Pt C, Ch 3, Sec 1
SECTION 1 GENERAL REQUIREMENTS
1 General
1.1 Field of application
1.1.1 The following requirements apply to automation sys-
tems, installed on all ships, intended for essential services
as defined in Ch 2, Sec 1. They also apply to systems
required in Part C, Chapter 1 and Part C, Chapter 2,
installed on all ships.
1.1.2 This chapter is intended to avoid that failures or mal-
functions of automation systems associated with essential
and non-essential services cause danger to other essential
services.
1.1.3 Requirements for unattended machinery spaces and
for additional notations are specified in Part E.
1.2 Regulations and standards
1.2.1 The regulations and standards applicable are those
defined in Ch 2, Sec 1.
1.3 Definitions
1.3.1 Unless otherwise stated, the terms used in this chap-
ter have the definitions laid down in Ch 2, Sec 1 or in the
IEC standards. The following definitions also apply:
• Alarm indicator is an indicator which gives a visible
and/or audible warning upon the appearance of one or
more faults to advise the operator that his attention is
required.
• Alarm system is a system intended to give a signal in the
event of abnormal running condition.
• Application software is a software performing tasks spe-
cific to the actual configuration of the computer based
system and supported by the basic software.
• Automatic control is the control of an operation without
direct or indirect human intervention, in response to the
occurrence of predetermined conditions.
• Automation systems are systems including control sys-
tems and monitoring systems.
• Basic software is the minimum software, which includes
firmware and middleware, required to support the
application software.
• Cold standby system is a duplicated system with a man-
ual commutation or manual replacement of cards which
are live and non-operational. The duplicated system is
to be able to achieve the operation of the main system
with identical performance, and be operational within
10 minutes.
• Computer based system is a system of one or more com-
puters, associated software, peripherals and interfaces,
and the computer network with its protocol.
April 2009 Bureau Veritas
• Control station is a group of control and monitoring
devices by means of which an operator can control and
verify the performance of equipment.
• Control system is a system by which an intentional
action is exerted on an apparatus to attain given pur-
poses.
• Expert system is an intelligent knowledge-based system
that is designed to solve a problem with information that
has been compiled using some form of human exper-
tise.
• Fail safe is a design property of an item in which the
specified failure mode is predominantly in a safe direc-
tion with regard to the safety of the ship, as a primary
concern.
• Full redundant is used to describe an automation system
comprising two (identical or non-identical) independent
systems which perform the same function and operate
simultaneously.
• Hot standby system is used to describe an automation
system comprising two (identical or non-identical) inde-
pendent systems which perform the same function, one
of which is in operation while the other is on standby
with an automatic change-over switch.
• Instrumentation is a sensor or monitoring element.
• Integrated system is a system consisting of two or more
subsystems having independent functions connected by
a data transmission network and operated from one or
more workstations.
• Local control is control of an operation at a point on or
adjacent to the controlled switching device.
• Monitoring system is a system designed to observe the
correct operation of the equipment by detecting incor-
rect functioning (measure of variables compared
with specified value).
• Safety system is a system intended to limit the conse-
quence of failure and is activated automatically when
an abnormal condition appears.
• Software is the program, procedures and associated
documentation pertaining to the operation of the com-
puter system.
• Redundancy is the existence of more than one means
for performing a required function.
• Remote control is the control from a distance of appara-
tus by means of an electrical or other link.
1.4 General
1.4.1 The automation systems and components, as indi-
cated in Ch 2, Sec 15, [2], are to be chosen from among the
list of type approved products.
103
Pt C, Ch 3, Sec 1

They are to be approved on the basis of the applicable
requirements of these Rules and in particular those stated in
this Chapter.
Case by case approval may also be granted at the discretion
of the Society, based on submission of adequate documen-
tation and subject to the satisfactory outcome of any
required tests.
1.4.2 Main and auxiliary machinery essential for the pro-
pulsion, control and safety of the ship shall be provided
with effective means for its operation and control.
1.4.3 Control, alarm and safety systems are to be based on
the fail-to-safety principle.
1.4.4 Failure of automation systems is to generate an alarm.
1.4.5 Detailed indication, alarm and safety requirements
regarding automation systems for individual machinery and
installations are to be found in tables located in Part C,
Chapter 1 and in Part E, Chapter 3.
Each row of these tables is to correspond to one indepen-
dant sensor.
2 Documentation
2.1 General
2.1.1 Before the actual construction is commenced, the
Manufacturer, Designer or Shipbuilder is to submit to the
Society the documents (plans, diagrams, specifications and
calculations) requested in this Section.
The list of documents requested is to be intended as guid-
ance for the complete set of information to be submitted,
rather than an actual list of titles.
The Society reserves the right to request the submission of
additional documents in the case of non-conventional
design or if it is deemed necessary for the evaluation of the
system, equipment or components.
Plans are to include all the data necessary for their interpre-
tation, verification and approval.
Unless otherwise agreed with the Society, documents for
approval are to be sent in triplicate if submitted by the Ship-
yard and in four copies if submitted by the equipment sup-
plier. Documents requested for information are to be sent in
duplicate.
In any case, the Society reserves the rights to require addi-
tional copies, when deemed necessary.
2.2 Documents to be submitted
2.2.1 The documents listed in Tab 1 are to be submitted.
2.3 Documents for computer based system
2.3.1 General
For computer based systems, the documents listed in Tab 2
are to be submitted.

Table 1 : Documentation to be submitted

N° I/A (1) Documentation

1 I The general specification for the automation of the ship
2 A The detailed specification of the essential service systems
3 A The list of components used in the automation circuits, and references (Manufacturer, type, etc.)
4 I Instruction manuals
5 I Test procedures for control, alarm and safety systems
6 A A general diagram showing the monitoring and/or control positions for the various installations, with an indication
of the means of access and the means of communication between the positions as well as with the engineers
7 A The diagrams of the supply circuits of automation systems, identifying the power source
8 A The list of monitored parameters for alarm/monitoring and safety systems
9 A Diagram of the engineers’ alarm system
(1) A = to be submitted for approval;
I = to be submitted for information.

Table 2 : Computer based system documentation

N° I/A (1) Documentation

1 I System description, computer software [2.3.2]
2 A System description, computer hardware [2.3.3]
3 I System reliability analysis [2.3.4]
4 I User interface description [2.3.5]
5 I Test programs [2.3.6]
(1) A = To be submitted for approval
I = To be submitted for information.

104 Bureau Veritas April 2009


2.3.2 System description, computer software
This documentation is to contain:
• a list of all main software modules installed per hard-
ware unit with names and version numbers
• a description of all main software which is to include at
least:
- a description of basic software installed per hard-
ware unit, including communication software, when
applicable
- a description of application software.
2.3.3 Description of computer hardware
The documentation to be submitted is to include:
• hardware information of importance for the application
and a list of documents that apply to the system
• the supply circuit diagram
• a description of hardware and software tools for equip-
ment configuration
• the information to activate the system
• general information for trouble shooting and repair
when the system is in operation.
2.3.4 System reliability analysis
The documentation to be submitted is to demonstrate the
reliability of the system by means of appropriate analysis
such as:
• a failure mode analysis describing the effects due to fail-
ures leading to the destruction of the automation sys-
tem. In addition, this documentation is to show the
consequences on other systems, if any. This analysis is
appraised in accordance with the IEC Publication
60812, or a recognised standard
• test report/life test
• MTBF calculation
• any other documentation demonstrating the reliability
of the system.
2.3.5 User interface description
The documentation is to contain:
• a description of the functions allocated to each operator
interface (keyboard/screen or equivalent)
• a description of individual screen views (schematics,
colour photos, etc.)
• a description of how menus are operated (tree presenta-
tion)
• an operator manual providing necessary information for
installation and use.
2.3.6 Test programs
The following test programs are to be submitted:
• software module/unit test
• software integration test
• system validation test
• on-board test.
Each test program is to include:
• a description of each test item
• a description of the acceptance criteria for each test.
April 2009
Pt C, Ch 3, Sec 1
2.4 Documents for type approval of equip-
ment
2.4.1 Documents to be submitted for type approval of
equipment are listed hereafter:
• a request for type approval from the manufacturer or his
authorized representative
• the technical specification and drawings depicting the
system, its components, characteristics, working princi-
ple, installation and conditions of use and, when there
is a computer based system, the documents listed in Tab
2
• any test reports previously prepared by specialised labo-
ratories.
2.4.2 Documentation to be submitted for type approval of
software is listed in Information Note “Software Assessment
for Shipboard Computer Based System” (NI-425).
3 Environmental and supply conditions
3.1 General
3.1.1 General
The automation system is to operate correctly when the
power supply is within the range specified in Ch 3, Sec 2.
3.1.2 Environmental conditions
The automation system is to be designed to operate satisfac-
torily in the environment in which it is located. The envi-
ronmental conditions are described in Ch 2, Sec 2.
3.1.3 Failure behavior
The automation system is to have non-critical behaviour in
the event of power supply failure, faults or restoration of
operating condition following a fault. If a redundant power
supply is used, it must be taken from an independent
source.
3.2 Power supply conditions
3.2.1 Electrical power supply
The conditions of power supply to be considered are
defined in Ch 2, Sec 2.
3.2.2 Pneumatic power supply
For pneumatic equipment, the operational characteristics
are to be maintained under permanent supply pressure vari-
ations of ± 20% of the rated pressure.
Detailed requirements are given in Ch 1, Sec 10.
3.2.3 Hydraulic power supply
For hydraulic equipment, the operational characteristics are
to be maintained under permanent supply pressure varia-
tions of ± 20% of the rated pressure.
Detailed requirements are given in Ch 1, Sec 10.
Bureau Veritas 105
Pt C, Ch 3, Sec 1

4 Materials and construction 5 Alterations and additions

4.1 General 5.1

4.1.1 The choice of materials and components is to be
made according to the environmental and operating condi-
tions in order to maintain the proper function of the equip-
ment.
4.1.2 The design and construction of the automation equip-
ment is to take into account the environmental and operat-
ing conditions in order to maintain the proper function of
the equipment.
4.2 Type approved components
4.2.1 See Ch 2, Sec 15.
5.1.1 When an alteration or addition to an approved sys-
tem is proposed, plans are to be submitted and approved by
the Society before the work of alteration or addition is com-
menced.
5.1.2 A test program for verification and validation of cor-
rect operation is to be made available.
5.1.3 Where the modifications may affect compliance with
the rules, they are to be carried out under survey and the
installation and testing are to be to the Surveyor’s satisfac-
tion.

106 Bureau Veritas April 2009