Section 1 General requirements

1.1.1 This Chapter applies to all ships intended to be classed with Clasifications Register (hereinafter referred to as 'LR'), and is in addition to other relevant Sections of the Rules.

1.1.2 Control engineering systems are to:

• provide control of required services and habitability requirements during defined operational conditions. This is to include, but is not limited to, power generation, propulsion and their associated services;
• provide control of the engineering systems necessary to ensure availability of essential and emergency safety systems during all normal and reasonably foreseeable abnormal conditions;
• provide control of the engineering systems necessary to ensure transitional power supplies remain available;
• be suitably protected against damage to itself under fault conditions and to prevent injury to personnel; and
• not fail in a way which may cause machinery and systems located in hazardous areas to create additional fire or explosion risk.

1.1.3 Control engineering systems on passenger ships are, in addition to the requirements of this Chapter, to comply with the requirements of Pt 5, Ch 23 Additional Requirements for Passenger Ships, as applicable.

1.1.4 LR will be prepared to give consideration to special cases or to arrangements which are equivalent to the Rules. For unconventional designs, see also Pt 7, Ch 14 Requirements for Machinery and Engineering Systems of Unconventional Design .

1.2.1 The documentation described in Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.2 to Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.9 is to be submitted for design review.

1.2.2 Where control, alarm, monitoring and safety systems are intended for the machinery or equipment as defined in Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.3 the following are to be submitted:

• Description of operation with explanatory diagrams.
• Line diagrams of control circuits.
• List of monitored points.
• List of control points.
• Details of alarms and warnings to be presented by the user interface, including:
  (i) an approach to category assignments which is in accordance with the IMO Code on Alerts and Indicators, 2009 ; and
  (ii) for alarms required by these Rules, the intended operator response and the message to be presented.
• Test schedules (for both works testing and sea trials) which should include methods of testing (for example, simulation testing) and test facilities provided, see Pt 6, Ch 1, 1.4 Control, alarm and safety equipment 1.4.1.
• Failure Mode and Effects Analysis (FMEA) where required by other sections of the Rules.
• List of safety functions and details of any overrides, including consequences of use, see Pt 6, Ch 1, 2.4 Safety systems, general requirements 2.4.8 and Pt 6, Ch 1, 2.6 Bridge control for main propulsion machinery 2.6.8.

1.2.3 Plans for the control, alarm, monitoring and safety systems of the following are to be submitted:

• Air compressors.
• Bilge and ballast systems.
• Cargo pumping systems for tankers.
• Cargo and ballast pumps in hazardous areas.
• Cargo tank, cargo hold, ballast tank and void space instrumentation where such arrangements are specified by other sections of the Rules (e.g. water ingress detection, gas detection).
• Controllable pitch propellers.
• Electric generating plant.
• Lithium battery system installations, see also Pt 6, Ch 2, 1.2 Documentation required for design review 1.2.17.
• Fixed water based local application fire-fighting systems, see Pt 6, Ch 1, 2.9 Fixed water-based local application fire-fighting systems.
• Incinerators.
• Inert gas generators.
• Main propelling machinery including essential auxiliaries.
• Miscellaneous machinery or equipment (where control, alarm, monitoring and safety systems are specified by other Sections of the Rules).
• Fuel oil transfer and storage systems.
• Steam raising plant. (Boilers and their ancillary equipment.)
• Steering gear.
• Thermal fluid heaters.
• Transverse thrust units.
• Valve position indicating systems.
• Waste-heat boiler.
• Water jets for propulsion purposes.
• Windlasses.

1.2.4  System operational concept. A description of the intended operation of the control, alarm, monitoring and safety systems for the main and auxiliary machinery, and other systems essential for the propulsion and safety of the ship. This description is to include a demonstration that the design provides an effective means of operation and control for all ship operating conditions.

1.2.5  Alarm systems. Details of the overall alarm system linking the main control station, subsidiary control stations, the bridge area and accommodation are to be submitted.

1.2.6  Programmable electronic systems. In addition to the documentation required by Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.2 the following is to be submitted:

1. System requirements specification.

2. System functional description.

3. System integration plan, see Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.2.

4. Failure Mode and Effects Analysis (FMEA), see Pt 6, Ch 1, 2.14 Programmable electronic systems – Additional requirements for integrated systems 2.14.5.

5. Details of the hardware configuration in the form of a system block diagram, including input/output schedules.

6. Hardware certification details, see Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.5 and Pt 6, Ch 1, 2.13 Programmable electronic systems - Additional requirements for essential services and safety critical systems 2.13.3.

7. Software production plans, including applicable procedures, see Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.20.

8. Factory acceptance, integration and sea trial test schedules for hardware and software.

9. Details of data storage arrangements, see Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.10 and Pt 6, Ch 1, 2.13 Programmable electronic systems - Additional requirements for essential services and safety critical systems 2.13.6.

1.2.7 For wireless data communication equipment:

1. Details of manufacturer’s installation and maintenance recommendations;

2. network plan with arrangement and type of aerials and identification of location;

3. specification of wireless communication system protocols and management functions, see Pt 6, Ch 1, 2.12 Additional requirements for wireless data communication links 2.12.4; and

4. details of radio frequency and power levels, including details of those permitted by the National Administration.

1.2.8 Plans showing the location and details of control stations, e.g. control panels and consoles. Location and details of controls and displays on each panel. Detailed user interface specifications. A general arrangement plan of control rooms showing the position of consoles, handrails, operator area, lighting, door and window arrangements. Drawing of HVAC systems including vent arrangements.

1.2.9  Fire detection systems. Plans showing the system operation, and the type and location of all machinery space fire detector heads, manual call points and the fire detector indicator panel(s) are to be submitted. The plans are to indicate the position of the fire detectors in relation to significant items of machinery, ventilation and extraction openings.

1.4.1 Equipment associated with control, alarm and safety systems as defined in Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.3 are to be surveyed at the manufacturers' works in accordance with the approved test schedule see Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.2, and the inspection and testing are to be to the Surveyor's satisfaction.

1.4.2 Equipment used in control, alarm and safety systems is to be suitable for its intended purpose, and accordingly, whenever practicable, be selected from the List of Type Approved Products published by LR. A copy of the Procedure for LR Type Approval System will be supplied on application. For fire detection alarm systems, see Pt 6, Ch 1, 2.8 Fire detection and fire alarm systems 2.8.3 and for programmable electronic systems, see Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.5 and Pt 6, Ch 1, 2.13 Programmable electronic systems - Additional requirements for essential services and safety critical systems 2.13.3.

1.4.3 Where equipment requires a controlled environment, an alternative means is to be provided to maintain the required environment in the event of a failure of the normal air conditioning system, see also Table 14.12.3 Miscellaneous machinery: Alarms and safeguards in Pt 5, Ch 14.

1.4.4 Assessment of performance parameters, such as accuracy, repeatability, etc. are to be in accordance with an acceptable National or International Standard, e.g. IEC 60051: Direct acting indicating analogue electrical measuring instruments and their accessories (all parts).

1.4.5 Special consideration will be given to arrangements that comply with a relevant and acceptable National or International Standard, such as IEC 60092-504:Electrical installations in ships – Part 504: Special features – Control and instrumentation.

1.5.1 When an alteration or addition to the approved system(s) is proposed, plans are to be submitted for approval. The alterations or additions are to be carried out under survey and the installation and testing are to be to the Surveyor's satisfaction.

1.5.2 Details of proposed software modifications are to be submitted for consideration. Modifications are to be undertaken in accordance with defined modification processes which are part of the supplier’s or system integrator’s quality management system. The following documentation is to be submitted:

1. Project-specific software modification plan.

2. An impact analysis which identifies the effect(s) of the proposed modification. The results of the analysis are to be used to inform the extent of verification and validation that is to be applied. This analysis is to consider both the local impact and, where applicable, the system level impact of the modification.

3. Configuration management records that satisfy the requirements of ISO 10007, to demonstrate the traceability of the proposed modification.

4. Factory acceptance, integration and sea trial test schedules as determined by the impact analysis in Pt 6, Ch 1, 1.5 Alterations and additions 1.5.2.(b).

5. Updated documentation as detailed in Pt 6, Ch 1, 1.2 Documentation required for design review 1.2.5.

1.5.3 Verification and validation activities are to demonstrate that the modified functionality performs as expected and that the modification has not unintentionally modified functionality outside the scope of the modification.

1.5.4 Software versions are to be uniquely identified by number, date or other appropriate means. Modifications are not to be made without also changing the version identifier. A record of changes to the system since the original issue (and their identification) is to be maintained and made available to the LR Surveyor on request.

1.6.1 An Emergency Stop (E-Stop) is a safeguard instigated by a single human action. It requires a stop of all movement within the controlled system as rapidly as possible to prevent a hazard occurring or to reduce an existing hazard to persons, machinery or the vessel.

1.6.2 An Emergency Trip (E-Trip) is a safeguard instigated by a single human action and means the disconnection of fuel, electrical, hydraulic or other power source from the controlled system to prevent a hazard occurring or to reduce an existing hazard to persons, machinery or the vessel. Movement within the system may be allowed to continue.

1.6.3 An Emergency Stop Function may be either an Emergency Stop or Emergency Trip, as appropriate to the system and risk being controlled.

1.6.4 Alarm System: a system which will alert relevant personnel to faults, abnormal situations and other conditions requiring attention in the machinery and the safety and control systems.

1.6.5 Control System: a system which responds to input signals from the process and/or operator and generates output signals causing the equipment under control to operate in the desired manner.

1.6.6 Failure: a loss of the ability of a structure, system or element to function within acceptance criteria.

1.6.7 Fail safe: a system design such that, when a failure occurs, the system reverts to the least hazardous state.

1.6.8 A reasonably foreseeable abnormal condition is an event, incident or failure that :

• has happened and could happen again;
• is planned for (e.g. emergency actions cover such a situation, maintenance is undertaken to prevent it, etc.).

They should be identified by:

• using analysis processes that were capable of revealing abnormal conditions;
• employing a mix of personnel including competent safety / risk professionals and those with relevant domain knowledge and understanding to apply the processes;
• referencing relevant events and historic data; and
• documenting the results of the analysis.

1.6.9 Safety System: a designated system that:

• implements the required safety functions necessary to achieve or maintain a safe state for the equipment under control; and
• is intended to achieve, on its own or with other safety systems, the necessary safety needed for the required safety functions.

1.6.10 Safe State: the state of equipment under control when safety is achieved. For some situations, a safe state only exists so long as the equipment under control is continuously controlled. Such continuous control may be for a short or indefinite period.

1.6.11 System: a set of elements which interact according to a design, where an element of a system can be another system, called a sub-system, which may be a controlling system or a controlled system, and may include hardware, software and human interaction.

1.6.12 Sub-system: identifiable part of a system, which may perform a specific function or set of functions.

1.6.13 Programmable electronic equipment: physical component where software is installed.

1.6.14 Software module: a module is a standalone piece of code that provides specific and closely coupled functionality.

1.6.15 Simulation tests: system testing where simulation tools replace parts or all of the equipment, or where parts of the communication network and lines are replaced with simulation tools.