49 CFR § 229.309 - Safety-critical changes and failures.

§ 229.309 Safety-critical changes and failures.

(a) Whenever a planned safety-critical design change is made to a product that is in use by a railroad and subject to this subpart, the railroad shall:

(1) Notify FRA's Associate Administrator for Safety of the design changes made by the product supplier;

(2) Ensure that the SA is updated as required;

(3) Conduct all safety-critical changes in a manner that allows the change to be audited;

(4) Specify all contractual arrangements with suppliers and private equipment owners for notification of any and all electronic safety-critical changes as well as safety-critical failures in the suppliers and private equipment owners' system, subsystem, or components, and the reasons for that change or failure from the suppliers or equipment owners, whether or not the railroad has experienced a failure of that safety critical system, sub-system, or component;

(5) Specify the railroad's procedures for action upon receipt of notification of a safety-critical change or failure of an electronic system, sub-system, or component, and until the upgrade or revision has been installed; and

(6) Identify all configuration/revision control measures designed to ensure that safety-functional requirements and safety-critical hazard mitigation processes are not compromised as a result of any such change, and that any such change can be audited.

(b) Product suppliers and private equipment owners shall report any safety-critical changes and previously unidentified hazards to each railroad using the product or equipment.

(c) Private equipment owners shall establish configuration/revision control measures for control of safety-critical changes and identification of previously unidentified hazards.