I suppose the day's of 'dropping the buck-eye' and attaching an emergency coupling have gone.
The
IEP▸ requirement goes on at some length about operating modes, which are:
- Standard Mode
- Locomotive Hauled Mode
- Multiple Hauled Mode
- Train Unable to Proceed Under Main Power Source Mode
- Train Requires Assistance from Another Train Mode
- Real Emergency Mode
Of course the concept of the "operational mode" is essentially a software designer's one - hence the absence of the one that presumably applies in this case: "Software Having a Tantrum Mode".
Loss of the main power source means either
OLE▸ with no juice or most on-board generators u/s. For a bimode running under OLE I guess both could be the main power source, and this train couldn't use either, not even the limited motion expected of the 801s as "electric" units. In that sense we must be in between Train Requires Assistance from Another Train Mode (Rescue) and Real Emergency Mode.
Now Real Emergency Mode does have requirements for
PA▸ , comms, and lighting, but no further hotel services. Oddly, the introduction for this refers to derailment as the typical case! For physically coupling a rescue engine/train, including brakes, the case is the same as Locomotive Hauled Mode and Train Unable to Proceed Under Main Power Source Mode. But these do assume the controllers on board are at least trying to help.
Coupling to a loco relies on an adaptor:
It is permissible for the Locomotive to be prepared for use with an IEP Train in Locomotive Hauled Mode prior to coupling to the IEP Train. If the Locomotive is to be prepared in advance of being coupled to the relevant IEP Train, the design of the adaptor coupler to be used for this purpose must allow any Locomotive that is prepared in advance for Locomotive Hauled Mode to remain able to operate on the railway.
When being rescued, the minimum performance requirement is one of the few places that recognises controller failure is possible:
N021 Where an IEP Train requires assistance from another train and assistance is provided by another IEP Train then the acceleration and maximum speed of the resulting IEP Train must not be limited by any restrictions other than those limits identified in TS261 and the available traction capability of the assisting IEP Train, subject to there being no system failure on the IEP Train requiring assistance which prevents this. This shall be possible irrespective of whether power is available to the control systems on the IEP Train requiring assistance.
N022 Where an IEP Train requires assistance from another train and power is available to its control systems it must be possible for a Locomotive to assist the IEP Train at a speed commensurate with the strength of any coupler adapter provided, and in any event no less than 30mph, subject to the capability of the assisting Locomotive and there being no system failure on the train requiring assistance which prevents this.
N023 In the event that a system failure occurs such that an IEP Train that requires assistance cannot be hauled by another IEP Train or Locomotive from hauling it as specified in N021 and N022 then the IEP Train must be designed so as to allow safe haulage at a lower speed. Such a failure must not occur more than once in every 100 rescues.
Note that N023 isn't in English, so it isn't clear just what it applies to. Would the controller really be needed for the train brakes to work? I can't see anything else about brakes not working once a train is stationary - I assume they follow standard railway practice. The section on brakes reads (in its entirety):
4.4 Brakes
TS314 In addition to complying with the requirements set out in the TSI that relate to emergency braking, an IEP Train’s service brake must also comply with the requirements of Figure 3, Curve A3 in Railway Group Standard GM/RT2044, Issue 4, June 2001, ‘Braking System Requirements and Performance for Multiple Units’.
TS1849 The IEP brake system on the IEP Trains must not allow undetected single point failures or likely combinations of failures that could lead to an unsafe event. As a minimum the events to be considered as unsafe shall include the following;
• significant loss of braking capability; and
• dragging brakes on all axles of one or more IEP Vehicles simultaneously.
I never got involved with complex system design for real (whether labelled "System Architect" or not). However, I see quite a bit of it about ten years ago, and I reckoned that software design ideas had been adopted in the design of whole systems, even ones with lots of solid bits, in a way that wasn't helping to get them right first time. So I wonder ...
Click on the map to explore geographics
