The Weekly Reflektion 23/2021

6. June 2021

‘Disasters… happen when the decisions are made by people who cannot remember what happened last time. Daily Telegraph 17^th May 1990’ leader on the Clapham Junction train disaster.

The Clapham Junction Train crash, courtesy of the London Fire Brigade

Do you consider the job finished when the system is back in service and working?

Equipment that has been subjected to degradation sometimes needs to be replaced to maintain its functionality and reliability. The work requires both disconnection of the degraded equipment and installation of the new equipment. The degraded equipment may be left in place and measures should be taken to ensure this does not interfere with the function of the new equipment.

On 12 December 1988, the 07:18 from Basingstoke to London Waterloo was approaching Clapham Junction when the driver saw the signal ahead of him change from green (“proceed”) to red (“danger”). Unable to stop at the signal, he stopped his train at the next signal and then reported to the signal box by telephone. Shortly after 08:10, the 06:30 from Bournemouth, which was following, collided with the Basingstoke train. A third train, carrying no passengers was passing on the adjacent line in the other direction and collided with the wreckage immediately after the initial impact. The signal that should have stopped the 06:30 from Bournemouth, was showing a yellow “proceed with caution” aspect instead of a red “danger” aspect. 35 people died, and 69 were seriously injured in the crash.

Following a series of signal failures, a British Rail report in 1978 concluded that signalling systems in Southern Region required replacement by 1986. The project was late getting underway and British Rail were under pressure to complete. The re-wiring of the signal that failed had been carried out a few weeks earlier. The technician that carried out the work had worked seven days a week for the previous 13 weeks. The technician had completed the work however had not removed one of the redundant wires and this wire was still connected to power. The fault developed the day before the crash when some equipment had been moved and the redundant wire moved and came into contact with the new circuit. The circuit was designed to set the signal to red on loss of current, a typical fail-safe mechanism. The redundant wire was able to feed current into the new circuit when the circuit should have been dead. That current prevented the signal from turning to red.

The technician who had done the work had not cut back, insulated, nor tied back the loose wire and his work had not been supervised. The completed work had not been inspected by an independent person in accordance with British Rail requirements. A wire count that would have identified that a wire had not been removed, was not carried out. There had been inadequate training, assessment, supervision and testing and, with a lack of understanding of the risks of signalling failure.

Following upgrades, repairs and modifications, do you consider the job complete when the system is back in service? Or is it complete when the system is fully tested, back in service and the redundant parts removed or isolated in a proper manner?