Section 1 Integrated Software Intensive System – ‘ISIS’ notation
Clasification Society 2024 - Version 9.40
Clasifications Register Rules and Regulations - Rules and Regulations for the Classification of Offshore Units, July 2022 - Part 3 Functional Unit Types and Special Features - Chapter 15 Integrated Software Intensive Systems - Section 1 Integrated Software Intensive System – ‘ISIS’ notation

Section 1 Integrated Software Intensive System – ‘ISIS’ notation

Parent topic: Chapter 15 Integrated Software Intensive Systems

1.1 General

1.1.1 Integrated Software Intensive System class notation ISIS may be assigned where an integrated computer system in compliance with Pt 6, Ch 1, 6 Integrated computer control - ICC notation of the Rules and Regulations for the Classification of Ships, July 2022 provides fault tolerant control and monitoring functions for systems that are critical to safety or operational performance. Identification of the Integrated and Software Intensive Systems are to be derived using a risk assessment technique to a recognised National or International Standard, such as those detailed in IEC/ISO 31010 Risk Management – Risk Assessment techniques. Examples of such systems are listed but not limited to the following:
  • Propulsion and auxiliary machinery.
  • Dynamic positioning systems.
  • Positional mooring systems.
  • Ballast systems.
  • Process and utilities.
  • Drilling equipment.
  • Pipe-laying systems.
  • Product storage and transfer systems.
  • Well control system.
  • Pollution control system.
  • Jacking system for self-elevating unit.
  • Cantilever skidding system for drilling unit.
  • Power Management System (PMS).
  • Zone Management Systems (ZMS) (for all equipment where applicable).
  • Mud and cement management system.
  • HVAC (where applicable).
  • Lifting equipment/Load positioning.
  • Safety/Emergency systems.
  • Communication Systems.

1.1.2 Systems are to be considered critical to safety or operational performance when they are either directly or indirectly relied upon to provide services which are critical to continued safety or operational performance (e.g. if a critical system has an electronic control which is cooled by chilled water, then the chilled water system is to also be considered critical, if it has an impact on continued safety or operational performance of the system).

1.1.3 The risk assessment is to demonstrate that suitable risk mitigation has been achieved for all normal and reasonably foreseeable abnormal conditions. The scope of analysis required for each system is defined in Pt 3, Ch 15, 1.3 Programmable electronic systems – Additional requirements for integrated systems to Pt 3, Ch 15, 1.4 Operator stations and in the respective parts of the Rules.
Note A reasonably foreseeable abnormal condition is an event, incident or failure that:
  • has happened and could happen again;
  • has not happened but is considered possible. Where the likelihood is considered extremely unlikely or the consequences are trivial, and no further prevention or mitigation action is to be taken, then this is to be justified;
  • is planned for (e.g., emergency actions cover such a situation, maintenance is undertaken to prevent it.).

    These conditions should be identified by:

  • using analysis processes that are capable of revealing abnormal conditions;
  • employing a mix of personnel including: designers, operators, persons who carry out maintenance, those with relevant domain knowledge and understanding, and competent safety/risk professionals to apply the processes;
  • referencing relevant events and historic data; and documenting the results of the analysis.
1.1.4 The risk assessment required by Pt 3, Ch 15, 1.1 General is to:
  1. be organised in terms of systems and functions;
  2. identify the system and sub-systems and their modes of operation and the equipment;
  3. identify potential failure modes, system failures and degraded situations, and their causes;
  4. analyse the effects of failure modes, system failures and degraded situations and determine their impact on safety and operational performance;
  5. specify the mitigation needed to address the risks identified for each failure mode, system failure or degraded situation; in order to maintain safety and operational performance; and
  6. specify trials and testing necessary to demonstrate the identified risks have been mitigated sufficiently to ensure that safety and operational performance will be maintained.

1.2 General requirements

1.2.1 The Integrated Software Intensive System is to comply with the programmable electronic system requirements of Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirementsof the Rules for Ships and the control and monitoring requirements of the Rules applicable to a particular equipment, machinery or systems.

1.2.2 Alarm and indication functions required by 2.4 are to be provided by the integrated computer control system in response to the activation of any safety function for associated machinery. Systems providing the safety functions are in general to be independent of the integrated computer system, see also Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.7 of the Rules for Ships.

1.3 Programmable electronic systems – Additional requirements for integrated systems

1.3.1 The requirements of Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.2 of the Rules for Ships apply to integrated systems providing control, alarm or safety functions in accordance with the Rules, including systems capable of independent operation interconnected to provide co-ordinated functions or common user interfaces. Examples include integrated machinery control, alarm and monitoring systems, power management systems and safety management systems providing a grouping of fire, passenger, crew or ship safety functions, see Pt 6, Ch 2, 17 Fire safety systems of the Rules for Ships.

1.3.2 System integration is to be managed by a single designated party, and is to be carried out in accordance with a defined procedure identifying the roles, responsibilities and requirements of all parties involved. This procedure is to be submitted for the systems identified by Pt 3, Ch 15, 1.1 General

1.3.3 The system requirements specification, see Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.5 of the Rules for Ships, is to identify the allocation of functions between modules of the integrated system, and any common data communication protocols or interface standards required to support these functions.

1.3.4 Reversionary modes of operation are to be provided to ensure safe and graceful degradation in the event of one or more failures. In general, the integrated system is to be arranged such that the failure of one part will not affect the functionality of other parts, except those that require data from the failed part.

1.3.5 Where the integration involves control functions for essential services or safety functions, including fire, passenger, crew, and ship safety, a Failure Mode and Effects Analysis (FMEA) is to be carried out in accordance with IEC 60812, or an equivalent and acceptable National or International Standard and the report and worksheets submitted for consideration. The FMEA is to demonstrate that the integrated system will ‘fail-safe’, see Pt 6, Ch 1, 2.4 Safety systems, general requirements 2.4.6 and Pt 6, Ch 1, 2.5 Control systems, general requirements 2.5.4 of the Rules for Ships, and that the operability of the systems derived from the process required by Pt 3, Ch 15, 1.1 General, will not be lost or degraded beyond acceptable performance criteria where specified by these Rules.

1.3.6 The quantity and quality of information presented to the operator are to be managed to assist situational awareness in all operating conditions. Excessive or ambiguous information that may adversely affect the operator’s ability to reason or act correctly is to be avoided, but information needed for corrective or emergency actions is not to be suppressed or obscured in satisfying this requirement.

1.3.7 Where information is required by the Rules or by National Administration requirements to be continuously displayed, the system configuration is to be such that the information may be viewed without manual intervention, e.g., the selection of a particular screen page or mode of operation. See also Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.16 of the Rules for Ships.

1.4 Operator stations

1.4.1 The requirements for the operator stations are given in Pt 6, Ch 1, 6.3 Operator stations of the Rules for Ships, which are to be complied with.

1.4.2 Additions or amendments to these requirements are given in 6.3.3.

1.4.3 Where the integrated computer control system is arranged such that control and monitoring functions may be accessed at more than one operator station, the selected mode of operation of each station (e.g., in control, standby, etc.) is to be clearly indicated, see also 2.2.

Copyright 2022 Clasifications Register Group Limited, International Maritime Organization, International Labour Organization or Maritime and Coastguard Agency. All rights reserved. Clasifications Register Group Limited, its affiliates and subsidiaries and their respective officers, employees or agents are, individually and collectively, referred to in this clause as 'Clasifications Register'. Clasifications Register assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Clasifications Register entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.