Safety of Large Yachts by Design
The definition that I like most for safety – is “free from harm or risk”.
When you apply this definition to a complex structure such as a ship or large yacht there are many influences that can affect safety, i.e. by how it is designed, constructed, managed and operated. It then becomes understandable that the responsibility for safety should fall to all involved with the vessel throughout its lifecycle from the Designers, Builders, Classification Societies, Administration to the Operators and seafarers themselves.
As would be required by any discerning designer and builder, large yachts are implicitly designed and constructed to be safe, however from the statistics and regular publication of articles reporting yacht accidents, avoidable accidents on and to large yachts appear to occur too frequently.
Regulation
Presently, for the design of a vessel we look towards the Classification Societies Rules, for guidance on the standards required to achieve a robust and compliant vessel. Often these rules are based on empirical formula that has evolved from the commencement of the Classification of ships in 1765 and the experience and lessons learnt over time, whereby the rules are considered robust.
The perception by many in the industry is that Compliance with the Classification Society Rules alone and the issue of a Certificate of Class demonstrates a safe vessel. However, this is not the case – Class Certification does not imply a warranty of Safety, fitness for purpose or seaworthiness of the ship. Further, Classification Societies are not guarantors of safety of life or property at sea.
This is because the Classification Society has no control over how a vessel is manned, operated or maintained between the periodical surveys which it conducts. 1
Others with a responsibility for the safety of the vessel including its operation are the designers, the shipbuilders, Flag State Administrations, Owners/Management Companies, Port State control authorities, and the Seafarers themselves.
For a large yacht to be considered “safe” it therefore has to encompass a Safety Regime that interfaces seamlessly between all the parties involved.
Accepting that it in a marine environment it is virtually impossible to be totally safe i.e. free from harm or risk. A reasonable approach to enhance safety would be to embrace Risk Management from “Design to Operation” and provide mitigating actions to those risks considered unacceptable making them As Low as Reasonably Practicable “ALARP”.
Formal Safety Assessment
The International Maritime Organisation (IMO) have been proactive in recent years by recognizing the benefits of Risk Management by Formal Safety Assessment (FSA)2.
FSA represents a fundamental change from the regulatory approach alone to one which is based on risk evaluation and management in a transparent and justifiable manner. FSA can provide an audit trail to decisions made during the design and in parallel with regulatory compliance leads to improved safety and environmental protection.
In simple terms FSA consists of five steps:
- What might go wrong? = identification of hazards (a list of all relevant accident scenarios with potential causes and outcomes)
- How likely is it to go wrong and if it does go wrong how significant is the outcome? = assessment of risks (evaluation of risk factors);
- If the outcome is significant, then how can it be mitigated? = risk control options (devising regulatory measures to control and reduce the identified risks)
- What would it cost to reduce the risk and how effective is the reduction? = cost benefit assessment (determining cost effectiveness of each risk control option);
- What actions should be taken? = recommendations for decision-making (information about the hazards, their associated risks and the cost effectiveness of alternative risk control options is provided).
If the above questions were raised and steps followed during the design process and taken through to Operation, then along with regulatory compliance we would be making a significant move forward in achieving the inherently safe yacht.
Thus in my view the inherently safe yacht is one that has fully embraced a Formal Safety Assessment approach throughout its design and operation, and meets with full Regulatory Compliance.
Existing Large Yacht Safety Requirements
While Classification Societies are not Guarantors of Safety, following their Rules does however provide a positive element for identifying a reliable standard mainly for the strength, stability and construction of the vessel and depending upon the notations selected may include some of its equipment that will contribute to its safety.
The UK MCA introduction of the large commercial yacht code in 1997 for Red Ensign vessels has been seen as a positive move as part of an overall Safety Regime to capture what was largely an unregulated market. Its requirements and references to the International Convention for the Safety of Life at Sea (SOLAS) brought Commercial yachts largely in line with other merchant vessels.
While it is the flag states responsibility for the implementing the relevant regulations for those yachts under their administration, those Regulatory requirements differ significantly between Private and Commercial yachts, with commercial yachts now being viewed as “cargo vessels” requiring full compliance with SOLAS, while Private yachts need only to meet parts of the requirements of SOLAS V – Safety of Navigation to comply.
A positive factor from the introduction of the commercial code is that most Private yacht new constructions also include compliance with the commercial code, in the knowledge that it has a major factor to the yachts re-sale value.
Given the above Statutory and Regulatory requirements, in recent times there has been a lot of effort in bringing the large yacht sector in line with the safety requirements for commercial shipping, but we still appear to have a unreasonable number of accidents in this sector.
The Bespoke Nature of Large Yachts
Large yachts are generally bespoke, designed to each owner’s specific requirements therefore making each vessel unique, does this circumvent some aspect of the design being captured by prescriptive rules as written for ships?
If so, by being unique are there some risks that do not get captured by the regulatory approach leading to unique unidentified hazards?
In my view complying with the prescriptive Rules, Codes and Regulations of the Classification Society and Flag Administrations alone provides an important element towards demonstrating the overall Safety of a vessel. However, prescriptive regulations supported by formal Hazard Identification and Risk Management techniques introduced at the design stage that can be taken through to the operational phases would reduce risk further and enhance safety.
International Safety Management Code (ISM) & Risk Identification
A further step towards safety i.e. reducing risk was by the introduction of the International Safety Management (ISM) Code in July 1988. The ISM Code became mandatory under SOLAS for passenger ships, tankers high speed craft, etc and from 1st July 2002 applied to all other vessel >500 gt which includes yachts (categorized as other cargo vessels) and now applies to all commercially operated yachts above 500gt.
While the International Safety Management Code provides requirements for the safe operation of ships and pollution prevention, the Code recognizes that ships operate under a wide range of different conditions. It states that the Code is based on “General principles and objectives”. Perhaps an example of the generalities of the code is found in the requirement of section 2.2.1 “To assess all “identified” risks to its ships, personnel, and the environment and establish appropriate safeguards”…..
The ISM Code gives no guidance on how to identify and assess risks, which often leads to a “generic – check list” of risks and unformulated risk assessments for items like fire, flood, collision etc., being produced often missing the opportunity to identify those risks that are ship specific and unique to the vessel.
It appears from the ISM definition it could be interpreted that should an accident occur, provided it was due to an “unidentified” risk then it could be construed as an act of God, exonerating all concerned from any liability. While there are no guarantees that a ship specific hazard identification exercise would capture all risks, it would go some way to demonstrating by means of an auditable trail that every reasonable effort had been taken to identify and mitigate risk.
The process of Hazard Identification should commence during the design- if unacceptable risks are identified, it is easier to make alterations and changes that can reduce or eliminate the risks bringing them to become “As Low as Reasonably Practicable”, often at no additional cost. The Hazard Identification register is kept open and continually populated through to the operation of the vessel with crew involvement to assist the Risk Assessment process.
The ISM Code also has the requirement under the Maintenance of the Ship and Equipment (Section 10.3) …to identify equipment and technical systems the sudden operational failure of which may result in hazardous situations. The safety management system should provide for specific measures aimed at promoting the reliability of such equipment or systems. These measures should include the regular testing of stand by arrangements and equipment or technical systems that are not in continuous use.
Again, there is little guidance provided on how to identify equipment and technical systems the sudden operational failure of which may result in hazardous situations. Particularly when the hazardous situations have not been formally identified, nor is there any specific guidance for demonstrating the reliability of equipment or systems other than regular testing.
While the testing of equipment maybe viewed as a regular maintenance activity, the identification of operational failures which may result in hazardous situations is something again that comes out from the audit trail as part of the Hazard Identification exercise.
Operational failures, like an electrical blackout or loss of propulsion are examples which can quickly lead to a hazardous situation. On looking at what can cause such an event then typically from a hazard identification exercise, systems such as electrical control supplies, fuel oil and cooling water are identified as potential causes. Even for twin screw propulsion plants there are often common systems for which the single point failure of one component or element can lead to the failure of both engines.
Those systems for which its failure can lead to a hazardous situation should therefore be deemed safety critical or essential systems3 and afforded the appropriate consideration during design against failure. To provide for specific measures aimed at promoting the reliability of such equipment or systems as required by the Safety Management System, the application of other Formal Risk Management Techniques may be applicable.
Early in the design piping systems are developed and represented by single line drawings as process flow diagrams or schematics. If formally analysed for failure modes while at this stage, alternative arrangements may be identified to either eliminate or reduce the consequence or likelihood of a system failure.
Additionally, the promotion of reliability can be achieved for equipment by the development of “Performance Standards” to demonstrate the functionality of the equipment, its fitness for purpose and availability to fulfil its duty when it is required.
There are many techniques available for identifying potential system failures that can lead to a hazardous situation, with perhaps Failure Mode and Effect Analysis (FMEA) being the most common. This technique and its applications are identified in a number of IMO Codes, including the High Speed Craft Code.
While 80% of the world’s merchant fleet operates with single propulsion units, these are often powered by high reliability slow speed, direct drive, and reversible 2 stroke crosshead engines. Large yacht propulsion systems are becoming highly complex with Dynamic Positioning, Multi-engine propulsion or diesel electric propulsion systems and engines more likely selected for their power-weight ratio rather than for their reliability.
It is interesting to note the example of SOLAS 2010 amendments for passenger ships to be able to make a Safe Return to Port (SRTP) after a defined flood or fire casualty. This appears to be a positive move introducing more safety into the design of passenger ships – something that could perhaps be considered for large yachts, particularly for those explorer yachts and those Classed under the 2014 Passenger Yacht Code for vessels carrying up to 36 passengers?
I look forward in the hope that I see claims in the future from designers and builders for demonstrably providing the “safest yacht” and for the superyacht magazines to perhaps include this as a feature to drive future competition.
References:
- Classification Societies – What, Why and How? – International Association of Classification Societies (IACS) June 2011
- IMO MSC/CIRC 1023 MEPC/CIRC 392
- Identifying Critical Equipment – Paul Doherty B Eng, MSc, C Eng, MI MarEST