Section 10 Control, monitoring, alert and safety systems

10.1.1 Control, monitoring, alert, safety and programmable electronic systems are to comply with the requirements of this Section and Vol 2, Pt 9, Ch 7 Control, Alerts and Safety Systems.

10.1.2 The control system is to ensure safe and effective operation of the gas turbine package through the monitoring and control of critical parameters, such as engine speed, temperatures and pressures.

10.1.3 Each gas turbine is to be configured for the specified performance and is to satisfy the relevant requirements for mechanical drive or electrical generator applications.

10.1.4 The arrangements for control, monitoring, alert and safety systems are to be provided with a suitable back-up power supply to ensure that the gas turbine package can be shut down in a safe and controlled fashion upon loss of its primary and, where applicable, secondary electrical power supplies.

10.1.5 Interlocks are to be provided to prevent any operation of the gas turbine unit under conditions that could be hazardous to the machinery and/or personnel. The interlock system is to be arranged to be ‘fail safe’. The characteristics of the ‘fail safe’ operation are to be evaluated on the basis of the complete installation.

10.2.1 The gas turbine is to be protected against overspeed by the provision of a suitable device(s) and software functions capable of shutting down the gas turbine safely before a hazardous overspeed condition occurs.

10.3.1 For each gas turbine that provides mechanical drive to propulsion device(s), a speed governor independent of the overspeed protective device is to be fitted. The speed governor’s set limits are to be adjusted so that the speed does not exceed the limits which bring the overspeed protective device into action, see Vol 2, Pt 2, Ch 2, 10.2 Overspeed protection and shutdown system 10.2.1.

10.3.2 For each gas turbine intended for driving an electric generator, a speed governor, independent of the overspeed protective device is to be fitted. The speed governor’s fixed settings are to control the gas turbine speed within the design limits of the electrical system requirements, as defined in the electrical System Operational Concept document.

10.4.1 The power turbine is to be protected against over-temperature by the provision of a suitable device(s) capable of controlling the temperature within acceptable limits or shutting down the gas turbine safely to prevent damage.

10.5.1 Indication is to be provided for identifying flame out and failure to ignite conditions for each combustion chamber, see also Vol 2, Pt 2, Ch 2, 9.2 Purging before ignition 9.2.1.

10.6.1 Means are to be provided to determine accurately the pressure or flow of the lubricating oil supply to the various parts of the gas generator and power turbine, and scavenge oil and return systems, to ensure safe operation.

10.6.2 Means are to be provided to determine accurately the temperature of the lubricating oil supply to the various parts of the gas generator and power turbine, and scavenge oil and return systems, to ensure safe operation.

10.6.3 Means are to be provided to ensure that the temperature of the lubrication oil supply is controlled automatically to maintain steady-state conditions throughout the normal operating range of the gas turbine.

10.6.4 Where the lubrication oil supply to the power turbine is fed from a separate supply system, similar arrangements to those detailed above are to be provided.

10.7.1 Means are to be provided, at both the local and remote control/operating positions, to initiate manually the shutdown of the gas turbine in an emergency.

10.7.2 In addition to Vol 2, Pt 2, Ch 2, 10.7 Stopping of gas turbines 10.7.1, a means of manually shutting off the fuel in an emergency is to be provided at the manoeuvring station where the station is remote from the gas turbine control/operating position.

10.7.3  See also Vol 2, Pt 1, Ch 3, 4.15 Stopping of machinery for requirements for stopping machinery from a position outside the compartment where the machinery is located.

10.8.1 Means are to be provided for indicating the temperature of power turbine exhaust gases.

10.9.1 Where gas turbines are fitted with automatic or remote controls so that under normal operating conditions they do not require manual intervention by the Operators, they are required to be provided with alarm and safety arrangements required by Vol 2, Pt 2, Ch 2, 10.9 Automatic and remote controls 10.9.2 and Table 2.10.1 Gas turbine machinery: Alarms and shutdowns, as appropriate. Alternative arrangements which provide an equivalent level of safety will be considered.

10.9.2 Where fuel oil grades require heating or cooling only, fuel oil supply is to be fitted with automatic temperature controls so as to maintain steady state conditions throughout the normal operating range of the turbine, see also Vol 2, Pt 2, Ch 2, 10.9 Automatic and remote controls 10.9.4.

10.9.3 Where a first stage alarm together with a second stage alarm and automatic shutdown of machinery are required in Table 2.10.1 Gas turbine machinery: Alarms and shutdowns, the sensors and circuits utilised for the second stage alarm and automatic shutdown are to be functionally independent of those required for the first stage alarm, in that failure in one cannot affect the functionality of the other.

10.9.4 Where the fuel oil supply is heated, automatic control for viscosity may be fitted in place of the temperature control required by Vol 2, Pt 2, Ch 2, 10.9 Automatic and remote controls 10.9.2.

10.10.1 Sensors are to be selected with regard to their accuracy and integrity. For measurements required for safety functions, an engineering assessment is to be presented justifying the sensor configuration adopted. This assessment is to address any self-testing by the control system that is used to monitor the health of those sensors.

10.10.2 Where multiple sensor arrays are used to provide the necessary levels of reliability and integrity, the control system is to use the value that provides the greatest margin of safety.

10.11.1 The engine control, monitoring, alert and safety systems are to be configured to comply with the relevant requirements (e.g. operating profile, alarms, shutdowns, etc.) of this Chapter and Vol 2, Pt 9, Ch 7 Control, Alerts and Safety Systems for an engine for main or auxiliary power purposes. Details of the engine configuration are to be submitted for consideration identifying:

1. Local and remote means to carry out system configuration.

2. Engine packager or system integrator procedures for undertaking configuring.

3. Roles and responsibilities for configuration (e.g. Enginebuilder, engine packager, system integrator or other nominated party) with accompanying schedule.

4. Configurable settings and parameters (including those not to be modified from a default value).

5. Configuration for propulsion or auxiliary engine application.

Configuration records are to be maintained and are to be made available to the Surveyor at testing and trials and on request, in accordance with Vol 2, Pt 9, Ch 7 Control, Alerts and Safety Systems.

10.12.1 Where a software-based system forms part of a control, monitoring, alert and safety system, it is to comply with the requirements of Vol 2, Pt 9, Ch 7 Control, Alerts and Safety Systems & Vol 2, Pt 9, Ch 8 Programmable Electronic Systems.