code_of_practice_V3_2019

More documents

Recommendations

Info

11 System Integrity Certification and Test Procedures 11.1 OBJECTIVE The objective of this Chapter is to outline the certification and test procedures required for the situational awareness, control and other mission-critical systems within a MASS. 11.2 SCOPE 11.2.1 Verification shall be undertaken to provide assurance that the Situational Awareness and Control System complies with the provisions of this Code and remains compliant throughout its operational life. 11.2.2 The Risk Assessment for the MASS should be reviewed in detail, to check that no critical single point failures have been overlooked. The Risk Assessment should be confirmed as being thorough and conservative in its safety assessment. 11.3 SYSTEM TEST BASED ON RISK ASSESSMENT 11.3.1 All safety critical items covered by failure sensing and remedial action, or by dual or multiple redundancy, having been highlighted in the Risk Assessment, should be individually tested by simulating each failure mode of each sub-system or component and verifying that the backup measures are effective in mitigating any critical consequences. 11.3.2 The effects of power failures should be checked, to ensure that simultaneous power failures on several sub- systems do not invalidate critical safety measures that rely on dual redundant systems. 11.3.3 System integrity testing should be performed in a hierarchical manner in such a way as to ensure that each submodule functions in accordance with performance requirements. Integration testing should be performed to test the interfaces and the performance of the combined systems. 11.3.4 Electronic systems should be installed in the same manner as for conventionally manned ships. This includes EMC compliance, use of enclosures and connectors with suitable marine grade IP ratings, communications standards EIA-422, EIA-232, NMEA 0183 and NMEA 2000 and others as appropriate. 11.3.5 Simulators may be used to verify levels of performance of some but not all systems. This includes autopilot performance, collision avoidance algorithms, though not the systems whose performance is critically dependent on real-world stimuli, such as optical and inertial sensors. 68 MASS UK Industry Conduct Principles and Code of Practice Version 3
11.4 SENSOR TESTS 11.4.1 Any sensor whose performance is critical to MASS safety should be tested and certified to give reliable results. As far as possible, this may be done for each sensor type; in some cases, the sensor performance is largely independent of the platform on which it is mounted. 11.4.2 Where indicated by the Risk Assessment, and where sensor performance is to some degree influenced by the platform on which it is mounted, sea trials should be performed using the sensor/MASS combination, to test external and internal sensors in a real maritime environment that meets or exceeds the most demanding environments for which the MASS is to be certified. 11.4.3 In some cases, the dependence of sensor performance on the host platform is such that the tests may be performed using a representative platform, i.e. one where the sensor performance is expected to be equivalent or worse than on the MASS itself. This means that the sensor may be certified, on the basis of one set of trials, for many MASS platforms. In such cases, the critical parameters of the test and MASS platforms in question shall be recorded for comparison and justification. For example, if sensor performance depends positively upon antenna height above sea level, the test may be performed on a trials vessel using a lower antenna height, to provide accreditation for use on all MASS with higher antenna mountings. 11.5 EMERGENCY STOP TEST 11.5.1 The Emergency Stop systems should be tested, using all defined methods of triggering Emergency Stop, singly and in combination, and under datalink failure conditions, to demonstrate that the Emergency Stop system is fail safe. 11.6 CYBER SECURITY 11.6.1 Cyber security is defined as the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or manipulation of the data for the services they provide. 11.6.2 MASS should have cyber security measures to protect sensors and control systems as far as practicable and necessary. 11.6.3 Key risks are identified as (but not limited to): n Backdoors; n Denial of Service; n Direct Access; n Eavesdropping; n Tampering. 11.6.4 Key systems to be protected are those concerned with vital situational awareness and the display thereof (e.g. position sensors, heading sensors), control (steering, waypoint generation), operator override (including Emergency Stop provisions). MASS UK Industry Conduct Principles and Code of Practice Version 3 69
Page 1 and 2:
BEING A RESPONSIBLE INDUSTRY Mariti
Page 3 and 4:
Contents FOREWORD 1 Background 4 2
Page 5 and 6:
1.9 The Code also aligns with other
Page 7 and 8:
5 CONTRIBUTING ORGANISATIONS 5.1 Th
Page 9 and 10:
1 Scope 1.1 SUMMARY 1.1.1 This is a
Page 11 and 12:
5 Environment 5.1 ENVIRONMENTAL MAN
Page 13 and 14:
8 Assurance Certification and Autho
Page 15 and 16:
11 Regulatory and Legislative Compl
Page 17 and 18: 1 Terms and Terminology In this Cod
Page 19 and 20: “Controller” means a person und
Page 21 and 22: Definitions for Level of Control (L
Page 23 and 24: 2.2 STANDARDS 2.2.1 This Code provi
Page 25 and 26: 3 Operations 3.1 OBJECTIVE The obje
Page 27 and 28: 3.7.2 IMO has produced Interim Guid
Page 29 and 30: ANNEX A TO CHAPTER 3 MASS OPERATION
Page 31 and 32: Safety Case: Safety Case / Risk Ass
Page 33 and 34: n Procedures for internal audits an
Page 35 and 36: 4.8.3 Therefore, a key duty of the
Page 37 and 38: 4.12.6 The Operator should establis
Page 39 and 40: 4.15.6 The frequency of the inspect
Page 41 and 42: 5.2 INTERNATIONAL DEFINITION OF AUT
Page 43 and 44: 6 Ship Design and Manufacturing Sta
Page 45 and 46: 6.7 ELECTRICAL SYSTEMS 6.7.1 The el
Page 47 and 48: 6.12 MASS DISPOSAL 6.12.1 MASS, for
Page 49 and 50: Table 7-1: Navigation Lights Overal
Page 51 and 52: 8 Situational Awareness and Control
Page 53 and 54: 8.4.5 The Risk Assessment shall be
Page 55 and 56: 8.7.2 The exact number of, and perf
Page 57 and 58: 7.10.5 In the event that the MASS e
Page 59 and 60: 9 Communications Systems 9.1 OBJECT
Page 61 and 62: 9.5 RF COMMUNICATIONS INSTALLATION
Page 63 and 64: Table 10-1: Tasking Cycle of a MASS
Page 65 and 66: n RCC Operator - Receives commands
Page 67: 10.8 RELATIONSHIP BETWEEN AUTONOMY
Page 71 and 72: 12 Operator Standards of Training,
Page 73 and 74: n MGN 411 (M+F) - “Training and C
Page 75 and 76: 12.9 MASS OPERATORS TRAINING REQUIR
Page 77 and 78: 12.11.3 If the results of the analy
Page 79 and 80: ANNEX A TO CHAPTER 12 The blank Pro
Page 81 and 82: 13 Identification, Registration, Ce
Page 83 and 84: 13.3.5 In addition, the following r
Page 85 and 86: 14 Security 14.1 OBJECTIVE The obje
Page 87 and 88: 14.5 MASS SECURITY PLAN 14.5.1 The
Page 89 and 90: n Ensuring adequate training has be
Page 91 and 92: 15.5 AIR POLLUTION 15.5.1 All engin
Page 93 and 94: 16.2.6 For MASS engaged on internat
Page 95 and 96: 16.6.3 Documentation: n When carryi
Page 97 and 98: 16.9 DANGEROUS GOODS CLASSES 16.9.1
Page 99 and 100: 17.4.2 The duty is qualified by wha
Page 101 and 102: 19 Glossary AIS Automatic Identific
Page 103 and 104: Notes MASS UK Industry Conduct Prin
show all

code_of_practice_V3_2019

Create successful ePaper yourself

Delete template?

Save as template?