New thinking required to understand passenger ship systems’ vulnerability
by Tryphonas Petrou, Senior Mechanical Engineer, Safety at Sea Ltd
[Originally published in Marine Professional, Issue 1, 2021]
The Safe Return to Port SOLAS regulation is the latest step change in regulatory requirements for passenger ships. The core concept is that the ship is its own best lifeboat. This is currently applicable to passenger ships of 120 metres and above in length, or passenger ships that have three or more main vertical zones (MVZ). The requirements according to SOLAS II-2 / 21 & 22 cover two scenarios:
- All the essential systems as defined by SOLAS shall remain operational upon loss of a space or compartment due to fire or flooding, except in the affected area(s).
- A more limited number of essential systems required for orderly evacuation shall remain operational upon loss of an MVZ.
The systems of concern are summarised into four main groups: power and propulsion, safety (fire-fighting and detection, flood detection and bilge), navigation and communication and safe areas. The full list can be found in the regulation. The Safe Return to Port (SRTP) regulation introduces four new concepts. First is ‘Safe Areas’, referring to internal spaces focused on providing passengers and crew with basic services. Additionally, they shall provide food and access to a medical facility. Second is ‘Casualty Thresholds’, which defines the extent of a casualty (fire or flooding) for which the ship shall remain operational. The most critical thresholds are to be identified at an early design stage and discussed with class and owners/operators and should be properly recorded in an SRTP Design Philosophy document. Third is ‘Manual Actions’ which covers any crew intervention activity required to isolate, restore or maintain system functionality. Last is ‘Critical Failures’ which are those failures where SRTP system functionality cannot be restored after a casualty threshold occurs. They are identified during the overall assessment of systems and arrangements related to SRTP operation. During the detailed assessment phase, these failures are normally rectified through a systems design change or by identifying available manual actions.
SRTP regulations have added a further layer of safety to passenger vessels. They work as a bridge between design and operational requirements where a specific set of systems need to attain a specific redundancy level. This is achieved through duplication and separation with an allowance for manual actions, however these need to be pre-planned and documented, with manual interventions kept as simple as possible. The decision to what extent manual actions are minimised is based on the different stakeholders’ interests and is significantly influenced by the available crew.
The level of redundancy to be adopted for SRTP resembles that of a Dynamic Position Class 3 (DP3) vessel design. Some of the key areas of focus in both are power distribution, control, automation and communication. The tendency to reuse existing or off-the-shelf solutions is no longer fit for purpose because they do not comply with the regulations. The designer, working with the suppliers needs to consider specific aspects such as the location of several controllers, substations, switches and how they interact with each other. This is crucial when a component is lost due to short circuit, earth fault or signal failure. Moreover, the wiring routing and its protection should be planned carefully. Attention should be given to the valves, breakers and switches as far as their type, location and protection are concerned. Similar considerations apply to pipe routing and protection against fire with the current regulation interpretations providing guidance.
It is recommended that these aspects should be acknowledged and dealt with during the basic design phase together with the allowable time for action. Contrary to the DP requirements and design philosophy, SRTP regulations allow time for restoring affected systems functionality: two hours for systems related to safe areas operation and one hour for the rest of essential systems, according to the Bahamas Marine Notice 03.
Current designs tend to adopt a methodology whereby the vessel is split in to dedicated zones that are used to guide the duplication and separation. The machinery spaces can be broadly divided in to two main areas (separated by a watertight bulkhead) forward and aft – with each dedicated to a particular POD, thus ensuring one propulsion unit is always available. The hotel spaces can be divided by MVZ so that only one MVZ is non-operational at a time, thus ensuring sufficient safe areas in the non-affected areas.
The complexity of assessing a system design against SRTP regulations should not be underestimated. To put it in context, this task requires circa 20 different interconnected systems to be assessed against hundreds of differing potential casualties.
The traditional method of Failure Mode and Effect Analysis, commonly used in the offshore industry, is a paper-based exercise relying solely on the experience of the engineers. It has however several limitations: it is not repeatable or easily verifiable; its results are not readily reusable, and it does not take fully into consideration the interconnectivity of the systems.
An alternative methodology is to create a digital twin systems model, coupling location information with a system dependency model. With appropriate software, this methodology can provide a vast amount of benefits to all stakeholders: the calculation is able to consider the interconnectivity of all systems, each casualty can be assessed in a repeatable and verifiable way and what-if scenarios in design can be performed. We firmly believe that system design and assessment performed in this manner can benefit all stakeholders in this industry and any industry that requires a deep understanding of system vulnerability.