Section
1 General requirements
1.1 General
1.1.1 This Chapter
applies to control engineering systems on special service craft.
1.1.2 Control
engineering systems are to:
- provide control of required services and habitability requirements
during defined operational conditions. This is to include, but is
not limited to, power generation, propulsion and their associated
services;
- provide control of the engineering systems necessary to ensure
availability of essential and emergency safety systems during all
normal and reasonably foreseeable abnormal conditions;
- provide control of the engineering systems necessary to ensure
transitional power supplies remain available;
- be suitably protected against damage to itself under fault conditions
and to prevent injury to personnel; and
- not fail in a way which may cause machinery and systems located
in hazardous areas to create additional fire or explosion risk.
1.1.3 LR will
be prepared to give consideration to special cases or to arrangements
which are equivalent to the Rules where sufficient technical justification
is provided.
1.2 Documentation required for design review
1.2.2 A description
of operation with explanatory diagrams together with line diagrams
of control circuits, list of monitored, control and alarm points is
required for the following machinery or equipment:
1.2.3
Test schedules (for both works testing and sea trials), which should include
methods of testing (for example, simulation testing) and test facilities provided,
see
Pt 16, Ch 1, 7.4 Record of trials 7.4.1.
1.2.4
System operational concept. A description of the intended operation of the
control, alarm, mointoring and safety systems for the main and auxiliary machinery, and
other systems essential for the propulsion and safety of the ship. This description is
to include a demonstration that the design provides an effective means of operation and
control for all ship operating conditions.
1.2.5
Alarm
systems. Details of the overall alarm system linking the main
control station, subsidiary control stations, the bridge area and
accommodation. Details of alarms and warnings presented by the user
interface including: an approach to category assignment which is in
accordance with the IMO Code on Alerts and Indicators, 2009;
and for alarms required by these Rules, the intended operator response
and the message is to be presented.
1.2.6
Programmable
electronic systems.
In addition to the documentation required by Pt 16, Ch 1, 1.2 Documentation required for design review 1.2.2, the following is to be submitted:
-
System requirements
specification.
-
System functional
description.
-
System integration
plan, see
Pt 16, Ch 1, 2.14 Programmable electronic systems - Additional requirements for integrated systems 2.14.2.
-
Failure Mode and
Effects Analysis (FMEA), see
Pt 16, Ch 1, 2.14 Programmable electronic systems - Additional requirements for integrated systems 2.14.5.
-
Details of the hardware
configuration in the form of a system block diagram, including input/output
schedules.
-
Hardware certification
details, see
Pt 16, Ch 1, 2.10 Programmable electronic systems – General requirements 2.10.5and Pt 16, Ch 1, 2.13 Programmable electronic systems – Additional requirements for essential services and safety critical
systems 2.13.3.
-
Software production plans, including applicable procedures,
see
Pt 16, Ch 1, 2.10 Programmable electronic systems – General requirements 2.10.20.
-
Factory acceptance,
integration and sea trial test schedules for hardware and software.
-
Details of data
storage arrangements, see
Pt 16, Ch 1, 2.10 Programmable electronic systems – General requirements 2.10.10 and Pt 16, Ch 1, 2.13 Programmable electronic systems – Additional requirements for essential services and safety critical
systems 2.13.6.
1.2.7 For wireless
data communication equipment:
-
Details of manufacturer’s
installation and maintenance recommendations;
-
network plan with
arrangement and type of aerials and identification of location;
-
specification of
wireless communication system protocols and management functions, see
Pt 16, Ch 1, 2.12 Additional requirements for wireless data communication links 2.12.4; and
-
details of radio
frequency and power levels, including details of those permitted by
the National Administration.
1.2.8
Control
station. Plans showing the location and details of control
stations, e.g. control panels and consoles. Location and details of
controls and displays on each panel. Detailed user interface specifications.
A general arrangement plan of control rooms showing the position of
consoles, handrails, operator area, lighting, door and window arrangements.
Drawing of HVAC systems including vent arrangements.
1.2.9
Fire
detection systems. Plans showing the system operation and the
type and location of all machinery space fire detector heads, manual
call points and the fire detector indicator panel(s). The plans are
to indicate the position of the fire detectors in relation to significant
items of machinery, ventilation and extraction openings.
1.3 Control, alarm and safety equipment
1.3.2 Equipment
used in control, alarm and safety systems is to be suitable for its
intended purpose, and accordingly, whenever practicable, be selected
from the List of Lloyd’s Register Type Approved Products published
by Lloyd’s Register (hereinafter referred to as ’LR’).
1.3.3 Where
equipment requires a controlled environment, an alternative means
is to be provided to maintain the required environment in the event
of a failure of the normal air conditioning system. Failure of the
air conditioning system is to initiate an alarm.
1.3.4 Assessment
of performance parameters, such as accuracy, repeatability, etc. are
to be in accordance with an acceptable National or International Standard,
e.g. IEC 60051:Direct acting indicating analogue electrical
measuring instruments and their accessories (all parts).
1.4 Alterations and additions
1.4.1 When an
alteration or addition to the approved system(s) is proposed, plans
are to be submitted for approval. The alterations or additions are
to be carried out under survey and the installation and testing are
to be to the Surveyor’s satisfaction.
1.4.2 Details
of proposed software modifications are to be submitted for consideration.
Modifications are to be undertaken in accordance with defined modification
processes which are part of the supplier’s or system integrator’s
quality management system. The following documentation is to be submitted:
-
Project-specific
software modification plan.
-
An impact analysis
which identifies the effect(s) of the proposed modification. The results
of the analysis are to be used to inform the extent of verification
and validation that is to be applied. This analysis is to consider
both the local impact and, where applicable, the system level impact
of the modification.
-
Configuration management
records that satisfy the requirements of ISO 10007, to demonstrate
the traceability of the proposed modification.
-
Factory acceptance,
integration and sea trial test schedules as determined by the impact
analysis in Pt 16, Ch 1, 1.4 Alterations and additions 1.4.2.(b).
-
Updated documentation
as detailed in Pt 16, Ch 1, 1.2 Documentation required for design review 1.2.5
1.4.3 Verification
and validation activities are to demonstrate that the modified functionality
performs as expected and that the modification has not unintentionally
modified functionality outside the scope of the modification.
1.4.4 Software
versions are to be uniquely identified by number, date or other appropriate
means. Modifications are not to be made without also changing the
version identifier. A record of changes to the system since the original
issue (and their identification) is to be maintained and made available
to the LR Surveyor on request.
1.5 Definitions
1.5.1 An Emergency Stop (E-Stop) is a safeguard instigated by a single human
action. It requires a stop of all movement within the controlled system as rapidly as
possible to prevent a hazard occurring or to reduce an existing hazard to persons,
machinery or the vessel.
1.5.2 An Emergency Trip (E-Trip) is a safeguard instigated by a single human
action and means the disconnection of fuel, electrical, hydraulic or other power source
from the controlled system to prevent a hazard occurring or to reduce an existing hazard
to persons, machinery or the vessel. Movement within the system may be allowed to
continue.
1.5.3 An Emergency Stop Function may be either an Emergency Stop or Emergency
Trip, as appropriate to the system and risk being controlled.
1.5.4 Alarm System: a system which will alert relevant personnel to faults,
abnormal situations and other conditions requiring attention in the machinery and the
safety and control systems.
1.5.5 Control System: a system which responds to input signals from the process
and/or operator and generates output signals causing the equipment under control to
operate in the desired manner.
1.5.6 Failure: a loss of the ability of a structure, system or element to
function within acceptance criteria.
1.5.7 Fail safe: a system design such that, when a failure occurs, the system
reverts to the least hazardous state.
1.5.8 A reasonably foreseeable abnormal condition is an event, incident or
failure that :
- has happened and could happen again;
- is planned for (e.g. emergency actions cover such a situation,
maintenance is undertaken to prevent it, etc.).
They should be identified by:
- using analysis processes that were capable of revealing abnormal
conditions;
- employing a mix of personnel including competent safety / risk
professionals and those with relevant domain knowledge and understanding to apply the
processes;
- referencing relevant events and historic data; and
- documenting the results of the analysis.
1.5.9 Safety System: a designated system that:
- implements the required safety functions necessary to achieve or
maintain a safe state for the equipment under control; and
- is intended to achieve, on its own or with other safety systems, the
necessary safety needed for the required safety functions.
1.5.10 Safe State: the state of equipment under control when safety is achieved.
For some situations, a safe state only exists so long as the equipment under control is
continuously controlled. Such continuous control may be for a short or indefinite
period.
1.5.11 System: a set of elements which interact according to a design, where an
element of a system can be another system, called a sub-system, which may be a
controlling system or a controlled system, and may include hardware, software and human
interaction.
1.5.12 Sub-system: identifiable part of a system, which may perform a specific function or set
of functions.
1.5.13 Programmable electronic equipment: physical component where software is installed.
1.5.14 Software module:a module is a standalone piece of code that provides specific and
closely coupled functionality.
1.5.15 Simulation tests: system testing where simulation tools replace parts or all of the
equipment, or where parts of the communication network and lines are replaced with
simulation tools.
|