Section 4 Electronically controlled engines
Clasification Society 2024 - Version 9.40
Clasifications Register Rules and Regulations - Rules and Regulations for the Classification of Inland Waterways Ships, July 2022 - Part 5 Main and Auxiliary Machinery - Chapter 2 Engines - Section 4 Electronically controlled engines

Section 4 Electronically controlled engines

Parent topic: Chapter 2 Engines

4.1 General

4.1.1 The requirements of this Section are applicable to engines for propulsion and auxiliary purposes with programmable electronic systems implemented and used to control fuel injection timing and duration, and which may also control combustion air or exhaust systems. The requirements of this Section also apply to programmable electronic systems used to control other functions (e.g. starting and control air, cylinder lubrication, etc.) where essential for the operation of the engine.

4.1.2 These engines may be of the slow, medium or high-speed type. They generally have no direct camshaft - driven fuel systems, but have common rail fuel/hydraulic arrangements and may have hydraulic actuating systems for the functioning of the fuel, air and exhaust systems.

4.1.3 The operation of these engines relies on the effective monitoring of a number of parameters such as crank angle, engine speed, temperatures and pressures using programmable electronic systems to provide the services essential for the operation of the engine such as fuel injection, air inlet, exhaust and speed control.

4.1.4 Details of proposals to deviate from the requirements of this Section are to be submitted and will be considered on the basis of technical justification produced by the Engine builder.

4.1.5 Each engine is to be configured for the specified performance and is to satisfy the relevant requirements for propulsion, auxiliary engines.

4.1.6 During the life of the engine details of any proposed changes to control, alarm, monitoring or safety systems which may affect safety and the reliable operation of the engine are to be submitted to LR for approval.

4.2 Risk-based analysis

4.2.1 An analysis is to be carried out in accordance with relevant standards acceptable to LR to demonstrate compliance with the applicable requirements of this sub-Section appropriate to the engine application. The analysis is to be a risk-based consideration of engine operation and ship and personnel safety, and is to demonstrate adequate risk mitigation through fault tolerance and/or reliability in accordance with the specified criteria in Pt 5, Ch 2, 4.2 Risk-based analysis 4.2.2 to Pt 5, Ch 2, 4.2 Risk-based analysis 4.2.4 relevant to the engine application.

4.2.2 For ships with a single main propulsion engine, a Failure Mode and Effects Analysis (FMEA), or alternative recognised analysis of system reliability, is to be carried out and is to demonstrate that an electronic control system failure:

  1. Will not result in the loss of the ability to provide the services essential for the operation of the engine, see Pt 6, Ch 1, 2.5 Control systems, general requirements 2.5.7 and Pt 6, Ch 1, 2.13 Programmable electronic systems - Additional requirements for essential services and safety critical systems 2.13.2 of the Rules for Ships;

  2. Will not affect the normal operation of the services essential for the operation of the engine other than those services dependent upon the failed part, see Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.4 and Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.5 of the Rules for Ships: and

  3. Will not leave either the engine, or any equipment or machinery associated with the engine, or the ship in an unsafe condition, see Pt 6, Ch 1, 2.3 Alarm systems, general requirements 2.3.14, Pt 6, Ch 1, 2.4 Safety systems, general requirements 2.4.5, Pt 6, Ch 1, 2.4 Safety systems, general requirements 2.4.4, Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.3, Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.4 and Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.5 of the Rules for Ships.

4.2.3 A risk-based analysis is to be carried out for:

  1. main engines on ships with multiple main engines or other means of providing propulsion power; and/or

  2. auxiliary engines intended to drive electric generators forming the ship’s main source of electrical power or otherwise providing power for essential services.

The analysis is to demonstrate that adequate hazard mitigation has been incorporated in electronically controlled engine systems or the overall ship installation with respect to personnel safety and providing propulsion power and/or power for essential services for the safety of the ship. Arrangements satisfying the criteria of Pt 5, Ch 2, 4.2 Risk-based analysis 4.2.2 will also be acceptable.

4.2.4 The risk-based analysis report is to:

  1. Identify the standards used for analysis and system design.

  2. Identify the engine, its purpose and the associated objectives of the analysis.

  3. Identify any assumptions made in the analysis.

  4. Identify the equipment, system or sub-system, mode of operation and the equipment.

  5. Identify potential failure modes and their causes.

  6. Evaluate the local effects (e.g. fuel injection failure) and the effects on the system as a whole (e.g. loss of propulsion power) of each failure mode.

  7. Identify measures for reducing the risks associated with each failure mode (e.g. system design, failure detection and alarms, redundancy, quality control procedures for sourcing, manufacture and testing, etc.).

  8. Identify trials and testing necessary to prove conclusions.

4.2.5 At sub-system level it is acceptable to consider failure of equipment items and their functions, e.g. failure of a pump to produce flow or pressure head. It is not required that the failure of components within that pump be analysed, and failure need only be dealt with as a cause of failure of the pump.

4.3 Control engineering systems

4.3.1 Control, alarm, monitoring, safety and programmable electronic systems are to comply with Pt 6, Ch 1 Control Engineering Systems of the Rules for Ships as applicable.

4.3.2 The engine control, alarm monitoring and safety systems are to be configured to comply with the relevant requirements (e.g. operating profile, alarms, shut-downs, etc.) of this Chapter and Pt 6, Ch 1 Control Engineering Systems of the Rules for Ships for an engine for main or auxiliary purposes. Details of the engine configuration are to be submitted for consideration identifying:

  1. Local and remote means to carry out system configuration.

  2. Engine builder procedures for undertaking configuring.

  3. Roles and responsibilities for configuration (e.g. Engine builder, engine packager, system integrator or other nominated party) with accompanying schedule.

  4. Configurable settings and parameters (including those not to be modified from a default value).

  5. Configuration for propulsion, auxiliary engine application.

Configuration records are to be maintained and are to be made available to the Surveyor at testing and trials and on request in accordance with Pt 6, Ch 1, 1.5 Alterations and additions and Pt 6, Ch 1, 7.1 General 7.1.3 of the Rules for Ships.

4.4 Software

4.4.1 Software lifecycle activities are to be carried out in accordance with an acceptable quality management system, see Pt 6, Ch 1, 2.13 Programmable electronic systems - Additional requirements for essential services and safety critical systems 2.13.2 and Pt 6, Ch 1, 2.13 Programmable electronic systems - Additional requirements for essential services and safety critical systems 2.13.7 of the Rules for Ships.

4.4.2 Appropriate safety related processes, methods, techniques and tools are to be applied to software development and maintenance by the Engine builder. Selection and application of techniques and measures in accordance with Annex A of IEC 61508-3, Functional safety of electrical/electronic/programmable electronic systems: Software requirements, or other relevant standards or codes acceptable to LR, will generally be acceptable.

4.4.3 To demonstrate compliance with Pt 5, Ch 2, 4.4 Software 4.4.1 and Pt 5, Ch 2, 4.4 Software 4.4.2:

  1. software quality plans and safety evidence are to be submitted for consideration, see Pt 5, Ch 2, 4.2 Risk-based analysis 4.2.2.(b) and Pt 5, Ch 2, 4.2 Risk-based analysis 4.2.2.(c); and

  2. an assessment inspection of the Engine builder’s completed development is to be carried out by LR. The inspection is to be tailored to verify application of the standards and codes used in software safety assurance accepted by LR.

Copyright 2022 Clasifications Register Group Limited, International Maritime Organization, International Labour Organization or Maritime and Coastguard Agency. All rights reserved. Clasifications Register Group Limited, its affiliates and subsidiaries and their respective officers, employees or agents are, individually and collectively, referred to in this clause as 'Clasifications Register'. Clasifications Register assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Clasifications Register entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.