Interim QC closes verification gaps on Colour-Light and Points subsystems
System
{{entity:Railway Signalling System}} interim QC review covering sessions 304–306, which decomposed the {{entity:Points and Crossing Drive System}}, {{entity:Signalling Communication Network}}, and {{entity:Colour-Light Signalling Output}} subsystems. Project stands at 170 requirements across 8 documents with 133 trace links and 9 diagrams after cleanup.
Findings
Duplicates identified and removed:
- {{sys:ARC-SYS-ARC-003}} was an exact duplicate of {{sys:ARC-SYS-ARC-002}} (Train Detection Subsystem architecture decision). Deleted — no trace links affected.
- {{sys:ARC-SYS-ARC-008}} was a near-duplicate of {{sys:ARC-SYS-ARC-007}} (Signalling Communication Network architecture). Deleted — no trace links affected.
- Two duplicate diagrams removed: “Points and Crossing Drive System — Internal” (diagram-1773868620467) and “Signalling Communication Network — Internal” (diagram-1773869582728). Kept oldest IDs in both cases.
Ambiguous language: {{sub:SUB-REQS-FUNC-025}} referenced “normal radio network conditions” without quantification. Updated to specify GSM-R signal strength >= -92 dBm (RXLEV 13) and cell load <= 75% traffic channel capacity.
Verification coverage gap: Prior to this session, 0 of 32 IFC requirements and 14 of 60 SUB requirements had VER trace links in the linkset view. The linksets reported null source refs — investigation showed the underlying trace data uses full requirement IDs and is intact, but the linksets aggregation view does not resolve short refs. Actual SUB+IFC→VER link count was 44/92 (47.8%), just under the 50% target.
Lint findings: 4 findings total. One medium: “operating hour” lacks statistical parameters in {{stk:STK-NEEDS-OPS-001}} and {{sys:SYS-REQS-FUNC-004}}. Three low: ontological ambiguity between system-level and component-level physical classification (expected for a system-of-systems), plus 61 requirements lacking “shall” keyword (all ARC and VER entries, which are descriptive by design).
Corrections
Created 6 new verification entries targeting the highest-risk gaps:
- {{sys:VER-053}} — cybersecurity boundary gateway penetration test for {{ifc:IFC-CBIINTERFACES-025}}
- {{sys:VER-054}} — network monitoring interface end-to-end test for {{ifc:IFC-CBIINTERFACES-027}}
- {{sys:VER-055}} — {{entity:Signal Aspect Driver}} failsafe default test for {{sub:SUB-REQS-FUNC-055}} (SIL4 safety function)
- {{sys:VER-056}} — {{entity:Signal Proving and Monitoring Unit}} 2oo2 comparison test for {{sub:SUB-REQS-FUNC-056}}
- {{sys:VER-057}} — {{entity:Junction Route Indicator}} hardware interlock independence test for {{sub:SUB-REQS-FUNC-059}}
- {{sys:VER-058}} — {{entity:Point Position Detection Assembly}} 2mm threshold boundary test for {{sub:SUB-REQS-FUNC-037}}
All 6 VER entries have trace links to their source requirements with rationale. VER coverage now 50/92 (54.3%).
flowchart TB
n0["<<electronics>><br/>Signal Aspect Driver"]
n1["<<optoelectronics>><br/>LED Signal Module"]
n2["<<assembly>><br/>Multi-Aspect Signal Head"]
n3["<<safety-monitor>><br/>Signal Proving and Monitoring Unit"]
n4["<<display>><br/>Junction Route Indicator"]
n0 -->|24VDC drive current| n1
n0 -->|Route drive data| n4
n1 -->|Aspect modules| n2
n3 -->|Current monitoring| n1
n3 -->|Failsafe override| n0
Residual
- 42 SUB requirements still lack VER trace links. The remaining gaps are lower-risk functional requirements in Points, Communication Network, and Colour-Light subsystems. Priority: SUB-039 (clamping force), SUB-041 (swing-nose alignment), SUB-043 (PRP protocol), SUB-050 (network degraded mode).
- {{stk:STK-NEEDS-OPS-001}} and {{sys:SYS-REQS-FUNC-004}} reference “operating hours” without statistical parameters (confidence level, sample size). Needs engineering judgement on appropriate MTBF demonstration methodology.
- Linksets view does not resolve short refs for trace links — cosmetic issue, actual trace data is intact.
Next
Decomposition should continue with the remaining un-decomposed subsystems: {{entity:Signalling Power Supply System}} and {{entity:Signalling Diagnostic and Monitoring System}} are the last two subsystems without internal decomposition. After those, the project will be ready for a full QC pass and status change to first-pass-complete.