Failure mode analysis of minimum system with Track Pilot

Minimum ECDIS-system with Track Pilot consist of:

· ECDIS processor

· A-Adapter

· ECDIS control panel

· ECDIS monitor to which is connected:

· track pilot interface type IEC 61162-1 & EMRI

· gyro compass of interface type IEC 61162-1

· speed log of interface type IEC 61162-1

· one radar display of interface type IEC 61162-1 (+ASPO/FEC extensions) or Selesmar (Special protocol)

· two position receivers of interface type IEC 61162-1

· alarm transfer system receiving alarm condition

5.3.1 External failures

5.3.1.1 Gyro compass fails

· outside of the system:

· gyro used for steering is the selected one for all the other purposes like repeaters, radars, direction finder etc.

· all gyro repeaters follow failing gyro compass

· ECDIS generates "Alarm 4005 Gyro error". If ECDIS does not have any other heading source selected (radar is a possible source), then ECDIS generates also "Alarm 2002 No course available"

· Track Pilot generates alarm 10

5.3.1.2 Speed log fails

· ECDIS generates "Alarm 4009 Dual axis log error"

· the system uses also position receivers as alternative speed source. So the system knows smg also from position receivers. Nothing else than alarm happens.

· If the ECDIS doesn't have any other speed source selected (radar or position receivers are possible sources) then the ECDIS generates also "Alarm 2001 No speed available". Nothing happens for steering.

5.3.1.3 Steering system fails

· If Track pilot is interfaced to a external rudder servo system, then the Track pilot starts to flash ON LIMIT warning. Later the Track pilot generates OFF COURSE alarm.

· If the Track pilot is interfaced to a bang-bang rudder control, then the Track pilot generates alarm 4

· user must make a decision to continue or to change to other means of steering

5.3.1.4 Radar display fails

· ECDIS generates "Alarm 2055 ARPA radar communication error"

· radar targets will be lost from the ECDIS chart

5.3.1.5 One of two position receivers fails while using together with Kalman-filter

5.3.1.5.1 Failure of type no signal

· ECDIS generates alarms. Alarms are "4012 Position equipment error" (for position receiver channel 1) and "4013 Position equipment error" (ch 2)

5.3.1.5.2 Failure of type wrong position

· system automatically excludes position receiver giving wrong position

5.3.1.6 All position receivers fails while using all together with Kalman filter

5.3.1.6.1 Failure of type no signal

· ECDIS generates alarms. Alarms are "4012 Position equipment error" (for position receiver channel 1) and "4013 Position equipment error" (ch 2)

· ECDIS generates "Alarm 2000 Position unreliable" and system changes automatically to backup deadreckoning based on log and gyro (if no log available then speed of backup deadreckoning is based on last known speed before failure)

5.3.1.6.2 Failure of type non-equal wrong positions

· ECDIS generates "Alarm 2000 Position unreliable" and system changes automatically to backup deadreckoning based on log and gyro (if no log available then speed of backup deadreckoning is based on last known speed before failure)

· nothing else happens

5.3.1.6.3 Failure of type equal wrong positions

· like Failure of type wrong position, if check against log and gyro reveals a failure

· in worst case the system does not detect failure. The worst case is when all position receivers deviate so slowly to same wrong position that check against gyro and log cannot detect deviation. This could be dangerous. Recommendation is that position receivers should be different ie. using different method (like GPS and LORAN) or if using same method (like two GPS) then at least different models (preferably from different manufacturers)

5.3.2 Internal failures

5.3.2.1 ECDIS processor fails

5.3.2.1.1 Power supply fails

· no picture, equipment totally death

· nothing happens to steering

· it is possible to continue already selected route of any length until end, but it is impossible to select alternative routes

5.3.2.1.2 CPU fails

· like Power supply fails 5.3.2.1.3 Hard disk fails

· like Power supply fails 5.3.2.1.4 Floppy disk fails

· nothing happens immediately

· service engineer must replace internal floppy if he needs to do lowest level hardware service like preformatting of a new hard disk. This kind of service requires anyhow a qualified service engineer.

5.3.2.1.5 Graphic adapter fails

· like Power supply fails 5.3.2.1.6 CD-ROM fails

· nothing happens immediately

· any update or use of chart material which requires CD-ROM is impossible 5.3.2.1.7 LAN interface fails

· nothing happens because LAN interface is normally used for connection with separate planning station, which is not part of minimum system. Also, if the system includes a planning station, nothing happens, because LAN interface between the Navigation and the Planning Station is only used with user activated Backup and Restore functions to move chart, user chart, route, pilot data etc. information between the station.

5.3.2.1.8 COM-channel for ECDIS control panel fails

· nothing happens immediately

· it is impossible for user to operate ECDIS part

· it is possible to continue already selected route of any length until end, but it is impossible to select alternative routes

5.3.2.1.9 SIO386 fails 1. Total failure

· "StandIns failure" System failure indication

· like Gyro compass fails, Speed log fails, Radar display fails and Failure of type no signal together

2. One of 18 channels fails

A. 1 out of 2 position receiver input channels fails

· like Failure of type no signal.

B. radar display channels fails

· like Radar display fails.

C. Dual axis log channels fails

· like Speed log fails.

D. Track Pilot channel fails

· like Primary power fails of Track pilot processor 5.3.2.1.10 A-Adapter fails

1. 1 out of 8 channels fails

A. 1 out of 3 position receiver input channels fails

· like Failure of type no signal . B. Radar display channels fails

· like Radar display fails.

C. Dual axis log channel fails

· like Speed log fails.

D. Track Pilot channel fails

· like Primary power fails of Track pilot processor 2. Isolating Power supply fails

· like Gyro compass fails, Speed log fails, Radar display fails and Failure of type no signal together

5.3.2.2 Track pilot processor fails

5.3.2.2.1 Primary power fails

· Track pilot panel generates an alarm

· ECDIS generates "Alarm 2480 Track pilot receive error"

· impossible to continue any of the advanced steering modes

· user must continue with wheel 5.3.2.2.2 Secondary power fails

· Track pilot panel generates alarm 06

· circuit to generate an alarm about failing primary power supply lose it power

· nothing else happens 5.3.2.2.3 CPU fails

· Track pilot control panel generates error 12.

· Impossible to operate advanced steering modes

· User must continue steering with wheel 5.3.2.2.4 Gyro inputs fails

· Track pilot generates alarm 10 for used gyro and alarm 11 for backup gyro.

· Impossible to operate advanced steering modes

· User must continue steering with wheel

· user must select other gyro (selection is external to system, normally the selection follows selection of gyro for the gyro repeaters)

5.3.2.2.6 ECDIS processor communication channel fails while in Route steering or Program track turn

· Track pilot generates alarm 12 and continues with RADIUS CONTROL or COURSE CONTROL mode

· any steering order received from ECDIS processor will be fulfilled ie. last proper order will be the set course

5.3.2.2.7 ECDIS processor communication channel fails while not in Route steering or Program track turn

· nothing happens to steering

· any attempts to activate Route steering or Program track turn will lead to alarm 5 or 7 5.3.2.2.8 Steering system interface fails

· If Track pilot is interfaced to a external rudder servo system, then the Track pilot starts to flash ON LIMIT warning. Later the Track pilot generates OFF COURSE alarm.

· If the Track pilot is interfaced to a bang-bang rudder control, then the Track pilot generates alarm 4

· user must continue with wheel or with direct operation of rudder pumps 5.3.2.2.9 Control panel communication channel fails

· impossible to operate advanced steering modes

· user must continue steering with wheel

5.3.2.3 Track pilot control panel fails

· impossible to operate advanced steering modes

· user must continue steering with wheel