DP2Rementoa FMEA

Dynamic Positioning and Control Systems
12131 Community Rd.

Poway, CA 92064
858-679-5500 General Fax: 858-679-5501
Document Number
24005418PS-310
Document Title
Failure Modes and Effects Analysis (FMEA)

NMS6000 DP (DP Class 2) System
Remontowa 1674-09
CONTROL STATUS
Prepared by:
Robert Theisen
Approved by:
Robert Theisen
Unless over stamped MASTER or CONTROLLED in red,

this document has been provided for information only and
will not be updated.
Systems Engineer
Revision:
Date:
19-Jun-08
This document is, or contains, confidential and proprietary information of L-3 Communications. Its receipt or
possession does not convey any rights to reproduce or disclose it, or its contents, or to manufacture, use, or
sell anything it may describe or reference. Reproduction, disclosure, or use without specific written
authorization of L-3 Communications is strictly prohibited. This technical data is controlled under the Export
Administration Regulations ECCN [8E992], and may not be exported to a Foreign Person, either in the U.S.
or abroad, without the proper authorization of the U.S. Department of Commerce.
REVISION STATUS
Rev.
Date
19-Jun-08
24005418PS-310 Rev A
Description
Initial Release.
Commercial In Confidence
Page 1 of 14
Table of Contents
1. Single Point Failure Mode Analysis......................................................................................................................... 3
1.1. Purpose..................................................................................................................................................................... 3
1.2. Definition ................................................................................................................................................................... 3
1.3. Single Point Failure Assessment .......................................................................................................................... 3
1.3.1. Vessel Electrical Power Plant ................................................................................................................. 3
1.3.2. Vessel Propulsion ..................................................................................................................................... 4
1.3.3. System Architecture.................................................................................................................................. 5
1.3.4. Redundant DP Control Consoles ........................................................................................................... 5
1.3.5. Independent Backup Joystick (JS) System........................................................................................... 5
1.3.6. Control Power ............................................................................................................................................ 6
1.3.7. Redundant Programmable Logic Controllers ....................................................................................... 6
1.3.8. DP Control Network .................................................................................................................................. 7
1.3.9. DP Control Console Mode Select ........................................................................................................... 7
1.3.10. DP Control Console Automatic Backup ................................................................................................. 7
1.3.11. Signal Processor Unit ............................................................................................................................... 7
1.3.12. External Serial Sensors............................................................................................................................ 8
1.3.13. DP/Bridge/Independent JS Control Selector Switch............................................................................ 9
1.4. Conclusions .............................................................................................................................................................. 9
Appendix A
System Block Diagrams
Appendix B
Vessel FMEA
24005418PS-310 Rev A
Page 2 of 14
1.
Single Point Failure Mode Analysis

1.1.
Purpose
The purpose of this document is to provide a single point failure analysis for the L-3 Communications DPCS
NMS6000 Dynamic Positioning (DP) System.
The DP has been designed to meet the ABS DP Class 2 requirements.
The focus of this document is an analysis of the DP System hardware. DP System Software controlling the
communications highways is also assessed as applicable.
This review also addresses areas of possible system degradation, as contrasted with system failure, and offers
suggestions on how these problems can be alleviated.
1.2.
Definition
The definition of a single point failure is any piece of hardware (or section of software) whose loss would cause a
complete failure of the automatic positioning of the vessel. Component failures that result in system degradation,
which are not considered a system failure are also addressed to a certain extent.
It should be noted that the foregoing material assumes the Customer is familiar with the system architecture and
terminology.
1.3.
Single Point Failure Assessment
A single point failure assessment was made for the NMS6000 DP system.
summarized below.
The results are attached and
1.3.1. Vessel Electrical Power Plant

The vessel power plant is shown in Figure 1-1 below. The Remontowa 1674-09 NMS6000 software is designed for
operation in split bus modes with all Generators online.
24005418PS-310 Rev A
Page 3 of 14

SHAFT
GENERATOR 1
DIESEL
GENERATOR 1
DIESEL
GENERATOR 2
SHAFT
GENERATOR 2
SG1
G1
G2
SG2
MSB
-G1
-SG1
MAIN SWITCHBOARD
PORT
BUSS
-G2
-SG2
STARBOARD
BUSS
BUSS TIE BREAKER
11Q
22Q
T1
33Q
STERN
THRUSTER
SUPPLY 2
BOW
THRUSTER 1
32Q
T3
T2
STERN
THRUSTER
BOW
THRUSTER 2
Figure 1-1 Remontowa 1674-09 Propulsion System
1.3.2. Vessel Propulsion

The vessel propulsion system is shown in Figure 1-2 below.
PORT MAIN
PROPELLER (T4)
PORT
RUDDER
STERN TUNNEL
THRUSTER (T3)
STBD
RUDDER
AFT BOW
TUNNEL
THRUSTER (T2)
FORWARD BOW
TUNNEL
THRUSTER (T1)
STBD MAIN
PROPELLER (T5)
Figure 1-2 Remontowa 1674-09 Propulsion System

24005418PS-310 Rev A
Page 4 of 14
1.3.3. System Architecture

See the NMS6000 DP System Block Diagrams in Appendix A.
1.3.4. Redundant DP Control Consoles

The L-3 Communications DPCS NMS6000 DP System consists of dual redundant NMS6000 units. The NMS6000
units consist of two (2) primary consoles, DP1 and DP2. The operator can select which of the two consoles is the
On-Line Master Controller; the other console automatically becomes the backup, which takes over upon loss of the
Master.
A joystick for both surge and sway and a potentiometer for moment control are provided on the DP1 and DP2
control consoles. These controls only work with the Master DP control console when either the Manual Heading
mode or the Manual Position mode is selected.
1.3.5. Independent Joystick (JS) System

An NMS6000 Independent Joystick (JS) System is provided. The Independent JS unit consists of a separate
Control Console, shared Signal Processors and Control Network and is powered by a separate, dedicated Power
Source. The operator can select control from the Independent JS control by way of the 3-way Selector Switch
located at the bridge console.
A joystick for both surge and sway and a potentiometer for moment control are provided on the Independent JS
control console. These controls only work with the Selector Switch in the Independent JS position.
Although it is referenced within this document, the Independent JS is not included within the scope of the overall
FMEA, since it functions as a stand alone system.
24005418PS-310 Rev A
Page 5 of 14
1.3.6. Control Power

Three (3) UPSs are provided to power the DP System. UPS 1 and 2 are 24VDC UPSs. UPS 3 is a small AC UPS
which powers the Cyscan position reference system sensor.
Each NMS Control Console is provided with its own separate UPS Power. The loss of a UPS will result in the loss
of DC power to the specific items listed in the table below. Each UPS is capable of a minimum of 30 minutes of
battery back-up time at the full system load.
For redundancy, each SPU is also fed with a secondary, backup DC supply from the Ships Emergency
Switchboard, the same source that supplies the Independent Joystick system.
The UPS power is supplied to the DP System Equipment as follows:
Equipment
DP 1 (Computer, Display and

Console)
UPS1
UPS2
UPS3
(24VDC)
(24VDC)
(AC)
DC Supply
from Ships
Emergency
Switchboard
DP 2 (Computer, Display and

Console)
IND JS (Computer, Display and

Console)
SPU 1 (PLC 1)
X
X
SPU 2 (PLC 2)
X
X
DGPS 1
DGPS 2
Cyscan System
Wind Sensor 1
Wind Sensor 2
VRU (via SPU 1, +24V)
VRU (via SPU 2, +24V)
Gyro 1
Gyro 2
Alarm Printer 1 (via 24/230 inv)

Alarm Printer 2 (via 24/230 inv)
X
X
1.3.7. Programmable Logic Controllers

Two (2) Programmable Logic Controllers (Flexlogix PLC) are used in the Control Network for processing input and
output signals. They are housed in separate Signal Processing Units (SPU1 and SPU2). Furthermore, each SPU
is fed from separate UPS units.
Both PLCs run the logic routines and internal programs, each PLC has control of its data outputs. If the PLC loses
power, experiences a major fault during program execution, or has a processor failure, then it becomes inactive,
this will cause the loss of SPU where the PLC is housed, and the control to the particular thrusters (e.g. Thruster 1
and 4 or 2 and 5.)
24005418PS-310 Rev A
Page 6 of 14
Each SPU/PLC pair is powered from a separate UPS, with DC power backup from the emergency switchboard.
1.3.8. DP Control Network

The NMS6000 Controllers are connected to the Signal Processor Units via a peer-to-peer redundant control and
data transmission networkchannels A and B. Upon loss of channel A, channel B carries all data, and vice-versa.
1.3.9. DP Control Console Mode Select

The NMS6000 Redundancy exchange is implemented using a Dual Redundant Ethernet network on which each
node multicasts a Voting Packet on a preconfigured multicast channel. Each node reads and stores the voting
packet from the other nodes and uses this information to manage the manual and automatic Master/Backup
exchange. If node 1 is Master, then node 2 is the automatic hot backup and vice versa.
Manual mastership transfer is done by pressing the NMS Online button on the Backup Console UI.
1.3.10.
DP Control Console Automatic Backup
If a Voting Packet is timed out, the system will zero the data for that node. If the Voting packet from the Master
console is timed out, the Hot Backup will automatically take control and become the Master. The new status is
reflected in the Voting packet so when the old Master comes back up it will now become a hot backup.
1.3.11.
Signal Processor Unit
Two (2) Signal Processor Units (SPU) are provided with the NMS6000 DP System. For redundancy, the SPUs are
powered from two independent sources (L-3 24VDC UPSs and the Ship emergency DC distribution switchboard).
The SPUs perform the input/output consolidation and distribution between the field sensor control and monitoring
and the control processors located in the DP Control Consoles.
The I/O is divided between the two (2) SPUs and interfaces to the redundant ControlNet network and PLCs via the
Redundant Media Adapters (ACNRs).
1.3.11.1.
Signal Processing I/O Matrix
The I/O is divided between the SPUs to minimize the impact of the loss of an SPU or of an ACNR within an SPU.
The Thruster, Main Prop and Rudder I/O is divided between the SPUs as follows:
Thrusters/Main Props & Rudders
SPU1
Thruster 1 (Fwd Bow Tunnel
thruster)
Thruster 2 (Aft Bow Azimuth

thruster)
Thruster 3 (Stern Tunnel thruster)
Thruster 4 (Port Main Prop)
Thruster 5 (Stbd Main Prop)

Port Rudder
SPU2
X
X
Stbd Rudder
As a result of this division, the worst case effect due to the single point failure loss of an SPU or SPU-ACNR is:
SPU1-ACNR:
24005418PS-310 Rev A
Loss of interface and control of Bow Tunnel Thruster 1, Port Main Prop and Port
Rudder
Page 7 of 14
SPU2-ACNR:
Loss of interface and control of Bow Tunnel Thruster 2, Stbd Main Prop and Stbd
Rudder
Note: Stern Tunnel Thruster can be controlled from either SPU. The circuit is designed so that SPU1 is the primary
controller but if it should fail then control transfers to SPU2.
Other DP System analog and discrete I/O signal groups are distributed between the SPUs to provide the required
redundancy for the overall DP system.
Analog / Discrete Signals
Device / Equipment
1.3.12.
Qty
SPU1
SPU2
DP Online Signal
Independent JS Online Signal
UPS (alarms)
Vertical Reference Unit

(signal/power)
External Serial Sensors
External position, environmental and heading sensors are redundant and include:
Two (2) DGPSs. Each DGPS provides serial position data to both DP consoles and the Independent
JS console.
One (1) Cyscan System. The Cyscan System provides serial position data to both DP consoles and
the Independent JS console.
Two (2) Gyrocompasses. Each Gyrocompass provides serial heading data to both DP consoles and
the Independent JS console.
Two (2) Wind Sensors. Each Wind Sensor provides serial speed and direction data to both DP
consoles and the Independent JS console.
The serial sensors are interfaced to the NMS6000 DP System via Allen Bradley Point IO modules and the
ControlNet network. For redundancy, the serial sensors are divided between the Point IO ACNRs, with each
ACNR powered from a separate source.
The serial sensors are divided between the three (3) ACNRs as follows:
Serial Sensors
DGPS 1
Flexlogix PLC #1
Flexlogix PLC #2
Flexlogix PLC #1
Point IO ACNR 1
Point IO ACNR 2
Point IO ACNR 3
DGPS 2
Cyscan
X
X
Gyrocompass 1
Gyrocompass 2
Wind 1
X
X
Wind 2
24005418PS-310 Rev A
Page 8 of 14
As a result of this division, the worst case effect due to the single point failure loss of a Point I/O ACNR module is:
Point I/O ACNR1:
Loss of DGPS1, Cyscan, Wind 1
Point I/O ACNR2:
Loss of DGPS2, Gyrocompass 2, Wind 2
Point I/O ACNR3:
Loss of Gyrocompass 1
1.3.13.
DP/Bridge/Independent JS Control Selector Switch
An industrial-grade, three position DP/Bridge/Independent JS control switch is provided with the NMS6000 and
performs the following functions:
1. The switch position determines which console is in control (DP1/DP2, Bridge or the Independent JS)
2. When the switch position is DP or Independent JS, the individual thrusters, main props and rudders are
selected for DP or Independent JS control.
In the highly unlikely event of a complete failure of the DP/Bridge/JS control switch, the ability to transfer into or out
of the various control modes (Bridge, DP, Independent JS) and the ability to select the thrusters/main props and
rudders online will be affected.
Each of the contacts on the switch is electrically isolated, so an electrical failure of one contact will not affect the
others. A failure of one thruster/main prop or rudder select contact (or signal) will only affect the ability to select
that one unit for DP or Independent JS control.
There are redundant DP and Independent JS Online signals from the switch to SPU 1 and SPU 2, so the loss of
one of these contacts (or signals) will not impact the DP or Independent JS Systems.
1.4.
Conclusions
There are no known single point failures within the NMS6000 DP System that can cause loss of DP control of the
vessel.
24005418PS-310 Rev A
Page 9 of 14
APPENDIX A
SYSTEM BLOCK DIAGRAMS
24005418PS-310 Rev A
Page 10 of 14
DP #1 System
DP #2 System
Touch
Display
Independent System
Touch
Display
Touch
Display
Control
Console
Computer/CPU
Dual Redundant
Ethernet
CH: A
CH: B
Control
Console
Computer/CPU
Computer/CPU
DP 2 Control Stn.
DP 1 Control Stn.
Control
Console
Independent Control Stn.
CH: A
CH: B
Dual Redundant Co-Ax

Control Net
SPU 1
SPU 2
PLC 1
PLC 2
I/O
I/O
JS/Man/DP
Switch
To
Thruster
Interfaces
To
Thruster
Interfaces
Figure A-1, NMS6000 DP Control and Data Networks
24005418PS-310 Rev A
Page 11 of 14
From Customer Power Source

Display 1
GYRO 1
Control Console 1
DGPS 1
Computer/CP 1
WIND 1
= 24 VDC
PORT
Ship's Power
220 VAC
50-60Hz
UPS 1
Power
Dist.
Panel 1
DC/AC
Inverter
Alarm
Printer 1
SPU 1
PLC 1
I/O
VRU 1
From
Power Dist.
Panel 3
24 VDC
DP #1 SYSTEM
DP #2 SYSTEM
Display 2
Control Console 2
DGPS 2
Computer/CP 2
WIND 2
STBD
Ship's Power
220 VAC
50-60Hz
UPS 2
Power
Dist.
Panel 2
DC/AC
Inverter
Alarm
Printer 2
GYRO 2
SPU 2
PLC 2
I/O
VRU 2
From
Power Dist.
Panel 3
24 VDC
Figure A-2, NMS6000 Power Distribution (cont. next page)
24005418PS-310 Rev A
Page 12 of 14
Figure A-2, NMS6000 Power Distribution (cont.)
24005418PS-310 Rev A
Page 13 of 14
APPENDIX B
VESSEL DP FMEA SPREADSHEET
24005418PS-310 Rev A
Page 14 of 14
Remontowa 1674-09 NMS6000 DP (Class 2) System
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
DP1 Subsystem
24VDC UPS Power Source
Severe ground
Alarm loss of
24 VDC UPS
fault, switchboard NMS UPS Line
battery backup
failure,
Failure on DP
will sustain power
mechanical
Stations
to DP1 subsystem
generator failure.
for 30 minutes.
220VAC from
Supplied power
main switchboard feed to NMS/DP
to NMS 24VDC
UPS 1.
220 VAC Supply to 24 VDC UPS's
Loss of Ship AC
Supply to UPS.
24VDC UPS 1
Primary 24 VDC
Charger/Rectifier Supply for the
complete DP1
Subsystem.
Includes: Touch
Display 1,
Computer/CPU1,
Control Console,
DGPS 1, VRU 1
24VDC Supply and Battery Charge
Loss of 24VDC
Battery Charger
Unit
Battery
UPS Rectifier
Charger/Rectifier Alarm on DP
Fault.
Station.
24VDC UPS 1
Batteries
24VDC Backup Supply
Loss of UPS
Battery Backup
Backup 24 VDC
Supply for the
complete DP1
Subsystem.
Includes: Touch
Display 1,
Computer/CPU1,
Control Console,
DGPS 1, VRU 1
24VDC UPS1
24VDC Power
Power Distribution Distribution for
Panel
UPS1
24005418PS-310 Rev A
24VDC Distribution and Overcurrent Loss of power to

Protection
affected
subsystem
component(s)
Repair the
affected
switchboard and
generator
components.
DP operations for No
affected DP1
subsystem will
sustain, until such
time that the UPS
batteries drain.
DP2 subsystem
will remain online
uninterrupted.
No
Repair/Replace
the Battery
Charger per
manufacturer's
specifications
affected DP1
subsystem will
sustain, until such
time that the UPS
batteries drain.
DP2 subsystem
will remain online
uninterrupted.
No
Periodic
maintenance and
testing to ensure
UPS operation.
Degradation over UPS Low Voltage Affected system

time of UPS
Alarm
components will
Batteries.
deactivate below
minimum
operating voltage.
Replace UPS
Batteries per
manufacturer's
specifications
affected DP1
subsystem will
sustain, until such
time that the UPS
batteries drain.
DP2 subsystem
will remain online
uninterrupted.
No
Periodic
maintenance and
testing to ensure
UPS operation.
Severe ground
fault or CB trip on
main distribution
panel
Repair/replace
shorted or faulty
equipment.
Return CB to "On"
Position.
No effect on
vessel
positioning. If
complete power
failure, system
architecture will
be substantially
reduced.
No
Loss of operating
power to affected
component(s).
Alarm is
generated on
remaining DP2
Station.
24 VDC UPS
battery backup
will sustain power
to DP1 subsystem
for 30 minutes.
In the case of
complete loss of
the DP1 operating
station, system
automatically
transfers control
to remaining DP2
control console.
No
Page B-1 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Computer/CPU and Console

Loss of power,
Alarm on
Loss of primary
Internal
remaining DP2
DP control from
Component
Station, "Loss of DP1. NMS DP
Failure, or
NMS1 or 2"
Alarm, monitoring
overheating of
and control
CPU.
function remains
from DP2.
DP1 CPU
DP alarm, control Automatic DP Control and

and monitoring
Coordinated Thruster Control
master central unit
Computer
Stopped
DP1
Computer Hard
Disk Drive

and monitoring
master central unit
Failure to
Internal
read/write to hard Component
drive
Failure
Repair the
computer and put
it back online.
After start-up,
press "INITBACKUP" to
reinitialize backup
system from
Master
Alarm on
Loss of primary
Repair the
remaining DP2
DP control from
computer and put
it back online.
NMS1 or 2"
Alarm, monitoring After start-up,
and control
press "INITfunction remains BACKUP" to
from DP2.
reinitialize backup
system from
Master
Operator notified Loss of serial
Replace ACNR, if
of each individual sensors from that required.
serial
ACNR to DP 1,
communications DP 2, Ind JS
loss.
consoles. Other
sensors are still
available from
other console
ACNRs.
Preventative
Actions
Periodically clean
computer filters.
Automatic and
No
bumpless transfer
to remaining DP2
Station.
No
Note MTBF of
Computer HDD is
rated as 300,000
Hours.
No.
No
No
Loss of audible
alarm. Visual
flashing
unacknowledged
alarms in NMS
Replace computer No
motherboard, or
complete
computer
assembly.
No
No
Operator unable Loss of Joystick

to manually issue Control Function
control from DP1
station joystick.
Manually Transfer No
to DP2 station, or
select
Independent JS,
or select Manual
Thruster Control
levers by using
center 3-way
selector switch.
No
No
Loss of serial
communications
from that ACNR
to all consoles
Internal
Component
Failure
DP1
Workstation
Sound Card
Adapter
Alarm Annunciation
Loss of Audible
Tone.
Integrated Sound No audible tone

Card Failure
generated by
unacknowledged
alarms
Manual Joystick Control from DP1
Loss of Joystick
Control
Internal Joystick
Component
Failure or USB
Adapter Failure.
24005418PS-310 Rev A
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
No
Automatic DP Control and

DP1
3-axis Joystick
Joystick and USB Control from DP1
Adapter
Loss of DP
Control and
Monitoring
Automatic and
No
bumpless transfer
to remaining DP2
Station.
DP1
Serial Interface to
Point I/O Interface a group of the DP
Adapter (ACNR) reference and
environmental
Sensors
Audible Alarm
Tones at DP1
Failure Effect
Corrective
Action
Page B-2 of 16
Component
Description
DP1
Trackball
Function
Secondary User
Interface pointing
device.
Mode of Operation
Failure Cause
Blank screen, or
touch screen not
responding
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Failure Detection
Failure Effect
Mouse cursor not

tracking and/or
command objects
not selected.
Loss of video
display at the DP1
Console and/or
user interface
navigation.
Utilize
No
touchscreen if
trackball
operations fail.
Check serial
cabling to unit.
Clean trackball
roller mechanisms
as required.
No
No
Loss of power,
Mouse cursor not
Service Stopped, tracking and/or
Faulted.
command objects
not selected.
Loss of video
display at the DP1
Console and/or
user interface
navigation.
Utilize trackball if No
touchscreen
selections do not
operate. Check
power, verify
cable, check
video
transmitter/receiv
er, replace unit.
Recalibrate
Touchscreen Unit
if required.
Transfer control
to remaining DP2
control station.
No
No
User Interface, navigation and object Inability to control Loss of

control/selection.
pointing device.
Connection
and/or Faulty
Trackball.
DP1 Touchscreen Primary User

Receive video signal from DP
Interface for DP
Computer, transmit operator
alarm, control and instructions through touch screen.
monitoring system.
24005418PS-310 Rev A
Failure Mode
Corrective
Action
Preventative
Actions
Periodically clean
trackball
components.
Page B-3 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
DP2 Subsystem
220VAC from
Supplied power
main switchboard feed to NMS/DP
to NMS 24VDC
UPS 2.
24VDC UPS Power Source

Severe ground
Alarm loss of
24 VDC UPS
fault, switchboard NMS UPS Line
battery backup
failure,
Failure on DP
will sustain power
mechanical
Stations
to DP2 subsystem
generator failure.
for 30 minutes.
220 VAC Supply to 24 VDC UPS's
Loss of Ship AC
Supply to UPS.
24VDC UPS 2
Primary 24 VDC
24VDC Supply and Battery Charge
Charger/Rectifier Supply for the
complete DP2
Subsystem.
Includes: Touch
Display 2,
Computer/CPU2,
Control Console,
DGPS 2, GYRO 2,
WIND2, VRU 2
Loss of 24VDC
Battery Charger
Unit
Battery
UPS Rectifier
Charger/Rectifier Alarm on DP
Fault.
Station.
24VDC UPS 2
Batteries
Loss of UPS
Battery Backup
Backup 24 VDC
24VDC Backup Supply
Supply for the
complete DP2
Subsystem.
Includes: Touch
Display 2,
Computer/CPU2,
Control Console,
DGPS 2, GYRO 2,
WIND2, VRU 2
24VDC UPS 2
24VDC Power
Power Distribution Distribution for
Panel
UPS2
24VDC Distribution and Overcurrent Loss of power to

Protection
affected
subsystem
component(s)
Repair the
affected
switchboard and
generator
components.
affected DP2
subsystem will
sustain, until such
time that the UPS
batteries drain.
DP1 subsystem
will remain online
uninterrupted.
No
Repair/Replace
the Battery
Charger per
manufacturer's
specifications
affected DP2
subsystem will
sustain, until such
time that the UPS
batteries drain.
DP1 subsystem
will remain online
uninterrupted.
No
Periodic
maintenance and
testing to ensure
UPS operation.
Degradation over UPS Low Voltage Affected system

time of UPS
Alarm
components will
Batteries.
deactivate below
minimum
operating voltage.
Replace UPS
Batteries per
manufacturer's
specifications
affected DP2
subsystem will
sustain, until such
time that the UPS
batteries drain.
DP1 subsystem
will remain online
uninterrupted.
No
Periodic
maintenance and
testing to ensure
UPS operation.
Severe ground
fault or CB trip on
main distribution
panel
Repair/replace
shorted or faulty
equipment.
Return CB to "On"
Position.
No effect on
vessel
positioning. If
complete power
failure, system
architecture will
be substantially
reduced.
No
Loss of operating
power to affected
component(s).
Alarm is
generated on
remaining DP1
Station.
24 VDC UPS
battery backup
will sustain power
to DP2 subsystem
for 30 minutes.
In the case of
complete loss of
the DP2 operating
station, system
automatically
transfers control
to remaining DP1
control console.
No
Computer/CPU and Console

24005418PS-310 Rev A
Page B-4 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
DP2 CPU

and monitoring
master central unit
Computer
Stopped
DP2
Computer Hard
Disk Drive

and monitoring
master central unit
Failure to
Internal
read/write to hard Component
drive
Failure
Loss of power,
Internal
Component
Failure, or
overheating of
CPU.
Failure Detection
Alarm on
remaining DP1
Station, "Loss of
NMS1 or 2"
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
No
Periodically clean
computer filters.
Automatic and
No
bumpless transfer
to remaining DP2
Station.
No
Note MTBF of
Computer HDD is
rated as 300,000
Hours.
No.
No
No
Loss of audible
alarm. Visual
flashing
unacknowledged
alarms in NMS
Replace computer No
motherboard, or
complete
computer
assembly.
No
No
Operator unable Loss of Joystick

to manually issue Control Function
control from DP2
station joystick.
Manually Transfer No
to DP1 station, or
select
Independent JS,
or select Manual
Thruster Control
levers by using
center 3-way
selector switch.
No
No
Loss of serial
communications
from that ACNR
to all consoles
Internal
Component
Failure
DP2
Workstation
Sound Card
Adapter
Alarm Annunciation
Loss of Audible
Tone.
Integrated Sound No audible tone

Card Failure
generated by
unacknowledged
alarms
Manual Joystick Control from DP2
Loss of Joystick
Control
Internal Joystick
Component
Failure or USB
Adapter Failure.
24005418PS-310 Rev A
Loss of DP
Control and
Monitoring
Automatic and
No
bumpless transfer
to remaining DP2
Station.
Automatic DP Control and

DP2
3-axis Joystick
Joystick and USB Control from DP2
Adapter
Loss of primary
DP control from
DP2. NMS DP
Alarm, monitoring
and control
function remains
from DP1.
Repair the
computer and put
it back online.
After start-up,
press "INITBACKUP" to
reinitialize backup
system from
Master
Alarm on
Loss of primary
Repair the
remaining DP1
DP control from
computer and put
it back online.
NMS1 or 2"
Alarm, monitoring After start-up,
and control
press "INITfunction remains BACKUP" to
from DP1.
reinitialize backup
system from
Master
Operator notified Loss of serial
Replace ACNR, if
of each individual sensors from that required.
serial
ACNR to DP 1,
communications DP 2, Ind JS
loss.
consoles. Other
sensors are still
available from
other console
ACNRs.
DP2
Serial Interface to
Point I/O Interface a group of the DP
Adapter (ACNR) reference and
environmental
Sensors
Audible Alarm
Tones at DP2
Failure Effect
Corrective
Action
Page B-5 of 16
Component
Description
DP2
Trackball
Function
Secondary User
Interface pointing
device.
Mode of Operation
Failure Cause
Blank screen, or
touch screen not
responding
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Failure Detection
Failure Effect
Mouse cursor not

tracking and/or
command objects
not selected.
Loss of video
display at the DP2
Console and/or
user interface
navigation.
Utilize
No
touchscreen if
trackball
operations fail.
Check serial
cabling to unit.
Clean trackball
roller mechanisms
as required.
No
No
Loss of power,
Mouse cursor not
Service Stopped, tracking and/or
Faulted.
command objects
not selected.
Loss of video
display at the DP2
Console and/or
user interface
navigation.
Utilize trackball if No
touchscreen
selections do not
operate. Check
power, verify
cable, check
video
transmitter/receiv
er, replace unit.
Recalibrate
Touchscreen Unit
if required.
Transfer control
to remaining DP1
control station.
No
No
User Interface, navigation and object Inability to control Loss of

control/selection.
pointing device.
Connection
and/or Faulty
Trackball.
DP2 Touchscreen Primary User

Receive video signal from DP
Interface for DP
Computer, transmit operator
alarm, control and instructions through touch screen.
monitoring system.
24005418PS-310 Rev A
Failure Mode
Corrective
Action
Preventative
Actions
Periodically clean
trackball
components.
Page B-6 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
SPU 1 PLC Communications Adapter

Loss of power,
Alarm Loss of
Internal
PLC #1
Component
Failure
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
SPU #1
Programmable
Flexlogix 1794L34 Controller
NMS Controller
SPU #1
Daughtercard
1788-CNCR
ControlNet
ControlNet connectivity
connectivity
between Point I/O
1734-ACNR, 1784PCIC, and
Flexlogix 1794-L34
Controller
Loss of sensors
data to NMS1
system
SPU #1
Module 10
1794-IB16
System IO
Channel
Failure of IO Input Loss of power,

NMS Alarms
Loss of Digital
Check power,
See Note * below No
No
Module
Internal
Module Fault
Input Signals
verify cable, verify
Component
Indication
Listed Below.
module. Replace
Failure, loss of
affected modules.
communications
with the PLC.
Loss of Thruster Ready Signal (loss of thruster). Operator Alerted.
Loss of Thruster Breaker indication. Operator alerted. No impact on DP system. The thruster will still be used by the DP system as long as the thruster ready signal is
still received.
Primary NMS Controller.
24VDC Digital Input
0 BOW TUNNEL THR (T1) READY

1 BOW TUNNEL THR (T1)
BREAKER CLSD
2
3 STERN TUNNEL THR (T3) READY
4 STERN TUNNEL THR (T3)
PRIMARY BREAKER CLSD
SECONDARY BREAKER CLSD
6 PORT MAIN (T4) READY
7 PORT MAIN (T4) PITCH REDUCED
8 PORT RUDDER READY
9 PORT SHAFT GEN (SG1)
BREAKER CLOSED
10 PORT GEN (G1)
BREAKER CLOSED
11 MAIN BUSS TIE BREAKER
CLOSED
12
13
24005418PS-310 Rev A
Complete PLC
failure
Loss of power,
Internal
Component
Failure, loss of
communications
with Flex Logix
PLC or Point I/O.
All alarms related

to this distributed
IO Station will
appear.
85 Check module
See Note * below No
configuration.
Replace Unit.
The system will
automatically
detect the module
is online and
restore data
communications.
Worst case effect,

loss of control
and monitoring for
NMS1
Subsystems.
Includes loss of
SPU1 IO. Loss of
thruster command
T1 and T4.
Check power,
See Note * below No
PLC (Flexlogix
1794-L34) and/or
Point I/O (1734ACNR.) Replace
effected modules.
No
No

still received.
still received.
Loss of Main Ready for DP Signal. Operator Alerted.
Loss of Pitch Reduced Signal. Operator Alerted by pitch command/feedback error.
Loss of Rudder Ready Signal (loss of rudder). Operator Alerted.
Loss of Shaft Gen Breaker indication. Operator alerted. No impact on DP system. The power available for the tunnel thrusters will be limited by the loss.
Loss of Gen Breaker indication. Operator alerted. No impact on DP system. The power available for the tunnel thrusters will be limited by the loss.
Loss of Main Buss Tie Breaker indication. Operator alerted. No impact on DP system.
Page B-7 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
14
15
SPU #1
Module 11
1794-IB10xOB6
System IO
Channel
0
1
2
3
4
5
6
7
8
9
10
24VDC Digital Input

Module
Internal
Component
Failure, loss of
communications
with the PLC.
DP ONLINE 1
IND JS ONLINE 1
UPS1 AC LINE FAIL ALM
UPS1 COMMON ALM
UPS3 COMMON ALM
Loss of DP Online 1. No impact on DP system due to redundant signal in SPU 2. Operator alerted if there is a mismatch.
Loss of IND JS Online 1. No impact on Ind JS system due to redundant signal in SPU 2. Operator alerted if there is a mismatch.
Loss of UPS1 AC Line Fail Alm. No impact on DP System
Loss of UPS1 Common Alm. No impact on DP System
STERN TUNNEL THR (T3)

CONTROL SELECT
Loss of ability to control T3 from SPU 1, control will default to SPU 2.
24VDC Analog Input Module

Module
Internal
Component
Failure, loss of
communications
with the PLC.
SPU1 24VDC SUPPLY

+10 VDC VOLTAGE MONITOR
-10 VDC VOLTAGE MONITOR
VRU1 PITCH FEEDBACK
VRU1 ROLL FEEDBACK
Loss of voltage monitor indication and alarm. Operator alerted by voltage out of range.
Loss of pitch data. Operator alerted by VRU pitch mismatch. VRU1 pitch data excluded from average.
Loss of roll data. Operator alerted by VRU roll mismatch. VRU1 roll data excluded from average.
NMS Alarms
Module Fault
Indication
Loss of Digital
Input Signals
Listed Below.
Check power,
See Note * below No
module. Replace
affected modules.
No
11
12
13
14
15
SPU #1
Module 12
1794-IE8/B
System IO
Channel
0
1
2
3
4
5
6
7
24005418PS-310 Rev A
NMS Alarms
Module Fault
Indication
Loss of Analog
Input Signals
Listed Below.
Check power,
See Note * below No
module. Replace
affected modules.
No
Page B-8 of 16
Component
Description
SPU #1
Module 13
1794-OF4I
SPU #1
Module 14
1794-OF4I
SPU #1
Module 15
1794-IF4I
SPU #1
Module 16
1794-IF4I
Function
System IO
Channel
System IO
Channel
System IO
Channel
System IO
Channel
Mode of Operation
24VDC Analog Output Module
0 BOW TUNNEL THR (T1) PITCH

CMD
1 PORT MAIN ENGINE (T4) PITCH
CMD
2 PORT RUDDER DIRECTION CMD
3
0 STERN TUNNEL THR (T3) PITCH

CMD
1
2
3

FDBK
1 PORT MAIN ENGINE (T4) PITCH
FDBK
2 PORT RUDDER DIRECTION FDBK
3

FDBK
1 PORT SHAFT GEN (SG1) KW
FDBK
2 PORT GEN (G1) KW FDBK
3
24005418PS-310 Rev A
Failure Mode
Failure of IO
Output Module
Failure Cause
Loss of power,
Internal
Component
Failure, loss of
communications
with the PLC.
Failure Detection
NMS Alarms
Module Fault
Indication
Failure Effect
Loss of Analog
Output Signals
Listed Below.
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Check power,
See Note * below No
module. Replace
affected modules.
Preventative
Actions
No
Loss of pitch command. Operator alerted by command/feedback comparison (See Note ** at bottom)
Loss of direction command. Operator alerted by command/feedback comparison (See Note ** at bottom)
Module
Internal
Component
Failure, loss of
communications
with the PLC.
NMS Alarms
Module Fault
Indication
Loss of Analog
Input Signals
Listed Below.
Check power,
See Note * below No
module. Replace
affected modules.
No

Module
Internal
Component
Failure, loss of
communications
with the PLC.
NMS Alarms
Module Fault
Indication
Loss of Analog
Input Signals
Listed Below.
Check power,
See Note * below No
module. Replace
affected modules.
No
Loss of pitch feedback. Operator alerted by command/feedback comparison. No impact on thrust cmd.
Loss of pitch feedback. Operator alerted by command/feedback comparison. No impact on pitch cmd.
Loss of direction feedback. Operator alerted by command/feedback comparison. No impact on direction cmd.
NMS Alarms
Loss of Analog
Check power,
See Note * below No
Module
Internal
Module Fault
Input Signals
Component
Indication
Listed Below.
module. Replace
Failure, loss of
affected modules.
communications
with the PLC.
No
Loss of SG KW feedback.
Loss of G KW feedback.
Page B-9 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
* The most probable cause for loss of FlexLogix PLC, Flex I/O module or ACNR (ControlNet Reundant Media Adapter) is a hardware fault in the effected component. The loss of aFlexLogix PLC will result in a loss of communications
to all Flex IO modules associated with the PLC. There is one FlexLogix PLC in each SPU1 and SPU2. Thruster, Power Plant and Environmental interfaces are split between the two SPU's for redundancy purposes, so that loss of an
SPU (or PLC) will not cause a loss of position as long as the other SPU, PLC, Flex I/O modules and ACNR are fully available. A failure of an individual module or of a single channel on a module will generate appropriate alarms.
Some operator action may be required. Singe failures are evaluated under the assumption that all other equipment is fully available.
** Loss of the ability to command a thruster (from the DP system) or a failure at the thruster (resulting in a loss of control or out of control thruster) will require the operator to take the affected thruster offline. If the thruster is not
responding to commands from the DP system then the other remaining thrusters will be commanded to compensate for the affected thruster in order to maintain position. DP system thruster commands go to zero upon failure of an
ACNR or Module (associated with the thruster commands)
24005418PS-310 Rev A
Page B-10 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
NMS Controller
SPU #2
Daughtercard
1788-CNCR
ControlNet
ControlNet connectivity
connectivity
between Point I/O
1734-ACNR, 1784PCIC, and
Flexlogix 1794-L34
Controller
Loss of sensors
data to NMS1
system
SPU #2
Module 20
1794-IB16
System IO
Channel

Module
Internal
Component
Failure, loss of
communications
with the PLC.
24VDC Digital Input
Complete PLC
failure
Failure Effect
SPU 2 PLC Communications Adapter

Loss of power,
Alarm Loss of
Internal
PLC #2
Component
Failure
SPU #2
Programmable
Flexlogix 1794L34 Controller
Primary NMS Controller.
Failure Detection
Loss of power,
Internal
Component
Failure, loss of
communications
with Flex Logix
PLC or Point I/O.
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
85 Check module
See Note * below No
configuration.
Replace Unit.
The system will
automatically
detect the module
is online and
restore data
communications.
Preventative
Actions
No
All alarms related

to this distributed
IO Station will
appear.
Worst case effect,

loss of control
and monitoring for
NMS2
Subsystems.
Includes loss of
SPU2 IO. Loss of
thruster command
T2 and T5.
Check power,
See Note * below No
PLC (Flexlogix
1794-L34) and/or
Point I/O (1734ACNR.) Replace
effected modules.
No
NMS Alarms
Module Fault
Indication
Loss of Digital
Input Signals
Listed Below.
Check power,
See Note * below No
module. Replace
affected modules.
No
0 BOW TUNNEL THR (T2) READY

1 BOW TUNNEL THR (T2) BREAKER Loss of Thruster Breaker indication. Operator alerted. No impact on DP system. The thruster will still be used by the DP system as long as the thruster ready signal is
CLSD
still received.
2
3 STERN TUNNEL THR (T3) READY
PRIMARY BREAKER CLSD
SECONDARY BREAKER CLSD
6 STBD MAIN (T5) READY
7 STBD MAIN (T5) PITCH REDUCED
8 STBD RUDDER READY
9 STBD SHAFT GEN (SG2)
BREAKER CLOSED
10 STBD GEN (G2)
BREAKER CLOSED
24005418PS-310 Rev A

still received.
still received.
Loss of Main Ready for DP Signal. Operator Alerted.
Loss of Pitch Reduced Signal. Operator Alerted by pitch command/feedback error.
Loss of Rudder Ready Signal (loss of rudder). Operator Alerted.
Loss of Shaft Gen Breaker indication. Operator alerted. No impact on DP system. The power available for the tunnel thrusters will be limited by the loss.
Loss of Gen Breaker indication. Operator alerted. No impact on DP system. The power available for the tunnel thrusters will be limited by the loss.
Page B-11 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
11
12
13
14
15
SPU #2
Module 21
1794-IB10xOB6
System IO
Channel
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
SPU #2
Module 22
1794-IE8/B
System IO
Channel
0
1
2
3
4
5
6
7
SPU #2
Module 23
1794-OF4I
24005418PS-310 Rev A
System IO
Channel
24VDC Digital Input

Module
Internal
Component
Failure, loss of
communications
with the PLC.
DP ONLINE 2
IND JS ONLINE2
UPS2 COMMON ALM
Loss of DP Online 2. No impact on DP system due to redundant signal in SPU 2. Operator alerted if there is a mismatch.
Loss of IND JS Online 2. No impact on Ind JS system due to redundant signal in SPU 2. Operator alerted if there is a mismatch.

Module
Internal
Component
Failure, loss of
communications
with the PLC.
SPU2 24VDC SUPPLY

+10 VDC VOLTAGE MONITOR
-10 VDC VOLTAGE MONITOR
VRU2 PITCH FEEDBACK
VRU2 ROLL FEEDBACK
Loss of pitch data. Operator alerted by VRU pitch mismatch. VRU1 pitch data excluded from average.
Loss of roll data. Operator alerted by VRU roll mismatch. VRU1 roll data excluded from average.
24VDC Analog Output Module
Failure of IO
Output Module
Loss of power,
Internal
Component
Failure, loss of
communications
with the PLC.
NMS Alarms
Module Fault
Indication
NMS Alarms
Module Fault
Indication
NMS Alarms
Module Fault
Indication
Loss of Digital
Input Signals
Listed Below.
Loss of Analog
Input Signals
Listed Below.
Loss of Analog
Output Signals
Listed Below.
Check power,
See Note * below No
module. Replace
affected modules.
Check power,
See Note * below No
module. Replace
affected modules.
Check power,
See Note * below No
module. Replace
affected modules.
No
No
No
Page B-12 of 16
Component
Description
SPU #2
Module 24
1794-OF4I
SPU #2
Module 25
1794-IF4I
SPU #2
Module 26
1794-IF4I
Function
System IO
Channel
System IO
Channel
System IO
Channel
Mode of Operation
CMD
1 STBD MAIN (T5) PITCH CMD
2 STBD RUDDER DIRECTION CMD
3

CMD
1
2
3
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
Loss of direction command. Operator alerted by command/feedback comparison (See Note ** at bottom)
NMS Alarms
Loss of Analog
Check power,
See Note * below No
Module
Internal
Module Fault
Input Signals
Component
Indication
Listed Below.
module. Replace
Failure, loss of
affected modules.
communications
with the PLC.
No

NMS Alarms
Loss of Analog
Check power,
See Note * below No
Module
Internal
Module Fault
Input Signals
Component
Indication
Listed Below.
module. Replace
Failure, loss of
affected modules.
communications
with the PLC.
No

FDBK
1 STBD MAIN (T5) PITCH FDBK
Loss of pitch feedback. Operator alerted by command/feedback comparison. No impact on pitch cmd.
2 STBD RUDDER DIRECTION FDBK Loss of direction feedback. Operator alerted by command/feedback comparison. No impact on direction cmd.
3
NMS Alarms
Loss of Analog
Check power,
See Note * below No
Module
Internal
Module Fault
Input Signals
Component
Indication
Listed Below.
module. Replace
Failure, loss of
affected modules.
communications
with the PLC.
0 STERN TUNNEL THR (T3) PITCH Loss of pitch feedback. Operator alerted by command/feedback comparison. No impact on thrust cmd.
FDBK
Loss of SG KW feedback.
1 STBD SHAFT GEN (SG2) KW
FDBK
Loss of G KW feedback.
2 STBD GEN (G2) KW FDBK
3
No
* The most probable cause for loss of FlexLogix PLC, Flex I/O module or ACNR (ControlNet Reundant Media Adapter) is a hardware fault in the effected component. The loss of aFlexLogix PLC will result in a loss of communications
to all Flex IO modules associated with the PLC. There is one FlexLogix PLC in each SPU1 and SPU2. Thruster, Power Plant and Environmental interfaces are split between the two SPU's for redundancy purposes, so that loss of an
SPU (or PLC) will not cause a loss of position as long as the other SPU, PLC, Flex I/O modules and ACNR are fully available. A failure of an individual module or of a single channel on a module will generate appropriate alarms.
Some operator action may be required. Singe failures are evaluated under the assumption that all other equipment is fully available.
** Loss of the ability to command a thruster (from the DP system) or a failure at the thruster (resulting in a loss of control or out of control thruster) will require the operator to take the affected thruster offline. If the thruster is not
responding to commands from the DP system then the other remaining thrusters will be commanded to compensate for the affected thruster in order to maintain position. DP system thruster commands go to zero upon failure of an
ACNR or Module (associated with the thruster commands)
24005418PS-310 Rev A
Page B-13 of 16
Component
Description
Selector Switch
for DP Controls /
Bridge Controls /
Independent JS
Controls
Function
Mode of Operation
Selecting DP,
Three Position Switch: 1) DP
Bridge or
Control. 2) Bridge Control. 3)
Independent JS
Independent JS Control.
Control and
selecting Thrusters
for DP/JS Control
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Selector Switch for DP Controls / Bridge Controls / Independent JS Controls

Mechanical,
Switch failure or Loss of DP/JS
Loss of ability to Repair/Replace
Electrical Fault
external damage Online signals or go into or out of
the switch.
Thruster Selects. DP, Bridge,
Alarm on DP or
Independent JS
Independent JS control modes or
stations.
loss of Thruster
Select Signals
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
Yes, the
possibility exists,
but only if the
redundant DP and
JS Online
contacts and/or a
majority of the
thruster select
contacts fail. This
is considered
highly unlikely as
the switch
contacts are all
electrically
isolated and the
switch is industrial
grade.
No, Ship can

revert to manual
controls at the
thrusters/main
props/rudders.
No, Ship can

revert to manual
controls at the
thrusters/main
props/rudders.
Periodic
inspection and
verification of
switch operation.
No
No
No
Periodic
verification of
proper network
communications
and no flashing
channel lights at
PLC.
Verify Ethernet
No
10BaseT cabling
and connectors
between consoles
and Ethernet
Switch.
No
No
Control and Data Networks
Control Network
Ch. A and B
Control Network Ch. A and B

Redundant control IO control network and information Single Network
Line Severed or Alarm respective No loss of DP
network between transfer between PLC's and Control Line Faulted (Ch. Mis-connected
Channel Fault on Control from
Control Stations,
Stations.
A or B)
DP1, DP2,
either station.
PLC's and IO.
Independent JS Control data
Stations
transmitted over
remaining
network channel
Ethernet
Workstation
Redundancy Data Ethernet
Network Ch. A
Communications
and B
24005418PS-310 Rev A
Redundancy Data Network

Communications
Ethernet Redundancy Data Network

Loss of Ethernet Severed Network Operator notified No loss of DP
A or B Channel
Cable
of loss of Ethernet control from either
Redundancy Data Connection,
A or B Channel. station.
problem with
Redundancy Data
Ethernet Switch
transported over
remaining
network channel.
Repair the
severed co-ax
connection. Reconnect
communications
line.
Page B-14 of 16
Component
Description
Function
Mode of Operation
Failure Mode
Failure Cause
Failure Detection
Failure Effect
Corrective
Action
Loss of DP
Control and
Monitoring
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
Preventative
Actions
Reference Sensors
Loss DP Reference Sensors
Most probable
Operator alerted Data faulted and
cause is antenna by visual and
excluded from
shadowing,
audible alarms
blended position
scintillation, loss
estimate
of power, internal
component
failure, loss of
communications,
or loss of
differential
correction.
DGPS 1, 2
DP Position
Reference
Satellite Position Reference System Loss of sensor

data on DP 1,
DP2, Independent
JS Consoles.
Cyscan System
DP Position
Reference
Cyscan Position Reference System
Loss of sensor
data on DP
Consoles.
Most probable
cause is high
signal noise or
inteference with
target.
Operator alerted
by visual and
audible alarms
Gyro 1, 2
Heading
Reference
Gyrocompass Reference System
Loss of sensor
data on DP
Consoles.
Most probable
cause is gyro
fault, or loss of
power.
Operator alerted
by visual and
audible alarms
24005418PS-310 Rev A
If the DPGS is the

only online
position reference
system, the DP
system will
automatically go
into Dead
Reckoning
Mode". Take
sensor offline if
continued high
levels of signal
noise. Select
different
reference sensor
online.
Yes, if the only

No
reference sensor
online. No loss of
position if other
sensors are
selected online.
No
Data faulted and

excluded from
blended position
estimate
If the Cyscan is
the only online
position reference
system, the DP
system will
automatically go
into Dead
Reckoning
Mode". Take
sensor offline if
continued high
levels of signal
noise. Select
different
reference sensor
online.
Yes, if the only

No
reference sensor
online. No loss of
position of other
sensors are
selected online.
No
Data faulted and

excluded from
average heading
calculation.
Operator should
take failed gyro
offline.
No loss of
No
position. Loss of
heading, if it is the
last Gyro online.
No
Page B-15 of 16
Component
Description
Wind 1, 2
24005418PS-310 Rev A
Function
Wind Speed and
Direction
Mode of Operation
Wind Speed and Direction
Reference System
Failure Mode
Failure Cause
Loss of impacted Most probable

Wind Sensor data cause is Wind
on DP Consoles. Sensor fault, or
loss of power.
Failure Detection
Operator alerted
by visual and
audible alarms
Failure Effect
Data faulted and
excluded from
average wind
speed and
direction
calculation.
Corrective
Action
Operator should
take failed Wind
Sensor offline.
Loss of DP
Control and
Monitoring
No
Loss of Steering/
Propulsion/
Navigation
Loss of Safety
No
Preventative
Actions
No
Page B-16 of 16

DP2Rementoa FMEA

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

DP2Rementoa FMEA

Hochgeladen von

Copyright:

Verfügbare Formate

Dynamic Positioning and Control Systems

12131 Community Rd.

Failure Modes and Effects Analysis (FMEA)

Unless over stamped MASTER or CONTROLLED in red,

Dynamic Positioning and Control Systems

System Block Diagrams

Dynamic Positioning and Control Systems

Single Point Failure Mode Analysis

Single Point Failure Assessment

The results are attached and

1.3.1. Vessel Electrical Power Plant

Dynamic Positioning and Control Systems

Figure 1-1 Remontowa 1674-09 Propulsion System

1.3.2. Vessel Propulsion

Figure 1-2 Remontowa 1674-09 Propulsion System

Dynamic Positioning and Control Systems

1.3.3. System Architecture

1.3.4. Redundant DP Control Consoles

1.3.5. Independent Joystick (JS) System

Dynamic Positioning and Control Systems

1.3.6. Control Power

DP 1 (Computer, Display and

DP 2 (Computer, Display and

IND JS (Computer, Display and

VRU (via SPU 1, +24V)

VRU (via SPU 2, +24V)

Alarm Printer 1 (via 24/230 inv)

1.3.7. Programmable Logic Controllers

Dynamic Positioning and Control Systems

1.3.8. DP Control Network

1.3.9. DP Control Console Mode Select

DP Control Console Automatic Backup

Signal Processor Unit

Signal Processing I/O Matrix

Thruster 2 (Aft Bow Azimuth

Thruster 3 (Stern Tunnel thruster)

Thruster 4 (Port Main Prop)

Thruster 5 (Stbd Main Prop)

Dynamic Positioning and Control Systems

Independent JS Online Signal

Vertical Reference Unit

External Serial Sensors

Dynamic Positioning and Control Systems

Loss of DGPS1, Cyscan, Wind 1

Point I/O ACNR2:

Loss of DGPS2, Gyrocompass 2, Wind 2

Point I/O ACNR3:

DP/Bridge/Independent JS Control Selector Switch

Dynamic Positioning and Control Systems

Dynamic Positioning and Control Systems

Independent Control Stn.

Dual Redundant Co-Ax

Figure A-1, NMS6000 DP Control and Data Networks

Dynamic Positioning and Control Systems

From Customer Power Source

Figure A-2, NMS6000 Power Distribution (cont. next page)

Dynamic Positioning and Control Systems

Figure A-2, NMS6000 Power Distribution (cont.)

Dynamic Positioning and Control Systems

VESSEL DP FMEA SPREADSHEET

Remontowa 1674-09 NMS6000 DP (Class 2) System

220 VAC Supply to 24 VDC UPS's

24VDC Supply and Battery Charge

24VDC Backup Supply