or switch- locking.
and-lock movement.
(b) A loss of shunt of 5 seconds or less
Facing point lock or switch-and-lock shall not permit the release of the
movement shall be provided for me- route locking circuit of each power-op-
chanically operated switch, movable- erated switch hereafter installed.
point frog, or split-point derail.
[49 FR 3385, Jan. 26, 1984]
§ 236.307 Indication locking.
§ 236.310 Signal governing approach to
Indication locking shall be provided home signal.
for operative approach signals of the
semaphore type, power-operated home A signal shall be provided on main
signals, power-operated switches, mov- track to govern the approach with the
able-point frogs and derails, and for all current of traffic to any home signal
approach signals except light signals, except where the home signal is the
all aspects of which are controlled by first signal encountered when leaving
polar or coded track circuits or line yards or stations and authorized speed
circuits so arranged that a single fault approaching such signal is not higher
will not permit a more favorable aspect than slow speed. When authorized
than intented to be displayed. speed between home signals on route
governed is 20 miles per hour or less, an
[49 FR 3385, Jan. 26, 1984]
inoperative signal displaying an aspect
§ 236.308 Mechanical or electric lock- indicating ‘‘approach next signal pre-
ing or electric circuits; requisites. pared to stop’’ may be used to govern
the approach to the home signal.
Mechanical or electric locking or
electric circuits shall be installed to § 236.311 Signal control circuits, selec-
prevent signals from displaying aspects tion through track relays or devices
which permit conflicting movements functioning as track relays and
except that opposing signals may dis- through signal mechanism contacts
play an aspect indicating proceed at re- and time releases at automatic
stricted speed at the same time on a interlocking.
track used for switching movements (a) The control circuits for aspects
only, by one train at a time. Manual with indications more favorable than
interlocking in service as of the date of ‘‘proceed at restricted speed’’ shall be
this part at which opposing signals on selected through track relays, or
the same track are permitted simulta- through devices that function as track
neously to display aspects authorizing relays, for all track circuits in the
conflicting movements when inter- route governed.
locking is unattended, may be contin- (b) At automatic interlocking, signal
ued, provided that simultaneous train control circuits shall be selected (1)
movements in opposite directions on through track relays, or devices that
the same track between stations on ei- function as track relays, for all track
ther side of the interlocking are not circuits in the route governed and in
permitted. all conflicting routes within the inter-
NOTE: Relief from the requirement of this locking; (2) through signal mechanism
section will be granted upon an adequate contacts or relay contacts closed when
698
signals for such conflicting routes dis- locking is provided by electric locking
play ‘‘stop’’ aspects; and (3) through or electric circuits, train movements
normal contacts of time releases, time through the interlocking shall not be
element relays, or timing devices for permitted until each switch, movable-
such conflicting routes, or contacts of point frog or derail in the route is
relays repeating the normal position or spiked, clamped or blocked in proper
normal state of such time releases, position so that it cannot be moved by
time element relays, or timing devices. its controlling lever, and then train
movements shall not exceed restricted
[49 FR 3385, Jan. 26, 1984]
speed until the interlocking is restored
§ 236.312 Movable bridge, interlocking to normal operation. It will not be nec-
of signal appliances with bridge de- essary to comply with this requirement
vices. at interlockings where protection is in
service in accordance with section 303,
When movable bridge is protected by
provided that the signal controls are
interlocking the signal appliances shall
arranged so that the signals cannot
be so interlocked with bridge devices
display an aspect the indication of
that before a signal governing move-
which is less restrictive than ‘‘proceed
ments over the bridge can display an
at restricted speed.’’
aspect to proceed the bridge must be
locked and the track alined, with the § 236.327 Switch, movable-point frog or
bridge locking members within one split-point derail.
inch of their proper positions and with Switch, movable-point frog, or split-
the track rail on the movable span point derail equipped with lock rod
within three-eighths inch of correct shall be maintained so that it can not
surface and alinement with rail seating be locked when the point is open three-
device on bridge abutment or fixed eighths inch or more.
span. Emergency bypass switches and
devices shall be locked or sealed. [49 FR 3385, Jan. 26, 1984]
[33 FR 19684, Dec. 25, 1968, as amended at 49 § 236.328 Plunger of facing-point lock.
FR 3385, Jan. 26, 1984]
Plunger of lever operated facing-
§ 236.313 [Reserved] point lock shall have at least 8-inch
stroke. When lock lever is in unlocked
§ 236.314 Electric lock for hand-oper- position the end of the plunger shall
ated switch or derail. clear the lock rod not more than one
Electric lock shall be provided for inch.
each hand-operated switch or derail
§ 236.329 Bolt lock.
within interlocking limits, except
where train movements are made at Bolt lock shall be so maintained that
not exceeding 20 miles per hour. At signal governing movements over
manually operated interlocking it switch or derail and displaying an as-
shall be controlled by operator of the pect indicating stop cannot be operated
machine and shall be unlocked only to display a less restrictive aspect
after signals governing movements while derail is in derailing position, or
over such switch or derail display as- when switch point is open one-half inch
pects indicating stop. Approach or time or more.
locking shall be provided.
§ 236.330 Locking dog of switch-and-
RULES AND INSTRUCTIONS lock movement.
Locking dog of switch-and-lock
§ 236.326 Mechanical locking removed movement shall extend through lock
or disarranged; requirement for rod one-half inch or more in either nor-
permitting train movements mal or reverse position.
through interlocking.
When mechanical locking of inter- §§ 236.331–236.333 [Reserved]
locking machine is being changed or is
removed from the machine, or locking § 236.334 Point detector.
becomes disarranged or broken, unless Point detector shall be maintained so
protection equivalent to mechanical that when switch mechanism is locked
699
§ 236.335 49 CFR Ch. II (10–1–11 Edition)
in normal or reverse position, contacts nine-sixteenths inch when in reverse

cannot be opened by manually applying position.
force at the closed switch point. Point (2) Lever moving in arc. Moving lever
detector circuit controller shall be more than 5 degrees.
maintained so that the contacts will (c) Power machine—(1) Latch-operated
not assume the position corresponding locking. Raising lever latch block to
to switch point closure if the switch that bottom thereof is within seven
point is prevented by an obstruction, thirty-seconds inch of top of quadrant.
from closing to within one-fourth inch
(2) Lever moving in horizontal plane.
where latch-out device is not used, and
Moving lever more than five-sixteenths
to within three-eighths inch where
latch-out device is used. inch when in normal position or more
than nine-sixteenths inch when in re-
§ 236.335 Dogs, stops and trunnions of verse position.
mechanical locking. (3) Lever moving in arc. Moving lever
Driving pieces, dogs, stops and more than 5 degrees.
trunnions shall be rigidly secured to
locking bars. Swing dogs shall have full § 236.340 Electromechanical inter-
and free movement. Top plates shall be locking machine; locking between
electrical and mechanical levers.
maintained securely in place.
In electro-mechanical interlocking
§ 236.336 Locking bed. machine, locking between electric and
The various parts of the locking bed, mechanical levers shall be maintained
locking bed supports, and tappet stop so that mechanical lever cannot be op-
rail shall be rigidly secured in place erated except when released by electric
and alined to permit free operation of lever.
locking.
§ 236.341 Latch shoes, rocker links,
§ 236.337 Locking faces of mechanical and quadrants.
locking; fit.
Latch shoes, rocker links, and quad-
Locking faces shall fit squarely rants of Saxby and farmer machines
against each other with a minimum en- shall be maintained so that locking
gagement when locked of at least one- will not release if a downward force not
half the designed locking face.
exceeding a man’s weight is exerted on
§ 236.338 Mechanical locking required the rocker while the lever is in the
in accordance with locking sheet mid-stroke position.
and dog chart.
§ 236.342 Switch circuit controller.
Mechanical locking shall be in ac-
cordance with locking sheet and dog Switch circuit controller connected
chart currently in effect. at the point to switch, derail, or mov-
able-point frog, shall be maintained so
§ 236.339 Mechanical locking, mainte- that its contacts will not be in position
nance requirements. corresponding to switch point closure
Locking and connections shall be when switch point is open one-fourth
maintained so that, when a lever or inch or more.
latch is mechanically locked the fol-
lowing will be prevented: INSPECTION AND TESTS
(a) Mechanical machine—(1) Latch-op-
erated locking. Raising lever latch block § 236.376 Mechanical locking.
so that bottom thereof is within three- Mechanical locking in interlocking
eighths inch of top of quadrant. machine shall be tested when new lock-
(2) Lever-operated locking. Moving ing is installed; and thereafter when
lever latch block more than three- change in locking is made, or locking
eighths inch on top of quadrant. becomes disarranged, or tested at least
(b) Electromechanical machine—(1) once every two years, whichever shall
Lever moving in horizontal plant. Moving
occur first.
lever more than five-sixteenths inch
when in normal position or more than [49 FR 3385, Jan. 26, 1984]
700
§ 236.377 Approach locking. valve magnets shall be tested at least

once every year.
Approach locking shall be tested
when placed in service and thereafter [49 FR 3385, Jan. 26, 1984]
when modified, disarranged, or at least
once every two years, whichever shall § 236.384 Cross protection.
occur first. Cross protection shall be tested at
[49 FR 3385, Jan. 26, 1984] least once every six months.
§ 236.378 Time locking. [49 FR 3385, Jan. 26, 1984]
Time locking shall be tested when § 236.385 [Reserved]

placed in service and thereafter when
modified, disarranged, or at least once § 236.386 Restoring feature on power
every two years, whichever shall occur switches.
first. Restoring feature on power switches
[49 FR 3385, Jan. 26, 1984] shall be tested at least once every
three months.
§ 236.379 Route locking.
Route locking or other type of switch § 236.387 Movable bridge locking.
locking shall be tested when placed in Movable bridge locking shall be test-
service and thereafter when modified, ed at least once a year.
disarranged, or at least once every two
years, whichever shall occur first. Subpart D—Traffic Control Systems
[49 FR 3385, Jan. 26, 1984]
STANDARDS
§ 236.380 Indication locking.
§ 236.401 Automatic block signal sys-
Indication locking shall be tested tem and interlocking standards ap-
when placed in service and thereafter plicable to traffic control systems.
when modified, disarranged, or at least
once every two years, whichever shall The standards prescribed in §§ 236.201,
occur first. to 236.203, inclusive, §§ 236.205, 236.206,
236.303, 236.307 and 236.309 to 236.311, in-
[49 FR 3385, Jan. 26, 1984] clusive, shall apply to traffic control
systems.
§ 236.381 Traffic locking.
[49 FR 3385, Jan. 26, 1984]
Traffic locking shall be tested when
placed in service and thereafter when
§ 236.402 Signals controlled by track
modified, disarranged, or at least once circuits and control operator.
every two years, whichever shall occur
first. The control circuits for home signal
aspects with indications more favor-
[49 FR 3385, Jan. 26, 1984] able than ‘‘proceed at restricted speed’’
shall be controlled by track circuits
§ 236.382 Switch obstruction test.
extending through entire block. Also in
Switch obstruction test of lock rod of addition, at controlled point they may
each power-operated switch and lock be controlled by control operator, and,
rod of each hand-operated switch at manually operated interlocking,
equipped with switch-and-lock-move- they shall be controlled manually in
ment shall be made when lock rod is cooperation with control operator.
placed in service or changed out, but
not less than once each month. § 236.403 Signals at controlled point.
[49 FR 3385, Jan. 26, 1984] Signals at controlled point shall be
so interconnected that aspects to pro-
§ 236.383 Valve locks, valves, and valve ceed cannot be displayed simulta-
magnets. neously for conflicting movements, ex-
Valve locks on valves of the non-cut- cept that opposing signals may display
off type shall be tested at least once an aspect indicating ‘‘proceed at re-
every three months, and valves and stricted speed’’ at the same time on a
701
§ 236.404 49 CFR Ch. II (10–1–11 Edition)
track used for switching movements § 236.409 [Reserved]

only, by one train at a time.
§ 236.410 Locking, hand-operated
[49 FR 3386, Jan. 26, 1984] switch; requirements.
§ 236.404 Signals at adjacent control (a) Each hand-operated switch in
points. main track shall be locked either elec-
Signals at adjacent controlled points trically or mechanically in normal po-
shall be so interconnected that aspects sition, except:
to proceed on tracks signaled for move- (1) Where train speeds over the
ments at greater than restricted speed switch do not exceed 20 miles per hour;
cannot be displayed simultaneously for (2) Where trains are not permitted to
conflicting movements. clear the main track;
(3) Where a signal is provided to gov-
§ 236.405 Track signaled for move- ern train movements from the auxil-
ments in both directions, change of iary track to the signaled track; or
direction of traffic. (4) On a signaled siding without in-
On track signaled for movements in termediate signals where the max-
both directions, occupancy of the track imum authorized speed on the siding
between opposing signals at adjacent does not exceed 30 miles per hour.
controlled points shall prevent chang- (b) Approach or time locking shall be
ing the direction of traffic from that provided and locking may be released
which obtained at the time the track either automatically, or by the control
became occupied, except that when a operator, but only after the control cir-
train having left one controlled point cuits of signals governing movement in
reaches a section of track immediately either direction over the switch and
adjacent to the next controlled point which display aspects with indications
at which switching is to be performed, more favorable than ‘‘proceed at re-
an aspect permitting movement at not stricted speed’’ have been opened di-
exceeding restricted speed may be dis- rectly or by shunting of track circuit.
played into the occupied block. (c) Where a signal is used in lieu of
electric or mechanical lock to govern
§ 236.406 [Reserved] movements from auxiliary track to
signaled track, the signal shall not dis-
§ 236.407 Approach or time locking; play an aspect to proceed until after
where required.
the control circuits of signals gov-
Approach or time locking shall be erning movement on main track in ei-
provided for all controlled signals ther direction over the switch have
where route or direction of traffic can been opened, and either the approach
be changed. locking circuits to the switch are unoc-
[49 FR 3386, Jan. 26, 1984] cupied or a predetermined time inter-
val has expired.
§ 236.408 Route locking. NOTE: Railroads shall bring all hand-oper-
Route locking shall be provided ated switches that are not electrically or
where switches are power-operated. mechanically locked and that do not con-
Route locking shall be effective when form to the requirements of this section on
the effective date of this part into con-
the first pair of wheels of a locomotive
formity with this section in accordance with
or car passes a point not more than 13 the following schedule:
feet in advance of the signal governing Not less than 33% during calendar year
its movement, measured from the cen- 1984.
ter of the signal mast or, if there is no Not less than 66% during calendar year
mast, from the center of the signal. 1985.
The remainder during calendar year 1986.
[49 FR 3386, Jan. 26, 1984]
[33 FR 19684, Dec. 25, 1968, as amended at 49
FR 3386, Jan. 26, 1984; 75 FR 2699, Jan. 15,
2010]
702
RULES AND INSTRUCTIONS individual carrier where automatic train

control systems now in service enforce speed
§ 236.426 Interlocking rules and in- restrictions higher than those required by
structions applicable to traffic con- definitions in §§ 236.700 to 236.838 inclusive.
trol systems.
(3) Maximum-speed restriction, ef-
The rules and instructions prescribed fecting an automatic brake application
in §§ 236.327 and 236.328, § 236.330 to
whenever the predetermined maximum
§ 236.334, inclusive, and § 236.342 shall
speed limit is exceeded.
apply to traffic control systems.
INSPECTION AND TESTS § 236.502 Automatic brake application,
initiation by restrictive block condi-
§ 236.476 Interlocking inspections and tions stopping distance in advance.
tests applicable to traffic control An automatic train-stop or train-
systems. control system shall operate to initiate
The inspections and tests prescribed an automatic brake application at
in §§ 236.377 to 236.380, inclusive, and least stopping distance from the en-
§§ 236.382, 236.383, and 236.386 shall apply trance to a block, wherein any condi-
to traffic control systems. tion described in § 236.205 obtains, and
[49 FR 3386, Jan. 26, 1984] at each main track signal requiring a
reduction in speed.
Subpart E—Automatic Train Stop,
§ 236.503 Automatic brake application;
Train Control and Cab Signal initiation when predetermined rate
Systems of speed exceeded.
STANDARDS An automatic train control system
shall operate to initiate an automatic
§ 236.501 Forestalling device and brake application when the speed of
speed control. the train exceeds the predetermined
(a) An automatic train stop system rate as required by the setting of the
may include a device by means of speed control mechanism.
which the automatic application of the
brakes can be forestalled. § 236.504 Operation interconnected
(b) Automatic train control system with automatic block-signal system.
shall include one or more of the fol- (a) A continuous inductive automatic
lowing features: train stop or train control system shall
(1) Low-speed restriction, requiring
operate in connection with an auto-
the train to proceed under slow speed
matic block signal system and shall be
after it has either been stopped by an
automatic application of the brakes, or so interconnected with the signal sys-
under control of the engineman, its tem as to perform its intended function
speed has been reduced to slow speed, in event of failure of the engineer to
until the apparatus is automatically acknowledge or obey a restrictive way-
restored to normal because the condi- side signal or a more restrictive cab
tion which caused the restriction no signal.
longer affects the movement of the (b) An intermittent inductive auto-
train. matic train stop system shall operate
(2) Medium-speed restriction, requir- in connection with an automatic block
ing the train to proceed under medium signal system and shall be so inter-
speed after passing a signal displaying connected with the signal system that
an approach aspect or when approach- the failure of the engineer to acknowl-
ing a signal requiring a stop, or a stop edge a restrictive wayside signal will
indication point, in order to prevent an cause the intermittent inductive auto-
automatic application of the brakes. matic train stop system to perform its
NOTE: Relief from the requirements of intended function.
paragraphs (b) (1) and (2) of this section will
be granted, insofar as speed limits fixed by [49 FR 3386, Jan. 26, 1984]
definitions of Slow and Medium speeds are
concerned, upon an adequate showing by an
703
§ 236.505 49 CFR Ch. II (10–1–11 Edition)
§ 236.505 Proper operative relation be- § 236.510 [Reserved]

tween parts along roadway and
parts on locomotive. § 236.511 Cab signals controlled in ac-
cordance with block conditions
Proper operative relation between stopping distance in advance.
the parts along the roadway and the
parts on the locomotive shall obtain The automatic cab signal system
under all conditions of speed, weather, shall be arranged so that cab signals
wear, oscillation, and shock. will be continuously controlled in ac-
cordance with conditions described in
§ 236.506 Release of brakes after auto- § 236.205 that obtain at least stopping
matic application. distance in advance.
The automatic train stop or train
§ 236.512 Cab signal indication when
control apparatus shall prevent release locomotive enters block where re-
of the brakes after automatic applica- strictive conditions obtain.
tion until a reset device has been oper-
ated, or the speed of the train has been The automatic cab signal system
reduced to a predetermined rate, or the shall be arranged so that when a loco-
condition that caused the brake appli- motive enters or is within a block,
cation no longer affects the movement wherein any condition described in
of the train. If reset device is used it § 236.205 obtains, the cab signals shall
shall be arranged so that the brakes indicate ‘‘Proceed at Restricted
cannot be released until the train has Speed.’’
been stopped, or it shall be located so
§ 236.513 Audible indicator.
that it cannot be operated by
engineman without leaving his accus- (a) The automatic cab signal system
tomed position in the cab. shall be so arranged that when the cab
signal changes to display a more re-
§ 236.507 Brake application; full serv- strictive aspect, an audible indicator
ice. will sound continuously until silenced
The automatic train stop or train by manual operation of an acknowl-
control apparatus shall, when operated, edging device.
cause a full service application of the (b) The audible cab indicator of auto-
brakes. matic cab signal, automatic train stop,
or automatic train control system
§ 236.508 Interference with application shall have a distinctive sound and be
of brakes by means of brake valve. clearly audible throughout the cab
The automatic train stop, train con- under all operating conditions.
trol, or cab signal apparatus shall be so [49 FR 3386, Jan. 26, 1984]
arranged as not to interfere with the
application of the brakes by means of § 236.514 Interconnection of cab signal
the brake valve and not to impair the system with roadway signal system.
efficiency of the brake system. The automatic cab signal system
[49 FR 3386, Jan. 26, 1984] shall be interconnected with the road-
way-signal system so that the cab sig-
§ 236.509 Two or more locomotives nal indication will not authorize oper-
coupled. ation of the train at a speed higher
The automatic train stop, train con- than that authorized by the indication
trol or cab signal apparatus shall be ar- of the roadway signal that governed
ranged so that when two or more loco- the movement of a train into a block
motives are coupled, or a pushing or except when conditions affecting move-
helping locomotive is used, it can be ment of trains in the block change
made operative only on the locomotive after the train passes the signal.
from which the brakes are controlled.
704
§ 236.515 Visibility of cab signals. inductor pole faces at a height above

The cab signals shall be plainly visi- the plane of the tops of the rails, and
ble to member or members of the loco- with its inner edge at a hmrizontal dis-
motive crew from their stations in the tance from the gage side of the nearest
cab. running rail, in accordance with speci-
fications of the carrier.
[49 FR 3386, Jan. 26, 1984]
[49 FR 3386, Jan. 26, 1984]
§ 236.516 Power supply.
Automatic cab signal, train stop, or § 236.530 [Reserved]
train control device hereafter installed
shall operate from a separate or iso- § 236.531 Trip arm; height and dis-
lated power supply. tance from rail.
[49 FR 3386, Jan. 26, 1984]

Trip arm of automatic train stop de-
vice when in the stop position shall be
RULES AND INSTRUCTIONS; ROADWAY maintained at a height above the plane
of the tops of the rails, and at a hori-
§ 236.526 Roadway element not func- zontal distance from its center line to
tioning properly. gage side of the nearest running rail, in
When a roadway element except accordance with specifications of the
track circuit of automatic train stop, carrier.
train control or cab signal system is
not functioning as intended, the signal [49 FR 3386, Jan. 26, 1984]
associated with such roadway element
shall be caused manually to display its § 236.532 Strap iron inductor; use re-
most restrictive aspect until such ele- stricted.
ment has been restored to normal oper- No railroad shall use strap iron in-
ative condition. ductor or other roadway element with
characteristics differing from its
§ 236.527 Roadway element insulation standard type on track where speed
resistance.
higher than restricted speed is per-
Insulation resistance between road- mitted.
way inductor and ground shall be
maintained at not less than 10,000 [49 FR 3386, Jan. 26, 1984]
ohms.
§ 236.533 [Reserved]
[49 FR 3386, Jan. 26, 1984]
§ 236.534 Entrance to equipped terri-
§ 236.528 Restrictive condition result- tory; requirements.
ing from open hand-operated
switch; requirement. Where trains are not required to stop
When a facing point hand-operated at the entrance to equipped territory,
switch is open one-fourth inch or more, except when leaving yards and stations
a trailing point hand-operated switch and speed until entering equipped terri-
three-eighths inch or more, or hand-op- tory does not exceed restricted speed,
erated switch is not locked where fac- the automatic train stop, train control,
ing point lock with circuit controller is or cab signal device shall be operative
used, the resultant restrictive condi- at least stopping distance from the en-
tion of an automatic train stop or train trance to such territory except where
control device of the continuous type the approach thereto is governed by
or the resultant restrictive cab signal automatic approach signal.
indication of an automatic cab signal
device on an approaching locomotive RULES AND INSTRUCTIONS; LOCOMOTIVES
shall be maintained to within 300 feet
of the points of the switch. § 236.551 Power supply voltage; re-
quirement.
§ 236.529 Roadway element inductor;
height and distance from rail. The voltage of power supply shall be
maintained within 10 percent of rated
Inductor of the inert roadway ele- voltage.
ment type shall be maintained with the
705
§ 236.552 49 CFR Ch. II (10–1–11 Edition)
§ 236.552 Insulation resistance; re- § 236.557 Receiver; location with re-

quirement. spect to rail.
When periodic test prescribed in (a) Receiver of intermittent induc-
§ 236.588 is performed, insulation resist- tive automatic train stop device of the
ance between wiring and ground of con- inert roadway element type shall be
tinuous inductive automatic cab signal maintained with bottom of the receiver
system, automatic train control sys- at a height above the plane of the tops
tem, or automatic train stop system of the rails, and with its outer edge at
shall be not less than one megohm, and a horizontal distance from the gage
that of an intermittent inductive auto- side of the nearest rail, in accordance
matic train stop system, not less than with specifications of the carrier.
250,000 ohms. Insulation resistance val- (b) Receiver of continuous inductive
ues between periodic tests shall be not automatic cab signal, train stop, or
less than 250,000 ohms for a continuous train control device of locomotive
inductive automatic cab signal system, equipped with onboard test equipment,
automatic train control system, or shall be maintained with the bottom of
automatic train stop system, and 20,000 the receiver at a height above the
ohms for an intermittent inductive plane of the tops of the rails, and with
automatic train stop system. its outer edge at a horizontal distance
from the gage side of the nearest rail,
[49 FR 3387, Jan. 26, 1984]
in accordance with specifications of
the carrier.
§ 236.553 Seal, where required.
Seal shall be maintained on any de- [49 FR 3387, Jan. 26, 1984]
vice other than brake-pipe cut-out
§§ 236.558–236.559 [Reserved]
cock (double-heading cock), by means
of which the operation of the pneu- § 236.560 Contact element, mechanical
matic portion of automatic train-stop trip type; location with respect to
or train-control apparatus can be cut rail.
out.
Contact element of automatic train
§ 236.554 Rate of pressure reduction; stop device of the mechanical trip type
equalizing reservoir or brake pipe. shall be maintained at a height above
the plane of the tops of the rails, and
The equalizing-reservoir pressure or at a horizontal distance from the gage
brake-pipe pressure reduction during side of the rail, in accordance with
an automatic brake application shall specifications of the carrier.
be at a rate not less than that which
results from a manual service applica- [49 FR 3387, Jan. 26, 1984]
tion.
§ 236.555 Repaired or rewound re-
ceiver coil. § 236.562 Minimum rail current re-
quired.
Receiver coil which has been repaired
or rewound shall have the same oper- The minimum rail current required
ating characteristics which it pos- to restore the locomotive equipment of
sessed originally or as currently speci- continuous inductive automatic train
fied for new equipment. stop or train control device to normal
condition or to obtain a proceed indica-
§ 236.556 Adjustment of relay. tion of automatic cab signal device
(pick-up) shall be in accordance with
Change in adjustment of relay shall specifications of the carrier.
be made only in a shop equipped for
that purpose except when receiver [49 FR 3387, Jan. 26, 1984]
coils, electro-pneumatic valve, or other
essential part of the equipment is re- § 236.563 Delay time.
placed. Irregularities in power-supply Delay time of automatic train stop
voltage or other variable factors in the or train control system shall not ex-
circuit shall not be compensated for by ceed 8 seconds and the spacing of sig-
adjustment of the relay. nals to meet the requirements of
706
§ 236.24 shall take into consideration device is inoperative train may proceed
the delay time. at not to exceed 79 miles per hour.
§ 236.564 Acknowledging time. § 236.568 Difference between speeds
Acknowledging time of intermittent authorized by roadway signal and
automatic train-stop device shall be cab signal; action required.
not more than 30 seconds. If for any reason a cab signal author-
izes a speed different from that author-
§ 236.565 Provision made for pre-
venting operation of pneumatic ized by a roadway signal, when a train
brake-applying apparatus by dou- enters the block governed by such
ble-heading cock; requirement. roadway signal, the lower speed shall
Where provision is made for pre- not be exceeded.
venting the operation of the pneumatic
INSPECTION AND TESTS; ROADWAY
brake-applying appartus of an auto-
matic train stop or train control device § 236.576 Roadway element.
when the double-heading cock is placed
in double-heading position, the auto- Roadway elements, except track cir-
matic train stop or train control device cuits, including those for test purposes,
shall not be cut out before communica- shall be gaged monthly for height and
tion is closed between the engineman’s alinement, and shall be tested at least
automatic brake valve and the brake every 6 months.
pipe, when operating double-heading
cock toward double-heading position. § 236.577 Test, acknowledgement, and
cut-in circuits.
§ 236.566 Locomotive of each train op-
erating in train stop, train control Test, acknowledgement, and cut-in
or cab signal territory; equipped. circuits shall be tested at least once
every twelve months.
The locomotive from which brakes
are controlled, of each train operating [49 FR 3387, Jan. 26, 1984]
in automatic train stop, train control,
or cab signal territory shall be INSPECTION AND TESTS; LOCOMOTIVE
equipped with apparatus responsive to
the roadway equipment installed on all § 236.586 Daily or after trip test.
or any part of the route traversed, and (a) Except where tests prescribed by
such apparatus shall be in operative § 236.588 are performed at intervals of
condition. not more than 2 months, each loco-
§ 236.567 Restrictions imposed when motive equipped with an automatic cab
device fails and/or is cut out en signal or train stop or train control de-
route. vice operating in equipped territory
Where an automatic train stop, train shall be inspected for damage to the
control, or cab signal device fails and/ equipment and tested at least once
or is cut out enroute, train may pro- each calendar day or within 24 hours
ceed at restricted speed or if an auto- before departure upon each trip.
matic block signal system is in oper- (b) Each equipped locomotive shall be
ation according to signal indication tested to determine the locomotive
but not to exceed medium speed, to the equipment is responsive to the wayside
next available point of communication equipment and shall be cycled to deter-
where report must be made to a des- mine the device functions as intended.
ignated officer. Where no automatic (c) Each locomotive equipped with
block signal system is in use train intermittent inductive automatic train
shall be permitted to proceed at re- stop or non-coded continuous inductive
stricted speed or where automatic automatic train stop or non-coded con-
block signal system is in operation ac- tinuous inductive automatic train con-
cording to signal indication but not to trol device shall be tested to determine
exceed medium speed to a point where that the pickup of the device is within
absolute block can be established.
specified limits.
Where an absolute block is established
in advance of the train on which the [49 FR 3387, Jan. 26, 1984]
707
§ 236.587 49 CFR Ch. II (10–1–11 Edition)
§ 236.587 Departure test. ified by the carrier, subject to approval

by the FRA.
(a) The automatic train stop, train
control, or cab signal apparatus on [49 FR 3387, Jan. 26, 1984]
each locomotive, except a locomotive
or a multiple-unit car equipped with § 236.589 Relays.
mechanical trip stop, shall be tested (a) Each relay shall be removed from
using one of the following methods: service, subjected to thorough test,
(1) Operation over track elements; necessary repairs and adjustments
(2) Operation over test circuit; made, and shall not be replaced in serv-
(3) Use of portable test equipment; or ice unless its operating characteristics
(4) Use of onboard test device. are in accordance with the limits with-
(b) The test shall be made on depar- in which such relay is designed to oper-
ture of the locomotive from its initial ate, as follows:
terminal unless that apparatus will be (1) Master or primary relays of
cut out between the initial terminal torque type depending on spring ten-
and the equipped territory. If the appa- sion to return contacts to deenergized
ratus is cut out between the initial ter- position in noncoded continuous induc-
minal and the equipped territory the tive automatic train stop or train con-
test shall be made prior to entering trol system, at least once every two
equipped territory. years; and
(c) If a locomotive makes more than (2) All other relays, at least once
one trip in any 24-hour period, only one every six years.
departure test is required in such 24- (b) [Reserved]
hour period.
[49 FR 3387, Jan. 26, 1984]
(d)(1) Whoever performs the test shall
certify in writing that such test was § 236.590 Pneumatic apparatus.
properly performed. The certification
and the test results shall be posted in Automatic train stop, train control,
the cab of the locomotive and a copy of or cab signal pneumatic apparatus
the certification and test results left at shall be inspected, cleaned, and the re-
the test location for filing in the office sults of such inspection recorded as
of the supervisory official having juris- provided by § 229.29(a). When a loco-
diction. motive with automatic train stop,
(2) If it is impractical to leave a copy train control, or cab signal pneumatic
of the certification and test results at apparatus receives out-of-use credit
the location of the test, the test results pursuant to § 229.33, the automatic
shall be transmitted to either (i) the train stop, train control, or cab signal
dispatcher or (ii) one other designated apparatus shall be tested in accordance
individual at each location, who shall with § 236.588 prior to the locomotive
keep a written record of the test re- being placed in service.
sults and the name of the person per- [61 FR 33873, July 1, 1996]
forming the test. These records shall be
retained for at least 92 days. Subpart F—Dragging Equipment
[49 FR 3387, Jan. 26, 1984, as amended at 53 and Slide Detectors and Other
FR 37313, Sept. 26, 1988] Similar Protective Devices
EFFECTIVE DATE NOTE: At 49 FR 3387, Jan.
26, 1984, § 236.587 was revised. This section STANDARDS
contains information collection and record-
keeping requirements and will not become § 236.601 Signals controlled by devices;
effective until approval has been given by location.
the Office of Management and Budget. Signals controlled by devices used to
provide protection against unusual
§ 236.588 Periodic test. contingencies, such as landslides, drag-
Except as provided in § 236.586, peri- ging equipment, burned bridges or tres-
odic test of the automatic train stop, tles and washouts shall be located so
train control, or cab signal apparatus that stopping distance will be provided
shall be made at least once every 92 between the signal and the point where
days, and on multiple-unit cars as spec- it is necessary to stop the train.
708
Subpart G—Definitions § 236.709 Block, absolute.

A block in which no train is per-
§ 236.700 Definitions. mitted to enter while it is occupied by
For the purpose of these rules, stand- another train.
ards, and instructions, the following
definitions will apply. § 236.710 Block, latch.
The lower extremity of a latch rod
§ 236.701 Application, brake; full serv- which engages with a square shoulder
ice. of the segment or quadrant to hold the
An application of the brakes result- lever in position.
ing from a continuous or a split reduc-
tion in brake pipe pressure at a service § 236.711 Bond, rail joint.
rate until maximum brake cylinder A metallic connection attached to
pressure is developed. As applied to an adjoining rails to insure electrical con-
automatic or electro-pneumatic brake ductivity.
with speed governor control, an appli-
cation other than emergency which de- § 236.712 Brake pipe.
velops the maximum brake cylinder A pipe running from the engineman’s
pressure, as determined by the design brake valve through the train, used for
of the brake equipment for the speed at the transmission of air under pressure
which the train is operating. to charge and actuate the automatic
brake equipment and charge the res-
§ 236.702 Arm, semaphore.
ervoirs of the electro-pneumatic brake
The part of a semaphore signal dis- equipment on each vehicle of the train.
playing an aspect. It consists of a blade
fastened to a spectacle. § 236.713 Bridge, movable.
That section of a structure bridging a
§ 236.703 Aspect. navigable waterway so designed that it
The appearance of a roadway signal may be displaced to permit passage of
conveying an indication as viewed from traffic on the waterway.
the direction of an approaching train;
the appearance of a cab signal con- § 236.714 Cab.
veying an indication as viewed by an The compartment of a locomotive
observer in the cab. from which the propelling power and
power brakes of the train are manually
§ 236.704 [Reserved] controlled.
§ 236.705 Bar, locking. §§ 236.715–236.716 [Reserved]
A bar in an interlocking machine to
which the locking dogs are attached. § 236.717 Characteristics, operating.
The measure of electrical values at
§ 236.706 Bed, locking. which electrical or electronic appa-
That part of an interlocking machine ratus operate (e.g., drop-away, pick-up,
that contains or holds the tappets, maximum and minimum current, and
locking bars, crosslocking, dogs and working value).
other apparatus used to interlock the [49 FR 3387, Jan. 26, 1984]
levers.
§ 236.718 Chart, dog.
§ 236.707 Blade, semaphore.
A diagrammatic representation of
The extended part of a semaphore the mechanical locking of an inter-
arm which shows the position of the locking machine, used as a working
arm. plan in making up, assembling and fit-
ting the locking.
§ 236.708 Block.
A length of track of defined limits, § 236.719 Circuit, acknowledgment.
the use of which by trains is governed A circuit consisting of wire or other
by block signals, cab signals, or both. conducting material installed between
709
§ 236.720 49 CFR Ch. II (10–1–11 Edition)
the track rails at each signal in terri- § 236.729 Cock, double heading.
tory where an automatic train stop A manually operated valve by means
system or cab signal system of the con- of which the control of brake operation
tinuous inductive type with 2-indica- is transferred to the leading loco-
tion cab signals is in service, to enforce motive.
acknowledgement by the engineman at
each signal displaying an aspect requir- § 236.730 Coil, receiver.
ing a stop. Concentric layers of insulated wire
wound around the core of a receiver of
§ 236.720 Circuit, common return.
an automatic train stop, train control
A term applied where one wire is or cab signal device on a locomotive.
used for the return of more than one
electric circuit. § 236.731 Controller, circuit.
A device for opening and closing elec-
§ 236.721 Circuit, control. tric circuits.
An electrical circuit between a
§ 236.732 Controller, circuit; switch.
source of electric energy and a device
which it operates. A device for opening and closing elec-
tric circuits, operated by a rod con-
§ 236.722 Circuit, cut-in. nected to a switch, derail or movable-
point frog.
A roadway circuit at the entrance to
automatic train stop, train control or § 236.733 Current, foreign.
cab signal territory by means of which
locomotive equipment of the contin- A term applied to stray electric cur-
rents which may affect a signaling sys-
uous inductive type is actuated so as to
tem, but which are not a part of the
be in operative condition.
system.
§ 236.723 Circuit, double wire; line. § 236.734 Current of traffic.
An electric circuit not employing a The movement of trains on a speci-
common return wire; a circuit formed fied track in a designated direction.
by individual wires throughout.
§ 236.735 Current, leakage.
§ 236.724 Circuit, shunt fouling.
A stray electric current of relatively
The track circuit in the fouling sec- small value which flows through or
tion of a turnout, connected in mul- across the surface of insulation when a
tiple with the track circuit in the main voltage is impressed across the insula-
track. tion.
§ 236.725 Circuit, switch shunting. § 236.736 Cut-section.

A shunting circuit which is closed A location other than a signal loca-
through contacts of a switch circuit tion where two adjoining track circuits
controller. end within a block.
§ 236.726 Circuit, track. § 236.737 Cut-section, relayed.

An electrical circuit of which the A cut-section where the energy for
rails of the track form a part. one track circuit is supplied through
front contacts or through front and
§ 236.727 Circuit, track; coded. polar contacts of the track relay for
the adjoining track circuit.
A track circuit in which the energy
is varied or interrupted periodically. § 236.738 Detector, point.
A circuit controller which is part of
§ 236.728 Circuit, trap.
the switch operating mechanism and
A term applied to a circuit used operated by a rod connected to a
where it is desirable to provide a track switch, derail or movable point frog to
circuit but where it is impracticable to indicate that the point is within a
maintain a track circuit. specified distance of the stock rail.
710
§ 236.739 Device, acknowledging. § 236.746 Feature, restoring.

A manually operated electric switch An arrangement on an electro-pneu-
or pneumatic valve by means of which, matic switch by means of which power
on a locomotive equipped with an auto- is applied to restore the switch move-
matic train stop or train control de- ment to full normal or to full reverse
vice, an automatic brake application position, before the driving bar creeps
can be forestalled, or by means of sufficiently to unlock the switch, with
which, on a locomotive equipped with control level in normal or reverse posi-
an automatic cab signal device, the tion.
sounding of the cab indicator can be si- [49 FR 3388, Jan. 26, 1984]
lenced.
§ 236.747 Forestall.
§ 236.740 Device, reset.
As applied to an automatic train stop
A device whereby the brakes may be or train control device, to prevent an
released after an automatic train con- automatic brake application by oper-
trol brake application. ation of an acknowledging device or by
manual control of the speed of the
§ 236.741 Distance, stopping. train.
The maximum distance on any por-
tion of any railroad which any train
operating on such portion of railroad § 236.749 Indication.
at its maximum authorized speed, will
travel during a full service application The information conveyed by the as-
of the brakes, between the point where pect of a signal.
such application is initiated and the CROSS REFERENCE: Inductor, see § 236.744.
point where the train comes to a stop.
§ 236.750 Interlocking, automatic.
§ 236.742 Dog, locking. An arrangement of signals, with or
A steel block attached to a locking without other signal appliances, which
bar or tappet of an interlocking ma- functions through the exercise of in-
chine, by means of which locking be- herent powers as distinguished from
tween levers is accomplished. those whose functions are controlled
manually, and which are so inter-
§ 236.743 Dog, swing. connected by means of electric circuits
A locking dog mounted in such a that their movements must succeed
each other in proper sequence, train
manner that it is free to rotate on a
movements over all routes being gov-
trunnion which is riveted to a locking
erned by signal indication.
bar.
CROSS REFERENCE: Element, contact. See § 236.751 Interlocking, manual.
receiver, § 236.788. An arrangement of signals and signal
appliances operated from an inter-
§ 236.744 Element, roadway. locking machine and so interconnected
That portion of the roadway appa- by means of mechanical and/or electric
ratus of automatic train stop, train locking that their movements must
control, or cab signal system, such as succeed each other in proper sequence,
electric circuit, inductor, or trip arm train movements over all routes being
to which the locomotive apparatus of governed by signal indication.
such system is directly responsive.
§ 236.752 Joint, rail, insulated.
[49 FR 3387, Jan. 26, 1984]
A joint in which electrical insulation
§ 236.745 Face, locking. is provided between adjoining rails.
The locking surface of a locking dog, § 236.753 Limits, interlocking.

tappet or cross locking of an inter- The tracks between the opposing
locking machine. home signals of an interlocking.
711
§ 236.754 49 CFR Ch. II (10–1–11 Edition)
§ 236.754 Line, open wire. § 236.761 Locking, electric.

An overhead wire line consisting of The combination of one or more elec-
single conductors as opposed to mul- tric locks and controlling circuits by
tiple-conductor cables. means of which levers of an inter-
locking machine, or switches or other
§ 236.755 Link, rocker. units operated in connection with sig-
That portion of an interlocking ma- naling and interlocking, are secured
chine which transmits motion between against operation under certain condi-
the latch and the universal link. tions.
§ 236.756 Lock, bolt. § 236.762 Locking, indication.
A mechanical lock so arranged that Electric locking which prevents ma-

if a switch, derail or movable-point nipulation of levers that would result
in an unsafe condition for a train
frog is not in the proper position for a
movement if a signal, switch, or other
train movement, the signal governing
operative unit fails to make a move-
that movement cannot display an as-
ment corresponding to that of its con-
pect to proceed; and that will prevent a
trolling lever, or which directly pre-
movement of the switch, derail or mov-
vents the operation of a signal, switch,
able-point frog unless the signal dis- or other operative unit, in case another
plays its most restrictive aspect. unit which should operate first fails to
make the required movement.
§ 236.757 Lock, electric.
A device to prevent or restrict the § 236.763 Locking, latch operated.
movement of a lever, a switch or a The mechanical locking of an inter-
movable bridge, unless the locking locking machine which is actuated by
member is withdrawn by an electrical means of the lever latch.
device, such as an electromagnet, sole-
noid or motor. § 236.764 Locking, lever operated.
§ 236.758 Lock, electric, forced drop. The mechanical locking of an inter-
locking machine which is actuated by
An electric lock in which the locking means of the lever.
member is mechanically forced down
to the locked position. § 236.765 Locking, mechanical.
An arrangement of locking bars,
§ 236.759 Lock, facing point.
dogs, tappets, cross locking and other
A mechanical lock for a switch, de- apparatus by means of which inter-
rail, or movable-point frog, comprising locking is effected between the levers
a plunger stand and a plunger which of an interlocking machine and so
engages a lock rod attached to the interconnected that their movements
switch point to lock the operated unit. must succeed each other in a predeter-
mined order.
§ 236.760 Locking, approach.
Electric locking effective while a § 236.766 Locking, movable bridge.
train is approaching, within a specified The rail locks, bridge locks, bolt
distance, a signal displaying an aspect locks, circuit controllers, and electric
to proceed, and which prevents, until locks used in providing interlocking
after the expiration of a predetermined protection at a movable bridge.
time interval after such signal has
been caused to display its most restric- § 236.767 Locking, route.
tive aspect, the movement of any Electric locking, effective when a
interlocked or electrically locked train passes a signal displaying an as-
switch, movable-point frog, or derail in pect for it to proceed, which prevents
the route governed by the signal, and the movement of any switch, movable-
which prevents an aspect to proceed point frog, or derail in advance of the
from being displayed for any con- train within the route entered. It may
flicting route. be so arranged that as a train clears a
712
track section of the route, the locking § 236.776 Movement, trailing.

affecting that section is released.
The movement of a train over the
§ 236.768 Locking, time. points of a switch which face in the di-
rection in which the train is moving.
A method of locking, either mechan-
ical or electrical, which, after a signal § 236.777 Operator, control.
has been caused to display an aspect to
proceed, prevents, until after the expi- An employee assigned to operate the
ration of a predetermined time interval control machine of a traffic control
after such signal has been caused to system.
display its most restrictive aspect, the
operation of any interlocked or elec- § 236.778 Piece, driving.
trically locked switch, movable-point A crank secured to a locking shaft by
frog, or derail in the route governed by means of which horizontal movement
that signal, and which prevents an as- is imparted to a longitudinal locking
pect to proceed from being displayed bar.
for any conflicting route.
§ 236.779 Plate, top.
§ 236.769 Locking, traffic.
Electric locking which prevents the A metal plate secured to a locking
manipulation of levers or other devices bracket to prevent the cross locking
for changing the direction of traffic on from being forced out of the bracket.
a section of track while that section is
§ 236.780 Plunger, facing point lock.
occupied or while a signal displays an
aspect for a movement to proceed into That part of a facing point lock
that section. which secures the lock rod to the
plunger stand when the switch is
§ 236.770 Locomotive. locked.
A self-propelled unit of equipment
which can be used in train service. § 236.781 [Reserved]
§ 236.771 Machine, control. § 236.782 Point, controlled.

An assemblage of manually operated A location where signals and/or other
devices for controlling the functions of functions of a traffic control system
a traffic control system; it may include are controlled from the control ma-
a track diagram with indication lights. chine.
§ 236.772 Machine, interlocking. § 236.783 Point, stop-indication.
An assemblage of manually operated As applied to an automatic train stop
levers or other devices for the control or train control system without the
of signals, switches or other units.
use of roadway signals, a point where a
CROSS REFERENCE: Magnet, track, see signal displaying an aspect requiring a
§ 236.744. stop would be located.
§ 236.773 Movements, conflicting. § 236.784 Position, deenergized.
Movements over conflicting routes. The position assumed by the moving
§ 236.774 Movement, facing. member of an electromagnetic device
when the device is deprived of its oper-
The movement of a train over the
ating current.
points of a switch which face in a direc-
tion opposite to that in which the train § 236.785 Position, false restrictive.
is moving.
A position of a semaphore arm that
§ 236.775 Movement, switch-and-lock. is more restrictive than it should be.
A device, the complete operation of
§ 236.786 Principle, closed circuit.
which performs the three functions of
unlocking, operating and locking a The principle of circuit design where
switch, movable-point frog or derail. a normally energized electric circuit
713
§ 236.787 49 CFR Ch. II (10–1–11 Edition)
which, on being interrupted or deener- § 236.791 Release, value.

gized, will cause the controlled func-
The electrical value at which the
tion to assume its most restrictive con-
movable member of an electromagnetic
dition.
device will move to its deenergized por-
§ 236.787 Protection, cross. tion.
An arrangement to prevent the im- § 236.792 Reservoir, equalizing.
proper operation of a signal, switch,
An air reservoir connected with and
movable-point frog, or derail as the re-
adding volume to the top portion of the
sult of a cross in electrical circuits.
equalizing piston chamber of the auto-
CROSS REFERENCE: Ramp, see § 236.744. matic brake valve, to provide uniform
service reductions in brake pipe pres-
§ 236.787a Railroad. sure regardless of the length of the
Railroad means any form of non- train.
highway ground transportation that
runs on rails or electromagnetic guide- CROSS REFERENCE: Rocker, see § 236.755.
ways and any entity providing such
§ 236.793 Rod, lock.
transportation, including—
(a) Commuter or other short-haul A rod, attached to the front rod or
railroad passenger service in a metro- lug of a switch, movable-point frog or
politan or suburban area and com- derail, through which a locking plung-
muter railroad service that was oper- er may extend when the switch points
ated by the Consolidated Rail Corpora- or derail are in the normal or reverse
tion on January 1, 1979; and position.
(b) High speed ground transportation
systems that connect metropolitan § 236.794 Rod, up-and-down.
areas, without regard to whether those A rod used for connecting the sema-
systems use new technologies not asso- phore arm to the operating mechanism
ciated with traditional railroads; but of a signal.
does not include rapid transit oper-
ations in an urban area that are not § 236.795 Route.
connected to the general railroad sys- The course or way which is, or is to
tem of transportation. be, traveled.
[70 FR 11095, Mar. 7, 2005]
§ 236.796 Routes, conflicting.
§ 236.788 Receiver. Two or more routes, opposing, con-
A device on a locomotive, so placed verging or intersecting, over which
that it is in position to be influenced movements cannot be made simulta-
inductively or actuated by an auto- neously without possibility of colli-
matic train stop, train control or cab sion.
signal roadway element.
§ 236.797 Route, interlocked.
§ 236.789 Relay, timing. A route within interlocking limits.
A relay which will not close its front
contacts or open its back contacts, or § 236.798 Section, dead.
both, until the expiration of a definite A section of track, either within a
time intervals after the relay has been track circuit or between two track cir-
energized. cuits, the rails of which are not part of
a track circuit.
§ 236.790 Release, time.
A device used to prevent the oper- § 236.799 Section, fouling.
ation of an operative unit until after The section of track between the
the expiration of a predetermined time switch points and the clearance point
interval after the device has been actu- in a turnout.
ated.
714
§ 236.800 Sheet, locking. means of controlling the signal elec-

trically, as well as mechanically.
A description in tabular form of the
locking operations in an interlocking § 236.810 Spectacle, semaphore arm.
machine.
That part of a semaphore arm which
§ 236.801 Shoe, latch. holds the roundels and to which the
The casting by means of which the blade is fastened.
latch rod and the latch block are held
§ 236.811 Speed, medium.
to a lever of a mechanical interlocking
machine. A speed not exceeding 40 miles per
hour.
§ 236.802 Shunt.
A by-path in an electrical circuit. § 236.812 Speed, restricted.
A speed that will permit stopping
§ 236.802a Siding. within one-half the range of vision, but
An auxiliary track for meeting or not exceeding 20 miles per hour.
passing trains. [49 FR 3388, Jan. 26, 1984]
§ 236.803 Signal, approach.
§ 236.813 Speed, slow.
A roadway signal used to govern the
A speed not exceeding 20 miles per
approach to another signal and if oper-
hour.
ative so controlled that its indication
furnishes advance information of the § 236.813a State, most restrictive.
indication of the next signal.
The mode of an electric or electronic
§ 236.804 Signal, block. device that is equivalent to a track
A roadway signal operated either relay in its deenergized position.
automatically or manually at the en- [49 FR 3388, Jan. 26, 1984]
trance to a block.
§ 236.814 Station, control.
§ 236.805 Signal, cab.
The place where the control machine
A signal located in engineman’s com- of a traffic control system is located.
partment or cab, indicating a condition
affecting the movement of a train and § 236.815 Stop.
used in conjunction with interlocking
As applied to mechanical locking, a
signals and in conjunction with or in
device secured to a locking bar to limit
lieu of block signals.
its movement.
§ 236.806 Signal, home.
§ 236.816 Superiority of trains.
A roadway signal at the entrance to
a route or block to govern trains in en- The precedence conferred upon one
tering and using that route or block. train over other trains by train order
or by reason of its class or the direc-
§ 236.807 Signal, interlocking. tion of its movement.
A roadway signal which governs § 236.817 Switch, electro-pneumatic.
movements into or within interlocking
limits. A switch operated by an electro-
pneumatic switch-and-lock movement.
§ 236.808 Signals, opposing.
§ 236.818 Switch, facing point.
Roadway signals which govern move-
ments in opposite directions on the A switch, the points of which face
same track. traffic approaching in the direction for
which the track is signaled.
§ 236.809 Signal, slotted mechanical.
A mechanically operated signal with § 236.819 Switch, hand operated.
an electromagnetic device inserted in A non-interlocked switch which can
its operating connection to provide a only be operated manually.
715
§ 236.820 49 CFR Ch. II (10–1–11 Edition)
§ 236.820 Switch, interlocked. application of the brakes until the

train has been brought to a stop.
A switch within the interlocking lim-
its the control of which is interlocked § 236.827 System, block signal.
with other functions of the inter-
locking. A method of governing the movement
of trains into or within one or more
§ 236.820a Switch, power-operated. blocks by block signals or cab signals.
A switch operated by an electrically, § 236.828 System, traffic control.
hydraulically, or pneumatically driven
A block signal system under which
switch-and-lock movement.
train movements are authorized by
[49 FR 3388, Jan. 26, 1984] block signals whose indications super-
sede the superiority of trains for both
§ 236.821 Switch, sectionalizing. opposing and following movements on
A switch for disconnecting a section the same track.
of a power line from the source of en-
§ 236.829 Terminal, initial.
ergy.
The starting point of a locomotive
§ 236.822 Switch, spring. for a trip.
A switch equipped with a spring de- § 236.830 Time, acknowledging.
vice which forces the points to their
original position after being trailed As applied to an intermittent auto-
through and holds them under spring matic train stop system, a predeter-
compression. mined time within which an automatic
brake application may be forestalled
§ 236.823 Switch, trailing point. by means of the acknowledging device.
A switch, the points of which face § 236.831 Time, delay.
away from traffic approaching in the
direction for which the track is sig- As applied to an automatic train stop
naled. or train control system, the time
which elapses after the onboard appa-
§ 236.824 System, automatic block sig- ratus detects a more restrictive indica-
nal. tion until the brakes start to apply.
A block signal system wherein the [49 FR 3388, Jan. 26, 1984]
use of each block is governed by an
automatic block signal, cab signal, or § 236.831a Track, main.
both. A track, other than auxiliary track,
extending through yards and between
§ 236.825 System, automatic train con- stations, upon which trains are oper-
trol. ated by timetable or train orders, or
A system so arranged that its oper- both, or the use of which is governed
ation will automatically result in the by block signals.
following:
(a) A full service application of the § 236.832 Train.
brakes which will continue either until A locomotive or more than one loco-
the train is brought to a stop, or, under motive coupled, with or without cars.
control of the engineman, its speed is
reduced to a predetermined rate. § 236.833 Train, opposing.
(b) When operating under a speed re- A train, the movement of which is in
striction, an application of the brakes a direction opposite to and toward an-
when the speed of the train exceeds the other train on the same track.
predetermined rate and which will con-
tinue until the speed is reduced to that § 236.834 Trip.
rate. A movement of a locomotive over all
or any portion of automatic train stop,
§ 236.826 System, automatic train stop. train control or cab signal territory be-
A system so arranged that its oper- tween the terminals for that loco-
ation will automatically result in the motive; a movement in one direction.
716
CROSS REFERENCE: Trip-arm, see § 236.744. plains to FRA Associate Administrator
for Safety’s satisfaction the following:
§ 236.835 Trunking. (i) How the objectives of any such re-
A casing used to protect electrical quirements are met by the product;
conductors. (ii) Why the objectives of any such
requirements are not relevant to the
§ 236.836 Trunnion. product; or
(iii) How the requirement is satisfied
A cylindrical projection supporting a
using alternative means. (See
revolving part.
§ 236.907(a)(14)).
§ 236.837 Valve, electro-pneumatic. (2) Products subject to this subpart
are also subject to applicable require-
A valve electrically operated which, ments of parts 233, 234 and 235 of this
when operated, will permit or prevent chapter. See § 234.275 of this chapter
passage of air. with respect to use of this subpart to
qualify certain products for use within
§ 236.838 Wire, shunt. highway-rail grade crossing warning
A wire forming part of a shunt cir- systems.
cuit. (3) Information required to be sub-
mitted by this subpart that a sub-
Subpart H—Standards for Proc- mitter deems to be trade secrets, or
essor-Based Signal and Train commercial or financial information
that is privileged or confidential under
Control Systems Exemption 4 of the Freedom of Infor-
mation Act, 5 U.S.C. 552(b)(4), shall be
SOURCE: 70 FR 11095, Mar. 7, 2005, unless so labeled in accordance with the pro-
otherwise noted. visions of § 209.11 of this chapter. FRA
handles information so labeled in ac-
§ 236.901 Purpose and scope.
cordance with the provisions of § 209.11
(a) What is the purpose of this subpart? of this chapter.
The purpose of this subpart is to pro-
mote the safe operation of processor- § 236.903 Definitions.
based signal and train control systems, As used in this subpart—
subsystems, and components that are Associate Administrator for Safety
safety-critical products, as defined in means the Associate Administrator for
§ 236.903, and to facilitate the develop- Safety, FRA, or that person’s delegate
ment of those products. as designated in writing.
(b) What topics does it cover? This sub- Component means an element, device,
part prescribes minimum, perform- or appliance (including those whose na-
ance-based safety standards for safety- ture is electrical, mechanical, hard-
critical products, including require- ware, or software) that is part of a sys-
ments to ensure that the development, tem or subsystem.
installation, implementation, inspec- Configuration management control plan
tion, testing, operation, maintenance, means a plan designed to ensure that
repair, and modification of those prod- the proper and intended product con-
ucts will achieve and maintain an ac- figuration, including the hardware
ceptable level of safety. This subpart components and software version, is
also prescribes standards to ensure documented and maintained through
that personnel working with safety- the life-cycle of the products in use.
critical products receive appropriate Employer means a railroad, or con-
training. Each railroad may prescribe tractor to a railroad, that directly en-
additional or more stringent rules, and gages or compensates individuals to
other special instructions, that are not perform the duties specified in § 236.921
inconsistent with this subpart. (a).
(c) What other rules apply? (1) This Executive software means software
subpart does not exempt a railroad common to all installations of a given
from compliance with the require- product. It generally is used to sched-
ments of subparts A through G of this ule the execution of the site-specific
part, except to the extent a PSP ex- application programs, run timers, read
717
§ 236.903 49 CFR Ch. II (10–1–11 Edition)
inputs, drive outputs, perform self- on a railroad as described in its PSP.

diagnostics, access and check memory, The petition for approval is to contain
and monitor the execution of the appli- information that is relevant to deter-
cation software to detect unsolicited mining the safety of the resulting sys-
changes in outputs. tem; relevant to determining compli-
FRA means the Federal Railroad Ad- ance with this part; and relevant to de-
ministration. termining the safety of the product, in-
Full automatic operation means that cluding a complete copy of the prod-
mode of an automatic train control uct’s PSP and supporting safety anal-
system capable of operating without ysis.
external human influence, in which the Predefined change means any post-im-
locomotive engineer/operator may act plementation modification to the use
as a passive system monitor, in addi- of a product that is provided for in the
tion to an active system controller. PSP (see § 236.907(b)).
Hazard means an existing or poten- Previous Condition refers to the esti-
tial condition that can result in an ac- mated risk inherent in the portion of
cident. the existing method of operation that
High degree of confidence, as applied is relevant to the change under anal-
to the highest level of aggregation, ysis (including the elements of any ex-
means there exists credible safety isting signal or train control system
analysis supporting the conclusion relevant to the review of the product).
that the likelihood of the proposed con- Processor-based, as used in this sub-
dition associated with the new product part, means dependent on a digital
being less safe than the previous condi- processor for its proper functioning.
tion is very small. Product means a processor-based sig-
Human factors refers to a body of nal or train control system, subsystem,
knowledge about human limitations, or component.
human abilities, and other human Product Safety Plan (or PSP) refers to
characteristics, such as behavior and a formal document which describes in
motivation, that must be considered in detail all of the safety aspects of the
product design. product, including but not limited to
Human-machine interface (HMI) means procedures for its development, instal-
the interrelated set of controls and dis- lation, implementation, operation,
plays that allows humans to interact maintenance, repair, inspection, test-
with the machine. ing and modification, as well as anal-
Initialization refers to the startup yses supporting its safety claims, as
process when it is determined that a described in § 236.907.
product has all required data input and Railroad Safety Program Plan (or
the product is prepared to function as RSPP) refers to a formal document
intended. which describes a railroad’s strategy
Mandatory directive has the meaning for addressing safety hazards associ-
set forth in § 220.5 of this chapter. ated with operation of products under
Materials handling refers to explicit this subpart and its program for execu-
instructions for handling safety-crit- tion of such strategy though the use of
ical components established to comply PSP requirements, as described in
with procedures specified in the PSP. § 236.905.
Mean Time to Hazardous Event Revision control means a chain of cus-
(MTTHE) means the average or ex- tody regimen designed to positively
pected time that a subsystem or com- identify safety-critical components and
ponent will operate prior to the occur- spare equipment availability, including
rence of an unsafe failure. repair/replacement tracking in accord-
New or next-generation train control ance with procedures outlined in the
system means a train control system PSP.
using technologies not in use in rev- Risk means the expected probability
enue service at the time of PSP sub- of occurrence for an individual acci-
mission or without established his- dent event (probability) multiplied by
tories of safe practice. the severity of the expected con-
Petition for approval means a petition sequences associated with the accident
to FRA for approval to use a product (severity).
718
Risk assessment means the process of dress, at a minimum, the following

determining, either quantitatively or subject areas:
qualitatively, the measure of risk asso- (1) Requirements and concepts. The
ciated with use of the product under all RSPP must require a description of the
intended operating conditions or the preliminary safety analysis, including:
previous condition. (i) A complete description of methods
Safety-critical, as applied to a func- used to evaluate a system’s behavioral
tion, a system, or any portion thereof, characteristics;
means the correct performance of (ii) A complete description of risk as-
which is essential to safety of per- sessment procedures;
sonnel or equipment, or both; or the in- (iii) The system safety precedence
correct performance of which could followed; and
cause a hazardous condition, or allow a (iv) The identification of the safety
hazardous condition which was in- assessment process.
tended to be prevented by the function (2) Design for verification and valida-
or system to exist. tion. The RSPP must require the iden-
Subsystem means a defined portion of tification of verification and validation
a system. methods for the preliminary safety
System refers to a signal or train con- analysis, initial development process,
trol system and includes all sub- and future incremental changes, in-
systems and components thereof, as cluding standards to be used in the
the context requires. verification and validation process,
System Safety Precedence means the consistent with appendix C to this
order of precedence in which methods part. The RSPP must require that ref-
used to eliminate or control identified erences to any non-published standards
hazards within a system are imple- be included in the PSP.
mented. (3) Design for human factors. The
Validation means the process of deter- RSPP must require a description of the
mining whether a product’s design re- process used during product develop-
quirements fulfill its intended design ment to identify human factors issues
objectives during its development and and develop design requirements which
life-cycle. The goal of the validation address those issues.
process is to determine ‘‘whether the (4) Configuration management control
correct product was built.’’ plan. The RSPP must specify require-
Verification means the process of de- ments for configuration management
termining whether the results of a for all products to which this subpart
given phase of the development cycle applies.
fulfill the validated requirements es- (c) How are RSPP’s approved? (1) Each
tablished at the start of that phase. railroad shall submit a petition for ap-
The goal of the verification process is proval of an RSPP to the Associate Ad-
to determine ‘‘whether the product was ministrator for Safety, FRA, 1200 New
built correctly.’’ Jersey Avenue, SE., Mail Stop 25,
Washington, DC 20590. The petition
§ 236.905 Railroad Safety Program must contain a copy of the proposed
Plan (RSPP). RSPP, and the name, title, address,
(a) What is the purpose of an RSPP? A and telephone number of the railroad’s
railroad subject to this subpart shall primary contact person for review of
develop an RSPP, subject to FRA ap- the petition.
proval, that serves as its principal safe- (2) Normally within 180 days of re-
ty document for all safety-critical ceipt of a petition for approval of an
products. The RSPP must establish the RSPP, FRA:
minimum PSP requirements that will (i) Grants the petition, if FRA finds
govern the development and implemen- that the petition complies with appli-
tation of all products subject to this cable requirements of this subpart, at-
subpart, consistent with the provisions taching any special conditions to the
contained in § 236.907. approval of the petition as necessary to
(b) What subject areas must the RSPP carry out the requirements of this sub-
address? The railroad’s RSPP must ad- part;
719
§ 236.907 49 CFR Ch. II (10–1–11 Edition)
(ii) Denies the petition, setting forth the life cycle of the product, including
reasons for denial; or maximum threshold limits for each
(iii) Requests additional information. hazard (for unidentified hazards, the
(3) If no action is taken on the peti- threshold shall be exceeded at one oc-
tion within 180 days, the petition re- currence);
mains pending for decision. The peti- (7) A risk assessment, as prescribed
tioner is encouraged to contact FRA in § 236.909 and appendix B to this part;
for information concerning its status. (8) A hazard mitigation analysis, in-
(4) FRA may reopen consideration of cluding a complete and comprehensive
any previously-approved petition for description of all hazards to be ad-
cause, providing reasons for such ac- dressed in the system design and devel-
tion. opment, mitigation techniques used,
(d) How are RSPP’s modified? (1) Rail-
and system safety precedence followed,
roads shall obtain FRA approval for
as prescribed by the applicable RSPP;
any modification to their RSPP which
affects a safety-critical requirement of (9) A complete description of the
a PSP. Other modifications do not re- safety assessment and verification and
quire FRA approval. validation processes applied to the
(2) Petitions for FRA approval of product and the results of these proc-
RSPP modifications are subject to the esses, describing how subject areas cov-
same procedures as petitions for initial ered in appendix C to this part are ei-
RSPP approval, as specified in para- ther: addressed directly, addressed
graph (c) of this section. In addition, using other safety criteria, or not ap-
such petitions must identify the pro- plicable;
posed modification(s) to be made, the (10) A complete description of the
reason for the modification(s), and the safety assurance concepts used in the
effect of the modification(s) on safety. product design, including an expla-
nation of the design principles and as-
[70 FR 11095, Mar. 7, 2005, as amended at 74
sumptions;
FR 25174, May 27, 2009]
(11) A human factors analysis, includ-
§ 236.907 Product Safety Plan (PSP). ing a complete description of all
(a) What must a PSP contain? The PSP human-machine interfaces, a complete
must include the following: description of all functions performed
(1) A complete description of the by humans in connection with the
product, including a list of all product product to enhance or preserve safety,
components and their physical rela- and an analysis in accordance with ap-
tionship in the subsystem or system; pendix E to this part or in accordance
(2) A description of the railroad oper- with other criteria if demonstrated to
ation or categories of operations on the satisfaction of the Associate Ad-
which the product is designed to be ministrator for Safety to be equally
used, including train movement den- suitable;
sity, gross tonnage, passenger train (12) A complete description of the
movement density, hazardous mate- specific training of railroad and con-
rials volume, railroad operating rules, tractor employees and supervisors nec-
and operating speeds; essary to ensure the safe and proper in-
(3) An operational concepts docu- stallation, implementation, operation,
ment, including a complete description maintenance, repair, inspection, test-
of the product functionality and infor- ing, and modification of the product;
mation flows; (13) A complete description of the
(4) A safety requirements document, specific procedures and test equipment
including a list with complete descrip- necessary to ensure the safe and proper
tions of all functions which the product installation, implementation, oper-
performs to enhance or preserve safety; ation, maintenance, repair, inspection,
(5) A document describing the man- testing, and modification of the prod-
ner in which product architecture sat- uct. These procedures, including cali-
isfies safety requirements; bration requirements, shall be con-
(6) A hazard log consisting of a com- sistent with or explain deviations from
prehensive description of all safety-rel- the equipment manufacturer’s rec-
evant hazards to be addressed during ommendations;
720
(14) An analysis of the applicability with § 236.915. However, the risk assess-
of the requirements of subparts A ment for the product must dem-
through G of this part to the product onstrate that operation of the product,
that may no longer apply or are satis- as modified by any predefined change,
fied by the product using an alter- satisfies the minimum performance
native method, and a complete expla- standard.
nation of the manner in which those (2) The PSP must identify configura-
requirements are otherwise fulfilled tion/revision control measures designed
(see § 234.275 of this chapter and to ensure that safety-functional re-
§ 236.901(c)); quirements and safety-critical hazard
(15) A complete description of the mitigation processes are not com-
necessary security measures for the promised as a result of any such
product over its life-cycle; change. (Software changes involving
(16) A complete description of each safety functional requirements or safe-
warning to be placed in the Operations ty critical hazard mitigation processes
and Maintenance Manual identified in for components in use are also ad-
§ 236.919, and of all warning labels re- dressed in paragraph (c) of this sec-
quired to be placed on equipment as tion.)
necessary to ensure safety; (c) What requirements apply to other
(17) A complete description of all ini- product changes? (1) Incremental
tial implementation testing procedures changes are planned product version
necessary to establish that safety-func- changes described in the initial PSP
tional requirements are met and safe- where slightly different specifications
ty-critical hazards are appropriately are used to allow the gradual enhance-
mitigated; ment of the product’s capabilities. In-
(18) A complete description of: cremental changes shall require
(i) All post-implementation testing verification and validation to the ex-
(validation) and monitoring proce- tent the changes involve safety-critical
dures, including the intervals nec- functions.
essary to establish that safety-func- (2) Changes classified as maintenance
tional requirements, safety-critical require validation.
hazard mitigation processes, and safe- (d) What are the responsibilities of the
ty-critical tolerances are not com- railroad and product supplier regarding
promised over time, through use, or communication of hazards? (1) The PSP
after maintenance (repair, replace- shall specify all contractual arrange-
ment, adjustment) is performed; and ments with hardware and software sup-
(ii) Each record necessary to ensure pliers for immediate notification of
the safety of the system that is associ- any and all safety critical software up-
ated with periodic maintenance, in- grades, patches, or revisions for their
spections, tests, repairs, replacements, processor-based system, sub-system, or
adjustments, and the system’s result- component, and the reasons for such
ing conditions, including records of changes from the suppliers, whether or
component failures resulting in safety- not the railroad has experienced a fail-
relevant hazards (see § 236.917(e)(3)); ure of that safety-critical system, sub-
(19) A complete description of any system, or component.
safety-critical assumptions regarding (2) The PSP shall specify the rail-
availability of the product, and a com- road’s procedures for action upon noti-
plete description of all backup methods fication of a safety-critical upgrade,
of operation; and patch, or revision for this processor-
(20) A complete description of all in- based system, sub-system, or compo-
cremental and predefined changes (see nent, and until the upgrade, patch, or
paragraphs (b) and (c) of this section). revision has been installed; and such
(b) What requirements apply to action shall be consistent with the cri-
predefined changes? (1) Predefined terion set forth in § 236.915(d) as if the
changes are not considered design failure had occurred on that railroad.
modifications requiring an entirely (3) The PSP must identify configura-
new safety verification process, a re- tion/revision control measures designed
vised PSP, and an informational filing to ensure that safety-functional re-
or petition for approval in accordance quirements and safety-critical hazard
721
§ 236.909 49 CFR Ch. II (10–1–11 Edition)
mitigation processes are not com- (d) What is an abbreviated risk assess-
promised as a result of any such ment, and when may it be used? (1) An
change, and that any such change can abbreviated risk assessment may be
be audited. used in lieu of a full risk assessment to
(4) Product suppliers entering into show compliance with the performance
contractual arrangements for product standard if:
support described in a PSP must (i) No new hazards are introduced as
promptly report any safety-relevant a result of the change;
failures and previously unidentified (ii) Severity of each hazard associ-
hazards to each railroad using the ated with the previous condition does
product. not increase from the previous condi-
tion; and
§ 236.909 Minimum performance stand- (iii) Exposure to such hazards does
ard. not change from the previous condi-
(a) What is the minimum performance tion.
standard for products covered by this sub- (2) An abbreviated risk assessment
part? The safety analysis included in supports the finding required by para-
the railroad’s PSP must establish with graph (a) of this section if it estab-
a high degree of confidence that intro- lishes that the resulting MTTHE for
duction of the product will not result the proposed product is greater than or
in risk that exceeds the previous condi- equal to the MTTHE for the system,
component or method performing the
tion. The railroad shall determine,
same function in the previous condi-
prior to filing its petition for approval
tion. This determination must be sup-
or informational filing, that this stand-
ported by credible safety analysis suffi-
ard has been met and shall make avail-
cient to persuade the Associate Admin-
able the necessary analyses and docu-
istrator for Safety that the likelihood
mentation as provided in this subpart.
of the new product’s MTTHE being less
(b) How does FRA determine whether than the MTTHE for the system, com-
the PSP requirements for products covered ponent, or method performing the same
by subpart H have been met? With re- function in the previous condition is
spect to any FRA review of a PSP, the very small.
Associate Administrator for Safety (3) Alternatively, an abbreviated risk
independently determines whether the assessment supports the finding re-
railroad’s safety case establishes with quired by paragraph (a) of this section
a high degree of confidence that intro- if:
duction of the product will not result (i) The probability of failure for each
in risk that exceeds the previous condi- hazard of the product is equal to or less
tion. In evaluating the sufficiency of the corresponding recommended Spe-
the railroad’s case for the product, the cific Quantitative Hazard Probability
Associate Administrator for Safety Ratings classified as more favorable
considers, as applicable, the factors than ‘‘undesirable’’ by AREMA Manual
pertinent to evaluation of risk assess- Part 17.3.5 (Recommended Procedure
ments, listed in § 236.913(g)(2). for Hazard Identification and Manage-
(c) What is the scope of a full risk as- ment of Vital Electronic/Software-
sessment required by this section? A full Based Equipment Used in Signal and
risk assessment performed under this Train Control Applications), or—in the
subpart must address the safety risks case of a hazard classified as undesir-
affected by the introduction, modifica- able—the Associate Administrator for
tion, replacement, or enhancement of a Safety concurs that mitigation of the
product. This includes risks associated hazard within the framework of the
with the previous condition which are electronic system is not practical and
no longer present as a result of the the railroad proposes reasonable steps
change, new risks not present in the to undertake other mitigation. The Di-
previous condition, and risks neither rector of the Federal Register approves
newly created nor eliminated whose the incorporation by reference of the
nature (probability of occurrence or se- entire AREMA Communications and
verity) is nonetheless affected by the Signal Manual, Volume 4, Section 17—
change. Quality Principles (2005) in this section
722
in accordance with 5 U.S.C. 552(a) and 1 the PSP. The total risk assessment
CFR part 51. You may obtain a copy of must have a supporting sensitivity
the incorporated standard from Amer- analysis. The analysis must confirm
ican Railway Engineering and Mainte- that the risk metrics of the system are
nance of Way Association, 8201 Cor- not negatively affected by sensitivity
poration Drive, Suite 1125, Landover, analysis input parameters including,
MD 20785–2230. You may inspect a copy for example, component failure rates,
of the incorporated standard at the human factor error rates, and vari-
Federal Railroad Administration, ations in train traffic affecting expo-
Docket Clerk, 1200 New Jersey Avenue, sure. In this context, ‘‘negatively af-
SE., or at the National Archives and fected’’ means that the final residual
Records Administration (NARA). For
risk metric does not exceed that of the
information on the availability of this
base case or that which has been other-
material at NARA, call 202–741–6030, or
go to http://www.archives.gov/ wise established through MTTHE tar-
federallregister/ get. The sensitivity analysis must doc-
codeloflfederallregulations/ ument the sensitivity to worst case
ibrllocations.html; failure scenarios. Appendix B to this
(ii) The product is developed in ac- part provides criteria for acceptable
cordance with: risk assessment methods. Other meth-
(A) AREMA Manual Part 17.3.1 (Com- ods may be acceptable if demonstrated
munications and Signal Manual of Rec- to the satisfaction of the Associate Ad-
ommended Practices, Recommended ministrator for Safety to be equally
Safety Assurance Program for Elec- suitable.
tronic/Software Based Products Used in (2) For the previous condition and for
Vital Signal Applications); the life-cycle of the product, risk levels
(B) AREMA Manual Part 17.3.3 (Com- must be expressed in units of con-
munications and Signal Manual of Rec- sequences per unit of exposure.
ommended Practices, Recommended (i) In all cases exposure must be ex-
Practice for Hardware Analysis for pressed as total train miles traveled
Vital Electronic/Software-Based Equip- per year over the relevant railroad in-
ment Used in Signal and Train Control frastructure. Consequences must iden-
Applications);
tify the total cost, including fatalities,
(C) AREMA Manual Part 17.3.5 (Com-
injuries, property damage, and other
munications and Signal Manual of Rec-
incidental costs, such as potential con-
ommended Practices, Recommended
Practice for Hazard Identification and sequences of hazardous materials in-
Management of Vital Electronic/Soft- volvement, resulting from preventable
ware-Based Equipment Used in Signal accidents associated with the func-
and Train Control Applications); tion(s) performed by the system.
(D) Appendix C of this subpart; and (ii) In those cases where there is pas-
(iii) Analysis supporting the PSP senger traffic, a second risk metric
suggests no credible reason for believ- must be calculated, using passenger-
ing that the product will be less safe miles traveled per year as the expo-
than the previous condition. sure, and total societal costs of pas-
(e) How are safety and risk measured senger injuries and fatalities, resulting
for the full risk assessment? Risk assess- from preventable accidents associated
ment techniques, including both quali- with the function(s) performed by the
tative and quantitative methods, are system, as the consequences.
recognized as providing credible and (3) If the description of railroad oper-
useful results for purposes of this sec- ations for the product required by
tion if they apply the following prin- § 236.907(a)(2) involves changes to the
ciples: physical or operating conditions on the
(1) Safety levels must be measured railroad prior to or within the expected
using competent risk assessment meth-
life cycle of the product subject to re-
ods and must be expressed as the total
view under this subpart, the previous
residual risk in the system over its ex-
pected life-cycle after implementation condition shall be adjusted to reflect
of all mitigating measures described in the lower risk associated with systems
723
§ 236.911 49 CFR Ch. II (10–1–11 Edition)
needed to maintain safety and perform- sociate Administrator for Safety, that
ance at higher speeds or traffic vol- the current method of operation is ade-
umes. In particular, the previous condi- quate for a specified volume of traffic
tion must be adjusted for assumed im- in excess of 12 trains per day, but not
plementation of systems necessary to more than 20 trains per day, without
support higher train speeds as specified material delay in the movement of
in § 236.0, as well as other changes re- trains over the territory and without
quired to support projected increases in unreasonable expenditures to expedite
train operations. The following specific those movements when compared with
requirements apply: the expense of installing and maintain-
(i) If the current method of operation ing a traffic control system.
would not be adequate under § 236.0 for (4) In the case review of a PSP that
the proposed operations, then the ad- has been consolidated with a pro-
justed previous condition must include ceeding pursuant to part 235 of this
a system as required under § 236.0, ap- subchapter (see § 236.911(b)), the base
plied as follows: case shall be determined as follows:
(A) The minimum system where a (i) If FRA determines that dis-
passenger train is operated at a speed continuance or modification of the sys-
of 60 or more miles per hour, or a tem should be granted without regard
freight train is operated at a speed of to whether the product is installed on
50 or more miles per hour, shall be a the territory, then the base case shall
traffic control system; be the conditions that would obtain on
(B) The minimum system where a the territory following the discontinu-
train is operated at a speed of 80 or ance or modification. NOTE: This is an
more miles per hour, but not more instance in which the base case is pos-
than 110 miles per hour, shall be an ited as greater risk than the actual
automatic cab signal system with (unadjusted) previous condition be-
automatic train control; and cause the railroad would have obtained
(C) The minimum system where a relief from the requirement to main-
train is operated at a speed of more tain the existing signal or train control
than 110 miles per hour shall be a sys- system even if no new product had been
tem determined by the Associate Ad- proffered.
ministrator for Safety to provide an (ii) If FRA determines that dis-
equivalent level of safety to systems continuance or modification of the sys-
required or authorized by FRA for com- tem should be denied without regard to
parable operations. whether the product is installed on the
(ii) If the current method of oper- territory, then the base case shall re-
ation would be adequate under § 236.0 main the previous condition
for the proposed operations, but the (unadjusted).
current system is not at least as safe (iii) If, after consideration of the ap-
as a traffic control system, then the plication and review of the PSP, FRA
adjusted previous condition must in- determines that neither paragraph
clude a traffic control system in the (e)(4)(i) nor paragraph (e)(4)(ii) of this
event of any change that results in: section should apply, FRA will estab-
(A) An annual average daily train lish a base case that is consistent with
density of more than twelve trains per safety and in the public interest.
day; or
(B) An increase in the annual average [70 FR 11095, Mar. 7, 2005, as amended at 74
daily density of passenger trains of FR 25174, May 27, 2009; 75 FR 2699, Jan. 15,
more than four trains per day. 2010]
(iii) Paragraph (e)(3)(ii)(A) of this
section shall apply in all situations § 236.911 Exclusions.
where train volume will exceed more (a) Does this subpart apply to existing
than 20 trains per day but shall not systems? The requirements of this sub-
apply to situations where train volume part do not apply to products in service
will exceed 12 trains per day but not as of June 6, 2005. Railroads may con-
exceed 20 trains per day, if in its PSP tinue to implement and use these prod-
the railroad makes a showing sufficient ucts and components from these exist-
to establish, in the judgment of the As- ing products.
724
(b) How will transition cases be han- (b) Under what circumstances must a
dled? Products designed in accordance railroad submit a petition for approval for
with subparts A through G of this part a PSP or PSP amendment, and when may
which are not in service but are devel- a railroad submit an informational filing?
oped or are in the developmental stage Depending on the nature of the pro-
prior to March 7, 2005, may be excluded posed product or change, the railroad
upon notification to FRA by June 6, shall submit either an informational
2005, if placed in service by March 7, filing or a petition for approval. Sub-
2008. Railroads may continue to imple- mission of a petition for approval is re-
ment and use these products and com- quired for PSPs or PSP amendments
ponents from these existing products. concerning installation of new or next-
A railroad may at any time elect to generation train control systems. All
have products that are excluded made other actions that result in the cre-
subject to this subpart by submitting a ation of a PSP or PSP amendment re-
PSP as prescribed in § 236.913 and other- quire an informational filing and are
wise complying with this subpart. handled according to the procedures
(c) How are office systems handled? The outlined in paragraph (c) of this sec-
requirements of this subpart do not tion. Applications for discontinuance
apply to existing office systems and fu- and material modification of signal
ture deployments of existing office sys- and train control systems remain gov-
tem technology. However, a subsystem erned by parts 235 and 211 of this chap-
or component of an office system must ter; and petitions subject to this sec-
comply with the requirements of this tion may be consolidated with any rel-
subpart if it performs safety-critical evant application for administrative
functions within, or affects the safety handling.
performance of, a new or next-genera- (c) What are the procedures for infor-
tion train control system. For purposes mational filings? The following proce-
of this section, ‘‘office system’’ means dures apply to PSPs and PSP amend-
a centralized computer-aided train-dis- ments which do not require submission
patching system or centralized traffic of a petition for approval, but rather
control board. require an informational filing:
(d) How are modifications to excluded (1) Not less than 180 days prior to
products handled? Changes or modifica- planned use of the product in revenue
tions to products otherwise excluded service as described in the PSP or PSP
from the requirements of this subpart amendment, the railroad shall submit
by this section are not excluded from an informational filing to the Asso-
the requirements of this subpart if ciate Administrator for Safety, FRA,
they result in a degradation of safety 1200 New Jersey Avenue, SE., Mail Stop
or a material increase in safety-critical 25, Washington, DC 20590. The informa-
functionality. tional filing must provide a summary
(e) What other rules apply to excluded description of the PSP or PSP amend-
products? Products excluded by this ment, including the intended use of the
section from the requirements of this product, and specify the location where
subpart remain subject to subparts A the documentation as described in
through G of this part as applicable. § 236.917(a)(1) is maintained.
(2) Within 60 days of receipt of the in-
§ 236.913 Filing and approval of PSPs. formational filing, FRA:
(a) Under what circumstances must a (i) Acknowledges receipt of the filing;
PSP be prepared? A PSP must be pre- (ii) Acknowledges receipt of the in-
pared for each product covered by this formational filing and requests further
subpart. A joint PSP must be prepared information; or
when: (iii) Acknowledges receipt of the fil-
(1) The territory on which a product ing and notifies the railroad, for good
covered by this subpart is normally cause, that the filing will be considered
subject to joint operations, or is oper- as a petition for approval as set forth
ated upon by more than one railroad; in paragraph (d) of this section, and re-
and quests such further information as may
(2) The PSP involves a change in be required to initiate action on the pe-
method of operation. tition for approval. Examples of good
725
§ 236.913 49 CFR Ch. II (10–1–11 Edition)
cause, any one of which is sufficient, provides a letter of preliminary review

include: the PSP describes a product with detailed findings, including
with unique architectural concepts; the whether the design concepts of the pro-
PSP describes a product that uses de- posed product comply with the require-
sign or safety assurance concepts con- ments of this subpart, whether design
sidered outside existing accepted prac- modifications are necessary to meet
tices (see appendix C); and the PSP de- the requirements of this subpart, and
scribes a locomotive-borne product the extent and nature of the safety
that commingles safety-critical train analysis necessary to comply with this
control processing functions with loco- subpart.
motive operational functions. In addi- (v) Not less than 60 days prior to use
tion, good cause includes any instance of the product in revenue service, the
where the PSP or PSP amendment railroad shall file with the Associate
does not appear to support its safety Administrator for Safety a petition for
claim of satisfaction of the perform- final approval.
ance standard, after FRA has requested (vi) Within 30 days of receipt of the
further information as provided in petition for final approval, the Asso-
paragraph (c)(2)(ii) of this section. ciate Administrator for Safety either
(d) What procedures apply to petitions acknowledges receipt or acknowledges
for approval? The following procedures receipt and requests more information.
apply to PSPs and PSP amendments Whenever possible, FRA acts on the pe-
which require submission of a petition tition for final approval within 60 days
for approval: of its filing by either granting it or de-
(1) Petitions for approval involving nying it. If FRA neither grants nor de-
prior FRA consultation. (i) The railroad nies the petition for approval within 60
may file a Notice of Product Develop- days, FRA advises the petitioner of the
ment with the Associate Administrator projected time for decision and con-
for Safety not less than 30 days prior to ducts any further consultations or in-
the end of the system design review quiries necessary to decide the matter.
phase of product development and 180 (2) Other petitions for approval. The
days prior to planned implementation, following procedures apply to petitions
inviting FRA to participate in the de- for approval of PSPs which do not in-
sign review process and receive peri- volve prior FRA consultation as de-
odic briefings and updates as needed to scribed in paragraph (d)(1) of this sec-
follow the course of product develop- tion.
ment. At a minimum, the Notice of (i) Not less than 180 days prior to use
Product Development must contain a of a product in revenue service, the
summary description of the product to railroad shall file with the Associate
be developed and a brief description of Administrator for Safety a petition for
goals for improved safety. approval.
(ii) Within 15 days of receipt of the (ii) Within 60 days of receipt of the
Notice of Product Development, the petition for approval, FRA either ac-
Associate Administrator for Safety ei- knowledges receipt, or acknowledges
ther acknowledges receipt or acknowl- receipt and requests more information.
edges receipt and requests more infor- (iii) Whenever possible, considering
mation. the scope, complexity, and novelty of
(iii) If FRA concludes that the Notice the product or change, FRA acts on the
of Product Development contains suffi- petition for approval within 180 days of
cient information, the Associate Ad- its filing by either granting it or deny-
ministrator for Safety determines the ing it. If FRA neither grants nor denies
extent and nature of the assessment the petition for approval within 180
and review necessary for final product days, it remains pending, and FRA pro-
approval. FRA may convene a tech- vides the petitioner with a statement
nical consultation as necessary to dis- of reasons why the petition has not yet
cuss issues related to the design and been approved.
planned development of the product. (e) What role do product users play in
(iv) Within 60 days of receiving the the process of safety review? (1) FRA will
Notice of Product Development, the publish in the FEDERAL REGISTER peri-
Associate Administrator for Safety odically a topic list including docket
726
numbers for informational filings and a associated with previously established

petition summary including docket histories of safe operation;
numbers for petitions for approval. (iv) The degree of rigor and precision
(2) Interested parties may submit to associated with the safety analyses, in-
FRA information and views pertinent cluding the comprehensiveness of the
to FRA’s consideration of an informa- qualitative analyses, and the extent to
tional filing or petition for approval. which any quantitative results realisti-
FRA considers comments to the extent cally reflect appropriate sensitivity
practicable within the periods set forth cases;
in this section. In a proceeding consoli- (v) The extent to which validation of
dated with a proceeding under part 235 the product has included experiments
of this chapter, FRA considers all com- and tests to identify uncovered faults
ments received. in the operation of the product;
(f) Is it necessary to complete field test- (vi) The extent to which identified
ing prior to filing the petition for ap- faults are effectively addressed;
proval? A railroad may file a petition (vii) Whether the risk assessment for
for approval prior to completion of the previous condition was conducted
field testing of the product. The peti- using the same methodology as that
tion for approval should additionally for operation under the proposed condi-
include information sufficient for FRA tion; and
to arrange monitoring of the tests. The (viii) If an independent third-party
Associate Administrator for Safety assessment is required or is performed
may approve a petition for approval at the election of the supplier or rail-
contingent upon successful completion road, the extent to which the results of
of the test program contained in the the assessment are favorable.
PSP or hold the petition for approval (3) The Associate Administrator for
pending completion of the tests. Safety also considers when assessing
(g) How are PSPs approved? (1) The PSPs the safety requirements for the
Associate Administrator for Safety product within the context of the pro-
grants approval of a PSP when: posed method of operations, including:
(i) The petition for approval has been (i) The degree to which the product is
properly filed and contains the infor- relied upon as the primary safety sys-
mation required in § 236.907; tem for train operations; and
(ii) FRA has determined that the (ii) The degree to which the product
PSP complies with the railroad’s ap- is overlaid upon and its operation is
proved RSPP and applicable require- demonstrated to be independent of
ments of this subpart; and safety-relevant rules, practices and
(iii) The risk assessment supporting systems that will remain in place fol-
the PSP demonstrates that the pro- lowing the change under review.
posed product satisfies the minimum (4) As necessary to ensure compliance
performance standard stated in with this subpart and with the RSPP,
§ 236.909. FRA may attach special conditions to
(2) The Associate Administrator for the approval of the petition.
Safety considers the following applica- (5) Following the approval of a peti-
ble factors when evaluating the risk as- tion, FRA may reopen consideration of
sessment: the petition for cause. Cause for re-
(i) The extent to which recognized opening a petition includes such cir-
standards have been utilized in product cumstances as a credible allegation of
design and in the relevant safety anal- error or fraud, assumptions determined
ysis; to be invalid as a result of in-service
(ii) The availability of quantitative experience, or one or more unsafe
data, including calculations of statis- events calling into question the safety
tical confidence levels using accepted analysis underlying the approval.
methods, associated with risk esti- (h) Under what circumstances may a
mates; third-party assessment be required, and
(iii) The complexity of the product by whom may it be conducted? (1) The
and the extent to which it will incor- PSP must be supported by an inde-
porate or deviate from design practices pendent third party assessment of the
727
§ 236.915 49 CFR Ch. II (10–1–11 Edition)
product when FRA concludes it is nec- the approval of a PSP by the submis-
essary based upon consideration of the sion of an informational filing by a
following factors: railroad. The FRA will arrange to mon-
(i) Those factors listed in paragraphs itor the tests based on the information
(g)(2)(i) through (g)(2)(vii) of this sec- provided in the filing, which must in-
tion; clude:
(ii) The sufficiency of the assessment (i) A complete description of the
or audit previously conducted at the product;
election of a supplier or railroad; and (ii) An operational concepts docu-
(iii) Whether applicable requirements ment;
of subparts A through G of this part (iii) A complete description of the
are satisfied. specific test procedures, including the
(2) As used in this section, ‘‘inde- measures that will be taken to protect
pendent third party’’ means a tech- trains and on-track equipment;
nically competent entity responsible to (iv) An analysis of the applicability
and compensated by the railroad (or an of the requirements of subparts A
association on behalf of one or more through G of this part to the product
railroads) that is independent of the that will not apply during testing;
supplier of the product. An entity that (v) The date testing will begin;
is owned or controlled by the supplier, (vi) The location of the testing; and
that is under common ownership or (vii) A description of any effect the
control with the supplier, or that is testing will have on the current meth-
otherwise involved in the development od of operation.
of the product is not considered ‘‘inde-
(2) FRA may impose such additional
pendent’’ within the meaning of this
conditions on this testing as may be
section. FRA may maintain a roster of
necessary for the safety of train oper-
recognized technically competent enti-
ations. Exemptions from regulations
ties as a service to railroads selecting
other than those contained in this part
reviewers under this section; however,
must be requested through waiver pro-
a railroad is not limited to entities
cedures in part 211 of this chapter.
currently listed on any such roster.
(3) The third-party assessment must, [70 FR 11095, Mar. 7, 2005, as amended at 70
at a minimum, consist of the activities FR 72385, Dec. 5, 2005; 74 FR 25174, May 27,
and result in production of documenta- 2009]
tion meeting the requirements of Ap-
pendix D to this part. However, when § 236.915 Implementation and oper-
ation.
requiring an assessment pursuant to
this section, FRA specifies any require- (a) When may a product be placed or re-
ments in Appendix D to this part which tained in service? (1) Except as stated in
the agency has determined are not rel- paragraphs (a)(2) and (a)(3) of this sec-
evant to its concerns and, therefore, tion, a railroad may operate in revenue
need not be included in the assessment. service any product 180 days after fil-
The railroad shall make the final as- ing with FRA the informational filing
sessment report available to FRA upon for that product. The FRA filing date
request. can be found in FRA’s acknowledgment
(i) How may a PSP be amended? A rail- letter referred to in § 236.913(c)(2).
road may submit an amendment to a (2) Except as stated in paragraph
PSP at any time in the same manner (a)(3) of this section, if FRA approval is
as the initial PSP. Notwithstanding required for a product, the railroad
the otherwise applicable requirements shall not operate the product in rev-
found in this section and § 236.915, enue service until after the Associate
changes affecting the safety-critical Administrator for Safety has approved
functionality of a product may be made the petition for approval for that prod-
prior to the submission and approval of uct pursuant to § 236.913.
the PSP amendment as necessary in (3) If after product implementation
order to mitigate risk. FRA elects, for cause, to treat the in-
(j) How may field testing be conducted formational filing for the product as a
prior to PSP approval? (1) Field testing petition for approval, the product may
of a product may be conducted prior to remain in use if otherwise consistent
728
with the applicable law and regula- (3) Contractors of the railroad shall
tions. FRA may impose special condi- maintain at a designated office train-
tions for use of the product during the ing records pursuant to § 236.923(b).
period of review for cause. (b) What actions must the railroad take
(b) How does the PSP relate to oper- in the event of occurrence of a safety-rel-
ation of the product? Each railroad shall evant hazard? After the product is
comply with all provisions in the PSP placed in service, the railroad shall
for each product it uses and shall oper- maintain a database of all safety-rel-
ate within the scope of initial oper- evant hazards as set forth in the PSP
ational assumptions and predefined and those that had not been previously
changes identified by the PSP. Rail- identified in the PSP. If the frequency
roads may at any time submit an of the safety-relevant hazards exceeds
amended PSP according to the proce- the threshold set forth in the PSP (see
dures outlined in § 236.913. § 236.907(a)(6)), then the railroad shall:
(c) What precautions must be taken (1) Report the inconsistency in writ-
prior to interference with the normal ing (by mail, facsimile, e-mail, or hand
functioning of a product? The normal delivery to the Director, Office of Safe-
functioning of any safety-critical prod- ty Assurance and Compliance, FRA,
uct must not be interfered with in test- 1200 New Jersey Avenue, SE., Mail Stop
25, Washington, DC 20590, within 15
ing or otherwise without first taking
days of discovery. Documents that are
measures to provide for safe movement
hand delivered must not be enclosed in
of trains, locomotives, roadway work-
an envelope;
ers and on-track equipment that de-
(2) Take prompt countermeasures to
pend on normal functioning of such
reduce the frequency of the safety-rel-
product.
evant hazard(s) below the threshold set
(d) What actions must be taken imme- forth in the PSP; and
diately upon failure of a safety-critical
(3) Provide a final report to the FRA
component? When any safety-critical
Director, Office of Safety Assurance
product component fails to perform its
and Compliance, on the results of the
intended function, the cause must be analysis and countermeasures taken to
determined and the faulty component reduce the frequency of the safety-rel-
adjusted, repaired, or replaced without evant hazard(s) below the threshold set
undue delay. Until repair of such essen- forth in the PSP when the problem is
tial components are completed, a rail- resolved.
road shall take appropriate action as
specified in the PSP. See also [70 FR 11095, Mar. 7, 2005, as amended at 74
§§ 236.907(d), 236.917(b). FR 25174, May 27, 2009]
§ 236.917 Retention of records. § 236.919 Operations and Maintenance

Manual.
(a) What life-cycle and maintenance
(a) The railroad shall catalog and
records must be maintained? (1) The rail-
maintain all documents as specified in
road shall maintain at a designated of-
the PSP for the installation, mainte-
fice on the railroad:
nance, repair, modification, inspection,
(i) For the life-cycle of the product, and testing of the product and have
adequate documentation to dem- them in one Operations and Mainte-
onstrate that the PSP meets the safety nance Manual, readily available to per-
requirements of the railroad’s RSPP sons required to perform such tasks
and applicable standards in this sub- and for inspection by FRA and FRA-
part, including the risk assessment; certified State inspectors.
and (b) Plans required for proper mainte-
(ii) An Operations and Maintenance nance, repair, inspection, and testing
Manual, pursuant to § 236.919; and of safety-critical products must be ade-
(iii) Training records pursuant to quate in detail and must be made avail-
§ 236.923(b). able for inspection by FRA and FRA-
(2) Results of inspections and tests certified State inspectors where such
specified in the PSP must be recorded products are deployed or maintained.
as prescribed in § 236.110. They must identify all software
729
§ 236.921 49 CFR Ch. II (10–1–11 Edition)
versions, revisions, and revision dates. effectively complete their duties re-
Plans must be legible and correct. lated to processor-based signal and
(c) Hardware, software, and firmware train control equipment.
revisions must be documented in the
Operations and Maintenance Manual § 236.923 Task analysis and basic re-
according to the railroad’s configura- quirements.
tion management control plan and any (a) How must training be structured
additional configuration/revision con- and delivered? As part of the program
trol measures specified in the PSP. required by § 236.921, the employer
(d) Safety-critical components, in- shall, at a minimum:
cluding spare equipment, must be posi- (1) Identify the specific goals of the
tively identified, handled, replaced, training program with regard to the
and repaired in accordance with the target population (craft, experience
procedures specified in the PSP. level, scope of work, etc.), task(s), and
desired success rate;
§ 236.921 Training and qualification (2) Based on a formal task analysis,
program, general. identify the installation, maintenance,
(a) When is training necessary and who repair, modification, inspection, test-
must be trained? Employers shall estab- ing, and operating tasks that must be
lish and implement training and quali- performed on a railroad’s products.
fication programs for products subject This includes the development of fail-
to this subpart. These programs must ure scenarios and the actions expected
meet the minimum requirements set under such scenarios;
forth in the PSP and in §§ 236.923 (3) Develop written procedures for
through 236.929 as appropriate, for the the performance of the tasks identi-
following personnel: fied;
(1) Persons whose duties include in- (4) Identify the additional knowledge,
stalling, maintaining, repairing, modi- skills, and abilities above those re-
fying, inspecting, and testing safety- quired for basic job performance nec-
critical elements of the railroad’s prod- essary to perform each task;
ucts, including central office, wayside, (5) Develop a training curriculum
or onboard subsystems; that includes classroom, simulator,
(2) Persons who dispatch train oper- computer-based, hands-on, or other for-
ations (issue or communicate any man- mally structured training designed to
datory directive that is executed or en- impart the knowledge, skills, and abili-
forced, or is intended to be executed or ties identified as necessary to perform
enforced, by a train control system each task;
subject to this subpart); (6) Prior to assignment of related
(3) Persons who operate trains or tasks, require all persons mentioned in
serve as a train or engine crew member § 236.921(a) to successfully complete a
subject to instruction and testing training curriculum and pass an exam-
under part 217 of this chapter, on a ination that covers the product and ap-
train operating in territory where a propriate rules and tasks for which
train control system subject to this they are responsible (however, such
subpart is in use; persons may perform such tasks under
(4) Roadway workers whose duties re- the direct onsite supervision of a quali-
quire them to know and understand fied person prior to completing such
how a train control system affects training and passing the examination);
their safety and how to avoid inter- (7) Require periodic refresher train-
fering with its proper functioning; and ing at intervals specified in the PSP
(5) The direct supervisors of persons that includes classroom, simulator,
listed in paragraphs (a)(1) through computer-based, hands-on, or other for-
(a)(4) of this section. mally structured training and testing,
(b) What competencies are required? except with respect to basic skills for
The employer’s program must provide which proficiency is known to remain
training for persons who perform the high as a result of frequent repetition
functions described in paragraph (a) of of the task; and
this section to ensure that they have (8) Conduct regular and periodic eval-
the necessary knowledge and skills to uations of the effectiveness of the
730
training program specified in (1) Familiarization with train control

§ 236.923(a)(1) verifying the adequacy of equipment onboard the locomotive and
the training material and its validity the functioning of that equipment as
with respect to current railroads prod- part of the system and in relation to
ucts and operations. other onboard systems under that per-
(b) What training records are required? son’s control;
Employers shall retain records which (2) Any actions required of the on-
designate persons who are qualified board personnel to enable, or enter
under this section until new designa- data to, the system, such as consist
tions are recorded or for at least one data, and the role of that function in
year after such persons leave applica- the safe operation of the train;
ble service. These records shall be kept (3) Sequencing of interventions by
in a designated location and be avail- the system, including pre-enforcement
able for inspection and replication by notification, enforcement notification,
FRA and FRA-certified State inspec- penalty application initiation and
tors. post-penalty application procedures;
(4) Railroad operating rules applica-
§ 236.925 Training specific to control ble to the train control system, includ-
office personnel. ing provisions for movement and pro-
Any person responsible for issuing or tection of any unequipped trains, or
communicating mandatory directives trains with failed or cut-out train con-
in territory where products are or will trol onboard systems and other on-
be in use must be trained in the fol- track equipment;
lowing areas, as applicable: (5) Means to detect deviations from
(a) Instructions concerning the inter- proper functioning of onboard train
face between the computer-aided dis- control equipment and instructions re-
patching system and the train control garding the actions to be taken with
system, with respect to the safe move- respect to control of the train and noti-
ment of trains and other on-track fication of designated railroad per-
equipment; sonnel; and
(b) Railroad operating rules applica- (6) Information needed to prevent un-
ble to the train control system, includ- intentional interference with the prop-
ing provision for movement and protec- er functioning of onboard train control
tion of roadway workers, unequipped equipment.
trains, trains with failed or cut-out (b) How must locomotive engineer train-
train control onboard systems, and ing be conducted? Training required
other on-track equipment; and under this subpart for a locomotive en-
(c) Instructions concerning control of gineer, together with required records,
trains and other on-track equipment in must be integrated into the program of
case the train control system fails, in- training required by part 240 of this
cluding periodic practical exercises or chapter.
simulations, and operational testing (c) What requirements apply to full
under part 217 of this chapter to ensure automatic operation? The following spe-
the continued capability of the per- cial requirements apply in the event a
sonnel to provide for safe operations train control system is used to effect
under the alternative method of oper- full automatic operation of the train:
ation. (1) The PSP must identify all safety
hazards to be mitigated by the loco-
§ 236.927 Training specific to locomotive engineer.
motive engineers and other oper- (2) The PSP must address and de-
ating personnel. scribe the training required with provi-
(a) What elements apply to operating sions for the maintenance of skills pro-
personnel? Training provided under this ficiency. As a minimum, the training
subpart for any locomotive engineer or program must:
other person who participates in the (i) As described in § 236.923(a)(2), de-
operation of a train in train control velop failure scenarios which incor-
territory must be defined in the PSP porate the safety hazards identified in
and the following elements must be ad- the PSP, including the return of train
dressed: operations to a fully manual mode;
731
§ 236.929 49 CFR Ch. II (10–1–11 Edition)
(ii) Provide training, consistent with vision of alternative methods of on-

§ 236.923(a), for safe train operations track safety in case the train control
under all failure scenarios and identi- system fails, including periodic prac-
fied safety hazards that affect train op- tical exercises or simulations and oper-
erations; ational testing under part 217 of this
(iii) Provide training, consistent with chapter to ensure the continued capa-
§ 236.923(a), for safe train operations bility of roadway workers to be free
under manual control; and from the danger of being struck by a
(iv) Consistent with § 236.923(a), en- moving train or other on-track equip-
sure maintenance of manual train opment.
erating skills by requiring manual
starting and stopping of the train for Subpart I—Positive Train Control
an appropriate number of trips and by Systems
one or more of the following methods:
(A) Manual operation of a train for a SOURCE: 75 FR 2699, Jan. 15, 2010, unless
4-hour work period; otherwise noted.
(B) Simulated manual operation of a
train for a minimum of 4 hours in a § 236.1001 Purpose and scope.
Type I simulator as required; or (a) This subpart prescribes minimum,
(C) Other means as determined fol- performance-based safety standards for
lowing consultation between the rail- PTC systems required by 49 U.S.C.
road and designated representatives of 20157, this subpart, or an FRA order, in-
the affected employees and approved cluding requirements to ensure that
by the FRA. The PSP must designate the development, functionality, archi-
the appropriate frequency when man- tecture, installation, implementation,
ual operation, starting, and stopping inspection, testing, operation, mainte-
must be conducted, and the appropriate nance, repair, and modification of
frequency of simulated manual oper- those PTC systems will achieve and
ation. maintain an acceptable level of safety.
This subpart also prescribes standards
§ 236.929 Training specific to roadway to ensure that personnel working with,
workers.
and affected by, safety-critical PTC
(a) How is training for roadway workers system related products receive appro-
to be coordinated with part 214? Training priate training and testing.
required under this subpart for a road- (b) Each railroad may prescribe addi-
way worker must be integrated into tional or more stringent rules, and
the program of instruction required other special instructions, that are not
under part 214, subpart C of this chap- inconsistent with this subpart.
ter (‘‘Roadway Worker Protection’’), (c) This subpart does not exempt a
consistent with task analysis require- railroad from compliance with any re-
ments of § 236.923. This training must quirement of subparts A through H of
provide instruction for roadway work- this part or parts 233, 234, and 235 of
ers who provide protection for them- this chapter, unless:
selves or roadway work groups. (1) It is otherwise explicitly excepted
(b) What subject areas must roadway by this subpart; or
worker training include? (1) Instruction (2) The applicable PTCSP, as defined
for roadway workers must ensure an under § 236.1003 and approved by FRA
understanding of the role of processor- under § 236.1015, provides for such an ex-
based signal and train control equip- ception per § 236.1013.
ment in establishing protection for
roadway workers and their equipment. § 236.1003 Definitions.
(2) Instruction for roadway workers (a) Definitions contained in subparts
must ensure recognition of processor- G and H of this part apply equally to
based signal and train control equip- this subpart.
ment on the wayside and an under- (b) The following definitions apply to
standing of how to avoid interference terms used only in this subpart unless
with its proper functioning. otherwise stated:
(3) Instructions concerning the rec- After-arrival mandatory directive
ognition of system failures and the pro- means an authority to occupy a track
732
which is issued to a train that is not ef- Main line track exclusion addendum
fective and not to be acted upon until (‘‘MTEA’’) means the document sub-
after the arrival and passing of a train, mitted under §§ 236.1011 and 236.1019 re-
or trains, specifically identified in the questing to designate track as other
authority. than main line.
Associate Administrator means the Medium speed means, Speed, medium,
FRA Associate Administrator for Rail- as defined in subpart G of this part.
road Safety/Chief Safety Officer. NPI means a Notice of Product Intent
Class I railroad means a railroad (‘‘NPI’’) as further described in
which in the last year for which reve- § 236.1013.
nues were reported exceeded the PTC means positive train control as
threshold established under regulations further described in § 236.1005.
of the Surface Transportation Board PTCDP means a PTC Development
(49 CFR part 1201.1–1 (2008)). Plan as further described in § 236.1013.
Cleartext means the un-encrypted PTCIP means a PTC Implementation
text in its original, human readable, Plan as required under 49 U.S.C. 20157
form. It is the input of an encryption and further described in § 236.1011.
or encipher process, and the output of PTCPVL means a PTC Product Ven-
an decryption or decipher process. dor List as further described in
Controlling locomotive means Loco- § 236.1023.
motive, controlling, as defined in § 232.5 PTCSP means a PTC Safety Plan as
of this chapter. further described in § 236.1015.
Host railroad means a railroad that PTC railroad means each Class I rail-
has effective operating control over a road and each entity providing regu-
segment of track. larly scheduled intercity or commuter
Interoperability means the ability of a rail passenger transportation required
controlling locomotive to commu- to implement or operate a PTC system.
nicate with and respond to the PTC PTC System Certification means cer-
railroad’s positive train control sys- tification as required under 49 U.S.C.
tem, including uninterrupted move- 20157 and further described in §§ 236.1009
ments over property boundaries. and 236.1015.
Limited operations means operations Request for Amendment (‘‘RFA’’)
on main line track that have limited or means a request for an amendment of a
no freight operations and are approved plan or system made by a PTC railroad
to be excluded from this subpart’s PTC in accordance with § 236.1021.
system implementation and operation Request for Expedited Certification
requirements in accordance with (‘‘REC’’) means, as further described in
§ 236.1019(c); § 236.1031, a request by a railroad to re-
Main line means, except as provided ceive expedited consideration for PTC
in § 236.1019 or where all trains are lim- System Certification.
ited to restricted speed within a yard Restricted speed means, Speed, re-
or terminal area or on auxiliary or in- stricted, as defined in subpart G of this
dustry tracks, a segment or route of part.
railroad tracks: Safe State means a system state that,
(1) Of a Class I railroad, as docu- when the system fails, cannot cause
mented in current timetables filed by death, injury, occupational illness, or
the Class I railroad with the FRA damage to or loss of equipment or
under § 217.7 of this title, over which property, or damage to the environ-
5,000,000 or more gross tons of railroad ment.
traffic is transported annually; or Segment of track means any part of
(2) Used for regularly scheduled the railroad where a train operates.
intercity or commuter rail passenger Temporal separation means that pas-
service, as defined in 49 U.S.C. 24102, or senger and freight operations do not
both. Tourist, scenic, historic, or ex- operate on any segment of shared track
cursion operations as defined in part during the same period and as further
238 of this chapter are not considered defined under § 236.1019 and the process
intercity or commuter passenger serv- or processes in place to assure that re-
ice for purposes of this part. sult.
733
§ 236.1005 49 CFR Ch. II (10–1–11 Edition)
Tenant railroad means a railroad, § 236.1005 Requirements for Positive

other than a host railroad, operating Train Control systems.
on track upon which a PTC system is (a) PTC system requirements. Each
required. PTC system required to be installed
Track segment means segment of under this subpart shall:
track. (1) Reliably and functionally prevent:
Type Approval means a number as- (i) Train-to-train collisions—includ-
signed to a particular PTC system indi- ing collisions between trains operating
cating FRA agreement that the PTC over rail-to-rail at-grade crossings in
system could fulfill the requirements accordance with the following risk-
of this subpart. based table or alternative arrange-
Train means one or more loco- ments providing an equivalent level of
motives, coupled with or without cars. safety as specified in an FRA approved
PTCSP:
Crossing type Max speed * Protection required
(A) Interlocking—one or more ≤ 40 miles per hour ................. Interlocking signal arrangement in accordance with the re-
PTC routes intersecting with quirements of subparts A–G of this part and PTC enforced
one or more non-PTC routes. stop on PTC routes.
(B) Interlocking—one or more > 40 miles per hour ................. Interlocking signal arrangement in accordance with the re-
PTC routes intersecting with quirements of subparts A–G of this part, PTC enforced
one or more non-PTC routes. stop on all PTC routes, and either the use of other than full
PTC technology that provides positive stop enforcement or
a split-point derail incorporated into the signal system ac-
companied by 20 miles per hour maximum allowable speed
on the approach of any intersecting non-PTC route.
(C) Interlocking—all PTC Any speed ............................... Interlocking signal arrangements in accordance with the re-
routes intersecting. quirements of subparts A–G of this part, and PTC enforced
stop on all routes.
(ii) Overspeed derailments, including (4) Provide an appropriate warning or

derailments related to railroad civil enforcement when:
engineering speed restrictions, slow or- (i) A derail or switch protecting ac-
ders, and excessive speeds over switch- cess to the main line required by
es and through turnouts; § 236.1007, or otherwise provided for in
(iii) Incursions into established work the applicable PTCSP, is not in its de-
zone limits without first receiving ap- railing or protecting position, respec-
propriate authority and verification tively;
from the dispatcher or roadway worker (ii) A mandatory directive is issued
in charge, as applicable and in accord- associated with a highway-rail grade
ance with part 214 of this chapter; and crossing warning system malfunction
(iv) The movement of a train through as required by §§ 234.105, 234.106, or
234.107;
a main line switch in the improper po-
(iii) An after-arrival mandatory di-
sition as further described in paragraph
rective has been issued and the train or
(e) of this section.
trains to be waited on has not yet
(2) Include safety-critical integration passed the location of the receiving
of all authorities and indications of a train;
wayside or cab signal system, or other (iv) Any movable bridge within the
similar appliance, method, device, or route ahead is not in a position to
system of equivalent safety, in a man- allow permissive indication for a train
ner by which the PTC system shall pro- movement pursuant to § 236.312; and
vide associated warning and enforce- (v) A hazard detector integrated into
ment to the extent, and except as, de- the PTC system that is required by
scribed and justified in the FRA ap- paragraph (c) of this section, or other-
proved PTCDP or PTCSP, as applica- wise provided for in the applicable
ble; PTCSP, detects an unsafe condition or
(3) As applicable, perform the addi- transmits an alarm; and
tional functions specified in this sub- (5) Limit the speed of passenger and
part; freight trains to 59 miles per hour and
734
49 miles per hour, respectively, in areas (3) Addition of track segments. To the
without broken rail detection or equiv- extent increases in freight rail traffic
alent safeguards. occur subsequent to calendar year 2008
(b) PTC system installation. (1) Lines that might affect the requirement to
required to be equipped. Except as other- install a PTC system on any line not
wise provided in this subpart, each yet equipped, the railroad shall seek to
Class I railroad and each railroad pro- amend its PTCIP by promptly filing an
viding or hosting intercity or com- RFA in accordance with § 236.1021. The
muter passenger service shall progres- following criteria apply:
sively equip its lines as provided in its (i) If rail traffic exceeds 5 million
approved PTCIP such that, on and gross tons in any year after 2008, the
after December 31, 2015, a PTC system tonnage shall be calculated for the pre-
certified under § 236.1015 is installed ceding two calendar years and if the
and operated by the host railroad on total tonnage for those two calendar
each: years exceeds 10 million gross tons, a
(i) Main line over which is trans- PTCIP or its amendment is required.
ported any quantity of material poi- (ii) If PIH traffic is carried on a track
sonous by inhalation (PIH), including segment as a result of a request for rail
anhydrous ammonia, as defined in service or rerouting warranted under
§§ 171.8, 173.115 and 173.132 of this title; part 172 of this title, and if the line car-
(ii) Main line used for regularly pro- ries in excess of 5 million gross tons of
vided intercity or commuter passenger rail traffic as determined under this
service, except as provided in § 236.1019; paragraph, a PTCIP or its amendment
and is required. This does not apply when
(iii) Additional line of railroad as re- temporary rerouting is authorized in
quired by the applicable FRA approved accordance with paragraph (g) of this
PTCIP, this subpart, or an FRA order section.
requiring installation of a PTC system (iii) Once a railroad is notified by
by that date. FRA that its RFA filed in accordance
(2) Initial baseline identification of with this paragraph has been approved,
lines. For the purposes of paragraph the railroad shall equip the line with
(b)(1)(i) of this section, the baseline in- the applicable PTC system by Decem-
formation necessary to determine ber 31, 2015, or within 24 months,
whether a Class I railroad’s track seg- whichever is later.
ment shall be equipped with a PTC sys- (4) Exclusion or removal of track seg-
tem shall be determined and reported ments from PTC baseline—(i) Routing
as follows: changes. In a PTCIP or an RFA, a rail-
(i) The traffic density threshold of 5 road may request review of the require-
million gross tons shall be based upon ment to install PTC on a track seg-
calendar year 2008 gross tonnage, ex- ment where a PTC system is otherwise
cept to the extent that traffic may fall required by this section, but has not
below 5 million gross tons for two con- yet been installed, based upon changes
secutive calendar years and a PTCIP or in rail traffic such as reductions in
an RFA reflecting this change is filed total traffic volume or cessation of
and approved under paragraph (b)(4) of passenger or PIH service. Any such re-
this section and, if applicable, quest shall be accompanied by esti-
§ 236.1021. mated traffic projections for the next 5
(ii) The presence or absence of any years (e.g., as a result of planned re-
quantity of PIH hazardous materials routing, coordinations, or location of
shall be determined by whether one or new business on the line). Where the
more cars containing such product(s) request involves prior or planned re-
was transported over the track seg- routing of PIH traffic, the railroad
ment in calendar year 2008 or prior to must provide a supporting analysis
the filing of the PTCIP, except to the that takes into consideration the re-
extent that the PTCIP or RFA justi- quirements of subpart I, part 172 of this
fies, under paragraph (b)(4) of this sec- title, assuming the subject route and
tion, removal of the subject track seg- each practicable alternative route to
ment from the PTCIP listing of lines to be PTC-equipped, and including any
be equipped. interline routing impacts.
735
§ 236.1005 49 CFR Ch. II (10–1–11 Edition)
(A) FRA will approve the exclusion (4) On which any train transporting a
if, based upon data in the docket of the car containing PIH materials (includ-
proceeding, FRA finds that it would be ing a residue car) is operated under
consistent with safety as further pro- conditions of temporal separation from
vided in this paragraph. other trains using the line segment as
(1) In the case of a requested exclu- documented by a temporal separation
sion based on cessation of passenger plan accompanying the request. As
service or a decline in gross tonnage used in this paragraph, ‘‘temporal sepa-
below 5 million gross tons as computed ration’’ has the same meaning given by
over a 2-year period, the removal will § 236.1019(e), except that the separation
be approved absent special cir- addressed is the separation of a train
cumstances as set forth in writing carrying any number of cars con-
(e.g., because of anticipated traffic taining PIH materials from other
growth in the near future). freight trains.
(2) In the case of current or planned (C) FRA will also consider, and may
cessation of PIH materials traffic over approve, requests for relief under this
a track segment, FRA will approve an paragraph for additional line segments
exclusion of a line from the PTCIP if where each such segment carries less
the railroad satisfies the requirements than 15 million gross tons annually and
of § 236.1020. where it is established to the satisfac-
(B) [Reserved] tion of the Associate Administrator
(ii) Lines with de minimis PIH risk. (A) that risk mitigations will be applied
In a PTCIP or RFA, a railroad may re- that will ensure that risk of a release
quest review of the requirement to in- of PIH materials is negligible.
stall PTC on a low density track seg- (D) Failure to submit sufficient in-
ment where a PTC system is otherwise formation will result in the denial of
required by this section, but has not any request under this paragraph
yet been installed, based upon the pres- (b)(4)(ii). If the request is granted, on
ence of a minimal quantity of PIH haz- and after the date the line would have
ardous materials (less than 100 cars per otherwise been required to be equipped
year, loaded and residue). Any such re- under the schedule contained in the
quest shall be accompanied by esti- PTCIP and approved by FRA, oper-
mated traffic projections for the next 5 ations on the line shall be conducted in
years (e.g., as a result of planned re- accordance with any conditions at-
routing, coordinations, or location of tached to the grant, including imple-
new business on the line). Where the mentation of proposed mitigations as
request involves prior or planned re- applicable.
routing of PIH traffic, the railroad (5) Line sales. FRA does not approve
must provide the information and anal- removal of a line from the PTCIP ex-
ysis identified in paragraph (b)(4)(i) of clusively based upon a representation
this section. The submission shall also that a track segment will be abandoned
include a full description of potential or sold to another railroad. In the
safety hazards on the segment of track event a track segment is approved for
and fully describe train operations over abandonment or transfer by the Sur-
the line. This provision is not applica- face Transportation Board, FRA will
ble to lines segments used by intercity review at the request of the transfer-
or commuter passenger service. ring and acquiring railroads whether
(B) Absent special circumstances re- the requirement to install PTC on the
lated to specific hazards presented by line should be removed given all of the
operations on the line segment, FRA circumstances, including expected traf-
will approve a request for relief under fic and hazardous materials levels, res-
this paragraph for a rail line segment: ervation of trackage or haulage rights
(1) Consisting exclusively of Class 1 by the transferring railroad, routing
or 2 track as described in part 213 of analysis under part 172 of this chapter,
this title; commercial and real property arrange-
(2) That carries less than 15 million ments affecting the transferring and
gross tons annually; acquiring railroads post-transfer, and
(3) Has a ruling grade of less than 1 such other factors as may be relevant
percent; and to continue safe operations on the line.
736
If FRA denies the request, the acquir- enforcements, and the state of the PTC
ing railroad shall install the PTC sys- system (e.g., cut in, cut out, active, or
tem on the schedule provided in the failed); and
transferring railroad’s PTCIP, without (iii) Include examples of how the cap-
regard to whether it is a Class I rail- tured data will be displayed during
road. playback along with the format, con-
(6) New rail passenger service. No new tent, and data retention duration re-
intercity or commuter rail passenger quirements specified in the PTCSP
service shall commence after December submitted and approved pursuant to
31, 2015, until a PTC system certified this paragraph. If such train control
under this subpart has been installed data can be calibrated against other
and made operative. data required by this part, it may, at
(c) Hazard detectors. (1) All hazard de- the election of the railroad, be retained
tectors integrated into a signal or in a separate memory module.
train control system on or after Octo- (2) Each lead locomotive, as defined
ber 16, 2008, shall be integrated into in part 229, manufactured and in serv-
PTC systems required by this subpart; ice after October 1, 2009, that is
and their warnings shall be appro- equipped and operating with a PTC sys-
priately and timely enforced as de- tem required by this subpart, shall be
scribed in the applicable PTCSP. equipped with an event recorder mem-
(2) The applicable PTCSP must pro- ory module meeting the crash hard-
vide for receipt and presentation to the ening requirements of § 229.135 of this
locomotive engineer and other train chapter.
crew members of warnings from any
(3) Nothing in this subpart excepts
additional hazard detectors using the
compliance with any of the event re-
PTC data network, onboard displays,
corder requirements contained in
and audible alerts. If the PTCSP so
§ 229.135 of this chapter.
provides, the action to be taken by the
system and by the crew members shall (e) Switch position. The following re-
be specified. quirements apply with respect to deter-
(3) The PTCDP (as applicable) and mining proper switch position under
PTCSP for any new service described in this section. When a main line switch
§ 236.1007 to be conducted above 90 miles position is unknown or improperly
per hour shall include a hazard anal- aligned for a train’s route in advance of
ysis describing the hazards relevant to the train’s movement, the PTC system
the specific route(s) in question (e.g., will provide warning of the condition
potential for track obstruction due to associated with the following enforce-
events such as falling rock or under- ment:
mining of the track structure due to (1) A PTC system shall enforce re-
high water or displacement of a bridge stricted speed over any switch:
over navigable waters), the basis for (i) Where train movements are made
decisions concerning hazard detectors with the benefit of the indications of a
provided, and the manner in which wayside or cab signal system or other
such additional hazard detectors will similar appliance, method, device, or
be interfaced with the PTC system. system of equivalent safety proposed to
(d) Event recorders. (1) Each lead loco- FRA and approved by the Associate
motive, as defined in part 229, of a Administrator in accordance with this
train equipped and operating with a part; and
PTC system required by this subpart (ii) Where wayside or cab signal sys-
must be equipped with an operative tem or other similar appliance, meth-
event recorder, which shall: od, device, or system of equivalent
(i) Record safety-critical train con- safety, requires the train to be oper-
trol data routed to the locomotive en- ated at restricted speed.
gineer’s display that the engineer is re- (2) A PTC system shall enforce a
quired to comply with; positive stop short of any main line
(ii) Specifically include text mes- switch, and any switch on a siding
sages conveying mandatory directives, where the allowable speed is in excess
maximum authorized speeds, PTC sys- of 20 miles per hour, if movement of
tem brake warnings, PTC system brake the train over the switch:
737
§ 236.1005 49 CFR Ch. II (10–1–11 Edition)
(i) Is made without the benefit of the stricted speed rule (15 or 20 miles per
indications of a wayside or cab signal hour). This application applies to:
system or other similar appliance, (1) Operating conditions under which
method, device, or system of equiva- trains are required by signal indication
lent safety proposed to FRA and ap- or operating rule to:
proved by the Associate Administrator (i) Stop before continuing; or
in accordance with this part; or (ii) Reduce speed to restricted speed
(ii) Would create an unacceptable and continue at restricted speed until
risk. Unacceptable risk includes condi- encountering a more favorable indica-
tions when traversing the switch, even tion or as provided by operating rule.
at low speeds, could result in direct (2) Operation of trains within the
conflict with the movement of another limits of a joint mandatory directive.
train (including a hand-operated cross- (g) Temporary rerouting. A train
over between main tracks, a hand-oper- equipped with a PTC system as re-
ated crossover between a main track quired by this subpart may be tempo-
and an adjoining siding or auxiliary rarily rerouted onto a track not
track, or a hand-operated switch pro- equipped with a PTC system and a
viding access to another subdivision or train not equipped with a PTC system
branch line, etc.). may be temporarily rerouted onto a
(3) A PTC system required by this track equipped with a PTC system as
subpart shall be designed, installed, required by this subpart in the fol-
and maintained to perform the switch lowing circumstances:
position detection and enforcement de- (1) Emergencies. In the event of an
scribed in paragraphs (e)(1) and (e)(2) of emergency—including conditions such
this section, except as provided for and as derailment, flood, fire, tornado, hur-
justified in the applicable, FRA ap- ricane, earthquake, or other similar
proved PTCDP or PTCSP. circumstance outside of the railroad’s
(4) The control circuit or electronic control—that would prevent usage of
equivalent for all movement authori- the regularly used track if:
ties over any switches, movable-point (i) The rerouting is applicable only
frogs, or derails shall be selected until the emergency condition ceases
through circuit controller or function- to exist and for no more than 14 con-
ally equivalent device operated di- secutive calendar days, unless other-
rectly by the switch points, derail, or wise extended by approval of the Asso-
by switch locking mechanism, or ciate Administrator;
through relay or electronic device con- (ii) The railroad provides written or
trolled by such circuit controller or telephonic notification to the applica-
functionally equivalent device, for ble Regional Administrator of the in-
each switch, movable-point frog, or de- formation listed in paragraph (i) of this
rail in the route governed. Circuits or section within one business day of the
electronic equivalent shall be arranged beginning of the rerouting made in ac-
so that any movement authorities less cordance with this paragraph; and
restrictive than those prescribed in (iii) The conditions contained in
paragraphs (e)(1) and (e)(2) of this sec- paragraph (j) of this section are fol-
tion can only be provided when each lowed.
switch, movable-point frog, or derail in (2) Planned maintenance. In the event
the route governed is in proper posi- of planned maintenance that would
tion, and shall be in accordance with prevent usage of the regularly used
subparts A through G of this part, un- track if:
less it is otherwise provided in a (i) The maintenance period does not
PTCSP approved under this subpart. exceed 30 days;
(f) Train-to-train collision. A PTC sys- (ii) A request is filed with the appli-
tem shall be considered to be config- cable Regional Administrator in ac-
ured to prevent train-to-train colli- cordance with paragraph (i) of this sec-
sions within the meaning of paragraph tion no less than 10 business days prior
(a) of this section if trains are required to the planned rerouting; and
to be operated at restricted speed and (iii) The conditions contained in
if the onboard PTC equipment enforces paragraph (j) of this section are fol-
the upper limits of the railroad’s re- lowed.
738
(h) Rerouting requests. (1) For the pur- plicable to the line on which the train
poses of paragraph (g)(2) of this sec- is rerouted.
tion, the rerouting request shall be (k) Rerouting cessation. The applicable
self-executing unless the applicable Re- Regional Administrator may order a
gional Administrator responds with a railroad to cease any rerouting pro-
notice disapproving of the rerouting or vided under paragraph (g) or (h) of this
providing instructions to allow rerout- section.
ing. Such instructions may include
providing additional information to [75 FR 2699, Jan. 15, 2010, as amended at 75
FR 59117, Sept. 27, 2010]
the Regional Administrator or Asso-
ciate Administrator prior to the com- § 236.1006 Equipping locomotives oper-
mencement of rerouting. Once the Re- ating in PTC territory.
gional Administrator responds with a
notice under this paragraph, no rerout- (a) Except as provided in paragraph
ing may occur until the Regional Ad- (b) of this section, each train operating
ministrator or Associate Adminis- on any track segment equipped with a
trator provides his or her approval. PTC system shall be controlled by a lo-
(2) In the event the temporary re- comotive equipped with an onboard
routing described in paragraph (g)(2) of PTC apparatus that is fully operative
this section is to exceed 30 consecutive and functioning in accordance with the
calendar days: applicable PTCSP approved under this
(i) The railroad shall provide a re- subpart.
quest in accordance with paragraphs (i) (b) Exceptions. (1) Prior to December
and (j) of this section with the Asso- 31, 2015, each railroad required to in-
ciate Administrator no less than 10 stall PTC shall include in its PTCIP
business days prior to the planned re- specific goals for progressive imple-
routing; and mentation of onboard systems and de-
(ii) The rerouting shall not com- ployment of PTC-equipped locomotives
mence until receipt of approval from such that the safety benefits of PTC
the Associate Administrator. are achieved through incremental
(i) Content of rerouting request. Each growth in the percentage of controlling
notice or request referenced in para- locomotives operating on PTC lines
graph (g) and (h) of this section must that are equipped with operative PTC
indicate: onboard equipment. The PTCIP shall
(1) The dates that such temporary re- include a brief but sufficient expla-
routing will occur; nation of how those goals will be
(2) The number and types of trains achieved, including assignment of re-
that will be rerouted; sponsibilities within the organization.
(3) The location of the affected The goals shall be expressed as the per-
tracks; and centage of trains operating on PTC-
(4) A description of the necessity for equipped lines that are equipped with
the temporary rerouting. operative onboard PTC apparatus re-
(j) Rerouting conditions. Rerouting of sponsive to the wayside, expressed as
operations under paragraph (g) of this an annualized (calendar year) percent-
section may occur under the following age for the railroad as a whole.
conditions: (2) Each railroad shall adhere to its
(1) Where a train not equipped with a PTCIP and shall report, on April 16, of
PTC system is rerouted onto a track 2011, 2012, 2013, and 2014, its progress to-
equipped with a PTC system, or a train ward achieving the goals set under
not equipped with a PTC system that is paragraph (b)(1) of this section. In the
compatible and functionally responsive event any annual goal is not achieved,
to the PTC system utilized on the line the railroad shall further report the ac-
to which the train is being rerouted, tions it is taking to ensure achieve-
the train shall be operated in accord- ment of subsequent annual goals.
ance with § 236.1029; or (3) On and after December 31, 2015, a
(2) Where any train is rerouted onto train controlled by a locomotive with
a track not equipped with a PTC sys- an onboard PTC apparatus that has
tem, the train shall be operated in ac- failed en route is permitted to operate
cordance with the operating rules ap- in accordance with § 236.1029.
739
§ 236.1007 49 CFR Ch. II (10–1–11 Edition)
(4) A train operated by a Class II or technology that includes all of the

Class III railroad, including a tourist safety-critical functional attributes of
or excursion railroad, and controlled a block signal system meeting the re-
by a locomotive not equipped with an quirements of this part, including ap-
onboard PTC apparatus is permitted to propriate fouling circuits and broken
operate on a PTC-operated track seg- rail detection (or equivalent safe-
ment: guards).
(i) That either: (b) In addition to the requirements of
(A) Has no regularly scheduled inter- paragraph (a) of this section, a host
city or commuter passenger rail traf- railroad that conducts a freight or pas-
fic; or senger operation at more than 90 miles
(B) Has regularly scheduled intercity per hour shall:
or commuter passenger rail traffic and (1) Have an approved PTCSP estab-
the applicable PTCIP permits the oper- lishing that the system was designed
ation of a train operated by a Class II and will be operated to meet the fail-
or III railroad and controlled by a loco- safe operation criteria described in Ap-
motive not equipped with an onboard pendix C to this part; and
PTC apparatus; (2) Prevent unauthorized or unin-
(ii) Where operations are restricted tended entry onto the main line from
to four or less such unequipped trains any track not equipped with a PTC sys-
per day, whereas a train conducting a tem compliant with this subpart by
‘‘turn’’ operation (e.g., moving to a placement of split-point derails or
point of interchange to drop off or pick equivalent means integrated into the
up cars and returning to the track PTC system; and
owned by a Class II or III railroad) is (3) Comply with § 236.1029(c).
considered two trains for this purpose; (c) In addition to the requirements of
and paragraphs (a) and (b) of this section, a
(iii) Where each movement shall ei- host railroad that conducts a freight or
ther: passenger operation at more than 125
(A) Not exceed 20 miles in length; or miles per hour shall have an approved
(B) To the extent any movement ex- PTCSP accompanied by a document
ceeds 20 miles in length, such move- (‘‘HSR–125’’) establishing that the sys-
ment is not permitted without the con- tem:
trolling locomotive being equipped (1) Will be operated at a level of safe-
with an onboard PTC system after De- ty comparable to that achieved over
cember 31, 2020, and each applicable the 5 year period prior to the submis-
Class II or III railroad shall report to sion of the PTCSP by other train con-
FRA its progress in equipping each trol systems that perform PTC func-
necessary locomotive with an onboard tions required by this subpart, and
PTC apparatus to facilitate continu- which have been utilized on high-speed
ation of the movement. The progress rail systems with similar technical and
reports shall be filed not later than De- operational characteristics in the
cember 31, 2017 and, if all necessary lo- United States or in foreign service,
comotives are not yet equipped, on De- provided that the use of foreign service
cember 31, 2019. data must be approved by the Asso-
(c) When a train movement is con- ciate Administrator before submittal
ducted under the exceptions described of the PTCSP; and
in paragraph (b)(4) of this section, that (2) Has been designed to detect incur-
movement shall be made in accordance sions into the right-of-way, including
with § 236.1029. incidents involving motor vehicles di-
verting from adjacent roads and
§ 236.1007 Additional requirements for bridges, where conditions warrant.
high-speed service. (d) In addition to the requirements of
(a) A PTC railroad that conducts a paragraphs (a) through (c) of this sec-
passenger operation at or greater than tion, a host railroad that conducts a
60 miles per hour or a freight operation freight or passenger operation at more
at or greater than 50 miles per hour than 150 miles per hour, which is gov-
shall have installed a PTC system in- erned by a Rule of Particular Applica-
cluding or working in concert with bility, shall have an approved PTCSP
740
accompanied by a HSR–125 developed (i) Separately file a PTCIP in accord-

as part of an overall system safety plan ance with paragraph (a)(1);
approved by the Associate Adminis- (ii) Notify the Associate Adminis-
trator. trator that the subject railroads were
(e) A railroad providing existing unable to agree on a PTCIP to be joint-
high-speed passenger service may rely filed;
quest in its PTCSP that the Associate (iii) Provide the Associate Adminis-
Administrator excuse compliance with trator with a comprehensive list of all
one or more requirements of this sec- issues not in agreement between the
tion upon a showing that the subject railroads that would prevent the sub-
service has been conducted with a high ject railroads from jointly filing the
level of safety. PTCIP; and
(iv) Confer with the Associate Ad-
§ 236.1009 Procedural requirements. ministrator to develop and submit a
(a) PTC Implementation Plan (PTCIP). PTCIP mutually acceptable to all sub-
(1) By April 16, 2010, each host railroad ject railroads.
that is required to implement and oper- (b) Type Approval. Each host railroad,
ate a PTC system in accordance with individually or jointly with others such
§ 236.1005(b) shall develop and submit in as a tenant railroad or system supplier,
accordance with § 236.1011(a) a PTCIP shall file prior to or simultaneously
for implementing a PTC system re- with the filing made in accordance
quired under § 236.1005. Filing of the with paragraph (a) of this section:
PTCIP shall not exempt the required (1) An unmodified Type Approval pre-
filings of an NPI, PTCSP, PTCDP, or viously issued by the Associate Admin-
Type Approval. istrator in accordance with § 236.1013 or
(2) After April 16, 2010, a host railroad § 236.1031(b) with its associated docket
shall file: number;
(2) A PTCDP requesting a Type Ap-
(i) A PTCIP if it becomes a host rail-
proval for:
road of a main line track segment for
(i) A PTC system that does not have
which it is required to implement and
a Type Approval; or
operate a PTC system in accordance
(ii) A PTC system with a previously
with § 236.1005(b); or
issued Type Approval that requires one
(ii) A request for amendment or more variances;
(‘‘RFA’’) of its current and approved (3) A PTCSP subject to the condi-
PTCIP in accordance with § 236.1021 if it tions set forth in paragraph (c) of this
intends to: section, with or without a Type Ap-
(A) Initiate a new category of service proval; or
(i.e., passenger or freight); or (4) A document attesting that a Type
(B) Add, subtract, or otherwise mate- Approval is not necessary since the
rially modify one or more lines of rail- host railroad has no territory for which
road for which installation of a PTC a PTC system is required under this
system is required. subpart.
(3) The host and tenant railroad(s) (c) Notice of Product Intent (NPI). A
shall jointly file a PTCIP that address- railroad may, in lieu of submitting a
es shared track: PTCDP, or referencing an already
(i) If the host railroad is required to issued Type Approval, submit an NPI
install and operate a PTC system on a describing the functions of the pro-
segment of its track; and posed PTC system. If a railroad elects
(ii) If the tenant railroad that shares to file an NPI in lieu of a PTCDP or
the same track segment would have referencing an existing Type Approval
been required to install a PTC system with the PTCIP, and the PTCIP is oth-
if the host railroad had not otherwise erwise acceptable to the Associate Ad-
been required to do so. ministrator, the Associate Adminis-
(4) If railroads required to file a joint trator may grant provisional approval
PTCIP are unable to jointly file a of the PTCIP.
PTCIP in accordance with paragraphs (1) A provisional approval of a
(a)(1) and (a)(3) of this section, then PTCIP, unless otherwise extended by
each railroad shall: the Associate Administrator, is valid
741
§ 236.1009 49 CFR Ch. II (10–1–11 Edition)
for a period of 270 days from the date of road shall receive PTC System Certifi-
approval by the Associate Adminis- cation for the subject PTC system and
trator. shall implement the PTC system ac-
(2) The railroad must submit an up- cording to the PTCSP.
dated PTCIP with either a complete (4) A required PTC system shall not:
PTCDP as defined in § 236.1013(a), an (i) Be used in service until it receives
updated PTCIP referencing an already from FRA a PTC System Certification;
approved Type Approval, or a full and
PTCSP within 270 days after the ‘‘Pro- (ii) Receive a PTC System Certifi-
visional Approval.’’ cation unless FRA receives and ap-
(i) Within 90 days of receipt of an up- proves an applicable:
dated PTCIP that was submitted with (A) PTCSP; or
an NPI, the Associate Administrator (B) Request for Expedited Certifi-
will approve or disapprove of the up- cation (REC) as defined by § 236.1031(a).
dated PTCIP and notify in writing the (e) Plan contents. (1) No PTCIP shall
affected railroad. If the updated PTCIP receive approval unless it complies
is not approved, the notification will with § 236.1011. No railroad shall receive
include the plan’s deficiencies. Within a Type Approval or PTC System Cer-
30 days of receipt of that notification, tification unless the applicable PTCDP
the railroad or other entity that sub- or PTCSP, respectively, comply with
mitted the plan shall correct all defi- §§ 236.1013 and 236.1015, respectively.
ciencies and resubmit the plan in ac- (2) All materials filed in accordance
cordance with this section and with this subpart must be in the
§ 236.1011, as applicable. English language, or have been trans-
(ii) If an update to a ‘‘Provisionally lated into English and attested as true
Approved’’ PTCIP is not received by and correct.
the Associate Administrator by the end (3) Each filing referenced in this sec-
of the period indicated in this para- tion may include a request for full or
graph, the ‘‘Provisional Approval’’ partial confidentiality in accordance
given to the PTCIP is automatically with § 209.11 of this chapter. If confiden-
revoked. The revocation is retroactive tiality is requested as to a portion of
to the date the original PTCIP and NPI any applicable document, then in addi-
were first submitted to the Associate tion to the filing requirements under
Administrator. § 209.11 of this chapter, the person filing
(d) PTCSP and PTC System Certifi- the document shall also file a copy of
cation. The following apply to each the original unredacted document,
PTCSP and PTC System Certification. marked to indicate which portions are
(1) A PTC System Certification for a redacted in the document’s confiden-
PTC system may be obtained by sub- tial version without obscuring the
mitting an acceptable PTCSP. If the original document’s contents.
PTC system is the subject of a Type (f) Supporting documentation and infor-
Approval, the safety case elements con- mation. (1) Issuance of a Type Approval
tained in the PTCDP may be incor- or PTC System Certification is contin-
porated by reference into the PTCSP, gent upon FRA’s confidence in the im-
subject to finalization of the human plementation and operation of the sub-
factors analysis contained in the ject PTC system. This confidence may
PTCDP. be based on FRA-monitored field test-
(2) Each PTCSP requirement under ing or an independent assessment per-
§ 236.1015 shall be supported by informa- formed in accordance with § 236.1035 or
tion and analysis sufficient to establish § 236.1017, respectively.
that the requirements of this subpart (2) Upon request by FRA, the railroad
have been satisfied. requesting a Type Approval or PTC
(3) If the Associate Administrator System Certification must engage in
finds that the PTCSP and supporting field testing or independent assessment
documentation support a finding that performed in accordance with § 236.1035
the system complies with this part, the or § 236.1017, respectively, to support
Associate Administrator may approve the assertions made in any of the plans
the PTCSP. If the Associate Adminis- submitted under this subpart. These
trator approves the PTCSP, the rail- assertions include any of the plans’
742
content requirements under this sub- Certification has been requested or pro-
part. vided; or
(g) FRA conditions, reconsiderations, (2) To determine whether a railroad
and modifications. (1) As necessary to has been in compliance with this sub-
ensure safety, FRA may attach special part.
conditions to approving a PTCIP or (i) Foreign regulatory entity
issuing a Type Approval or PTC Sys- verification. Information that has been
tem Certification. certified under the auspices of a for-
(2) After granting a Type Approval or eign regulatory entity recognized by
PTC System Certification, FRA may the Associate Administrator may, at
reconsider the Type Approval or PTC the Associate Administrator’s sole dis-
System Certification upon revelation cretion, be accepted as independently
of any of the following factors con- Verified and Validated and used to sup-
cerning the contents of the PTCDP or port each railroad’s development of the
PTCSP: PTCSP.
(i) Potential error or fraud; (j) Processing times for PTCDP and
(ii) Potentially invalidated assump- PTCSP.
tions determined as a result of in-serv- (1) Within 30 days of receipt of a
ice experience or one or more unsafe PTCDP or PTCSP, the Associate Ad-
events calling into question the safety ministrator will either acknowledge re-
analysis supporting the approval. ceipt or acknowledge receipt and re-
(3) During FRA’s reconsideration in quest more information.
accordance with this paragraph, the (2) To the extent practicable, consid-
PTC system may remain in use if oth- ering the scope, complexity, and nov-
erwise consistent with the applicable elty of the product or change:
law and regulations and FRA may im- (i) FRA will approve, approve with
pose special conditions for use of the conditions, or deny the PTCDP within
PTC system. 60 days of the date on which the
(4) After FRA’s reconsideration in ac- PTCDP was filed;
cordance with this paragraph, FRA (ii) FRA will approve, approve with
may: conditions, or deny the PTCSP within
(i) Dismiss its reconsideration and 180 days of the date on which the
continue to recognize the existing FRA PTCSP was filed;
approved Type Approval or PTC Sys- (iii) If FRA has not approved, ap-
tem Certification; proved with conditions, or denied the
(ii) Allow continued operations under PTCDP or PTCSP within the 60-day or
such conditions the Associate Adminis- 180-day window, as applicable, FRA
trator deems necessary to ensure safe- will provide the submitting party with
ty; or a statement of reasons as to why the
(iii) Revoke the Type Approval or submission has not yet been acted upon
PTC System Certification and direct and a projected deadline by which an
the railroad to cease operations where approval or denial will be issued and
PTC systems are required under this any further consultations or inquiries
subpart. will be resolved.
(h) FRA access. The Associate Admin-
istrator, or that person’s designated § 236.1011 PTC Implementation Plan
content requirements.
representatives, shall be afforded rea-
sonable access to monitor, test, and in- (a) Contents. A PTCIP filed pursuant
spect processes, procedures, facilities, to this subpart shall, at a minimum,
documents, records, design and testing describe:
materials, artifacts, training materials (1) The functional requirements that
and programs, and any other informa- the proposed system must meet;
tion used in the design, development, (2) How the PTC railroad intends to
manufacture, test, implementation, comply with §§ 236.1009(c) and (d);
and operation of the system, as well as (3) How the PTC system will provide
interview any personnel: for interoperability of the system be-
(1) Associated with a PTC system for tween the host and all tenant railroads
which a Type Approval or PTC System on the track segments required to be
743
§ 236.1011 49 CFR Ch. II (10–1–11 Edition)
equipped with PTC systems under this (B) Include each tenant railroad’s re-
subpart and: sponse to the host railroad’s written
(i) Include relevant provisions of request made in accordance with para-
agreements, executed by all applicable graph (a)(6)(iv)(A) of this section;
railroads, in place to achieve interoper- (7) The number of wayside devices re-
ability; quired for each track segment and the
(ii) List all methods used to obtain installation schedule to complete way-
interoperability; and side equipment installation by Decem-
(iii) Identify any railroads with re- ber 31, 2015;
spect to which interoperability agree- (8) Identification of each track seg-
ments have not been achieved as of the ment on the railroad as mainline or
time the plan is filed, the practical ob- non-mainline track. If the PTCIP in-
stacles that were encountered that pre- cludes an MTEA, as defined by
vented resolution, and the further § 236.1019, the PTCIP should identify
steps planned to overcome those obsta- the tracks included in the MTEA as
cles; main line track with a reference to the
(4) How, to the extent practical, the MTEA;
PTC system will be implemented to ad- (9) To the extent the railroad deter-
dress areas of greater risk to the public mines that risk-based prioritization re-
and railroad employees before areas of quired by paragraph (a)(4) of this sec-
lesser risk; tion is not practical, the basis for this
(5) The sequence and schedule in determination; and
which track segments will be equipped (10) The dates the associated PTCDP
and the basis for those decisions, and and PTCSP, as applicable, will be sub-
shall at a minimum address the fol- mitted to FRA in accordance with
lowing risk factors by track segment: § 236.1009.
(b) Additional Class I railroad PTCIP
(i) Segment traffic characteristics
requirements. Each Class I railroad shall
such as typical annual passenger and
include:
freight train volume and volume of
(1) In its PTCIP a strategy for full de-
poison- or toxic-by-inhalation (PIH or
ployment of its PTC system, describing
TIH) shipments (loads, residue);
the criteria that it will apply in identi-
(ii) Segment operational characteris-
fying additional rail lines on its own
tics such as current method of oper-
network, and rail lines of entities that
ation (including presence or absence of
it controls or engages in joint oper-
a block signal system), number of
ations with, for which full or partial
tracks, and maximum allowable train
deployment of PTC technologies is ap-
speeds, including planned modifica-
propriate, beyond those required to be
tions; and
equipped under this subpart. Such cri-
(iii) Route attributes bearing on risk, teria shall include consideration of the
including ruling grades and extreme policies established by 49 U.S.C. 20156
curvature; (railroad safety risk reduction pro-
(6) The following information relat- gram), and regulations issued there-
ing to rolling stock: under, as well as non-safety business
(i) What rolling stock will be benefits that may accrue.
equipped with PTC technology; (2) In the Technology Implementa-
(ii) The schedule to equip that rolling tion Plan of its Risk Reduction Pro-
stock by December 31, 2015; gram, when first required to be filed in
(iii) All documents and information accordance with 49 U.S.C. 20156 and any
required by § 236.1006; and regulation promulgated thereunder, a
(iv) Unless the tenant railroad is fil- specification of rail lines selected for
ing its own PTCIP, the host railroad’s full or partial deployment of PTC
PTCIP shall: under the criteria identified in its
(A) Attest that the host railroad has PTCIP.
made a formal written request to each (3) Nothing in this paragraph shall be
tenant railroad requesting identifica- construed to create an expectation or
tion of each item of rolling stock to be requirement that additional rail lines
PTC system equipped and the date each beyond those required to be equipped
will be equipped; and by this subpart must be equipped or
744
that such lines will be equipped during (2) A description of the railroad oper-
the period of primary implementation ation or categories of operations on
ending December 31, 2015. which the PTC system is designed to be
(4) As used in this paragraph, ‘‘par- used, including train movement den-
tial implementation’’ of a PTC system sity (passenger, freight), operating
refers to use, pursuant to subpart H of speeds (including a thorough expla-
this part, of technology embedded in nation of intended compliance with
PTC systems that does not employ all § 236.1007), track characteristics, and
of the functionalities required by this railroad operating rules;
subpart. (3) An operational concepts docu-
(c) FRA review. Within 90 days of re- ment, including a list with complete
ceipt of a PTCIP, the Associate Admin- descriptions of all functions which the
istrator will approve or disapprove of PTC system will perform to enhance or
the plan and notify in writing the af- preserve safety;
fected railroad or other entity. If the (4) A document describing the man-
PTCIP is not approved, the notification ner in which the PTC system architec-
will include the plan’s deficiencies. ture satisfies safety requirements;
Within 30 days of receipt of that notifi- (5) A preliminary human factors
cation, the railroad or other entity analysis, including a complete descrip-
that submitted the plan shall correct tion of all human-machine interfaces
all deficiencies and resubmit the plan and the impact of interoperability re-
in accordance with § 236.1009 and para- quirements on the same;
graph (a) of this section, as applicable. (6) An analysis of the applicability to
(d) Subpart H. A railroad that elects the PTC system of the requirements of
to install a PTC system when not re- subparts A through G of this part that
quired to do so may elect to proceed may no longer apply or are satisfied by
under this subpart or under subpart H the PTC system using an alternative
of this part. method, and a complete explanation of
(e) Upon receipt of a PTCIP, NPI, the manner in which those require-
PTCDP, or PTCSP, FRA posts on its ments are otherwise fulfilled;
public web site notice of receipt and (7) A prioritized service restoration
reference to the public docket in which and mitigation plan and a description
a copy of the filing has been placed. of the necessary security measures for
FRA may consider any public comment the system;
on each document to the extent prac- (8) A description of target safety lev-
ticable within the time allowed by law els (e.g., MTTHE for major subsystems
and without delaying implementation as defined in subpart H of this part), in-
of PTC systems. cluding requirements for system avail-
ability and a description of all backup
(f) The PTCIP shall be maintained to
methods of operation and any critical
reflect the railroad’s most recent PTC
assumptions associated with the target
deployment plans until all PTC system
levels;
deployments required under this sub-
(9) A complete description of how the
part are complete.
PTC system will enforce authorities
[75 FR 2699, Jan. 15, 2010, as amended at 75 and signal indications;
FR 59117, Sept. 27, 2010] (10) A description of the deviation
which may be proposed under
§ 236.1013 PTC Development Plan and § 236.1029(c), if applicable; and
Notice of Product Intent content re- (11) A complete description of how
quirements and Type Approval.
the PTC system will appropriately and
(a) For a PTC system to obtain a timely enforce all integrated hazard
Type Approval from FRA, the PTCDP detectors in accordance with
shall be filed in accordance with § 236.1005(c)(3), if applicable.
§ 236.1009 and shall include: (b) If the Associate Administrator
(1) A complete description of the PTC finds that the system described in the
system, including a list of all PTC sys- PTCDP would satisfy the requirements
tem components and their physical re- for PTC systems under this subpart and
lationships in the subsystem or sys- that the applicant has made a reason-
tem; able showing that a system built to the
745
§ 236.1015 49 CFR Ch. II (10–1–11 Edition)
stated requirements would achieve the ing that the system complies with this
level of safety mandated for such a sys- part, the Associate Administrator ap-
tem under § 236.1015, the Associate Ad- proves the PTCSP and issues a PTC
ministrator may grant a numbered System Certification. Receipt of a PTC
Type Approval for the system. System Certification affirms that the
(c) Each Type Approval shall be valid PTC system has been reviewed and ap-
for a period of 5 years, subject to auto- proved by FRA in accordance with, and
matic and indefinite extension pro- meets the requirements of, this part.
vided that at least one PTC System (b) A PTCSP submitted under this
Certification using the subject PTC subpart may reference and utilize in
system has been issued within that pe- accordance with this subpart any Type
riod and not revoked. Approval previously issued by the As-
(d) The Associate Administrator may sociate Administrator to any railroad,
prescribe special conditions, amend- provided that the railroad:
ments, and restrictions to any Type (1) Maintains a continually updated
Approval as necessary for safety. PTCPVL pursuant to § 236.1023;
(e) If submitted, an NPI must contain (2) Shows that the supplier from
the following information: which they are procuring the PTC sys-
(1) A description of the railroad oper- tem has established and can maintain a
ation or categories of operations on quality control system for PTC system
which the proposed PTC system is de- design and manufacturing acceptable
signed to be used, including train to the Associate Administrator. The
movement density (passenger, freight), quality control system must include
operating speeds (including a thorough the process for the product supplier or
explanation of intended compliance vendor to promptly and thoroughly re-
with § 236.1007), track characteristics, port any safety-relevant failure and
and railroad operating rules; previously unidentified hazards to each
(2) An operational concepts docu- railroad using the product; and
ment, including a list with complete (3) Provides the applicable licensing
descriptions of all functions that the information.
proposed PTC system will perform to
(c) A PTCSP submitted in accordance
enhance or preserve safety;
with this subpart shall:
(3) A description of target safety lev-
els (e.g., MTTHE for major subsystems (1) Include the FRA approved PTCDP
as defined in subpart H of this part), in- or, if applicable, the FRA issued Type
cluding requirements for system avail- Approval;
ability and a description of all backup (2)(i) Specifically and rigorously doc-
methods of operation and any critical ument each variance, including the sig-
assumptions associated with the target nificance of each variance between the
levels; PTC system and its applicable oper-
(4) A complete description of how the ating conditions as described in the ap-
proposed PTC system will enforce au- plicable PTCDP from that as described
thorities and signal indications; and in the PTCSP, and attest that there
(5) A complete description of how the are no other such variances; or
proposed PTC system will appro- (ii) Attest that there are no
priately and timely enforce all inte- variances between the PTC system and
grated hazard detectors in accordance its applicable operating conditions as
with § 236.1005(c)(3), if applicable. described in the applicable PTCDP
from that as described in the PTCSP;
§ 236.1015 PTC Safety Plan content re- and
quirements and PTC System Certifi- (3) Attest that the system was other-
cation. wise built in accordance with the appli-
(a) Before placing a PTC system re- cable PTCDP and PTCSP and achieves
quired under this part in service, the the level of safety represented therein.
host railroad must submit to FRA a (d) A PTCSP shall include the same
PTCSP and receive a PTC System Cer- information required for a PTCDP
tification. If the Associate Adminis- under § 236.1013(a). If a PTCDP has been
trator finds that the PTCSP and sup- filed and approved prior to filing of the
porting documentation support a find- PTCSP, the PTCSP may incorporate
746
the PTCDP by reference, with the ex- equipment as necessary to ensure safe-
ception that a final human factors ty;
analysis shall be provided. The PTCSP (9) A complete description of the con-
shall contain the following additional figuration or revision control measures
elements: designed to ensure that the railroad or
(1) A hazard log consisting of a com- its contractor does not adversely affect
prehensive description of all safety-rel- the safety-functional requirements and
evant hazards not previously addressed that safety-critical hazard mitigation
by the vendor or supplier to be ad- processes are not compromised as a re-
dressed during the life-cycle of the PTC sult of any such change;
system, including maximum threshold (10) A complete description of all ini-
limits for each hazard (for unidentified tial implementation testing procedures
hazards, the threshold shall be exceed- necessary to establish that safety-func-
ed at one occurrence); tional requirements are met and safe-
(2) A description of the safety assur- ty-critical hazards are appropriately
ance concepts that are to be used for mitigated;
system development, including an ex- (11) A complete description of all
planation of the design principles and post-implementation testing (valida-
assumptions; tion) and monitoring procedures, in-
(3) A risk assessment of the as-built cluding the intervals necessary to es-
PTC system described; tablish that safety-functional require-
(4) A hazard mitigation analysis, in- ments, safety-critical hazard mitiga-
cluding a complete and comprehensive tion processes, and safety-critical tol-
description of each hazard and the erances are not compromised over
mitigation techniques used; time, through use, or after mainte-
(5) A complete description of the nance (adjustment, repair, or replace-
safety assessment and Verification and ment) is performed;
Validation processes applied to the (12) A complete description of each
PTC system, their results, and whether record necessary to ensure the safety
these processes address the safety prin- of the system that is associated with
ciples described in Appendix C to this periodic maintenance, inspections,
part directly, using other safety cri- tests, adjustments, repairs, or replace-
teria, or not at all; ments, and the system’s resulting con-
(6) A complete description of the rail- ditions, including records of component
road’s training plan for railroad and failures resulting in safety-relevant
contractor employees and supervisors hazards (see § 236.1037);
necessary to ensure safe and proper in- (13) A safety analysis to determine
stallation, implementation, operation, whether, when the system is in oper-
maintenance, repair, inspection, test- ation, any risk remains of an unin-
ing, and modification of the PTC sys- tended incursion into a roadway work
tem; zone due to human error. If the anal-
(7) A complete description of the spe- ysis reveals any such risk, the PTCDP
cific procedures and test equipment and PTCSP shall describe how that
necessary to ensure the safe and proper risk will be mitigated;
installation, implementation, oper- (14) A more detailed description of
ation, maintenance, repair, inspection, any alternative arrangements as al-
testing, and modification of the PTC ready provided under § 236.1005(a)(1)(i).
system on the railroad and establish (15) A complete description of how
safety-critical hazards are appro- the PTC system will enforce authori-
priately mitigated. These procedures, ties and signal indications, unless al-
including calibration requirements, ready completely provided for in the
shall be consistent with or explain de- PTCDP;
viations from the equipment manufac- (16) A description of how the PTCSP
turer’s recommendations; complies with § 236.1019(f), if applicable;
(8) A complete description of any ad- (17) A description of any deviation in
ditional warning to be placed in the operational requirements for en route
Operations and Maintenance Manual in failures as specified under § 236.1029(c),
the same manner specified in § 236.919 if applicable and unless already com-
and all warning labels to be placed on pletely provided for in the PTCDP;
747
§ 236.1015 49 CFR Ch. II (10–1–11 Edition)
(18) A complete description of how tem exists, as a replacement for an ex-

the PTC system will appropriately and isting signal or train control system,
timely enforce all integrated hazard or otherwise to replace or materially
detectors in accordance with § 236.1005; modify the existing method of oper-
(19) An emergency and planned main- ation, shall:
tenance temporary rerouting plan indi- (i) Reliably execute the functions re-
cating how operations on the subject quired by § 236.1005 and be dem-
PTC system will take advantage of the onstrated to do so to FRA’s satisfac-
benefits provided under § 236.1005(g) tion; and
through (k); and (ii) Have a PTCSP establishing, with
(20) The documents and information a high degree of confidence, that the
required under §§ 236.1007 and 236.1033. system will not introduce new hazards
(e) The following additional require- that have not been mitigated. The sup-
ments apply to: porting risk assessment shall evaluate
(1) Non-vital overlay. A PTC system all intended changes in railroad oper-
proposed as an overlay on the existing ations in relation to the introduction
method of operation and not built in of the new system and shall examine in
accordance with the safety assurance detail the direct and indirect effects of
principles set forth in appendix C of all changes in the method of oper-
this part must, to the satisfaction of ations.
the Associate Administrator, be shown (4) Mixed systems. If a PTC system
to: combining overlay, stand-alone, vital,
(i) Reliably execute the functions set or non-vital characteristics is pro-
forth in § 236.1005; posed, the railroad shall confer with
(ii) Obtain at least 80 percent reduc- the Associate Administrator regarding
tion of the risk associated with acci- appropriate structuring of the safety
dents preventable by the functions set case and analysis.
forth in § 236.1005, when all effects of (f) When determining whether the
the change associated with the PTC PTCSP fulfills the requirements under
system are taken into account. The paragraph (d) of this section, the Asso-
supporting risk assessment shall evalu- ciate Administrator may consider all
ate all intended changes in railroad op- available evidence concerning the reli-
erations coincident with the introduc- ability and availability of the proposed
tion of the new system; and system and any and all safety con-
(iii) Maintain a level of safety for sequences of the proposed changes. In
each subsequent system modification any case where the PTCSP lacks ade-
that is equal to or greater than the quate data regarding safety impacts of
level of safety for the previous PTC the proposed changes, the Associate
systems. Administrator may request the nec-
(2) Vital overlay. A PTC system pro- essary data from the applicant. If the
posed on a newly constructed track or requested data is not provided, the As-
as an overlay on the existing method of sociate Administrator may find that
operation and built in accordance with potential hazards could or will arise.
the safety assurance principles set (g) If a PTCSP applies to a system
forth in appendix C of this part must, designed to replace an existing cer-
to the satisfaction of the Associate Ad- tified PTC system, the PTCSP will be
ministrator, be shown to: approved provided that the PTCSP es-
(i) Reliably execute the functions set tablishes with a high degree of con-
forth in § 236.1005; and fidence that the new system will pro-
(ii) Have sufficient documentation to vide a level of safety not less than the
demonstrate that the PTC system, as level of safety provided by the system
built, fulfills the safety assurance prin- to be replaced.
ciples set forth in Appendix C of this (h) When reviewing the issue of the
part. The supporting risk assessment potential data errors (for example, er-
may be abbreviated as that term is rors arising from data supplied from
used in subpart H of this part. other business systems needed to exe-
(3) Stand-alone. A PTC system pro- cute the braking algorithm, survey
posed on a newly constructed track, an data needed for location determina-
existing track for which no signal sys- tion, or mandatory directives issued
748
through the computer-aided dis- pendent’’ within the meaning of this

patching system), the PTCSP must in- section.
clude a careful identification of each of (d) The independent third-party as-
the risks and a discussion of each ap- sessment shall, at a minimum, consist
plicable mitigation. In an appropriate of the activities and result in the pro-
case, such as a case in which the resid- duction of documentation meeting the
ual risk after mitigation is substantial requirements of Appendix F to this
or the underlying method of operation part, unless excepted by this part or by
will be significantly altered, the Asso- FRA order or waiver.
ciate Administrator may require sub- (e) Information provided that has
mission of a quantitative risk assess- been certified under the auspices of a
ment addressing these potential errors. foreign railroad regulatory entity rec-
ognized by the Associate Adminis-
§ 236.1017 Independent third party trator may, at the Associate Adminis-
Verification and Validation. trator’s discretion, be accepted as hav-
(a) The PTCSP must be supported by ing been independently verified.
an independent third-party assessment § 236.1019 Main line track exceptions.
when the Associate Administrator con-
cludes that it is necessary based upon (a) Scope and procedure. This section
the criteria set forth in § 236.913, with pertains exclusively to exceptions from
the exception that consideration of the the rule that trackage over which
methodology used in the risk assess- scheduled intercity and commuter pas-
ment (§ 236.913(g)(2)(vii)) shall apply senger service is provided is considered
only to the extent that a comparative main line track requiring installation
risk assessment was required. To the of a PTC system. One or more intercity
or commuter passenger railroads, or
extent practicable, FRA makes this de-
freight railroads conducting joint pas-
termination not later than review of
senger and freight operation over the
the PTCIP and the accompanying
same segment of track may file a main
PTCDP or PTCSP. If an independent
line track exclusion addendum
assessment is required, the assessment
(‘‘MTEA’’) to its PTCIP requesting to
may apply to the entire system or a
designate track as not main line sub-
designated portion of the system.
ject to the conditions set forth in para-
(b) If a PTC system is to undergo an graphs (b) or (c) of this section. No
independent assessment in accordance track shall be designated as yard or
with this section, the host railroad terminal unless it is identified in an
may submit to the Associate Adminis- MTEA that is part of an FRA approved
trator a written request that FRA con- PTCIP.
firm whether a particular entity would (b) Passenger terminal exception. FRA
be considered an independent third will consider an exception in the case
party pursuant to this section. The re- of trackage used exclusively as yard or
quest should include supporting infor- terminal tracks by or in support of reg-
mation identified in paragraph (c) of ularly scheduled intercity or commuter
this section. FRA may request further passenger service where the MTEA de-
information to make a determination scribes in detail the physical bound-
or provide its determination in writing. aries of the trackage in question, its
(c) As used in this section, ‘‘inde- use and characteristics (including
pendent third party’’ means a tech- track and signal charts) and all of the
nically competent entity responsible to following apply:
and compensated by the railroad (or an (1) The maximum authorized speed
association on behalf of one or more for all movements is not greater than
railroads) that is independent of the 20 miles per hour, and that maximum
PTC system supplier and vendor. An is enforced by any available onboard
entity that is owned or controlled by PTC equipment within the confines of
the supplier or vendor, that is under the yard or terminal;
common ownership or control with the (2) Interlocking rules are in effect
supplier or vendor, or that is otherwise prohibiting reverse movements other
involved in the development of the than on signal indications without dis-
PTC system is not considered ‘‘inde- patcher permission; and
749
§ 236.1020 49 CFR Ch. II (10–1–11 Edition)
(3) Either of the following conditions review and approval. FRA may require
exists: a collision hazard analysis to identify
(i) No freight operations are per- hazards and may require that specific
mitted; or mitigations be undertaken. Operations
(ii) Freight operations are permitted under any such exception shall be con-
but no passengers will be aboard pas- ducted subject to the terms and condi-
senger trains within the defined limits. tions of the approval. Any main line
(c) Limited operations exception. FRA track exclusion is subject to periodic
will consider an exception in the case review.
of a track segment used for limited op- (e) Temporal separation. As used in
erations (operating in accordance with this section, temporal separation
§ 236.0 of this part) under one of the fol- means that limited passenger and
lowing sets of conditions: freight operations do not operate on
(1) The trackage is used for limited any segment of shared track during the
operations by at least one passenger same period and also refers to the proc-
railroad subject to at least one of the esses or physical arrangements, or
following conditions: both, in place to ensure that temporal
(i) All trains are limited to restricted separation is established and main-
speed; tained at all times. The use of exclu-
(ii) Temporal separation of passenger sive authorities under mandatory di-
and other trains is maintained as pro- rectives is not, by itself, sufficient to
vided in paragraph (e) of this section; establish that temporal separation is
or achieved. Procedures to ensure tem-
(iii) Passenger service is operated poral separation shall include
under a risk mitigation plan submitted verification checks between passenger
by all railroads involved in the joint and freight operations and effective
operation and approved by FRA. The physical means to positively ensure
risk mitigation plan must be supported segregation of passenger and freight
by a risk assessment establishing that operations in accordance with this
the proposed mitigations will achieve a paragraph.
level of safety not less than the level of (f) PTCSP requirement. No PTCSP—
safety that would obtain if the oper- filed after the approval of a PTCIP
ations were conducted under paragraph with an MTEA—shall be approved by
(c)(1) or (c)(2) of this section. FRA unless it attests that no changes,
(2) Passenger service is operated on a except for those included in an FRA ap-
segment of track of a freight railroad proved RFA, have been made to the in-
that is not a Class I railroad on which formation in the PTCIP and MTEA re-
less than 15 million gross tons of quired by paragraph (b) or (c) of this
freight traffic is transported annually section.
and on which one of the following con- (g) Designation modifications. If subse-
ditions applies: quent to approval of its PTCIP or
(i) If the segment is unsignaled and PTCSP the railroad seeks to modify
no more than four regularly scheduled which track or tracks should be des-
passenger trains are operated during a ignated as main line or not main line,
calendar day, or it shall request modification of its
(ii) If the segment is signaled (e.g., PTCIP or PTCSP, as applicable, in ac-
equipped with a traffic control system, cordance with § 236.1021.
automatic block signal system, or cab [75 FR 2699, Jan. 15, 2010, as amended at 75
signal system) and no more than 12 FR 59117, Sept. 27, 2010]
regularly scheduled passenger trains
are operated during a calendar day. § 236.1020 Exclusion of track segments
(3) Not more than four passenger for implementation due to cessation
trains per day are operated on a seg- of PIH materials service or rerout-
ment of track of a Class I freight railing.
road on which less than 15 million (a) Purpose and scope. This section
gross tons of freight traffic is trans- sets forth the conditions under which
ported annually. track segments identified in the 2008
(d) A limited operations exception baseline described in § 236.1005(b)(2)
under paragraph (c) is subject to FRA may be removed from the PTCIP. A
750
track segment qualified for removal lated conditions for analysis. In deter-
under this section may be removed mining whether risk is substantially
after FRA approves a request con- the same, FRA will consider the vol-
tained in the PTCIP or an RFA filed ume of traffic diverted, and such other
prior to the required and scheduled factors as safety may require.
PTC installation date for the subject (3) Residual risk. In the case of a
track segment. track segment for which cessation of
(b) Cessation of PIH materials service. local service is established under para-
Except as provided in paragraph (c) of graph (b)(1) of this section and for
this section, the following three condi- which analysis shows any overhead
tions must all be satisfied in order to PIH materials traffic could properly be
justify removal of a track segment rerouted under paragraph (b)(2) of this
from the PTCIP: section, the railroad shall also estab-
(1) Local service. The railroad must af- lish that the remaining risk arising
firm that there is no remaining local from rail operations on the track seg-
PIH materials traffic expected on the ment—pertaining to events that can be
track segment, or that service is ex- prevented or mitigated in severity by a
pected to cease as of a date certain PTC system—is less than the average
prior to December 31, 2015. In the case equivalent risk per route mile on track
of future cessation of local service, the segments required to be equipped with
expectation may be documented by PTC because of annual gross tonnage
statements from all current PIH mate- and the presence of PIH materials traf-
rials shippers and/or consignees. The fic (excluding track segments also car-
railroad is not required to anticipate rying passenger traffic). Such average
future requests for service not in keep- equivalent risk shall be determined as
ing with prior service patterns.(See of a time prior to installation of PTC
§ 236.1005(b)(3)). on the line segments. This provision of
(2) Overhead traffic. (i) To the extent the rule requires a future rulemaking
that the track segment carried PIH to finalize and implement a risk eval-
materials traffic other than local traf- uation methodology. Lines identified
fic in 2008, the railroad must establish for removal subject to this provision
that current or prospective rerouting will not be required to be equipped
to one or more alternate track seg- with PTC prior to the issuance of a
ments is justified. In making this final rule detailing the methodology.
showing, the railroad must assume, for (i) FRA will develop a risk evaluation
purposes of analysis only, that both methodology for the purpose of con-
the subject track segment and the al- ducting the analysis required pursuant
ternative route(s) will be equipped and to paragraph (b)(3) of this section. The
operated with PTC. Rerouting will be risk evaluation methodology will be fi-
justified if the analysis is conducted in nalized through a separate rulemaking
accordance with the same procedures proceeding that will permit all inter-
and using the same methodology as re- ested parties to provide input on the
quired for safety and security route specific methodology and, whether that
analysis under 49 CFR 172.820, with ap- methodology should be employed. If in
propriate quantitative weight given to the rulemaking proceeding FRA deter-
risk reduction effected by installation mines that a risk methodology should
of a PTC system. If the track segment not be employed, then FRA will amend
in question is not clearly the route pos- this final rule to eliminate the residual
ing the least overall safety and secu- risk provisions.
rity risks, then removal of the line (ii) Any track segment qualifying for
from the PTCIP may be granted. consideration under paragraph (b)(3) of
(ii) However, unlike analysis under this section and identified by the rail-
part 172, FRA will consider the case for road for requested removal from the
rerouting and removal of the line from PTCIP shall be considered to be ‘‘pend-
the PTCIP to be made if the alter- ing for decision’’ until such time as
native(s) to the track segment sought FRA has published the risk evaluation
to be removed has substantially the methodology identified in paragraph
same overall safety and security risks (b)(3)(i) of this section. If a final risk
as the subject routes under the stipu- evaluation methodology is employed,
751
§ 236.1021 49 CFR Ch. II (10–1–11 Edition)
the railroad may be requested to pro- (2) The proposed modifications;

vide supplemental information related (3) The reasons for each modification;
to its request for removal of specific (4) The changes to the PTCIP,
lines. The railroad is not required to PTCDP, or PTCSP, as applicable;
commence installation of PTC on any (5) Each modification’s effect on PTC
track segment ‘‘pending for decision’’ system safety;
under this paragraph, until a final FRA (6) An approximate timetable for fil-
determination is made. ing of the PTCDP, PTCSP, or both, if
(c) If a track segment qualifies for re-
the amendment pertains to a PTCIP;
moval from the PTCIP under para-
and
graphs (b)(1) and (b)(2) of this section
but does not meet the test of paragraph (7) An explanation of whether each
(b)(3) of this section, the railroad may change to the PTCSP is planned or un-
nevertheless request that the PTCIP be planned.
amended to remove the track segment (i) Unplanned changes that affect the
based upon compensating reductions in Type Approval’s PTCDP require sub-
the risk related to PTC-preventable ac- mission and approval in accordance
cidents based on installation of PTC with § 236.1013 of a new PTCDP, fol-
technology on one or more track seg- lowed by submission and approval in
ments not otherwise required to be accordance with § 236.1015 of a new
equipped. Upon a proper showing that PTCSP for the PTC system.
the increment of risk reduction is at (ii) Unplanned changes that do not
least as great on the substitute line as affect the Type Approval’s PTCDP re-
it would be on the line sought to be ex- quire submission and approval of a new
cluded from the PTCIP, FRA may ap- PTCSP.
prove the substitution. (iii) Unplanned changes are changes
affecting system safety that have not
[75 FR 59117, Sept. 27, 2010]
been documented in the PTCSP. The
§ 236.1021 Discontinuances, material impact of unplanned changes on PTC
modifications, and amendments. system safety has not yet been deter-
(a) No changes, as defined by this sec- mined.
tion, to a PTC system, PTCIP, PTCDP, (iv) Planned changes may be imple-
or PTCSP, shall be made unless: mented after they have undergone suit-
(1) The railroad files a request for able regression testing to demonstrate,
amendment (‘‘RFA’’) to the applicable to the satisfaction of the Associate Ad-
PTCIP, PTCDP, or PTCSP with the As- ministrator, they have been correctly
sociate Administrator; and implemented and their implementation
(2) The Associate Administrator ap- does not degrade safety.
proves the RFA. (v) Planned changes are changes af-
(b) After approval of an RFA in ac- fecting system safety in the PTCSP
cordance with paragraph (a) of this sec- and have been included in all required
tion, the railroad shall immediately analysis under § 236.1015. The impact of
adopt and comply with the amend- these changes on the PTC system’s
ment. safety has been incorporated as an in-
(c) In lieu of a separate filing under tegral part of the approved PTCSP
part 235 of this chapter, a railroad may safety analysis.
request approval of a discontinuance or (e) If the RFA includes a request for
material modification of a signal or approval of a discontinuance or mate-
train control system by filing an RFA rial modification of a signal or train
to its PTCIP, PTCDP, or PTCSP with control system, FRA will publish a no-
the Associate Administrator. tice in the FEDERAL REGISTER of the
(d) An RFA made in accordance with application and will invite public com-
this section will not be approved by ment in accordance with part 211 of
FRA unless the request includes: this chapter.
(1) The information listed in § 235.10 (f) When considering the RFA, FRA
of this chapter and the railroad pro- will review the issue of the discontinu-
vides FRA upon request any additional ance or material modification and de-
information necessary to evaluate the termine whether granting the request
RFA (see § 235.12), including: is in the public interest and consistent
752
with railroad safety, taking into con- approved PTCSP of this part, it is not
sideration all changes in the method of necessary to file for approval to de-
operation and system functionalities, crease the limits of a system when it
both within normal PTC system avail- involves the:
ability and in the case of a system (1) Decrease of the limits of a PTC
failed state (unavailable), con- system when interlocked switches, de-
templated in conjunction with installa- rails, or movable-point frogs are not in-
tion of the PTC system. The railroad volved;
submitting the RFA must, at FRA’s re- (2) Removal of an electric or mechan-
quest, perform field testing in accord- ical lock, or signal used in lieu thereof,
ance with § 236.1035 or engage in from hand-operated switch in a PTC
Verification and Validation in accord- system where train speed over such
ance with § 236.1017. switch does not exceed 20 miles per
(g) FRA may issue at its discretion a hour, and use of those devices has not
new Type Approval number for a PTC been part of the considerations for ap-
system modified under this section.
proval of a PTCSP; or
(h) Changes requiring filing of an RFA.
(3) Removal of an electric or mechan-
Except as provided by paragraph (i), an
RFA shall be filed to request the fol- ical lock, or signal used in lieu thereof,
lowing: from a hand-operated switch in a PTC
(1) Discontinuance of a PTC system, system where trains are not permitted
or other similar appliance or device; to clear the main track at such switch
(2) Decrease of the PTC system’s lim- and use of those devices has not been a
its (e.g., exclusion or removal of a PTC part of the considerations for approval
system on a track segment); of a PTCSP.
(3) Modification of a safety critical (k) Modifications not requiring the fil-
element of a PTC system; or ing of an RFA. When the resultant ar-
(4) Modification of a PTC system that rangement will comply with an ap-
affects the safety critical functionality proved PTCSP of this part, it is not
of any other PTC system with which it necessary to file an application for ap-
interoperates. proval of the following modifications:
(i) Discontinuances not requiring the (1) A modification that is required to
filing of an RFA. It is not necessary to comply with an order of the Federal
file an RFA for the following Railroad Administration or any section
discontinuances: of part 236 of this title;
(1) Removal of a PTC system from (2) Installation of devices used to pro-
track approved for abandonment by vide protection against unusual contin-
formal proceeding; gencies such as landslide, burned
(2) Removal of PTC devices used to bridges, high water, high and wide
provide protection against unusual loads, or dragging equipment;
contingencies such as landslide, burned (3) Elimination of existing track
bridge, high water, high and wide load, other than a second main track;
or tunnel protection when the unusual (4) Extension or shortening of a pass-
contingency no longer exists;
ing siding; or
(3) Removal of the PTC devices that
(5) The temporary or permanent ar-
are used on a movable bridge that has
been permanently closed by the formal rangement of existing systems neces-
approval of another government agen- sitated by highway-rail grade separa-
cy and is mechanically secured in the tion construction. Temporary arrange-
closed position for rail traffic; or ments shall be removed within six
(4) Removal of the PTC system from months following completion of con-
service for a period not to exceed 6 struction.
months that is necessitated by cata-
§ 236.1023 Errors and malfunctions.
strophic occurrence such as derail-
ment, flood, fire, or hurricane, or (a) Each railroad implementing a
earthquake. PTC system on its property shall es-
(j) Changes not requiring the filing of tablish and continually update a PTC
an RFA. When the resultant change to Product Vendor List (PTCPVL) that
the PTC system will comply with an includes all vendors and suppliers of
753
§ 236.1023 49 CFR Ch. II (10–1–11 Edition)
each PTC system, subsystem, compo- (e) After the product is placed in
nent, and associated product, and proc- service, the railroad shall maintain a
ess in use system-wide. The PTCPVL database of all safety-relevant hazards
shall be made available to FRA upon as set forth in the PTCSP and those
request. that had not previously been identified
(b)(1) The railroad shall specify within the PTCSP. If the frequency of the
in its PTCSP all contractual arrange- safety-relevant hazard exceeds the
ments with hardware and software sup- thresholds set forth in the PTCSP, or
pliers or vendors for immediate notifi- has not been previously identified in
cation between the parties of any and the appropriate risk analysis, the rail-
all safety-critical software failures, up- road shall:
grades, patches, or revisions, as well as (1) Notify the applicable vendor or
any hardware repairs, replacements, or supplier and FRA of the failure, mal-
modifications for their PTC system, function, or defective condition that
subsystems, or components. decreased or eliminated the safety
(2) A vendor or supplier, on receipt of functionality;
a report of any safety-critical failure (2) Keep the applicable vendor or sup-
to their product, shall promptly notify plier and FRA apprised on a continual
all other railroads that are using that basis of the status of any and all subse-
product, whether or not the other rail- quent failures; and
roads have experienced the reported (3) Take prompt counter measures to
failure of that safety-critical system, reduce or eliminate the frequency of
subsystem, or component. the safety-relevant hazards below the
threshold identified in the PTCSP.
(3) The notification from a supplier
(f) Each notification to FRA required
to any railroad shall include expla-
by this section shall:
nation from the supplier of the reasons
(1) Be made within 15 days after the
for such notification, the cir-
vendor, supplier, or railroad discovers
cumstances associated with the failure,
the failure, malfunction, or defective
and any recommended mitigation ac-
condition. However, a report that is
tions to be taken pending determina-
due on a Saturday or a Sunday may be
tion of the root cause and final correc- delivered on the following Monday and
tive actions. one that is due on a holiday may be de-
(c) The railroad shall: livered on the next business day;
(1) Specify the railroad’s process and (2) Be transmitted in a manner and
procedures in its PTCSP for action form acceptable to the Associate Ad-
upon their receipt of notification of ministrator and by the most expedi-
safety-critical failure, as well as re- tious method available; and
ceipt of a safety-critical upgrade, (3) Include as much available and ap-
patch, revision, repair, replacement, or plicable information as possible, in-
modification. cluding:
(2) Identify configuration/revision (i) PTC system name and model;
control measures in its PTCSP that are (ii) Identification of the part, compo-
designed to ensure the safety-func- nent, or system involved, including the
tional requirements and the safety- part number as applicable;
critical hazard mitigation processes (iii) Nature of the failure, malfunc-
are not compromised as a result of any tions, or defective condition;
change and that such a change can be (iv) Mitigation taken to ensure the
audited. safety of train operation, railroad em-
(d) The railroad shall provide to the ployees, and the public; and
applicable vendor or supplier the rail- (v) The estimated time to correct the
road’s procedures for action upon noti- failure.
fication of a safety-critical failure, up- (4) In the event that all information
grade, patch, or revision for the PTC required by paragraph (f)(3) of this sec-
system, subsystem, component, prod- tion is not immediately available, the
uct, or process, and actions to be taken non-available information shall be for-
until the faulty system, subsystem, or warded to the Associate Administrator
component has been adjusted, repaired as soon as practicable in supplemental
or replaced. reports.
754
(g) Whenever any investigation of an § 236.1025 [Reserved]

accident or service difficulty report
shows that a PTC system or product is § 236.1027 PTC system exclusions.
unsafe because of a manufacturing or (a) The requirements of this subpart
design defect, the railroad and its ven- apply to each office automation system
dor or supplier shall, upon request of that performs safety-critical functions
the Associate Administrator, report to within, or affects the safety perform-
the Associate Administrator the re- ance of, the PTC system. For purposes
sults of its investigation and any ac- of this section, ‘‘office automation sys-
tion taken or proposed to correct that tem’’ means any centralized or distrib-
defect. uted computer-based system that di-
(h) PTC system and product suppliers rectly or indirectly controls the active
and vendors shall: movement of trains in a rail network.
(1) Promptly report any safety-rel- (b) Changes or modifications to PTC
evant failures or defective conditions, systems otherwise excluded from the
previously unidentified hazards, and requirements of this subpart by this
recommended mitigation actions in section do not exclude those PTC sys-
their PTC system, subsystem, or com- tems from the requirements of this
ponent to each railroad using the prod- subpart if the changes or modifications
uct; and result in a degradation of safety or a
(2) Notify FRA of any safety-relevant material decrease in safety-critical
failure, defective condition, or pre- functionality.
viously unidentified hazard discovered (c) Primary train control systems
by the vendor or supplier and the iden- cannot be integrated with locomotive
tity of each affected and notified rail- electronic systems unless the complete
road. integrated systems:
(i) The requirements of this section (1) Have been shown to be designed
do not apply to failures, malfunctions, on fail-safe principles;
or defective conditions that: (2) Have demonstrated to operate in a
(1) Are caused by improper mainte- fail-safe mode;
nance or improper usage; or (3) Have a manual fail-safe fallback
(2) Have been previously identified to and override to allow the locomotive to
the FRA, vendor or supplier, and appli- be brought to a safe stop in the event
cable user railroads. of any loss of electronic control; and
(j) When any safety-critical PTC sys- (4) Are included in the approved and
tem, subsystem, or component fails to applicable PTCDP and PTCSP.
perform its intended function, the (d) PTC systems excluded by this sec-
cause shall be determined and the tion from the requirements of this sub-
faulty product adjusted, repaired, or part remain subject to subparts A
replaced without undue delay. Until through H of this part as applicable.
corrective action is completed, a rail-
road shall take appropriate action to § 236.1029 PTC system use and en
ensure safety and reliability as speci- route failures.
fied within its PTCSP. (a) When any safety-critical PTC sys-
(k) Any railroad experiencing a fail- tem component fails to perform its in-
ure of a system resulting in a more fa- tended function, the cause must be de-
vorable aspect than intended or other termined and the faulty component ad-
condition hazardous to the movement justed, repaired, or replaced without
of a train shall comply with the report- undue delay. Until repair of such essen-
ing requirements, including the mak- tial components are completed, a rail-
ing of a telephonic report of an acci- road shall take appropriate action as
dent or incident involving such failure, specified in its PTCSP.
under part 233 of this chapter. Filing of (b) Where a PTC onboard apparatus
one or more reports under part 233 of on a controlling locomotive that is op-
this chapter does not exempt a rail- erating in or is to be operated within a
road, vendor, or supplier from the re- PTC system fails or is otherwise cut-
porting requirements contained in this out while en route (i.e, after the train
section. has departed its initial terminal), the
755
§ 236.1031 49 CFR Ch. II (10–1–11 Edition)
train may only continue in accordance (d) Each railroad shall comply with
with the following: all provisions in the applicable PTCDP
(1) The train may proceed at re- and PTCSP for each PTC system it
stricted speed, or if a block signal sys- uses and shall operate within the scope
tem is in operation according to signal of initial operational assumptions and
indication at medium speed, to the predefined changes identified.
next available point where communica- (e) The normal functioning of any
tion of a report can be made to a des- safety-critical PTC system must not be
ignated railroad officer of the host rail- interfered with in testing or otherwise
road; without first taking measures to pro-
(2) Upon completion and communica- vide for the safe movement of trains,
tion of the report required in para- locomotives, roadway workers, and on-
graph (b)(1) of this section, or where
track equipment that depend on the
immediate electronic report of said
normal functioning of the system.
condition is appropriately provided by
the PTC system itself, a train may con- (f) The PTC system’s onboard appa-
tinue to a point where an absolute ratus shall be so arranged that each
block can be established in advance of member of the crew assigned to per-
the train in accordance with the fol- form duties in the locomotive can re-
lowing: ceive the same PTC information dis-
(i) Where no block signal system is in played in the same manner and execute
use, the train may proceed at re- any functions necessary to that crew
stricted speed, or member’s duties. The locomotive engi-
(ii) Where a block signal system is in neer shall not be required to perform
operation according to signal indica- functions related to the PTC system
tion, the train may proceed at a speed while the train is moving that have the
not to exceed medium speed. potential to distract the locomotive
(3) Upon reaching the location where engineer from performance of other
an absolute block has been established safety-critical duties.
in advance of the train, as referenced
in paragraph (b)(2) of this section, the § 236.1031 Previously approved PTC
train may proceed in accordance with systems.
the following: (a) Any PTC system fully imple-
(i) Where no block signal system is in mented and operational prior to March
use, the train may proceed at medium 16, 2010, may receive PTC System Cer-
speed; however, if the involved train is tification if the applicable PTC rail-
a passenger train or a train hauling road, or one or more system suppliers
any amount of PIH material, it may and one or more PTC railroads, sub-
only proceed at a speed not to exceed 30 mits a Request for Expedited Certifi-
miles per hour. cation (REC) letter to the Associate
(ii) Where a block signal system is in Administrator. The REC letter must do
use, a passenger train may proceed at a
one of the following:
speed not to exceed 59 miles per hour
(1) Reference a product safety plan
and a freight train may proceed at a
speed not to exceed 49 miles per hour. (PSP) approved by FRA under subpart
(iii) Except as provided in paragraph H of this part and include a document
(c), where a cab signal system with an fulfilling the requirements under
automatic train control system is in §§ 236.1011 and 236.1013 not already in-
operation, the train may proceed at a cluded in the PSP;
speed not to exceed 79 miles per hour. (2) Attest that the PTC system has
(c) In order for a train equipped with been approved by FRA and in operation
PTC traversing a track segment for at least 5 years and has already re-
equipped with PTC to deviate from the ceived an assessment of Verification
operating limitations contained in and Validation from an independent
paragraph (b) of this section, the devi- third party under part 236 or a waiver
ation must be described and justified in supporting such operation; or
the FRA approved PTCDP or PTCSP, (3) Attest that the PTC system is rec-
or the Order of Particular Applica- ognized under an Order issued prior to
bility, as applicable. March 16, 2010.
756
(b) If an REC letter conforms to para- vide cryptographic message integrity

graph (a)(1) of this section, the Asso- and authentication.
ciate Administrator, at his or her sole (b) Cryptographic keys required
discretion, may also issue a new Type under paragraph (a) of this section
Approval for the PTC system. shall:
(c) In order to receive a Type Ap- (1) Use an algorithm approved by the
proval or PTC System Certification National Institute of Standards (NIST)
under paragraph (a) or (b) of this sec- or a similarly recognized and FRA ap-
tion, the PTC system must be shown to proved standards body;
reliably execute the functionalities re- (2) Be distributed using manual or
quired by §§ 236.1005 and 236.1007 and automated methods, or a combination
otherwise conform to this subpart. of both; and
(d) Previous approval or recognition (3) Be revoked:
of a train control system, together (i) If compromised by unauthorized
with an established service history, disclosure of the cleartext key; or
may, at the request of the PTC rail-
(ii) When the key algorithm reaches
road, and consistent with available
its lifespan as defined by the standards
safety data, be credited toward satis-
body responsible for approval of the al-
faction of the safety case requirements
gorithm.
set forth in this part for the PTCSP
(c) The cleartext form of the cryp-
with respect to all functionalities and
tographic keys shall be protected from
implementations contemplated by the
unauthorized disclosure, modification,
approval or recognition.
or substitution, except during key
(e) To the extent that the PTC sys-
entry when the cleartext keys and key
tem proposed for implementation
components may be temporarily dis-
under this subpart is different in sig-
played to allow visual verification.
nificant detail from the system pre-
When encrypted keys or key compo-
viously approved or recognized, the
nents are entered, the cryptographi-
changes shall be fully analyzed in the
cally protected cleartext key or key
PTCDP or PTCSP as would be the case
components shall not be displayed.
absent prior approval or recognition.
(f) As used in this section— (d) Access to cleartext keys shall be
(1) Approved refers to approval of a protected by a tamper resistant mecha-
Product Safety Plan under subpart H nism.
of this part. (e) Each railroad electing to also pro-
(2) Recognized refers to official action vide cryptographic message confiden-
permitting a system to be implemented tiality shall:
for control of train operations under an (1) Comply with the same require-
FRA order or waiver, after review of ments for message integrity and au-
safety case documentation for the im- thentication under this section; and
plementation. (2) Only use keys meeting or exceed-
(g) Upon receipt of an REC, FRA will ing the security strength required to
consider all safety case information to protect the data as defined in the rail-
the extent feasible and appropriate, road’s PTCSP and required under
given the specific facts before the agen- § 236.1013(a)(7).
cy. Nothing in this section limits re- (f) Each railroad, or its vendor or
use of any applicable safety case infor- supplier, shall have a prioritized serv-
mation by a party other than the party ice restoration and mitigation plan for
receiving: scheduled and unscheduled interrup-
(1) A prior approval or recognition re- tions of service. This plan shall be in-
ferred to in this section; or cluded in the PTCDP or PTCSP as re-
(2) A Type Approval or PTC System quired by §§ 236.1013 or 236.1015, as appli-
Certification under this subpart. cable, and made available to FRA upon
request, without undue delay, for res-
§ 236.1033 Communications and secu- toration of communication services
rity requirements. that support PTC system services.
(a) All wireless communications be- (g) Each railroad may elect to impose
tween the office, wayside, and onboard more restrictive requirements than
components in a PTC system shall pro- those in this section, consistent with
757
§ 236.1035 49 CFR Ch. II (10–1–11 Edition)
interoperability requirements specified (c) Each contractor providing serv-

in the PTCSP for the system. ices relating to the testing, mainte-
nance, or operation of a PTC system
§ 236.1035 Field testing requirements. required to be installed under this sub-
(a) Before any field testing of an part shall maintain at a designated of-
uncertified PTC system, or a product of fice training records required under
an uncertified PTC system, or any re- § 236.1039(b).
gression testing of a certified PTC sys- (d) After the PTC system is placed in
tem is conducted on the general rail service, the railroad shall maintain a
system, the railroad requesting the database of all safety-relevant hazards
testing must provide: as set forth in the PTCSP and PTCDP
(1) A complete description of the PTC and those that had not been previously
system; identified in either document. If the
(2) An operational concepts docu- frequency of the safety-relevant haz-
ment; ards exceeds the threshold set forth in
(3) A complete description of the spe- either of these documents, then the
cific test procedures, including the railroad shall:
measures that will be taken to protect (1) Report the inconsistency in writ-
trains and on-track equipment; ing by mail, facsimile, e-mail, or hand
(4) An analysis of the applicability of delivery to the Director, Office of Safe-
the requirements of subparts A ty Assurance and Compliance, FRA,
through G of this part to the PTC sys- 1200 New Jersey Ave, SE, Mail Stop 25,
tem that will not apply during testing; Washington, DC 20590, within 15 days of
(5) The date the proposed testing discovery. Documents that are hand
shall begin; delivered must not be enclosed in an
(6) The test locations; and envelope;
(7) The effect on the current method (2) Take prompt countermeasures to
of operation the PTC system will or reduce the frequency of each safety-rel-
may have under test. evant hazard to below the threshold set
(b) FRA may impose additional test- forth in the PTCSP and PTCDP; and
ing conditions that it believes may be (3) Provide a final report when the in-
necessary for the safety of train oper- consistency is resolved to the FRA Di-
ations. rector, Office of Safety Assurance and
(c) Relief from regulations other than Compliance, on the results of the anal-
from subparts A through G of this part ysis and countermeasures taken to re-
that the railroad believes are necessary duce the frequency of the safety-rel-
to support the field testing, must be re- evant hazard(s) below the threshold set
quested in accordance with part 211 of forth in the PTCSP and PTCDP.
this title.
§ 236.1039 Operations and Mainte-
§ 236.1037 Records retention. nance Manual.
(a) Each railroad with a PTC system (a) The railroad shall catalog and
required to be installed under this sub- maintain all documents as specified in
part shall maintain at a designated of- the PTCDP and PTCSP for the instal-
fice on the railroad: lation, maintenance, repair, modifica-
(1) A current copy of each FRA ap- tion, inspection, and testing of the PTC
proved Type Approval, if any, PTCDP, system and have them in one Oper-
and PTCSP that it holds; ations and Maintenance Manual, read-
(2) Adequate documentation to dem- ily available to persons required to per-
onstrate that the PTCSP and PTCDP form such tasks and for inspection by
meet the safety requirements of this FRA and FRA-certified state inspec-
subpart, including the risk assessment; tors.
(3) An Operations and Maintenance (b) Plans required for proper mainte-
Manual, pursuant to § 236.1039; and nance, repair, inspection, and testing
(4) Training and testing records pur- of safety-critical PTC systems must be
suant to § 236.1043(b). adequate in detail and must be made
(b) Results of inspections and tests available for inspection by FRA and
specified in the PTCSP and PTCDP FRA-certified state inspectors where
must be recorded pursuant to § 236.110. such PTC systems are deployed or
758
maintained. They must identify all their safety and how to avoid inter-
software versions, revisions, and revi- fering with its proper functioning; and
sion dates. Plans must be legible and (5) The direct supervisors of persons
correct. listed in paragraphs (a)(1) through
(c) Hardware, software, and firmware (a)(4) of this section.
revisions must be documented in the (b) Competencies. The employer’s pro-
Operations and Maintenance Manual gram must provide training for persons
according to the railroad’s configura- who perform the functions described in
tion management control plan and any paragraph (a) of this section to ensure
additional configuration/revision con- that they have the necessary knowl-
trol measures specified in the PTCDP edge and skills to effectively complete
and PTCSP. their duties related to operation and
(d) Safety-critical components, in- maintenance of the PTC system.
cluding spare equipment, must be posi-
§ 236.1043 Task analysis and basic re-
tively identified, handled, replaced, quirements.
and repaired in accordance with the
procedures specified in the PTCDP and (a) Training structure and delivery. As
PTCSP. part of the program required by
(e) Each railroad shall designate in § 236.1041, the employer shall, at a min-
its Operations and Maintenance Man- imum:
(1) Identify the specific goals of the
ual an appropriate railroad officer re-
training program with regard to the
sponsible for issues relating to sched-
target population (craft, experience
uled interruptions of service con-
level, scope of work, etc.), task(s), and
templated by § 236.1029.
desired success rate;
§ 236.1041 Training and qualification (2) Based on a formal task analysis,
program, general. identify the installation, maintenance,
repair, modification, inspection, test-
(a) Training program for PTC per- ing, and operating tasks that must be
sonnel. Employers shall establish and performed on a railroad’s PTC systems.
implement training and qualification This includes the development of fail-
programs for PTC systems subject to ure scenarios and the actions expected
this subpart. These programs must under such scenarios;
meet the minimum requirements set (3) Develop written procedures for
forth in the PTCDP and PTCSP in the performance of the tasks identi-
§§ 236.1039 through 236.1045, as appro- fied;
priate, for the following personnel: (4) Identify the additional knowledge,
(1) Persons whose duties include in- skills, and abilities above those re-
stalling, maintaining, repairing, modi- quired for basic job performance nec-
fying, inspecting, and testing safety- essary to perform each task;
critical elements of the railroad’s PTC (5) Develop a training and evaluation
systems, including central office, way- curriculum that includes classroom,
side, or onboard subsystems; simulator, computer-based, hands-on,
(2) Persons who dispatch train oper- or other formally structured training
ations (issue or communicate any man- designed to impart the knowledge,
datory directive that is executed or en- skills, and abilities identified as nec-
forced, or is intended to be executed or essary to perform each task;
enforced, by a train control system (6) Prior to assignment of related
subject to this subpart); tasks, require all persons mentioned in
(3) Persons who operate trains or § 236.1041(a) to successfully complete a
serve as a train or engine crew member training curriculum and pass an exam-
subject to instruction and testing ination that covers the PTC system
under part 217 of this chapter, on a and appropriate rules and tasks for
train operating in territory where a which they are responsible (however,
train control system subject to this such persons may perform such tasks
subpart is in use; under the direct onsite supervision of a
(4) Roadway workers whose duties re- qualified person prior to completing
quire them to know and understand such training and passing the examina-
how a train control system affects tion);
759
§ 236.1045 49 CFR Ch. II (10–1–11 Edition)
(7) Require periodic refresher train- § 236.1047 Training specific to loco-

ing and evaluation at intervals speci- motive engineers and other oper-
fied in the PTCDP and PTCSP that in- ating personnel.
cludes classroom, simulator, computer- (a) Operating personnel. Training pro-
based, hands-on, or other formally vided under this subpart for any loco-
structured training and testing, except motive engineer or other person who
with respect to basic skills for which participates in the operation of a train
proficiency is known to remain high as in train control territory shall be de-
a result of frequent repetition of the fined in the PTCDP as well as the
task; and PTCSP. The following elements shall
(8) Conduct regular and periodic eval- be addressed:
uations of the effectiveness of the (1) Familiarization with train control
training program specified in equipment onboard the locomotive and
§ 236.1041(a)(1) verifying the adequacy of the functioning of that equipment as
the training material and its validity part of the system and in relation to
with respect to current railroads PTC other onboard systems under that per-
systems and operations. son’s control;
(b) Training records. Employers shall (2) Any actions required of the on-
retain records which designate persons board personnel to enable, or enter
who are qualified under this section data to, the system, such as consist
until new designations are recorded or data, and the role of that function in
for at least one year after such persons the safe operation of the train;
leave applicable service. These records (3) Sequencing of interventions by
shall be kept in a designated location the system, including pre-enforcement
and be available for inspection and rep- notification, enforcement notification,
lication by FRA and FRA-certified penalty application initiation and
State inspectors post-penalty application procedures;
(4) Railroad operating rules and test-
§ 236.1045 Training specific to office ing (part 217) applicable to the train
control personnel.
control system, including provisions
(a) Any person responsible for issuing for movement and protection of any
or communicating mandatory direc- unequipped trains, or trains with failed
tives in territory where PTC systems or cut-out train control onboard sys-
are or will be in use shall be trained in tems and other on-track equipment;
the following areas, as applicable: (5) Means to detect deviations from
(1) Instructions concerning the inter- proper functioning of onboard train
face between the computer-aided dis- control equipment and instructions re-
patching system and the train control garding the actions to be taken with
system, with respect to the safe move- respect to control of the train and noti-
ment of trains and other on-track fication of designated railroad per-
equipment; sonnel; and
(2) Railroad operating rules applica- (6) Information needed to prevent un-
ble to the train control system, includ- intentional interference with the prop-
ing provision for movement and protec- er functioning of onboard train control
tion of roadway workers, unequipped equipment.
trains, trains with failed or cut-out (b) Locomotive engineer training.
train control onboard systems, and Training required under this subpart
other on-track equipment; and for a locomotive engineer, together
(3) Instructions concerning control of with required records, shall be inte-
trains and other on-track equipment in grated into the program of training re-
case the train control system fails, in- quired by part 240 of this chapter.
cluding periodic practical exercises or (c) Full automatic operation. The fol-
simulations, and operational testing lowing special requirements apply in
under part 217 of this chapter to ensure the event a train control system is
the continued capability of the per- used to effect full automatic operation
sonnel to provide for safe operations of the train:
under the alternative method of oper- (1) The PTCDP and PTCSP shall
ation. identify all safety hazards to be miti-
(b) [Reserved] gated by the locomotive engineer.
760
Federal Railroad Administration, DOT Pt. 236, App. A
(2) The PTCDP and PTCSP shall ad- shall be integrated into the program of
dress and describe the training re- training required under this chapter.
quired with provisions for the mainte-
nance of skills proficiency. As a min- § 236.1049 Training specific to road-
imum, the training program must: way workers.
(i) As described in § 236.1043(a)(2), de- (a) Roadway worker training. Training
velop failure scenarios which incor- required under this subpart for a road-
porate the safety hazards identified in way worker shall be integrated into
the PTCDP and PTCSP including the the program of instruction required
return of train operations to a fully under part 214, subpart C of this chap-
manual mode; ter (‘‘Roadway Worker Protection’’),
(ii) Provide training, consistent with consistent with task analysis require-
§ 236.1047(a), for safe train operations ments of § 236.1043. This training shall
under all failure scenarios and identi- provide instruction for roadway work-
fied safety hazards that affect train op- ers who provide protection for them-
erations; selves or roadway work groups.
(iii) Provide training, consistent with (b) Training subject areas. (1) Instruc-
§ 236.1047(a), for safe train operations tion for roadway workers shall ensure
under manual control; and an understanding of the role of proc-
(iv) Consistent with § 236.1047(a), en- essor-based signal and train control
sure maintenance of manual train op- equipment in establishing protection
erating skills by requiring manual for roadway workers and their equip-
starting and stopping of the train for ment.
an appropriate number of trips and by (2) Instruction for all roadway work-
one or more of the following methods: ers working in territories where PTC is
(A) Manual operation of a train for a required under this subpart shall en-
4-hour work period; sure recognition of processor-based sig-
(B) Simulated manual operation of a nal and train control equipment on the
train for a minimum of 4 hours in a wayside and an understanding of how
Type I simulator as required; or to avoid interference with its proper
(C) Other means as determined fol- functioning.
lowing consultation between the rail- (3) Instructions concerning the rec-
road and designated representatives of ognition of system failures and the pro-
the affected employees and approved vision of alternative methods of on-
by FRA. The PTCDP and PTCSP shall track safety in case the train control
designate the appropriate frequency system fails, including periodic prac-
when manual operation, starting, and tical exercises or simulations and oper-
stopping must be conducted, and the ational testing under part 217 of this
appropriate frequency of simulated chapter to ensure the continued capa-
manual operation. bility of roadway workers to be free
(d) Conductor training. Training re- from the danger of being struck by a
quired under this subpart for a con- moving train or other on-track equip-
ductor, together with required records, ment.
APPENDIX A TO PART 236—CIVIL PENALTIES 1

Willful viola-
Section Violation tion
Subpart A—Rules and Instructions—All Systems
General:
236.0 Applicability, minimum requirements ........................................................................................ $2,500 $5,000
236.1 Plans, where kept ..................................................................................................................... 1,000 2,000
236.2 Grounds .................................................................................................................................... 1,000 2,000
236.3 Locking of signal apparatus housings:
(a) Power interlocking machine cabinet not secured against unauthorized entry ................. 2,500 5,000
(b) other violations .................................................................................................................. 1,000 2,000
236.4 Interference with normal functioning of device ......................................................................... 5,000 7,500
236.5 Design of control circuits on closed circuit principle ................................................................ 1,000 2,000
236.6 Hand-operated switch equipped with switch circuit controller ................................................. 1,000 2,000
236.7 Circuit controller operated by switch-and-lock movement ....................................................... 1,000 2,000
761
Pt. 236, App. A 49 CFR Ch. II (10–1–11 Edition)
Willful viola-
236.8 Operating characteristics of electro-magnetic, electronic, or electrical apparatus .................. 1,000 2,000
236.9 Selection of circuits through indicating or annunciating instruments ....................................... 1,000 2,000
236.10 Electric locks, force drop type; where required ...................................................................... 1,000 2,000
236.11 Adjustment, repair, or replacement of component ................................................................. 2,500 5,000
236.12 Spring switch signal protection; where required .................................................................... 1,000 2,000
236.13 Spring switch; selection of signal control circuits through circuit controller ........................... 1,000 2,000
236.14 Spring switch signal protection; requirements ........................................................................ 1,000 2,000
236.15 Timetable instructions ............................................................................................................. 1,000 2,000
236.16 Electric lock, main track releasing circuit:.
(a) Electric lock releasing circuit on main track extends into fouling circuit where turnout
not equipped with derail at clearance point either pipe-connected to switch or independ-
ently locked, electrically ...................................................................................................... 2,500 5,000
236.17 Pipe for operating connections, requirements 1,000 2,000
236.18 Software management control plan:.
Failure to develop and adopt a plan ....................................................................................... $5,000 $10,000
Failure to fully implement plan ................................................................................................ 5,000 10,000
Inadequate plan ...................................................................................................................... 2,500 10,000
Roadway Signals and Cab Signals—
236.21 Location of roadway signals ................................................................................................... 1,000 2,000
236.22 Semaphore signal arm; clearance to other objects ............................................................... 1,000 2,000
236.23 Aspects and indications .......................................................................................................... 1,000 2,000
236.24 Spacing of roadway signals .................................................................................................... 2,500 5,000
236.26 Buffing device, maintenance .................................................................................................. 1,000 2,000
Track Circuits—
236.51 Track circuit requirements:
(a) Shunt fouling circuit used where permissible speed through turnout greater than 45
m.p.h .................................................................................................................................... 2,500 5,000
(b) Track relay not in de-energized position or device that functions as track relay not in
its most restrictive state when train, locomotive, or car occupies any part of track circuit,
except fouling section of turnout of hand-operated main-track crossover ......................... 2,500 5,000
(c) other violations .................................................................................................................. 1,000 2,000
236.52 Relayed cut-section ................................................................................................................ 1,000 2,000
236.53 Track circuit feed at grade crossing ....................................................................................... 1,000 2,000
236.54 Minimum length of track circuit ............................................................................................... 1,000 2,000
236.55 Dead section; maximum length .............................................................................................. 1,000 2,000
236.56 Shunting sensitivity ................................................................................................................. 2,500 5,000
236.57 Shunt and fouling wires:
(a) Shunt or fouling wires do not consist of at least two discrete conductors ....................... 2,500 5,000
236.58 Turnout, fouling section:
(a) Rail joint in shunt fouling section not bonded ................................................................... 2,500 5,000
236.59 Insulated rail joints .................................................................................................................. 1,000 2,000
236.60 Switch shunting circuit; use restricted .................................................................................... 2,500 5,000
Wires and Cables—
236.71 Signal wires on pole line and aerial cable ............................................................................. 1,000 2,000
236.73 Open-wire transmission line; clearance to other circuits ....................................................... 1,000 2,000
236.74 Protection of insulated wire; splice in underground wire ....................................................... 1,000 2,000
236.76 Tagging of wires and interference of wires or tags with signal apparatus ............................ 1,000 2,000
Inspections and Tests; All Systems—
236.101 Purpose of inspection and tests; removal from service or relay or device failing to meet
test requirements ............................................................................................................................... 2,500 5,000
236.102 Semaphore or search-light signal mechanism ..................................................................... 1,000 2,000
236.103 Switch circuit controller or point detector ............................................................................. 1,000 2,000
236.104 Shunt fouling circuit .............................................................................................................. 1,000 2,000
236.105 Electric lock ........................................................................................................................... 1,000 2,000
236.106 Relays ................................................................................................................................... 1,000 2,000
236.107 Ground tests ......................................................................................................................... 1,000 2,000
236.108 Insulation resistance tests, wires in trunking and cables:
(a) Circuit permitted to function on a conductor having insulation resistance value less
than 200,000 ohms ............................................................................................................. 2,500 5,000
236.109 Time releases, timing relays and timing devices ................................................................. 1,000 2,000
236.110 Results of tests ..................................................................................................................... 1,000 2,000
Subpart B—Automatic Block Signal Systems
236.201 Track circuit control of signals .............................................................................................. 1,000 2,000

236.202 Signal governing movements over hand-operated switch ................................................... 1,000 2,000
236.203 Hand-operated crossover between main tracks; protection ................................................. 1,000 2,000
762
Willful viola-
236.204 Track signaled for movements in both directions, requirements ......................................... 1,000 2,000
236.205 Signal control circuits; requirements .................................................................................... 1,000 2,000
236.206 Battery or power supply with respect to relay; location ....................................................... 1,000 2,000
Subpart C—Interlocking
236.207 Electric lock on hand-operated switch; control:

(a) Approach or time locking of electric lock on hand-operated switch can be defeated by
unauthorized use of emergency device which is not kept sealed in the non-release posi-
tion ....................................................................................................................................... 2,500 5,000
236.301 Where signals shall be provided .......................................................................................... 1,000 2,000
236.302 Track circuits and route locking ............................................................................................ 1,000 2,000
236.303 Control circuits for signals, selection through circuit controller operated by switch points
or by switch locking mechanism ........................................................................................................ 1,000 2,000
236.304 Mechanical locking or same protection effected by circuits ................................................. 1,000 2,000
236.305 Approach or time locking ...................................................................................................... 1,000 2,000
236.306 Facing point lock or switch-and-lock movement .................................................................. 1,000 2,000
236.307 Indication locking:
236.308 Mechanical or electric locking or electric circuits; requisites ............................................... 1,000 2,000
236.309 Loss of shunt protection; where required:
(a) Loss of shunt of five seconds or less permits release of route locking of power-oper-
ated switch, movable point frog, or derail ........................................................................... 2,500 5,000
(b) Other violations ................................................................................................................. 1,000 2,000
236.310 Signal governing approach to home signal .......................................................................... 1,000 2,000
236.311 Signal control circuits, selection through track relays or devices functioning as track re-
lays and through signal mechanism contacts and time releases at automatic interlocking ............. 1,000 2,000
236.312 Movable bridge, interlocking of signal appliances with bridge devices:
(a) Emergency bypass switch or device not locked or sealed ............................................... 2,500 5,000
236.314 Electric lock for hand-operated switch or derail:
(a) Approach or time locking of electric lock at hand-operated switch or derail can be de-
feated by unauthorized use of emergency device which is not kept sealed in non-re-
lease position ...................................................................................................................... 2,500 5,000
Rules and Instructions—
236.326 Mechanical locking removed or disarranged; requirement for permitting train movements
through interlocking ........................................................................................................................... 1,000 2,000
236.327 Switch, movable-point frog or split-point derail .................................................................... 1,000 2,000
236.328 Plunger of facing-point .......................................................................................................... 1,000 2,000
236.329 Bolt lock ................................................................................................................................ 1,000 2,000
236.330 Locking dog of switch and lock movement .......................................................................... 1,000 2,000
236.334 Point detector ........................................................................................................................ 1,000 2,000
236.335 Dogs, stops and trunnions of mechanical locking ................................................................ 1,000 2,000
236.336 Locking bed .......................................................................................................................... 1,000 2,000
236.337 Locking faces of mechanical locking; fit ............................................................................... 1,000 2,000
236.338 Mechanical locking required in accordance with locking sheet and dog chart .................... 1,000 2,000
236.339 Mechanical locking; maintenance requirements .................................................................. 1,000 2,000
236.340 Electromechanical interlocking machine; locking between electrical and mechanical le-
vers .................................................................................................................................................... 1,000 2,000
236.341 Latch shoes, rocker links, and quadrants ............................................................................ 1,000 2,000
236.342 Switch circuit controller ......................................................................................................... 1,000 2,000
Inspection and Tests—
236.376 Mechanical locking ............................................................................................................... 1,000 2,000
236.377 Approach locking .................................................................................................................. 1,000 2,000
236.378 Time locking .......................................................................................................................... 1,000 2,000
236.379 Route locking ........................................................................................................................ 1,000 2,000
236.380 Indication locking .................................................................................................................. 1,000 2,000
236.381 Traffic locking ........................................................................................................................ 1,000 2,000
236.382 Switch obstruction test .......................................................................................................... 1,000 2,000
236.383 Valve locks, valves, and valve magnets .............................................................................. 1,000 2,000
236.384 Cross protection
236.386 Restoring feature on power switches
236.387 Movable bridge locking ......................................................................................................... 1,000 2,000
Subpart D—Traffic Control Systems Standards
236.401 Automatic block signal system and interlocking standards applicable to traffic control sys-
tems:
236.402 Signals controlled by track circuits and control operator ..................................................... 1,000 2,000
236.403 Signals at controlled point .................................................................................................... 1,000 2,000
236.404 Signals at adjacent control points ........................................................................................ 1,000 2,000
763
Willful viola-
236.405 Track signaled for movements in both directions, change of direction of traffic ................. 1,000 2,000
236.407 Approach or time locking; where required ........................................................................... 1,000 2,000
236.408 Route locking ........................................................................................................................ 1,000 2,000
236.410 Locking, hand-operated switch; requirements:
(a) Hand-operated switch on main track not electrically or mechanically locked in normal
position where signal not provided to govern movement to main track, movements
made at speeds in excess of 20 m.p.h., and train or engine movements may clear main
track ..................................................................................................................................... 2,500 5,000
(b) Hand-operated switch on signaled siding not electrically or mechanically locked in nor-
mal position where signal not provided to govern movements to signaled siding, train
movements made at speeds in excess of 30 m.p.h., and train or engine movements
may clear signaled siding .................................................................................................... 2,500 5,000
(c) Approach or time locking of electric lock at hand-operated switch can be defeated by
use of emergency release device of electric lock which is not kept sealed in non-release
position ................................................................................................................................ 2,500 5,000
(d) other violations .................................................................................................................. 1,000 2,000
Rules and Instructions—
236.426 Interlocking rules and instructions applicable to traffic control systems .............................. 1,000 2,000
236.476 Interlocking inspections and tests applicable to traffic control systems .............................. 1,000 2,000
Subpart E—Automatic Train Stop, Train Control and Cab Signal Systems Standards
236.501 Forestalling device and speed control .................................................................................. 1,000 2,000

236.502 Automatic brake application, initiation by restrictive block conditions stopping distance in
advance ............................................................................................................................................. 1,000 2,000
236.503 Automatic brake application; initiation when predetermined rate of speed exceeded ........ 1,000 2,000
236.504 Operations interconnected with automatic block-signal system .......................................... 1,000 2,000
236.505 Proper operative relation between parts along roadway and parts on locomotive ............. 1,000 2,000
236.506 Release of brakes after automatic application ..................................................................... 1,000 2,000
236.507 Brake application; full service ............................................................................................... 1,000 2,000
236.508 Interference with application of brakes by means of brake valve ........................................ 1,000 2,000
236.509 Two or more locomotives coupled ....................................................................................... 1,000 2,000
236.511 Cab signals controlled in accordance with block conditions stopping distance in advance 1,000 2,000
236.512 Cab signal indication when locomotive enters blocks .......................................................... 1,000 2,000
236.513 Audible indicator ................................................................................................................... 1,000 2,000
236.514 Interconnection of cab signal system with roadway signal system ..................................... 1,000 2,000
236.515 Visibility of cab signals ......................................................................................................... 1,000 2,000
236.516 Power supply ........................................................................................................................ 1,000 2,000
Rules and Instructions; Roadway—
236.526 Roadway element not functioning properly .......................................................................... 2,500 5,000
236.527 Roadway element insulation resistance ............................................................................... 1,000 2,000
236.528 Restrictive condition resulting from open hand-operated switch; requirement .................... 1,000 2,000
236.529 Roadway element inductor; height and distance from rail ................................................... 1,000 2,000
236.531 Trip arm; height and distance from rail ................................................................................ 1,000 2,000
236.532 Strap iron inductor; use restricted ........................................................................................ 1,000 2,000
236.534 Rate of pressure reduction; equalizing reservoir or brake pipe ........................................... 1,000 2,000
236.551 Power supply voltage ........................................................................................................... 1,000 2,000
236.552 Insulation resistance ............................................................................................................. 1,000 2,000
236.553 Seal, where required ............................................................................................................ 2,500 5,000
236.554 Rate of pressure reduction; equalizing reservoir or brake pipe ........................................... 1,000 2,000
236.555 Repaired or rewound receiver coil ....................................................................................... 1,000 2,000
236.556 Adjustment of relay ............................................................................................................... 1,000 2,000
236.557 Receiver; location with respect to rail .................................................................................. 1,000 2,000
236.560 Contact element, mechanical trip type; location with respect to rail .................................... 1,000 2,000
236.562 Minimum rail current required ............................................................................................... 1,000 2,000
236.563 Delay time ............................................................................................................................. 1,000 2,000
236.564 Acknowledging time .............................................................................................................. 1,000 2,000
236.565 Provision made for preventing operation of pneumatic brake-applying apparatus by dou-
ble-heading clock; requirement ......................................................................................................... 1,000 2,000
236.566 Locomotive of each train operating in train stop, train control or cab signal territory;
equipped ............................................................................................................................................ 5,000 7,500
236.567 Restrictions imposed when device fails and/or is cut out en route:
(a) Report not made to designated officer at next available point of communication after
automatic train stop, train control, or cab signal device fails and/or is cut en route .......... 5,000 7,500
(b) Train permitted to proceed at speed exceeding 79 m.p.h. where automatic train stop,
train control, or cab signal device fails and/or is cut out en route when absolute block
established in advance of train on which device is inoperative ......................................... 5,000 7,500
(c) other violations .................................................................................................................. 1,000 2,000
236.568 Difference between speeds authorized by roadway signal and cab signal; action ............. 1,000 2,000
Inspection and Tests; Roadway—
236.576 Roadway element ................................................................................................................. 1,000 2,000
764
Willful viola-
236.577 Test, acknowledgement, and cut-in circuits ......................................................................... 1,000 2,000

Inspection and Tests; Locomotive—
236.586 Daily or after trip test ............................................................................................................ 2,500 5,000
236.587 Departure test:
(a) Test of automatic train stop, train control, or cab signal apparatus on locomotive not
made on departure of locomotive from initial terminal if equipment on locomotive not cut
out between initial terminal and equipped territory ............................................................. 5,000 7,500
(b) Test of automatic train stop, train control, or cab signal apparatus on locomotive not
made immediately on entering equipped territory, if equipment on locomotive cut out be-
tween initial terminal and equipped territory ....................................................................... 5,000 7,500
(c) Automatic train stop, train control, or cab signal apparatus on locomotive making more
than one trip within 24-hour period not given departure test within corresponding 24-
hour period .......................................................................................................................... 5,000 7,500
(d) other violations .................................................................................................................. 2,500 5,000
236.588 Periodic test .......................................................................................................................... 2,500 5,000
236.589 Relays ................................................................................................................................... 2,500 5,000
236.590 Pneumatic apparatus:
(a) Automatic train stop, train control, or cab signal apparatus not inspected and cleaned
at least once every 736 days .............................................................................................. 2,500 5,000
Subpart F—Dragging Equipment and Slide Detectors and Other Similar Protective Devices; Standards
236.601 Signals controlled by devices; location ................................................................................ 1,000 2,000

Subpart H—Standards for Processor-Based Signal and Train Control Systems
236.905 Railroad Safety Program Plan (RSPP):

Failure to develop and submit RSPP when required ............................................................. 5,000 7,500
Failure to obtain FRA approval for a modification to RSPP .................................................. 5,000 7,500
236.907 Product Safety Plan (PSP):
Failure to develop a PSP ........................................................................................................ 5,000 7,500
Failure to submit a PSP when required ................................................................................. 5,000 7,500
236.909 Minimum Performance Standard:
Failure to make analyses or documentation available ........................................................... 2,500 5,000
Failure to determine that the standard has been met ............................................................ 5,000 7,500
236.913 Notification to FRA of PSPs: 2,500 5,000
Failure to prepare a PSP or PSP amendment as required ................................................... 5,000 7,500
Failure to submit a PSP or PSP amendment as required ..................................................... 5,000 7,500
Field testing without authorization or approval ....................................................................... 10,000 20,000
236.915 Implementation and operation:
(a) Operation of product without authorization or approval .................................................... 10,000 20,000
(b) Failure to comply with PSP ............................................................................................... 2,500 5,000
(c) Interference with normal functioning safety-critical product .............................................. 7,500 15,000
(d) Failure to determine cause and adjust, repair or replace without undue delay or take
appropriate action pending repair ....................................................................................... 5,000 7,500
236.917 Retention of records:
Failure to maintain records as required .................................................................................. 7,500 15,000
Failure to report inconsistency ................................................................................................ 10,000 20,000
Failure to take prompt countermeasures ................................................................................ 10,000 20,000
Failure to provide final report .................................................................................................. 2,500 5,000
236.919 Operations and Maintenance Manual .................................................................................. 3,000 6,000
236.921 Training and qualification program, general ......................................................................... 3,000 6,000
236.923 Task analysis and basic requirements:
Failure to develop an acceptable training program ................................................................ 2,500 5,000
Failure to train persons as required ....................................................................................... 2,500 5,000
Failure to conduct evaluation of training program as required .............................................. 2,500 5,000
236.925 Training specific to control office personnel ......................................................................... 2,500 5,000
236.927 Training specific to locomotive engineers and other operating personnel .......................... 2,500 5,000
236.929 Training specific to roadway workers ................................................................................... 2,500 5,000
Subpart I—Positive Train Control Systems
236.1005 Positive Train Control System Requirements:

Failure to complete PTC system installation on track segment where PTC is required prior
to 12/31/2015 ...................................................................................................................... 16,000 25,000
Commencement of revenue service prior to obtaining PTC System Certification ................. 16,000 25,000
Failure of the PTC system to perform a safety-critical function required by this section ...... 5,000 7,500
Failure to provide notice, obtain approval, or follow a condition for temporary rerouting
when required ...................................................................................................................... 5,000 7,500
Exceeding the allowed percentage of controlling locomotives operating out of an initial ter-
minal after receiving a failed initialization ........................................................................... 5,000 7,500
236.1006 Equipping locomotives operating in PTC territory:
765
Willful viola-
Operating in PTC territory a controlling locomotive without a required and operative PTC
onboard apparatus .............................................................................................................. 15,000 25,000
Failure to report as prescribed by this section ....................................................................... 5,000 7,500
Non-compliant operation of unequipped trains in PTC territory ............................................. 15,000 25,000
236.1007 Additional requirements for high-speed service:
Operation of passenger trains at speed equal to or greater than 60 mph on non-PTC-
equipped territory where required ....................................................................................... 15,000 25,000
Operation of freight trains at speed equal to or greater than 50 mph on non-PTC-equipped
territory where required ....................................................................................................... 15,000 25,000
Failure to fully implement incursion protection where required .............................................. 5,000 7,500
236.1009 Procedural requirements:
Failure to file PTCIP when required ....................................................................................... 5,000 7,500
Failure to amend PTCIP when required ................................................................................. 5,000 7,500
Failure to obtain Type Approval when required ..................................................................... 5,000 7,500
Failure to update NPI .............................................................................................................. 5,000 7,500
Operation of PTC system prior to system certification ........................................................... 16,000 25,000
236.1011 PTCIP content requirements:
Failure to install a PTC system in accordance with subpart I when so required .................. 11,000 16,000
236.1013 PTCDP content requirements and Type Approval:
Failure to maintain quality control system .............................................................................. 5,000 7,500
Inappropriate use of Type Approval ....................................................................................... 5,000 7,500
236.1015 PTCSP content requirements and PTC System Certification:
Failure to implement PTC system in accordance with the associated PTCSP and resultant
system certification .............................................................................................................. 16,000 25,000
Failure to maintain PTC system in accordance with the associated PTCSP and resultant
system certification .............................................................................................................. 16,000 25,000
Failure to maintain required supporting documentation ......................................................... 2,500 5,000
236.1017 Independent third party Verification and Validation:
Failure to conduct independent third party Verification and Validation when ordered .......... 11,000 16,000
236.1019 Main line track exceptions:
Revenue operations conducted in non-compliance with the passenger terminal exception 16,000 25,000
Revenue operations conducted in non-compliance with the limited operations exception ... 16,000 25,000
Failure to request modification of the PTCIP or PTCSP when required ............................... 11,000 16,000
Revenue operations conducted in violation of (c)(2) .............................................................. 16,000 25,000
Revenue operations conducted in violation of (c)(3) .............................................................. 25,000 25,000
236.1021 Discontinuances, material modifications, and amendments:
Failure to update PTCDP when required ............................................................................... 5,000 7,500
Failure to update PTCSP when required ............................................................................... 5,000 7,500
Failure to immediately adopt and comply with approved RFA .............................................. 5,000 7,500
Discontinuance or modification of a PTC system without approval when required ............... 11,000 16,000
236.1023 Errors and malfunctions:
Railroad failure to provide proper notification of PTC system error or malfunction ............... 5,000 7,500
Failure to maintain PTCPVL ................................................................................................... 2,500 5,000
Supplier failure to provide proper notification of previously identified PTC system error or
malfunction .......................................................................................................................... 5,000 7,500
Failure to provide timely notification ....................................................................................... 5,000 7,500
Failure to provide appropriate protective measures in the event of PTC system failure ...... 15,000 25,000
236.1027 Exclusions:
Integration of primary train control system with locomotive electronic system without ap-
proval ................................................................................................................................... 5,000 7,500
236.1029 PTC system use and en route failures:
Failure to determine cause of PTC system component failure without undue delay ............ 5,000 7,500
Failure to adjust, repair, or replace faulty PTC system component without undue delay ..... 5,000 7,500
Failure to take appropriate action pending adjustment, repair, or replacement of faulty
PTC system component ...................................................................................................... 15,000 25,000
Non-compliant train operation within PTC-equipped territory with inoperative PTC onboard
apparatus ............................................................................................................................. 5,000 7,500
Interference with the normal functioning of safety-critical PTC system ................................. 15,000 25,000
Improper arrangement of the PTC system onboard apparatus ............................................. 2,500 5,000
236.1033 Communications and security requirements:
Failure to provide cryptographic message integrity and authentication ................................. 5,000 7,500
Improper use of revoked cryptographic key ........................................................................... 5,000 15,000
Failure to protect cryptographic keys from unauthorized disclosure, modification, or substi-
tution .................................................................................................................................... 5,000 15,000
Failure to establish prioritized service restoration and mitigation plan for communication
services ............................................................................................................................... 5,000 7,500
236.1035 Field testing requirements:
Field testing without authorization or approval ....................................................................... 10,000 20,000
236.1037 Records retention:
Failure to maintain records and databases as required ......................................................... 7,500 15,000
Failure to report inconsistency ................................................................................................ 10,000 20,000
Failure to take prompt countermeasures ................................................................................ 10,000 20,000
Failure to provide final report .................................................................................................. 2,500 5,000
766
Federal Railroad Administration, DOT Pt. 236, App. B
Willful viola-
236.1039 Operations and Maintenance Manual:

Failure to implement and maintain Operations and Maintenance Manual as required ......... 3,000 6,000
236.1043 Task analysis and basic requirements:
Failure to develop and maintain an acceptable training program .......................................... 10,000 20,000
Failure to train persons as required ....................................................................................... 2,500 5,000
Failure to conduct evaluation of training program as required .............................................. 2,500 5,000
236.1045 Training specific to office control personnel:
Failure to conduct training unique to office control personnel ............................................... 2,500 5,000
236.1047 Training specific to locomotive engineers and other operating personnel:
Failure to conduct training unique to locomotive engineers and other operating personnel 2,500 5,000
236.1049 Training specific to roadway workers:
Failure to conduct training unique to roadway workers ......................................................... 2,500 5,000
1 A penalty may be assessed against an individual only for a willful violation. The Administrator reserves the right to assess a
penalty of up to $100,000 for any violation where circumstances warrant. See 49 CFR part 209, appendix A.
[53 FR 52936, Dec. 29, 1988, as amended at 63 FR 11624, Mar. 10, 1998; 69 FR 30595, May 28, 2004;
70 FR 11104, Mar. 7, 2005; 73 FR 79704, Dec. 30, 2008; 75 FR 2715, Jan. 15, 2010]
APPENDIX B TO PART 236—RISK comparison. An abbreviated risk assessment

ASSESSMENT CRITERIA must, as a minimum, clearly compute the
MTTHE for all of the hazardous events iden-
The safety-critical performance of each tified for both previous and current condi-
product for which risk assessment is re- tions. The comparison between MTTHE for
quired under this part must be assessed in both conditions is to determine whether the
accordance with the following minimum cri- product implementation meets the safety
teria or other criteria if demonstrated to the criteria as required by subpart H or subpart
Associate Administrator for Safety to be I of this part as applicable.
equally suitable: (d) What major system characteristics must be
(a) How are risk metrics to be expressed? The included when relevant to risk assessment?
risk metric for the proposed product must Each risk calculation must consider the
describe with a high degree of confidence the total signaling and train control system and
accumulated risk of a train control system method of operation, as subjected to a list of
that operates over the designated life-cycle hazards to be mitigated by the signaling and
of the product. Each risk metric for the pro- train control system. The methodology re-
posed product must be expressed with an quirements must include the following major
upper bound, as estimated with a sensitivity characteristics, when they are relevant to
analysis, and the risk value selected must be the product being considered:
demonstrated to have a high degree of con- (1) Track plan infrastructure, switches,
fidence. rail crossings at grade and highway-rail
(b) How does the risk assessment handle inter- grade crossings as applicable;
action risks for interconnected subsystems/com- (2) Train movement density for freight,
ponents? The risk assessment of each safety- work, and passenger trains where applicable
critical system (product) must account not and computed over a time span of not less
only for the risks associated with each sub- than 12 months;
system or component, but also for the risks (3) Train movement operational rules, as
associated with interactions (interfaces) be- enforced by the dispatcher, roadway worker/
tween such subsystems. Employee in Charge, and train crew behav-
(c) What is the main principle in computing iors;
risk for the previous and current conditions? (4) Wayside subsystems and components;
The risk for the previous condition must be (5) Onboard subsystems and components;
computed using the same metrics as for the (6) Consist contents such as hazardous ma-
new system being proposed. A full risk as- terial, oversize loads; and
sessment must consider the entire railroad (7) Operating speeds if the provisions of
environment where the product is being ap- part 236 cite additional requirements for cer-
plied, and show all aspects of the previous tain type of train control systems to be used
condition that are affected by the installa- at such speeds for freight and passenger
tion of the product, considering all faults, trains.
operating errors, exposure scenarios, and (e) What other relevant parameters must be
consequences that are related as described in determined for the subsystems and components?
this part. For the full risk assessment, the In order to derive the frequency of hazardous
total societal cost of the potential numbers events (or MTTHE) applicable for a product,
of accidents assessed for both previous and subsystem or component included in the risk
new system conditions must be computed for assessment, the railroad may use various
767
Pt. 236, App. C 49 CFR Ch. II (10–1–11 Edition)
techniques, such as reliability and avail- (h) What assumptions must be documented for
ability calculations for subsystems and com- risk assessment? (1) The railroad shall docu-
ponents, Fault Tree Analysis (FTA) of the ment any assumptions regarding the deriva-
subsystems, and results of the application of tion of risk metrics used. For example, for
safety design principles as noted in Appendix the full risk assessment, all assumptions
C to this part. The MTTHE is to be derived made about each value of the parameters
for both fail-safe and non-fail-safe sub- used in the calculation of total cost of acci-
systems or components. The lower bounds of dents should be documented. For abbreviated
the MTTF or MTBF determined from the risk assessment, all assumptions made for
system sensitivity analysis, which account MTHHE derivation using existing reliability
for all necessary and well justified assump- and availability data on the current system
tions, may be used to represent the estimate components should be documented. The rail-
of MTTHE for the associated non-fail-safe road shall document these assumptions in
subsystem or component in the risk assess- such a form as to permit later comparisons
ment. with in-service experience.
(f) How are processor-based subsystems/com- (2) The railroad shall document any as-
ponents assessed? (1) An MTTHE value must sumptions regarding human performance.
be calculated for each processor-based sub- The documentation shall be in such a form
system or component, or both, indicating the
as to facilitate later comparisons with in-
safety-critical behavior of the integrated
service experience.
hardware/software subsystem or component,
or both. The human factor impact must be (3) The railroad shall document any as-
included in the assessment, whenever appli- sumptions regarding software defects. These
cable, to provide the integrated MTTHE assumptions shall be in a form that permit
value. The MTTHE calculation must con- the railroad to project the likelihood of de-
sider the rates of failures caused by perma- tecting an in-service software defect. These
nent, transient, and intermittent faults ac- assumptions shall be documented in such a
counting for the fault coverage of the inte- form as to permit later comparisons with in-
grated hardware/software subsystem or com- service experience.
ponent, phased-interval maintenance, and (4) The railroad shall document all of the
restoration of the detected failures. identified safety-critical fault paths to a
(2) Software fault/failure analysis must be mishap as predicted by the safety analysis
based on the assessment of the design and methodology. The documentation shall be in
implementation of all safety-related soft- such a form as to facilitate later compari-
ware including the application code, its oper- sons with in-service faults.
ating/executive program, COTS software, and
[75 FR 2717, Jan. 15, 2010
associated device drivers, as well as histor-
ical performance data, analytical methods
and experimental safety-critical perform- APPENDIX C TO PART 236—SAFETY
ance testing performed on the subsystem or ASSURANCE CRITERIA AND PROCESSES
component. The software assessment process
must demonstrate through repeatable pre- (a) What is the purpose of this appendix?
dictive results that all software defects have This appendix provides safety criteria and
been identified and corrected by process with processes that the designer must use to de-
a high degree of confidence. velop and validate the product that meets
(g) How are non-processor-based subsystems/ safety requirements of this part. FRA uses
components assessed? (1) The safety-critical the criteria and processes set forth in this
behavior of all non-processor-based compo- appendix to evaluate the validity of safety
nents, which are part of a processor-based targets and the results of system safety
system or subsystem, must be quantified analyses provided in the RSPP, PSP, PTCIP,
with an MTTHE metric. The MTTHE assess- PTCDP, and PTCSP documents as appro-
ment methodology must consider failures priate. An analysis performed under this ap-
caused by permanent, transient, and inter- pendix must:
mittent faults, phase-interval maintenance (1) Address each of the safety principles of
and restoration of operation after failures paragraph (b) of this appendix, or explain
and the effect of fault coverage of each non- why they are not relevant, and
processor-based subsystem or component. (2) Employ a validation and verification
(2) MTTHE compliance verification and process pursuant to paragraph (c) of this ap-
validation must be based on the assessment pendix.
of the design for adequacy by a documented (b) What safety principles must be followed
verification and validation process, histor- during product development? The designer
ical performance data, analytical methods shall address each of the following safety
and experimental safety-critical perform- considerations principles when designing and
ance testing performed on the subsystem or demonstrating the safety of products covered
component. The non-processor-based quan- by subpart H or I of this part. In the event
tification compliance must be demonstrated that any of these principles are not followed,
to have a high degree of confidence. the PSP or PTCDP or PTCSP shall state
768
Federal Railroad Administration, DOT Pt. 236, App. C
both the reason(s) for departure and the al- undesirable, then the second failure must be
ternative(s) utilized to mitigate or eliminate detected and the product must achieve a
the hazards associated with the design prin- known safe state that eliminates the possi-
ciple not followed. bility of false activation of any physical ap-
(1) System safety under normal operating con- pliance.
ditions. The system (all its elements includ- (v) Another concern of multiple failures in-
ing hardware and software) must be designed volves common mode failures in which two
to assure safe operation with no hazardous or more subsystems or components intended
events under normal anticipated operating to compensate one another to perform the
conditions with proper inputs and within the same function all fail by the same mode and
expected range of environmental conditions. result in unsafe conditions. This is of par-
All safety-critical functions must be per- ticular concern in instances in which two or
formed properly under these normal condi- more elements (hardware or software, or
tions. The system shall operate safely even both) are used in combination to ensure safe-
in the absence of prescribed operator actions ty. If a common mode failure exists, then
or procedures. The designer must identify any analysis performed under this appendix
and categorize all hazards that may lead to cannot rely on the assumption that failures
unsafe system operation. Hazards cat- are independent. Examples include: The use
egorized as unacceptable, which are deter- of redundancy in which two or more ele-
mined by hazard analysis, must be elimi- ments perform a given function in parallel
nated by design. Best effort shall also be and when one (hardware or software) ele-
made by the designer to eliminate by design ment checks/monitors another element (of
the hazards categorized as undesirable. hardware or software) to help ensure its safe
Those undesirable hazards that cannot be operation. Common mode failure relates to
eliminated should be mitigated to the ac- independence, which must be ensured in
ceptable level as required by this part. these instances. When dealing with the ef-
(2) System safety under failures. fects of hardware failure, the designer shall
(i) It must be shown how the product is de- address the effects of the failure not only on
signed to eliminate or mitigate unsafe sys- other hardware, but also on the execution of
tematic failures—those conditions which can the software, since hardware failures can
be attributed to human error that could greatly affect how the software operates.
occur at various stages throughout product (3) Closed loop principle. System design ad-
development. This includes unsafe errors in hering to the closed loop principle requires
the software due to human error in the soft- that all conditions necessary for the exist-
ware specification, design, or coding phases; ence of any permissive state or action be
human errors that could impact hardware verified to be present before the permissive
design; unsafe conditions that could occur state or action can be initiated. Likewise the
because of an improperly designed human- requisite conditions shall be verified to be
machine interface; installation and mainte- continuously present for the permissive
nance errors; and errors associated with state or action to be maintained. This is in
making modifications. contrast to allowing a permissive state or
(ii) The product must be shown to operate action to be initiated or maintained in the
safely under conditions of random hardware absence of detected failures. In addition,
failures. This includes single hardware fail- closed loop design requires that failure to
ures as well as multiple hardware failures perform a logical operation, or absence of a
that may occur at different times but remain logical input, output or decision shall not
undetected (latent) and react in combination cause an unsafe condition, i.e. system safety
with a subsequent failure at a later time to does not depend upon the occurrence of an
cause an unsafe operating situation. In in- action or logical decision.
stances involving a latent failure, a subse- (4) Safety assurance concepts. The product
quent failure is similar to there being a sin- design must include one or more of the fol-
gle failure. In the event of a transient fail- lowing Safety Assurance Concepts as de-
ure, and if so designed, the system should re- scribed in IEEE–1483 standard to ensure that
start itself if it is safe to do so. Frequency of failures are detected and the product is
attempted restarts must be considered in the placed in a safe state. One or more different
hazard analysis required by § 236.907(a)(8). principles may be applied to each individual
(iii) There shall be no single point failures subsystem or component, depending on the
in the product that can result in hazards cat- safety design objectives of that part of the
egorized as unacceptable or undesirable. Oc- product.
currence of credible single point failures (i) Design diversity and self-checking concept.
that can result in hazards must be detected This concept requires that all critical func-
and the product must achieve a known safe tions be performed in diverse ways, using di-
state that eliminates the possibility of false verse software operations and/or diverse
activation of any physical appliance. hardware channels, and that critical hard-
(iv) If one non-self-revealing failure com- ware be tested with Self-Checking routines.
bined with a second failure can cause a haz- Permissive outputs are allowed only if the
ard that is categorized as unacceptable or results of the diverse operations correspond,
769
Pt. 236, App. C 49 CFR Ch. II (10–1–11 Edition)
and the Self-Checking process reveals no ual unmitigated failures. In the event of crit-
failures in either execution of software or in ical failures, the safety-critical functions
any monitored input or output hardware. If and outputs must default to a known safe
the diverse operations do not agree or if the state.
checking reveals critical failures, safety- (5) Human factor engineering principle. The
critical functions and outputs must default product design must sufficiently incorporate
to a known safe state. human factors engineering that is appro-
(ii) Checked redundancy concept. The priate to the complexity of the product; the
Checked Redundancy concept requires imple- educational, mental, and physical capabili-
mentation of two or more identical, inde- ties of the intended operators and maintain-
pendent hardware units, each executing iden- ers; the degree of required human inter-
tical software and performing identical func- action with the component; and the environ-
tions. A means is to be provided to periodi- ment in which the product will be used.
cally compare vital parameters and results (6) System safety under external influences.
of the independent redundant units, requir- The product must be shown to operate safely
ing agreement of all compared parameters to when subjected to different external influ-
assert or maintain a permissive output. If ences, including:
the units do not agree, safety-critical func- (i) Electrical influences such as power sup-
tions and outputs must default to a known ply anomalies/transients, abnormal/improper
safe state. input conditions (e.g., outside of normal
(iii) N-version programming concept. This range inputs relative to amplitude and fre-
concept requires a processor-based product quency, unusual combinations of inputs) in-
to use at least two software programs per- cluding those related to a human operator,
forming identical functions and executing and others such as electromagnetic inter-
concurrently in a cycle. The software pro-
ference or electrostatic discharges, or both;
grams must be written by independent
(ii) Mechanical influences such as vibra-
teams, using different tools. The multiple
tion and shock; and
independently written software programs
comprise a redundant system, and may be (iii) Climatic conditions such as tempera-
executed either on separate hardware units ture and humidity.
(which may or may not be identical) or with- (7) System safety after modifications. Safety
in one hardware unit. A means is to be pro- must be ensured following modifications to
vided to compare the results and output the hardware or software, or both. All or
states of the multiple redundant software some of the concerns identified in this para-
systems. If the system results do not agree, graph may be applicable depending upon the
then the safety-critical functions and out- nature and extent of the modifications. Such
puts must default to a known safe state. modifications must follow all of the concept,
(iv) Numerical assurance concept. This con- design, implementation and test processes
cept requires that the state of each vital pa- and principles as documented in the PSP for
rameter of the product or system be unique- the original product. Regression testing
ly represented by a large encoded numerical must be comprehensive and documented to
value, such that permissive results are cal- include all scenarios which are affected by
culated by pseudo-randomly combining the the change made, and the operating modes of
representative numerical values of each of the changed product during normal and fail-
the critical constituent parameters of a per- ure state (fallback) operation.
missive decision. Vital algorithms must be (c) What standards are acceptable for
entirely represented by data structures con- Verification and Validation? (1) The standards
taining numerical values with verified char- employed for Verification or Validation, or
acteristics, and no vital decisions are to be both, of products subject to this subpart
made in the executing software, only by the must be sufficient to support achievement of
numerical representations themselves. In the applicable requirements of subpart H and
the event of critical failures, the safety-crit- subpart I of this part.
ical functions and outputs must default to a (2) U.S. Department of Defense Military
known safe state. Standard (MIL–STD) 882C, ‘‘System Safety
(v) Intrinsic fail-safe design concept. Intrinsi- Program Requirements’’ (January 19, 1993),
cally fail-safe hardware circuits or systems is recognized as providing appropriate risk
are those that employ discrete mechanical analysis processes for incorporation into
and/or electrical components. The fail-safe verification and validation standards.
operation for a product or subsystem de- (3) The following standards designed for ap-
signed using this principle concept requires a plication to processor-based signal and train
verification that the effect of every relevant control systems are recognized as acceptable
failure mode of each component, and rel- with respect to applicable elements of safety
evant combinations of component failure analysis required by subpart H and subpart I
modes, be considered, analyzed, and docu- of this part. The latest versions of the stand-
mented. This is typically performed by a ards listed below should be used unless oth-
comprehensive failure modes and effects erwise provided.
analysis (FMEA) which must show no resid- (i) IEEE standards as follows:
770
Federal Railroad Administration, DOT Pt. 236, App. D
(A) IEEE 1483–2000, Standard for the (4) Use of unpublished standards, including
Verification of Vital Functions in Processor- proprietary standards, is authorized to the
Based Systems Used in Rail Transit Control. extent that such standards are shown to
(B) IEEE 1474.2–2003, Standard for user achieve the requirements of this part. How-
interface requirements in communications ever, any such standards shall be available
based train control (CBTC) systems. for inspection and replication by FRA and
(C) IEEE 1474.1–2004, Standard for Commu- for public examination in any public pro-
nications-Based Train Control (CBTC) Per- ceeding before the FRA to which they are
formance and Functional Requirements. relevant.
(ii) CENELEC Standards as follows: (5) The various standards provided in this
(A) EN50129: 2003, Railway Applications:
paragraph are for illustrative purposes only.
Communications, Signaling, and Processing
Copies of these standards can be obtained in
Systems-Safety Related Electronic Systems
accordance with the following:
for Signaling; and
(B) EN50155:2001/A1:2002, Railway Applica- (i) U.S. government standards and tech-
tions: Electronic Equipment Used in Rolling nical publications may be obtained by con-
Stock. tacting the federal National Technical Infor-
(iii) ATCS Specification 200 Communica- mation Service, 5301 Shawnee Rd, Alexan-
tions Systems Architecture. dria, VA 22312.
(iv) ATCS Specification 250 Message For- (ii) U.S. National Standards may be ob-
mats. tained by contacting the American National
(v) AREMA 2009 Communications and Sig- Standards Institute, 25 West 43rd Street, 4
nal Manual of Recommended Practices, Part Floor, New York, NY 10036.
16, Part 17, 21, and 23. (iii) IEC Standards may be obtained by
(vi) Safety of High-Speed Ground Transpor- contacting the International Electro-
tation Systems. Analytical Methodology for technical Commission, 3, rue de Varembé,
Safety Validation of Computer Controlled P.O. Box 131 CH—1211, GENEVA, 20, Switzer-
Subsystems. Volume II: Development of a land.
Safety Validation Methodology. Final Re- (iv) CENLEC Standards may be obtained
port September 1995. Author: Jonathan F. by contacting any of one the national stand-
Luedeke, Battelle. DOT/FRA/ORD–95/10.2. ards bodies that make up the European Com-
(vii) IEC 61508 (International Electro- mittee for Electrotechnical Standardization.
technical Commission), Functional Safety of (v) IEEE standards may be obtained by
Electrical/Electronic/Programmable/Elec- contacting the IEEE Publications Office,
tronic Safety (E/E/P/ES) Related Systems, 10662 Los Vaqueros Circle, P.O. Box 3014, Los
Parts 1–7 as follows: Alamitos, CA 90720–1264.
(A) IEC 61508–1 (1998–12) Part 1: General re-
(vi) AREMA standards may be obtained
quirements and IEC 61508–1 Corr. (1999–05)
from the American Railway Engineering and
Corrigendum 1—Part 1: General Require-
Maintenance-of-Way Association, 10003
ments.
(B) IEC 61508–2 (2000–05) Part 2: Require- Derekwood Lane, Suite 210, Lanham, MD
ments for electrical/electronic/program- 20706.
mable electronic safety-related systems. [75 FR 2718, Jan. 15, 2010]
(C) IEC 61508–3 (1998–12) Part 3: Software re-
quirements and IEC 61508–3 Corr. 1 (1999–04) APPENDIX D TO PART 236—INDEPENDENT
Corrigendum 1—Part 3: Software require-
REVIEW OF VERIFICATION AND VALI-
ments.
(D) IEC 61508–4 (1998–12) Part 4: Definitions DATION
and abbreviations and IEC 61508–4 Corr. 1
(a) This appendix provides minimum re-
(1999–04) Corrigendum 1—Part 4: Definitions
quirements for independent third-party as-
and abbreviations.
sessment of product safety verification and
(E) IEC 61508–5 (1998–12) Part 5: Examples of
validation pursuant to subpart H or subpart
methods for the determination of safety in-
I of this part. The goal of this assessment is
tegrity levels and IEC 61508–5 Corr. 1 (1999–04)
Corrigendum 1—Part 5: Examples of methods to provide an independent evaluation of the
for determination of safety integrity levels. product manufacturer’s utilization of safety
(F) IEC 61508–6 (2000–04) Part 6: Guidelines design practices during the product’s devel-
on the applications of IEC 61508–2 and –3. opment and testing phases, as required by
(G) IEC 61508–7 (2000–03) Part 7: Overview of any mutually agreed upon controlling docu-
techniques and measures. ments and standards and the applicable rail-
(H) IEC 62278: 2002, Railway Applications: road’s:
Specification and Demonstration of Reli- (1) Railroad Safety Program Plan (RSPP)
ability, Availability, Maintainability and and Product Safety Plan (PSP) for processor
Safety (RAMS); based systems developed under subpart H or,
(I) IEC 62279: 2002 Railway Applications: (2) PTC Product Development Plan
Software for Railway Control and Protection (PTCDP) and PTC Safety Plan (PTCSP) for
Systems; PTC systems developed under subpart I.
771
Pt. 236, App. E 49 CFR Ch. II (10–1–11 Edition)
(b) The supplier may request advice and as- (h) The reviewer shall evaluate and com-
sistance of the reviewer concerning the ac- ment on the plan for installation and test
tions identified in paragraphs (c) through (g) procedures of the product for revenue serv-
of this appendix. However, the reviewer shall ice.
not engage in any design efforts associated (i) The reviewer shall prepare a final report
with the product, the products subsystems, of the assessment. The report shall be sub-
or the products components, in order to pre- mitted to the railroad prior to the com-
serve the reviewer’s independence and main- mencement of installation testing and con-
tain the supplier’s proprietary right to the tain at least the following information:
product. (1) Reviewer’s evaluation of the adequacy
(c) The supplier shall provide the reviewer of the PSP in the case of products developed
access to any and all documentation that the under subpart H, or PTCSP for products de-
reviewer requests and attendance at any developed under subpart I of this part, includ-
sign review or walkthrough that the re- ing the supplier’s MTTHE and risk estimates
viewer determines as necessary to complete for the product, and the supplier’s confidence
and accomplish the third party assessment. interval in these estimates;
The reviewer may be accompanied by rep- (2) Product vulnerabilities, potentially
resentatives of FRA as necessary, in FRA’s hazardous failure modes, or potentially haz-
judgment, for FRA to monitor the assess- ardous operating circumstances which the
ment. reviewer felt were not adequately identified,
(d) The reviewer shall evaluate the product tracked, mitigated, and corrected by either
with respect to safety and comment on the the vendor or supplier or the railroad;
adequacy of the processes which the supplier (3) A clear statement of position for all
applies to the design and development of the parties involved for each product vulner-
product. At a minimum, the reviewer shall ability cited by the reviewer;
compare the supplier processes with accept- (4) Identification of any documentation or
able validation and verification methodology information sought by the reviewer that was
and employ any other such tests or compari- denied, incomplete, or inadequate;
sons if they have been agreed to previously (5) A listing of each applicable vendor, sup-
with FRA. Based on these analyses, the re- plier, industry, national, or international
viewer shall identify and document any sig- standard, procedure or process which was not
nificant safety vulnerabilities which are not properly followed;
adequately mitigated by the supplier’s (or (6) Identification of the software
user’s) processes. Finally, the reviewer shall
verification and validation procedures, as
evaluate and document the adequacy of the
well as the hardware verification validation
railroad’s
procedures if deemed appropriate by FRA,
(1) RSPP, the PSP, and any other docu-
for the product’s safety-critical applications,
ments pertinent to a product being developed
and the reviewer’s evaluation of the ade-
under subpart H of this part; or
quacy of these procedures;
(2) PTCDP and PTCSP for systems being
(7) Methods employed by the product man-
developed under subpart I of this part.
(e) The reviewer shall analyze the Hazard ufacturer to develop safety-critical software;
Log and/or any other hazard analysis docu- (8) If deemed applicable by FRA, the meth-
ments for comprehensiveness and compli- ods employed by the product manufacturer
ance with applicable railroad, vendor, sup- to develop safety-critical hardware by gen-
plier, industry, national, and international erally acceptable techniques;
standards. (9) Method by which the supplier or rail-
(f) The reviewer shall analyze all Fault road addresses comprehensiveness of the
Tree Analyses (FTA), Failure Mode and Ef- product design which considers the safety
fects Criticality Analysis (FMECA), and elements listed in paragraph (b) of appendix
other hazard analyses for completeness, cor- C to this part.
rectness, and compliance with applicable [75 FR 2720, Jan. 15, 2010]
railroad, vendor, supplier, industry, national
and international standards. APPENDIX E TO PART 236—HUMAN-
(g) The reviewer shall randomly select var- MACHINE INTERFACE (HMI) DESIGN
ious safety-critical software, and hardware
modules, if directed by FRA, for audit to (a) This appendix provides human factors
verify whether the requirements of the appli- design criteria applicable to both subpart H
cable railroad, vendor, supplier, industry, na- and subpart I of this part. HMI design cri-
tional, and international standards were fol- teria will minimize negative safety effects
lowed. The number of modules audited must by causing designers to consider human fac-
be determined as a representative number tors in the development of HMIs. The prod-
sufficient to provide confidence that all uct design should sufficiently incorporate
unaudited modules were developed in compli- human factors engineering that is appro-
ance with the applicable railroad, vendor, priate to the complexity of the product; the
supplier, industry, national, and inter- gender, educational, mental, and physical
national standards. capabilities of the intended operators and
772
Federal Railroad Administration, DOT Pt. 236, App. E
maintainers; the degree of required human (i) To minimize short-term memory load,
interaction with the component; and the en- the designer shall integrate data or informa-
vironment in which the product will be used. tion from multiple sources into a single for-
(b) As used in this section, ‘‘designer’’ mat or representation (‘‘chunking’’) and de-
means anyone who specifies requirements sign so that three or fewer ‘‘chunks’’ of in-
for—or designs a system or subsystem, or formation need to be remembered at any one
both, for—a product subject to subpart H or time.
subpart I of this part, and ‘‘operator’’ means (ii) To minimize long-term memory load,
any human who is intended to receive infor- the designer shall design to support recogni-
mation from, provide information to, or per- tion memory, design memory aids to mini-
form repairs or maintenance on a safety- mize the amount of information that must
critical product subject to subpart H or I of be recalled from unaided memory when mak-
this part. ing critical decisions, and promote active
(c) Human factors issues the designers processing of the information.
must consider with regard to the general (d) Design systems that anticipate possible
function of a system include: user errors and include capabilities to catch
(1) Reduced situational awareness and over- errors before they propagate through the
reliance. HMI design must give an operator system;
active functions to perform, feedback on the (1) Conduct cognitive task analyses prior
results of the operator’s actions, and infor- to designing the system to better understand
mation on the automatic functions of the the information processing requirements of
system as well as its performance. The oper- operators when making critical decisions;
ator must be ‘‘in-the-loop.’’ Designers must and
consider at a minimum the following meth- (2) Present information that accurately
ods of maintaining an active role for human represents or predicts system states.
operators: (e) When creating displays and controls,
(i) The system must require an operator to the designer must consider user ergonomics
initiate action to operate the train and re- and shall:
quire an operator to remain ‘‘in-the-loop’’ (1) Locate displays as close as possible to
for at least 30 minutes at a time; the controls that affect them;
(ii) The system must provide timely feed- (2) Locate displays and controls based on
back to an operator regarding the system’s an operator’s position;
automated actions, the reasons for such ac- (3) Arrange controls to minimize the need
tions, and the effects of the operator’s man- for the operator to change position;
ual actions on the system; (4) Arrange controls according to their ex-
(iii) The system must warn operators in pected order of use;
advance when it requires an operator to take (5) Group similar controls together;
action; (6) Design for high stimulus-response com-
(iv) HMI design must equalize an opera- patibility (geometric and conceptual);
tor’s workload; and (7) Design safety-critical controls to re-
(v) HMI design must not distract from the quire more than one positive action to acti-
operator’s safety related duties. vate (e.g., auto stick shift requires two
(2) Expectation of predictability and consist- movements to go into reverse);
ency in product behavior and communications. (8) Design controls to allow easy recovery
HMI design must accommodate an operator’s from error; and
expectation of logical and consistent rela- (9) Design display and controls to reflect
tionships between actions and results. Simi- specific gender and physical limitations of
lar objects must behave consistently when the intended operators.
an operator performs the same action upon (f) The designer shall also address informa-
them. tion management. To that end, HMI design
(3) End user limited ability to process informa- shall:
tion. HMI design must therefore minimize an (1) Display information in a manner which
operator’s information processing load. To emphasizes its relative importance;
minimize information processing load, the (2) Comply with the ANSI/HFS 100–1988
designer must: standard;
(i) Present integrated information that di- (3) Utilize a display luminance that has a
rectly supports the variety and types of deci- difference of at least 35cd/m2 between the
sions that an operator makes; foreground and background (the displays
(ii) Provide information in a format or rep- should be capable of a minimum contrast 3:1
resentation that minimizes the time re- with 7:1 preferred, and controls should be
quired to understand and act; and provided to adjust the brightness level and
(iii) Conduct utility tests of decision aids contrast level);
to establish clear benefits such as processing (4) Display only the information necessary
time saved or improved quality of decisions. to the user;
(4) End user limited memory. HMI design (5) Where text is needed, use short, simple
must therefore minimize an operator’s infor- sentences or phrases with wording that an
mation processing load. operator will understand and appropriate to
773
Pt. 236, App. F 49 CFR Ch. II (10–1–11 Edition)
the educational and cognitive capabilities of information concerning personal commu-
the intended operator; nication services (PCS) transmitters oper-
(6) Use complete words where possible; ating under Part 15, Subpart D of the rules.
where abbreviations are necessary, choose a (iii) 47 Code of Federal Regulations Parts 0
commonly accepted abbreviation or con- to 19. The FCC rules and regulations gov-
sistent method and select commonly used erning PCS transmitters may be found in 47
terms and words that the operator will un- CFR, Parts 0 to 19.
derstand; (iv) OET Bulletin 62 (December 1993) Un-
(7) Adopt a consistent format for all dis- derstanding The FCC Regulations for Com-
play screens by placing each design element puters and other Digital Devices. This docu-
in a consistent and specified location; ment has been prepared to provide a basic
(8) Display critical information in the cen- understanding of the FCC regulations for
ter of the operator’s field of view by placing digital (computing) devices, and includes an-
items that need to be found quickly in the swers to some commonly-asked questions.
upper left hand corner and items which are (2) Designers must comply with FCC re-
not time-critical in the lower right hand cor- quirements for Maximum Permissible Expo-
ner of the field of view; sure limits for field strength and power den-
(9) Group items that belong together; sity for the transmitters operating at fre-
(10) Design all visual displays to meet quencies of 300 kHz to 100 GHz and specific
human performance criteria under mono- absorption rate (SAR) limits for devices op-
chrome conditions and add color only if it erating within close proximity to the body.
will help the user in performing a task, and The Commission’s requirements are detailed
use color coding as a redundant coding tech- in parts 1 and 2 of the FCC’s Rules and Regu-
nique; lations (47 CFR 1.1307(b), 1.1310, 2.1091, 2.1093).
(11) Limit the number of colors over a The following documentation is applicable to
group of displays to no more than seven; demonstrating whether proposed or existing
(12) Design warnings to match the level of transmitting facilities, operations or devices
risk or danger with the alerting nature of comply with limits for human exposure to
the signal; and radiofrequency RF fields adopted by the
(13) With respect to information entry, FCC:
avoid full QWERTY keyboards for data (i) OET Bulletin No. 65 (Edition 97–01, Au-
entry. gust 1997), ‘‘Evaluating Compliance With
(g) With respect to problem management, FCC Guidelines For Human Exposure To Ra-
the HMI designer shall ensure that the: diofrequency Electromagnetic Fields’’,
(1) HMI design must enhance an operator’s (ii) OET Bulletin No 65 Supplement A,
situation awareness; (Edition 97–01, August 1997), OET Bulletin No
(2) HMI design must support response se- 65 Supplement B (Edition 97–01, August 1997)
lection and scheduling; and and
(3) HMI design must support contingency (iii) OET Bulletin No 65 Supplement C
planning. (Edition 01–01, June 2001).
(h) Ensure that electronics equipment (3) The bulletin and supplements offer
radio frequency emissions are compliant guidelines and suggestions for evaluating
with appropriate Federal Communications compliance. However, they are not intended
Commission regulations. The FCC rules and to establish mandatory procedures. Other
regulations are codified in Title 47 of the methods and procedures may be acceptable if
Code of Federal Regulations (CFR). based on sound engineering practice.
(1) Electronics equipment must have ap-
propriate FCC Equipment Authorizations. [75 FR 2720, Feb. 15, 2010]
The following documentation is applicable to
obtaining FCC Equipment Authorization: APPENDIX F TO PART 236—MINIMUM RE-
(i) OET Bulletin Number 61 (October, 1992 QUIREMENTS OF FRA DIRECTED
Supersedes May, 1987 issue) FCC Equipment INDEPENDENT THIRD-PARTY ASSESS-
Authorization Program for Radio Frequency MENT OF PTC SYSTEM SAFETY
Devices. This document provides an overview VERIFICATION AND VALIDATION
of the equipment authorization program to
control radio interference from radio trans- (a) This appendix provides minimum re-
mitters and certain other electronic prod- quirements for mandatory independent
ucts and an overview of how to obtain an third-party assessment of PTC system safety
equipment authorization. verification and validation pursuant to sub-
(ii) OET Bulletin 63: (October 1993) Under- part H or I of this part. The goal of this as-
standing The FCC Part 15 Regulations for sessment is to provide an independent eval-
Low Power, Non-Licensed Transmitters. uation of the PTC system manufacturer’s
This document provides a basic under- utilization of safety design practices during
standing of the FCC regulations for low the PTC system’s development and testing
power, unlicensed transmitters, and includes phases, as required by the applicable PSP,
answers to some commonly-asked questions. PTCDP, and PTCSP, the applicable require-
This edition of the bulletin does not contain ments of subpart H or I of this part, and any
774
Federal Railroad Administration, DOT Pt. 237
other previously agreed-upon controlling (i) The reviewer shall prepare a final report
documents or standards. of the assessment. The report shall be sub-
(b) The supplier may request advice and as- mitted to the railroad prior to the com-
sistance of the independent third-party re- mencement of installation testing and con-
viewer concerning the actions identified in tain at least the following information:
paragraphs (c) through (g) of this appendix. (1) Reviewer’s evaluation of the adequacy
However, the reviewer should not engage in of the PSP or PTCSP including the sup-
design efforts in order to preserve the re- plier’s MTTHE and risk estimates for the
viewer’s independence and maintain the sup- PTC system, and the supplier’s confidence
plier’s proprietary right to the PTC system. interval in these estimates;
(c) The supplier shall provide the reviewer (2) PTC system vulnerabilities, potentially
access to any and all documentation that the hazardous failure modes, or potentially haz-
reviewer requests and attendance at any de- ardous operating circumstances which the
sign review or walkthrough that the re- reviewer felt were not adequately identified,
viewer determines as necessary to complete tracked or mitigated;
and accomplish the third party assessment. (3) A clear statement of position for all
The reviewer may be accompanied by rep- parties involved for each PTC system vulner-
resentatives of FRA as necessary, in FRA’s ability cited by the reviewer;
judgment, for FRA to monitor the assess- (4) Identification of any documentation or
ment. information sought by the reviewer that was
(d) The reviewer shall evaluate with re- denied, incomplete, or inadequate;
spect to safety and comment on the ade- (5) A listing of each applicable vendor, sup-
quacy of the processes which the supplier ap-
plier, industry, national or international
plies to the design and development of the
standard, process, or procedure which was
PTC system. At a minimum, the reviewer
not properly followed;
shall evaluate the supplier design and devel-
(6) Identification of the hardware and soft-
opment process regarding the use of an ap-
ware verification and validation procedures
propriate design methodology. The reviewer
for the PTC system’s safety-critical applica-
may use the comparison processes and test
tions, and the reviewer’s evaluation of the
procedures that have been previously agreed
adequacy of these procedures;
to with FRA. Based on these analyses, the
reviewer shall identify and document any (7) Methods employed by PTC system man-
significant safety vulnerabilities which are ufacturer to develop safety-critical software;
not adequately mitigated by the supplier’s and
(or user’s) processes. Finally, the reviewer (8) If directed by FRA, methods employed
shall evaluate the adequacy of the railroad’s by PTC system manufacturer to develop
applicable PSP or PTCSP, and any other safety-critical hardware.
documents pertinent to the PTC system [75 FR 2721, Jan. 15, 2010]
being assessed.
(e) The reviewer shall analyze the Hazard
Log and/or any other hazard analysis docu- PART 237—BRIDGE SAFETY
ments for comprehensiveness and compli- STANDARDS
ance with railroad, vendor, supplier, indus-
try, national, or international standards. Subpart A—General
(f) The reviewer shall analyze all Fault
Tree Analyses (FTA), Failure Mode and Ef- Sec.
fects Criticality Analysis (FMECA), and 237.1 Application.
other hazard analyses for completeness, cor- 237.3 Responsibility for compliance.
rectness, and compliance with railroad, ven- 237.5 Definitions.
dor, supplier, industry, national, or inter- 237.7 Penalties.
national standards. 237.9 Waivers.
(g) The reviewer shall randomly select var-
ious safety-critical software modules, as well Subpart B—Railroad Bridge Safety
as safety-critical hardware components if re- Assurance
quired by FRA for audit to verify whether
the railroad, vendor, supplier, industry, na- 237.31 Adoption of bridge management pro-
tional, or international standards were fol- grams.
lowed. The number of modules audited must 237.33 Content of bridge management pro-
be determined as a representative number grams.
sufficient to provide confidence that all
unaudited modules were developed in compli- Subpart C—Qualifications and
ance with railroad, vendor, supplier, indus- Designations of Responsible Persons
try, national, or international standards
(h) The reviewer shall evaluate and com- 237.51 Railroad bridge engineers.
ment on the plan for installation and test 237.53 Railroad bridge inspectors.
procedures of the PTC system for revenue 237.55 Railroad bridge supervisors.
service. 237.57 Designation of individuals.
775

CFR 2011 Title49 Vol4 Part236

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CFR 2011 Title49 Vol4 Part236

Uploaded by

Copyright:

Available Formats

Federal Railroad Administration, DOT Pt.

PART 236—RULES, STANDARDS, 236.56 Shunting sensitivity.

§ 236.11 Adjustment, repair, or replace- § 236.14 Spring switch signal protec-

§ 236.15 Timetable instructions. railroad commencing operations after

(2) Reflector lenses or buttons or playing a restrictive aspect can be

shunting, except that where such con- § 236.56 Shunting sensitivity.

WIRES AND CABLES tended function. Electronic device,

§ 236.101 Purpose of inspection and § 236.106 Relays.

§ 236.107 Ground tests. § 236.110 Results of tests.

FRA’s Associate Administrator for (a) An arrangement of one or more

In absolute permissive block signaling, Subpart C—Interlocking

§ 236.304 Mechanical locking or same showing by an individual carrier to allow op-

in normal or reverse position, contacts nine-sixteenths inch when in reverse

§ 236.377 Approach locking. valve magnets shall be tested at least

§ 236.378 Time locking. [49 FR 3385, Jan. 26, 1984]

Time locking shall be tested when § 236.385 [Reserved]

track used for switching movements § 236.409 [Reserved]

RULES AND INSTRUCTIONS individual carrier where automatic train

§ 236.505 Proper operative relation be- § 236.510 [Reserved]

§ 236.515 Visibility of cab signals. inductor pole faces at a height above

[49 FR 3386, Jan. 26, 1984]

§ 236.552 Insulation resistance; re- § 236.557 Receiver; location with re-

§ 236.587 Departure test. ified by the carrier, subject to approval

Subpart G—Definitions § 236.709 Block, absolute.

§ 236.725 Circuit, switch shunting. § 236.736 Cut-section.

§ 236.726 Circuit, track. § 236.737 Cut-section, relayed.

§ 236.739 Device, acknowledging. § 236.746 Feature, restoring.

The locking surface of a locking dog, § 236.753 Limits, interlocking.

§ 236.754 Line, open wire. § 236.761 Locking, electric.

§ 236.756 Lock, bolt. § 236.762 Locking, indication.

A mechanical lock so arranged that Electric locking which prevents ma-

track section of the route, the locking § 236.776 Movement, trailing.

§ 236.771 Machine, control. § 236.782 Point, controlled.

which, on being interrupted or deener- § 236.791 Release, value.

§ 236.800 Sheet, locking. means of controlling the signal elec-

§ 236.820 Switch, interlocked. application of the brakes until the

inputs, drive outputs, perform self- on a railroad as described in its PSP.

Risk assessment means the process of dress, at a minimum, the following

cause, any one of which is sufficient, provides a letter of preliminary review

numbers for informational filings and a associated with previously established

§ 236.917 Retention of records. § 236.919 Operations and Maintenance

training program specified in (1) Familiarization with train control

(ii) Provide training, consistent with vision of alternative methods of on-

Tenant railroad means a railroad, § 236.1005 Requirements for Positive

(ii) Overspeed derailments, including (4) Provide an appropriate warning or

(4) A train operated by a Class II or technology that includes all of the

accompanied by a HSR–125 developed (i) Separately file a PTCIP in accord-

(18) A complete description of how tem exists, as a replacement for an ex-

through the computer-aided dis- pendent’’ within the meaning of this

the railroad may be requested to pro- (2) The proposed modifications;

(g) Whenever any investigation of an § 236.1025 [Reserved]

(b) If an REC letter conforms to para- vide cryptographic message integrity

interoperability requirements specified (c) Each contractor providing serv-

(7) Require periodic refresher train- § 236.1047 Training specific to loco-

APPENDIX A TO PART 236—CIVIL PENALTIES 1

Subpart A—Rules and Instructions—All Systems

Subpart B—Automatic Block Signal Systems

236.201 Track circuit control of signals .............................................................................................. 1,000 2,000

236.207 Electric lock on hand-operated switch; control:

Subpart D—Traffic Control Systems Standards

236.501 Forestalling device and speed control .................................................................................. 1,000 2,000

236.577 Test, acknowledgement, and cut-in circuits ......................................................................... 1,000 2,000

236.601 Signals controlled by devices; location ................................................................................ 1,000 2,000

236.905 Railroad Safety Program Plan (RSPP):