Section
1 Integrated Software Intensive System – ‘ISIS’ notation
1.1 General
1.1.1 Integrated Software Intensive System class notation ISIS may be
assigned where an integrated computer system in compliance with Pt 6, Ch 1, 6 Integrated computer control - ICC notation of the Rules and Regulations for the Classification of Ships, July 2022 provides fault tolerant control and
monitoring functions for systems that are critical to safety or operational
performance. Identification of the Integrated and Software Intensive Systems are to
be derived using a risk assessment technique to a recognised National or
International Standard, such as those detailed in IEC/ISO 31010 Risk Management –
Risk Assessment techniques. Examples of such systems are listed but not limited to
the following:
- Propulsion and auxiliary machinery.
- Dynamic positioning systems.
- Positional mooring systems.
- Ballast systems.
- Process and utilities.
- Drilling equipment.
- Pipe-laying systems.
- Product storage and transfer systems.
- Well control system.
- Pollution control system.
- Jacking system for self-elevating unit.
- Cantilever skidding system for drilling unit.
- Power Management System (PMS).
- Zone Management Systems (ZMS) (for all equipment where
applicable).
- Mud and cement management system.
- HVAC (where applicable).
- Lifting equipment/Load positioning.
- Safety/Emergency systems.
- Communication Systems.
1.1.2 Systems are to be considered critical to safety or operational
performance when they are either directly or indirectly relied upon to provide
services which are critical to continued safety or operational performance (e.g. if
a critical system has an electronic control which is cooled by chilled water, then
the chilled water system is to also be considered critical, if it has an impact on
continued safety or operational performance of the system).
1.1.4 The risk assessment required by Pt 3, Ch 15, 1.1 General is to:
- be organised in terms of systems and functions;
- identify the system and sub-systems and their modes of
operation and the equipment;
- identify potential failure modes, system failures and degraded
situations, and their causes;
- analyse the effects of failure modes, system failures and
degraded situations and determine their impact on safety and operational
performance;
- specify the mitigation needed to address the risks identified
for each failure mode, system failure or degraded situation; in order to
maintain safety and operational performance; and
- specify trials and testing necessary to demonstrate the
identified risks have been mitigated sufficiently to ensure that safety and
operational performance will be maintained.
1.2 General requirements
1.3 Programmable electronic systems –
Additional requirements for integrated systems
1.3.1 The requirements of Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.2 of the Rules for Ships
apply to integrated systems providing control, alarm or safety functions in
accordance with the Rules, including systems capable of independent operation
interconnected to provide co-ordinated functions or common user interfaces. Examples
include integrated machinery control, alarm and monitoring systems, power management
systems and safety management systems providing a grouping of fire, passenger, crew
or ship safety functions, see
Pt 6, Ch 2, 17 Fire safety systems of the Rules for Ships.
1.3.2 System integration is to be managed by a single designated party, and is
to be carried out in accordance with a defined procedure identifying the roles,
responsibilities and requirements of all parties involved. This procedure is to be
submitted for the systems identified by Pt 3, Ch 15, 1.1 General
1.3.3 The system requirements specification, see
Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.5 of the Rules for Ships, is to
identify the allocation of functions between modules of the integrated system, and
any common data communication protocols or interface standards required to support
these functions.
1.3.4 Reversionary modes of operation are to be provided to ensure safe and
graceful degradation in the event of one or more failures. In general, the
integrated system is to be arranged such that the failure of one part will not
affect the functionality of other parts, except those that require data from the
failed part.
1.3.5 Where the integration involves control functions for essential services
or safety functions, including fire, passenger, crew, and ship safety, a Failure
Mode and Effects Analysis (FMEA) is to be carried out in accordance with IEC 60812,
or an equivalent and acceptable National or International Standard and the report
and worksheets submitted for consideration. The FMEA is to demonstrate that the
integrated system will ‘fail-safe’, see
Pt 6, Ch 1, 2.4 Safety systems, general requirements 2.4.6 and Pt 6, Ch 1, 2.5 Control systems, general requirements 2.5.4 of the Rules for Ships, and that the operability
of the systems derived from the process required by Pt 3, Ch 15, 1.1 General, will not be lost or degraded beyond acceptable performance
criteria where specified by these Rules.
1.3.6 The quantity and quality of information presented to the operator are to
be managed to assist situational awareness in all operating conditions. Excessive or
ambiguous information that may adversely affect the operator’s ability to reason or
act correctly is to be avoided, but information needed for corrective or emergency
actions is not to be suppressed or obscured in satisfying this requirement.
1.3.7 Where information is required by the Rules or by National Administration
requirements to be continuously displayed, the system configuration is to be such
that the information may be viewed without manual intervention, e.g., the selection
of a particular screen page or mode of operation. See also
Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.16 of the Rules for Ships.
1.4 Operator stations
1.4.2 Additions or amendments to these requirements are given in 6.3.3.
1.4.3 Where the integrated computer control system is arranged such that
control and monitoring functions may be accessed at more than one operator station,
the selected mode of operation of each station (e.g., in control, standby, etc.) is
to be clearly indicated, see also 2.2.
|