by Alasdair Douglas, Associate Naval Architect at Safety at Sea
[Originally published in The Naval Architect]
With the introduction of Safe Return to Port (SRTP) in July 2010, ship systems are now designed and assessed to ensure they meet the minimum level of availability outlined in SOLAS. This assessment is extensive, requiring consideration of many interdependent systems subject to a range of casualty scenarios. On the operational side, the regulations require vessels to be able to restore system functionality within an hour of an incident. In October 2018, the Bahamas Flag published an instruction notice providing more detail on the operational requirements. The cruise industry, both operators and shipyards, is still evolving its response to meet the regulatory requirements.
We believe that it is the right time for the industry to shift its methodology of verifying system redundancy away from a traditional Failure Mode and Effect Analysis (FMEA) approach and towards the creation and maintenance of a digital system model, that understands both the logical dependencies of systems and the location of each system component on the vessel. A digital systems model can provide many advantages over the traditional approach. The owner and shipyards can be confident that a thorough analysis has been undertaken on the system design and that all system interconnections have been included. Furthermore, changes to systems or vessel layout can easily be included in the model to investigate what-if scenarios and to re-verify compliance efficiently. Lastly, updates to manual actions can be determined automatically through a programmatic approach and new documentation produced for the operator to use.
In the same way that vessel stability is verified and maintained through a digital model throughout the lifetime of the vessel, system design and verification can now be approached in the same way ensuring through life compliance.
Traditional FMEA approach
At the design phase, approaches to redundancy such as duplication and separation are considered and used to determine the overall layout and principles that must be applied during the design of the systems. Ensuring that systems adhere to these principles can be time consuming and requires constant monitoring, concluding with an assessment to ensure redundancy is met and the restorative actions determined where necessary. This can be carried out by means of an FMEA which is labour intensive and relies on manually reviewing all system diagrams and creating significant amounts of documentation. During this process, it would be impossible for all potential system interconnections to be fully analysed in such a manual way. The FMEA approach is a top-down approach, in which high-level redundancy principles are set out on a system by system basis. It is done once, at the end of the design and only for the purpose of certification. The process does not provide the ongoing benefits which a digital systems approach can provide.
A verifiable single source of system data
When designing and assessing ship systems, the information required comes from many sources. This poses a challenge simply in terms of data management to ensure information can be passed between teams easily. By developing a digital model of the systems, it brings all the information together in a coherent data source, which can then be queried and audited in a single, consistent manner.
In its simplest form, the systems model could simply contain information such as the location of components and the routing of pipes and cables. This provides a definition of the systems geometry and topology which can be used as a means of checking locations against the redundancy principles. It can also form the basis of audits carried out during the build process by the yard, or commissioning when the operator will want to have a clear understanding of the location and routing of major components and connections.
A repeatable methodology
The systems model should not be limited to simple topology but include the functionality and interdependencies of the systems, thus allowing availability and redundancy to be assessed through calculations. An automatic calculation process provides a comprehensive analysis in which all subsystems and interconnections can be considered simultaneously, but crucially are a repeatable and verifiable methodology making it an ideal solution for all parties involved.
From the perspective of Class and Flag, a calculation-based assessment allows the approval process to focus on the validity of the model and not the correctness of the methodology. This reduces the requirement on the persons approving to have a deep understanding of all systems and their redundancy principles and instead concentrate on checking items such as locations of components and routings of connections. The owner/operator will benefit through increased confidence in the delivered vessel and a reduction in the requirement for their teams to be heavily involved in the review and approval of documentation during the design and build.
System-by-system and casualty-by-casualty
A digital model of the systems allows the designer to tackle the problem in a system-by-system manner, while modelling interconnections between systems to generate a fully connected model. Although the model is built from a system’s perspective, it can also be readily assessed on a casualty-by-casualty basis, allowing the specifics of individual damage scenarios to be visualised and well understood. Such an approach is not feasible when the assessment is a table top exercise as the number of scenarios considered for a vessel may exceed a thousand. However, with an automatic calculation, the only consideration in adding additional casualty scenarios is the computation time required, which is much more cost effective than a manual approach.
Automatic generation of crew manual actions
One of the key outputs of the assessment process are the manual actions required to maintain systems availability, which form the basis of any crew response. It is vital that there is both confidence in the actions validity and that they can be kept to a minimum, especially when considering the additional one-hour time limit stipulated in the SOLAS SRtP requirements for all restorative actions to be completed. A functional systems model allows the manual actions to be determined automatically by computing the steps required to reconfigure a system to restore availability. This can significantly reduce the work involved in determining these actions which would require the use of FMEA across several disciplines.
Interdependencies between systems are considered automatically through the digital model and the entirety of all actions required is known, providing a clear understanding of the effort involved in restoring all systems. By using the casualty-by-casualty approach, the actions can be determined on a per casualty basis, giving the most accurate and concise set of crew manual actions to use for crew response.
Compliance during operations
The onboard response to a SRTP situation can be aided with the use of the digital model, providing the required set of actions and allowing alternatives to be considered, something that cannot be dealt with through paper-based assessment. During the design and assessment process, actions are generally developed based on the normal operational state of the system, such as the expected configuration of valves, circuit breakers and other key equipment. While operating, it is not unusual for equipment to be taken offline for maintenance but in terms of the SRTP response, the unavailability of a bilge pump could in fact break the redundancy principles and the crew manual actions are no longer valid.
It is possible to consider the availability of crew manual actions beyond the normal operational configuration either through pre-calculation of alternative configurations or having a live systems model that is fed information regarding the current system configuration. This could provide an alternative set of actions to maintain availability, or it could highlight when SRTP compliance is no longer possible, something that is equally useful for the crew to understand. This allows the operator to identify scenarios, such as routine maintenance, that could negatively impact the SRTP compliance, and thus put procedures in place to deal with it.
Through-life compliance
One of the challenges facing operators is the requirement to maintain the SRTP compliance throughout the operational lifetime of a vessel, through crew training and the process of ensuring that changes to systems are considered. It is common for vessels, especially cruise liners, to go through refits and revitalisations, a process that may require changes in vessel layout and/or systems themselves. Currently operators are faced with the possibility that they may need to have system designs reassessed, documentation updated and reapproved, with crew responses modified accordingly. This is a significant task if the original assessment was carried out as a paper-based FMEA exercise.
With the availability of a digital systems model this task is significantly reduced. Changes to either the vessel layout or the systems can be easily and quickly incorporated, and the redundancy and availability reassessed with the click of a button. Furthermore, any changes to the crew manual actions can also be automatically re-generated as part of this process, allowing the crew response to be easily updated while also ensuring confidence that the changes proposed do not infringe SRTP compliance.
Embracing the benefits
Ensuring SRTP compliance at the design phase is currently a lengthy and complex process. Once a vessel is in operation it is necessary to continue to prove compliance through crew drills and updated documentation. Managing this through paper-based assessments is possible during the design but it becomes increasingly burdensome as the vessel ages and modifications are made to vital systems.
A digital model provides a rigorous and repeatable assessment at the design stage and is an efficient and effective way to ensure compliance through a vessel’s lifetime. Digital models also provide information beyond SRTP compliance that consider more extensive casualty scenarios or system configurations beyond normal operating states.
A software product such as Systema is capable of modelling and analysing ship systems for redundancy to ensure compliance throughout the lifetime of a vessel. Through the modelling of systems and the ability to import information from existing sources, systems can be created, interconnected and analysed, and actions generated in line with the SRTP regulation. Proposed system changes can be easily assessed. The output can be actively used to support the design of the systems, the approval process, and the development of the crew response actions.
A digital system model turns what is now an onerous process into an effective and streamlined process which can feedback into the design process rather than simply being a compliance burden – ultimately increasing the overall safety of the vessel.