The paper describes the ongoing work, overall approach and process used to develop a deepwater subsea well intervention control system using structured risk and reliability principles and hardware based upon remotely operated vehicle (ROV) control technology. It discusses the selection of IEC61508 and IEC61511 as the governing standards for development of the controls architecture and certification of this deepwater well control system. It also presents the challenges that have to be addressed when using ROV hardware for well control and describes the methods implemented to overcome system deficiencies. The methods used are currently being vigorously applied throughout the control system's development stage to insure the entire control system and not just its components, will be highly reliable, manufactured, tested and certified in accordance with the principles of IEC60508/61511 to a Safety Integrity Level of 2 (SIL 2).
ROV system elements include mechanical, electronic, electrical and hydraulic components. These components have continually matured and improved in operations over more than 30 years. Today ROVs perform subsea tasks which were previously completed by surface operations from a support vessel. ROVs have now been imbedded with, and integrated into, many subsea installations because they have shown to be valuable and reliable tools. However reliable we all may perceive ROVs to be, component and assembly reliability, based on operational use and factory testing, has largely not been fully demonstrated or documented. One reason for the lack of usable reliability data has been due to the ROV operators who generally have not provided the necessary information to the ROV industry. Even if data was available, many ROV components have evolved over the years so operational history is not long enough to predict component life for many components used in those systems.