NAV107 DP2 FMEA Rev 1 76630408

3
01
Edison Chouest Offshore
-2
G
U
-A
19
Campos Challenger
ed
Hull 107
at
D
52
52
06
T1
ef
rR
tte
Le
Date July 2013

s
an
ECO Doc. Title Campos Challenger DPS-2

ACCU FMEA
r le
DPS-2 FMEA ECO Ref. No. 107-F-1

O
Client Doc. No.

ew
N
Rev. Date Reason for Issue Author Check Client

S
0 24 MAY 13 Original issue for comment HAD KPG

B
1 24 JUL 13 Finalized after trials MAG KPG

A
ee
S
3
DPS-2 FMEA Campos Challenger - NAV Hull 107 24 JUL 13
01
-2
SUMMARY
G
Background
U
The Campos Challenger is an Offshore Supply Vessel that is applying for DPS-2 (Dynamic
-A
Positioning System 2) classification from the ABS (American Bureau of Shipping) based
on the 2011 ABS "Rules for Building and Classing Steel Vessels."
19
This document is the DPS-2 FMEA (Failure Mode and Effects Analysis), which is used to
prove the vessel is in compliance with DPS-2 class notation regulations.
ed
In addition to the FMEA, a DP sea trial has been performed to prove the findings of the
FMEA and confirm it agrees with actual "as-built" design of the vessel.
at
The findings of the aforementioned DP proving trial has been used to verify the
D
preliminary analysis and revise the FMEA document accordingly. The FMEA may also be
revised if the vessel undergoes future modifications.
52
Vessel Design Details
52
Vessel is fitted with: 2 main propulsion plants with rudder steering, 1 forward swing
down thruster, 1 bow tunnel thruster, and 1 stern tunnel thruster.
06
There are 2 main engines with each driving a main propulsion propeller and a shaft
generator. There is 1 diesel engine driving the swing down thruster and each tunnel
T1
thruster is driven by an electric motor.
There are 2 Service Switchboard sections with each section connected to 1 diesel engine
ef
driven generator and an Emergency Switchboard connected to 1 emergency generator.

The port service switchboard section is connected to the aft diesel generator and the
rR
stbd service switchboard section is connected to the forward diesel generator.

There is a Battery Power System consisting of 15 individual battery charger systems, 3
tte
backup battery chargers, and 4 individual Uninterruptible Power Supplies.

There are 2 Thruster Switchboard sections with each section connected to 1 shaft
Le
generator. The port section powers the bow tunnel thruster motor. The stbd section
powers the stern tunnel thruster motor.
s
There are 4 fuel day tanks. The port day tank supplies the port main engine and the aft
an
diesel generator. The stbd day tank supplies the stbd main engine and the forward diesel
generator. The swing down thruster day tank supplies the swing down thruster engine.
r le
The emergency day tank supplies the emergency diesel generator.

Significant Findings
O
No Single Point Failures were found during preliminary analysis and the vessel appears
ew
to be consistent with ABS DPS-2 notation and IMO DP guidelines.

The Service Switchboard bus-tie is required to be closed during DPS-2 operation.
N
The Thruster Switchboard bus-tie is required to be open during DPS-2 operation.

S
Before beginning DPS-2 operations the fuel service system must be setup correctly: port
B
day tank supplies port main engine and aft diesel generator, stbd day tank supplies stbd
A
ee
Page 2 of 96
S
3
01
-2
main engine and forward diesel generator, swing down thruster day tank supplies the
swing down thruster.
G
An electrical short circuit on the:
U
o Port thruster switchboard will cause the bow tunnel thruster to fail.
-A
o Stbd thruster switchboard will cause the stern tunnel thruster to fail.
19
Main Engine failure of the:
o Port main engine will cause both the port main propulsion and the port shaft
ed
generator to fail. Loss of the port shaft generator will cause the bow tunnel
thruster to fail.
at
o Stbd main engine will cause both the stbd main propulsion and the stbd shaft
generator to fail. Loss of the stbd shaft generator will cause the stern tunnel
D
thruster to fail.
52
The WCFDI (worst case failure design intent) condition is: one tunnel thruster offline,
and one main propulsion thruster offline. The vessel's overall WCF (worst case failure)
52
is a fuel contamination of the either fuel day tank.
o Loss of the port day tank will cause the aft diesel generator and the port main
06
engine to fail. The aft diesel generator failure will cause the service switchboard
bus-tie to trip and the aft diesel generator breaker to trip, which will cause the
T1
failure of the port service switchboard section. Loss of the port service
switchboard section will have no effect the DPS capability. Loss of the port main
engine will cause the port main propulsion to fail and the port shaft generator
ef
breaker to trip. Loss of the port shaft generator will cause the port thruster
rR
switchboard section to fail, which consequently fails the bow tunnel thruster.
Final result is failure of: bow tunnel thruster and port main propulsion.
o Loss of the stbd day tank will cause the forward diesel generator and the stbd
tte
main engine to fail. The forward diesel generator failure will cause the service
switchboard bus-tie to trip and the forward diesel generator breaker to trip,
Le
which will cause the failure of the stbd service switchboard section. Loss of the
stbd service switchboard section will have no effect the DPS capability. Loss of
s
the stbd main engine will cause the stbd main propulsion to fail and the stbd shaft
an
generator breaker to trip. Loss of the stbd shaft generator will cause the stbd
thruster switchboard section to fail, which consequently fails the stern tunnel
r le
thruster. Final result is failure of: stern tunnel thruster and stbd main propulsion.
The MP1/SG2/STT are cooled by a common FWC system, however the FWC system is
O
acceptable for DPS-2 operation since the piping is a static component. Regular
maintenance should check the piping for damage or leaks and make sure high temp
ew
alarms are operational; otherwise loss of this FWC system will fail the MP1, SG2, and
STT.
N
S
B
A
ee
Page 3 of 96
S
3
01
-2
Table of Contents
G
1) Introduction .................................................................................................... 7
U
1.1 General ....................................................................................................................... 7
-A
1.1.1 Scope of Work..................................................................................................................................................... 7
1.1.2 Conduct of Work ............................................................................................................................................... 7
19
1.1.3 Applicable Rules and Guidelines ................................................................................................................ 8
1.1.4 FMEA Testing...................................................................................................................................................... 8
1.2 Vessel Particulars ........................................................................................................ 8
ed
1.2.1 Description Summary ..................................................................................................................................... 8
1.2.2 Vessel Details ................................................................................................................................................... 12
at
1.2.3 Machinery and DP Equipment List......................................................................................................... 12
1.2.4 Abbreviations .................................................................................................................................................. 14
D
1.3 Failure Analysis ......................................................................................................... 15
1.3.1 Objectives .......................................................................................................................................................... 15
52
1.3.2 Limitations and Assumptions ................................................................................................................... 16
1.4 FMEA Methods and Procedure .................................................................................. 16
52
1.4.1 Method................................................................................................................................................................ 16
1.4.2 Format of FMEA Report .............................................................................................................................. 17
1.5
1.4.3 06
Definitions and Descriptions .................................................................................................................... 18
Redundancy Concept ................................................................................................ 19
T1
1.5.1 Worst Case Failure Design Intent ........................................................................................................... 19
1.5.2 Overview of Redundancy Concept ......................................................................................................... 19
ef
2) Power Generation and Auxiliary Systems ...................................................... 21

2.1 Fuel Oil System ......................................................................................................... 21
rR
2.1.1 Fuel Oil System Diagrams........................................................................................................................... 21

2.1.2 Fuel Oil System Description ...................................................................................................................... 22
tte
2.1.3 Fuel System Operating Philosophy ........................................................................................................ 22

2.1.4 Failure Modes and Effects .......................................................................................................................... 22
2.1.5 Summary and Redundancy Concepts.................................................................................................... 24
Le
2.1.6 Significant Failures ........................................................................................................................................ 24

2.2 Compressed Air System ............................................................................................. 25
s
2.2.1 Compressed Air System Diagrams ......................................................................................................... 25

an
2.2.2 Compressed Air System Description ..................................................................................................... 25

r le

2.3 Heating, Ventilation, and Cooling System .................................................................. 26
O
2.3.1 HVAC System Description .......................................................................................................................... 26

ew

N
2.4 Water Cooling Systems ............................................................................................. 28

2.4.1 Water Cooling System Diagrams ............................................................................................................. 28
S
2.4.2 Water Cooling System Description ........................................................................................................ 31

B

A
ee
Page 4 of 96
S
3
01
-2
2.5 Lubrication Systems .................................................................................................. 33
G
2.5.1 Lubrication System Description .............................................................................................................. 33
U
-A
2.6 Emergency Stop System ............................................................................................ 34
19
2.6.1 EStop Diagram................................................................................................................................................. 34
2.6.2 EStops Description ........................................................................................................................................ 35
ed
at
2.7 Generator Control Systems ....................................................................................... 36
D
2.7.1 Generator Control System Diagrams .................................................................................................... 36
2.7.2 SG (& ME) Control System Description ................................................................................................ 38
52
2.7.3 DG Control System Description ............................................................................................................... 39
2.7.4 General Descriptions .................................................................................................................................... 40
52
2.8
2.8.1
06
Electric Drive Motor Control Systems ........................................................................ 45
Electric Drive Motor Control System Diagrams .............................................................................. 45
T1
2.8.2 Electric Drive Motor Control System Description ........................................................................... 46
ef

rR
3) Power Distribution Systems .......................................................................... 48

3.1.1 TSB System Diagrams ................................................................................................................................. 48
tte
3.1.2 TSB System Description .............................................................................................................................. 48

Le

3.2 Service Switchboard System...................................................................................... 50
s
3.2.1 SSB System Diagrams .................................................................................................................................. 50

an
3.2.2 SSB System Description .............................................................................................................................. 53

r le

3.3 Battery Power System ............................................................................................... 56
O
3.3.1 Battery System Diagrams .......................................................................................................................... 56

3.3.2 Battery System Description ....................................................................................................................... 58
ew

N
3.3.5 Worst Case Failure ........................................................................................................................................ 61
4) Thrusters ...................................................................................................... 62
S
4.1 Main Propulsion Drive and Gearbox System .............................................................. 62

B
4.1.1 MP and RG System Diagrams ................................................................................................................... 62

A
4.1.2 MP System Description Overview .......................................................................................................... 63

ee
Page 5 of 96
S
3
01
-2
4.1.3 Gearbox Description ..................................................................................................................................... 63
4.1.4 Remote Control System ............................................................................................................................... 64
G
U
-A
4.2 Rudder Steering System ............................................................................................ 69
4.2.1 RD System Diagrams ................................................................................................................................... 69
19
4.2.2 RD Steering System Description Overview ........................................................................................ 70
4.2.3 Hydraulic System Description .................................................................................................................. 70
4.2.4 Control System ................................................................................................................................................ 70
ed
at
4.3 Swing Down Thruster System .................................................................................... 74
D
4.3.1 SDT System Diagrams ................................................................................................................................. 74
52
4.3.2 SDT System Description Overview......................................................................................................... 75
52
4.4
4.4.1
06
Tunnel Thruster System ............................................................................................ 80
Tunnel Thruster System Diagrams ....................................................................................................... 80
T1
4.4.2 Tunnel Thruster System Description Overview .............................................................................. 80
ef

rR
5) Dynamic Positiong Control System ................................................................ 86

tte
5.1 DP Control System .................................................................................................... 86

5.1.1 DP Control System Diagram ...................................................................................................................... 86
Le
5.1.2 DPCS Description Overview ...................................................................................................................... 87

5.1.2 Communication Network ............................................................................................................................ 87
s
5.1.3 Data Processing ............................................................................................................................................... 88

an
5.1.4 DPCS Reference Systems ........................................................................................................................... 89

5.1.5 Consequence Analysis ................................................................................................................................ 91
5.1.6 Operator Station - OS..................................................................................................................................... 91
r le
5.1.7 Thruster Control ............................................................................................................................................ 92

5.1.8 DPCS Failure Modes ...................................................................................................................................... 92
O
5.1.9 Effects of Failures........................................................................................................................................... 92

5.2 FMEA Tables .............................................................................................................. 93
ew
5.3 Summary and Redundancy Concepts......................................................................... 95

N
S
B
A
ee
Page 6 of 96
S
3
01
-2
1) INTRODUCTION
G
1.1 General
U
The DPS (Dynamic Positioning System) includes all of the vessel's equipment and systems,
-A
which provide functions critical to vessel's station keeping. It allows vessels to remain
stationary despite the environmental factors working against the vessel. Vessels with DPS-2
19
(Dynamic Positioning System 2) class notation are required to have a redundant dynamic
positioning system that will continue to maintain the vessel's station after a single failure
ed
occurs. Any single failure mode that causes a position or heading change while the vessel is
operating within the maximum environmental condition limits, as specified in the DP
at
Operator Manual, must not cause the vessel to move outside of the VOE (vessel operating
envelope) - the predefined boundary the vessel must stay within before a loss of station is
D
qualified as unacceptable. This vessel’s specified operating envelope for maintaining
position is three metersand maintaining heading is three degrees.
52
The FMEA (Failure Mode and Effects Analysis) report plays a key part in ensuring the
52
integrity of the vessel's redundancy concept and that a DPS is fault tolerant with the desired
post failure capability.
06
All vessel personnel involved in DP operations should read this report in its entirety before
operating the vessel's DPS, so that they thoroughly understand the redundancy concepts
T1
and the required operating philosophy during DP operations.
1.1.1 Scope ofWork

ef
All of the vessel's equipment and systems whose failure could effect holding station, define
rR
the boundaries of the DPS assessed in the FMEA. The DPS is divided into the following
sections:
tte
Essential Auxiliary Systems

Power Generation Systems
Le
Power Distribution Systems

Thruster Systems
s
an
Dynamic Positioning Control System

Safety Systems
r le
1.1.2 Conduct ofWork

O
The information and knowledge of the vessel used to prepare and produce the preliminary
ew
FMEA, was acquired by:

Reviewing the following documentation:
N
o Vessel drawings and specifications

o Vendor system functional drawings, technical descriptions, and individual FMEAs
S
Speaking with operating personnel and shipyard engineers

B
A
ee
Page 7 of 96
S
3
01
-2
After reviewing documentation, each system’s control functions and components were
examined to identify the effect of all types of potential failure modes that may occur.
G
Potential failure modes were analyzed to determine their effect on the vessel's station
U
keeping capability during DPS-2 operation.
-A
1.1.3 Applicable Rules and Guidelines
19
The FMEA is intended to demonstrate that the vessel meets the requirements of current
class rules. That is namely:
ed
2011 ABS Rules for Building and Classing Steel Vessels, with particular reference to Part
4, Chapter 3, Section 5.15 - Dynamic Positioning Systems
at
IMO MSC Circular 645, Guidelines for Vessels with Dynamic Positioning Systems
D
1.1.4 FMEA Testing
52
The DP Proving Trial was performed to prove the analysis of the preliminary FMEA report
in respect to the DPS's fault tolerance. The results of the trial has been used to confirm the
52
FMEA report is congruent with the final "as-built" vessel design. An annual proving trial
should also be performed annually to insure the DPS is meeting its required safety and
performance criteria. 06
Reference:
T1
NAV Hull 107 DPS-2 Proving Trial, Rev A - First Issue of Preliminary DPS-2 Proving Trial
ef
1.2 Vessel Particulars

rR
1.2.1 Description Summary

tte
The Campos Challenger (NAV Hull 107) is a Offshore Supply Vessel fitted with: 2 main
propulsions with rudder steering, 1 bow tunnel thruster, 1 forward swing down thruster,
Le
and 1 stern tunnel thrusters.

A) Power Generation
s
The vessel has: 2 main engines, 1 swing down thruster engine, 2 diesel engine generators, 1
an
emergency diesel engine generator, 2 shaft generators, and 2 electric drive motors. Each
main engine drives a main propulsion propeller and a shaft generator. Each diesel generator
r le
powers a section of the service switchboard. The aft diesel generator normally powers the
emergency switchboard, but an emergency diesel generator is also available to power the
O
emergency switchboard if the aft diesel generator should fail. A single diesel engine drives
the swing down thruster. Each electric motor drives a tunnel thruster.
ew
Each engine is located in the Engine Room except the Emergency Generator Engine, which is
located in the Emergency Generator Room. Each main engine turns a shaft that runs from
N
the Engine Room and through the Shaft Alley to a gearbox located aft of the mid ship area.
The shaft input to the gearbox is divided into two outputs, where one output drives a shaft
S
generator and the other output drives a main propulsion propeller. The Swing Down
B
Thruster Engine turns a shaft the runs from the Engine Room into the adjacent Forward
A
Thruster Room where the Swing Down Thruster's bevel gearbox is located.
ee
Page 8 of 96
S
3
01
-2
The Bow Tunnel Thruster's motor and gear system are also located in the Forward Thruster
Room, while its motor starter cabinet is located in the upper engine room area.
G
Each diesel generator's switchboard control cabinet is located in the Engine Control Room.
U
The Emergency Diesel Generator's switchboard control cabinet is located in the Emergency
-A
Generator Room. Each shaft generator's switchboard control cabinet is located in the Engine
Control Room. The Stern Tunnel Thruster's motor and gear system are also located in the
19
Stern Thruster Room, while its motor starter cabinet is located in the Engine Control Room.
B) Essential Auxiliaries
ed
The Compressed Air System supplies the starting air needed by: the port main engine, stbd
main engine, swing down thruster engine, and the forward diesel generator engine. The air
at
compression system is fitted with 2 air compressors and 2 air receivers outputting the air
D
supply to a single manifold.
The aft generator engine and the emergency generator engine are each started by an electric
52
motor.
The Heating, Ventilation, and Cooling System covers all enclosed spaces and all rooms
52
where DPS equipment is located. There are 4 engine room blowers with 2 supply air
blowers and 2 exhaust air blowers. Separate fresh water cooling systems are used to cool
the engines, generators, and thrusters. 06
There are 4 fuel day tanks: port day tank, stbd day tank, swing down thruster day tank, and
T1
emergency day tank. The port day tank supplies the port main engine and the aft diesel
generator. The stbd day tank supplies the stbd main engine and the forward diesel
ef
generator. The swing down thruster day tank supplies the swing down thruster engine. The
emergency day tank supplies the emergency diesel generator.
rR
C) Power Distribution
tte
There are 2 Thruster Switchboard sections with each section connected to 1 shaft generator.
The port section powers the bow tunnel thruster motor. The stbd section powers the stern
Le
tunnel thruster motor.

There are 2 service switchboard sections with each section connected to 1 diesel generator.
The service switchboard sections distribute power to the vessel's various service and
s
operational loads. The port service switchboard section is connected to the aft diesel
an
generator and the stbd service switchboard section is connected to the forward diesel
generator. The Emergency Switchboard can be supplied by the Port Service Switchboard
r le
Section or the Emergency Generator. There is one (208/120V-AC) Lighting Distribution

Panel, which is powered by the stbd service switchboard. There is one (208/120V-AC)
O
Emergency Lighting Distribution Panel, which is powered by the Emergency Switchboard.

ew
There is a Battery Power System consisting of 15 individual battery charger systems, 3

individual backup battery chargers, and 4 individual Uninterruptible Power Supplies, 2 of
the Uninterruptible Power Supplies are dedicated to the Dynamic Positioning Control
N
System while the other 2 are dedicated to the Alarm Monitoring System.
S
B
A
ee
Page 9 of 96
S
3
01
-2
D) Thrusters
G
Each Main Propulsion and tunnel thruster propeller has an electro-hydraulic actuated pitch
control system. The thrust output of each thruster is controlled by changing the pitch of the
U
propeller blades while the propeller turns at a constant speed.
-A
The Swing Down Thruster uses an electro-hydraulic actuated steering control system along
with a fixed pitch propeller operating at variable speeds.
19
Each thruster directly drives a mechanical pump used to pressurize the oil in its hydraulic
system. Thrusters also have electric motor pumps used for start-up and standby hydraulic
ed
control.
The Steering System has two rudders, one located on the port side and the other located on
at
the stbd side of the vessel. Each rudder has two electric motor pumps with one pump
D
operating as the primary while the other pump is in standby. The rudders are actuated by a
hydraulic system, and frequency converter controlled electric motor pumps are used to
52
control the application of the oil.
E) Alarm Monitoring System
52
The Alarm Monitoring System is used to monitor and alarm the vessel's systems. It is
06
divided into two control subsystems, allowing the majority of the vessel's port and stbd
systems to be separated between the subsystems.
T1
F) Dynamic Positioning Control System
The Dynamic Positioning Control System is essentially a two-split system that relies on
ef
software and hardware fault detection and elimination to create redundancy. The system
had 3 control computers and 2 operator stations.
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 10 of 96
S
3
01
-2
G) Side Profile Figure
G
U
H) General Arrangement Figure
-A
19
ed
at
D
52
52
06
T1
ef
rR
Port Day
tte
Tank
RD1 RG1 DG2

ME1
Le
(Stbd FDG)
SDT
SG1
s
DG1
(Port ADG)
an
STT SG2 BTT
SDT
r le
ME2 Engine
RD2 RG2
SDT Day
O
Stbd Day Tank

Tank
ew
N
S
B
A
ee
Page 11 of 96
S
3
01
-2
1.2.2 Vessel Details
G
U
VESSEL NAME HULL NUMBER VESSEL TYPE
-A
Campos Challenger NAV Hull 107 Offshore Supply Vessel
YEAR OF BUILD PORT OF REGISTRY DIMENSIONS
19
2007 Navegantes, Santa Catrina - Brasil 85.34m×18.29m×7.32m
ed
1.2.3 Machinery and DP Equipment List
at
A) Power Generation
D
2 × Main Engines (ME1 - Port, ME2 - Stbd)
52
Make: Caterpillar, Model: 3608, RPM: 1000, kW: 2460
Speed Control System: Electronic Governor interfaced with a Load Sharing Module
52
o 2 × Shaft Generators (SG2 - Port, SG1 - Stbd)

1 × Swing Down Thruster Engine
06
Make: WEG, Model: GPW560, RPM: 1800, kW: 2656, Volt: 6600
T1
Make: Caterpillar, Model: 3508, RPM: 1800, kW: 845.82
2 × Diesel Generator (Aft DG2 - Port Switchboard, Forward DG1 - Stbd Switchboard)
ef
Make: Caterpillar, Model: 3508, RPM: 1800, kW: 910, Volt: 480
rR
Speed Control System: Electronic Governor interfaced with a Load Sharing Module
1 × Emergency Diesel Generator (EDG)
tte
Make: John Deer RPM: 1800, kW: 175, Volts: 480

Le
B) Power Distribution
2 × Main Gearbox- Reduction Gear (RG1 - Port, RG2 - Stbd)
s
Make: Flender, Model: GNBK 585

an
o Reduction Gear RPM: 236

2 × Thruster Switchboard (TSB1 - Port, TSB2 - Stbd)
r le
Make: WEG, Volt: 6600, Hz: 60

O
2 × Service Switchboard (SSB1 - Port, SSB2 - Stbd)

ew
1 × Emergency Switchboard (ESB)

N

C) Electric Motors
S
B
2 × Tunnel Thruster Electric Motor

A
Make: WEG, Model: WGM450, kW: 1250, Volts: 6600, Hz: 60, RPM: 1200
ee
Page 12 of 96
S
3
01
-2
D) Thrusters
G
2 × Main Propulsion Propeller (MP1 - Port, MP2- Stbd)
U
Make: Schottel, Model: SCP 077-4 XG
-A
Local Control System Make: SER RCP 2000
2 × Steering Rudders (RD1 - Port, RD2 - Stbd)
19
Make: Rolls-Royce, Model: SR662-FCP
1 × BTT Drive (BTT - Fwd Bow)
ed
Make: Brunvoll, Model: FU-80-LTC-2000, kW: 1250, RPM: 306
at
1 × SDT Drive (SDT - Aft Bow)
D
Make: Rolls-Royce Ulstein Aquamaster, Model: TCNC 73/50, RPM: 300, Location: Bow
(aft of BTT1)
52
Local Control System Make: Helicon X3
1 × STT Drive
52
Make: Brunvoll, Model: FU-80-LTC-2000, kW: 1250, RPM: 306
E) Dynamic Positioning Control System 06
T1
Dynamic Positioning Control System
MAKE MODEL SOFTWARE VERSION
ef
Marine Technologies Bridgemate DP2 1.3.2.3

rR
4 × Position Reference Sensors (DGPS1, DGPS2, CyScan, & RadaScan)

tte
# OF ABSOLUTE PRS DGPS1 MODEL DGPS2 MODEL
2 × DGPS C-NAV 2050 (w/ corrections on C-NAV 1000 (using Glonass satellite
Le
yearly subscription) system)
# OF RELATIVE PRS LADAR SENSOR MODEL

s
1 × LADAR CyScan
an
Heading, Wind, & Vertical Reference Sensor Redundancy

r le
# OF HEADING SENSORS # OF WIND SENSORS # OF VERTICAL SENSORS

O
3 × GC 3 × WS 2 × VRU
ew
System Redundancy
# OF CONTROL COMPUTERS # OF OPERATOR STATIONS # OF UPS
N
3 × CC 2 × OS 2 × UPS
S
B
A
ee
Page 13 of 96
S
3
01
-2
1.2.4 Abbreviations
G
U
ADG Aft Diesel Generator HPU Hydraulic Power Unit
-A
AMS Alarm Monitoring System HVAC Heating Ventilation & Cooling
APR Analog Protection Relay I/O Input/Output
19
AUX Auxiliary IJS Independent Joystick
ed
AVR Automatic Voltage Regulator LADAR Laser Detection & Ranging Sensor
BPS Battery Power Source LDP Lighting Distribution Panel
at
BTT Bow Tunnel Thruster LSM Load Sharing Module
D
BU Backup ME Main Engine
52
CC Control Computer MP Main Propulsion
52
CMD Command OC Operator Computer
DG Diesel Generator OP Operator Panel
DGPS Differential Global Position Sensor 06

OS Operator Station
T1
DPCS Dynamic Positioning Control System PLC Programmable Logic Controller
DPO Dynamic Positioning Operator RADAR Radio Detection & Ranging

ef
DPR Digital Protection Relay RD Rudder

rR
DPS Dynamic Positioning System RG Reduction Gear
ECM Engine Control Module SDT Swing Down Thruster

tte
ECR Engine Control Room SG Shaft Generator

Le
ECU Electronic Control Unit SSB Service Switchboard
EDG Emergency Diesel Generator STT Stern Tunnel Thruster

s
an
ELDP Emergency Lighting Distribution Panel SWC Sea Water Cooling
ER Engine Room TC Thruster Card

r le
ESB Emergency Switchboard TSB Thruster Switchboard

O
EStop Emergency Stop UPS Uninterruptable Power Supply
FB Feedback VRU Vertical Reference Unit

ew
FDG Forward Diesel Generator WCFDI Worst Case Failure Design Intent
N
FWC Fresh Water Cooling WS Wind Sensor

S
GC Gyrocompass
B
A
ee
Page 14 of 96
S
3
01
-2
1.3 Failure Analysis
G
1.3.1 Objectives
U
Identify and evaluate all single failure modesfound in the DPS.
-A
Prove the fault tolerance and redundancy design of the DPS, and identify the vessel's
19
worst case failure design intent.
Verify there are no SPFs in the DPS. SPFs are those failures in DPS that cause loss of
ed
station outside of the operating envelope.
Uncover all hidden failure modes and determine the effect a second failure mode would
at
have in conjunction with the hidden failure mode. If any undetected failure mode is
uncovered, we must ensure that a second failure mode in combination with the first
D
undetected failure mode does not cause a more serious failure.
52
Describe design safeguards that minimize the risk of failure, and any operational
procedures that require DPO intervention to ensure the safeguards remain in place.
52
Identify each system’s worst-case failure mode - a single failure mode of a system
component that has the greatest effect on the vessel’s ability to hold station. Verify that
each WCF mode will not exceed the WCFDI. 06
Provide findings used in the vessel’s risk assessment. These findings may be used by the
T1
DPO to assist in corrective action taken during failures, or by maintenance personnel
who need to know the impact on redundancy if equipment fails.
ef
Serve as a critical safety document for all vessel and maintenance personnel.
rR
A) Single Point Failures

Any single failure mode that causes a position or heading change, must not cause the vessel
tte
to move outside of the operating envelope - the predefined boundary the vessel must stay
within before a loss of station is qualified as unacceptable. This vessel’s specified operating
Le
envelope for maintaining position is three metersand maintaining heading is three degrees.
Unacceptable single failure modes are called SPF(s) (single point failure(s)). The DPS can be
s
redundantly configured for protection against SPFs by using backup components and a
an
satisfactory amount of power and thrusters so that the vessel can maintain station if any of
the system components should fail.
r le
B) DPO Intervention Failures

Any single failure mode that requires the DPO (Dynamic Positioning Operator) to
O
immediately take positive action to prevent escalation of the failure effect or loss of station,
is qualified as a DPO intervention failure.
ew
C) Hidden Failures
N
Any single failure mode that has the potential to remain undetected is called a hidden
failure. If any undetected failure mode is uncovered, the FMEA will further assess the effects
S
of other potential failure modes and determine the effect a second failure mode would have
B
in conjunction with the hidden failure mode, to ensure that a second failure mode in
A
combination with the first undetected failure mode does not cause a more serious failure
ee
Page 15 of 96
S
3
01
-2
D) Common Causes and Effects ofFailure Modes
G
Failure modes are the different ways a device may fail. All failure modes are not relevant for
all devices. The causes of a particular failure mode may be from a variety of different
U
circumstances. The most common causes for a particular failure mode include:
-A
Power Loss – Device supply voltage is not present.
19
Component Failure – Internal component inside of equipment fails.
Software Failure - Failure of a control function.
ed
After a failure has occurred, the station keeping capability may still be available, however
the system may be degraded after a single failure. The system can be degraded in two ways:
at
Reduced Accuracy – The vessel's station keeping capability might not be as accurate as
D
before the failure.
Reduced Redundancy – The ability of the system to handle another single failure is
52
reduced.
52
1.3.2 Limitations and Assumptions
During failure analysis, the FMEA must assume:

06
Systems are properly configured for DPS-2 operation while running under the correct
T1
operating philosophy
There are no deficiencies in component design
ef
Equipment is available and working correctly

rR
The vessel is operating within worst case failure environmental limits

Any vessel modifications should be reviewed to evaluate its effects on DPS redundancy and
documented in a revised FMEA.
tte
1.4 FMEA Methods and Procedure

Le
1.4.1 Method
s
an
The FMEA considers the single failure of active components (mechanical, electrical, and
control system hardware) or unprotected passive components. It does not assess the
r le
structure of the vessel, nor verify the quality of control software. Normally static
components such as manual valves and piping systems are not considered to fail if they are
adequately protected from damage or have proven reliability in damage resistance.
O
During failure analysis, the FMEA considers the failure of equipment items and their
ew
functions. For systems with redundant equipment carrying out the exact same function, if
one piece of equipment has been analyzed to the component level, it is assumed the other
redundant piece of equipment will behave the same when the same component failure
N
occurs. The FMEA does not include failure modes of each component inside the equipment
S
itself when redundant equipment is available. Component failure is considered as a cause of

failure relevant to the whole piece of equipment.
B
A
ee
Page 16 of 96
S
3
01
-2
1.4.2 Format ofFMEA Report
G
The FMEA document begins with a summary, which summarizes the background
U
information and significant findings, and provides a conclusion. Any assumptions made
-A
throughout the preliminary FMEA are highlighted for indication.
The introduction section provides an outline for why the FMEA report was created, defines
19
the boundaries of the equipment analyzed, describes the FMEA process, and lists the most
common failure modes detected during analyzation.
ed
Each vessel system that comprises the DPS, along with the various interfaced auxiliary
systems, is analyzed in sections. Analysis is done from top to bottom, where each system is
at
broken down from a high level system to a low level system. Systems that are peripheral
and have no effect on DP when they fail are excluded from the FMEA document.
D
Each section begins with a Diagram that shows the interaction of the different system
52
devices, and gives a graphical representation of system boundaries. The diagram
connects all parts of the system in order to show operational relationships between each
52
subsystem or component required for successful operation of the overall system. The
diagram is primarily concerned with the required chain of elements needed for
06
successful operation, not the flow of the signal. The diagram usually contains a color-
coded legend to indicate the source of power for a system component (source of power
T1
is also stated in the description section).
The Description section follows, which describes that section's system components and
the various associated subsystems. The description is used to demonstrate how the
ef
system works at a level that allows correct assessment for failure modes. The
rR
description may also be used to provide some training information for the vessel’s
personnel and improve operator understanding.
tte
The FMEA Table section is provided to list the types of possible failure modes, to indicate
the most common method used to detect the failure, and to analyze its effect on the
vessel’s dynamic positioning.
Le
The Summarysection summarizes the analysis and indicates all significant failure modes
uncovered during analyzation.
s
an
r le
O
ew
N
S
B
A
ee
Page 17 of 96
S
3
01
-2
1.4.3 Definitions and Descriptions
G
Alarm - a visual and audible failure indication, generated by the Alarm Monitoring System,
U
Alarm Monitoring System (AMS) - the system that monitors the vessel machinery and
-A
provides indications as it relates to the safety and protection of the vessel. The AMS
application runs on the dedicated operator stations located in the bridge and ECR. Therefore
19
any alarm that is generated by the AMS will annunciate in the bridge and ECR.
Dynamic Positioning System (DPS) - the entire makeup of the Dynamic Positioning
ed
System includes the Dynamic Positioning Control System and all of the subsystems (ex:
Electrical Systems, Cooling Systems, Thruster Systems, Fuel Systems, etc) used to
at
dynamically position the vessel.
Dynamic Positioning Control System (DPCS) - The DPCS consists of the computer control
D
system that performs the calculations needed to dynamically position the vessel. This also
52
includes the position reference systems (ex: DGPS, LADAR, RADAR) and sensors (ex: GC, WS,
VRU) used to measure environmental factors as well as the DP operator stations.
52
Essential Auxiliary Systems - consists of: the fuel service systems, compressed air systems,
HVAC systems, Water Cooling Systems, and Lubrication Systems.
06
Power Generation Systems - consists of: the engines, electrical generators, and electrical
drive motors
T1
Thrusters - the propellers, gears, and drive systems used to maneuver the vessel. When the
main propulsion or rudders are under the control of the Dynamic Positioning Control
ef
System, they are considered thrusters.

rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 18 of 96
S
3
01
-2
1.5 Redundancy Concept
G
U
1.5.1 Worst Case Failure Design Intent
-A
The vessel's WCFDI (worst case failure design intent) condition is: 1 tunnel thruster offline
and 1 MP offline. Failures that could cause the vessel to reach WCFDI condition include:
19
Port Day Tank fuel contamination
Stbd Day Tank fuel contamination
ed
ME1 failure
at
ME2 failure
D
1.5.2 Overview ofRedundancy Concept
52
The DPS has been designed so that the port and stbd systems can be isolated from each
other. Failure in a port system will have no effect in the redundant stbd system and vice-
52
versa.
Some key features of the vessel design redundancy concept include:
A) Port/Stbd Sub-Systems ofthe DPS 06
T1
The DPS sub-systems designated as port include:
MP1, ME1, RG1, SG2, RD1
ef
TSB1 (port TSB section), BTT

rR
SSB1 (port SSB section), DG2 (aft DG)

DG1 isphysicallylocated in the aft area ofthe engine room, and suppliesthe port section ofthe
SSB.
tte
The DPS sub-systems designated as stbd include:

Le
MP2, ME2, RG2, SG1, RD2

TSB2 (stbd TSB section), STT
s
SSB2 (stbd SSB section), DG1 (fwd DG)

an
DG isphysicallylocated in the forward area ofthe engine room, and suppliesthe stbd section of
the SSB.
r le
B) Other Sub-Systems ofthe DPS

O
The SDT system does not fall under the port or stbd category.
ew
Refer to the following figure for a simplified diagram of the thruster arrangement:
N
S
B
A
ee
Page 19 of 96
S
3
01
-2
A) Figure A - DPSRedundancy Concept Overview
G
SSB1 SSB2
U
SSB
-A
480V
DG2
19
Port
Fwd
DG1
Aft
Stbd
ed
Electric
Start
at
D
Port Stbd
52
Day Day
Tank Tank
52
ME1 ME2
06
T1
ef
GBX1 GBX2
rR
tte
SG2 SG1
TSB
6600V
Le
MP1 MP2
TSB1 TSB2
s
an
r le
BTT STT
SDT Motor Motor
O
ew
N
SDT
Day
S
Tank
B
A
ee
Page 20 of 96
S
3
01
-2
2) Power Generation and Auxiliary Systems
G
2.1 Fuel Oil System
U
-A
2.1.1 Fuel Oil System Diagrams
A) Figure A - Fuel Distribution Diagram
19
ed
at
D
52
52
06
T1
ef
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 21 of 96
S
3
01
-2
2.1.2 Fuel Oil System Description
G
Figure A shows a simplified diagram of the fuel service system. The diagram shows each of
the 3 main day tanks along with the supply and return piping to each engine. Notice in the
U
diagram that some valves are filled in black. These represent the valves that are required to
-A
be closed on the piping between the day tanks so that the each tank is isolated to the
following engines during DPS-2 operations:
19
Port Day Tank supplies: ME1, DG2 (ADG)
Stbd Day Tank supplies: ME2, DG1 (FDG)
ed
SDT Day Tank supplies: SDT Engine
at
Please note that Figure A is a representation of the fuel system. Please refer to the NAS
drawing M2 "Fuel Oil Service System," for a complete layout of the fuel service system.
D
An electronic governor controls the amount of fuel needed by the engine proportional to its
52
desired RPM.
A) Fuel System Safety Features
52
Level alarms - The day tanks have high and low level alarms and should be regularly
06
checked during watch keeping. The day tanks should also be checked for biological,
water, and particle contamination.
T1
Fuel Filtering - Each engine is equipped with 3 filters on the supply line, that allows the
fuel to be filtered before entering the engine.
ef
Mechanical Pump - Each engine directly drives its fuel pump. Loss of air or electric
power has no effect on the pump.
rR
Fail open supply valves - The supply valves will not close on loss of power or air.
Relief Valves - fuel system has relief valves for high pressure.
tte
2.1.3 Fuel System Operating Philosophy

Le
The fuel oil transfer system must remain isolated from the fuel service system during DP
operation. This way, a pump, purifier, or valve failure in the fuel transfer system, will have
s
no effect on the fuel service system.

an
When filling the day tanks from the settling tanks, the fuel should be run through the
centrifuges to prevent the possibility of a contamination transfer from the settling tanks to
r le
the day tanks. Each of the centrifuges must be dedicated to one day tank.
O
Keep the day tanks topped off to ensure fuel availability, and regularly check or replace
filters to prevent clogs.
ew
2.1.4 Failure Modes and Effects

N
The main failure modes that must be considered are the loss of any day tank supply.
Therefore, there are 3 main failure modes: loss of port day tank, loss of stbd day tank, and
S
loss of SDT day tank. The loss of a day tank supply to the engines can be caused by particle
B
contamination. Please refer to section 2.1.3 for tips on how to prevent fuel contamination.
The following table shows failures that can cause the loss of a day tank supply.
A
ee
Page 22 of 96
S
3
01
-2
A) Table A - Causes ofLoss ofDay Tank Supply
G
Failure Mode Effect Indication Result
Excessive particle Can clog filters. Can cause low Clogged filter alarm If filter is not replaced, the engines
U
contamination fuel pressure if filter is not supplied by the day tank will
inside day tank replaced. eventually fail from low pressure.
-A
Rupture or leak in Results in low fuel pressure Low fuel pressure The engines supplied by the fuel
day tank piping alarm piping will eventually fail from low
19
pressure.
Engine driven fuel Low fuel pressure to the Low fuel pressure Only the associated engine fails.
pump breaks or associated engine. and engine stopped
ed
stops alarm
Clog or blockage in Back pressure on fuel return Low fuel pressure and The engines supplied by the day tank
return line line to a day tank engine stopped alarm will eventually fail from low pressure.
at
Water Engines may run rough or Engine failure alarms The engines supplied by the day tank
contamination stop depending on level of will fail.
D
inside the day tank contamination.
B) Table B - Loss ofDay Tank Supply Effects
52
The following table shows the effects of the failure modes for loss of day tank supply.
52
Failure Mode 1 Effects Indication
1) Loss of Port Fuel supply to ME1 and DG2 fails. Both engines will begin to slow down due to loss of fuel. AMS alarms for
06
Day Tank supply engine low fuel
pressure
DG2 engine speed will begin slowing down and the SSB bus-tie will trip to prevent a AMS alarm for SSB
T1
reverse power failure. bus-tie trip.
DG1 breaker will eventually trip on low voltage killing power to SSB1. AMS alarm for
DG2 trip.
All consumers receiving a supply feed from SSB1 will either fail (if this is the only supply AMS alarms for
ef
feed to the consumer) or switch to a secondary/backup supply feed if it has one available. failed consumers.
ESB and the ELPs will fail. AMS alarms for
rR
failed consumers.
Loss of ME1 will cause SG2 and MP1 to fail. DPCS deselects
MP1. AMS alarms.
tte
Loss of SG2 will de-energize TSB1 and cause the electric drive motors for BTT to fail. Loss DPCS deselects
of the drive motor will cause BTT to fail. BTT. AMS alarms.
Le
The vessel will only have MP2, STT, and the SDT available for DP operation. DP operation
may continue with the reduced amount of thrusters, but the DPS will be operating with
reduced accuracy and reduced redundancy.
s
2) Loss of Stbd Fuel supply to ME2 and DG1 fails. Both engines will begin to slow down due to loss of fuel. AMS alarms for
an
Day Tank supply engine low fuel

pressure
r le
DG1 engine speed will begin slowing down and the SSB bus-tie will trip to prevent a AMS alarm for SSB
reverse power failure. bus-tie trip.
DG1 breaker will eventually trip on low voltage killing power to SSB2. AMS alarm for
O
DG1 trip.
All consumers receiving a supply feed from SSB2 will either fail (if this is the only supply AMS alarms for
feed to the consumer) or switch to a secondary/backup supply feed if it has one available. failed consumers.
ew
All the LPs will fail. AMS alarms for

failed consumers.
Loss of ME2 will cause SG1 and MP2 to fail. DPCS deselects
N
MP2. AMS alarms.

Loss of SG1 will de-energize TSB2 and cause the electric drive motor for STT to fail. Loss of DPCS deselects
S
the drive motor will cause STT to fail. STT. AMS alarms.
The vessel will only have MP1, BTT, and the SDT available for DP operation. DP operation
B
may continue with the reduced amount of thrusters, but the DPS will be operating with
A
reduced accuracy and reduced redundancy.

ee
Page 23 of 96
S
3
01
-2
3) Loss of SDT SDT engine will fail from loss of fuel supply. AMS alarms
G
Day Tank supply
Loss of SDT engine will cause SDT to fail. DPCS deselects
U
SDT. AMS alarms.
The vessel will have all thrusters except the SDT available for DP operation. DP operation
-A
may continue without SDT, but the DPS will be operating with reduced accuracy and
reduced redundancy.
19
2.1.5 Summary and Redundancy Concepts
ed
The fuel oil system valve configuration must be setup correctly with each day tank
isolated from each other, so that DP operation can continue after the failure of any single
at
fuel day tank. The DP FMEA Proving Trial document will contain tests to simulate the
loss of each day tank.
D
2.1.6 Significant Failures
52
Fuel contamination of the SDT day tank will result in the loss of the SDT.
52
06
The WCF of the fuel system is a fuel contamination of either the port or stbd day tank.
Loss of the Port Day Tank and results in the loss of DG2 and ME1. Loss of the DG2 will
T1
cause loss of SSB1. Loss of ME1 results in the loss of MP1 and SG2. Loss of SG2 results
in the loss of TSB1. Loss of TSB1 results in the loss of BTT. The end result is that the
DPS will operate with MP1 and BTT offline. This failure state equals the WCFDI
ef
operation of the vessel.

rR
Loss of the Stbd Day Tank and results in the loss of DG1 and ME2. Loss of the DG1
will cause loss of SSB2. Loss of ME2 results in the loss of MP2 and SG2. Loss of SG1
results in the loss of TSB2. Loss of TSB2 results in the loss of STT. The end result is
tte
that the DPS will operate with MP2 and STT offline. This failure state equals the
WCFDI operation of the vessel.
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 24 of 96
S
3
01
-2
2.2 Compressed Air System
G
U
2.2.1 Compressed Air System Diagrams
-A
A) Figure A - Compressed Air Distribution Diagram
19
ME1
Starting
Solenoid
Air Air
DG1 (Fwd)
ed
ESB Compressor Receiver Starting
1 1 Solenoid Engine
Starting SDT
at
Solenoid
Engine
DG2 (Aft) Battery
D
Starting
Motor Supply
Service Engine
Air
Air
52
Air
Receiver Starting
SSB2 Compressor Solenoid
2 2
ME2
52
2.2.2 Compressed Air System Description
06
Figure A shows a simplified diagram of the air compression system. The diagram shows the
T1
2 air compressors and 2 air receivers along with the supply piping to each engine. Notice
that there is a single air manifold that supplies the starting air to each engine. A rupture or
leak of this single manifold would cause the loss of starting air to every single engine that
ef
requires an air start. The only engines that do not use an air start are DG2 and EDG, since
rR
each has its own dedicated engine starting battery. Loss of air will have no effect on an
engine that is already started and running. Loss of the starting battery supply will also have
no effect if the engine is already started and running. The 2 air compressors work together
tte
in leading/lagging operation. If air pressure drops the leading air compressor will start. If
air continues to drop the lagging air compressor will also start.
Le

s
A) Table A - Compressed Air System

an
Failure Mode Effects Indication

1) Failure of leading This will have no immediate effect. If the air pressure starts to drop for some AMS alarms on low air
r le
air compressor reason, the lagging air compressor will still be available to maintain pressure. pressure only
2) Failure of lagging This will have no immediate effect. If the air pressure starts to drop for some AMS alarms on low air
O
air compressor reason, the leading air compressor will still be available to maintain pressure. pressure only
3) Failure of air This will have no effect since other air receivers provide redundancy. AMS alarms on low air
receiver pressure only
ew
4) Engine starting This will have no effect on DP operation. Engine would have to be stopped for
solenoid failure this failure mode to have an effect, and all engines must be running during DPS-
2 operation.
N
5) The common air This will cause the complete failure of the entire air compression system, and all AMS alarms on low air
manifold is the engines will lose their starting air supply. pressure only
S
compromised
Loss of starting air supply has no effect on DP operation. Engines would have to
B
be stopped for this failure mode to have an effect, and all engines are required to
be running during DPS-2 operation.
A
ee
Page 25 of 96
S
3
01
-2
G
There are no failure modes of the Air Compression System that have an effect on the
DPS. The DPS does not need compressed air to operate.
U
The Air Compression System is used to supply the starting air supply to all the engines
-A
that are equipped with an air starter. Engines would have to be stopped for loss of air to
19
have any effect, and all engines are required to be running during DPS-2 operation.
ed
WCF is a leak in the common air manifold, causing the complete failure of the entire
at
compressed air system. The resulting loss of starting air will have no effect if the engine
is currently running. Operator will be notified by a low starting air pressure alarm.
D
52
2.3 Heating, Ventilation, and Cooling System
52
2.3.1 HVAC System Description
06
The HVAC (Heating Ventilation & Cooling) system covers all enclosed spaces and all rooms
where DP relevant equipment is located. Each ER (engine room) ductwork system contains
T1
louvers and electric motor powered blowers for supply air and exhaust air. Circulation
blowers and space heaters are located throughout the vessel. Each switchboard, generator,
and motor starter panel is equipped with a space heater. Each thruster's electric drive
ef
motor is water cooled. Rooms on each deck with relevant electrical DPS equipment are kept
rR
at the required operating temperatures by the air conditioning system.

A) Engine Room Ventilation
tte
All of the vessel's engines are located in a single location - the ER. The ER contains 4 blowers
for supply and exhaust ventilation/combustion air. 2 blowers are located on the port side of
Le
the ER and use the port ductwork system, while the other two are located on the stbd side of
the ER and used the stbd ductwork system.
s
B) Other Machinery Space Ventilation

an
In addition to the ER blowers, the following blowers are located throughout the machinery
r le
spaces:
Bow Thruster Room Circulation Blower
O
Aft Compartment Port Supply Blower, Aft Compartment Stbd Supply Blower
ew
Rudder Room Port Exhaust Blower, Rudder Room Stbd Exhaust Blower
Shaft Alley Port Blower, Shaft Alley Stbd Blower
N
Cargo Area Port Circulation Blower, Cargo Area Stbd Circulation Blower
Shaft Alley Circulation Blower
S
B
A
ee
Page 26 of 96
S
3
01
-2
C) Heaters
G
The following heaters are located throughout the generator and electric drive motor
cabinets:
U
DG1 Heater, DG2 Heater
-A
BTT Motor Heater, STT Motor Heater
19
SG1 Heater, SG2 Heater
D) EDG Room Ventilation
ed
The EDG directly drives its radiator fan. Air escapes the EDG room through an exhaust vent.
The EDG room has its own variable speed blower powered from the ESB.
at
D
52
A) Table A - Loss ofEngine Room Ventilation
52
1) Failure of Port No effect on DPS operation, since Stbd Exhaust ER Blower remains operating. AMS alarm for failed
Exhaust ER Blower Other engine room blowers are still available to maintain adequate ventilation. blower
2) Failure of Stbd No effect on DPS operation, since Port Exhaust ER Blower remains operating. AMS alarm for failed
Exhaust ER Blower
3) Failure of Port
06
Other engine room blowers are still available to maintain adequate ventilation.
No effect on DPS operation, since Stbd Supply ER Blower remains operating.
blower
AMS alarm for failed
T1
Supply ER Blower Other engine room blowers are still available to maintain adequate ventilation. blower
4) Failure of ER Stbd No effect on DPS operation, since Port Supply ER Blower remains operating. AMS alarm for failed
Supply Blower Other engine room blowers are still available to maintain adequate ventilation. blower
ef
B) Table B - Machinery Space Ventilation

rR

1) Bow Thruster Room Circulation Blower is not vital to DPS. AMS alarm for failed blower
Blower
tte
2) Aft Compartment Port Supply Blower is not vital to DPS. AMS alarm for failed blower
Blower
3) Aft Compartment Stbd Supply Blower is not vital to DPS. AMS alarm for failed blower
Le
Blower
4) RD Room Port Exhaust Blower Blower is not vital to DPS. AMS alarm for failed blower
5) RD Room Stbd Exhaust Blower Blower is not vital to DPS. AMS alarm for failed blower
s
6) Shaft Alley Port Supply Blower Blower is not vital to DPS. AMS alarm for failed blower
an
7) Shaft Alley Stbd Supply Blower Blower is not vital to DPS. AMS alarm for failed blower
8) Shaft Alley Stbd Supply Blower Blower is not vital to DPS. AMS alarm for failed blower
9) Cargo Area Port Circulation Blower Blower is not vital to DPS. AMS alarm for failed blower
r le
10) Cargo Area Stbd Circulation Blower is not vital to DPS. AMS alarm for failed blower
Blower
11) Shaft Alley Circulation Blower Blower is not vital to DPS. AMS alarm for failed blower
O
C) Table C - Machinery Heaters

ew

1) DG1 Heater No effect on DPS operation. AMS alarm for failed heater
2) DG2 Heater No effect on DPS operation. AMS alarm for failed heater
N
3) SG1 Heater No effect on DPS operation. AMS alarm for failed heater
4) SG2 Heater No effect on DPS operation. AMS alarm for failed heater
S
5) BTT Motor Heater No effect on DPS operation. AMS alarm for failed heater
B
6) STT Motor Heater No effect on DPS operation. AMS alarm for failed heater
A
ee
Page 27 of 96
S
3
01
-2
G
U
The ER ventilation system is redundant in regard that there are 2 blowers with a
-A
ductwork system located on the port side of the ER and there are 2 blowers with a
ductwork system located on the stbd side of the ER.
19
Adequate ventilation air will remain after the failure of a single blower. Loss of multiple
blowers can occur as the result of one SSB section failing. Adequate ventilation air
ed
remains for DP operation to continue after the failure of either SSB section. For detailed
analysis, please refer to section 3.2.
at
D
Failure of SSB1 results in the loss of the following ER blowers:
52
o Port Exhaust ER Blower and Stbd Supply Engine ER Blower.
52
Failure of SSB2 results in the loss of the following ER blowers:
o Stbd Exhaust ER Blower and Port Supply Engine ER Blower.
06
WCF of the HVAC System is the loss of an ER blower, however, the loss of multiple
blowers can occur resulting from a failure of a single SSB section. For detailed analysis,
T1
please refer to section 3.2. The most significance of a SSB section failure on the HVAC
System is the loss of 2 ER blowers.
ef
rR
2.4 Water Cooling Systems

tte
2.4.1 Water Cooling System Diagrams

Le
s
an
r le
O
ew
N
S
B
A
ee
Page 28 of 96
S
3
01
-2 Pump 1
Starter Box
Grid Cooler
Grid Cooler
24 JUL 13
G STT Electric Drive

Motor Cooler After Cooler
U Water Cooler
After Cooler
-A
MP1 Servo
Oil Cooler
Start
Pump
DC DC SSB1
Water Cooler
19 Auto Start Standby Pump 1 - Primary
Figure A - ME, DG, SG, STT, & RG FWC and Stern Tube SWC Diagrams
on Low Press Pump 2 - Standby Cool

Servo Pump Running Pump
Switch MP1 Cool
MP1 Gear
ed
Expansion
Oil Cooler Clutch Closed ECU Pump Expansion

Box
Tank
Tank
at Engine Running
ECM ME1 Expansion
Tank
D Pump 1 - Standby
Pump 2 - Primary DG1
SG1 Start Cool
Cooler Pump DC DC SSB2 Pump
Cool
Expansion
52 Pump Tank
Campos Challenger - NAV Hull 107
Keel Cooler
Pump 2
Starter Box
52 Jacket Water
06 Cooler
Jacket Water
Cooler
MP1 Shaft
T1 Grid Cooler
Grid Cooler
Page 29 of 96
Bearing Cooler
Sea
ef Grid Cooler
Chest
MP2 Shaft
Bearing Cooler
Pump 1
rR Grid Cooler After Cooler
Water Cooler
Starter Box
tte
After Cooler
Water Cooler
MP2 Servo Start DC DC SSB2
Le Cool
Oil Cooler Pump
s Pump Expansion
Auto Start Standby Pump 1 - Primary Tank
MP2 Gear
on Low Press
Switch
Pump 2 - Standby
Servo Pump Running
MP2
Cool
Pump
an DG2
Expansion
Oil Cooler Box Clutch Closed ECU
r le
Tank
Expansion
Engine Running
Pump 1 - Standby
ECM ME2 Expansion
Tank
Cool
Pump
O Tank
Pump 2 - Primary
SG2 Start Cool
DPS-2 FMEA
Cooler Pump DC DC SSB1 Pump

ew
Jacket Water N
Keel Cooler Cooler
Pump 2 S
A) Starter Box Jacket Water
Cooler Grid Cooler B
Grid Cooler
A
ee
S
3
01
-2 Grid Cooler Pump 1
Starter Box
24 JUL 13
G After Cooler
U Water Cooler
-A ESB DC DC Start
19 Pump 1 - Primary
Pump
Auto Start Standby SDT Servo
Pump 2 - Standby on Low Press Oil Cooler
Cool
Expansion ed Pump SDT Servo Pump Running Switch
Expansion
Tank
at ECU Clutch Closed
Box
Tank
SDTD ECM Engine Running
Pump 1 - Standby
SDT Gear
Oil Cooler
Pump 2 - Primary
Expansion
Tank
Cool 52 SSB2
Start
Campos Challenger - NAV Hull 107
DC DC Pump
Pump
52
06 Pump 2
Keel Cooler
Jacket Water
Cooler
T1 Starter Box
Figure B - BTT & SDT FWC Diagrams
Page 30 of 96
Pump 1
ef
Grid Cooler Starter Box
rR
tte
SSB1 DC DC Start
Pump
Le
Pump 1 - Primary Auto Start Standby s
Pump 2 - Standby on Low Press
BTT
Motor Running Switch an
BTT Electric Drive
Expansion
Motor Starter
Box Motor Cooler
r le
Tank
Cabinet
Pump 1 - Standby O
Pump 2 - Primary
Start
DPS-2 FMEA
SSB2 DC DC Pump ew
Keel Cooler
N
B) Pump 2
S
Starter Box
B
A
ee
S
3
01
-2
2.4.2 Water Cooling System Description
G
All of the engines, generators, and thruster drive motors are cooled by FWC (fresh water
cooling) systems. The MP stern tubes are cooled by a single SWC (sea water cooling) system.
U
Figure A shows a simplified diagram of the FWC systems for the MEs, DGs, SGs, STT, and
-A
RGs. It also shows the SWC system for each MP stern tubes. Figure B shows a simplified
diagram of the FWC systems for the BTT and SDT.
19
A) FWC Systems for Engines
ed
There are 5 individual FWC/grid cooler systems for each engine: ME1, ME2, DG1, DG2, and
SDT. Each engine's FWC systems consists of 2 separate sub-systems: 1 for jacket water
at
cooling and the other for after cooling. Each FWC is dedicated to a single engine, and is
completely isolated from all other FWC systems. SSB failures have no effect on the engine
D
FWC since pumps are engine driven and valves are not electrically actuated.
Each engine FWC system operates in a closed loop cycle and doesn't use an external power
52
source or air supply. Therefore, engine FWC system is self-contained and isolated from all
other systems.
52
B) FWC Systems for Gears, Generators, Motors
06
There are 4 individual FWC/keel cooler systems used to cool all the gearboxes and the
electric drive motors. Each thruster FWC system operates in a closed loop cycle and
T1
exchanges heat though a channel cooler submerged in sea water and located in the vessel's
keel. Each of the 4 FWC systems is completely isolated from all other FWC systems. 2
electric pumps circulate the cooling water, where 1 pump operates while the other remains
ef
in standby. The pump in standby will auto-start on low pressure. 1 pump is powered from
rR
SSB1 while the other pump is powered from SSB2.

The vessel contains the following FWC/keel cooler systems:
tte
MP1 FWC cools the following:

o STT Drive Motor
Le
o MP1 Servo Oil Cooler, MP1 Gear Oil Cooler

o SG2 Cooler
s
an
MP2 FWC cools the following:

o MP2 Servo Oil Cooler, MP2 Gear Oil Cooler
r le
o SG1 Cooler
SDT FWC cools the following:
O
o SDT Servo Oil Cooler, SDT Gear Oil Cooler

ew
BTT FWC cools the following:

o BTT Drive Motor
N
Each SG uses the same FWC system used by the its corresponding MP. The SG heat exchange
S
is performed by having a water block absorb the heat of the SG and a convection radiator
that exchanges the heat into the surrounding atmosphere. A gearbox driven fan mounted on
B
the radiator blows the surrounding air away.

A
ee
Page 31 of 96
S
3
01
-2
C) Stern Tube SWC Systems
G
The MP1 stern tube and MP2 stern tube are cooled by a single SWC system. 2 electric pumps
circulate the cooling water from the sea chest, where 1 pump operates while the other
U
remains in standby. 1 pump is powered from SSB1 while the other pump is powered from
-A
SSB2.
19
A) Table A - Water Cooling System Failures
ed
1) Failure of engine Loss of coolant pressure will eventually cause the FWC to reach high temps. AMS warnings, then
at
driven cooling pump Engine may shutdown on high temp. alarms for high temps
2) Failure of electric Coolant pressure will begin decreasing and the standby pump will eventually AMS warnings, then
D
cooling pump auto-start when the low pressure set point is reached. alarms for high temps
52
52
Each FWC system is separate from all other FWC systems. A failure of any one FWC
system has no effect on the other FWC systems.

06
Each thruster's FWC system contains 2 electric motor driven circulation pumps. I pump
is powered by SSB1 and the other pump is powered by SSB2. During operation one
T1
pump will be running and the other pump will be in standby. The pump in standby will
auto-start on low pressure.
The MP1/SG2/STT share the same FWC system.
ef
rR

WCF is a complete failure of MP1/SG2/STT FWC system, which will eventually cause
tte
MP1, SG2, and STT to fail because of high temperature. (Loss of SG1 kills power to TSB1
and results in the loss of BTT. The end result is the loss of: MP1, BTT, and STT.) However
Le
the MP1/SG2/STT FWC system is acceptable for DPS-2 operation since the piping is
static and reasonably protected from damage. Regular maintenance should check the
piping for damage or leaks; otherwise loss of FWC for the MP1, SG2, and STT could
s
occur. High temp alarms should be regularly checked during routine maintenance
an
procedures.
r le
O
ew
N
S
B
A
ee
Page 32 of 96
S
3
01
-2
2.5 Lubrication Systems
G
U
2.5.1 Lubrication System Description
-A
Each engine is equipped with its own independent lubrication system. An engine driven
lube pump is used to circulate the oil. The lube oil circulates through the engine in a closed
19
loop cycle.
Each engine has its own separate lubrication system. Each system operates in a closed loop
ed
cycle, and does not use an external power source or air supply. The corresponding engine
mechanically drives all lubrication system devices and components. There is a pre-lube
at
pump that is electrically powered, that is only needed to start the engine. The pre-lube
pump is not used while the engine is running. Therefore, each engine’s lubrication system is
D
self-contained and isolated from all other systems. Failure of the lube system of one engine
has no effect on the other engines.
52
52
A) Table A - Lube System Failures
Failure Mode
1) Failure of engine
Effects 06
Loss of lube pressure will eventually cause a shutdown initiated on low lube
Indication
AMS warnings, then
T1
driven lube pump pressure. alarms for low pressure

ef
An engine fault, such as those associated with the lubricating oil system, may result in
rR
the failure of one engine, but the other engines will not be effected. Separate lubrication
systems are fitted on each engine.
tte

Le
WCF is a loss of lubrication for either ME, which will eventually cause the faulty ME to
shutdown on low lube pressure. Loss of a ME will fail the associated MP and SG. Loss of a
SG kills power to associated TSB section and results in the loss of the associated tunnel
s
thruster. The end result is the loss of: one MP and one tunnel thruster.
an
r le
O
ew
N
S
B
A
ee
Page 33 of 96
S
3
01
-2
2.6 Emergency Stop System
G
U
2.6.1 EStop Diagram
-A
Aft Bridge FWD Bridge Engine Control
Console Console Room Console
19
ME1 EStop ME1 EStop ME1 EStop
ed
ME1 ECM
+ _ _ _ _
+ + +
at
D
ME2 EStop ME2 EStop ME2 EStop
52
ME2 ECM
52
+ _ _ _ _
+ + +
06
T1
Engine Room
BTTEStop BTTMotor Starter

BTTEStop BTTEStop
ef
Cabinent
rR
Starting Relay
+ _
tte
SDTEStop SDTEStop SDTEStop

Le
SDTEngine
ECM
s
+ _ _ _ _
+ + +
an
r le
STTEStop STTMotor Starter

O
STTEStop STTEStop
Cabinent
ew
Starting Relay
+ _
N
S
B
A
ee
Page 34 of 96
S
3
01
-2
2.6.2 EStops Description
G
The EStop (emergency stopping) pushbuttons are located on the fwd bridge console, aft
bridge console, and the engine room.
U
A) Engine EStops
-A
The MEs and the SDT engine have separate EStop (emergency stopping) circuits that are
19
normally open switches in parallel. The EStops are hardwired directly to the engine control
box, and any switch closure will cause the associated engine to shutdown. When the stop
ed
signal is sent, the air flap on the engine closes, starving it of combustion air until it shuts
down.
at
B) Drive Motor EStops
D
Each drive motor has separate EStop circuits that are normally closed switches in parallel.
The EStops are hardwired directly to the motor starter cabinet, and any switch opening will
52
cause the associated motor to stop. When the stop signal is sent the motor contactor opens,
removing the supply power to the motor until it stops.
52
A) Table A - EStops 06
T1
1) Open failure of No effect, other than the EStop will not work when the pushbutton is pressed. None
engine EStop
ef
2) Short circuit failure The associated engine will shutdown. AMS Alarm.
of an engine EStop
rR
3) Open failure of The associated drive motor will stop. AMS Alarm.
motor EStop
4) Short circuit failure Normally will have no effect. Depending on the location of the short, motor may None
of an engine EStop not be able to be stopped using the EStop. Alternate means of stopping the
tte
motor can be used instead.

Le

There is no loop monitoring on the EStop circuits, so an open failure of an engine EStop
s
will not generate an alarm. Therefore, EStops must be regularly tested to ensure correct
an
operation.
Operation of the EStops does not cause any unexpected results or SPFs that result in loss
r le
of station, but there is no detection for failure of open switches (for the engines), so
regular maintenance is required.
O

ew
Loss of either thruster motor can occur due to an open circuit failure of an EStop.
N
WCF is the loss of either ME due to a short in the EStop circuit.

S
B
A
ee
Page 35 of 96
S
3
01
-2
2.7 Generator Control Systems
G
U
2.7.1 Generator Control System Diagrams
-A
A) Figure A - SG Control System
19
Power Source Color Legend
Bus-Tie
Supply
ed
Main Main
Supply LP Supply
TSB1 AC Transfer Transfer TSB2 AC
at
Supply Bus Switch Switch Supply Bus
BU BU
Supply ELP Supply
D
52
Load-Sharing
Line
PWM Speed PWM Speed
Command
52
Command
ECM ME1 ME2 ECM
Engine
LSM
Engine
LSM RPM RPM
Fault
Fault
Control Control
Exciter
06 Exciter
T1
Field Manual Manual Field
DPR SG1 Voltage Voltage SG2 DPR
Permanent Regulator Regulator Permanent
Magnet Magnet
ef
SG SG SG SG
Power
Volt
Power
Power
Volt
Power
PT
FB
FB
PT CT
Input
Input
Field
CT
Field
Amps FB Volts FB Volts FB Amps FB

rR
SG SG
PT PT Volts FB
Volts FB
RPM
RPM
FB
FB
AVR1 AVR1
SG SG
tte
Fault AVR2 AVR2 Fault

EGCP-2 Trip Trip EGCP-2
Le
Breaker Breaker
Status Status
Trip Trip
s
DPR Trip
an
Bus Bus-Tie Bus

PT (Multilin) PT
Volts FB
Volts FB
r le
TSB1 TSB2
PT CT
6600V 6600V
O
Motor Motor
Contactor Contactor
ew
Panel Panel
N
BTT STT
S
Motor Motor
B
A
ee
Page 36 of 96
S
3
01
-2
B) Figure B - DG Control System
G
U
SSB1 DC
-A
DG1 BPS Supply Bus
Bus-Tie DC
19
Supply Bus
SSB2 DC
DG2 BPS Supply Bus
ed
at
Load-Sharing
Line
D
PWM Speed PWM Speed
Command Command
DG1 DG2
52
ECM ECM
Engine Engine
Engine
LSM
Engine
LSM RPM RPM
Fault
Fault
Control Control
52
Protective
Relays
DG1
Exciter
Field Manual
Voltage
06 Manual
Voltage
Exciter
Field
DG2 Protective
Relays
T1
Permanent Regulator Regulator Permanent
Magnet Magnet
SG SG SG SG
Power
ef
Volt
Power
Power
Volt
Power
PT
FB
FB
PT CT
Input
Field
Input
CT
Field
Amps FB Volts FB Volts FB Amps FB

SG SG
rR
PT PT Volts FB
Volts FB
RPM
RPM
FB
FB
AVR1 AVR1
tte
SG SG
Fault AVR2 AVR2 Fault
Le
EGCP-2 Trip Trip EGCP-2
Breaker Breaker
s
Status Status
an
Trip Trip
Monitoring Trip
r le
Bus Relay Bus-Tie Bus

PT PT
Volts FB Volts FB
O
CT PT
SSB1 SSB2
ew
480V 480V
N
120V 120V
PT PT
S
Reversing Contactor
B
A
ee
Page 37 of 96
S
3
01
-2
2.7.2 SG (& ME) Control System Description
G
A) Overview
U
Figure A shows a simplified diagram of the SG (shaft generator) control system. The SGs are
-A
used to power the TSB sections. There are 2 SGs:
SG2 - driven by ME1 and connected to TSB1
19
SG1 - driven by ME2 and connected to TSB2
ed
B) SG Control System Components
LSM (Load Sharing Module) - allows the generators to share the load evenly when they
at
are operated in parallel. Since the SGs are not operating in parallel during DPS-2
D
operation, the LSMs will not be vital to DP operation.
o SG2 LSM powered by: TSB1 AC supply bus
52
o SG1 LSM powered by: TSB2 AC supply bus
52
o Make: Woodward, Model: 9907
DPR (Digital Protection Relay) - is a microprocessor-based relay unit that monitors the
06
bus for faults and will trip the SG breaker when the faults are detected. The DPR is the
SG's main protection relay, while the EGCP is used for backup.
T1
o SG2 DPR powered by: TSB1 AC supply bus
o SG1 DPR powered by: TSB2 AC supply bus
ef
o Make: GE Multilin, Model: SR489

rR
EGCP (Engine Generator Control Package) - is a microprocessor-based control unit

primarily used to synchronize the SGs to the TSB. The EGCP will also monitor the bus for
faults (in addition to the DPR) and trip the SG breaker when the faults are detected.
tte
o SG2 EGCP powered by: TSB1 AC supply bus

Le
o SG1 EGCP powered by: TSB2 AC supply bus

Input Circuit Breaker - Each SG's input bus line has a circuit breaker to separate it from
s
the main bus line, configured with a voltage trip coil.

an
o SG2 Input Breaker Circuit powered by: TSB1 AC supply bus

o SG1 Input Breaker Circuit powered by: TSB2 AC supply bus
r le
Control Supply Bus - The control supply bus is a combination of two feeds from
different power sources.
O
o Primary power source: LP feed

ew
o Secondary power source: ELP feed

C) TSB Bus-Tie Control System Components
N
Bus-Tie DPR - is a microprocessor-based relay unit that monitors the main bus-bar for
S
faults and will trip the bus-tie breaker when the faults are detected. During DPS-2
B
operation, the bus-tie DPR is not vital since the bus-tie is open.
A
o Bus-Tie DPR primary power: LP feed

ee
Page 38 of 96
S
3
01
-2
G
D) ME RPM Control System Components
U
ECM (Engine Control Module) - interfaces with the SG controls for the ME's RPM control.
The ME runs at constant speed while the SGs are online. The ECM also performs the
-A
protection and monitoring of the engine.
19
o ME1 ECM powered by: ME1/MP1 BPS
o ME2 ECM powered by: ME2/MP2 BPS
ed
2.7.3 DG Control System Description
at
A) Overview
D
Figure B shows a simplified diagram of the DG (diesel generator) control system. The DGs
are used to power the SSB sections. There are 2 DGs:
52
DG2 - driven by a dedicated engine and connected to SSB1
52
DG1 - driven by a dedicated engine and connected to SSB2
There is 1 EDG (Emergency Diesel Generator) that normally operates in standby and can re-
06
power the ESB (Emergency Switchboard), if the normal supply feed from SSB1 is lost.
B) DG Control System Components
T1
LSM (Load Sharing Module) - allows the DGs to share the load evenly when they are
operated in parallel.
ef
o DG2 LSM powered by: SSB1 DC supply bus

rR
o DG1 LSM powered by: SSB2 DC supply bus

o Make: Woodward, Model: 723
tte
EGCP (Engine Generator Control Package) - is a microprocessor-based relay unit that

monitors the bus for faults and will trip the DG breaker when the faults are detected. The
Le
EGCP is the DG's main protection relay, while individual APRs (analog protection relays)
are used for backup. The EGCP is also used to synchronize the DGs to the SSB.
s
o DG2 EGCP powered by: SSB1 DC supply bus

an
o DG1 EGCP powered by: SSB2 DC supply bus

r le

APR (Analog Protection Relay) - individual relays used to monitor the bus for faults and
O
trip the DG breaker when the faults are detected.

o Each APR is powered by: a 120VAC supply feed via a PT connected to the input
ew
bus line
Input Breaker Control Circuit - Each DG's input bus line has a circuit breaker to separate
N
it from the main bus line, configured with a voltage trip coil.
S
o DG2 Input Breaker Circuit powered by: a 120VAC supply feed via a PT connected
to the input bus line
B
A
ee
Page 39 of 96
S
3
01
-2
o DG1 Input Breaker Circuit powered by: a 120VAC supply feed via a PT connected
to the input bus line
G
Control Supply Bus - The control supply bus is a combination of two feeds from different
U
power sources.
-A
o SSB1 DC Control Supply Bus primary power source: DG2 BPS
o SSB1 DC Control Supply Bus secondary power source: AUX2 BPS
19
o SSB2 DC Control Supply Bus primary power source: DG1 BPS
o SSB2 DC Control Supply Bus secondary power source: AUX2 BPS
ed
C) SSB Bus-Tie Control System Components
at
Bus-Tie DPR - is a microprocessor-based relay unit that monitors the main bus-bar for
D
faults and will trip the bus-tie breaker when the faults are detected.
Bus-Tie Breaker Control Circuit - The main bus-bar has a circuit breaker to separate the
52
two SSB sections. It is configured with a voltage trip coil.
52
o Both sides of the SSB power the Bus-Tie Breaker Control Circuit. One feed from
each side of the SSB enters a PT. The PT drops down the voltage to a level
06
acceptable to power the Breaker Control Circuit. One feed from each PT enters a
reversing contactor. The reversing contactor selects the feed with higher voltage
and sends the feed to the Breaker Control Circuit.
T1
D) DG Engine RPM Control System Components

ef
ECM (Engine Control Module) - interfaces with the DG controls for the Engine's RPM
control. The ECM also performs the protection and monitoring of the engine.
rR
o DG1 ECM powered by: DG1 BPS

o DG2 ECM powered by: DG2 BPS
tte
2.7.4 General Descriptions

Le
A) Load Sharing Module

s
Each generator contains a LSM, which controls the speed and load sharing functions of its
an
generator. The LSM monitors the bus frequency and tweaks each engine’s fuel rack
proportionately to match any change in frequency. Each LSM attempts to maintain the bus
r le
frequency at the normal operation frequency of 60Hz. If the generator's load starts to
increase/decrease, the engine RPM will start to decrease/increase. The LSM will counter a
O
change in the engine RPM by sending a speed signal to the engine, meant to bias the fuel
rack proportionately to the engine load. The LSM makes sure the engines work evenly to
ew
maintain the bus frequency, by verifying each engine's torque output over the load-sharing
lines.
N
S
B
A
ee
Page 40 of 96
S
3
01
-2
B) Voltage Regulators
G
There are two AVRs (Automatic Voltage Regulators) per each generator, however they do
not run in parallel. If one fails the operator must manually switch to the other AVR. The AVR
U
adjusts the excitation field so the desired voltage output can be made suitable for field
-A
conditions, by switching on and off many times a second. The desired output voltage is
determined by the LSM, which is directly interfaced to the AVR. The LSM provides
19
correction signals to the engine governor and the AVR until the waveforms are matched in
phase and magnitude.
ed
C) Generator Protection System
The generator protection system detects the following types of faults:
at
Over excitation (trips breaker)
D
Under/Over Voltage (trips breaker)
52
Under/Over Frequency (trips breaker)
Over Current (trips breaker)
52
Phase Reversal (trips breaker)

Reverse Power (trips breaker)
High Bearing Temperature
06
T1
High Stator Temperature

D) Engine Control
ef
Each engine has an Engine Interface Box used to interface the switchboard controls with the
rR
ECM. The ECM controls the engine: speed via the governor, start/stop, and
protection/monitoring systems. Each ECM is powered from the associated engine's BPS.
tte
The switchboard controls are used to manage the engine RPM, since each engine must
operate at the same RPM while the generators are synchronized and in parallel
Le
configuration sharing loads. Synchronization is achieved by interfacing the EGCP with the
governor. The LSM sends a PWM (pulse width modulation) signal to the governor, which
biases the engine speed.
s
an
The engine protection system will shutdown the engine if it detects the following types of
faults:
r le
Low Lube Oil Level

High Lube Oil Pressure
O
Pressure
ew
Overspeed
High Coolant Temperature
N
Current Differential
S
Loss of Control Power to ECM

B
A
ee
Page 41 of 96
S
3
01
-2
E) Bus-Tie Protection System
G
The bus-tie protection system detects the following types of faults:
U
Reverse Power (trips bus-tie)
-A
Over Current (trips bus-tie)
Reverse VARs (trips bus-tie)
19
Short Circuit (trips bus-tie)
The bus-tie will automatically trip when a fault is detected on the bus bar. Each bus-tie is
ed
interfaced to a DPR, which monitors the bus bar for faults. When the DPR detects a fault, the
bus-tie will trip (if it is closed) and load-sharing will stop between the generators. The DPR
at
trips the bus-tie by sending a shunt trip signal to the DC trip coil located on the Bus-Tie
D
Breaker Control Circuit. The Breaker Control Circuit stops generator load-sharing by
opening an auxiliary contact to the Load Share Relay. The Load Share Relay opens the Load
52
Share Line connected between the two LSM.
52
A) DG FMEA Table
Failure Mode Effects 06 Indication
T1
1) Loss of DG1 As DG1 engine speed drops, under frequency on SSB2 is detected and the DG1 AMS alarm for DG1 trip
(defective gen) breaker is tripped. SSB2 remains powered from DG2 (parallel
gen).
DP operation continues with reduced DG redundancy.
ef
2) Loss of DG2 As DG2 engine speed drops, under frequency on SSB1 is detected and the DG2 AMS alarm for DG2 trip
(defective gen) breaker is tripped. SSB1 remains powered from DG1 (parallel
rR
gen).
3) DG ECM fails ECM detects internal fault and shuts down engine. AMS alarm for Engine
tte
failure
As the engine speed drops, under frequency on the bus is detected tripping the AMS alarm for DG trip
faulty DG breaker.
Le
SSB remains powered from the parallel DG.

4) DG LSM fails Engine drops to idle AMS alarm for Engine
s
failure
an
faulty DG breaker.
r le

5) DG EGCP fails The breaker status and bus power info to the AMS is disabled. AMS alarm
O
APRs are not effected.

DP operation continues with reduced DG protection.
ew
6) DG1 AVR fails DG1 breaker trips on Under Voltage and bus-tie trips on Reverse Power. AMS alarm for DG1 trip
and bus-tie trip
SSB1 remains powered from DG2. Temporary loss of ESB and ELP until EDG AMS alarm for failed
N
auto starts and restores power. consumers. Indication

for EDG running.
DP operation continues with only SSB2 section powered.
S
7) DG2 AVR fails DG2 breaker trips on Under Voltage and bus-tie trips on Reverse Power. AMS alarm for DG2 trip
B
and bus-tie trip

SSB2 remains powered from DG1. Loss of the LPs. AMS alarm for failed
A
consumers.
ee
Page 42 of 96
S
3
01
-2
8) DC Control Supply DC Control Supply Bus is automatically supplied by secondary feed, when AMS Alarm
G
Bus - Loss of primary primary feed is lost.
feed
U
9) DC Control Supply DC Control Supply Bus is automatically supplied by primary feed, so there is no AMS Alarm
Bus - Loss of
-A
effect when secondary feed is lost.
secondary feed
10) SSB1 DC Control DG2 breaker trips on Under Voltage and bus-tie trips on Reverse Power. AMS alarm for DG2 trip
19
Supply Bus fails and bus-tie trip
SSB2 remains powered from DG1. Temporary loss of ESB and ELP until EDG AMS alarm for failed
auto starts and restores power. consumers. Indication
for EDG running.
ed
11) SSB2 DC Control DG1 breaker trips on Under Voltage and bus-tie trips on Reverse Power. AMS alarm for DG1 trip
at
Supply Bus fails and bus-tie trip
SSB1 remains powered from DG2. Loss of the LPs. AMS alarm for failed
D
consumers.
52
B) SG FMEA Table
52
1) Loss of SG2 SG2 trips and supply power is lost to TSB1. AMS alarm for SG1 trip
Power supply to BTT drive motor is lost, and BTT fails. AMS and DPCS alarms
06
DP operation continues with reduced thruster redundancy and reduced
accuracy.
for lost BTT
T1
2) Loss of SG1 SG1 trips and supply power is lost to TSB2 AMS alarm for SG2 trip
Power supply to STT drive motor is lost, and STT fails. AMS and DPCS alarms
for lost STT
ef
DP operation continues with reduced thruster redundancy and reduced

accuracy.
rR
3) ME/SG ECM fails ECM detects internal fault and shuts down engine. AMS alarm for Engine
failure
As the engine speed drops, under frequency on the bus is detected tripping the AMS alarm for SG trip
faulty SG breaker.
tte
Power supply to the associated TSB is lost. The thruster motor powered by the AMS and DPCS alarms
faulty TSB section will fail. for lost thruster
Le
The associated MP will also fail. AMS and DPCS alarms

for lost MP
DP operation continues with one MP and one tunnel thruster offline. DPS
operates with reduced thruster redundancy and reduced accuracy.
s
4) SG LSM fails AMS alarm for Engine

an
Engine drops to idle.

failure
As the engine speed drops, under frequency on the bus is detected tripping the AMS alarm for SG trip
faulty SG breaker.
r le
O
DP operation continues with one tunnel thruster offline. DPS operates with
reduced thruster redundancy and reduced accuracy.
4) SG EGCP fails AMS alarm
ew
The breaker status and bus power info to the AMS is disabled.
DPR is not effected.
DP operation continues with reduced SG protection.
N
5) SG DPR fails DPR fails. No effect since EGCP is still operating. AMS alarm
DP operation continues with reduced SG protection.

S
6) SG AVR fails SG breaker trips on Under Voltage. AMS alarm for SG trip
B
A

ee
Page 43 of 96
S
3
01
-2
DP operation continues with one tunnel thruster offline. DPS operates with
reduced thruster redundancy and reduced accuracy.
G
7) AC Control Supply AC Control Supply Bus is automatically supplied by secondary feed, when AMS Alarm
Bus - Loss of primary primary feed is lost.
U
feed
8) AC Control Supply AMS Alarm
-A
AC Control Supply Bus is automatically supplied by primary feed, so there is no
Bus - Loss of effect when secondary feed is lost.
secondary feed
19
9) TSB1 AC Control SG2 breaker trips on Under Voltage. AMS alarm for SG1 trip
Supply Bus fails
Power supply to the TSB1 is lost. The BTT motor powered by TSB1 section will AMS and DPCS alarms
fail causing the BTT to fail. for lost thruster
ed
DP operation continues with BTT offline. DPS operates with reduced thruster
redundancy and reduced accuracy.
at
10) SSB2 DC Control SG1 breaker trips on Under Voltage. AMS alarm for SG2 trip
Supply Bus fails
D
Power supply to the TSB2 is lost. The STT motor powered by TSB2 section will AMS and DPCS alarms
fail causing the STT to fail. for lost thruster
DP operation continues with STT offline. DPS operates with reduced thruster
52
redundancy and reduced accuracy.
C) Bus-Tie FMEA Table
52
06
1) Loss of SSB Bus-Tie Bus-Tie opens. SSB sections are operated split, if fault does not cause a gen trip. AMS alarm for bus-tie
DPR trip
2) Loss of TSB Bus- Bus-Tie remains open. No effect on operation. AMS alarm
T1
Tie DPR

ef
The SG's must be operated split with the TSB bus-tie open. The DG's are to be operated
rR
in parallel configuration sharing loads.

An open bus-tie allows the port and stbd TSB sections to be isolated so that failure of any
tte
one SG will only fail one section. DP operation can continue after a failure of either TSB
section.
Le
The SSB is run with a closed bus, but the SSB bus-tie will open on faults and isolated the
two SSB sections. Only one SSB section can be lost as the result of a single failure. All
s
thrusters are equipped with engine driven pumps for hydraulic control and receive
an
control power supplies from BPS.

r le

The WCF is an ECM failure of either ME. The end result of this failure is one tunnel
O
thruster offline and one MP offline.

ew
An AVR failure on either DG will fail one section of the TSB. The bus-tie will trip on
reverse power and the faulty DG will trip on under voltage, causing one SSB section to
fail.
N
Loss of a SG will cause the loss of one tunnel thruster.

S
B
A
ee
Page 44 of 96
S
3
01
-2
2.8 Electric Drive Motor Control Systems
G
U
2.8.1 Electric Drive Motor Control System Diagrams
-A
A) Figure A - Constant Speed Motor Control System
19
Bus-Tie
ed
Supply
at
Main Main
Supply LP Supply
Transfer TSB2 AC
D
TSB1 AC Transfer
Supply Bus Switch Switch Supply Bus
BU BU
52
Supply ELP Supply
52
TSB1 TSB2
6600V 06
6600V
T1
Control Control
PT PT
Voltage Voltage
ef
Blown Blown
rR
Ground Fuse Fuse Ground

Fault Fuse Fuse Fault
Box Box
Detector Detector
tte
Blown Blown
Le
Zero Pitch Block Start Fuse Fuse Block Start Zero Pitch
Starter Start Start Starter
Low Servo Press Master Master Low Servo Press
BTT Remote Trip Trip Trip R emote Trip STT
s
ECU 4-20mA Motor Load FB Relay Relay 4-20mA Motor Load FB ECU
an
Bus Fault Bus Fault

Motor Running Contactor Contactor Motor Running
Status Status
r le
DPR Bus Voltage Bus Voltage DPR

O
Bus Bus
AMS Monitoring
ISO PT PT ISO
Monitoring AMS
Bus Current Bus Current
ew
Stop Stop Motor CT CT Stop Motor Stop

Button Button
N
Stop Motor Stop Motor

EStop Temperature Temperature EStop
BTT STT
S
Motor Motor
B
A
ee
Page 45 of 96
S
3
01
-2
2.8.2 Electric Drive Motor Control System Description
G
Each tunnel thruster is driven by an electric motor that runs at constant speed. Since the
U
motor runs at a constant speed, the only control system that is needed is a system for
-A
starting and stopping the motor. Each motor has a motor starter panel that is connected to
the TSB. The motor starter panel can be used to start the thruster motor locally, or it can be
19
done remotely. The motor starter panel is interfaced to the propeller controls ECU. The
motor starter panel and the ECU communicate with each other to make sure the motor and
the thruster propeller are properly working together. The signals between the motor starter
ed
panel and the ECU are as follows:

at
Zero pitch output from ECU - The motor will not start until the thruster is at zero pitch.
This helps prevent damage by preventing the motor from starting a propeller with a high
D
load.
Low Servo Press output from ECU - the motor will stop if the ECU sends a low servo
52
pressure signal to the motor starter cabinet, since the thruster can no longer function
properly if the hydraulic control is not working properly.
52
Motor Load FB input to ECU - this signal allows the ECU to monitor the motor load and

06
reduce the power demand from the motor if it has the potential to be overloaded
Motor Running input to ECU - When the motor running signal is sent, the ECU knows the
T1
motor is functioning properly. The motor running signal is a product of the ready signal
sent to the DPCS.
ef

rR
A) Drive Motor FMEA Table

tte
1) BTT DPR in motor BTT loses automatic protection from switchboard faults. No contactor status or AMS Alarm. LossofBTT
starter cabinet fails power info to monitoring system. Possible loss of some protection features due contactor monitoring
Le
to lack of information. and status indication.

Lossofautomatic
contactor control.
s
2) STT DPR in motor STT loses automatic protection from switchboard faults. No contactor status or AMS Alarm. LossofSTT
an
starter cabinet fails power info to monitoring system. Possible loss of some protection features due contactor monitoring
to lack of information. and status indication.
Lossofautomatic
r le
contactor control.
3) Loss of BTT Loss of the BTT. DP operation continues with reduced accuracy and redundancy. AMS Alarm. DP alarm
O
electric drive motor for loss thruster.

ew
4) Loss of STT electric Loss of the STT. DP operation continues with reduced accuracy and redundancy. AMS Alarm. DP alarm
drive motor for loss thruster.
N

S
Each motor starter panel contains a DPR that monitors the TSB bus. The DPR will open
B
the motor contactor if it detects a fault on the bus to prevent the motor from being
damaged.
A
ee
Page 46 of 96
S
3
01
-2
G
The WCF is a loss of any electric drive motor, which will result in the loss of one tunnel
thruster.
U
-A
19
ed
at
D
52
52
06
T1
ef
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 47 of 96
S
3
01
-2
3) POWER DISTRIBUTION SYSTEMS
G
3.1.1 TSB System Diagrams
U
A) Figure A - Thruster Switchboard Distribution
-A
19
SG2 SG1
ed
at
D
TSB1 TSB2
52
52
06
T1
BTT STT
Motor Motor
ef
rR
tte
Le
3.1.2 TSB System Description

A simplified schematic for the TSB (Thruster Switchboard) system is shown in figure A. The
s
TSB system is used to distribute power to each tunnel thruster motor. During DP operation,
an
the bus-tie must be open. This configuration allows DP operation to continue after the
failure of any single TSB section.
r le
The (6600V-AC) TSB is separated into two parts since the bus-tie is must be open during
DPS-2 operation. Each TSB section is powered by 1 SG. The port thruster switchboard
O
(TSB1) powers the BTT. The stbd thruster switchboard (TSB2) powers the STT.
ew

Loss of any TSB section will cause the thrusters supplied from it to fail.
N
A) Table A - TSB System Failures

S

B
1) Loss of TSB1 BTT fails. Vessel continues to operate with reduced accuracy and maintain AMS Alarm. DP alarm
A
station, by compensating on the bow with the SDT.

ee
Page 48 of 96
S
3
01
-2
for loss thrusters.
2) Loss of TSB2 STT fails. Vessel continues to operate with reduced accuracy and maintain
G
AMS Alarm. DP alarm
station, by compensating on the stern with MP1 and MP2. for loss thrusters.
U
-A
19
ed
at
D
52
52
06
T1
ef
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 49 of 96
S
3
01
-2
G
Since the bus-tie is open during DP operation, the TSB is split into two isolated sections.
U
This allows analysis to be simplified.
-A
The correct setup and configuration, will allow the TSB sections to be isolated to one
thruster so that the DP operation can continue after the failure of any single TSB section.
19
ed
The WCF is the loss of either TSB section, which results in the loss of one tunnel thruster.
at
D
3.2 Service Switchboard System
52
3.2.1 SSB System Diagrams
52
A) Figure A - Service Switchboard Distribution
DG2 06 DG1
T1
Voltage Color Legend

ef
Bus-Tie
Main Main Cabinet
rR
480VAC 208-1 20VAC

tte
Emergency Emergency
480VAC 208-1 20VAC SSB1 SSB2
Le
LP
s
Interlock
an
Radiator
EDG ELP
r le
ESB
O
ew
N
S
B
A
ee
Page 50 of 96
S
3
01
-2
G
U
B) Figure B - Relevant Consumers Spreadsheet
-A
SSB1 Notes SSB2 Notes
19
MP1 Standby Pitch Pump Mechanical pump MP2 Standby Pitch Pump Mechanical pump
driven by ME1 driven by ME2
MP1 Standby Lube/Clutch Pump Mechanical pump MP2 Standby Lube/Clutch Pump Mechanical pump
ed
& RG1 PLC Supply 1 driven by ME1 & RG2 PLC Supply 1 driven by ME2
MP1 ECU Supply 1 Supply 2 from MP1 MP2 ECU Supply 1 Supply 2 from MP2
BPS BPS
at
BTT FWC Pump 1 Redundant pump BTT FWC Pump 2 Redundant pump
powered by SSB2 powered by SSB1
D
STT Standby Pump & ECU Supply Mechanical pump BTT Standby Pump & ECU Supply Mechanical pump
1 driven by BTT Drive 1 driven by STT Drive
52
Motor & ECU supply Motor & ECU supply 1
2 from BTT BPS from STT BPS
BTT Room Circulation Blower
52
BTT Oil Purifier SDT Oil Purifier
SDT Trailing Lube Oil Pump
Engine Room Port Exhaust ER Stbd Blower Engine Room Stbd Exhaust ER Port Blower
Blower
Engine Room Stbd Supply Blower
powered by SSB2
ER Port Blower
06
Blower
Engine Room Port Supply Blower
powered by SSB1
ER Stbd Blower
T1
Aft Compartment Port Supply Stbd Blower powered Aft Compartment Stbd Supply Port Blower powered
Blower by SSB2 Blower by SSB1
Steering Compartment Port Stbd Blower powered Steering Compartment Stbd Port Blower powered
ef
Exhaust Blower by SSB2 Supply Blower by SSB1

Shaft Alley Port Blower Stbd Blower powered Shaft Alley Stbd Blower Port Blower powered
rR
by SSB2 by SSB1
MP1/SG1/STT FWC Pump 1 Redundant pump MP1/SG1/STT FWC Pump 2 Redundant pump
tte
MP2/SG2 FWC Pump 2 Redundant pump MP2/SG2 FWC Pump 1 Redundant pump
Mist System Pump Starter Panel
Le
Stern Tube Port SWC Pump Redundant pump Stern Tube Stbd SWC Pump Redundant pump
Centrifuge
s
Panel - 401 Panel - 402

an
Panel - 403 Panel - 404

Panel - 405
Control Room Air Handler
r le
Feed to ESB
ESB Notes
O
ME1 Pre-Lube Pump

ME2 Pre-lube Pump
SDT Standby Pump Mechanical pump
ew
driven by SDT engine

SDT FWC Pump 1 Redundant pump SDT FWC Pump 2 Redundant pump
powered by SSB2 powered by ESB
N
RD1 Pump 2 Redundant pump RD1 Pump 1 Redundant pump

S
RD2 Pump 2 Redundant pump RD2 Pump 1 Redundant pump

B
Air Compressor 2 Redundant Air Compressor 1 Redundant

A
compressor powered compressor powered

ee
Page 51 of 96
S
3
01
-2
by SSB2 by ESB
Fire Main Pump 2 Fire Main Pump/Emergency Bilge
G
Pump
Standby Bilge Pump Bilge Pump
U
WTD Aft Tank Top Engine Room
WTD Aft Tank Top Thruster
-A
Room
EDG Room Supply Air Blower
19
EmergencyLighting LightingTransformer
Transformer
ELPs Notes LPs Notes
ed
SDT ECU Supply 1 ECU supply 2 from
SDT BPS
CC2
at
IJS OC
IJS CC
D
IJS Net Switch
BU Console Fan
52
ME1 BPS BU supply to DC
distribution box from
BU BPS1
52
ME2 BPS BU supply to DC
06
BU BPS1
DG1 (Aft) BPS BU supply to DC
T1
BU BPS1
DG2 (Fwd) BPS BU supply to DC
BU BPS1
ef
EDG BPS
BTT BPS BU supply to DC
rR

BU BPS2
SDT BPS BU supply to DC
tte

BU BPS1
STT BPS BU supply to DC
Le

BU BPS2
Steering BPS BU supply to DC
s

an
BU BPS2
AUX1 BPS BU supply to DC
r le
BU BPS2
AUX2 BPS BU supply to DC
O
BU BPS3
General Alarm BPS BU supply to DC
ew

BU BPS1
Electronics BPS
N
DPCS BPS1 BU supply to DC

BU BPS2
S
DPCS BPS2 BU supply to DC

B

BU BPS1
A
ee
Page 52 of 96
S
3
01
-2
BU BPS1
BU BPS2
G
BU BPS3
DPCS UPS1 UPS2 powered by LP DPCS UPS2 UPS1 powered by ELP
U
AMS UPS1 Supply 2 Redundant supply AMS UPS1 Supply 1 Redundant supply
from LP from ELP
-A
AMS UPS2 Supply 2 Redundant supply AMS UPS2 Supply 1 Redundant supply
from LP from ELP
19
TSB1 Control Supply 2 Redundant supply TSB1 Control Supply 1 Redundant supply
from LP from ELP
TSB2 Control Supply 2 Redundant supply TSB2 Control Supply 1 Redundant supply
from LP from ELP
ed
TSB Bus-Tie Control Supply
Mist System RLU feed
at
General Alarm Relay Box 1
Supply 1
D
Accommodations Estop Relay Box
Galley Equipment Estop Relay
Box
52
Sound Powered Phone Supply 1 Redundant supply Sound Powered Phone Supply 2 Redundant supply
from LP from ELP
52
CO2 Relay Box
Engine Order Telegraph Supply 1 Redundant supply Engine Order Telegraph Supply 2 Redundant supply
from LP from ELP
06
ME1 Fuel Filter
ME2 Fuel Filter
T1
DG1 Heater
DG2 Heater
BTT Motor Heater
SG1 Heater
ef
SG2 Heater
STT Motor Heater
rR
DG1 Port Jacket Water Heater

DG2 Port Jacket Water Heater
DG1 Stbd Jacket Water Heater
tte
DG2 Stbd Jacket Water Heater

SSB De-humidifier
Cargo Area Port Circulation
Le
Blower
Cargo Area Stbd Circulation
Blower
s
Shaft Alley Circulation Blower

an
Shaft Containment Port Sump

Pump
Shaft Containment Stbd Sump
r le
Pump
O
3.2.2 SSB System Description

A) SSB Overview
ew
A simplified schematic for the (480V-AC) SSB (Service Switchboard) sections is shown in
Figure A. Figure B shows the consumers that are powered from each SSB section. Figure B
N
has been organized to easily show the power supply redundancy concept between
S
consumers. The SSB is used to distribute power to the vessel’s service and operational loads.
B
Each section of the SSB has a 480V central hub used to distribute 480V-AC supply power
throughout the vessel to 480V Panels. The vessel has been designed to have redundant
A
ee
Page 53 of 96
S
3
01
-2
components powered from separate sides of the SSB, so that after the failure of one SSB
section, the redundant equipment will remain powered.
G
The main bus bar is divided into two parts connected by a tiebreaker, referred to as the
U
bus-tie. The port section of the SSB is referred to as SSB1, while the stbd section of the
-A
switchboard is referred to as SSB2. The tiebreaker will automatically trip when a fault is
detected on the bus bar. The open tiebreaker divides the bus bar and isolates the two SSB
19
section, preventing a failure in one section from being transferred to the other section.
The ESB is connected to SSB1 and the EDG. The EDG is on standby and will automatically
ed
start and repower the ESB when power is lost from SSB1.
The SSB2 directly powers the 208/120V-AC LDP (lighting distribution panel) via a voltage
at
drop down transformer.
D
B) SSB Bus-Tie Operation
The SSB is run with a closed bus, during DP operation. The SSB can be separated into two
52
parts when the bus-tie is open, with each part powered by a DG. There are two DGs, which
supply the two sections of the SSB. DG2 supplies SSB1, and the DG3 supplies SSB2.
52
C) Lighting Panels
06
The vessel has one 208/120V-AC panel, LDP (lighting distribution panel), which functions
as a central hub to distribute power to the 208/120V LPs (“lighting” panels), located
T1
throughout the vessel. The LDP takes in one supply feed from SSB2 via a voltage drop down
transformer.
ef
D) Emergency Lighting Panels

rR
The vessel has one 208/120V-AC panel, ELDP (emergency lighting distribution panel),
which functions as a central hub to distribute power to the 208/120V ELPs (emergency
“lighting” panels), located throughout the vessel. The ELDP takes in one supply feed from
tte
ESB via a voltage drop down transformer.

Le

A) Table A - SSB System Failures
s
an

1) Loss of SSB1 Short circuit failure on the SSB1 bus bar. DG1 and bus-tie breaker
trip alarm.
r le
Loss of supply power from those consumers supplied by SSB1. (See Figure B) AMS alarms for failed
consumers.
O
Loss of supply to ESB, which consequently causes the ELPs to fail. (See Figure B) AMS alarms for failed
consumers.
Redundant pumps remain powered by SSB2. Mechanical pumps remain AMS alarms for standby
ew
operational. (See Figure B notes) pump running

Consumers that have a secondary source of power from a BPS will switch to the AMS alarms for loss of
BPS supply feed upon failure of the primary feed from SSB1. (See Figure B control supply primary
N
notes) feed.
Each BPS loses the input supply to the charger, causing each BPS to switch to AMS alarm for each BPS
S
battery supply. BU supply to the DC distribution box from a BU BPS remains. "on battery." DP alarm
DPCS UPS1 switches to battery. (See Figure B notes) for UPS on battery.
B
DPS operates with reduced redundancy. DP operation accuracy is not effected.

2) Loss of SSB2 Short circuit failure on the SSB2 bus bar. DG2 and bus-tie breaker
A
ee
Page 54 of 96
S
3
01
-2
trip alarm.
Loss of supply power from those consumers supplied by SSB2. (See Figure B) AMS alarms for failed
G
consumers.
Loss of supply to LDP, which consequently causes the LPs to fail. (See Figure B) AMS alarms for failed
U
consumers.
Redundant pumps remain powered by SSB1. Mechanical pumps remain AMS alarms for standby
-A
operational. (See Figure B notes) pump running
Consumers that have a secondary source of power from a BPS will switch to the AMS alarms for loss of
19
BPS supply feed upon failure of the primary feed from SSB2. (See Figure B control supply primary
notes) feed.
CC2 fails. No other DPCS effect since CC1 and CC3 are still operational. DPCS Alarm
IJS fails. No other effect since IJS is not used during normal DP operation. No Alarm
ed
Each BU BPS loses the input supply to the charger, causing each BU BPS to AMS alarm for each BPS
switch to battery supply. DPCS UPS2 switches to battery. (See Figure B notes) "on battery." DP alarm
at
for UPS on battery.
DPS operates with reduced redundancy. DP operation accuracy is not effected.
D
52
The SSB bus-tie is closed during operation. The bus-tie will trip on reverse power, over
current, and reverse VAR. All thrusters are equipped with engine driven pumps for
52
hydraulic control and each ECU receives secondary control power from a BPS.
3.2.5 Significant Failures 06

T1
The WCF is the loss of either SSB section. Loss of one section will cause the DPS to
operate with reduced redundancy, but DP operation accuracy is not effected.
ef
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 55 of 96
S
3
01
-2
3.3 Battery Power System
G
U
3.3.1 Battery System Diagrams
-A
A) Figure A - Battery Distribution
19
BU BPS1 BU BPS2
+ Batt - + Batt - BU BPS3
- Batt + - Batt + + Batt -
24VDC 24VDC - Batt +
LP LP
ed
Charger Charger
24VDC LP
Charger
MP1 BPS BTTBPS
at
+ Batt -
+ Batt - AUX2 BPS
- Batt + + Batt -
- Batt +
D
Main - Batt +
Main ELP Charger Supply
ELP Charger Supply BU Main
ELP Charger Supply
24VDC DC Box
BTTDC Box
52
24VDC 3
MP1 DC Box 24VDC
BU Supply
BU Supply AUX2 DC Box
BU Supply
STTBPS
52
MP2 BPS + Batt -
+ Batt -
- Batt +
- Batt + EDG BPS
Main
06
ELP Charger + Batt -
Main Supply
ELP Charger Supply - Batt +
STTDC Box 24VDC 24VDC EDG
24VDC ELP Charger
DC Box
MP2 DC Box BU Supply
T1
BU Supply
DPCS BPS1 DPCS DP 110VAC

SDTBPS + Batt -
ELP
UPS1 Supply Bus
+ Batt -
ef
- Batt +
- Batt + Main
BU ELP Charger Supply
Main
ELP Charger DC Box LP DPCS
rR
Supply DP 110VAC
2 24VDC Supply Bus
24VDC
DPCS DC Box 1 UPS2
SDTDC Box BU Supply
BU Supply
tte
BU
DC Box AUX1 BPS AMS 110VAC
1 DG1 BPS + Batt -
LP
UPS1 Supply Bus
+ Batt - - Batt +
Le
- Batt + Main AC-DC 24VDC

ELP Charger Supply Power
Main Supply Bus
ELP Charger Supply ELP Supply
24VDC
AUX1 DC Box
24VDC BU Supply
DG1 DC Box
s
BU Supply
AMS 110VAC
an
RD BPS LP
UPS2 Supply Bus
+ Batt -
DG2 BPS - Batt +
r le
AC-DC 24VDC
+ Batt -
Main Power Supply Bus
- Batt + ELP Charger Supply ELP Supply
Main
ELP Charger Supply RD DC Box 24VDC
O
BU Supply
24VDC
DG2 DC Box
BU Supply
ew
DPCS BPS2
+ Batt -
N
- Batt +
Main
ELP Charger Supply
S
24VDC
DPCS DC Box 2
BU Supply
B
A
ee
Page 56 of 96
S
3
01
-2
B) Figure B - Relevant Consumers Spreadsheet
G
ME1 BPS Notes ME2 BPS Notes
ME1 ECM ME2 ECM
U
MP1 ECU Supply 2 Supply 1 from SSB1 MP2 ECU Supply 2 Supply 1 from SSB2
ME1 Tachometer ME2 Tachometer
-A
RG1 Pump Switch Box RG2 Pump Switch Box
RG1 Controller Supply 2 Supply 1 from SSB1 RG2 Controller Supply 2 Supply 1 from SSB2
19
SG1 Sump Pump SG2 Sump Pump
DG1 BPS Notes DG2 BPS Notes
DG1 ECM DG2 ECM
ed
SSB1 Supply 1 SSB2 Supply 1
SSB1 Supply 2 SSB2 Supply 2
at
SSB Bus-Tie Supply 2 Supply 1 from DG2 SSB Bus-Tie Supply 1 Supply 2 from DG1
BPS BPS
D
SDT BPS Notes EDG BPS Notes
52
SDT Engine ECM EDG Engine Protection Box
SDT ECU Supply 2 Supply 1 from LP ESB Control Supply 1
SDT Engine Tachometer ESB Control Supply 2
52
SDT Node 15 EDG Radiator Damper Relay Box
ER/EDG Room Damper Relay Box
06
DPCS BPS1 Notes DPCS BPS2 Notes
GC1 Redundant GC GC2 Redundant GC
powered by DPCS powered by DPCS
T1
BPS2 BPS1
DGPS1 DGPS2 powered by DGPS2 DGPS1 powered by
DPCS BPS2 DPCS BPS1
ef
WS1 Redundant WS WS2 Redundant WS

rR
BPS2 BPS1
VRU1 Redundant VRU VRU2 Redundant VRU
BPS2 BPS1
tte
Mode Switch Circuit 1 Mode Switch Circuit Mode Switch Circuit 2 Mode Switch Circuit 2
2 powered by DPCS powered by DPCS
Le
BPS2 BPS1
OP1 Redundant OP OP2 Redundant OP
BPS2 BPS1
s
TC1 Supply 1 Supply 2 from DPCS TC1 Supply 2 Supply 1 from DPCS
an
BPS2 BPS1
BPS2 BPS1
r le
BPS2 BPS1
O
BPS2 BPS1
ew
BPS2 BPS1
MIC1 Supply 1 Supply 2 from DPCS MIC1 Supply 2 Supply 1 from DPCS
BPS2 BPS1
N
MIC2 Supply 1 Supply 2 from DPCS MIC2 Supply 2 Supply 1 from DPCS
BPS2 BPS1
S
AUX1 BPS Notes AUX2 BPS Notes

B
GC3 TSB1 Panel

WS3 TSB2 Panel
A
Mode Switch Circuit 3 (IJS) Sound Powered Phone Supply

ee
Page 57 of 96
S
3
01
-2
Feed
Port Wing Repeater Bilge Valve Junction Box
G
Camera BU Harting Junction Box
Stbd Wing Repeater Shaft Alley Damper Motor
U
Junction Box
Aft Repeater Ballast/Fuel Flow Meters
-A
ESB Control Supply 2 SSB BU Control Supply
Central TB I/O Port Fire Monitor
19
Abandon Ship Stbd Fire Monitor
Bridge Chairs
BTT ECU Supply 2 Supply 1 from ELP STT ECU Supply 2 Supply 1 from SSB2
ed
RD BPS Notes
at
RD Alarm Unit
RAI Amp 1&2
D
RAI Amp 3&4
RD Main Control Panel
52
RD Deviation Alarm Unit
RD Aft Control Panel
RD1 FB Unit 2
52
RD2 FB Unit 2
RD1 Alarm Panel
RD2 Alarm Panel
DPCS UPS1
LADAR Sensor (CyScan)
Notes 06 DPCS UPS2
RADAR Sensor (RadaScan)
Notes
T1
OC1 Redundant OC OC2 Redundant OC
UPS2 UPS1
ef
CC1 Redundant CC CC2 Redundant CC

rR
UPS2 UPS1
DPCS Net Switch 1 Redundant Net DPCS Net Switch 2 Redundant Net Switch
Switch powered by powered by DPCS
DPCS UPS2 UPS1
tte
24vdc DPS-A Redundant power 24vdc DPS-B Redundant power

from ELP from ELP
Le
OC-3 OC-4
3.3.2 Battery System Description

s
Devices that are critical to the vessel’s design, safety, and operation require a constant
an
power source, which can be achieved by connecting the device to a BPS (battery power
source). Each BPS is capable of supplying power for a minimum of 30 minutes after failure
r le
of the input power supply.

O
There are several types of BPS used on the is vessel:

A) Primary Battery Charger units
ew
One type of BPS consists of a battery charger connected to a battery pack supplying a DC
distribution box. The supply input feed to the charger is from an ELP. The charger system
N
converts the voltage to 24V-DC and sends the supply to a diode network. The diode network
is used to take in two supply feeds: one from the before mentioned charger and the other is
S
from a BU BPS. The diode network will output the supply feed with the highest voltage to a
B
DC distribution box. The DC distribution box will distribute the supply to each of its
A
ee
Page 58 of 96
S
3
01
-2
consumers. Each output from the DC distribution box is protected by a fuse. For a list of
relevant consumers for each individual BPS, please refer to figure B.
G
B) BU Battery Charger units
U
The three BU BPS are similar to each Primary BPS, since each BU BPS consists of a battery
-A
charger connected to a battery pack supplying a DC distribution box. The supply input feed
to the charger is from an LP. The charger system converts the voltage to 24V-DC and sends
19
the supply to a DC distribution box. The outputs from the DC distribution box is actually the
BU supplies for the primary DC distribution box. Each output from the DC distribution box is
ed
protected by a fuse. Each output from the BU DC distribution box enters a diode network
that takes in two feeds: one from the primary battery charger and the other is from the BU
at
DC distribution box. The diode network will output the supply feed with the highest voltage
to the primary DC distribution box. Please refer to Figure A for clarity.
D
C) DPCSBPS
52
There are 2 DPCS UPS units that supply AC power to the DPCS's AC power consumers. The
DPCS's DC power consumers supply1 by the DPCS UPS and supply 2 is supplied by ELP. For
52
a list of relevant consumers for each individual UPS and BPS, please refer to figure B.
D) AMSBPS
06
There are 2 AMS UPS units that supply AC and DC power to the AMS consumers.
T1
Normal supply feed from an LP is input to the UPS (where the 110V-AV is converted to
24V-DC)
ef
o UPS has several outputs

rR
 AC output goes to the 110V-AC distribution line for AMS

 Another AC output goes to the DC power supply
tte
Backup supply feed from a ELP is input to the DC power supply

 DC output goes to the 24V-DC distribution line for AMS
Le

s
Failure of main supply from the SSB will cause the BPS or UPS to be on battery backup.
an
A) Table A - BPSSystem Failures

r le

1) Loss of primary A BU BPS supplies the primary DC distribution box AMS alarm
O
supply to primary DC
distribution Box
2) Loss of BU supply The primary DC distribution box stays supplied by the primary DC supply from No Alarm.
ew
to primary DC the charger.

distribution Box
3) MP1 DC ME1 fails from loss of control supply. AMS Alarm
N
distribution Box loss

of power
S
Loss of ME1 causes the MP1 and SG1 to fail. AMS and DPCS alarms
for lost MP
B
Loss of SG1 causes TSB1 to fail, which results in the failure of BTT. AMS and DPCS alarms
for lost thruster
A
ee
Page 59 of 96
S
3
01
-2
G
4) MP2 DC ME2 fails from loss of control supply. AMS Alarm
U
of power
Loss of ME2 causes the MP2 and SG2 to fail. AMS and DPCS alarms
-A
for lost MP
Loss of SG2 causes TSB2 to fail, which results in the failure of STT. AMS and DPCS alarms
19
for lost thruster
5) DG1 DC DG1 fails from loss of control supply. AMS Alarm
ed
of power
at
faulty DG breaker.
D
6) DG2 DC DG2 fails from loss of control supply. AMS Alarm
52
of power
52
faulty DG breaker.
7) BTT DC
06
BTT ECU loses secondary control supply, but remains powered by primary
source. No other effect on DP.
AMS Alarm
T1
of power
8) STT DC STT ECU loses secondary control supply, but remains powered by primary AMS Alarm
distribution Box loss source. No other effect on DP.
ef
of power
9) SDT DC SDT Engine fails from loss of control supply. AMS Alarm
rR

of power
Loss of engine causes SDT to fail. AMS and DPCS alarms
tte
for lost thruster

DP operation continues with one thruster offline. DPS operates with reduced
thruster redundancy and reduced accuracy.
Le
10) AUX1 DC WS3 and GC3 fails from loss of control supply. No other DPS effect since DPCS alarm for failed
distribution Box loss redundant sensors are not effected. DPCS operates with reduced redundancy. sensors
of power
s
11) AUX2 DC Loss of BU supply to the SSB controls. AMS Alarm

an
of power
12) RD DC Loss of both RD1 and RD2. AMS Alarm and DPCS
r le
distribution Box loss Alarm

of power
DP operation continues with reduced redundancy and reduced accuracy. Loss of
O
steering is compensated with the STT.

13) DPCS BPS1 Following consumers fail: GC1, WS1, VRU1, DGPS1, Mode Switch Circuit 1, OP1, DPCS Alarm for each
primary supply to MIC1 & MIC2, and primary supply to each TC. No other DP failed component. DPCS
ew
effect. alarms for components

that lose primary
supply.
N
14) DPCS BPS2 Following consumers fail: GC2, WS2, VRU2, DGPS2, Mode Switch Circuit 2, OP2, DPCS Alarm for each
secondary supply to MIC1 & MIC2, and secondary supply to each TC. No other failed component. DPCS
S
DP effect. alarms for components

that lose secondary
B
supply.
A
ee
Page 60 of 96
S
3
01
-2
15) DPCS UPS1 Following consumers fail: CyScan, OC1, CC1, Net Switch 1, OC3 and supply 1 to DPCS Alarm for each
DPS-A. No other DP effect. failed component.
G
16) DPCS UPS2 Following consumers fail: RadaScan, OC2, CC2, Net Switch 2, OS4 and 24vdc to DPCS Alarm for each
DPS-B. No other DP effect. failed component.
U
17) AMS UPS1 AMS port subsystem fails. Stbd subsystem is not effected. Loss of some AMS Alarm
monitoring of the port systems.
-A
18) AMS UPS2 AMS stbd subsystem fails. Port subsystem is not effected. Loss of some AMS Alarm
monitoring of the stbd systems.
19
ed
The most important concept of the Battery System is that devices vital to DP operation
are protected by a BPS. If a supply feed from the SSB fails, the BPS will continue to
at
supply the devices that must continue to operate for DP control.
In order to achieve redundancy, many of the systems on the vessel use two or more
D
sources of DC supply power, which are paralleled together using unmonitored diodes.
52
This ensures the continuation of power if one supply fails but does not detect loss of a
supply due to an open diode or failed supply. This will also cause sources that fail high to
52
be selected and directly connect two or more power supplies if the diodes short. The
diodes must be regularly checked to avoid hidden failures and ensure proper redundant
operation.
06
3.3.5 Worst Case Failure
T1
DP operation can continue after the failure of a single DPCS UPS.

ef
DP operation can continue after the failure of a single DPCS BPS.

The WCF is the loss of either ME BPS, which fails control power to the ME. Loss of ME
rR
causes the associated MP and tunnel thruster to fail. The end result is the DPS operates
with one MP and tunnel thruster offline.
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 61 of 96
S
3
01
-2
4) THRUSTERS
G
4.1 Main Propulsion Drive and Gearbox System
U
-A
4.1.1 MP and RG System Diagrams
19
A) Figure A - MP and RG Control System
ed
Duplex Filter
Lube/Clutch
Auto Start Standby HPU
on Low Oil Press Standby HPU
System/Power
AMS Failure
at
MP1 Mech.
BPS Pump
RPM Order Open/Close SG1
D
Clutch Clutch
Engine Running Valves
Clutch FB
RPM FB RG1
Load FB
52
RG1
Cooler
ME1 ECM Controller Auto Start Standby HPU
on Low Oil Press
52
Standby
RPM Stop SSB1 Pitch
LSM HPU Hydraulic Oil
Order Engine Remote
06
Head Tank
Starter
Start Pushbuttons Start/Stop
Stop Panel
EStop Engine Standby HPU
Engine
Standby
VMS
T1
Running
Stop Engine on
Low Press Low Pressure
Engine Shutdown Start/Stop
ECU Clutch CMD
Standby Pitch HPU
ef
Clutch Ready
(Central Unit) Clutch Status

rR
Pitch FB Reference Voltage
4-20mA Pitch Control FB

tte
Pitch Order
Le
System/Power
Failure AMS Power Source Color Legend
24V DC
DP Control Request Main

SSB1 Supply Control
Ready for DP Control
s
Data Bus 1 Power

Main Distribution
an
4-20mA Pitch CMD

Card
PLC DPCS MP1 BPS Supply
BU
BU 4-20mA Pitch FB
(In
Active
Bridge) Pitch Reduction On
r le
Engine Running
NFU On/Off
O
Data
Link
ew
Manual
24V DC 4-20mA Pitch CMD Controls
Local
BU
N
ECU PData 4-20mA Pitch FB

Bus 2 PLC
(In NFU On/Off
Bridge)
S
B
A
ee
Page 62 of 96
S
3
01
-2
4.1.2 MP System Description Overview
G
There are two MP (main propulsion) systems each driven by a ME. The thruster uses a
hydraulically actuated controllable pitch propeller. The thrust magnitude is managed by
U
changing the propeller pitch with the engine(s) running at a normally constant speed. If the
-A
drive is in combinator mode, the thrust magnitude is managed by changing the engine(s)
speed in relation to the propeller pitch. The RG directly drives a mechanical pump used as
19
the pump for hydraulic control, with an electric motor pump used for start-up and standby.
ed
4.1.3 GearboxDescription
A) Overview
at
Each ME is connected to a single gearbox containing two gears. The shaft generator is
D
coupled to the input gear, and the MP connected to the RG (reduction gear) via a clutch.
52
B) Hydraulic Pumps
The gearbox is equipped with dual tandem mounted direct driven hydraulic pumps which
52
are capable of carrying out all the clutching, lubrication, and pitching functions without the
need for the electrically driven backup pumps. The unit is designed so that the pitching
06
speed is adequate for good DP control when only the direct drive pumps are operating. The
gearbox is equipped with one electrically driven clutch/lube pump as backup. Another
T1
electric pump is used for pitch control. The electrically driven pumps are used during start
up and as standby for the gearbox driven pumps.
ef
C) Hydraulic Pitch Control

rR
The pitch control is operated by gearbox's hydraulic system. The pitch system’s
proportional control valves adjust the oil pressure and flow, after receiving a pitch
command from the ECU. The pitch pump sends pressurized oil to move a piston. The pitch
tte
control valves manipulate oil flow to the pitch piston, moving it backward or forward, to
adjust the propeller pitch. Valves are opened and closed by solenoids, which receive electric
Le
command signals from the ECU. The movement of the pitch piston allows the angle of the
propeller blades to change. The pitch piston position is set when the proportional control
valves close to stop the fluid flow. The pitch piston’s position in combination with the
s
an
magnitude of engine's normally constant speed is used to give the vessel the required thrust
power.
r le
D) Hydraulic Clutch Control

The propeller is equipped with a clutch. The ECU sends commands to the clutch control
O
valve driver, for clutch operation. The valves used to adjust the oil pressure and flow, are
opened and closed by solenoids. The clutch’s engage pressure is set when the control valves
ew
completely close to stop the fluid flow.

E) Safety Features
N
An alarm is fitted for low pitch pressure and low clutch/lube oil pressure. An alarm is also
S
fitted to warn the operator that the standby pitch pump has started but not the standby
B
clutch oil pump. The hydraulic system is equipped with filters and a sump pump for oil
A
quality control.
ee
Page 63 of 96
S
3
01
-2
4.1.4 Remote Control System
G
A) Component Overview
U
Main PLC (Programmable Logic Controller) - provides the interface between the MP
-A
local control system and the external control systems located on the bridge. The external
systems on the bridge include: the DPCS, the IJS system, the remote control manual
19
levers on the bridge, the Autopilot system, etc. The DPCS sends CMDs (command) and
FBs (feedback) to each Main PLC over analog lines (4-20mA) and digital lines. The DPCS
interfaces with the Main PLC using a TC (thruster card). There are 2 separate Main PLCs,
ed
one for each MP. The Main PLC is located in the bridge and transmits data over a serial
data bus to the central ECU, which is located down in the machinery spaces.
at
o MP1 Main PLC powered by: MP1 DC Supply Bus
D
o MP2 Main PLC powered by: MP2 DC Supply Bus
52
BU PLC (Backup Programmable Logic Controller) - provides a second interface between
the MP local control system and the remote control manual levers on the bridge. The BU
52
PLC can be used for emergency pitch actuation if the Main PLC fails. The BU PLC is not
interfaced to the DPCS, so the BU PLC cannot be used while operating in DP mode. There
06
are 2 separate BU PLCs, one for each MP. The BU PLC is located in the bridge and
transmits data over digital/analog lines hardwired the local pitch control unit, which is
T1
located down in the steering room. The Main PLC and the BU PLC monitor each other for
lost connections and disrupted serial communications from the central unit.
o MP1 BU PLC powered by: MP1 DC Supply Bus
ef
o MP2 BU PLC powered by: MP2 DC Supply Bus

rR
ECU (Electronic Control Unit) - the centralized control system that processes the control
logic and operates the MP. As previously stated, the ECU is located in the machinery
tte
spaces and interfaces with the Main PLC through a data bus. There are 2 separate ECUs,
one for each MP. The ECU is integrated with the following components:
Le
o Gearbox Controller - controls the clutch and lube functions of the gearbox
o Local Pitch Control Unit - contains the pitch actuation circuits and controls the
s
pitch operation of the propeller.

an
o Engine Control Module - monitors and controls the engine. Allows the ECU to
operate the engine's speed control when the LSM is not controlling it. The ECU
r le
will not be used to control the engine speed while operating in DP mode, since
both SGs are required to be online during DP operations. The LSM controls the
O
engine speed while in DP mode.

DC Control Supply Bus - supplies the Main PLC, BU PLC, and ECU. There are 2 separate
ew
DC Control Supply buses, one for each MP. The control supply bus is a combination of
two feeds from different power sources. The Power Distribution Card functions as two
N
input diode module used to supply power into the ECU, which can then be feed up into
the corresponding Main PLC. The power to the BU PLC is feed up from the Local Pitch
S
Control Unit. The 480V-AC power input into the power distribution card originates from
B
a SSB section. The power distribution card converts the AC voltage into DC voltage.
A
ee
Page 64 of 96
S
3
01
-2
o MP1 DC Control Supply Bus primary power source: 480V-AC supply feed from
SSB1
G
o MP1 DC Control Supply Bus secondary power source: 24V-DC supply feed from
U
MP1 BPS
-A
o MP2 DC Control Supply Bus primary power source: 480V-AC supply feed from
SSB2
19
o MP2 DC Control Supply Bus secondary power source: 24V-DC supply feed from
MP2 BPS
ed
B) Pitch Control
at
The pitch command signal is transmitted over the data bus to the MP ECU. The pitch FB
allows the ECU to know the angle distance and direction the propeller blades need to rotate
D
from its current position. The ECU will send an enable signal to the required directional
solenoid valve to start changing the pitch. The valve will stay open until the FB matches the
52
command. The pitch feedback is measured by a potentiometer mechanically linked to the
manoeuvre lever on the propeller shaft, which is sent to DPCS so it can be compared to the
52
pitch command to identify mismatches. DPCS deselects the thruster when
command/feedback deviation is greater than 25% for 10 seconds.
C) Clutch Control 06
T1
The clutch is engaged and disengaged using hydraulic pressure. This pressure is applied and
locked or removed by solenoid control valves, which receives the command signals from the
ECU. The clutch is applied by closing the engage solenoid and another solenoid is also
ef
activated at the same time to reduce the pressure and avoid slamming the clutch in. Once
rR
the clutch has been engaged, feedback tells the ECU that the clutch is in and it releases the
solenoids. The clutch is disengaged by the ECU activating the disengage solenoid to release
the clutch pressure. Once the clutch has disengaged, feedback tells the ECU that the clutch is
tte
disengaged and it deactivates the solenoid.

Le

A) Table A - MP and RG System Failures
s
an

1) Loss of RPM CMD No effect. The signal is not utilized while the SG is online. No alarm, since no effect
from ECU to LSM
r le
2) Loss of RPM FB ECU will open the clutch AMS Alarm. DP alarm
from ECM to ECU for loss thruster.
O
Vessel is operating without one MP. DP capability can continue with reduced
accuracy.
ew
3) Loss of clutch No immediate effect, but clutch can no longer be disengaged. If a fault does No alarm.
disengage from ECU occur that normally initiates an automatic clutch out, the DPO may need to
to valve EStop the engine instead, to prevent damage from occurring.
N
4) Loss of clutch ECU will assume the clutch has opened. ECU will remove the ready to DP and AMS Alarm. DP alarm
closed signal to ECU zero the pitch. for loss thruster.
S
B
accuracy.
5) Very low ECU will open the clutch AMS Alarm. DP alarm
A
clutch/lube pressure
ee
Page 65 of 96
S
3
01
-2
for loss thruster.
G
accuracy.
6) Low clutch/lube Standby pump will auto-start
U
Standby pump running
pressure indication
-A
7) Loss of Pitch CMD Pitch freezes on last CMD. Frozen Indication
from ECU to hydraulic
19
control valves
DP will auto deselect thruster on large CMD/FB deviation - pitch to zero. AMS Alarm. DP alarm
for loss thruster.
ed
accuracy.
at
8) Loss of Pitch valve ECU will detect fault and open clutch. AMS Alarm. DP alarm
control signal from for loss thruster.
D
ECU to hydraulic
control valves
52
accuracy.
9) Loss of Pitch ECU will detect fault and open clutch. AMS Alarm. DP alarm
Control FB from ECU
52
for loss thruster.
valve to ECU
10) Very low pitch

pressure
accuracy.
ECU will open the clutch 06 AMS Alarm. DP alarm
T1
for loss thruster.
accuracy.
11) Low pitch Low pressure is detected and Standby Pump auto starts. Standby Pump Running
ef
pressure Indication
12) Leaky Pitch valve Failure may cause MP to fail max pitch ahead or max pitch astern. ECU will open
rR
AMS Alarm. DP alarm

the clutch. for loss thruster.
tte
accuracy.
13) Failure of standby No effect working with the mechanical pump. AMS Alarm
pump
Le
Loss of standby pump redundancy for system.

14) Failure of engine When pressure drops below the set point, the standby pump will automatically AMS Alarm
driven mechanical start.
s
pump
an
Loss of pump redundancy.

15) Loss of main AC RG controls remains powered by the BU DC supply from UPS. All thruster AMS Alarm.
supply power to RG communication continues uninterrupted, with no loss of performance.
r le
controls
16) Loss of BU DC RG controls remains powered by the main AC supply from SSB. All thruster AMS Alarm.
supply power from communication continues uninterrupted, with no loss of performance.
O
UPS to RG controls
17) Loss of main AC ECU remains powered by the BU DC supply from UPS. All thruster AMS Alarm.
ew
supply power to ECU communication continues uninterrupted, with no loss of performance.

18) Loss of BU DC ECU remains powered by the main AC supply from SSB. All thruster AMS Alarm.
N
UPS to ECU
19) ECU failure ECU will open the clutch AMS Alarm. DP alarm
S
for loss thruster.

B
accuracy.
A
20) Auto Start Loss of auto-start permissive. AMS Alarm

ee
Page 66 of 96
S
3
01
-2
Standby HPU CMD
B) Table B - DP Interface
G
U
1) Main PLC fails DPCS will auto deselect associated MP. AMS Alarm. DP alarm
-A
for loss thruster.
Pitch goes to zero.
19
accuracy.
ed
2) BU PLC fails BU PLC fails. Backup control of the MP is not available. No other effect. AMS Alarm
3) Data Bus from the DPCS will auto deselect associated MP. AMS Alarm. DP alarm
Main PLC to the ECU for loss thruster.
at
Pitch goes to zero.
D
accuracy.
52
4) Loss of Control DPCS will auto deselect associated MP. AMS Alarm. DP alarm
Request to Main PLC for loss thruster.
52
Pitch goes to zero.
5) Loss of Ready to
accuracy.
DPCS will auto deselect associated MP.
06 AMS Alarm. DP alarm
T1
DP for loss thruster.
Pitch goes to zero.
ef
accuracy.
rR

from DP to Main PLC
DPCS will auto deselect associated MP on large CMD/FB deviation - pitch to AMS Alarm. DP alarm
zero.
tte
for loss thruster.

accuracy.
Le
7) Loss of Pitch FB MP automatically goes into simulated FB. Simulated FB Indication

from Main PLC to DP
MP remains in DPCS control, but the accuracy of its performance in the DPCS
s
may be reduced.
an

r le
There are 2 MP propellers. Loss one MP will leave the other MP operational, which will
remain sufficient to carry out DP operations.
O
Each drive has a mechanical pump directly driven from the gearbox, used to pressurize
ew
the hydraulic control oil. In addition to the direct drive mechanical pumps, there is an
electric standby pump.
N
Each MP control system takes in two sources of power. The main supply is 480V-AC fed
(which is internally converted to DC inside of the Power Distribution Card) and the
S
backup supply is 24V-DC fed from a BPS. The single failure of the main or backup source
B
supply will have no effect on the MP control system, as the remaining source will
continue to supply redundant power.
A
ee
Page 67 of 96
S
3
01
-2
When the MP is in "constant speed" mode, the engine speed will remain constant. The SG
is only available in constant speed mode.
G
When the MP is in "combinator" mode, the engine speed and propeller pitch will both
U
vary. The SG must be offline when in this mode.
-A
19
DPO intervention may be required on the loss of the clutch disengage signal. Please refer
to Table A - failure mode 3.
ed
Loss of the ECU will cause the loss of the associated MP.
at
Loss of the Main PLC will cause the loss of the associated MP.
Loss of the BU PLC has no effect on the associated MP during DP operation.
D
The WCF is a leaky pitch valve causing the propeller pitch to fail to max pitch ahead or
52
max pitch astern. The resulting faulty thrust will cause the DPS to operate with reduced
accuracy. DPCS will auto deselect the MP on large CMD/FB deviation. The ECU will also
52
open the clutch after the DPCS deselects.
06
T1
ef
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 68 of 96
S
3
01
-2
4.2 Rudder Steering System
G
U
4.2.1 RD System Diagrams
-A
A) Figure A - RD1 Control System
19
Bridge Indication
Ampliﬁer
Indicators
Angle Limit FB
ed
±10V Speed CMD
Steering FWD Console Port/Stbd Direction
at
RD2 Deviation Control Fault CMD Frequency
RD2
Control Alarm ECU 480VAC Status Converter
D
Angle FB Aft Chair 1
System
Panel Control Fault
SSB2
Motor 480VAC
52
Aft Chair 2
Control Fault
Controller
AC Voltage
Variable
Local
52
Indication
Power Source Supply
Power
220VAC
Open
Color Legend Pump
06
Close
T
Angle Emergency
±1 0V Angle FB
o Isolation
V
Steering Control
alves
CMD
Control
T1
SSB2 ESB
Card 1
Restart
U1
Pump
Power/FB
AC-DC
HP
HPU1 Running Failure Alarm
ef
Oil
RD BPS Request Control Main Reservoir RD1
rR
Low Level 1
Supply RD1 1
Data
Ready Alarm
Bus
Alarm
DPCS ±10V Angle CMD
BU
Supply
Panel Low Level
Alarm
Oil 2
tte
Reservoir
DC-AC
HPU2 Running 2
Restart
Pump
Power/FB
HP
Le
Failure Alarm
Pump U2
T
±1 0V Angle FB
o Isolation
V
Control Angle
alves
Emergency
Indication
s
Bridge CMD Steering Control

Ampliﬁer
Indicators Card 2
an
Open
AC Voltage
Close
Variable
Supply 220VAC
r le
Power
Motor
O
480VAC
Controller
ew
Status
480VAC Frequency
ESB Port/Stbd Direction Converter
CMD
N
±10V Speed CMD

S
Angle Limit FB
B
A
ee
Page 69 of 96
S
3
01
-2
4.2.2 RD Steering System Description Overview
G
The steering system consists of two independent RD (rudders). The RD1 is the port rudder
U
and the RD2 is the STBD rudder. Each RD is actuated by an electro-hydraulic control system.
-A
Each hydraulic system uses 2 frequency controlled steering pumps.
19
4.2.3 Hydraulic System Description
A) Operation Philosophy
ed
The vessel uses a frequency controlled pump steering system compared to a conventional
steering system. In a conventional steering system, the pump is constantly running and
at
valves control the direction of oil flow. In frequency controlled pump steering systems, the
D
pumps are not constantly running. The pump starts when a rudder command signal is given
and stops when the rudder has reached the desired position. The pump also has the added
52
capability to control the direction of the flow, instead of the valves. The frequency controlled
steering system’s valves are only used to permit or stop flow, locking the rudder into place.
52
The valves open and close when a steering command signal is sent to the solenoid valve
driver circuit.
B) Rudder Actuation 06
T1
The pump controls the flow speed and direction inside the rudder actuator to turn the
spherical rotor and change the rudder’s angle. The steering system has 2 pumps for each
rudder, where each pump system consists of an oil reservoir, reversible pump, electric
ef
motor, oil cooler, flexible coupling, and filter assembly. Pump 1 is the primary pump, while
Pump 2 is normally in standby. Since each pump is electrically and hydraulically isolated,
rR
mechanical and electrical faults effect only one pump and will not interfere with operation
of the other pump. Each pump is capable of reverse flow, and adjusting the pressure output.
tte
Each pump has two separate oil reservoirs, each fitted with a low level alarm. The hydraulic
system’s valves are used to lock the rudder into place or isolate a faulty pump system. The
Le
valves are opened and closed by a solenoid controller.
4.2.4 Control System

s
an
A) Overview
Each pump system has a dedicated pump control card and motor controller. The motor
r le
controllers are used to convert the steering commands to a frequency signal for pump
control. The AC power supply to the motor controller is used to feed power to its
O
corresponding pump control card. The AC supply is internally converted to a DC supply used
to power the ECU.
ew
B) Pump Control
N
When the Pump Control Card sends a rudder command it will compare the command with
the current FB to calculate the difference. Once the difference has been calculated, the motor
S
controller will know the angle distance the rudder needs to turn from its current position.
B
The motor controller sends a pulse width modulation signal encoded with the directional
order and speed to the pump, allowing the required angle change to be executed. The signal
A
ee
Page 70 of 96
S
3
01
-2
will be continuously sent until the angle FB matches the command. The motor controller
will decrease the electronic pulse signal sent to the pump proportional to the FB difference
G
decreasing. The angle FB signal comes from a potentiometer mechanically linked to the
U
manoeuvre lever inside the rudder actuator.
-A
C) DP Interface
The ECU is used to interface DPCS with the Pump Control Cards. When DPCS sends a request
19
for control, the ECU will check the status of the rudder to see if it is currently available for
operation. For DPCS to have access to the rudder, one of the two HPUs must be available for
ed
operation. The ECU will then respond to DPCS with a ready signal. This will allow DP to send
rudder commands to the ECU. The associated rudder FB to DP is received directly from a
at
potentiometer located on the rudder actuator.
D
52
A) Rudder Feedback Units
52
1) Linkage Loss of FU mode control. Any CMD will cause rudder to continue moving to Steering Deviation
arrangement from FB mechanical stop. Alarm . DP Deselect
Unit 1 to rotor breaks
Reduced Accuracy - rudder is removed from DP. 06
T1
2) Angle control FB Incorrect FB to ECU. Rudder may move to an arbitrary location. FU control Steering Alarm Panel
potentiometer is responds incorrectly. Alarm
dislocated
Reduced Accuracy - rudder is removed from DP.
ef
3) Short circuit on Rudder will freeze. Steering Deviation

limit switch Alarm . DP Deselect
rR
4) Open circuit on No limit signal to motor controller. HPU with faulty FB unit can only lock up if Steering Deviation
tte
limit switch the 2nd pump is not running. Alarm . DP Deselect

Rudder operation continues using the 2nd pump's FB unit.
5) Short circuit on FB is frozen causing the rudder to freeze. Steering Alarm Panel
Le
angle control FB Alarm

potentiometer
s
6) Open circuit on FB is frozen causing the rudder to freeze. Steering Alarm Panel
an
angle control FB Alarm

potentiometer
r le
B) ECU
O

1) ECU power failure The rudder freezes. Steering Alarm Panel
ew
Alarm
2) ECU short circuit Loss of FU mode control. Any CMD will cause rudder to continue moving to Steering Deviation
N
mechanical stop. Alarm . DP Deselect

S
B
A
ee
Page 71 of 96
S
3
01
-2
C) Pump
G
1) Pump failure Motor stops, and HPU is disabled. Steering Alarm Panel
U
Alarm
Rudder operation continues using the 2nd pump.
-A
2) Motor Controller Motor stops, and HPU is disabled. Steering Alarm Panel
19
480VAC supply power Alarm
3) Motor Controller Motor stops, and HPU is disabled. Steering Alarm Panel
24VDC internal Alarm
ed
supply power
at
4) Motor Controller One of the two supply feeds fails to the ECU. Steering Alarm Panel
DC supply feed to the Alarm
D
ECU
Rudder operation continues using redundant power feed.
52
5) Frequency Motor stops, and HPU is disabled. Steering Alarm Panel
converter Alarm
52
C) Pump Control Card

Failure Mode Effects
06 Indication
T1
1) Power supply feed One of the two supply feeds fails to the pump control card. Steering Alarm Panel
from the Motor Alarm
Controller
ef
Rudder operation continues using redundant power feed.
2) Pump Control Card One pump is disabled. Steering Alarm Panel

rR
internal failure Alarm

3) Pump Control Card Incorrect CMD to Motor Controller. Rudder may move to mechanical stop. Steering Alarm Panel
tte
short circuit Alarm

Reduced Accuracy - rudder is removed from DP. DP alarm for loss RD.
Le
D) Remote Control Panels

s

an
1) Low Hydraulic ECU detects alarm and freezes rudder. Rudder control is only available in NFU Steering Alarm Panel
Pressure Signal to mode. Alarm
Motor Controller
r le
Vessel is operating without one RD. DP capability can continue with reduced
O
accuracy.
2) ECR Alarm Panel Loss of the ECR Rudder Alarm Panel. Monitor alarms from Bridge Rudder Alarm LossofAlarm Displayat
Panel. ECR.
ew
3) Bridge Alarm Panel Loss of the Bridge Rudder Alarm Panel. Monitor alarms from ECR Rudder Alarm LossofAlarm Displayat
Panel. Bridge.
N
E) DP Interface
S
1) Loss of Control ECU will see the loss of request and disable the ready signal to DPCS. DPCS will AMS Alarm. DP alarm
B
Request to ECU auto deselect associated RD on loss of ready. for loss RD.
A
ee
Page 72 of 96
S
3
01
-2
Rudder goes to zero position.
G
accuracy.
U
2) Loss of Ready to DPCS will auto deselect associated RD. AMS Alarm. DP alarm
DP for loss RD.
-A
Rudder goes to zero position.
19
accuracy.
3) Loss of Angle CMD Rudder freezes on last CMD. Frozen Indication
ed
from DP to ECU
DPCS will auto deselect associated RD on large CMD/FB deviation - rudder to AMS Alarm. DP alarm
zero position. for loss RD.
at
D
accuracy.
4) Loss of Angle FB RD automatically goes into simulated FB. Simulated FB Indication
from FB Unit 2 to DP
52
RD remains in DPCS control, but the accuracy of its performance in the DPCS
may be reduced.
52
5) Loss of Pump 1 No effect, except for alarm. DP alarm for pump
Running from ECU to failure.
DP
6) Loss of Pump 2
Running from ECU to
DP
No effect, except for alarm.
06 DP alarm for pump
failure.
T1

ef
Each RD has two pumps. One pump will function as the primary pump while the other
pump is in standby.
rR
The motor controllers have separate power sources. The primary power source is 480V
from the SSB2 and the secondary power source is 480V from the ESB.
tte
Since each HPU is electrically and hydraulically isolated, mechanical and electrical faults
Le
on one HPU and will not interfere with operation of the other HPU.

s
an
The WCF is a short circuit in the Pump Control Card. This may cause a corrupted rudder
CMD, which will cause the rudder to fail hard over.
r le
O
ew
N
S
B
A
ee
Page 73 of 96
S
3
01
-2
4.3 Swing Down Thruster System
G
U
4.3.1 SDT System Diagrams
-A
A) Figure A - SDT Control System
19
Azimuth Direction FB Control/Indication
Trailing Start/Stop
Lube Trailing
FPP RPM > Trailing RPM Limit Trailing Lube HPU
Lube HPU
ed
HPU
Engine Running Starter Duplex Filter
Panel SSB1
FPP
RPM FB Standby Steering
at
Running HPU
Low Clutch Press
AMS Auto Start Standby HPU
High Clutch Temp on Low Clutch Press
Alarms
D
Interlock Engine Clutch Gearbox
Clutch CMD on Low Oil Press Lube
HPU
Clutch Ready Clutch
Open/Close
52
ECU Clutch Status Clutch Control
Clutch Valves
FPP RPM
Top Gear
Interlock Engine ECU136 Clutch FB
(UN10)
52
on Low Oil Press
06
on Low Steering Press
Direction
ESB Control Valves
Start/Stop Standby
RPM Order HPU HPU
T1
on Low Clutch Press
Engine Running Hydraulic Oil
Auto Start Standby HPUStandby
RPM FB Head Tank
on Low Steering Press HPU
Gear Oil
Load FB AMS Standby Running Starter Servo Oil
Cooler
Alarms Panel Cooler
ef
ECM Standby Auto/Manual

Selector Mode
Switch
rR
Low Steering Press Interlock/Auto Stop Engine

AMS on Low Oil Press
High Steering Temp
Alarms
Azimuth Direction Order
Direction Order CMD Hydraulic
tte
Steering Control Valve Locking Cylinder Position

Turning Cylinder In Module
Turning Cylinder Out ECU133
Le
Auto Stop Engine

on Low Oil Press
24V DC
s
Main Ready for DP Control

an
PLC
DPCS Request
Data Bus
r le
4-20mA Thrust CMD Main

(UN1) 4-20mA Thrust FB DPCS
4-20mA Steering CMD
O
4-20mA Steering FB
Thrust Load
ew
Main
AC DC LP
Supply
BU SDT
N
DC DC
24V DC Supply BPS
Local
BU
Control
PLC
S
Unit Data Bus

(UN1)
B
(UN10)
A
ee
Page 74 of 96
S
3
01
-2
4.3.2 SDT System Description Overview
G
There is one SDT (swing down thruster) with a fixed pitch propeller with azimuth
capability. The SDT is driven by a dedicated diesel engine connected by a shaft with a
U
flexible coupling to a gearbox.
-A
19
The gearbox directly drives a mechanical pump used as the pump for hydraulic control, with
an electric motor pump used for start-up and standby. The azimuth capability allows the
ed
thrust to be outputted in any direction. The complete upper and lower gearbox arrangement
is fully flooded with oil for lubrication. The steering gear wheel is mounted on the top of the
at
steering column and is driven by a pinion connected to a radial hydraulic piston motor.
D
A) Hydraulic Pumps
52
The gearbox is equipped with dual tandem mounted direct driven hydraulic pumps which
are capable of carrying out all the clutching, lubrication, and steering functions without the
52
need for the electrically driven backup pumps. The unit is designed so that the steering
speed is adequate for good DP control when only the direct drive pumps are operating. The
06
gearbox is equipped with one electrically driven pump as backup. The electrically driven
pump is used during start up and as a standby pump for the gearbox driven pumps.
T1
B) Hydraulic Steering Control
The thruster’s steering control is operated by a mechanical transmission via a hydraulic oil
ef
system. A hydraulic radial piston motor is used to convert pressurized oil into torque and
angular displacement to turn pinions that drive a steering gear, which rotates the lower
rR
gearbox clockwise or counter clockwise.

C) Hydraulic Clutch Control
tte
The propeller is equipped with a clutch. The ECU sends commands to the clutch control
valve driver, for clutch operation. The valves used to adjust the oil pressure and flow, are
Le
opened and closed by solenoids. The clutch’s engage pressure is set when the control valves
completely close to stop the fluid flow.
s
D) Safety Features
an
An alarm is fitted for low steering pressure and low clutch/lube oil pressure. An alarm is
r le
also fitted to warn the operator that the standby steering pump has started. The hydraulic
system is equipped with filters and a sump pump for oil quality control. The SDT is also
O
equipped with a trailing lube pump.

ew

N
Main PLC (Programmable Logic Controller) - UN1 - provides the interface between the
S
SDT local control system and the external control systems located on the bridge. The
external systems on the bridge include: the DPCS, the IJS system, the remote control
B
manual levers on the bridge, the Autopilot system, etc. The DPCS sends CMDs
A
ee
Page 75 of 96
S
3
01
-2
(command) and FBs (feedback) to the Main PLC located in the machinery space over
analog lines (4-20mA) and digital lines. The DPCS interfaces with the Main PLC using a
G
TC (thruster card). The Main PLC is located in the bridge and transmits data over a serial
U
data bus to the ECU, which is located down in the machinery spaces.
-A
o SDT Main PLC powered by: SDT DC Supply Bus
19
the SDT local control system and the remote control manual levers on the bridge. The BU
PLC can be used for emergency steering control if the Main PLC fails. The BU PLC is not
ed
interfaced to the DPCS, so the BU PLC cannot be used while operating in DP mode. The
BU PLC is located in the bridge and transmits data over digital/analog lines hardwired
at
the local pitch control unit, which is located down in the Forward Thruster Room. The
Main PLC and the BU PLC monitor each other for lost connections and disrupted serial
D
communications from the ECU.
o SDT BU PLC powered by: SDT DC Supply Bus
52
ECU (Electronic Control Unit) - UN10 - the centralized control system that processes the
52
control logic and operates the SDT. As previously stated, the ECU is located in the
machinery spaces and interfaces with the Main PLC through a data bus. The ECU is
integrated with the following components:
06
o Gearbox Controller - controls the clutch and lube functions of the gearbox
T1
o Local Steering/Lifting Control Unit - contains the steering and lifting actuation
circuits and controls the azimuth capability of the lower gearbox.
ef
o Engine Control Module - monitors and controls the engine. Allows the ECU to
operate the engine's speed control.
rR
DC Control Supply Bus - supplies the Main PLC, BU PLC, and ECU. The control supply
bus is a combination of two feeds from different power sources. The Power Distribution
tte
Card functions as two input diode module used to supply power into the ECU, which can
then be feed up into the corresponding Main PLC and BU PLC. The 110V-AC power input
Le
into the power distribution card originates from a LP panel. The power distribution card
converts the AC voltage into DC voltage.
s
o SDT DC Control Supply Bus primary power source: 110V-AC supply feed from LP
an
o SDT DC Control Supply Bus secondary power source: 24V-DC supply feed from
SDT BPS
r le
B) Steering Control
O
Steering command signals are sent from the ECU to the rotation proportional valve. The
steering FB allows the ECU to know the azimuth angle distance and direction the lower
ew
gearbox needs to rotate from its current position. The local hydraulic control unit will send
an enable signal to the required directional solenoid valve to start changing the angle. The
N
valve will stay open until the FB matches the command. The steering feedback is measured
by a potentiometer on the upper gearbox, which is sent to DP so it can be compared to the
S
steering command to identify mismatches. DP deselects the thruster when

B

A
ee
Page 76 of 96
S
3
01
-2
C) Clutch Control
G
The clutch is engaged and disengaged using hydraulic pressure. This pressure is applied and
locked or removed by solenoid control valves, which receives the command signals from the
U
ECU. The clutch is applied by closing the engage solenoid and another solenoid is also
-A
activated at the same time to reduce the pressure and avoid slamming the clutch in. Once
the clutch has been engaged, feedback tells the ECU that the clutch is in and it releases the
19
solenoids. The clutch is disengaged by the ECU activating the disengage solenoid to release
the clutch pressure. Once the clutch has disengaged, feedback tells the ECU that the clutch is
disengaged and it deactivates the solenoid.
ed
at
A) Table A - SDT System Failures
D
52
1) Loss of RPM CMD ECU will open the clutch AMS Alarm. DP alarm
from ECU to ECM for loss thruster.
52
Vessel is operating without SDT. DP capability can continue with reduced
accuracy.
2) Loss of RPM FB ECU will open the clutch
from ECM to ECU
06 AMS Alarm. DP alarm
for loss thruster.
T1
accuracy.
3) Loss of clutch No immediate effect, but clutch can no longer be disengaged. If a fault does No alarm.
disengage from ECU occur that normally initiates an automatic clutch out, the DPO may need to
ef
to valve EStop the engine instead, to prevent damage from occurring.

4) Loss of clutch ECU will assume the clutch has opened. ECU will remove the ready to DP and AMS Alarm. DP alarm
rR
closed signal to ECU zero the steering. for loss thruster.

tte
accuracy.
5) Very low ECU will open the clutch AMS Alarm. DP alarm
clutch/lube pressure for loss thruster.
Le

accuracy.
6) Low clutch/lube Standby pump will auto-start
s
Standby pump running

pressure indication
an
7) Loss of steering Steering freezes on last CMD. Frozen Indication

CMD from ECU to
r le
hydraulic control
valves
DP will auto deselect thruster on large CMD/FB deviation - steering to zero.
O
AMS Alarm. DP alarm

for loss thruster.
ew

accuracy.
8) Loss of Steering ECU will detect fault and open clutch. AMS Alarm. DP alarm
N
valve control signal for loss thruster.

control valves
S

accuracy.
B
9) Loss of Steering ECU will detect fault and open clutch. AMS Alarm. DP alarm
A
Control FB from ECU

ee
Page 77 of 96
S
3
01
-2
valve to ECU for loss thruster.
G
accuracy.
10) Very low steering ECU will open the clutch
U
AMS Alarm. DP alarm
pressure for loss thruster.
-A
accuracy.
19
11) Low steering Low pressure is detected and Standby Pump auto starts. Standby Pump Running
pressure Indication
12) Leaky steering Failure may cause SDT to rotate clockwise or counter-clockwise. ECU will open AMS Alarm. DP alarm
ed
valve the clutch. for loss thruster.
at
accuracy.
D
pump
14) Failure of engine When pressure drops below the set point, the standby pump will automatically AMS Alarm
52
pump
52
15) Loss of main AC ECU remains powered by the BU DC supply from BPS. All thruster AMS Alarm.
supply power to ECU communication continues uninterrupted, with no loss of performance.
16) Loss of BU DC
supply power from
BPS to ECU
06
ECU remains powered by the main AC supply from LP. All thruster
communication continues uninterrupted, with no loss of performance.
AMS Alarm.
T1
17) ECU failure ECU will open the clutch AMS Alarm. DP alarm
for loss thruster.
ef
accuracy.
rR
Standby HPU CMD
tte

1) Main PLC fails DPCS will auto deselect associated SDT.
Le
AMS Alarm. DP alarm

for loss thruster.
Steering goes to zero. RPMs fall to idle.
s

an
accuracy.
2) BU PLC fails BU PLC fails. Backup control of the SDT is not available. No other effect. AMS Alarm
r le
3) Data Bus from the DPCS will auto deselect associated SDT. AMS Alarm. DP alarm
Main PLC to the ECU for loss thruster.
O

ew
accuracy.
4) Loss of Control DPCS will auto deselect associated SDT. AMS Alarm. DP alarm
Request to Main PLC for loss thruster.
N

S

accuracy.
B
5) Loss of Ready to DPCS will auto deselect associated SDT. AMS Alarm. DP alarm
A
DP
ee
Page 78 of 96
S
3
01
-2
for loss thruster.
G
U
accuracy.
6) Loss of Steering Steering freezes on last CMD.
-A
Frozen Indication
CMD from DP to Main
PLC
19
DPCS will auto deselect associated SDT on large CMD/FB deviation - steering to AMS Alarm. DP alarm
zero. for loss thruster.
ed
accuracy.
7) Loss of Steering FB SDT automatically goes into simulated steering FB. Simulated FB Indication
at
from Main PLC to DP
SDT remains in DPCS control, but the accuracy of its performance in the DPCS
D
may be reduced.
8) Loss of speed CMD RPMs freeze on last CMD. Frozen Indication
from DP to Main PLC
52
DPCS will auto deselect associated SDT on large CMD/FB deviation - RPM to AMS Alarm. DP alarm
idle. for loss thruster.
52
accuracy.
06
9) Loss of Speed FB SDT automatically goes into simulated speed FB. Simulated FB Indication
from Main PLC to DP
SDT remains in DPCS control, but the accuracy of its performance in the DPCS
T1
may be reduced.

ef
A separate diesel engine with a dedicated fuel tank drives the SDT. Power supply,
lubrication, and hydraulic oil systems are separated.
rR
The SDT has a mechanical pump directly driven from the gearbox, used to pressurize the
hydraulic control oil. In addition to the direct drive mechanical pump, there is an electric
tte
standby pump.
Le
The ECU takes in two sources of power. The main supply is 120V-AC fed (which is
internally converted to DC inside of the ECU) and the backup supply is 24V-DC fed from
a BPS. The single failure of the main or backup source supply will have no effect on the
s
ECU, as the remaining source will continue to supply redundant power to the ECU.
an

r le
DPO intervention may be required on the loss of the clutch disengage signal. Please refer
to Table A - failure mode 3.
O
Loss of the ECU will cause the loss of the SDT.

ew
Loss of the Main PLC will cause the loss of the SDT.
Loss of the BU PLC has no effect on the SDT during DP operation.
N
The WCF is a leaky steering valve causing the SDT to rotate in uncontrollable directions or
S
become completely unresponsive to DP commands. The resulting faulty thrust will cause the
DPS to operate with reduced accuracy. DPCS will auto deselect the thruster on large
B
CMD/FB deviation. The ECU will also open the clutch after the DPCS deselects.
A
ee
Page 79 of 96
S
3
01
-2
4.4 Tunnel Thruster System
G
U
4.4.1 Tunnel Thruster System Diagrams
-A
A) Figure A - BTT Control System
19
Alarm Data
ed
4-20mA Pitch Order Enable Standby
AMS HPU On Low Pressure Hydraulic
at
4-20mA Power Available Head Tank
BU 24VDC Supply BTT
System/Power DC DC
D
BPS
Failure
52
DP Control Request Main 208VAC
DC Power Distribution
DC AC SSB1
Ready for DP Control Supply
Mechanical
Main
52
4-20mA Pitch CMD 630 VA Servo Press Pump
DPCS PLC
4-20mA Pitch FB
Pitch Reduction On 06
Low Oil Press
Start/Stop
HPU
T1
Data Start/Stop
IJS Lines HPU HPU
HPU
Starter
Data 24VDC Cabinet
Supply
ef
Lines
AUX1 BU 24VDC DC DC ECU Servo HPU
Directional
rR
BPS Supply Running

Data
Link
Manual Valves
24V FB Unit 24VDC Reference Supply
DC Controls
Pitch FB
Main 208VAC (Brunvoll) 4-20mA Pitch Control FB
tte
LP DC AC
Supply
BU Data
Lines
PLC 4-20mA Pitch CMD
Le
Motor Running
s
BTT High Temp

an
Motor 4-20mA Motor Load

Starter
r le
Low Servo Press

Cabinet Start/Stop
O
ew
4.4.2 Tunnel Thruster System Description Overview

N
There is 1 BTT (bow tunnel thruster) and 1 STT (stern tunnel thruster) each driven by an
electric motor.
S
B
A
ee
Page 80 of 96
S
3
01
-2
G
A) Overview
U
Each electric motor is connected by a shaft with a flexible coupling to a gearbox. Each
-A
gearbox directly drives a mechanical pump used as the pump of hydraulic control, with an
electric motor pump used for start-up and standby. The thruster uses a hydraulically
19
actuated controllable pitch propeller. The thrust magnitude is managed by changing the
propeller pitch with the motor running at a normally constant speed.
ed
B) Hydraulic Pumps
The gearbox is equipped with a direct driven hydraulic pump, which is capable of carrying
at
out all the pitching functions without the need for the electrically driven backup pump. The
unit is designed so that the pitching speed is adequate for good DP control when only the
D
direct drive pump is operating. The gearbox is equipped with one electrically driven pump
52
as backup. The electrically driven pump is used during start up and as a standby pump for
the gearbox driven pumps.
52
C) Hydraulic Pitch Control
The pitch control is operated by gearbox's hydraulic system. The pitch system’s
06
proportional control valves adjust the oil pressure and flow, after receiving a pitch
command from the ECU. The pitch pump sends pressurized oil to move a piston. The pitch
T1
control valves manipulate oil flow to the pitch piston, moving it backward or forward, to
adjust the propeller pitch. Valves are opened and closed by solenoids, which receive electric
ef
command signals from ECU. The movement of the pitch piston allows the angle of the
propeller blades to change. The pitch piston position is set when the proportional control
rR
valves close to stop the fluid flow. The pitch piston’s position in combination with the
magnitude of motor's normally constant speed is used to give the vessel the required thrust
tte
power.
D) Safety Features
Le
An alarm is fitted for low pitch pressure and low lube oil pressure. An alarm is also fitted to
warn the operator that the standby pitch pump has started. The hydraulic system is
s
equipped with filters and a sump pump for oil quality control.
an

r le
O
Main PLC (Programmable Logic Controller) - provides the interface between the tunnel
thruster local control system and the external control systems located on the bridge. The
ew
external systems on the bridge include: the DPCS, the IJS system, the remote control
manual levers on the bridge, the Autopilot system, etc. The DPCS sends CMDs
N
(command) and FBs (feedback) to the Main PLC over analog lines (4-20mA) and digital
lines. The DPCS interfaces with the Main PLC using a TC (thruster card). There are 2
S
separate Main PLCs, one for each tunnel thruster. The Main PLC is located in the bridge
B
and transmits data over an Ethernet network cable to the ECU, which is located down in
the machinery spaces.
A
ee
Page 81 of 96
S
3
01
-2
o BTT Main PLC powered by: BTT PLC DC Supply Bus
o STT Main PLC powered by: STT PLC DC Supply Bus
G
U
the MP local control system and the remote control manual levers on the bridge. The BU
-A
PLC can be used for emergency pitch actuation if the Main PLC fails. The BU PLC is not
interfaced to the DPCS, so the BU PLC cannot be used while operating in DP mode. There
19
are 2 separate BU PLCs, one for each MP. The BU PLC is located in the bridge and
transmits data over digital/analog lines hardwired the local pitch control unit, which is
ed
located down in the steering room. The Main PLC and the BU PLC monitor each other for
lost connections and disrupted serial communications from the central unit.
at
o BTT BU PLC powered by: BTT PLC DC Supply Bus
D
o STT BU PLC powered by: STT PLC DC Supply Bus
ECU (Electronic Control Unit) - the centralized control system that processes the control
52
logic and operates the tunnel thruster. As previously stated, the ECU is located in the
machinery spaces and interfaces with the Main PLC through a network cable. There are
52
2 separate ECUs, one for each tunnel thruster. The ECU is integrated with the Motor
Starter Cabinet, which monitors and start/stops the drive motor.
o BTT ECU powered by: Aux1 DC Supply Bus 06
T1
o STT ECU powered by: Aux1 DC Supply Bus
PLC DC Control Supply Bus - supplies the Main PLC and BU PLC. There are 2 separate
PLC DC Control Supply buses, one for each tunnel thruster. The control supply bus is a
ef
combination of two feeds from different power sources. A two input diode module is
rR
used to supply power into the Main PLC and BU PLC. The 110V-AC power input into the
diode module originates from a LP section. The power distribution card converts the AC
voltage into DC voltage.
tte
o BTT PLC DC Control Supply Bus primary power source: 110V-AC supply feed
from LP
Le
o BTT PLC DC Control Supply Bus secondary power source: 24V-DC supply feed
from AUX1 BPS
s
o STT PLC DC Control Supply Bus primary power source: 110V-AC supply feed
an
from LP
r le
o STT PLC DC Control Supply Bus secondary power source: 24V-DC supply feed
from AUX1 BPS
O
DC Control Supply Bus - supplies the ECU. There are 2 separate DC Control Supply
buses, one for each tunnel thruster. The control supply bus is a combination of two feeds
ew
from different power sources. The Power Distribution Card functions as two input diode
module used to supply power into the ECU. The 480V-AC power input into the power
N
distribution card originates from a SSB section. The power distribution card converts the
AC voltage into DC voltage.
S
o BTT DC Control Supply Bus primary power source: 480V-AC supply feed from
B
SSB1
A
ee
Page 82 of 96
S
3
01
-2
o BTT DC Control Supply Bus secondary power source: 24V-DC supply feed from
BTT BPS
G
o STT DC Control Supply Bus primary power source: 480V-AC supply feed from
U
SSB2
-A
o STT DC Control Supply Bus secondary power source: 24V-DC supply feed from
STT BPS
19
B) Pitch Control
The pitch command signal is transmitted over the networks to the tunnel thruster ECU. The
ed
pitch FB allows the ECU to know the angle distance and direction the propeller blades need
to rotate from its current position. The ECU will send an enable signal to the required
at
directional solenoid valve to start changing the pitch. The valve will stay open until the FB
D
matches the command. The pitch feedback is measured by a potentiometer mechanically
linked to the manoeuvre lever on the propeller shaft, which is sent to DP so it can be
52
compared to the pitch command to identify mismatches. DP deselects the thruster when
52
A) 06
Table A - Tunnel Thruster Control System Failures
T1
1) Leaky Pitch valve Failure may cause thruster to pitch hard over. DPO intervention may be needed AMS Alarm. DP alarm
to EStop the drive. for loss thruster.
ef
Vessel is operating without one thruster. DP capability can continue with

reduced accuracy.
rR
3) Low lube pressure ECU removes the ready to DPCS. AMS Alarm. DP alarm
for loss thruster.
tte
Vessel is operating without one thruster. DP capability can continue with

reduced accuracy.
Le
pump
5) Failure of gearbox When pressure drops below the set point, the standby pump will automatically AMS Alarm
s

an
pump
r le

control valves
DP will auto deselect thruster on large CMD/FB deviation - pitch to zero.
O
AMS Alarm. DP alarm

for loss thruster.
ew
7) Loss of Pitch cmd Pitch freezes on last CMD. Frozen Indication

to ECU
DP will auto deselect thruster on large CMD/FB deviation - pitch to zero. AMS Alarm. DP alarm
N
for loss thruster.

8) Loss of main AC ECU remains powered by the BU DC supply from BPS. All thruster AMS Alarm. DP alarm
S
supply power to ECU communication continues uninterrupted, with no loss of performance. for loss thruster.
B
9) Loss of BU DC ECU remains powered by the main AC supply from SSB. All thruster AMS Alarm. DP alarm
A
for loss thruster.

ee
Page 83 of 96
S
3
01
-2
BPS to ECU
G
Standby HPU CMD
11) Low Pressure Low pressure is detected and Standby Pump auto starts. Standby Pump Running
U
Signal to Standby Indication
Pump Starter Box
-A
19
1) Main PLC fails DPCS will auto deselect associated thruster. AMS Alarm. DP alarm
ed
for loss thruster.
Pitch goes to zero.
at
Vessel is operating without one tunnel thruster. DP capability can continue with
reduced accuracy.
D
2) BU PLC fails BU PLC fails. Backup control of the tunnel thruster is not available. No other AMS Alarm
effect.
52
3) Network cable DPCS will auto deselect associated tunnel thruster. AMS Alarm. DP alarm
from the Main PLC to for loss thruster.
the ECU
52
Pitch goes to zero.
4) Loss of Control
Request to Main PLC
reduced accuracy.
06
DPCS will auto deselect associated tunnel thruster. AMS Alarm. DP alarm
T1
for loss thruster.
Pitch goes to zero.
ef
reduced accuracy.
5) Loss of Ready to DPCS will auto deselect associated tunnel thruster.
rR
AMS Alarm. DP alarm

DP for loss thruster.
Pitch goes to zero.
tte
reduced accuracy.
Le

from DP to Main PLC
DPCS will auto deselect associated tunnel thruster on large CMD/FB deviation - AMS Alarm. DP alarm
s
pitch to zero. for loss thruster.

an
accuracy.
7) Loss of Pitch FB Tunnel thruster automatically goes into simulated FB.
r le
Simulated FB Indication
from Main PLC to DP
Tunnel thruster remains in DPCS control, but the accuracy of its performance in
O
the DPCS may be reduced.

ew
Each drive has a mechanical pump (or HPUs (hydraulic power/pump units)) directly
N
driven from the gearbox, used to pressurize the hydraulic control oil. In addition to the
direct drive mechanical pumps, there is an electric standby pump.
S
Each ECU takes in two sources of power. The main supply is 480V-AC fed (which is
B
internally converted to DC inside of the ECU) and the backup supply is 24V-DC fed from
A
ee
Page 84 of 96
S
3
01
-2
a BPS. The single failure of the main or backup source supply will have no effect on the
ECU, as the remaining source will continue to supply redundant power to the ECU.
G
U
-A
A leaky pitch valve may cause the propeller pitch to fail to max pitch port or max pitch
stbd. The resulting faulty thrust will cause the DPS to operate with reduced accuracy.
19
DPCS will auto deselect the thruster on large CMD/FB deviation. The ECU will also stop
the motor after the DPCS deselects.
ed
at
D
52
52
06
T1
ef
rR
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 85 of 96
S
3
01
-2
5) DYNAMIC POSITIONG CONTROL SYSTEM
G
5.1 DP Control System
U
-A
5.1.1 DP Control System Diagram
19
A) Figure A - DPCS
ed
TC1
at
Power OC1 BTT
UPS1 PLC
Failures
D
IJS
GC1 Data Line
CC
OP1
TC2 SDT
Net
52
DGPS1 Data Line PLC
CC1 Switch
Data Line Phoenix
WS1 1
52
TB-A TC3 STT
VRU1 Data Line PLC
MIC1
Cyscan
Sensor
DP Data
24V-DC
DP Data
06
T1
Data Cyscan
Cable PSU Mode
Push Buttons
ef
Mode Enable DP Mode

AUX
PCB1
rR
GC3 Mode Enable IJS Mode

Mode PCB IJS TC
PCB2
WS3
tte
Le
MP1
MIC2 PLC
Radascan DP
s
Sensor Data TC4

an
Data Line Phoenix OP2 RD1

GC2 Net ECU
DGPS2 Data Line

TB-B Switch
r le
OC2 2
Data Line MP2
WS2
O
PLC
VRU2 Data Line CC2

TC5
ew
Power RD2
UPS2 ECU
Failures CC3
N
S
B
A
ee
Page 86 of 96
S
3
01
-2
5.1.2 DPCS Description Overview
G
The DPCS (Dynamic Positioning Control System) is a computer-controlled system, used
U
to automatically maintain a vessel’s station by countering the environmental effects on
-A
the vessel. The required thrust needed to maintain the position and heading of the vessel
is calculated in the 3 CC (control computers).
19
The data each CC uses to make the thrust requirement calculations comes from
reference sensors. 3 GC (gyrocompasses) are used for heading reference. 3 WS (wind
ed
sensors) measure wind speed and direction. 2 VRU (vertical reference units) measure
wave pitch and roll. 2 DGPS (differential global positioning sensors) are used for
at
absolute position reference, 1 LADAR (laser detection and ranging) sensor is used for
relative position reference, and 1 RADAR (radio detection and ranging) sensor is also
D
used for relative position reference.
The DPCS contains a TC (thruster controller) for each thruster. Each TC interfaces to the
52
corresponding thruster's remote control system.
52
There are 2 DP OS (operator stations) located near the aft center console. Each station
contains an OP (operator panel) and an OC (operator computer).
06
Communication between DP devices mainly takes place over two Ethernet local area
networks. 2 TB (terminal boards) are used to interface the reference sensors with the
T1
DPS communication network. Each TB interfaces to an OP, which converts the serial data
to network messages that may be read over the LANs. The two LANs interface to the
three CCs, two OPs, two OCs, and five TCs.
ef
A mode switch panel is used to switch between manual control, DPS control, and the
rR
backup independent joystick (IJS) control. The IJS is installed as a stand-alone operator
station interfaced with GC1 for automatic heading control. Upon failure of the DPS
tte
control system, the IJS can provide manual joystick control for the vessel’s manoeuvring
and auto-heading capability.
Le
5.1.2 Communication Network

s
Modules of the DPS are interfaced through dual local area networks (LAN). There are two
an
network switches (net switch), one located in the port aft bridge OS and the other located in
the STBD aft bridge OS. Each aft net switch also connects to a FWD network switch that
r le
directly interfaces with the thruster controllers. For DPS-2 redundancy concerns, the aft net
switch and the FWD net switch can be thought of as a single LAN. Between any two
communicating modules there are two separate connections, one for LAN1 and LAN2. Data
O
exchange between modules continuously takes place on both networks, ensuring that any
ew
network error is detected between any modules. The networks use “point to point”
communication with a UDPS/IP protocol. The “point to point” communication is verified by
traffic on the connection. If data is not received within a time interval the connection is
N
considered faulty. This way, many different kinds of faults on the communication network
can be detected. If a network failure results in broken communication between two system
S
nodes, the communication will continue uninterruptedly on the secondary network. To

B
ensure that critical data is received correctly, a reply is requested and sent from the
A
ee
Page 87 of 96
S
3
01
-2
receiving module.
The network interface cards in each of the two networks are always connected at 100Mb/s
G
in full duplex mode. This will exclude all possible network packets collision to happen. Every
U
node has a separate 100Mb/s transmit channel and a 100Mb/s receive channel on each
-A
LAN. The worst average network load is about 1% of the available bandwidth.
19
5.1.3 Data Processing
A) DPCSCC Overview
ed
3 of the CCs are used by the DPCS: DPCS CC1, DPCS CC2, and DPCS CC3. Each DPCS CC is
used to perform the calculations and the control logic needed to control each thruster
at
during DP operations. Each CC is connected to both DPCS networks. Therefore, a loss of one
D
network connection to the any CC will have no effect on that CC. The CCs collect the DP
sensor information over the networks. The sensor information is used by the DPCS to
52
develop thrust commands used to counteract the environmental forces and maintain vessel
station. The thrust commands are sent to each thruster and the thrust output of each
52
thruster will respond accordingly to the DPCS's commands. The thrust commands and
feedback information is sent and received over both the DPCS networks.
B) DPCSCC Operations 06
T1
The three DPCS CCs are redundant, therefore a loss of any one CC will have no effect on
DPCS operation. DPCS CC1, DPCS CC2, and DPCS CC3 are performing the same tasks and
running the same algorithms at the same time, but only one CC is actually in control of the
ef
DPCS at any given moment. The DPO designates which CC will be "In Use." If the CC selected
as "In Use" fails, then bump-less transfer of control will automatically switch to the CC with
rR
the lowest number (CC1/2/3), and it will be designated as the "In Use" CC. If the CC selected
as "In Use" fails, then bump-less transfer of control will automatically switch to the CC with
tte
the lowest number (CC1/2/3), and it will be designated as the "In Use" CC.
The three CCs are used to monitor a number of contact signals (console alarms, UPS alarms,
Le
etc). The system operates by having all three CCs checking identical sets of sensor
measurements in order to detect and possibly identify erroneous data. It is however
possible for one of these input signals to fail on only one CC in which case the DPCS will
s
alarm that the three CCs have different configurations. The same copy of software is running
an
on each CC. The software programs are retained on the FLASH memory on the CCs and OCs
and are reloaded after a computer malfunction or power failure. After automatic rebooting,
r le
the computer searches the network for an existing CC/OC, updates its variables and is then
ready to function. This process does not require any intervention or input from the
O
operator.
ew
The output of the CCs is constantly monitored by the CCs. If one CC starts to output
commands that deviate from the other two CCs, it is voted out by the other CCs and the
faulty CC’s output is disregarded.
N
C) Request/Ready
S
Before the thruster can be selected into DPCS, the DPCS must first send a Request signal, and
B
wait until the ECU responds back with a Ready signal. Before the ECU can send a Ready
A
signal back to the DPCS, certain conditions must be met:

ee
Page 88 of 96
S
3
01
-2
For each MP: the engine must be running idle, the gearbox hydraulic pressure must be
sufficient, and the propeller blades must be in the neutral position.
G
For the SDT: the engine must be running idle, the gearbox hydraulic pressure must be
U
sufficient, and the azimuth position must be in the neutral position.
-A
For the Tunnel Thrusters: the motor must be running idle, the gearbox hydraulic
pressure must be sufficient, and the propeller blades must be in the neutral position.
19
Once the conditions are met and the Ready signal is returned to the DPCS, it can begin
commanding the thruster.
ed
5.1.4 DPCS Reference Systems
at
The DPCS has multiple reference system sensors to provide redundancy for all
D
measurements. If one sensor fails another redundant sensor is available. Failure of a sensor
is detected by the CC and reported to the DP alarm system. The sensors are used to monitor
52
environmental loads, and report changes in the vessel’s position and heading. They are
interfaced to the rest of the DPCS through a terminal board.
52
A) Relative Position Reference Sensors - LADAR & RADAR
06
The CyScan sensor is a LADAR (laser detection and ranging) comprises a laser unit mounted
on a rotating gearbox/encoder assembly. The CyScan laser, as the name suggests, uses a
T1
laser to detect and lock on to a stationary reflective target, which is normally located on a
fixed platform. The sensor shoots the laser beam onto the target and the distance of the
vessel relative to the stationary target can be measured when the sensor detects the return
ef
of the laser beam. The CyScan sensor will calculate the angle and range of the reflective strip
rR
from the vessel and convert this information into a position reference that can be used by
DP. The configuration and setup for the sensor is done through the CyScan computer. The
LADAR sensor data is sent to Phoenix TB1 & Phoenix TB2 over serial data links.
tte
The CyScan’s auto tilt and rotating head laser provides an automatic scanning range and
bearing measurement system. The laser transmitter unit is currently located on the main
Le
mast facing aft. However, the unit is portable and can be repositioned as required. The
CyScan power supply unit is powered by 110V-AC from DPCS UPS1. A loss of power to the
s
CyScan and a loss of signal from the CyScan to DP should both result in the CyScan being
an
rejected. To remove the possibility of the loss of the CyScan from the loss of any one serial
OP/TB, the CyScan is parallel interfaced to both OP/TBs. The DPCS monitors the CyScan for
r le
minimum and maximum rates of change and serial line activity.

The RadaScan sensor is a RADAR (radio detection and ranging) system sensor that emits a
O
radio wave beam off of a stationary reflective target. The distance of the vessel relative to
the stationary target can be measured when the sensor detects the return of the radio wave
ew
beam from any of the transponders within range. The configuration and setup for the sensor
is done through the RadaScan computer. To remove the possibility of the loss of the
N
RadaScan from the loss of any one serial OP/TB, the RadaScan is parallel interfaced to both
OP/TBs. The DPCS monitors the RadaScan for minimum and maximum rates of change and
S
serial line activity.

B
A
ee
Page 89 of 96
S
3
01
-2
B) Absolute Position Reference Sensor - DGPS
G
The DGPS (differential global positioning system) sends radio signals to satellites in orbit to
measure the vessel position. After the radio signal is processed, the differential correction
U
data for the precise position of any unknown points can be obtained by relating the points to
-A
ground-based reference stations. The ground stations are used to measure small variations
in the satellite signals by sending the correction messages to a geostationary augmentation
19
satellite every few seconds. The correction data is then sent from the geostationary satellite
down to the DGPS receiver where it is used to improve accuracy while computing position.
DP requires a minimum of 4 satellites “in sight,” and a corrected satellite position at least
ed
every 5 seconds to achieve a signal accurate enough for DP operations.
Because both DGPS systems use the same population of GPS satellites, any number of DGPS
at
units can only be considered as a single reference. Both receivers are interfaced via
D
RS232/RS422 serial links. DGPS1 transmits data over Phoenix TB1, and DGPS2 transmits
data over Phoenix TB2. DP rejects the DGPS on loss of serial line, loss of differential
52
correction, no change for 20 seconds, or jumps in position in excess of 5 meters.
C) Heading Reference Sensors - GC
52
The gyrocompasses are used to measure vessel heading and display rotational speed. Each
06
GC sends a heading and rotational serial data stream to the corresponding Phoenix TB over
a serial data link. A separate digital output is also used to send a "gyro ready" signal, to
T1
prevent the DPCS system from accepting a faulty or errant GC.
Each GC is located in the navigation bridge. The make/model of each GC is SG Brown
Meridian. Both GC are interfaced to the DP by RS-422 serial lines. GC1 transmits data over
ef
Phoenix TB1, GC2 transmits data over Phoenix TB2, and GC3 transmits to both OP/TBs.
rR
D) Vertical Reference Sensors - VRU

The VRU (vertical reference unit) is used to measure the pitch and roll of the vessel.
tte
Magnetic fields pick up the movement of the vessel, and voltages are induced and amplified
to give output signals proportional to the pitch and roll. Various reference systems such as
Le
DGPS and HPR (no acoustics fitted on this vessel) use accurately measured angles relative to
the hull for their inputs to DPCS. The VRU input to DPCS is used to correct the signals taking
s
into consideration the angle of the hull, fore and aft, and port and starboard, relative to the
an
horizontal. The importance of the VRU signal increases as the weather worsens and the ship
movements become more severe.
r le
Each VRU are located in the rear of ECR. The make/model of each VRU is TSS-DMS - 535RP.
Each VRU is interfaced to the DP by RS-422 serial lines. VRU1 transmits data over Phoenix
O
TB1 and VRU2 transmits data over Phoenix TB2.

E) Wind Reference Sensors - WS
ew
The anemometers or WS (wind sensors) are used to measure wind speed and direction.
N
Wind speed is measured by a dc tachometer and wind direction by a potentiometer. Their

display units give a serial output that is interfaced to the DPCS. These are used in the vessel
S
model to calculate the influence of wind on the vessel.

B
Wind sensor accuracy is also often impaired when the vessel is working close to a platform
where unpredictable wind eddy can cause a destabilizing effect on the DPCS. Good
A
ee
Page 90 of 96
S
3
01
-2
operational practices and awareness can, to a large extent, negate this problem.
Each WS is co-located with the DGPS antennae on the main-yardarms on the uppermost
G
deck. The make/model of each WS is Young Wind Tracker, and each is of mechanical type.
U
Each WS is interfaced to the DPCS by RS-422 serial lines. WS1 transmits data over Phoenix
-A
TB1, WS2 transmits data over Phoenix TB2, and WS3 transmits data to both OP/TBs.
19
5.1.5 Consequence Analysis
Before beginning DPS-2 operation, the DPO should activate the DP Class 2 mode via the
ed
DPCS software running on the DPCS OS. This turns on the "Consequence Analysis" function,
which runs in the background continually checking that there is sufficient thrust and power
at
available to continue to maintain station in the existing conditions should a main propeller,
thruster, generator, or switchboard fail. The DPO is warned by a warning if vessel capability
D
is exceeded in which case the DP operation should be terminated. This system should be
active during all DPS-2 operations.
52
5.1.6 Operator Station - OS
52
A) Operator Computer - OC
06
Each OS (operator station) allows the DPO to input commands into the DP Control System,
while monitoring and alarming the DPS. The two OS are located in the aft bridge with one on
T1
the port side and the other on the stbd side. Each OS is independent of the other and
continuously works in parallel. Each OS contains an OC (operator computer) and OP
(operator panel). It is possible to operate the DPS from either station. If one OS fails the DPO
ef
can take command on the other OS and proceed monitoring and interacting with the system.
rR
All alarms and warnings are shown on each OS, and have priority over other information
displayed.
tte
B) Operator Panel - OP
Each OS contains an OP (operator panel) for the DPO to interact with the DPS. Each OP is
Le
connected to a TB (terminal board) interfaced to reference sensors. Failure of either OP or

corresponding TB will reduce the reference sensor redundancy.
s
C) Mode Switch
an
A mode switch panel containing three pushbuttons is interfaced to each terminal board to
r le
switch between manual control, DPS control, and the backup independent joystick (IJS)
control. When the DPO presses the button to go into DPS mode, a set of switch contacts will
O
close allowing the DPS to control the thrusters. There are two sets of contact switches,
where one set of switches closes for DPS control, and other set for IJS control. All contact
ew
switches remain open for manual control and any switch from DPS to IJS or IJS to DPS
requires manual control to be selected first. The mode switch consists of three PCBs, with
two DPS mode PCBs powering the DPS contact switches, and on PCB powering the IJS
N
contact switches. The key switch for remote access is also connected to the mode panel to
send a DC voltage to power the DPS remote access box.
S
B
A
ee
Page 91 of 96
S
3
01
-2
5.1.7 Thruster Control
G
The TC provides the FB (feedback), through the communication network to the CC in
command. The TCs also send CMD (command) signals to the corresponding thruster’s
U
control interface system, based on the thruster allocation algorithm data. Each thruster is
-A
equipped with a TC to provide necessary redundancy. If any one TC fails, only one thruster
will be un-accessible for DP control. A DPS-2 vessel is designed to be able to continue
19
operation and maintain necessary thrust capacity if any one thruster fails.
The thrusters are designed in such a way that an electrically open input control signal or an
ed
internal fault in the thruster will force the thruster to give zero thrust. Thruster output
signals like ready and running will then indicate that the thruster is not available. In case of
at
a faulty TC the relay will let the thruster fall back to the manual handles. If a TC receives
data from a CC that deviates from the other CCs, it will be considered faulty. The TC will then
D
send the status of the faulty CC to one of the accurate CC and the appropriate response is
handled from the OS.
52
5.1.8 DPCS Failure Modes
52
Faulty sensors in the DPCS are detected in the following ways:
When the sensor stops outputting data. 06
T1
When the outputted data exceeds the predefined acceptable value limit, reflecting
unreasonable output values.
When the output is frozen.
ef
The DP System monitors the output from the sensors, and generates a mismatch alarm
rR
when the deviations between the sensors reaches:

o VRU activates mismatch alarm on a 3° difference
tte
o WS activates mismatch alarm on a 15° or 10 knot difference

o GC activates mismatch warning on a 3° difference, alarm on a 5° difference
Le
When the DPO receives a mismatch alarm, they must decide which unit is faulty and
manually deselect it from the DPCS.
s
an
5.1.9 Effects ofFailures

r le
Loss of one OC will have no effect since the redundant OC will continue all data
processing with no interruptions or loss of performance.
O
Loss of one OP will result in the loss of the associated OS and the loss of 1 DPGS, 1 WS, 1
GC, and 1 VRU interface.
ew
The network is redundant throughout and loss of a single data connection, power
supply, or loss of an entire network switch will have no effect on the DP Control System.
On loss of one network, the redundant network will continue all data communication
N
with no interruptions or loss of performance.

S
Drift between two GCs will give a mismatch alarm on 5° difference.

WS mismatch alarms are provided on wind speed on a 10 knot difference, and wind
B
direction on a 15° difference.

A
ee
Page 92 of 96
S
3
01
-2
VRU mismatch alarms are generated on a 3° difference.
The 2 DGPS systems are separate and no single failure will result in failure of both DGPS
G
systems other than a complete shutdown of the US GPS satellite constellation.
U
It is important that the DGPS antennae are not masked from the satellite by sections of a
-A
platform. Jump in positioning signal is a common problem when there is a satellite
“constellation change” or a differential signal problem. The DPO should be aware of this
19
problem as a position reference change of more than 5 meters can have a destabilizing
effect on DP when the 2 DGPS are in the primary - secondary philosophy.
The LADAR and RADAR systems have a number of failure modes that the DPO should be
ed
aware of. It is important that the beam is not masked by parts on a platform or crane
loads. In addition, because it is an optical system, fog, heavy rain, snow, or even a flock of
at
birds have the potential to cause loss of reference from the system. It is also possible for
D
the beam to lock onto reflective material moving in front of the target. It may also be
sensitive to low sun either into the scanner or onto the targets. The DPCS will reject the
52
CyScan/RadaScan and generate a faulty target alarm on these failures.
52
5.2 FMEA Tables
Failure Mode Local Effect Indication DPS End Effect
1) Net Switch 1 Communication continues on Net
Switch 2 06 DP Alarm. None
T1
2) Net Switch 2 Communication continues on Net DP Alarm. None
Switch 1
ef
1) CyScan CyScan deselected. Other position DP Alarm. None

reference available.
rR
2) RadaScan RadaScan deselected. Other DP Alarm. None

position reference available.
tte
1) DGPS1 DGPS1 deselected. DGPS2 DP Alarm. None

automatically selected as primary.
2) DGPS2 DGPS2 deselected. DGPS1 DP Alarm. None
Le
automatically selected as primary.

1) GC1 GC1 deselected. DP continues with DP Alarm. None
s
redundant GCs.
an

redundant GCs.
r le
redundant GCs.
O
1) VRU1 VRU1 deselected. VRU2 automatically DP Alarm. None

selected as primary.
2) VRU2 VRU2 deselected. VRU1 automatically DP Alarm. None
ew
selected as primary.
N
1) WS1 WS1 deselected. DP continues with DP Alarm. None

redundant WSs.
S
redundant WSs.
B

redundant WSs.
A
ee
Page 93 of 96
S
3
01
-2
1) MIC1 Normal Supply MIC1 powered from BU Supply Feed DP Alarm. Reduced Redundancy
G
2) MIC1 BU Supply MIC1 powered from Normal Supply Feed DP Alarm. Reduced Redundancy
3) MIC2 Normal Supply MIC2 powered from BU Supply Feed DP Alarm. Reduced Redundancy
U
4) MIC2 BU Supply MIC2 powered from Normal Supply Feed DP Alarm. Reduced Redundancy
-A
1) MIC1 Lost monitoring MSB1 and PSB1 at DP OS. DP Alarm. Reduced Redundancy
19
2) MIC2 Lost monitoring MSB2 and PSB2 at DP OS. DP Alarm. Reduced Redundancy
A) Data Processing
ed
1) CC1 CC1 deselected. DP continues with DP Alarm. Reduced Redundancy
at
redundant CCs.
D
redundant CCs.
redundant CCs.
52
1) OC1 OC1 deselected. OC2 available for use DP Alarm. Reduced Redundancy
52
at OS2.
2) OC2 OC2 deselected. OC1 available for use DP Alarm. Reduced Redundancy
at OS1.
1) OP1
Failure Mode Local Effect
OP1 deselected. OP2 available for use
06 Indication
DP Alarm.
DPS End Effect
Reduced Redundancy
T1
at OS2.
2) OP2 OP2 deselected. OP1 available for use DP Alarm. Reduced Redundancy
at OS1.
ef
1) PCB1 Mode switching continues with PCB2. DP Alarm. Reduced Redundancy

rR
2) PCB2 Mode switching continues with PCB1. DP Alarm. Reduced Redundancy

3) AUX PCB Lost ability to switch to IJS mode. None Reduced Redundancy
tte
D) Thruster Controllers - TC1, TC2, TC3, & TC4

Le
1) TC1 Normal Supply TC1 powered from BU Supply Feed DP Alarm. Reduced Redundancy
2) TC1 BU Supply TC1 powered from Normal Supply Feed DP Alarm. Reduced Redundancy
s
an
r le

1) TC1 BTT deselected from DP. DP Alarm. None. DPS compensates with
other thrusters.
O
2) TC2 SDT deselected from DP. DP Alarm. None. DPS compensates with
other thrusters.
ew
3) TC3 STT deselected from DP. DP Alarm. None. DPS compensates with
other thrusters.
N
S
B
A
ee
Page 94 of 96
S
3
01
-2
1) TC4 MP1 & RD1 deselected from DP. DP Alarm. None. DPS compensates with
MP2 & RD2. Reduced
G
Redundancy
2) TC5 MP2 & RD2 deselected from DP. DP Alarm. None. DPS compensates with
U
MP1 & RD1. Reduced
Redundancy
-A
5.3 Summary and Redundancy Concepts
19
The DPCS is a redundant system with two communication networks. In addition, the
control computers use triple redundancy. In all situations the DPCS is able to continue
ed
operation with reduced redundancy or reduced accuracy. The DPCS has been designed
with adequate redundancy for protection against SPFs.
at
D
The DPO must be conscious of atmospheric interference while in DPS. All position
52
reference sensors can be lost by atmospheric interference. Thunderstorms can decrease
GPS communication with satellites, and possibly block reflective targets. Wind eddies
52
from helicopters and sea structures can cause the DPS to overcompensate for wind force,
possibly losing position. Solar blind spots can also cause the loss of satellites, thus
decreasing DGPS accuracy. 06
T1
In the primary-secondary philosophy, if reference sensor readings mismatch, the DPO
must decide which sensor is faulty. Inaccurate output alarms from reference sensors
require the DPO to monitor and deselected the faulty sensor.
ef
The WCF is failure of either DPCS BPS. Please refer to the FMEA's Battery Power System
rR
section for more information.

The component WCF is the loss of TC2, which will cause the SDT to fail and be deselected
from the DPCS.
tte
Le
s
an
r le
O
ew
N
S
B
A
ee
Page 95 of 96
S
3
01
-2
G
U
This Report is intended for the sole use of the person or company to whom it is addressed and no
-A
liability of any nature whatsoever shall be assumed to any other party in respect of its contents.
As to the addressee, neither the Company nor the undersigned shall (save as provided in the
19
Company’s Conditions of Business) be liable for any loss or damage whatsoever suffered by
virtue of any act, omission or default (whether arising by negligence or otherwise) by the
ed
undersigned, the company or any of its servants.
at
D
Auditor Name: _____________________________________ (Print)
52
52
Auditor Name: _____________________________________ (Signature)
Date: ____________________________ 06
T1
ef
rR
Edison Chouest Offshore

tte
Le
DP FMEA Manager: ___________________________________

Kerry Gregory
s
an
r le
O
ew
N
S
B
A
ee
Page 96 of 96
S

NAV107 DP2 FMEA Rev 1 76630408

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NAV107 DP2 FMEA Rev 1 76630408

Uploaded by

Copyright:

Available Formats

3

Date July 2013

ECO Doc. Title Campos Challenger DPS-2

DPS-2 FMEA ECO Ref. No. 107-F-1

Client Doc. No.

Rev. Date Reason for Issue Author Check Client

0 24 MAY 13 Original issue for comment HAD KPG

1 24 JUL 13 Finalized after trials MAG KPG

driven generator and an Emergency Switchboard connected to 1 emergency generator.

stbd service switchboard section is connected to the forward diesel generator.

backup battery chargers, and 4 individual Uninterruptible Power Supplies.

The emergency day tank supplies the emergency diesel generator.

to be consistent with ABS DPS-2 notation and IMO DP guidelines.

 The Thruster Switchboard bus-tie is required to be open during DPS-2 operation.

2) Power Generation and Auxiliary Systems ...................................................... 21

2.1.1 Fuel Oil System Diagrams........................................................................................................................... 21

2.1.3 Fuel System Operating Philosophy ........................................................................................................ 22

2.1.6 Significant Failures ........................................................................................................................................ 24

2.2.1 Compressed Air System Diagrams ......................................................................................................... 25

2.2.2 Compressed Air System Description ..................................................................................................... 25

2.2.4 Summary and Redundancy Concepts.................................................................................................... 26

2.3.1 HVAC System Description .......................................................................................................................... 26

2.3.3 Summary and Redundancy Concepts.................................................................................................... 28

2.4 Water Cooling Systems ............................................................................................. 28

2.4.2 Water Cooling System Description ........................................................................................................ 31

2.4.3 Failure Modes and Effects .......................................................................................................................... 32

2.8.5 Significant Failures ........................................................................................................................................ 47

3) Power Distribution Systems .......................................................................... 48

3.1.2 TSB System Description .............................................................................................................................. 48

3.1.5 Significant Failures ........................................................................................................................................ 50

3.2.1 SSB System Diagrams .................................................................................................................................. 50

3.2.2 SSB System Description .............................................................................................................................. 53

3.2.5 Significant Failures ........................................................................................................................................ 55

3.3.1 Battery System Diagrams .......................................................................................................................... 56

3.3.3 Failure Modes and Effects .......................................................................................................................... 59

3.3.5 Worst Case Failure ........................................................................................................................................ 61

4.1 Main Propulsion Drive and Gearbox System .............................................................. 62

4.1.1 MP and RG System Diagrams ................................................................................................................... 62

4.1.2 MP System Description Overview .......................................................................................................... 63

4.4.3 Failure Modes and Effects .......................................................................................................................... 83

4.4.5 Worst Case Failure ........................................................................................................................................ 85

5) Dynamic Positiong Control System ................................................................ 86

5.1 DP Control System .................................................................................................... 86

5.1.2 DPCS Description Overview ...................................................................................................................... 87

5.1.3 Data Processing ............................................................................................................................................... 88

5.1.4 DPCS Reference Systems ........................................................................................................................... 89

5.1.7 Thruster Control ............................................................................................................................................ 92

5.1.9 Effects of Failures........................................................................................................................................... 92

5.3 Summary and Redundancy Concepts......................................................................... 95

1.1.1 Scope ofWork

 Essential Auxiliary Systems

 Power Distribution Systems

 Dynamic Positioning Control System

1.1.2 Conduct ofWork

FMEA, was acquired by:

o Vessel drawings and specifications

 Speaking with operating personnel and shipyard engineers

1.2 Vessel Particulars

1.2.1 Description Summary

and 1 stern tunnel thrusters.

tunnel thruster motor.

Section or the Emergency Generator. There is one (208/120V-AC) Lighting Distribution

The Thruster Switchboard bus-tie is required to be open during DPS-2 operation.

Essential Auxiliary Systems

Power Distribution Systems

Dynamic Positioning Control System

Speaking with operating personnel and shipyard engineers

Make: John Deer RPM: 1800, kW: 175, Volts: 480

Make: Flender, Model: GNBK 585

Make: WEG, Volt: 6600, Hz: 60

Make: WEG, Volt: 480, Hz: 60

Equipment is available and working correctly

The vessel is operating within worst case failure environmental limits

TSB1 (port TSB section), BTT

SSB1 (port SSB section), DG2 (aft DG)

MP2, ME2, RG2, SG1, RD2

SSB2 (stbd SSB section), DG1 (fwd DG)