3rd International ASRANet Colloquium

10 – 12th July 2006, Glasgow, UK.

RISK-BASED SHIP DESIGN: CONCEPT, METHDOLOGY AND
FRAMEWORK
D. Vassalos, Universities of Glasgow and Strathclyde, UK
L. Guarin, Safety at Sea Ltd., UK
D. Konovessis, Universities of Glasgow and Strathclyde, UK

ABSTRACT
This contribution aims to elucidate Risk-Based Design (RBD), a design methodology that incorporates
explicitly safety objectives in the design process. Drawing from over ten years of effort with many
organisations undertaking a large number of research and development projects, the contribution
introduces the subject, explains the motivation for RBD, details the underlying principles and constituent
pasts of the methodology and outlines the development of a framework to facilitate implementation.
Emphasis is placed on demonstrating the considerable potential offered to the maritime industry by
embracing innovation through the adoption of risk-based methodologies and through the routine
utilisation of all forms of scientific and technological breakthroughs in dealing with ship safety as a life-
cycle ship design issue.

1. INTRODUCTION stronger resurgence of safety as a key issue that
cannot be considered in isolation any longer nor
Traditionally ship safety has been dealt with by fixed by add-ons is prevailing, bringing home the
adherence to rules and regulations, thus treated as long overdue realisation that lack of safety or
a constraint in the design process. With ineffective approaches to dealing with it can drive
technology and users requirements developing shippers out of business. This progressively
faster than knowledge can be assimilated and best acquired appreciation that the marine industry is a
practice produced, this approach to safety “risk industry” is catching up with the maritime
assurance is expected to be largely ineffective. profession, necessitating changes in people’s
More specifically, the lack of a systematic and all- attitude and the adoption of holistic risk-based
embracing approach to ship safety, offering a approaches to maritime safety, approaches capable
framework that allows for a strategic overview of of striking a balance between all the many facets
safety and the derivation of effective solutions, affecting safety cost-effectively and throughout
means that the wealth of information amassed over the life cycle of the vessel. Added to the above,
many years of research and development on stand- recent civil catastrophes of cosmic proportion (the
alone safety-critical areas remains under utilised, September 11 2001 events in the USA) have
whilst ship safety continues to be unnecessarily brought all safety-driving forces (socio-political,
undermined. techno-economic and ethical) in alignment,
pushing safety issues to the fore-front of societal
However, recent well publicised marine disasters problems. As a result, a clear tendency to move
(Herald of Free Enterprise 1987, Exxon Valdez from prescriptive to performance-based
1989, Scandinavian Star 1990, Estonia 1994, approaches to safety is emerging internationally
Erika 1999, Express Samina 2000, Prestige 2002), and this, in turn, is paving the way to drastic
linked to intolerable consequences with respect to evolutionary changes in design, where safety is
human life, property and the environment, dealt with as a central issue with serious economic
triggered a chain of events that raised safety implications rather than a simplistic compliance.
awareness among the whole maritime community
and the wider public. Concerted efforts Concerted efforts to respond to these
internationally forced the subject of safety to the developments in the marine industry led to the
forefront of developments, overcoming the inertia establishment of the first significant EU Thematic
of the marine industry and giving way to scientific Network (TN) SAFER EURORO (SAFER
approaches to assessing safety at the expense of EURORO 1997 and 2001, Vassalos et al. 2005)
the traditionally governing empiricism. A new aimed to promote a new design philosophy under

implementation ranging from concept conflicting engineering discipline without any development to approval. always strived to produce safe designs. safety cost-effectively within the design process in a way that safety “drives” ship design and A historical exploration into the development of operation. This damage.an initial methodology for designing safe ships must be partnership of 33 that grew to more than 90 adopted aiming to promote safety to the heart of the organisations from across the whole spectrum of design process rather than being seen to be in the marine industry in Europe. MOTIVATION FOR RISK-BASED other design factors. SHIP DESIGN • Vested interests always delayed and often defeated the imposition of new regulations or It is interesting to note that the first principle in forced a compromise that was unwise or “Design for Production” as recommended by unworkable. The strategic conflict with ship production and operation and be objective of SAFER EURORO was to integrate treated in isolation from other ship design factors. dissemination activities. however remote the possibility Many may argue that competent designers have of a tragedy involving large loss of life. These include: design objective rather than a constraint. presently advocated in suggesting “Design for • There are underlying trends of decreasing loss Safety” as the way forward to improving ship in ships and fatalities but those have to be safety. but history Today. unacceptable. to the development of the probabilistic damage • Clear goals and objectives are missing stability and fire safety regulations. is a newly-funded EU FP6 Integrated Project • The pace of rule development until recently aimed at integrating safety research in Europe and has been slow. to strengthen competitiveness. respectively) (prescriptive regulations). The internationalisation of the TN output through • Enhancement of safety is sought through contribution to IMO activities and through other legislation. the preceded by casualties including considerable inspiration and the foundation for SAFEDOR loss of life or property or environmental (SAFEDOR 2005. 2005). subdivision). To this end. As a result. a formalised must not be taken lightly. 1995) is to “use common constantly shown a large time interval between sense” and by analogy nothing stirringly new is accidents and prevention of their repetition.g. human life is much more precious than demonstrably shows that intention is not a ever before. consideration of cost-effectiveness analyses or attempt in understanding how it interacts with 2. even though good designs should always take into account safety matters. An emerging trend concerns also substitute for methodological treatment when it the importance attached by humans to the concerns a complex and multi-disciplinary subject protection of the marine environment. beyond and to drive risk-based design to full • Safety has been treated as a separate. which such as ship safety. and the increasing realisation by all concerned that • Safety rules and regulations have been driven scientific approaches to dealing with ship safety by disaster and public outrage (reactive offer unique opportunities to the maritime industry approach).. However. contribution to the regulatory process (for example. . this has considered in conjunction with the decreasing invariably been governed by minimum compliance human tolerance to risk which becomes with the rules and hence not addressed optimally. have helped create • Raising of safety standards has always been a momentum that is now providing the “fuel”. the significant • Regulations address mainly the ship itself. maritime law has Storch (Storch et al. Christensen et al. This in turn entailed the development of Safety of Life at Sea (SOLAS) and an examination a formal state-of-the-art design methodology to of the safety-related drivers reveals trends which support and nurture a safety culture paradigm in ought to be considered with care in facing a future the ship design process by treating safety as a full of new challenges. more specifically areas perceived to be safety HARDER and SAFETY FIRST were instrumental critical (e.the theme “Design for Safety” .

This must be achieved with the to be workable. • Over-capacity of transportation. standard ships and multi-national crews presents safety problems. adopting a risk-based all of which are part of Quantitative Risk design approach that embraces innovation and Analysis (QRA). To achieve this. in many cases services and painfully low margins. For this design objective. safety case for specific design/operational solutions. promotes routine utilisation of first-principles tools will lead to cost-effective ways of dealing Within the context above. rational and fuelled by innovation and safety critical as with cost-effective treatment of safety. the application of technology over the recent past presents the risk-based design will be biased towards shipping industry with opportunities to meet design concepts with high levels of innovation. over-supply of sinkings. to well-publicised collisions. This is particularly so for can be stated that the essential advance that risk- knowledge-intensive and safety-critical ships. safety matters. the influence of good practice. in a systematic and all-embracing approach safety “drivers” is necessary (major accident to ship safety integrating all factors concerning categories). reliance on experience and codes of best Hazards in ship operations have led in the past practice is “running thin”. and damage of the best companies and the core of the to the environment. sub. There is no doubt that seagoing skill-base out of shipping.• Developments in shipping happen faster than • The notion of “Risk” is usually associated with experience is gained. • Phenomenal progress in science and • From a practical viewpoint. risk assessment and risk management exist in various contexts (for 3. groundings. founderings. the target is to increase safely. considering the complexity of support of advanced safety performance prediction what constitutes safety. a clear focus on key tools. currency of safety. The right-hand-side of Figure 6 important to first make the following illustrates the elements of a typical “safety considerations: assessment process”. The shipping operations are risky and ships should resulting combination of an ageing fleet. the following have to be considered: This paper specifically targets these issues. emerging challenges cost-effectively and In risk-based design. it competitive advantage. etc. by detailing current advances on the establishment of a) A consistent measure of safety must be a risk-based design framework with the view to employed and a formalised procedure for its maximizing safety through treating safety as a quantification adopted (risk analysis). • In order to address safety explicitly. thus the traditional events. Considering the above. risk quantification.. we need • Global media coverage brings the accident at to measure it (“what gets measured gets the door of the public and is capable of stirring done”): in this respect. Hence explicit • Shift of safety focus from hardware to software consideration of safety is equivalent to follows wide awareness and growing evaluating risk during the design (risk-based appreciation of the role of human factors on design). the outcome of which we don’t like. Numerous formal procedures for safety at sea for the entire vessel life-cycle. and taking into account with safety and to building and sustaining the notions presented in the previous section. be also designed with this in mind. is the explicit. such ship design safety is indeed a design “driver”. engineering judgment. based design represents in relation to ship design knowledge intensive as such ship concepts are as is practiced today. drive some resulting in significant loss of life. state-of-the-art tools and knowledge. RISK-BASED SHIP DESIGN instance FSA for making rules. . among In addressing risk-based ship design. it is others). risk is considered the strong emotions.

should not the design process with prevention/reduction of change. etc) Systems. design process to allow for trade-offs between A common ship design model managed within safety and other design factors by utilising an integrated design environment (software) overlaps between performance. safety concerns and the effect of safety-related design changes on functionality and other It is noted that Figure 1 depicts a possible high- performance. level framework of risk-based design. functionality and safety at the conducted efficiently. a different handling is required. etc). property and the environment) embedded as a design objective. multi-criteria optimisation problem. The namely. Risk Assessment costs making Implementation of risk control measures (v) (focus on mitigating consequences of Evaluation of ship technical company/society accidents) performances performance values. defined as follows: Consequently. might be necessary to address all pertinent capacity. systems and relevant key safety parameters performances safety performance Identification of critical/design scenarios (iv) (flooding. risk-based design can be procedure are illustrated in Figure 6.b) Such procedure must be integrated into the objective. risk (to life. additional information on safety performance and risk will be available for Risk-based design is a formalised methodology design decision making and design that integrates systematically risk assessment in optimisation. The design optimisation process becomes thus a typical case of a multi- SHIP DESIGN SAFETY ASSESSMENT PROCEDURE (i) Performance Design safety goals Expectations Functional requirements / preferences (ii) Identification of hazards Requirements and Constraints Identification of possible design solutions (focus on preventing accidents) (iii) Ship functions and Identification of critical functions. parameter level and access to fast and accurate first-principles tools. the use of parametric models to allow elements of such a framework and its implications for trade-offs through overlaps at the for ship design are described next. preferences Integrated Design Environment [Software Platform] Figure 1: A High-Level Framework for Risk-Based Design Implementation . fire. life-cycle cost will also be required for that process to be considerations. fitness for purpose Risk Analysis components. which in principle. The interfaces between the ship design process and the safety assessment With the above in mind. feasibility How probable? How serious? risk hardware (Level of detail depends on design stage) Design (design solution) aesthetics Decision. parameter level. system failure. alongside c) Considering the level of computations that “conventional” design objectives (such as speed.

capacity. uncertainty or stakeholder concern 3. on the other hand.. the identification of such the ship’s mission and ship’s purpose.3. service speed. etc. for major design trade-offs. In line with risk-based Safety goals – as other design goals. Various • no accidents leading to total ship loss techniques and formats for reporting are available (collisions. fires. following drivers (HSE 2001): • vessel to remain upright and afloat in case of water ingress and flooding. HAZID. high-value vessels. • sufficient residual structural strength in there is lesser knowledge about the ship. no extreme load as the level of design knowledge. low wash). low noise. Other design fatality. Identification. those stated above. Explicit requirements must be based on a systematic and safety goals are already part and parcel of the rational assessment of what can impede the design input. etc).1 SAFETY ASSESSMENT PROCEDURE • minimal impact to the environment in case of a ship accident. hence damage conditions. the purpose and the level • no loss of human life due to ship related of the design knowledge available (Hazard accidents. Hence the focus on major • fit for purpose (turnaround time. Hazard Operability Studies.3 IDENTIFICATION OF HAZARDS will also push towards more thorough risk assessment.2 DEFINITION OF SAFETY GOALS with such requirements would ensure achievement of the safety goals. . the risk assessment approach must be limited • high passenger comfort (low incidence of sea to coarser methods. SWIFT. The selection of the right feasible operational loading and environmental approach has to be viewed in the context of the conditions. sickness. Examples of design goals driven by achievement of the safety goals. the less desirable it is to use only goals can be summarised in the expression. and stages (as more design details are available) • etc. The risk assessment can . etc. This can be accomplished using follows: hazard identification techniques.be refined during advanced design levels). are related to approaches. more specific functional requirements must be defined so that compliance 3. • Design stage: will determine the level of • ship structure to withstand all foreseeable flexibility to possible design changes as well loads during its lifetime (e. services.g. HAZOP. the safety assessment procedure referred to above is a systematic and formalised Specific Technical Goals risk assessment process. low vibrations levels. conventional rules-based approaches for decision making. thus the “what- safety considerations (mainly associated with can-go-wrong” question must be explored company values and policies) can be listed as systematically. FMECA. Similar safety goals may be implicit in statutory or • Major hazard potential: the greater the class requirements for risk acceptability – if such potential exposure to total loss or multiple are available for approval purposes. Failure Modes Effects and • low impact to the environment (low air Criticality Analysis. Structured What’s emissions. groundings.)! • Risk decision context: with higher elements of novelty. In principle. and up to construction and commissioning process. low noise of course . which can be carried out • vessel to remain upright and afloat in all in a variety of ways. Hazard identification is usually a qualitative exercise Top-Level Goals based primarily on expert judgment. depending on the case. and If Technique. hence the bias of risk-based design In order to achieve generic safety goals such as towards high innovation. ship accident categories. stranding. At concept structural failure or fatigue failure of key design stages (pre-contract) there is flexibility structural members).

these must be adapted and customised to unloading/loading. is To this end. manageable. When generic design scenarios are • arrival: manoeuvring into port. significant REQUIREMENTS hazards that could lead to catastrophic loss of the vessel. Once a list of prioritised hazards is available and/or significant damage to the environment must (based on qualitative ranking of risk) along with be identified and their design implications relevant design scenarios. categories need to be included in the subsequent must be based on engineering judgment and steps of the safety assessment procedure. (1) Fire / explosions on car deck. fact that ship safety. loading/unloading. 20 lorries. 3. from hazard identification. etc. of necessity. define profile. the may be illustrated as indicated in Table 1. design process can proceed as normally. it is always useful to have a clear governed only by a handful of factors which. berthing. thus can be derived • passage: services on board. an example of that may lead to all or some of the accident which is shown in Table 2. With a consolidated outcome of such exercise at initial design stages list of safety-related functional requirements. etc. specific functional understood so that appropriate design measures requirements and evaluation parameters need to be can be taken to prevent the ensuing accidents and formulated. Operational mode Hazard Accident category Loading of vehicles Vehicles carrying dangerous goods. other vessels activity (4) drifting grounding. ship at sea.. etc.4 CRITICAL DESIGN SCENARIOS design requirements.5 DEFINITION OF FUNCTIONAL Within the above operational profile. loss of steering. etc. hence practicable. wind. as a top-down process. significant loss of human life/injuries. other functions. the latter may include (but not be limited a limited set of design scenarios with calculable to) the following: probabilities of occurrence and consequences that could collectively quantify the life-cycle risk of a • departure: bunkering. These relate to accident categories manoeuvring out of port. navigation in among these hazard scenarios are illustrated in open waters. 50 trailers. performance of the vessel in question.. and the specific design features and expected • others: dry-docking. available. contact damage to car deck structural Drivers (human) errors members … … … Embarkation of passengers Relative motion between span-link and ship (2) Span-link failure when pax embarkation/disembarkation … … … Transit and navigation in coastal Proximity to grounding hazards. (3) Collision areas currents. The available safety knowledge. Capacity: 1000 pax.. (5) power grounding … … … . maintenance and repairs. when definition of the ship’s mission and its operational considered individually or in combination. Typical linkages navigation in restricted waters. with major hazard potential. Figure 2. These. derives from the Table 1: Example of Results from Hazard Identification Ship type: RoPax. be used by a designer to put together the first base line design and to identify What makes risk-based design feasible and design disciplines for evaluation. These can be seen as an additional set to mitigate the severity of their consequences. Electrical faults within vehicles. hazards safety performance requirements. loss of power. In (in relation to the normal set of performances) of principle and depending on the ship type. 200 cars. alongside other conventional 3. etc. Such requirements will.

time to capsize. ramp arrangements. crew communication arrangements. DESIGN DECISION-MAKING running costs. and economic design changes are made. Others … Prevention: ƒ Car deck layout designed for easy of loading/unloading (visibility. instantaneous heeling. propulsion and steering redundancy after damage. Performances and Performance Evaluation Parameters Required safety Ship safety performance Safety performance evaluation parameters / functional requirements (to be “Function” identified following risk analysis) Collision and Vessel to remain upright and Prevention: Grounding afloat in all feasible water ƒ Effectiveness of navigational equipment. efficiency. in the same The use of risk-knowledge models would allow way as there are explicit ship performance such information to be easily re-calculated if evaluation criteria (design criteria). space. effectiveness of fire fighting arrangements. Power.) … … … 4. damage control arrangements. lighting. controls. flooding extent. ventilation. In relation to design decision making. capacity. fire protection. etc.) criteria and risk acceptance criteria. etc) Mitigation: ƒ Loss of structural integrity of the hull. etc. The latter and economic implications (relative initial and could be related to safety performance criteria. time to flood. Safety ingress scenarios visibility. so . additional information on safety performance and risk levels to the design decision making process.) then if would be possible to make major design decisions Use of risk analysis or alternatively of risk. etc. bridge layout design (alarms. damage extend. etc Mitigation: ƒ Alarm and detection effectiveness. and trade-offs optimally and cost-effectively in a knowledge models in ship design would provide practical time-scale. Fire safety Safety objectives implicit in Prevention: SOLAS II-2 ƒ Limit the amount of ignition sources and combustible materials on the car decks. etc. etc. If similar parametric “targets” (within owners requirements) there is a models existed for other elements of ship need to define safety performance evaluation performance (weight. earning potential. time to reach untenable conditions. Figure 2: Typical Structural Links of Design Scenarios Table 1: Example of Possible Ship Functions.

other determine the making as the best design solution (from all operating cost and potential earnings. however. design to be used effectively. conventions. For the former. Knowledge models would be available in all materials. it is the shipyards’ clients 5. etc. The key aspect of the proposed approach is establishment to sustain both. In the past. to a large extent. Notwithstanding the above. requires more than (technical performance. It is obvious that (watertight subdivision. CONCLUSIONS (the shipowners) who possess the detailed Responding to well-publicised marine disasters. interventions. and risk) would be weighted systematic use of the scientific method in all its alongside other factors that are outside the design forms together with a change in people’s attitude studies themselves (preferences. fit for opportunities to make a difference in improving purpose. Established optimisation construction costs. fierce competition and course with the designers themselves and other painfully low margins. it is also unlikely that they tools and techniques can help the designer to would be able to do the same with the operational explore a much wider design solution envelope economic profile of the vessel. Costs-. For the latter. While ship relevant perspectives) may lie outside the designers are.and Risk- layout. about the design parameters and variables lies of new rules.). concerted efforts on an international scale.that safety performance could be used in the would provide the designer with means to rapidly design iterations. shipyard. the implied availability of a optimised from the point of view of ship global parametric description of the baseline performance. But it points in the right involved stakeholders (shipowner. empirical models (indeed such relationships do exist within shipyards) to estimate construction costs. Performance-. main vertical zones. major ship systems. potential earnings design solution would facilitate the use of explicit while also ensuring that the safety performance performance and safety-performance (first- level (as quantified) is appropriate and principles) evaluation tools and would allow commensurate with acceptable and quantified risk formal (numerical) optimisation techniques in ship levels (provided that such do exist). Indeed. structural design. however.) can be cases. biased attitudes. As a result. the possibility of optimising ship performance without regulatory constrains is what would make a It is obvious that some design decisions determine significant difference in ship design decision the construction costs. and Risk-knowledge models (“PERC”) . bridge layout. safety performance. direction! Maintaining or improving ship safety at The quantified ship performance measures the rightful level. and last but not least. the ultimate decision tradition. company policies. old rules. Today. etc. internal not all necessary Performance. within the time scale available during early design shipyards possess detailed knowledge and concept development and beyond. Earnings-. of safety that is more likely (than by following rules) to meet modern safety expectations. with a known level ship safety. costs. cost implications. The main conclusions that can be drawn from the work presented in this paper are the following: At early design stages. alongside or even instead of and reasonably accurately obtain quantitative explicit risk acceptance criteria. The progress is slow amidst burdens of inertia. the that any ship design decision will be well-informed ability and understanding to respond to these and will lead to design concepts that are needs were lacking. toward safety as well as willingness from the etc). It requires the earning potential. able to manage the regulatory envelope. disaster-triggered reactions. scientific and technically sound (at least to a level commensurate technological breakthroughs offer unique with the current available state-of-the-art). key information for rational and transparent design design aspects of the initial baseline designs decision making (see Figure 3). knowledge and working models of their the marine industry strives to shape safety through operational costs and earnings profile.

A common ship design for use in ship design has also been described model managed within an integrated design in this paper. Cost/Earnings and Risk Parameter Models • A consistent measure of safety must be will be available for design decision making employed and a formalised procedure for its and design optimisation. Consequently. environment (software platform) will also be required for this process to be conducted • Such procedure must be integrated into the efficiently. Key Design Variables and Parameters Set I Set II Global parametric model Baseline Concept of the baseline design (Set I ∪ Set II) ∪ Set III Set III {common model} Performance Cost/Earning Risk- models models Knowledge models Technical Costs & Earnings Safety Risk performance potential performance aesthetics etc… Design Decision- making preferences feasibility company/society fitness for purpose values. quantification adopted (risk analysis). the use of parametric various contexts. For this to be workable. among others. A number of formalised design changes on functionality and other procedures for risk quantification. The Case addressing for specific design optimisation process becomes thus a design/operational concepts. preferences Figure 3: Decision-Making in Risk-Based Design Sets I. II and III – Performance. for instance Formal Safety models to facilitate trade-offs and access to Assessment (FSA) for rule-making. a clear focus on key might be necessary to address all pertinent safety “drivers” is necessary (major accident safety concerns and the effect of safety-related categories). design process to allow trade-offs between safety and other design factors by utilising The concepts presented in this paper reflect the overlaps between performance. Safety fast and accurate first-principles tools. It is anticipated that during parameter level. life-cycle cost current level of understanding and experience with considerations. a risk assessment framework optimisation problem. considering the complexity of • Considering the level of computations that what constitutes safety. namely. risk performance factors. a different handling is assessment and risk management exist in required. typical case of multi-objective. additional the developments to be undertaken as part of information on safety performance and risk SAFEDOR activities (SAFEDOR 2005) in the . functionality and safety at the risk-based ship design. multi-criteria Adding to these.

The opinions expressed are those of the authors and should not be construed to represent the views of the SAFEDOR partnership.” EC FP6 IP 516278. HAMMON. Operation and Regulation for Ships. 2001/063. L. D. C. HENSEL. (2005) “Fundamental Concepts of Risk- Based Ship Design.. and BUNCH. ACKNOWLEDGEMENTS The work reported in this paper has been carried out under the SAFEDOR project. M. www.safedor. H. D.. DE LUCAS. VASSALOS.. UK. STRANG. SKJONG. P. C. REFERENCES CHRISTENSEN. L. D..” Proceedings of the International Maritime Association of the Mediterranean (IMAM) 2005 Congress.” Proceedings of the International Maritime Association of the Mediterranean (IMAM) 2005 Congress. HSE (2001) “Marine Risk Assessment”. Operation and Regulation. refined and evolved.. Lisbon. T. Second Edition.. R. Offshore Technology Report No.. MOORE. P. 1995. W.. 26 – 30 September. and GUARIN. IP-516278. SAMES.safereuroro. 2001) “Design for Safety – An Integrated Approach to Safe European Ro-Ro Ferry Design. P. prepared by Det Norske Veritas for the Health and Safety Executive. STORCH. with partial funding from the European Commission. SAFEDOR (2005) “Risk-Based Design. www. Cornell Maritime Press.” ERB- BRRT-CT97-5015 and G3RT-CT-2001- 05050. SAFER EURORO (1997. R. R. Ship Production.org. nurtured. . H. Portugal. A. KONOVESSIS. and VASSALOS. Portugal. (2005) “SAFEDOR. C. Lisbon. the ideas presented here will be further elucidated.near future. 26 – 30 September.org.Risk-Based Ship Design.