The electronic pdf versions of the documents found through http://www.dnv.com/ are the officially binding versions. Copyright Det Norske Veritas.
![[Table of Contents]](/dwicons/b_toc.gif)
|
DNV-OS-D202 Automation, Safety, and Telecommunication Systems
|
CHAPTER 1
Introduction
Ch.1
SECTION 1
General Ch.1 Sec.1
A. Introduction
Ch.1 Sec.1
A 100 Objectives
Ch.1 Sec.1 A
101 The objectives of this standard are to:
| — | provide an internationally acceptable
standard for general requirements to safety, automation, and telecommunication
systems by defining minimum requirements for design, materials,
fabrication, installation, testing, commissioning, operation, maintenance,
re-qualification, and abandonment |
| — | serve as a technical reference document in contractual matters
between purchasers and contractors |
| — | serve as a guideline for designers, purchasers and contractors.Guidance note:
Additional requirements for specific applications will be
given in the DNV Offshore Standard covering those applications.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
|
Ch.1 Sec.1
A 200 Scope and application
Ch.1 Sec.1 A
201 The requirements of this standard, shall apply to all safety,
automation, and telecommunication systems required by the DNV Offshore
Standards.
Ch.1 Sec.1 A
202 All safety, automation, and telecommunication systems installed,
but not necessarily required by the DNV Offshore Standards, that
may have an impact on the safety of main functions (see DNV-OS-A101),
shall meet the requirements of this standard.
Ch.1 Sec.1 A
203 The requirements of this standard are considered to meet the
regulations of the "1989 MODU Code", with regard
to safety, automation, and telecommunication systems.
Ch.1 Sec.1 A
204 For telecommunication only relevant parts are applicable.
For specific requirement to telecommunication equipment reference
is made to DNV-OS-A101 Sec.6 F.Ch.1 Sec.1
A 300 Organisation of contents
Ch.1 Sec.1 A
301 Ch.2 Sec.1 to Sec.5 give common requirements which are
considered applicable to all types of offshore units and installations.
Ch.1 Sec.1 A
302 Ch.2 Sec.6 gives supplementary requirements to Drilling Units. Guidance note:
It should be noted that separate automation and safety requirements related
to DRILLING PLANT is described in DNV-OS-E101.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
Ch.1 Sec.1 A
303 Ch.2 Sec.7 gives supplementary requirements to Oil and Gas
Production and Storage Units
Ch.1 Sec.1 A
304 Ch.3 gives procedures and
requirements applicable when this standard is used as part of DNV
classification. Documentation requirements are also given.Ch.1 Sec.1
A 400 Alterations and additions
Ch.1 Sec.1 A
401 Manufacturers or system suppliers shall maintain a system
to track changes as a result of defects being detected in hardware
and software, and inform users of the need for modification in the
event of detecting a defect.
Ch.1 Sec.1 A
402 When an alteration or addition to the approved system(s) is
proposed, plans shall be submitted for approval. The alterations
or additions shall be presented under inspection, and the installation
and testing shall be to the inspecting party's satisfaction.
Ch.1 Sec.1 A
403 Details of proposed hardware and software modifications shall
be submitted for evaluation. Where the modification may affect compliance
with the offshore standard, proposals for verification and validation
shall also be submitted.
Ch.1 Sec.1 A
404 Software versions shall be identifiable as required in Ch.2
Sec.3.
Ch.1 Sec.1 A
405 If remote software maintenance is arranged for onboard, the
installation of new software versions submitted from software suppliers
requires the below items and or actions to be fulfilled:- no modification shall be possible
without the acceptance and acknowledgement by the vessel/ unit's
responsible
- the objective or reason for updating a software module shall
be documented in the vessel/unit systems/software maintenance
log
- any revision which may affect compliance with the standard
shall be approved by the Approval centre and evidence of such shall
be available onboard
- an installation procedure and required pre-requisites
for installation of the software module shall be available
- the security of the installation process and integrity
of the new software shall be verified (especially when software has
been transferred using open lines like the Internet)
- a test program for verification of correct installation
and correct functioning of the functions shall be available
- in the case that the new software module has not been
successfully installed, the previous version of the system shall be
available for re-installation and re-testing (as a roll back function).
Ch.1 Sec.1
A 500 Assumptions
Ch.1 Sec.1 A
501 The requirements of this standard are based on the assumptions
that the personnel using the equipment to be installed on board
are familiar with the use of, and able to operate, this equipment.Ch.1 Sec.1
B. References
Ch.1 Sec.1
B 100 Normative references
Ch.1 Sec.1 B
101 The standards listed in Table B1 include provisions which,
through reference in this text, constitute provisions of this offshore
standard. The latest issue of the references shall be used unless
otherwise agreed. Other recognised standards may be used provided
it can be demonstrated that these meet or exceed the requirements
of the standards referenced.Ch.1 Sec.1 B
| Table B1 Normative
references |
| Reference | Title | IEC 60529 | Degrees of protection provided by enclosures (IP
Code) | | IEC 60533 | Electrical and electronic installations in
ships - Electromagnetic compatibility | | IEC 60945 | Maritime navigation and radiocommunication equipment
and systems - General requirements - Methods of testing and required
test results | | IEC 61000-4-2 | Electromagnetic compatibility (EMC) - Part
4: Testing and measurement techniques - Section 2: Electrostatic
discharge immunity test. Basic EMC Publication | | IEC 61000-4-3 | Electromagnetic compatibility (EMC) - Part
4: Testing and measurement techniques - Section 3: Radiated, radio-frequency,
electromagnetic field immunity test | | IEC 61000-4-4 | Electromagnetic compatibility (EMC) - Part
4: Testing and measurement techniques - Section 4: Electrical fast
transient/burst immunity test. Basic EMC Publication | | IEC 61000-4-5 | Electromagnetic compatibility (EMC) - Part
4: Testing and measurement techniques - Section 5: Surge immunity
test | | IEC 61000-4-6 | Electromagnetic compatibility (EMC) - Part
4: Testing and measurement techniques - Section 6: Immunity to conducted
disturbances, induced by radio-frequency fields | | Classification Note 45.1 | Electromagnetic Compatibility | | IMO Resolution A.830.19 | Code on alarms and indicators. | |
Ch.1 Sec.1
B 200 Offshore standards
Ch.1 Sec.1 B
201 The latest revision of the DNV Offshore standards listed in
table B2 applies. Ch.1 Sec.1 B
| Table B2 DNV Offshore
Standards and other DNV references |
| Standard | Title |
| DNV-OSS-101 | Rules for Classification of Offshore Drilling and
Support Units |
| DNV-OSS-102 | Rules for Classification of Floating Production, Storage
and Loading Units |
| DNV-OS-A101 | Safety Principles and Arrangement |
| DNV-OS-D101 | Marine Machinery Systems and Equipment |
| DNV-OS-D201 | Electrical Installations |
| DNV-OS-D301 | Fire Protection |
| DNV-OS-E101 | Drilling Plant |
| DNV-OS-E201 | Oil and Gas processing systems |
| DNV-OS-E301 | Position Mooring. |
Ch.1 Sec.1 B
| Table B3 Informative
references |
| Standard | Title |
| Certification Note No. 1.2 | Type Approval |
| Certification Note No. 2.4 | Environmental Test Specification for Instrumentation
and Automation Equipment |
| 1989 MODU Code (IMO) | Code for the Construction and Equipment of Mobile
Offshore Drilling Units, 1989, as amended |
| IMO FSS Code | International code for fire systems. |
Ch.1 Sec.1
C. Definitions
Ch.1 Sec.1
C 100 Verbal forms
Ch.1 Sec.1 C
101 Shall: Indicates requirements
strictly to be followed in order to conform to this standard and
from which no deviation is permitted.
Ch.1 Sec.1 C
102 Should: Indicates that
among several possibilities one is recommended as particularly suitable,
without mentioning or excluding others, or that a certain course
of action is preferred but not necessarily required. Other possibilities
have to be agreed upon.
Ch.1 Sec.1 C
103 May: Verbal form used
to indicate a course of action permissible within the limits of
the standard.
Ch.1 Sec.1 C
104 Agreement, agreed or by
agreement: Unless otherwise indicated, agreed in writing
between contractor and purchaser.Ch.1 Sec.1
C 200 General terms
Ch.1 Sec.1 C
201 Automation system:
A system that is able to control, and/or monitor fully
of partly, the operation of equipment under control (EUC).
Ch.1 Sec.1 C
202 Monitoring system:
A system that is able to monitor and issue alarms relating to the
operation of an equipment under control (EUC).
Ch.1 Sec.1 C
203 Safety system: A system
able to detect the need for and perform safety actions, - such as
shut-down of an equipment under control (EUC).
Ch.1 Sec.1 C
204 Telecommunication system:
A system providing internal communication within the unit (e.g.
telephones, public address, general alarm) or externally to the
unit (e.g. radio).
Ch.1 Sec.1 C
205 Alarm: A combined visual
and audible signal for warning of an abnormal condition, where the
audible part calls the attention of personnel, and the visual part
serves to identify the abnormal condition.
Ch.1 Sec.1 C
206 Safety shutdown: A
safety action that will be initiated upon EUC failure or by other
predefined events (e.g. gas detection) and shall result in the shutting
down of the EUC or part of the EUC in question.
Ch.1 Sec.1 C
207 System: A system includes
all components necessary for performing safety, automation or telecommunication
functions, including sensors and actuators. As used in this standard, system
is short for safety, automation or telecommunication system. A system
includes all resources required to support one specific function,
including:| — | the field instrumentation of
one or more process segments |
| — | all necessary resources needed to maintain the function including
system monitoring and adequate self-check |
| — | all user interfaces. |
| — | initiate required actions. |
| — | feedback on activated actions, when relevant. |
Ch.1 Sec.1 C
208 An essential safety, automation
or telecommunication system (hereafter called an essential system or essential function): A system supporting
equipment, which needs to be in continuous operation or continuous
available for on demand operation for maintaining the unit's
safety. Systems supporting the propulsion and steering functions
are considered as essential for all units incorporating such functions.
The definition essential system may also apply to other functions
when these are defined as such in the DNV Offshore Standards. Guidance note:
The objective for an essential function is that it should
be in continuous operation for relevant operational modes, i.e.
transit, operation, e.g. the emergency shutdown (ESD) system for
an offshore unit.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
Ch.1 Sec.1 C
209 An important safety, automation
or telecommunication system (hereafter called an important system
or function): A system supporting functions in order
to perform in accordance to class requirement, unless specified
otherwise in other DNV Offshore standards.
Ch.1 Sec.1 C
210 Non-important safety, automation
and telecommunication systems (hereafter called non-important systems or non-important function): Systems
supporting functions that are not required by the DNV Offshore Standards.
Ch.1 Sec.1 C
211 Field instrumentation:
All instrumentation that forms an integral part of a process segment
to maintain a function. The field instrumentation includes:| — | sensors, actuators, local control
loops and related local processing as required to maintain local
control and monitoring of the process segment |
| — | user interface for manual operation (when required). |
Other equipment items do not, whether they are implemented locally
or remotely, belong to the field instrumentation. This applies to
data communication and facilities for data acquisition and pre-processing
of information utilised by remote systems.
Ch.1 Sec.1 C
212 Process segment: A
collection of mechanical equipment with its related field instrumentation,
e.g. a machinery or a piping system. Process segments belonging
to essential systems are referred to as essential.
Ch.1 Sec.1 C
213 Integrated system:
A combination of computer based systems which are interconnected
in order to allow common access to sensor information and/or
command or control.
Ch.1 Sec.1 C
214 User: Any human being
that will use a system or device, e.g. captain, navigator, engineer,
radio operator, stock-keeper, etc.
Ch.1 Sec.1 C
215 Workstation: Workstation
is a work place at which one or several tasks constituting a particular
activity are carried out and which provides the information and
equipment required for safe performance of the tasks.
Ch.1 Sec.1 C
216 System availability: The
time the system is available.
Ch.1 Sec.1 C
217 Equipment under control (EUC):
The mechanical equipment (machinery, pumps, valves, etc.) or environment
(smoke, fire, waves, etc.) monitored and/or controlled
by an automation and safety system.
Ch.1 Sec.1 C
218 Process: The result
of the action performed by the EUC.
Ch.1 Sec.1 C
219 Indications: The visual
presentation of values for the EUC or system status to a user (lamps,
dials, VDU displays, etc.).
Ch.1 Sec.1 C
220 Uninterruptible power supply (UPS):
A device supplying output power in some limited time period after
loss of input power with no interruption of the output power.
Ch.1 Sec.1 C
221 Independency: Mutually Independent: Two systems are
mutually independent when a single system failure occurring in either
of the systems has no consequences for the maintained operation
of the other system as described above. Redundancy may provide the
necessary independence.
Independent:
System B is independent of system A when any single system failure
occurring in system A has no effect on the maintained operation
of system B. A single system failure occurring in system B may affect
the maintained operation of system A.
Ch.1 Sec.1 C
222 Redundancy:
A system with redundancy is one with duplication which prevents
failure of the entire system in the event of failure of a single
component.
Ch.1 Sec.1 C
223 Remote control system:
Comprises all hardware and software necessary to operate the EUC
from a control position where the operator cannot directly observe
the effect of his actions.
Ch.1 Sec.1 C
224 Back-up control system:
Comprises all hardware and software necessary to maintain control
when main control systems have failed, malfunctioned or are being
maintained.
Ch.1 Sec.1 C
225 Safety and automation system: Term
used for integrated safety, automation, and/or telecommunication
system.
Guidance note:
Other terms used for such systems are: Integrated Control
and Safety System (ICSS), Safety and Automation System (SAS), Safety
and Instrumentation System (SIS). The term is also commonly used
on stand alone system not integrated with other systems.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
Ch.1 Sec.1 C
226 Separated: Terms used
on cables, networks nodes, etc. to indicated that they are physically
located with distance or mechanical separation sufficient to prevent
a single failure taking out the entire function. Guidance note:
The best separation that is reasonably practicable in order
to minimise the chances of a single incident affecting both systems should
be applied. Redundant controllers in the same cabinet are considered
to be acceptable because the cabinet is located in a well protected "safe" area.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
Ch.1 Sec.1 C
227 Warning: An indication
of equipment under control (EUC) or system state that needs attention.
Ch.1 Sec.1 C
228 Approval centre: The
body that is performing the verification of the design and/or
fabrication surveys.
Ch.1 Sec.1 C
229 Fire panel: A stand
alone system for presenting of fire alarms and system failure.
Ch.1 Sec.1 C
230 A normally energised (NE) circuit:
A circuit where energy is present when the circuit is not activated
by the activating function.
Ch.1 Sec.1 C
231 A normally de-energised (NDE) circuit:
A circuit where energy is present when the circuit is activated
by the activating function. Ch.1 Sec.1
C 300 Terms related to computer based
system
Ch.1 Sec.1 C
301 Complex system: A system
for which all functional and failure response properties for the
completed system cannot be tested with reasonable efforts. Systems
handling application software belonging to several functions, and
software that includes simulation, calculation and decision support
modules are normally considered as complex.
Ch.1 Sec.1 C
302 Computer: A computer
includes any programmable electronic system, including main-frame,
mini-computer or micro-computer (PLC).
Ch.1 Sec.1 C
303 Visual display unit (VDU):
Any area where information is displayed including indicator lamps
or panels, instruments, mimic diagrams, and computer display monitors.
Ch.1 Sec.1 C
304 User input device (UID):
Any device from which a user may issue an input including handles,
buttons, switches, keyboard, joystick, pointing device, voice sensor
and other control devices.
Ch.1 Sec.1 C
305 System software: Software
used to control the computer and to develop and run applications.Guidance note:
Typically the Operating System or system firmware.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
Ch.1 Sec.1 C
306 Application software:
Standard software which is required for developing, running, configuring
or compiling application software and project specific program(s)
with associated parameters which carry out operations related to
the EUC being con-trolled or monitored.
Ch.1 Sec.1 C
307 Software module: A
small self-contained program which carries out a clearly defined
task and is intended to operate within a larger program.
Ch.1 Sec.1 C
308 Function block: A small
self-contained function with a set of defined inputs and outputs
that carries out a clearly defined task and is intended to operate
within an application program.
Ch.1 Sec.1 C
309 Computer task: In a
multiprocessing environment, this means one or more sequences of
instructions treated by a control program as an element of work
to be accomplished by a computer.
Ch.1 Sec.1 C
310 Data communication links:
This includes point to point links, instrument net and local area
networks, normally used for inter-computer communication on board
units. A data communication link includes all software and hardware necessary
to support the data communication.
Guidance note:
For local area networks, this includes network controllers,
network transducers, the cables and the network software on all nodes.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
Ch.1 Sec.1 C
311 A node in a system:
A computer based controller, usually with associated field device
I/O, capable of carrying out logic, control and calculation
functions and communicating data with other nodes and stations on
the system network(s).
Ch.1 Sec.1 C
312 Point to point: Link
used for data communication between two dedicated nodes.
Ch.1 Sec.1 C
313 Local area network:
A network used for data communication between the automation, safety
and the other parts of a system, and between different systems.
Ch.1 Sec.1 C
314 Instrument net: A network
used for data communication within the field instrumentation connecting
instruments in a network.
Ch.1 Sec.1 C
315 Multifunction VDU's and
UID's: VDU's and UID's that are
used for more than one essential and / or important function for
both safety and/or automation, e.g. VDU's and
UID's used for integrated computer systems.
Ch.1 Sec.1 C
316 Critical Alarm and Action Panel:
Panel used to present vital safety related information, and to activate
vital safety related functions independent of operator stations.
Ch.1 Sec.1 C
317 Operator Station in
an integrated system is a unit consisting of a user interface, i.e.
UID's and VDU, and interface controller(s). An integrated
operator station is one serving two or more systems.
Ch.1 Sec.1 C
318 Fire and gas node:
The system elements related to fire and gas detection and related
actions within a safety system, organised as an independent node
within the system.
Ch.1 Sec.1 C
319 Network components:
All hardware devices directly connected to a communication network.Ch.1 Sec.1
C 400 Abbreviations
Ch.1 Sec.1 C
401 The abbreviations given in Table C1 are used.Ch.1 Sec.1 C
| Table C1 Abbreviation |
| Abbreviation | In
full |
| CAAP | Critical Alarm and Action Panel |
| CCR | Central Control Room on MOUs, on tankers CCR normally
refers to Cargo Control Room. |
| DCS | Drilling Control System |
| DP | Dynamic Positioning |
| ECR | Engine Control Room |
| EMC | Electromagnetic Compatibility |
| EUC | Equipment Under Control |
| EUT | Equipment Under Test |
| ESD | Emergency Shut Down |
| EPROM | Erasable Programmable Read-Only Memory |
| EEPROM | Electrically Erasable Programmable Read-Only Memory |
| F&G | Fire and Gas |
| I/O | Input and/or Output |
| ICSS | Integrated Control and Safety System |
| IEC | International Electrotechnical Commission |
| LAN | Local Area Network |
| LED | Light Emitting Diode |
| LCD | Liquid Crystal Display |
| MOU | Mobile Offshore Unit |
| MS | Manufacturing Survey |
| OTDR | Optical Time Domain Reflectometry |
| PCS | Process Control System |
| RPM | Rotations Per Minute |
| RP | Redundant Propulsion |
| PROM | Programmable Read Only Memory |
| UID | User Input Device |
| UPS | Uninterruptible Power System |
| VDU | Visual Display Unit. |
| VMS | Vessel Management System |
![[-]](/dwicons/i_colpse.gif)