Section 9 Electrotechnical systems

9.1.1 Electrotechnical systems for OPTS are to be designed according to the safety concept as required by Ch 1, 1.12 Information to be submitted 1.12.24 and constructed in accordance with the requirements of this Section in order to minimise danger to personnel in all foreseeable operating conditions and foreseeable failure scenarios.

9.2.1 In addition to requirements stipulated in this Section, the relevant requirements for control, alarm and safety systems as stated in Pt 6, Ch 1 Control Engineering Systems and Pt 6, Ch 2 Electrical Engineering of the Rules and Regulations for the Classification of Ships, July 2022 and Ch 10 Electrotechnical Systems of the Code for Lifting Appliances in a Marine Environment, July 2022 are to be complied with as applicable.

9.2.2 The requirements as per Ch 1, 9.4 Active systems (ST-A or ST-H) 9.4.2, Ch 1, 9.5 Passive systems (ST-P) 9.5.2 and Ch 1, 9.7 Disconnection systems (as applicable) are to be verified by means of a failure mode, effects (and criticality) analysis (see also Ch 1, 10 Risk assessment).

9.2.3 The electrical installation of the OPTS is to be designed in accordance with Ch 10 Electrotechnical Systems of the Code for Lifting Appliances in a Marine Environment, July 2022.

9.2.4 The design and position of the Operator station shall enable the Operator to oversee the area affected by the OPTS, the OPTS itself and the target area of the gangway. Additional means such as CCTV systems might be necessary to supplement the Operator’s view (see Ch 1, 9.6 Electrical and control engineering arrangements 9.6.5).

9.2.5 Wireless remote-control arrangements will be specially considered. See Pt 6, Ch 1 Control Engineering Systems of the Rules and Regulations for the Classification of Ships, July 2022. Reference should also be made to EN 62745 Safety of machinery - Requirements for cableless control systems of machinery.

9.2.6 Sufficient fixed lighting is to be provided on the OPTS in all operational phases to enable personnel to safely transfer and to enable the Operator to maintain view on the system for OPTS operated at low daylight conditions or at night. The minimum levels of lighting are to be 1000 Lux for the pre-operation phase, post operational phases and emergency and failure modes. During normal operation the minimum level is to be 220 Lux. Battery powered emergency lighting with a minimum lighting level of 50 Lux is to be provided for 30 minutes in case of a main power supply failure. Sufficient fixed lighting is to be provided for all required maintenance activities. Lighting on OPTS is to be directed away from, and shaded to prevent direct illumination of, the bridge windows and lookout points.

9.2.7 It shall only be possible to override the safety systems if this is required to safely terminate the operation and evacuate the personnel from the OPTS.

9.2.8 Sensors, limit switches and its associated systems for control, alarm, monitoring, safety and indication shall be fail-safe. See Pt 6, Ch 1, 2.3 Alarm systems, general requirements 2.3.13, Pt 6, Ch 1, 2.4 Safety systems, general requirements 2.4.5, Pt 6, Ch 1, 2.5 Control systems, general requirements 2.5.3 and Pt 6, Ch 1, 2.10 Programmable electronic systems - General requirements 2.10.7 of the Rules and Regulations for the Classification of Ships, July 2022.

9.3.1 The OPTS shall initiate an alarm in at least, but not limited to, the following cases:

1. the geometrical limits of the OPTS are reaching 90 per cent of the maximum limits;
2. the actual personnel transfer gangway inclination angle is reaching 90 per cent of its maximum limit;
3. DP system failure or loss of required DP station keeping performance, where it is sufficient that the positioning failure of the vessel is judged, and the alarm is enabled by the DP Operator to be shown also at the OPTS control station;
4. detection of an overload by the overload detection system (unless design margins are as such that overload is prevented under all circumstances);
5. loss of or insufficient power source;
6. loss of required pushing force under consideration of a defined tolerance;
7. failure of control systems;
8. failure of safety systems (e.g. emergency disconnection);
9. failure of stored energy or secondary power systems; and
10. when the measured wind speed exceeds a predetermined limit for a given time.

9.3.2 Alarms and warnings shall follow the philosophy of the Code on Alerts and Indicators (2009) and consist of the stages as shown in Table 1.9.1 Definition of alert priority, signalling and resulting actions.

9.4.1 For the definition of active (ST-A) and hybrid (SL-H) systems see Ch 1, 2.2 System types 2.2.1 and Ch 1, 2.2 System types 2.2.3 respectively.

9.4.2 Any failure in the power supply, control system and actuators shall not result in uncontrolled, unintended movements of the system or blocking of the emergency stop of the system. The OPTS shall be under positive control at all times during operations (including pre- and post-operational phases). A fail-safe provision is to be designed to automatically stop or safely control equipment when hydraulic or electrical failure occurs. The OPTS shall be provided with interlocks, safety devices and protective devices so that it will be fail-safe in case of an emergency. Depending on the safety concept (see Ch 1, 1.12 Information to be submitted 1.12.24) a redundant control system and its associated redundant systems might be required to be implemented. In the case of a loss of redundancy the operation of the OPTS shall be terminated. Alternatively, a single control system failing to a passive mode or last position can be considered acceptable (see also Ch 1, 9.5 Passive systems (ST-P) 9.5.2 and Ch 1, 9.7 Disconnection systems for the principle safety goals).

9.4.3 The alarm system is to be designed, as far as practicable, to function independently of control and safety systems such that a failure or malfunction in these systems will not prevent the alarm system from operating (see Pt 6, Ch 1, 2.3 Alarm systems, general requirements 2.3.15 of the Rules and Regulations for the Classification of Ships, July 2022). If no separate systems are used for alarms and controls a redundant system is required. Any failure in the control system shall not cause the loss of the related alarm functions.

9.4.4 If controls are necessary to discontinue the operation of the OPTS, then these controls shall be independent from the control system intended for the operational use. Its operation shall not be blocked by any failure of the control system for the operational use. Depending on the safety concept, a redundant control system can be considered compliant with this requirement.

9.4.5 If a power source is necessary to enable the discontinuation process of the OPTS operation, an independent (from the normal operational) power source or stored means of energy shall be provided to enable the discontinuation of the operation safely and in a controlled way.

9.4.6 If systems are being operated by single Operators, a dead man switch shall be provided, with a time resetting interval suitable to ensure a safe operation of the system.

9.4.7 Automated actions by the control systems affecting the transfer of the personnel shall initiate an audible and visual staged level alarm clearly recognisable by the Operator and the transferring personnel. The automated action shall have a suitable delay after the alarm to enable the transferring personnel and the Operator to take appropriate actions (see Ch 1, 9.4 Active systems (ST-A or ST-H) 9.4.9).

9.4.8 At a pre-determined time after priority 3 alerts, the OPTS shall automatically progress to a pre-defined safe state. The pre-determined time shall enable the Operator to prepare for the safe stop of the system and the transferring personnel to move to a safe area.

9.4.9 Suitable means of communication should be available between the Operator position and the mothership bridge or control station as well as the target unit.

9.4.10 Failure of any power supply for the OPTS, failure of the control system, or the OPTS approaching or exceeding its operational limitations shall result in an audible and visible alarm to the Operator. In such cases the system shall allow for the return to the stowage or otherwise safe position either manually or automatically.

9.4.11 An indication of at least the following parameters, as far as relevant for the OPTS, should be monitored and displayed over a pre-determined time (commonly called trending):

1. OPTS motions (e.g. telescoping, slewing and luffing, compensating for heave, roll and pitch) or OPTS forces (e.g. push force against target structure) or mothership motions to be compensated;
2. target unit motions (if applicable); and
3. wind speed.

These indications should be displayed relative to the operational limitations of the OPTS and shall enable the Operator to determine whether the operational limits are approached. A warning shall be generated in case the operational limitations are approached more than once over a pre-determined time period. The operational limitations are considered being approached, if 90 per cent of the limit value is reached or exceeded.

9.4.12 Inactive redundant components necessary to comply with Ch 1, 9.4 Active systems (ST-A or ST-H) 9.4.2 shall be checked prior to operation of the OPTS and an automatic check prior to start-up by the control system may be part of this check. The necessary start-up checks need to be prescribed in the instructions for use.

9.4.13 An emergency stop system for safe discontinuation of the operation of the OPTS and to enable safe evacuation of personnel from the OPTS shall be provided. The emergency stop system shall be independent from the control system and shall also initiate an automatic disconnection of the gangway from the target unit. The emergency stop system shall not endanger or pose a hazard to personnel or Operator due to abrupt movements or unfavourable movements and shall bring the system to a pre-defined safe state (before the emergency stop independently stops the OPTS motions).

9.4.14 The emergency stop shall only be located at Operator control stations.

9.4.15 An initiated emergency stop shall result in an audible and visual alarm clearly recognisable for the Operator(s) and the transferring personnel.

9.4.16 Failure in the emergency stop system shall not result in an unintended stop of the OPTS. A failure in the emergency stop system shall initiate an alarm at the Operator station.

9.4.17 The accuracy of landing for gangway tip relative to target structure on the target unit for cantilevered gangways is ±100 mm. Higher values will be specially considered depending on the design risk assessment.

9.5.1 For the definition of passive systems see Ch 1, 2.2 System types 2.2.2.

9.5.2 A failure in the control system only used for connection and disconnection prior to and after operations of the passive system shall not block free movement of the passive system during operation.

9.5.3 Means of disconnection shall be provided in cases of normal operation and in emergency cases.

9.5.4 An emergency stop independent of the control system for connection and disconnection shall be provided.

9.5.5 The system approaching or exceeding its operational limits should result in an audible and visible alarm to the Operator.

9.5.6 Systems with unrestricted access shall provide a local alarm for the personnel using the system when approaching the operational limits and for remote disconnection, if provided.

9.6.1 Every OPTS is to have a dedicated Operator station and/or operation panel.

9.6.2 Apart from fully passive systems the OPTS shall have controlling devices fitted.

9.6.3 Indicating devices are required to e.g. display the system status, etc. Reference is made to Pt 6, Ch 1, 2.5 Control systems, general requirements 2.5.5 of the Rules and Regulations for the Classification of Ships, July 2022.

9.6.4 Actuators, winches, telescopic gangways and similar moving components shall come to a controlled stop before the mechanical end stop is reached.

9.6.5 Observation devices may be, e.g. cameras which provide visible access to locations where the Operator may not have direct visual contact. Possible camera coverage may include:

1. along the gangway; and/or
2. at the gangway tip.

9.6.6 Sensing devices shall be provided to enable monitoring of the status of certain parts of the OPTS such as load cells, etc.

9.6.7 In case of limited access systems, access control systems shall provide means to restrict the access to the gangway, e.g. ‘traffic lights’ in combination with Operator instructions or automatic crossing gate systems. Acoustic signalling systems (e.g. talkback or sounders) are also considered part of an access control system.

9.6.8 The sampling rate for the sensing devices shall be determined as a result of the risk assessment and shall take into account the motion speeds of the OPTS.

9.6.9 Any restart of the control system for any reason (e.g. power failure, control system failure, etc.) shall not lead to unsafe conditions for:

1. transferring personnel on the OPTS;
2. the Operator of the OPTS; or
3. any personnel or crew in the vicinity of the OPTS.

9.7.1 The principle overview over the connection system types can be seen in Figure 1.9.1 Connection systems.

9.7.2 The OPTS gangway tip shall not inadvertently disconnect from the target structure, e.g. due to single point system failure.

9.7.3 If the OPTS gangway is approaching its limits an alarm should be raised (see Ch 1, 9.4 Active systems (ST-A or ST-H) 9.4.11).

9.7.4 The connection system of a gangway for an OPTS shall have redundancy in power, controls and actuators in such a way that inadvertent disconnection is prevented. As an alternative, an OPTS gangway with a fixed connection could remain connected in the case of a power loss or system failure, however, it should be able to mechanically release in case excessive force is exerted on the OPTS or gangway.

9.7.5 A disconnection of an OPTS gangway shall not result in an inadvertent lowering (luffing) of the OPTS gangway.

9.7.6 The system is to be designed to enable safe disconnection and also emergency disconnection (lift-off) at all times (e.g. mothership blackout).

9.7.7 The OPTS needs to be equipped with an emergency disconnection system. The system needs to enable safe disconnection, retraction of any telescopic arrangements and landing of the gangway in a safe position. In case of an emergency which requires the emergency disconnection (lift-off) to be initiated, a visual and acoustic alarm is to be activated a considerable time before the actual lift-off, allowing personnel to safely evacuate the gangway.

Figure 1.9.1 Connection systems

9.8.1 Potential threats related to the security of the OPTS should be identified, addressed and mitigated. See Ch 1, 10 Risk assessment.

9.8.2 The following aspects shall at a minimum be addressed in particular:

1. roles and responsibilities of key personnel and management involved in the operations and maintenance of the OPTS;
2. policies, procedures, assets, data and capabilities, which if disrupted, could pose risks to the OPTS operations and safety; and
3. technical measures to protect against a cyber incident to ensure safety and continuity of operations.

9.8.3 Refer to the following publications for guidance:

1. LR’s ShipRight Procedure for the Assessment of Cyber Security for Ships and Ships Systems;
2. IEC 62443 Security for industrial automation and control systems series of standards, on how to secure information and communication technology aspects of industrial processes;
3. ISO/IEC 27001 Information technology – Security techniques – Information management Systems – Requirements, on how to keep information assets secure; and
4. Baseline Security Recommendations for Internet of Things (IoT) in the context of Critical Information Infrastructures, ENISA, NOVEMBER 2017, on how to ensure security in IoT products and services.