Title: INNHOLD
1INNHOLD
- Viktige definisjoner og løsninger for dette
- Systems
- Essential
- Important
- Non-important
- Independent systems
- Redundancy
- Single Failure Principle
- Krav til alarmsystemer
- Begrep og definisjoner
- Vakt kalling
2Systems Overview
3(No Transcript)
4 SYSTEM (Class Definition)
- A system includes all components necessary for
monitoring, control and safety, including sensors
and actuators. - the field instrumentation of one or more process
segments - all necessary resources needed to maintain the
function including system monitoring and adequate
self-check - all user interfaces.
- Sec.1 B104
5Systemer Diesel Electric propulsion
6 Essential Systems
- An essential instrumentation and automation
system is a system supporting equipment which
needs to be in continuous operation for
maintaining the vessel's propulsion and steering
functions, such as - steering gears
- pumps for controllable pitch propellers
- ventilation necessary to maintain propulsion
- electrical equipment for electric propulsion
plant with lubricating oil pumps and cooling
water pumps - electric generators and associated power sources
supplying the above equipment - hydraulic pumps supplying the above equipment
- Control, monitoring and safety devices/systems
for equipment to primary essential
services. Sec.1 B105
7 Important System
- An important instrumentation and automation
system is a system supporting equipment which
need not necessarily be in continuous operation,
but which is necessary to maintain the vessel's
main functions, such as - fuel oil transfer pumps and fuel oil treatment
equipment - lubrication oil transfer pumps and lubrication
oil treatment equipment - anchoring system
- seawater pumps
- starting air and control air compressors
- bilge, ballast and heeling pumps Sec.1
B106
8 Field instrumentation
- Field instrumentation comprises all
instrumentation that forms an integral part of a
process segment to maintain a function. - The field instrumentation includes
- sensors, actuators, local control loops and
related local processing as required to maintain
local control and monitoring of the process
segment - user interface for manual operation (when
required). Sec.1 B108
9Process Segment
- Process Segment
- A process segment is a collection of mechanical
equipment with its related field instrumentation,
e.g. a machinery or a piping system. - Process segments belonging to essential systems
are referred to as essential. - Example Starting air compressor
- Example Auxillary engine
- B109
10Example Power Management System
- System consist of
- Electric generators and associated power sources
supplying the electric propulsion system. - Process Segments
- Each auxillary engine and generator (DG)
- Field Instruments Sensors, actuators, computers
to control and protect the DG. - Switchboard
- Field instruments Sensors, relays etc to operate
and protect switchboard. - Lubrication system for aux. engines
11Generator Compartment
12 Single Failure Principle
- Whenever possible, essential and important
systems are to be so arranged that a single
failure in one system of one unit cannot spread
to another unit - (e.g. by use of selective fusing of electrical
distribution systems). Sec.2 A101
13Independence by Galvanic Isolation and Relays
Power
CAN
DPU Single Board Control Computer
Sensor inputs
Isolation
Analog inputs, each channel fused Digital inputs,
dry contact
3-way Isolation NO high voltage through DPU
14Definition of Single Failure for Dynamic
Positioning Systems (DP)
- For equipment class 2, a loss of position is not
to occur in the event of a single fault in any
active component or system. - Normally static components will not be considered
to fail where adequate protection from damage is
demonstrated. - Single failure criteria include.
- 1 Any active component or system (generators,
thrusters, switchboards, remote controlled
valves, etc.). - 2 Any normally static component (cables, pipes,
manual valves, etc.). - (IMO)
15Example Single failure, Steering gir
- Regulation 13
- Vessels shall be provided with a main steering
gear - and an auxiliary means of actuating the rudder
- The main steering gear and the auxiliary means of
actuating the rudder shall be arranged so that so
far as is reasonable and practicable a single
failure in one of them will not render the other
one inoperative. (IMO)
16 Independence- Process Segments
- The field instrumentation belonging to separate
essential process segments are to be mutually
independent. - Two systems are mutually independent when a
single system failure occurring in either of the
systems has no consequences for the maintained
operation of the other system according to above.
- Redundancy may provide the necessary
independence. Sec2. A101 - For an essential system having more than one
process segment, failure in the field
instrumentation of one process segment is not to
result in failure for the remaining parts of the
system. - A 301
17(No Transcript)
18Independence Example, DG Control (DCC C20)-En
kontrollenhet for hver generator.
19Independence-Alarm, control and safety system.
- The alarm system, automatic control system and
safety shut-down system (Sec2. A202) - are to be designed mutually independent,
- unless any failure which affects more than one of
the systems initiates an alarm and does not
change the operation mode. - Electrical Installations in Ships (IEC 60092-504)
- Protection (safety) functions shall be
independent of control and monitoring (alarm)
functions. - As far as practicable, control and monitoring
(alarm) functions shall also be independent. -
20Independence DG Control DC C20
21Examples, segregation of systems - Cruise Ship
- HVAC
- Fire zone 1 2, Fire zone 3 4, Fire zone 5
6 - Garbage Treatment
- Port and Stbd
- Auxiliaries, bilge, ballast, swimming pool
- Port and Stbd
- Power management
- Port MSB DG4, DG5, DG6 auxiliaries Emergency
DG - Stbd MSB DG1, DG2, DG3 auxiliaries Emergency
DG
22Redundancy
- Redundancy, e.g. manual operating facilities, is
to be built in to the extent necessary for
maintaining the safe operation of the vessel. - Changeover to redundant systems is to be simple
even in cases of failure to control and
monitoring systems. - Redundancy is defined as two mutually independent
systems that can maintain a function. - The two systems may be of a different type or
have different functionality. - Automatic switching between two systems is not to
be dependent on only one of the systems. - Sec.2 A500
23SummaryRedundance
IndependenceElements
Dual Operator StationsDual LANDual
FildbusGalvanic InsulationPhysical Segregation
of switchboard. (MSB 1,2)
24Alarmsystemer
- Prinsipper for utforming avAlarmsystemer
25Generell alarmsystem design
26Funksjonskrav
- Hovedfunksjonen til alarmsystemet er å varsle
operatøren om en unormal situasjon - Varslingsfunksjonen hjelper operatøren til å
påvirke den fremtidige utviklingen i et komplekst
prosessanlegg ved å rette oppmerksomheten mot
uønskede forhold i prosessen.
27Funksjonskrav
- Den sekundære funksjonen til alarmsystemet er å
fungere som en alarm- og hendelseslogg -
- Logg-funksjonen hjelper operatøren ved analyse av
en sekvens av hendelser som har ført til
nåværende eller tidligere prosesstilstander.
28Alarmrater under stabile driftsforhold
- Gjennomsnittlig alarmrate
- Mer enn 1 alarm i minuttet
- En alarm annet hvert minutt
- En alarm hvert femte minutt
- Færre enn en alarm hvert 10. minutt
- Konsekvens
- Klart uakseptabelt
- Sannsynligvis for krevende
- Håndterbart
- Klart akseptabelt
29Alarmrater under større driftsforstyrrelser
- Gjennomsnittlig alarmrate
- Mer enn 10 alarmer i minuttet
- 2-10 alarmer i minuttet
- Færre enn en alarm i minuttet
- Konsekvens
- Definitivt for mange alarmer, operatører vil
sannsynligvis oppgi bruken av systemet - Vanskelig å håndtere
- Burde være håndterbart, men kan være vanskelig
dersom flere alarmer krever en kompleks
operatørrespons.
30Alarmtyper
- Basisalarmer (basic alarms) genereres ved å
detektere avvik på enkeltmålinger fra prosessen
eller enkelte utstyrskomponenter. - Sammensatte alarmer (aggregated alarms) genereres
ved å kombinere tilstanden til et antall
basisalarmer på en slik måte at tilstanden til en
prosessdel beskrives mer presist enn hva
basisalarmer kan beskrive. - Dvs Gjør alarmbildet mer oversiktlig for
operatøren.
31Alarmundertrykking - Blocking
- Alarmundertrykking (alarm blocking) er en
automatisk prosessering som i spesielle
prosesstilstander hindrer et irrelevant
alarmsignal i å presenteres i hovedbilder for
operatøren. - tilstanden til alarmen er fortsatt tilgjengelig
i mer detaljerte bilder
32Manuell alarmundertrykking
- Manuell alarmundertrykking (blocking) er en
fasilitet for manuell fjerning av en alarm fra
hovedalarmlisten ved at den overføres til en egen
liste. - slik at den forhindres fra å dukke opp igjen på
hovedlisten helt til den er fjernet fra denne
listen. - Manuell undertrykking er normalt styrt av
operatøren, og er tenkt å fungere som en "siste
utvei" for å håndtere irrelevante problemalarmer
som slipper gjennom til operatøren til tross for
signalfiltrering og alarmundertrykking.
33Kongsberg Simrad Vessel Control(SVC) - AIM
34The alarm page KS- AIM
35Alarm colours and priority
36Alarm limits
In this example an analogue measurement between
0-100 is shown. Generally HSCAL max is 8, and
LSCAL min - 0,9. The limits are defined on the
Meas-1 terminals
HSCAL (Short-circuit)
HH
H
limit area
normal area
L
LL
LSCAL (open cercuit)
37(No Transcript)
38 ALARMS Requirements
- Alarms are to be visual and audible and are to
indicate abnormal conditions only. - In areas where the audible signal may not be
heard due to background noise, additional visual
and audible display units are to be installed. - Guidance note
- Several suitably placed low volume audible alarm
units should be used rather than a single unit
for the whole area. A combination of audible
signals and rotating light signals may be of
advantage. - Sec.3 A500
39 ALARMS
- 504 Responsibility for alarms is not to be
transferred before acknowledged by the receiving
location. - Transfer of responsibility is to give audible
prewarming. On each alternative location, it is
to be indicated when this location is in charge. - 505 Presentation and acknowledgement of alarms
are only to be possible at the workstation(s)
dedicated to respond to the alarm. - Guidance note
- Alarm lists may be available on any workstation.
- Sec.3 A500
40 ALARMS
- Alarms at workstations are normally to be
manually acknowledged in two steps - 1) silencing audible signal and additional visual
signal (e.g.rotating light signals) leaving the
visual signal on the workstation unchanged. After
acknowledgement, the audible signal is to operate
for any new failure. - 2) acknowledging the visual alarm. Alarms,
including the detection of transient faults, are
to be maintained until ac-knowledgement of the
visual indication. - The visual indications of individual alarms are
to remain until no ab-normal condition is being
detected. - Acknowledged alarms are to be clearly
distinguishable from unacknowledged alarms. - Flashing is, when used, to indicate
unacknowledged alarms.
41 ALARMS
- Acknowledgement of visual signals is to be
separate for each signal or common for a limited
group of signals. - Acknowledgement is only to be possible when the
user has visual information on the alarm
condition for the signal or all signals in a
group. - Permanent blocking of alarm units is not to be
possible. - In particular cases, however, manual blocking of
separate alarms may be accepted when this is
clearly indicated. - Inhibit og blocking betyr det samme og er
relevante kun for aksjonsalarmer. Dette betyr å
hindre shutdown aksjon ved å koble ut signalet
fra alarm til shutdown-logikk, mens
alarmtilstanden presenteres til operatøren. - Sec.3 A500
42 ALARMS
- 511 The more frequent failures within the alarm
system, such as broken connections to measuring
elements, are to release alarm. - 512 Interlocking of alarms is to be arranged so
that most probable failures in the interlocking
system, e.g. broken connection in external
wiring, does not prevent alarms. - 513 Blocking of alarm and safety functions in
certain operating modes (e.g. during start-up) is
to be automatically disabled in other modes. - 514 It is to be possible to delay alarms to
prevent false alarms due to normal transient
conditions.
43WATCH CALL SYSTEM
- The Watch Call system is an application that
monitors the cargo and engine machinery during
Unmanned Machinery Space/Engine Zero (UMS/E0)
operations. - It is an extension of the Event system combined
with an officer call facility.
44(No Transcript)
45Main Functions
- Officer Call
- This is an individual and general calling
facility for officers that can be activated from
selected vessel control locations. - Dead Man System
- Call Duty Officers CARGO and Call Duty Officers
ENGINE - Used to make calls to the on-duty officer(s).
46Bridge Watch Call panel
- Bridge Watch Call panels (WBUs) are normally
located on the bridge and can be defined as
watch responsible
47Cabin Watch Call panel
- Cabin Watch Call panels (WCUs) are located in the
officers cabins and public recreational areas
such as the mess and rest rooms.
48(No Transcript)
49Features
- ON DUTY indicators
- When lit, indicates that the officer named on the
label is on-duty. - Bridge Watch and ECR Watch buttons
- Used to accept watch responsibility transfers.
- Watch responsibility can only be transferred
between the Watch Call panels on the bridge and
in the ECR - Also a watch responsibility transfer can only be
requested from an Operator Station in the ECR. - ALARM indicators
- Group alarmindicators that can be configured to
cover one or more watch call alarm groups (areas
of the process).
50Repeat alarms
- If an alarm is not acknowledged at an Operator
Station within a pre-defined time period (default
3 minutes), a repeat alarm is generated. - If further pre-defined time period (default 3
minutes) elapses a second repeat alarm is
generated. - The first repeat alarm is given at all watch
responsible, on-duty officer and public area
Watch Call panels.