Home

MSC/Circ.891 - Access Manager 3.0

1. 4 6 4 4 7 4 7 1 4 7 2 4 7 3 4 8 4 8 1 4 8 2 4 8 3 4 8 4 4 8 5 MSC Circ 891 ANNEX Page 5 When the same data communication link is used for two or more essential functions this link should be redundant Redundant data communication links should be routed with as much separation as practical Switching between redundant links should not disturb data communication or continuous operation of functions To ensure that data can be exchanged between various systems standardized interfaces should be used Failure to safety In the event of a failure of a computer based system that system should automatically revert to the least hazardous condition The failure and restarting of computer based systems should not cause processes to enter undefined or critical states Control alarm and safety functions should be arranged such that a single failure will not affect more than one of these functions Integration of systems Operation with an integrated system should be at least as effective as it would be with individual stand alone equipment Where multifunction displays and controls are used they should be duplicated and interchangeable Failure of one part individual module equipment or subsystem of the integrated system should not affect the functionality of other parts except for those functions directly dependent upon information from the defective part A complete failure in connectivity between par
2. Page 2 2 3 2 4 2 5 2 6 2 7 3 1 3 1 1 Integrated system A combination of computer based systems which are interconnected in order to allow centralised access to sensor information and or command control Notes Integrated systems may for example perform one or more of the following operations passage execution e g steering speed control traffic surveillance voyage planning communications e g radiotelephone radiotelex GMDSS machinery e g power management machinery monitoring fuel oil lubrication oil transfer cargo e g cargo monitoring inert gas generation loading discharging safety and security e g fire detection fire pump control watertight doors Interface A transfer point at which information is exchanged Note Examples of Interfaces include Input output interface used for interconnection with sensors and actuators Man machine interface e g visual display units keyboards tracker balls and dedicated controls and instruments used for communication between the operator and the computer Communications interface used to enable serial communications networking with other computers or peripherals Node A point of interconnection to a data communication link Peripheral A device performing an auxiliary action in the system e g printer data storage device Software Programs data and documentation associated with the operation of a computer based
3. review the disk directory and verify that the correct current files are present 4 Instructions a clear explanation of how to install use and troubleshoot the program The instructions should be user friendly recognizing that the user is a ship officer 5 Information sources a list of all ship specific plans drawings tables other documents etc which provided information used in the program In most cases this information will probably come from the ship s approved stability booklet however other sources should be clearly identified Ideally all such information sources should themselves be annotated to the effect that they were used in developing the program so that future revisions to the drawing will also prompt a review of the program 4 2 2 The programmer s manual is not expected to be furnished to the ship it is for use by select persons familiar with programming but who may not necessarily the original program writers when it becomes necessary to revise the program as a consequence of changes to the ship The programmer s manual should carefully document the program s workings and include a flowchart and an annotated program listing This manual should explain how to edit the program especially to revise ship specific data lightship data hydrostatic characteristics weight and moment data tank capacities etc 4 3 Program and documentation control A careful procedure should be established so that revisions to the pro
4. system General Requirements General Computer based systems should fulfill the functional requirements of the system under control for all operating conditions including emergency conditions taking into account Danger to persons Environmental impact Damage to equipment T CIRC MSC 891 WPD 3 2 3 2 1 3 2 2 3 2 3 3 3 3 3 1 3 3 2 MSC Circ 891 ANNEX Page 3 Usability Operability of non computer devices and systems etc If process times for functions of the system are shorter than the reaction times of the operator and therefore damage cannot be prevented by manual intervention means of automatic intervention should be provided A computer based system should have sufficient capability to perform necessary autonomous operations accept user commands inform the user correctly under all operating conditions including emergency System capability should provide adequate response times for all functions taking into consideration the maximum load and maximum number of simultaneous tasks including network communication speed under normal and abnormal process conditions Computer based systems should be designed in such a way that they can be used without special previous knowledge otherwise appropriate assistance should be provided for the user as specified in section 6 Training Computer based systems should be protected against unintentional or unauthorized modification of programs a
5. INTERNATIONAL MARITIME ORGANIZATION G Ny E 4 ALBERT EMBANKMENT V V LONDON SE1 7SR X VE Telephone 0171 735 7611 Fax 0171 587 3210 IMO Telex 23588 IMOLDN G Ref T1 3 02 MSC Circ 891 21 December 1998 GUIDELINES FOR THE ON BOARD USE AND APPLICATION OF COMPUTERS 1 The Maritime Safety Committee at its seventieth session 7 to 11 December 1998 approved the Guidelines for the on board use and application of computers given in the annex Also the Committee at its sixty ninth session 11 to 20 May 1998 approved MSC Circ 854 on Guidelines for shipboard loading and stability computer programmes and instructed the Secretariat to annex them to the aforementioned Guidelines for the on board use and application of computers once approved The former have therefore been attached to the latter and are set out in the appendix to the annex 2 The advent of inexpensive personal computers has resulted in rapidly growing usage aboard merchant marine vessels for many shipboard applications including cargo loading and trim and stability calculations To the extent that these programmes rely upon human input of data and interpretation of output they are potentially vulnerable to human factor errors Although such errors will most likely emerge in the user such as shipboard officers the actual roots of the errors might be found in other shoreside sectors software developers who might not anticipate human factor needs or shipping company management 3 Re
6. ND APPLICATION OF COMPUTERS Scope These Guidelines are applicable where computer based systems are used to perform essential functions such as a propulsion steering and manoeuvring navigation and communication cargo loading discharging and control safety of passengers and crew e g fire safety systems and general alarm and b essential calculations such as ship s stability and loading The Guidelines are not applicable to equipment or systems for which relevant specific Performance Standards of the Organization exist The Guidelines should also be applied to non essential functions where loss of control could result in serious damage to the ship or its machinery or serious injury to personnel e g explosion of domestic water boilers Definitions In addition to the definitions in the SOLAS Convention the following are necessary for these guidelines Computer A programmable electronic device for storing and processing data making calculations or performing control Notes 1 For the purposes of this document the term computer means a digital computer 2 A computer may consist of a stand alone unit or may consist of several interconnected units and includes any programmable electronic system PES including main frame mini computer or micro computer Computer based system A system of one or more computers associated software peripherals and interfaces T CIRC MSC 891 WPD MSC Circ 891 ANNEX
7. age 7 Graphical user interface Information should be presented clearly and intelligibly according to its functional significance and association Screen contents should be logically structured and their representation should be restricted to the data which is directly relevant for the user When using general purpose graphical user interfaces only the functions necessary for the respective process should be available Alarms should be visually and audibly presented with priority over other information in every operating mode of the system they should be clearly distinguishable from other information All display and control functions in control stations operated by the same operators should adopt a consistent user interface Particular attention should be paid to symbols colours controls information priorities layout Training Training should be provided at a level required to effectively operate and maintain the system and should cover normal abnormal and emergency conditions The user interface for training should correspond with the real system Documentation should be provided to support the training and should be available for repeated use on board Where a training mode is incorporated in a computer based system it should be clearly indicated when the training mode is active Whilst in the training mode the operation of the system should not be impaired and neither should any system alarms or indicatio
8. ances for unit confusion and wherever possible weight conversions should be calculated by the computer Screen displays and print outs should then present both the entered value and the computational weight value side by side 2 2 Data and program protection Although the program should be flexible enough to allow the user to override default data certain data such as lightship characteristics allowable bending stress required GM as well as the program itself should be protected against user revision This could be achieved by furnishing the ship with compiled or read only versions 2 3 Back up of data Copies of all constant data residing in computer files such as ship geometry and tables should be available on independent storage units such as tape of floppy disks The number of such copies should not be less than two I CIRC MSC 891 WPD MSC Circ 891 ANNEX Page 10 3 User interface 3 1 Home screen The program should have a simple command keystroke icon that returns the user directly to a familiar home screen from any of the loading screens This allows a lost user who may have got disoriented among various loading screens to quickly re establish their orientation 3 2 Help functions The program should have easily accessed help functions such as designated function keys or an on screen menu bar 3 3 Default loading A default loading condition should reflect any special loading or operating requirements impose
9. d by the ship s stability booklet such as locked in ballast requirements 3 4 Input and output data screening The program should check data entered by the user for reasonableness in order to screen out possible input errors for example a cargo tank entry which exceeds the capacity of the tank The program should not reject the entry as there may be special loading scenarios where unusual data must be entered but it should clearly indicate to the user that the entry is out of expected bounds Similarly the program should alert the user if an output parameter such as predicted GM is out of expected bounds 3 5 Alerts The system should alert the user if an output indicates a critical or possibly dangerous situation Alerts should when possible be augmented by audio signals It is recommended that the graphical presentation and audio signals are different in case of critical events and user errors 3 6 Extra loading entry lines In most cases load entries will be of the fixed location type where LCGs VCGs etc are pre displayed and the user only needs to enter a weight value However the program should include several extra blank lines to allow additional non fixed load entries where the user can enter VCG LCG TCG etc Examples of non fixed load entries might be an unusual deck cargo temporary ballast or damaged stability calculations where a flooded compartment could be entered as if it were a tank 3 7 Print outs Each loading con
10. dition print out should automatically contain the name of the ship and the date of print out user should be prompted to enter a title for the condition as well This information should be repeated on each page of the print out 4 Training and documentation 4 1 User training Training tutorial material should be provided as appropriate for the sophistication of the program This may range from formal classroom sessions to tutorial videotapes and or self study lesson plans 4 2 Documentation The software should be accompanied by a user s manual and a programmer s manual 4 2 1 The user s manual should be written for the direct user ship s officers and should include the following elements 1 Identification the manual should have a unique identification number that matches an on screen ID number in the program It should also clearly identify the stability booklet from which the lightship data is taken T CIRC MSC 891 WPD MSC Circ 891 ANNEX Page 11 2 System requirements identifies computer system hardware and software requirements such as compatible computers operating system memory requirements and other special requirements such as video graphics mouse printer etc 3 File management a list of all relevant software files giving name size date and a brief description of each The manual should also explain how any user generated files such as saved loading conditions are named These measures should allow the user to
11. e application of ISO 9001 to the development supply and maintenance of software System Configuration General The hardware and software should be of a modular hierarchical design in order to maximise the fault tolerance of the system The selection of the computer equipment should be consistent with safe operation of the system under control Self test Computer based systems should be monitored for correct operation and an alarm should be given for an abnormal condition Power supply The power supply should be monitored for failure and should give an alarm in the event of an abnormal condition Program and data held in the system should be protected from corruption by loss of power Redundant systems should be selectively fed and separately protected against short circuits and overloads Installation Equipment and its associated cabling should be installed in accordance with an appropriate code of practice to minimize electromagnetic interference between the equipment concerned and other equipment on board Cables Cables used for data communication should be of adequate mechanical strength suitably supported and also protected from mechanical damage Data communication The data communication link should be continuously self checking for detecting failures on the link itself and data communication failure on nodes and should give an alarm in the event of an abnormal condition I CIRC MSC 891 WPD 4 6 2 4 6 3
12. gram are properly tracked and forwarded to the ship Each revision delivered to the ship should include change pages to the user s manual and instructions on how to delete obsolete files and install replacement revised files The process should include an action complete report back to shoreside management 5 Program functionality Program functionality A manner for independently verifying the program s functioning should be provided Ideally the opening screen when the program is first brought up should present a self diagnostic report on program functioning Alternatively a range of sample loading conditions can be furnished on paper which can be manually entered into the program for comparison with correct draughts trim and available GM The sample conditions may be the same as found in the ship s approved stability booklet or separate samples included in the program s user manual T CIRC MSC 891 WPD
13. ith separate lighting The level of lighting and the brightness of visual display units should be controllable Where equipment operations or functions may be changed via keyboards appropriate measures should be employed so as to limit access of such operations to authorized personnel only If the operation of a key is able to cause dangerous operating conditions measures should be taken to prevent the instruction in question from being executed by a single action such as use of a special key lock use of two or more keys Conflicting control interventions should be prevented by means of interlocks or warnings The active control status should be recognizable The operation of input devices should be logical and correspond to the direction of action of the controlled equipment Output devices The size colour and density of text and graphic information displayed on a visual display unit should be such that it may be easily read from the normal operator position under all operational lighting conditions The brightness and contrast should be capable of being adjusted to the prevailing ambient conditions Information should be displayed in a logical priority If alarm messages are displayed on colour monitors the distinctions in the alarm status should be ensured even in the event of failure of a primary colour I CIRC MSC 891 WPD 5 4 5 4 1 5 4 2 5 4 3 5 4 4 6 1 6 2 6 3 6 4 7 1 MSC Circ 891 ANNEX P
14. meters such as required GM are met tank instrumentation systems used to provide direct electronic input of liquid loads cargo fuel ballast etc into the computer bypassing the human measurement and data entry steps operators of containerships may want to verify that over the bow bridge visibility requirements are met operators of chemical parcel tankers may want to integrate chemical compatibility data to create voyage specific cargo specific loading plans thereby optimizing cargo flexibility similarly OBO operators may want a system which can accommodate multiple bulk cargoes of different densities and compute bending stresses with more precision a program system could be used to monitor real time hull bending stresses during loading discharging operations or due to sea conditions while under way via sensor systems that provide direct input to the computer and a calculating damage stability conditions integrating loading data and flooded compartment characteristics 2 General requirements 2 1 Units Basic stability calculations are performed using weights typically Ltons or Mtons However some cargoes are more commonly measured in short tons TEUs or barrels Other liquid loads fuel and ballast might be initially measured as soundings or ullages The program developer may wish to make its program more convenient for the user to enter data in these alternate units If so the program should minimize ch
15. nd data Hardware Hardware should be suitably designed to withstand supply voltage variations and transients ambient temperature changes vibration humidity electromagnetic interference and corrosion normally encountered in ships The design of the hardware should ensure ease of access to interchangeable parts for repairs and maintenance Each replaceable part should be simple to replace and should be constructed for easy and safe handling All replaceable parts should be so arranged that it is not possible to connect them incorrectly or to use incorrect replacements Where this is not practicable the replaceable parts including their means of electrical connection should be clearly marked Software Systematic procedures should be followed during all phases of the software life cycle development installation and subsequent modification System tests should be specified performed and documented These tests should include all software functions and important combinations of functions performance dependability and usability requirements under all modes of operation including emergency conditions and behaviour under failure conditions I CIRC MSC 891 WPD MSC Circ 891 ANNEX Page 4 3 3 3 4 2 4 2 1 4 3 4 3 1 4 3 2 4 3 3 4 4 4 4 1 4 5 4 5 1 4 6 4 6 1 Modifications of program contents and data as well as a change of version should be documented Note ISO 9000 3 gives guidelines for th
16. ns be inhibited Testing Evidence should be furnished to the satisfaction of the Administration that the installed computer based systems have been designed manufactured and tested in accordance with these Guidelines In the case of any integrated systems such evidence should be furnished by a single party responsible for the integration Reference is also made to the following International Electrotechnical Commission IEC Publications 92 Electrical Installation in Ships 533 Electromagnetic compatibility of electrical and electronic installation in ships 945 Marine navigational equipment General requirements Methods of testing and required results I CIRC MSC 89 1 WPD MSC Circ 891 ANNEX Page 8 7 2 In addition to these Guidelines manufacturers should ensure by means of a quality control system that their products meet with their specifications 7 3 Tests and inspections should be carried out with the aim of establishing the correct operation and the quality of a product see also 3 3 2 74 Modifications of program contents and data as well as a change of version should be tested see also 3 3 3 T CIRC MSC 891 WPD MSC Circ 891 ANNEX Page 9 APPENDIX GUIDELINES FOR SHIPBOARD LOADING AND STABILITY COMPUTER PROGRAMS 1 Scope These guidelines may be applied where computer based systems are used to perform functions such as predicting draughts and trim and verifying that limiting stability para
17. quirements as to the performance of such software will depend on the person organization involved as follows 1 For users ship officers greater consistency among programmes from different vendors which will make familiarization and proficiency easier and faster to achieve 2 For ship owners operators availability of well conceived software products that include appropriate materials for training and also documentation for revising programme or data when necessary for instance to reflect any changes in the ship s weight and moment characteristics 3 For software developers the benefit of a broader experience base than just their own corporate experience and a consistent uniform standard reflecting customer expectations and 4 For Administrations assurance that sophisticated programmes are developed and introduced into service and that they will reflect human factor considerations and minimize chances for human error T CIRC MSC 891 WPD MSC Circ 891 2 4 These Guidelines for the on board use and application of computers have been developed to provide an international standard for the design approval and testing of such systems and should be construed as supplementary to the relevant regulations of the SOLAS Convention However it should be noted that certain applications of computers are defined in Performance Standards adopted by the Organization which take precedence over these Guidelines 5 Taking into account that the numbe
18. r and types of computer based systems available for on board use is strongly increasing that such systems are under fast development and the fact that they have considerable effect on the safety at sea the international harmonization should be beneficial to manufacturers ship builders ship owners and ship operators maritime administrations and organizations acting on their behalf seafarers passengers and other users of marine services 6 The Guidelines are not intended to prohibit the use of any existing computer based systems on board existing ships if such systems do not fully comply with these Guidelines Many existing ships have operated their computer based systems successfully and safely for a long period of time and their operating history should be considered in evaluating their suitability to continue contributing to their safe operation 7 For existing systems the Guidelines should be made applicable to a reasonable extent when major modifications are carried out 8 Where these Guidelines refer to the Administration this is the flag State Administration or a recognized organization authorized to act on its behalf in accordance with SOLAS regulation XI 1 9 Member Governments CIRM IEC IACS ICS and all other interested parties are requested to bring the attached Guidelines to the attention of all concerned KKK T CIRC MSC 891 WPD 1 1 1 2 1 3 2 1 2 2 MSC Circ 891 ANNEX GUIDELINES FOR THE ON BOARD USE A
19. ts should not affect their independent functionality An alternative means of operation independent of the integration should be available for all essential functions When systems under control are required to be duplicated and in separate compartments this should also be applied to computer based systems User interface General Computer based systems should be designed for ease of handling and user friendliness and should follow ergonomic principles The operational status of a computer based system should be easily recognizable T CIRC MSC 891 WPD MSC Circ 891 ANNEX Page 6 5 2 5 2 1 5 2 2 5 2 3 5 2 4 5 2 5 5 2 6 5 2 7 5 3 5 3 1 5 3 2 5 3 3 A user guide should be provided This user guide should describe for example function keys menu displays computer guided dialogue steps etc An alarm should be displayed at relevant operator stations for failure or shutdown of a subsystem Input devices Input devices should have clearly definable functions be reliable in use and operate safely under all conditions The acknowledgement of the instruction given should be recognizable Dedicated function keys should be provided for frequently recurring commands and for commands which must be available for rapid execution If multiple functions are assigned to keys it should be possible to recognize which of the assigned functions is active Control panels on the bridge should be provided w

MSC/Circ.891 - Access Manager 3.0

Contents

Download Pdf Manuals

Related Search

Related Contents