Section 2 Essential Features for Control, Alarm and Safety Systems
Clasification Society 2024 - Version 9.40
Clasifications Register Rules and Regulations - Rules and Regulations for the Construction & Classification of Submersibles & Diving Systems, July 2022 - Part 6 Electrical Installations and Control Engineering Systems - Chapter 2 Control Engineering Systems - Section 2 Essential Features for Control, Alarm and Safety Systems

Section 2 Essential Features for Control, Alarm and Safety Systems

Parent topic: Chapter 2 Control Engineering Systems

2.1 General

2.1.1 Where it is proposed to install control, alarm and safety systems to the equipment defined in Pt 6, Ch 2, 1.2 Plans 1.2.3 the applicable features contained in Pt 6, Ch 2, 2.2 Control stations to Pt 6, Ch 2, 2.8 Fire detection systems 2.8.8 are to be incorporated in the system design.

2.2 Control stations

2.2.1 A system of alarm and warning displays and controls is to be provided which readily ensures identification of faults in the machinery and satisfactory supervision of related equipment by duty personnel. This may be provided at a main control station or, alternatively at subsidiary control stations. In the latter case, a master alarm display is to be provided at the main control station showing which of the subsidiary control stations is indicating a fault condition.

2.2.2 Control of machinery, equipment and life-support systems is to be possible only from one station at a time.

2.2.3 Changeover between control stations is to be arranged so that it may only be affected with the acceptance of the station taking control. The system is to be provided with interlocks or other suitable means to ensure effective transfer of control.

2.2.4 Ergonomics: Control station ergonomics to comply with all applicable rules listed in LR Rules and Regulations for the Classification of Ships, July 2022 Pt 6, Ch 1, 3 Ergonomics of control stations

2.3 Communications

2.3.1 A means of communication is to be provided between all control stations, the divers in each chamber compartment, the bell launch and recovery system operator, the administrative office for diving operations, the diving supervisor’s accommodation and also to the bridge and OlM’s office where applicable.

2.3.2 Provision is to be made at all control stations for the operation of a diving emergency alarm which is to be clearly audible in the diving operation control station, the accommodation, the diving administrative office, the bridge and OIM’s office as applicable.

2.3.3 In order to co-ordinate all conversations within a submersible or chamber with more than one habitable compartment a common link with ‘talk back’ facility is to be provided. Where divers are working externally from, but in association with, a submersible, means are to be provided for them to be linked into the internal communications system. Helium voice unscramblers are to be incorporated, where necessary.

2.3.4 An emergency locating device, in accordance with IMO Resolution A 583 (14), is to be provided to assist personnel on the surface in establishing and maintaining contact with the diving bell or submersible while submerged.

2.3.5 A battery operated strobe light is to be fitted exterior to the hull, the battery life being not less than that of the life-support system.

2.3.6 Where the hazard analysis required by Pt 1, Ch 2, 3.2 New Construction Surveys 3.2.2 demonstrates that there could be a requirement to locate submersibles on the surface in an emergency situation, submersibles with a low radar signature are to be provided with a radar reflector and/or transponder for use on the surface.

2.3.7 A notice is to be provided within diving bells and submersibles clearly indicating the lMO emergency tapping code.

2.4 Alarm system

2.4.1 An alarm system which will provide warning of faults in machinery, equipment and life support systems essential for the safety of diving operations and the submersible is to be installed.

2.4.2 The alarm system is to be arranged with automatic changeover to a standby power supply in the event of failure of the normal power supply.

2.4.3 Failure of the normal power supply to the alarm system is to be indicated both audibly and visually as a separate fault alarm.

2.4.4 The alarm system is to be capable of being tested during normal operations.

2.4.5 Disconnection or manual overriding of any part of the alarm system should be clearly indicated.

2.4.6 Any inadmissible variations in the operating parameters must actuate an automatic (visual and audible) alarm at the Central Control Position. The same shall also occur in the event of automatic switching operations in the gas and power supply systems or faults in the control and surveillance system.

2.4.7 Where the facility to provide messages in association with alarms and warnings exists, messages accompanying alarms and warnings are to describe the condition and indicate the intended response required by the crew.

2.4.8 Where the facility to provide messages in association with alarms and warnings exists, messages of different categories are to be clearly distinguishable from each other. Alarms associated with machinery, safety and control system faults are to be clearly distinguishable from other alarms (e.g., fire, general alarm).

2.4.9 If an alarm has been acknowledged and a second fault occurs prior to the first being rectified, audible signals and visual indications are again to operate.

2.4.10 For the detection of transient faults which are subsequently self-correcting, alarms are required to lock in until accepted.

2.4.11 The alarm system is to be designed as far as practicable to function independently of control and safety systems such that a failure or malfunction in these systems will not prevent the alarm system from operating.

2.4.12 When alarm systems are provided with means to adjust their set point, the arrangements are to be such that the final settings can be readily identified.

2.5 Safety systems

2.5.1 Safety related processes shall be in accordance with the requirements of IEC 61508 ‘Functional safety of electrical/electronic/programmable electronic systems’ or shall be realised via robust mechanical/pneumatic-logic/hydrauliclogic based protective systems.

2.5.2 Safety systems essential for the protection of diving operations, the submersible and human life are to be installed.

2.5.3 Where an external source of power is provided for its operation, the safety system is to be arranged with automatic changeover to a standby power supply in the event of a failure of the normal power supply.

2.5.4 In addition to electronic control and surveillance equipment, independent safety devices must be fitted which prevent a fault in one system from provoking an improper response in another system.

2.5.5 The safety system required by is to be designed as far as practicable to operate independently of the control and alarm systems, such that a failure or malfunction in the control and alarm systems will not prevent the safety system from operating.

2.5.6 The safety system is to be designed to ‘fail-safe’. The characteristics of the ‘fail-safe’ operation are to be evaluated on the basis not only of the safety system and its associated machinery, but also the complete installation. Failure of a safety system is to initiate an audible and visual alarm.

2.5.7 The safety system is to be manually reset before the relevant machinery can be restarted.

2.5.8 Where arrangements are provided for overriding a safety system, they are to be such that inadvertent operation is prevented. Visual indication is to be given at the relevant control station(s) when a safety override is operated. The consequences of overriding a safety system are to be established and documented.

2.5.9 When safety systems are provided with means to adjust their set point, the arrangements are to be such that the final settings can be readily identified.

2.5.10 The safety functions of the Hyberbaric Control System are designed to ensure as a minimum, the following parameters are controlled and monitored to protect the chamber occupants:
  • Monitor chamber pressure rate of change and initiate alarm, and if required take an executive action to automatically secure chamber shutoff valves.
  • Monitor O2 levels and initiate alarm and if required take an executive action to secure O2 injection to the chamber.
  • Monitor CO2 levels and initiate alarm.
  • Internal atmospheric temperature.

2.6 Control systems

2.6.1 Control systems are to be stable throughout their operating range.

2.6.2 All equipment for the automatic surveillance and control of diving system operating parameters is to be designed and constructed so that it works properly under the design and environmental conditions specified for the diving system.

2.6.3 Failure of a control system is not to result in the loss of ability to provide essential services by alternative means. This may be achieved by manual control or redundancy within the control system or redundancy in machinery and equipment. Instrumentation is to be provided at local manual control stations to ensure effective operation of the machinery or equipment by duty personnel.

2.6.4 Failure of the power supply to a safety system is to operate an audible and visual alarm in the control room(s).

2.6.5 Control systems should be designed to ‘fail safe’.

2.6.6 Control systems are to be designed such that normal operation of the controls cannot endanger life or induce detrimental effects within machinery or equipment.

2.6.7 It must be possible to check the function of important indication lamps, alarms, and control and safety systems during operation.

2.6.8 Automatic surveillance and control equipment must be capable of being switched to manual operation at all times.

2.6.9 Automation equipment must be compatible with the operating conditions of the diving system.

2.6.10 The central control position is to be equipped with indicating instruments for the following parameters:
  1. Pressure of connected breathing gas receivers/bottles.
  2. Pressure downstream of pressure reducers.
  3. Oxygen content in supply lines to:
    1. Umbilicals;
    2. Chamber compartments;
    3. Breathing masks in chambers.

2.6.11 For monitoring and controlling the diving system, a central control position is to be provided at which all important data relating to the chambers and the operating states of the ancillary equipment are displayed and where the chamber pressures can be controlled and the gases distributed to the various chambers.

2.6.12 Diving systems are to be so arranged and equipped that centralized control and the safe operation of the system can be maintained under all weather conditions.

2.6.13 The central control position is to be fitted with controls for at least the pressurization and pressure control for each compression chamber compartment capable of independent operation and for each diving bell.

2.6.14 At the central control position, controls are to be grouped to allow all the control needed for the operation of the diving system, including CCTV monitoring and communications equipment, from one location.

2.6.15 All items of surveillance and control equipment are to be clearly inscribed and identified.

2.6.16 Indicating instruments and synoptic displays are to be designed and inscribed in such a way that they can be read quickly and clearly.

2.6.17 Remote or automatic controls are to be provided with sufficient instrumentation at the relevant control stations to ensure effective control and indicate that the system is functioning correctly.

2.6.18 When control systems are provided with means to adjust their sensitivity or set point, the arrangements are to be such that the final settings can be readily identified.

2.6.19 Arrangements are to be such that satisfactory control may be affected with the system of remote or automatic controls out of action. This may be achieved by manual control or redundancy arrangements within the control system.

2.6.20 Only those items of equipment may be installed at the central control position which are essential to the operation of the diving system and do not impair its surveillance and control.

2.6.21 The central control position is to be separated from the other spaces in the ship or floating structure by bulkheads and decks of type “A”-60.

2.6.22 The central control position is to be equipped with separate ventilation system, the intake duct of which must be routed from an area not subject to an explosive hazard.

2.6.23 Instruments for the surveillance, control and operation of the diving system are to be grouped and arranged in the Central Control Position in accordance with the principles of safety technology and ergonomics.

2.6.24 The Central Control Position is to be equipped with suitable HMI showing compression chamber parameters for the surveillance of each manned compression chamber compartment and each diving bell Table 2.2.1 Operating parameter to be monitored.

2.6.25 The integral operation of automation systems must be designed to take account of the lags and time constants of the units and elements making up the system (e.g. by allowing for the length and cross-section of piping systems and the response times of gas analysers).

2.6.26 Automation equipment must be capable of reliable operation under the conditions of voltage and frequency variation stated in the Rules for Classification and Construction, of Ships.

Table 2.2.1 Operating parameter to be monitored

Parameter Compression chamber compartments Diving bell
Pressure or depth1 X X2
Temperature1 X
Humidity X
O2 partial-pressure1 X X
CO2-partial pressure X X
Note 1. These parameters are to be displayed continuously
Note 2. The pressure or depth inside and outside the diving bell is to be indicated

2.7 Monitoring of parameters

2.7.1 An on-line system shall be used for recording of diver, ADS, bell, habitat and chamber parameters.

2.7.2 Sensors for depth monitoring shall be located on the bell and on the diver.

2.7.3 The following parameters shall be measured, displayed and logged on a continuous basis:
  1. Time;
  2. Divers/ADS depth;
  3. pO2 and pCO2 in the divers/ADS breathing gas;
  4. Hot water temperature and flow to the bell;
  5. Bell internal and external pressure;
  6. Bell internal pO2, pCO2 and temperature;
  7. Chamber internal pressure, humidity, pO2, pCO2 and temperature;
  8. ADS O2 supply bottle pressure;
  9. ADS suit temperature, pressure and humidity;
  10. Habitat internal and external pressure;
  11. Habitat internal pO2, pCO2 and temperature;
  12. Continuous video camera monitoring of compartments by the dive control station personnel.
2.7.4 For diving deeper than 185 msw the following parameters shall in addition be measured, displayed and on a continuous basis:
  1. Hot water temperature at the divers suit;
  2. Bell hot water temperature and flow to the diver at the bell.
2.7.5 The following substances shall be monitored and logged on a routine basis:
  1. Potentially toxic gases in the hyperbaric environment;
  2. In habitat when welding: CO, Ar, NOx, O3, fumes, dust (not required on-line);
  3. Bacterial growth/content in all critical places.
2.7.6 The following parameters are to be logged/recorded on a continuous basis:
  1. pO2 and pCO2 in the divers/ADS breathing gas;
  2. Audio recording of the communication between divers and control room.

2.8 Fire detection systems

2.8.1 Fire detection systems including central fire detection stations, fire detectors and the wiring of the detection loops require the approval of LR.

2.8.2 Fire detection systems must be so constructed that any fault, e.g. supply failure, short-circuit or wire breakage in the detection loops, or the removal of a detector from its base triggers a visual and audible signal at the central fire detection station.

2.8.3 Fire detectors are to be suitable for the atmospheric conditions in which they are deployed having regard to considerations such as humidity saturation and oxygen enriched atmospheres. Evidence to demonstrate that the detectors are suitable for the application is to be submitted.

2.8.4 When fire detectors are provided with means to adjust their sensitivity, the arrangements are to be such that the set point can be fixed and readily identified.

2.8.5 When it is intended that a particular loop or detector is to be temporarily switched off, this state is to be clearly indicated. Reactivation of the loop or detector is to be performed automatically after a pre-set time.

2.8.6 Fire detector heads are to be of a type which can be tested and reset without the renewal of any component.

2.8.7 In the event that a fire is detected, audible and visual fire-alarms are to operate in the diving control room, within all interconnected chambers and locks and at the submersible’s control position as applicable.

2.8.8 For power supplies, see Pt 6, Ch 2, 2.6 Control systems, Pt 6, Ch 2, 2.3 Communications and Pt 6, Ch 2, 2.4 Alarm system.

2.9 Enclosures for electrical equipment

2.9.1 All items of electrical equipment belonging to a diving system are to be encased or sealed in a suitable enclosure compatible with their nature, location and protection class.

2.9.2 The enclosures of electrical equipment installed inside compression chambers and diving bells or operated in water must have been approved by LR.

2.9.3 Pressure-tight electrical equipment enclosures inside compression chambers and diving bells are to be subjected to external pressure test of 1,5 times the maximum working pressure of the chamber. Enclosures mounted on the outside of diving bells are to be tested at 1,4 times the design pressure of the diving bell.

2.10 Circuitry

2.10.1 Signalling equipment and control systems with a safety function must be designed on the failsafe principle, i.e. faults due to short-circuit, earthing or circuit breaks shall not be capable of provoking situations hazardous to personnel and/or the system. In this respect, a single failure criterion is to be assumed. The failure of one unit, e.g. due to short-circuit, shall not result in damage to other units.

2.10.2 In stored-program control systems, the electrical characteristics of the signal transmitters shall conform to the safety requirements for instruction and control devices. This means principally
  1. Activation at H level, i.e. by energization across NO contacts.

  2. Deactivation at L level, i.e. by deenergization across NC contacts

    The requirements of Pt 6, Ch 2, 2.3 Communications 2.3.1 are unaffected.

2.10.3  Instruction and control units for safety functions, e.g. emergency stop buttons, shall be independent of stored-program control systems and shall act directly on the output unit, e.g. the STOP solenoid.

2.10.4 Stored-program control systems should be reactionless and, in case of fault, should cause no malfunctions in program-independent safety interlocks or stepped safety circuits for fixed subroutines.

2.10.5 Freely accessible potentiometers and other units for equipment trimming or operating point settings must be capable of being locked in the operation position.

2.10.6 Interfaces with mechanical switchgear must be so designed that the operation of the system is not adversely affected by contact chatter.

Conductive tracks forming part of circuits which extend outside the enclosure housing the circuit boards must have qualified short-circuit protection, i.e. in case of an external short-circuit only the safety devices provided may respond without destroying the conductive tracks.

2.10.7 The equipment shall not be damaged by brief overvoltage in the ship's power supply, due for example to switching operations. The design is to allow for overvoltage equal to approximately 2,5 times the rated voltage and lasting 1 ms. Where systems are supplied by static converters, it may be necessary to make allowance for periodic voltage pulses lasting about 0,5 ms. The pulse amplitude depends on the converter type and is to be investigated in each case.

Copyright 2022 Clasifications Register Group Limited, International Maritime Organization, International Labour Organization or Maritime and Coastguard Agency. All rights reserved. Clasifications Register Group Limited, its affiliates and subsidiaries and their respective officers, employees or agents are, individually and collectively, referred to in this clause as 'Clasifications Register'. Clasifications Register assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Clasifications Register entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.