3.4 DP-control system
Clasification Society 2024 - Version 9.40
Statutory Documents - IMO Publications and Documents - Circulars - Maritime Safety Committee - MSC/Circular.645 – Guidelines for Vessels with Dynamic Positioning Systems – (Adopted on 6 June 1994) - Annex - Guidelines for Vessels with Dynamic Positioning Systems - 3 Functional Requirements - 3.4 DP-control system

3.4 DP-control system

Parent topic: 3 Functional Requirements

3.4.1 General

  .1 In general the DP-control system should be arranged in a DP-control station where the operator has a good view of the vessel's exterior limits and the surrounding area.

  .2 The DP-control station should display information from the power system, thruster system, and DP-control system to ensure that these systems are functioning correctly. Information necessary to operate the DP-system safely should be visible at all times. Other information should be available upon operator request.

  .3 Display systems and the DP-control station in particular, should be based on sound ergonometric principles. The DP-control system should provide for easy selection of control mode, i.e. manual, joystick, or computer control of thrusters, and the active mode should be clearly displayed.

  .4 For equipment classes 2 and 3, operator controls should be designed so that no single inadvertent act on the operators panel can lead to a critical condition.

  .5 Alarms and warnings for failures in systems interfaced to and/or controlled by the DP-control system are to be audible and visual. A permanent record of their occurrence and of status changes should be provided together with any necessary explanations.

  .6 The DP-control system should prevent failures being transferred from one system to another. The redundant components should be so arranged that a failure of one component should be isolated, and the other component activated.

  .7 It should be possible control the thrusters manually, by individual joysticks and by a common joystick, in the event of failure of the DP-control system.

  .8 The software should be produced in accordance with an appropriate international quality standard recognized by the Administration.

3.4.2 Computers

  .1 For equipment class 1, the DP-control system need not be redundant.

  .2 For equipment class 2, the DP-control system should consist of at least two independent computer systems. Common facilities such as self-checking routines, data transfer arrangements, and plant interfaces should not be capable of causing the failure of both/all systems.

  .3 For equipment class 3, the DP-control system should consist of at least two independent computer systems with self-checking and alignment facilities. Common facilities such as self checking routines, data transfer arrangements and plant interfaces should not be capable of causing failure at both/all systems. In addition, one back-up DP-control system should be arranged, see 3.4.2.6. An alarm should be initiated if any computer fails or is not ready to take control.

  .4 For equipment classes 2 and 3, the DP-control system should include a software function, normally know as `consequence analysis', which continuously verifies that the vessel will remain in position even if the worst case failure occurs. This analysis should verify that the thrusters remaining in operation after the worst case failure can generate the same resultant thruster force and moment as required before the failure. The consequence analysis should provide an alarm if the occurrence of worst case failure would lead to a loss of position due to insufficient thrust for the prevailing environmental conditions. For operations which will take a long time to safely terminate, the consequence analysis should include a function which simulates the thrust and power remaining after the worse case failure, based on manual input of weather trend.

  .5 Redundant computer systems should be arranged with automatic transfer of control after a detected failure in one of the computer systems. The automatic transfer of control from one computer system to another should be smooth, and within the acceptable limitations of the operation.

  .6 For equipment class 3, the back-up DP-control system should be in a room separated by A.60 class division from the main DP-control station. During DP-operation this back-up control system should be continuously updated by input from the sensors, position reference system, thruster feedback, etc., and be ready to take over control. The switch-over of control to the back-up system should be manual, situated on the back-up computer and should not be affected by failure of the main DP-control system.

  .7 An uninterruptable power supply (UPS) should be provided for each DP-computer system to ensure that any power failure will not affect more than one computer. UPS battery capacity should provide a minimum of 30 minutes operation following a mains supply failure.

3.4.3 Position reference systems

  .1 Position reference systems should be selected with due consideration to operational requirements, both with regard to restrictions caused by the manner of deployment and expected performance in working situation.

  .2 For equipment classes 2 and 3, at least three position reference systems should be installed and simultaneously available to the DP-control system during operation.

  .3 When two or more position reference systems are required, they should not all be of the same type, but based on different principles and suitable for the operating conditions.

  .4 The position reference systems should produce data with adequate accuracy for the intended DP-operation.

  .5 The performance of position reference systems should be monitored and warnings provided when the signals from the position reference systems are either incorrect or substantially degraded.

  .6 For equipment class 3, at least one of the position reference systems should be connected directly to the back-up control system and separated by A.60 class division from the other position reference systems.

3.4.4 Vessel sensors

  .1 Vessel sensors should at least measure vessel heading, vessel motions, and wind speed and directions.

  .2 When an equipment class 2 or 3 DP-control system is fully dependent on correct signals from vessel sensors, then these signals should be based on three systems serving the same purpose (i.e. this will result in at least three gyro compasses being installed).

  .3 Sensors for the same purpose, connected to redundant systems should be arranged independently so that failure of one will not affect the others.

  .4 For equipment class 3, one of each type of sensors should be connected directly to the back-up control system and separated by A.60 class division from the other sensors.

Copyright 2022 Clasifications Register Group Limited, International Maritime Organization, International Labour Organization or Maritime and Coastguard Agency. All rights reserved. Clasifications Register Group Limited, its affiliates and subsidiaries and their respective officers, employees or agents are, individually and collectively, referred to in this clause as 'Clasifications Register'. Clasifications Register assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Clasifications Register entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.