Practical Demonstration of a Hybrid Model for Optimising the Reliability, Risk, and Maintenance of Rolling Stock Subsystem

Railway transport system (RTS) failures exert enormous strain on end-users and operators owing to in-service reliability failure. Despite the extensive research on improving the reliability of RTS, such as signalling, tracks, and infrastructure, few attempts have been made to develop an effective optimisation model for improving the reliability, and maintenance of rolling stock subsystems. In this paper, a new hybrid model that integrates reliability, risk, and maintenance techniques is proposed to facilitate engineering failure and asset management decision analysis. The upstream segment of the model consists of risk and reliability techniques for bottom-up and top-down failure analysis using failure mode effects and criticality analysis and fault tree analysis, respectively. The downstream segment consists of a (1) decision-making grid (DMG) for the appropriate allocation of maintenance strategies using a decision map and (2) group decision-making analysis for selecting appropriate improvement options for subsystems allocated to the worst region of the DMG map using the multi-criteria pairwise comparison features of the analytical hierarchy process. The hybrid model was illustrated through a case study for replacing an unreliable pneumatic brake unit (PBU) using operational data from a UK-based train operator where the frequency of failures and delay minutes exceeded the operator’s original target by 300% and 900%, respectively. The results indicate that the novel hybrid model can effectively analyse and identify a new PBU subsystem that meets the operator’s reliability, risk, and maintenance requirements.


Introduction
Typical railway transport systems (RTSs) comprise complex interconnected components that are often expected to operate at significantly high levels of reliability to meet the ever-growing expectations of passengers, operators, and regulators [1][2][3]. However, despite the introduction of generic reliability, availability, maintainability, and safety (RAMS) guidance standards such as EN50126 for enhancing the interoperability, reliability, and safety of railway systems, trains continue to suffer costly delays, cancellations, and technical failures. Although maintenance continues to be the natural remedy for identifying and rectifying such failures, it often exerts a considerable strain on operational budgets [1,2]. For instance, Liden [4] reported that the estimated annual combined RTS maintenance budget of the European Union member countries typically is between 12.8 and 21.3 billion Great British Pound (GBP£) per 300,000 km of rail track. Despite significant progress in incorporating reliability, risk, and maintenance in RTSs, most of these applications are used discretely without the benefits of an integrated approach, where the limitations of one technique are compensated by the strength of another [3,[5][6][7][8][9][10][11][12][13][14][15]. Such individualised reliability, risk and maintenance techniques also contribute to the issues and conflicts in decision-making between RTS designers, operators, and suppliers [1,2]. Thus, ineffective decision-making regarding maintenance improvement has negative consequence on system availability and throughput irrespective of the inherent design reliability characteristics [6,7,14,15].
While these discrete risk-and reliability-centred approaches, including failure mode effects and criticality analysis (FMECA), fault tree analysis (FTA), event tree analysis (ETA), and reliability block diagram (RBD), provide useful theoretical constructs towards the understanding of the causal relationships between failures, they can be unidirectional, as they primarily focus on failure identification and do not directly contribute to identifying appropriate maintenance strategies. The objective of this paper is to introduce a new hybrid model for RTSs that integrates reliability, risk, and maintenance strategy selection and can be adopted by the RTS designers, operators, and suppliers in the three main life cycle phases (design, operation, and maintenance).

Literature Review
Studies conducted by Stephen and Labib [13] on hybrid model for learning from failures and Yunusa-Kaltungo et al. [14] on the investigation of critical failures using combinations of root case analysis techniques emphasise that the isolated application of individual approaches limits the ability to apply the strengths of some tools to compensate for the limitations of others. From a practical standpoint, the application of conventional risk and reliability assessment tools such as FMECA and RBD analysis for optimising RTS operations have been explored by several researchers, including analysis of domino effect in process industry using ETA by Alileche et al. [10], ETA for flood protection by Rosqvist et al. [6] and linking risk analysis to safety management by Trbojevic [7]. A fundamental strength of these tools is their simplicity, userfriendliness, and, most importantly, versatility in terms of applicability to various types of industry. Examples of the discretised application of these tools to RTSs include the development of a systematic approach for assessing hazards and human failures in train control systems by Renjith et al. [16], determination and validation of the barriers to failure prevention in RTSs using FTA, Haddon's ten energy-based injury prevention approaches by Li et al. [17], and risk evaluation of railway rolling stock failures using FMECA technique by Dinmohammadi et al. [3]. Similarly, decision-making grid (DMG) for maintenance selection and strategy allocation has been applied by researchers' in various disciplines, and the accuracy depends on the quality of data utilised for the horizontal boundaries of the decision map [18][19][20]. The Analytical hierarchy process (AHP) has been applied discretely to analyse complex projects and dynamic problems using multicriteria decision analysis [21,22]. The perceived weakness of AHP lies within the consistency of results under different questions, even if the goal or target remains the same as demonstrated by Kamal et al. [23] in their study on the application of AHP in project management. However, several of these shortcomings have been adequately addressed by Saaty [24] where AHP was used to provide a flexible, systematic, and repeatable evaluation process for selecting optimal alternatives amidst multiple criteria.
Nystrom and Soderholm [25] attempted to address these shortfalls by proposing an RTS maintenance decisionmaking framework that uses AHP for prioritising competing maintenance initiatives. Similar integrated approaches using fuzzy FTA analysis with AHP have been proposed to address reliability issues in the railway industry [26,27]. In Huang et al. [26], maximum probabilities of railway system traffic failure were identified using predefined alternative fuzzy sets, while Song et al. [27] identified the maximum probability of railway system traffic failures using predefined alternative fuzzy sets. For addressing maintenance issues, the rolling stock sector is adopting proactive techniques such as reliability-centred maintenance (RCM); however, in most cases such measures are implemented after the design stage, thereby increasing the implementation cost [28]. Following the realisation that some of these tools can extend to approaches beyond failure identification, there has been further exploration towards improving RTS safety and overall performance [28][29][30][31]. The RCM-based studies focussed on the identification and ranking of high-impact failure modes (FMs) associated with RTS components to improve maintenance decision-making. Although these RCM-based studies have improved the ability of railway industry maintenance and operations managers to direct scarce resources to areas in which they might be most needed, holistic asset management frameworks should be capable of modelling the fundamental events that trigger such FMs in addition to the causal relationships between them.
Furthermore, hybrid frameworks proposed by Stephen and Labib [13] and Sargent and Hall [32] in the context of operations engineering can be fundamentally grouped into two classes-hybrid models and hybrid modelling-based on the use of models and output procedures, and their corresponding applications, respectively. The focus of this paper is primarily on hybrid models in which the outputs from one tool/technique systematically form inputs of another. Additionally, studies such as Stephen and Labib [13] on a hybrid model for failure analysis, Labib and Read [33] on learning from failures, and Sargent and Hall [32] regarding the historical view of hybrid simulation and analytic models have attempted to identify the key drivers for the application of hybrid models to industrial research. Based on the premise that the management of industrial failures and selection of cost-effective maintenance strategies together account for a significant proportion of overall downtime [34], our primary objective was to create an approach that simplifies the process of managing these issues by capitalising on the strengths of existing tools to ease their deployment and acceptance by industry. Other attempts aimed at applying hybrid models consisting of two or more techniques include Yunusa-Kaltungo et al. [14] for investigating the critical failures using root cause analysis with FTA and RBD, Zubair et al. [35] on nuclear accident precursors using AHP and Bayesian network models, the proposal of Ishizaka and Labib [36] for a hybrid integrated approach using FTA and AHP to analyse disaster prevention, and the work of Appoh et al. [37] on the hybrid dynamic probability model for complex train failure analysis using Bayesian network and Petri nets. A significant number of existing hybrid models focus primarily on learning from failure and on accident investigation. While such approaches are central to continuous improvement in all fields, including reliability and asset management, the obtained output is generally a set of action plans that do not necessarily iterate the decisionmaking stage of the process. Additionally, such hybrid approaches are often restricted to two or possibly three methods, while our approach involves the seamless application of multiple tools while explaining the usefulness of each.
Our review of the literature on integrated reliability, risk, and maintenance selection techniques revealed a lack of in-depth studies on the interdependency between these strategies at the design phase to ensure the holistic dependability assessment of rolling stock systems. Therefore, our emphasis in this study was not to introduce entirely new tools but instead to propose a novel approach that integrates discrete reliability, risk, and maintenance tools into a single optimised holistic framework. In addition to enabling synergy among individual tools, the proposed integrated framework can potentially help reduce the incidence of diagnosed faults in complex rolling stock systems and improve the decision-making element of maintenance downtime through the conventional serial application of different techniques. Thus, this paper adds two fundamental contributions to the existing research on hybrid models for reliability, risk, and maintenance optimisation for RTS: first, it provides an improved approach for evaluating reliability and risk using FMECA and FTA, and simultaneously assigns maintenance strategies through the use of a decision-making grid (DMG) as part of a single framework for assessing subsystems early in their design phase; second, the model provides an opportunity to identify actions to improve subsystems allocated to important regions of the maintenance decision map via AHP pairwise comparison features that take both competing factors and constraints in the organisation into account.
The remainder of this paper is organised as follows. Section 3 provides a description of the proposed hybrid model demonstrating the integration of its upstream reliability and risk assessment methods with its downstream maintenance decision-making method. In Sect. 4, we present a practical demonstration of the functioning of the model using real-life PBU data provided by a UK train operator. Finally, Sect. 5 provides the conclusion and discusses potential future work.

Proposed RTS Hybrid Model
A flowchart of the proposed framework is shown in Fig. 1. The upstream segment relates to system decomposition, risk, and reliability assessments through FMECA and FTA techniques, while the downstream segment focuses on decision-making using DMG for the initial allocation of maintenance strategies and further analysis using AHP to assign improvement actions to subsystems in the worst region of the decision map. Both upstream and downstream elements could be applied in isolation, depending on the technical requirements of the system under study. In specific cases, when only reliability and risk requirements need to be considered, the upstream element is applied. Where prior allocated asset management strategies for the subsystems are deemed desirable within the first phase of the downstream element (i.e., maintenance allocation), then further analysis to identify improvement actions for the subsystems may not be required. The model can be applied by the RTS vehicle designers, original equipment manufacturers and suppliers, and train operators as a continuous improvement model.

Input Data for the Hybrid Model
Existing RTS subsystems, which require an upgrade or modification, can use historical data from the maintenance management system (MMS) as a foundation for analysis, as shown in Fig. 1. For a new subsystem without MMS data, information obtained from similar existing systems and technical design specifications can serve as the basis for the analysis. FMs and failure rates data obtained from the FMECA analysis will serve as the input data to the FTA. Design information, failure rate, and schematics will Urban Rail Transit (2021) 7(2):139-157 141 Fig. 1 Conceptual flowchart of the proposed RTS hybrid model also provide additional input data for the qualitative and quantitative FTA. The input data for the DMG, such as failure frequency and delay minutes, can be obtained from the existing MMS data. Besides, purchasing information, and repair and planning data can equally serve as the input data to the DMG. For novel subsystems without historical data, data from a similarly configured subsystem and intended mission profile information can form the DMG input data. Finally, the data, project goals, improvement alternatives, and criteria for the AHP will be established by the RTS design project team as part of the brainstorming exercise, elicitation, or facilitation processes. The input data for developing the DMG criteria can come from the MMS data. The improvement options or alternatives can be established by key stakeholders in the RTS project team.

Processing Procedures for the Proposed Hybrid Model
The proposed hybrid modelling process can be categorised into four main steps: Step 1: Subsystem definition and failure modes classification This stage involves establishing component functions, functional failures, and corresponding FMs and their effects on the entire subsystem under study [3] as shown in step 1(a). In this study, the emphasis is on the risk priority number (RPN). The objective of this step is to define and identify all critical FMs based on RPN as part of criticality analysis. Here, we denote a FM k within a subsystem j by FM kj . Each FM kj is assigned an RPN based on estimation of its severity (S kj ), occurrence (O kj ), and detectability (D kj ), as follows: where k represents the first failure mode from k ¼ 1 to last failure mode m and j represents the first subsystem from j ¼ 1 to the last subsystem j ¼ n k : RPN is assigned to each FM identified as part of the FMECA process. For mission-critical systems in which detectability (D kj Þ forms an integral component of severity (S kj ), the RPN kj in Eq. (1) can be rewritten as [38] Thus, O kj of the RPN kj is evaluated by selecting the frequency rating in column 1 using the range of predicted failure rate in column 2, as shown in Table 1. Similarly, the severity level S kj is selected from Table 2 in row 2 based on the consequence of the failure. RPN kj is then estimated using Eq. (2) where D kj is considered as part of S kj for mission-critical systems. The next stage in step 1(b) of Fig. 1 is to determine the overall subsystem risk level based on the overall component failure mode. The overall railway rolling stock subsystem risk level (T kj ) can be obtained by evaluating overall component failure frequency level (F kj ) in the vertical axis on a scale of one (very unlikely) to six (frequent) and overall severity level (H kj ) in the horizontal axis for the subsystem on a scale of one (insignificant) to four (catastrophic), using Eq. (3) and the ranking in Table 3 [39]: where k represents the first overall component's frequency and severity from k ¼ 1 to the last overall component's frequency and severity m, and j represents the number of overall components within the subsystems from the first overall component j ¼ 1 to the last overall component j ¼ n k : Note that the risk matrix may represent different scales for different organisations based on the frequency of asset failures and their severities. The overall component failure rate is assessed based on the individual failure mode failure frequency. Similarly, the overall severity level is assessed on the basis of the combined impact of the individual failure mode severity.
Step 2: Determination of failure causal relationships and overall reliability Step 2 of the hybrid model deals with the estimation of failure rate and reliability. The most critical FM kj are used as inputs to the FTA, which illustrate the logical relationship between the top failure event (overall failure rate) and provides an alternative means of investigating failures [38]. Assuming that all failure events are statistically independent, the probability of the top event (TE) failure in the FTA (i.e., P TE ð Þ) is given by [40][41][42]; In (4) and (5), each basic event from i to n is modelled using OR-gate and AND-gate, respectively. Despite the known versatility of FTA, it is quite common for it to be merged with RBD to produce a simplified graphical representation of a system and directly obtain its success probability [33,41]. For a series configuration with statistical independence of events, where a failure of any component within the subsystem can result in downtime, the output of an OR-gate corresponds to a series system with a series of independent basic event probabilities P i for events i to t. Here, the probability of failure P F can be estimated as The mean failure rate k and repair rate l for a series RTS subsystem in which basic events from i to t, assumed to have statistical independence, can be defined, respectively, as The output event of an OR-gate for a series-connected subsystem can then be estimated as [40] Similarly, the repair rate l and failure rate k of a parallel configuration subsystem can be used to estimate the output event of an AND-gate assuming statistical independence of events: With Eqs. (6)- (13), the overall failure rate and thus reliability of the subsystem can be estimated, as shown in step 2 of Fig. 1. The basic symbols for FTA are shown in Table 4.
Step 3: Maintenance allocation DMG The third stage of the hybrid model involves the selection of appropriate maintenance strategies using the DMG. This process is undertaken considering reliability and risk estimates as well as operational factors, financial information, and train information using data from MMS [step 3(a) Fig. 1)]. This stage involves the application of clustering analysis over a distance interval that allows for equal and robust criteria measurements for the two selected rankings of factors that most impact the RTS subsystem [43]. For maximum X max and minimum values X min , the ranges of the three criteria for the two ranking factors as indicated in step 3(b) are estimated as follows: where High criterion ranges from the small value of where Medium criterion ranges from the small value of where Low criterion ranges from the small value of X min ð Þ to the large value of X max À 2 X max ÀX min The output of the DMG is a tri-quadrant decision map, in which the respective segments represent the defined asset management strategies for the organisation. Each organisation can define unique asset management strategies relevant to the operation of the RTS subsystem. Here, the following strategies were adopted for the decision map; breakdown maintenance (BM), planned preventive maintenance (PPM), condition-based maintenance (CBM), skill level upgrade (SLU), and design out maintenance (DOM), as shown in Fig. 2 [18,44].
This map is usually constructed using a combination of data measured in relation to the key performance drivers relating to the railway operation-in this case, failure frequency and delay minutes originating from MMS. The three criteria will form the tri-quadrant axes for the DMG decision map, as shown in Fig. 2 and as illustrated in the model [step 3(c) Fig. 1]. The boundary measurements for the homogenous criteria drivers are equally partitioned to enable holistic capturing of the extremes in the measurement data, as shown in Eqs. (14)- (16) and indicated in step 3(d) of the proposed model.
Step 4: Maintenance improvement by AHP The fourth and final step in the hybrid model involves the selection of improvement options through multi-criteria decision-making method (MCDM) where improvement options are selected for the worst regions, i.e., subsystems located on the far-right corner of the decision map, such as DOM in Fig. 2. The following steps explain AHP as a method for MCDM [45][46][47]: i. Establish the goal, that is the first layer, for maintenance improvement with the RTS project team and stakeholders as indicated in step 4(a). ii. Define and organise the criteria m as shown in step 4(b) by clustering them under different hierarchy levels using key performance indicators defined by the RTS project team or from the MMS data. iii. Identify the maintenance improvement options or alternatives n. The RTS project team or key stakeholders will score the alternative n against the criteria m. A ratio w i =w j which is the weight of alternative i to j is assigned to criteria m to reflect the relative importance of the decision. Thus, the decision maker, normally the RTS project manager, will create judgement matrix m Â m ð Þ with a dimension of ðn Â nÞ alternative for pairwise comparison a ij which is an approximation of the ratio w i =w j . The value assigned to a ij is typically in the interval ½1=9; 9: The estimated weight vector w is found by solving the following eigenvector problem: where k max is the principal eigenvalue for the pairwise comparison matrix A, . . . C n w n =w 1 w n =w 2 . . . w n =w n for . . .; C n where n ! 2 criteria. iv. Next, the consistency index (CI) is determined by computing A W and approximating the minimum eigenvalue, k max as k max À n ð Þ = n À 1 ð Þ, where n is the matrix size as indicated in step 4(c). The consistency ratio (CR), which is a test for reliability of consistency, for a given reciprocal matrix can be obtained by estimating the ratio of CI to the average random consistency index (RI) as shown in Table 5. The pairwise comparisons in a judgement matrix are considered adequate if the corresponding CR is less than 10% [45][46][47]. It is a feedback to the decision makers to capture logical and reasonable preferences when making judgements. Table 6 illustrates the fundamental scale of relative importance. v. The last step of the AHP process, as shown in step 4(d) of Fig. 1, is to conduct group decision-making to select an alternative option to improve the maintenance of the RTS subsystems. To ensure a coherent approach to decision-making and agreement within the group regarding the decision in the context of AHP, particularly in an RTS organisation that comprises various disciplines and experts, Shannon entropy H (where H can be interpreted as a measure of evenness of priorities among the criteria for individual decision makers) is proposed [49]. Shannon alpha and beta entropies for N criteria and K decision makers represent the mean Shannon entropy of group decision makers [49][50][51]: where p i denotes the calculated priorities for criteria We can estimate the Shannon gamma diversity H c for the group aggregated priorities as follows: Assuming equal weights w 1 ¼ w 2 ¼ w k ¼ 1=K, the effective number of criteria (true gamma diversity of order one) is D c ¼ exp H c . The difference between H c and H a is the beta diversity H b , which is equivalent to the true beta diversity of order one as True beta has a maximum diversity equivalent to N; the minimum is one, which means there is no variation between the decision makers. To measure the consensus indicator for group decision  When a compromise in judgement is needed makers, a new homogeneity index M, which is a reciprocal of D b , is introduced as M ¼ D a =D c . This can be transformed into a relative index of homogeneity to measure the consensus indicator in the range from zero to unity [49][50][51]: If D a min ¼ 1 and D c max ¼ N, Eq. (20) can be transformed as follows: Thus, the relative index of homogeneity S can be considered as a consensus indicator. When the priorities of all the decision makers are completely distinct, it is zero, and it is one (unity) when the priorities of all the participants are identical. In addition, when decision makers give full preference to one criterion, the alpha entropy is minimum.
In that case, the outcome from the pairwise comparisons of N criteria is equivalent to M=ðN þ M À 1Þ for the selected criterion with a remainder of N À 1 ð Þ priorities equal to 1=ðN þ M À 1Þ. Hence, the minimum and maximum alpha entropies for N criteria and K decision makers can be calculated as [49][50][51]: The new AHP consensus indicator for effective group decision-making is estimated by transforming Eqs. (22) and (23) into a form similar to that of Eq. (20) by using D a and D c to keep the indicator in the range from 0 to 1 as follows: The AHP consensus indicator S Ã can be interpreted as shown in Table 7.
Steps i to v are repeated until a requisite improvement alternative is obtained and implemented. In this study, using an online AHP software, three senior management team members from the train operator (senior project manager, procurement manager, operations manager) and three senior management team members from the PBU manufacturer (assurance manager, mechanical design manager, electrical design manager) constituted the group decision makers [52].
In this section, we presented a systematic guide on how to use the proposed hybrid model to assess the overall risk and reliability and allocate appropriate maintenance strategies at different life cycle stages of the rolling stock subsystem. This approach, particularly the downstream segment, is not based on a one-stop principle. Rather, the framework will achieve maximum benefit if it is adopted as a means of producing continuous improvement in which the overall goal is for components to move as close as possible to the low-low region of the decision map. In the next section, we present a case study in which the proposed framework is implemented using real-life RTS data.

Case Study
To demonstrate the applicability and sequence of implementation of the proposed hybrid framework, we consider a case study based on an ongoing project for the design and delivery of new pneumatic brake units (PBUs) to replace the unreliable PBUs in an in-service electrical multiple-unit (EMU) rolling stock (RS) operation for a train operator in the UK. As a measurement of failure rate, the desired operator PBU reliability requirement is 1:607 Â 10 À5 per hour equivalent to one failure in 62,227 h with a maximum allowable overall risk that should be tolerable, thus, as low as reasonably practicable. The current PBU failure rate was estimated as 5:558 Â 10 À5 per hour, indicating that there was a failure every 17,992 h of train operation. The existing PBU reliability led to approximate delay impact minutes and service-affecting failures of 1002 min and 203 failures over 3 years. This was far below the operational requirements of one failure in every 62,227 h (i.e.,1:607 Â 10 À5 perhourÞ of train operation. Delay impact minutes occur when the train fails to recover during the first 3 minutes of technical failure in passenger service, and the associated failure after 3 minutes is referred to as the service-affecting failure. As part of the design process, it is also necessary to establish and allocate all the appropriate maintenance strategies for the PBU components to ensure optimum customer operational requirements that avoid unnecessary train delays due to PBU failures.

Case Study Background
The RS operation employs dual-voltage EMUs that use 25-kV AC overhead and 750-V DC power supplies from the third rail. An analysis of the 3-year historical data obtained from the MMS revealed that the PBUs represent one of the worst-performing subsystems in terms of service reliability and delay minutes, as shown in Fig. 3. During this period, the maintenance and delay impact minute costs to the operator owing to PBU failure were £3,153,689.34 and £1,056,000, respectively, and exceeded the operator's penalty cost budgets by 315% and 956%, respectively. The critical components considered for the PBU module comprises a non-return valve (NRV) assembly, a main air compressor (MAC), a flexible delivery hose (FDH), a brake control unit (BCU), and an air filter (AF). The BCU is further divided into a relay valve (RV), check valve (CV), magnet valve (MV), and pressure governor (PG). The PBU stores compressed air in a dedicated reservoir that is protected from the main air reservoir pipe (MRP) pressure losses by a non-return valve (NRV). Fig. 4 shows a highlevel schematic of a PBU and its associated components (note not all components are shown). The total annual distance of 150,000 km at an average speed of 24.5 km/h (with a top speed of 60 km/h) for the train is considered.

Analysis, Discussion, and Implementation
The process commenced with the collection of historical and operational data from the train operator's railway rolling stock MMS database as depicted in Fig. 1. The FMECA for a subsystem was first conducted to identify the PBU subsystem FMs along with their corresponding RPNs, failure rates, and their effects on the subsystem as shown in step 1(a) of the model depicted in Fig. 1. The failure rate for each FM was estimated as per Table 8, which was then used to extrapolate the frequency of occurrence ðO kj Þ for each FM using Table 1. Appendix A sets out the basis for the quantitative FM and the overall failure rate estimations. Furthermore, severity rating, S kj ; for each FM was extrapolated from Table 2. The RPN kj was estimated for each component of the PBU using Eq. (2) based on the established severity and frequency rating values as per Table 8. MAC FMs (overheat compressor and filter passing contaminated air) including FDH (minor atmospheric leakage) and BCU magnetic valve error (no opening) failure modes were noted to have significantly elevated RPNs of eight as depicted in Table 8. Although MAC and FDH FMs have the same RPN, the overall risk and consequence of each component failure is not the same. Next, the overall PBU risk (T kj ) was estimated using the railway risk matrix as per Table 3, following Eq. (3) and by extrapolating the component levels for F kj and H kj . As shown in Table 9, the overall component failure frequency level F kj (estimated based on the overall failure rates described in Appendix B) for the MAC and FDH were evaluated as level 3 (remote), followed by AF with level 2 (improbable), and NRV and BCU with level 1 (very unlikely). Similarly, the overall component severity levels H kj for subsystems MAC, NRV, FDH, and AF were all  design has a tolerable risk level that meets the operator's requirements. The summary of RPN, failure rates, and risk results, as illustrated in steps 1(a) and 1(b) (Fig. 1), are shown in Tables 8 and 9. Next, the logical relationship between the top and basic events including the prediction of overall failure rate and reliability by FTA was conducted as per step 2 of Fig. 1. As shown in Fig. 5, the TE, Full-service braking error of the train, can occur whenever any of the five subsystems fail. The FTA was constructed based on the FMECA information from Table 8. The failure rates (for each failure mode) shown in Table 8 were estimated using historical data from the MMS as part of the analysis in step 1 (Appendix B). Thus, the TE is connected by OR-gates to the lower failure events ðM 1 ; M 2 ; M 3 ; M 4 , and M 5 Þ: The MAC function loss M 1 has two failure causes ðF 1 ; F 2 Þ and cannot operate if either of the basic events ðF 1 orF 2 Þ occurs; therefore, it is also connected to these events via an OR-gate. Similarly, the NRV, FDH, and AF function losses M 2 , M 3 , and M 4 , respectively, are connected to their respective failure causes by OR-gates. The BCU function loss M 5 has four intermediate events ðM 6 ; M 7 ; M 8 ; M 9 Þ and fails to function only if all four intermediate events fail simultaneously; therefore, it is connected to these events through an ANDgate. The RV error M 6 occurs if any of its failure causes ðF 9 orF 10 Þ occur and, therefore, has an OR-gate connection, as do the CV, MV, and PG errors, M 7 , M 8 ; and M 9 ; respectively. From Eqs. (4)-(13) and the rules of Boolean algebra [36,37], a total of 24 minimal cut sets (MCSs) were identified (including eight single-point and 16 quadruple-point failures), and an overall failure rate estimate of 1:385 Â 10 À5 perhour (which adequately exceeds the initially prescribed operator requirement of 1:607 Â 10 À5 perhour) was derived as indicated in step 2 of Fig. 1. The overall FTA diagram is shown in Fig. 5. With the expected reliability of one failure in every 72,202 hours of operation compared to the customer's original requirement of one every 62,227 h (1:607 Â 10 À5 perhour), a further 16.03% increase in reliability was demonstrated. Moreover, the current failure rate of 5:558 Â 10 À5 per hour indicates a significant reliability increase of 301%. The increase in reliability can be demonstrated as an equivalent improvement in the delay minutes (from 1003 to 101 min) and a reduction in service-affecting failures (from 203 to 51 failures). Assuming that labour, spare parts, and logistic delay costs remain relatively constant, the forecasted failure rate indicates cost savings of approximately 16.03% over the desired customer reliability target and 301% over the existing unreliable PBU. Even under worst-case economic scenarios whereby high inflation rates are applied to labour, spare parts, and logistic delay costs, the new and enhanced reliability will still yield optimum cost savings over the existing PBU.
Using Eqs. (14)- (16), the intervals for both criteria (failure frequency and delay impact minutes from the MMS data) were determined as shown in step 3(a) of Fig. 1. For the failure frequency criterion, estimated high, medium, and low intervals of {30, 44}, {16, 30}, and {3, 16}, respectively, were obtained; for delay minutes, the corresponding estimated intervals were {64, 79}, {49, 64}, and {5, 49}, respectively. Thus, the frequency criterion range was estimated to be between 3 and 44, while the delay minute range was determined to be between 5 and 49. Figure 6 shows an extract of the decision map for selected components as illustrated in steps 3(b) and 3(c) of Fig. 1. It is seen that AF, NRV, PG, and CV are located within the BM quadrant owing to their low-low combinations; MV and RV fall within the PPM region owing to their medium-low combinations, while BCU has a high-high combination, indicating that the DOM strategy is most appropriate following step 3(d) (Fig. 1) of the proposed model. Considering the criticality of this asset to the client, and the fact that the BCU lies in the DOM region, a further proposal to redesign and improve maintenance routines of the BCU by the RTS project management team using the prescribed AHP decision-making approach for comparison was considered.
For the final step considering the BCU maintenance improvement as shown in step 4 of Fig. 1, the first three hierarchies were identified: BCU maintenance improvement (goal) as shown in step 4(a) of Fig. 1; availability and cost as criteria from the project team (level two); software upgrade (SU), reduced maintenance periodicity (RMP), and additional brake redundancy (level three) as shown in step 4(b) of Fig. 1. The data for the AHP were obtained through a rigorous group decision process where aggregated weights for  (Table 11). However, further breakdown of the criteria weight aggregation from Appendix B (Tables 12 and 13) shows that all the decision makers regarded availability as the most dominant criteria, except the procurement manager who prioritised cost (66.7%) instead of availability (33.3%). Similarly, the pairwise comparison was conducted for the improvement alternatives using the priority list in Table 6 against the two consolidated criteria as shown in step 4(c) of Fig. 1. The overall result indicated that the SU was the best choice among the decision makers for the BCU maintenance improvement with an overall consolidated global priority of 47.3% compared to ABR with 39.8% and the least viable RMP with 12.7% with CR less than 10% and very high group consensus at 91.4%, as shown in Appendix B (Table 14) using Table 7 as shown in step 4(d) of Fig. 1 (Fig. 7).
The results indicate the proposed hybrid model can identify RTS subsystem overall risk level, reliability aspects, and further BCU improvements that boosted the respective asset maintenance strategies toward the desirable low-low region of the decision map. As noted above, the AHP results revealed that SU was the most favoured option and therefore is currently being implemented by the organisation across a fleet of trains. Upon completion of the modification and improvement needed to move the BCU to the desired region of the decision map, maintenance plans and asset strategies can then be stored in the MMS database for access and implementation by engineers and technicians. When new or significant historical data or changes in the use and operation of the train are made available, the model can then be iterated again to improve the reliability, risk, and maintenance of the subsystem as part of the continuous improvement process illustrated in steps 1-4 of Fig. 1. This hybrid approach is not an end in itself; optimal benefits can only be achieved by instituting it as a means of continuous improvement. Furthermore, the overall goal should be constant migration to and retention of all components within or as close as possible to the low-low region of the decision map. Thus, it can be constituted as a model capable of operating across the three main life cycles of RTS.

Concluding Remarks
This paper introduced a new hybrid model that considers the upstream elements of reliability and risk assessment as well as the downstream element of maintenance decisionmaking techniques to improve the performance and maintenance strategy of an RTS PBU subsystem. Unlike previous maintenance improvement strategies that were purely theoretical and therefore subject to bias, in this study, each of the identified improvement actions (i.e., SU, ABR, and RMP) were presented to a team of project stakeholders that represented both the client and supplier to enable effective group decision-making using AHP mathematical techniques by the six senior management team members. The proposed hybrid model offers the following significant advantages relative to previous hybrid models: • The model is practical in that it provides optimal cost savings while ensuring RTS reliability and enables risk analysis with respect to the simultaneous allocation of appropriate asset management strategies for systems  • The model offers considerable benefits in terms of enforcing alignment among different project teams in coordinating their efforts at the early stages of product development. This helps to balance the competing factors of asset performance and risk and maintenance requirements within a single framework, especially in an RTS organisation. • More importantly, the model allows for further improvement of subsystems (such as DOM) allocated to the high-high region of the decision map by using the features of multi-criteria decision-making of AHP to select alternatives improvement against criteria to enable the identification of the best enhancement strategy at an optimal cost. • Finally, the new hybrid model provides robustness, versatility, and compelling synthesis of practical engineering approaches and academic rigour in evaluating risk, reliability, and maintenance requirements as a single entity at an opportune phase (design) including other life cycle phases for an RTS asset. In this manner, the proposed method provides a robust alternative to RCM and other hybrid reliability and maintenance models.
Although the model provides several advantages, the availability of reliable and quality data, especially for novel systems, and the effects of dynamic interaction between subsystems of a complex system may serve as a limitation for the holistic application of the proposed model. Therefore, further study is recommended for a dynamic hybrid model that considers additional factors such as multiple failures with changing operational conditions for applications in complex systems such as RTS.

Compliance with ethical standards
Conflict of interest The authors declare that they have no conflict of interest.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons. org/licenses/by/4.0/.

Appendix A
This section describes the basis for estimating the individual FMs and overall component failure rates. The example described below represents the MAC function loss (compressor overheat failure mode) and overall MAC failure rate (M1) estimation (Table 8). Given the recorded time-to-fail (TTF) data obtained from the MMS for the compressor overheat component FM, as shown in Table 10, the estimated failure data was determined using the Weibull distribution [53] where n i ; . . .; n N represent the frequency of failures in this case TTF, b is the shape parameter, and g is the  Table 10 and Eq. (25), the compressor overheat FM mean time to failure (MTTF) was estimated as 330,058.708 h, equivalent to a failure rate of k ¼ 3:033 Â 10 À6 per hour as indicated in Table 8. Similarly, the filter passing contaminated air FM failure rate was estimated as 1:517 Â 10 À6 per hour using historical data from the MMS. Owing to the series connection between the MAC's (M1) compressor overheat and filter passing contaminated as shown in Fig. 5, the overall failure rate of the MAC can be estimated using Eq. (7) as 4:42 Â 10 À6 per hour (Table 8). In this study, the Isograph software was used to evaluate the failure rates [54]. The same approach was used to assess the component FMs and overall failure rates for the other PBU components [NRV, FDH, AF and BCU, (Table 8)]. It should be however noted that the BCU components are connected in parallel, and therefore, the AND-gate approach is considered for the overall failure rate assessment. 8).