A systematic approach to certification of complex control systems

As commercial and naval ships push to reduce manning requirements, the complexity of the platform management and control systems is increasing.

The current route to compliance relies heavily on audits of the detailed design during the design/commissioning of the ship. Having it so late in the lifecycle adds risk of rework to the Shipbuilder and system supplier. As the complexity of control increases both the probability that changes will be required in response to identified safety issues, and the cost of making these changes will rise significantly.

For systems that have safety significance, and will be expected to comply with IEC 61508, this poses even more of a challenge as the level of evidence needed to support the functional safety argument will be almost impenetrable if viewed in the form of a single audit.

This paper proposes a staged approach to compliance, which will build confidence in the control and management system during the development lifecycle. It incorporates practices from other industries, such as aerospace, where complex control and safety systems have been in use for some time. Using a gated approach, loosely based on a tailored ARP 4754A model, Shipbuilders can mitigate much of the risk, and prevent cost overruns.

This systematic approach to progressively accumulating and signing off evidence increases auditor involvement, and keeps them much more informed throughout the design. This will allow the auditor to have more confidence in the suitability of complex control and protection systems, and being assured of the safe running of the ship.

This model has been common practice in aerospace for a number of years, and has supported advances in automation beyond the accepted norms of the marine industry.

This paper provides an overview of the risks presented by the current Certification mechanisms, and discusses possible solutions presented by ARP 4754A.