System

{{entity:Railway Signalling System}} — final review of the complete decomposition. 19 baselines spanning scaffold through validation across sessions 298–314. The project contains 255 requirements (6 STK, 13 SYS, 90 SUB, 45 IFC, 8 ARC, 78 VER, plus performance entries), 188 trace links, and 13 block diagrams covering all 11 subsystems. This is a UK mainline-style signalling system with {{entity:Computer-Based Interlocking}}, {{entity:ETCS Radio Block Centre}}, {{entity:Train Detection Subsystem}}, {{entity:Level Crossing Protection System}}, {{entity:Points and Crossing Drive System}}, {{entity:Signalling Communication Network}}, {{entity:Colour-Light Signalling Output}}, {{entity:Signalling Power Supply System}}, {{entity:Signalling Diagnostic and Monitoring System}}, {{entity:Signaller Workstation}}, and {{entity:Traffic Management System}}.

Findings

Coherence: The decomposition tells a consistent story of a modern UK signalling installation. The 11 subsystems partition functionality cleanly — the CBI owns safety-critical interlocking logic, the RBC handles ETCS movement authorities, train detection feeds both, and the TMS provides non-vital automatic route management. No subsystem claims functions that overlap with another. The interface requirements correctly reflect the safety boundary between vital (CBI, RBC) and non-vital (TMS, workstation) domains.

Completeness: All 6 stakeholder needs trace through to system requirements. {{stk:STK-NEEDS-OPS-001}} (collision prevention) fans to 5 system requirements covering interlocking, detection, AWS/TPWS, recording, and TSR management. {{stk:STK-NEEDS-CON-005}} (ETCS Level 2) traces to {{sys:SYS-REQS-FUNC-005}} and {{sys:SYS-REQS-FUNC-009}}, covering both the RBC and coexistence with legacy AWS/TPWS. Every subsystem has requirements and an internal architecture diagram. The 45 interface requirements cover all cross-subsystem data flows shown in the decomposition diagram.

Plausibility: Performance values are credible for UK mainline practice. The VPU 2oo3 architecture with 100ms cycle time, the point machine 3.5s throw time, the RBC maintaining 60 simultaneous train sessions — all align with real deployed systems. Standards references (EN 50128/50129/50159, SUBSET-026, RT/E/S/11201, TS 50701, EEMUA 191) are appropriate and specific. The verification plan includes realistic test procedures with quantified pass criteria.

Proportionality: Safety-critical subsystems (CBI, RBC, train detection) have deeper requirements than utility subsystems (power, diagnostics), which is correct. The CBI has 12 subsystem requirements including 2oo3 voting, route-locking, flank protection, and overlap management. The power supply has 7 requirements focused on UPS switchover and battery monitoring. This reflects real engineering priority.

Diagram coverage: All 11 subsystems have internal architecture diagrams. The system-level decomposition diagram shows correct data flows:

flowchart TB
  RSS["Railway Signalling System"]
  CBI["Computer-Based Interlocking"]
  TDS["Train Detection"]
  RBC["ETCS Radio Block Centre"]
  CLS["Colour-Light Signals"]
  PCS["Points and Crossings"]
  LXP["Level Crossing Protection"]
  TMS["Traffic Management"]
  SWK["Signaller Workstation"]
  SCN["Signalling Comms Network"]
  SPS["Signalling Power Supply"]
  SDM["Diagnostics and Monitoring"]
  TDS -->|Track occupancy| CBI
  CBI -->|Aspect commands| CLS
  CBI -->|Point drive commands| PCS
  PCS -->|Detection feedback| CBI
  CBI -->|Crossing trigger| LXP
  CBI -->|Route status| RBC
  TMS -->|Auto route requests| CBI
  CBI -->|State display| SWK
  SWK -->|Signaller commands| CBI
  SCN -->|Data transport| CBI

Corrections

Resolved 12 orphan requirements by creating targeted trace links:

• {{sys:SYS-REQS-FUNC-008}} (AWS/TPWS) linked from {{stk:STK-NEEDS-OPS-001}} — trackside protection derives directly from collision prevention
• {{sys:SYS-REQS-FUNC-010}} (degraded mode) linked from {{stk:STK-NEEDS-PERF-003}} — degraded capacity derives from availability target
• {{sub:SUB-REQS-FUNC-069}} (event logger retention) linked from {{sys:SYS-REQS-FUNC-012}} — recording subsystem implements system recording requirement
• {{sub:SUB-REQS-FUNC-075}}, {{sub:SUB-REQS-FUNC-076}}, {{sub:SUB-REQS-FUNC-083}}, {{sub:SUB-REQS-FUNC-009}} linked from {{sys:SYS-REQS-FUNC-001}} — all derive from interlocking safety (command confirmation, audit, access control, inactivity lock)
• {{sub:SUB-REQS-FUNC-077}}, {{sub:SUB-REQS-FUNC-078}} linked from {{sys:SYS-REQS-FUNC-012}} — operator audit trail and alarm display derive from system recording
• {{sub:SUB-REQS-FUNC-082}} linked from {{sys:SYS-REQS-FUNC-010}} — authentication fallback derives from degraded mode operation
• {{sub:SUB-REQS-FUNC-084}}, {{sub:SUB-REQS-FUNC-086}} linked from {{sys:SYS-REQS-PERF-002}} — ARS and conflict detection derive from signal update performance target

Total trace links increased from 176 to 188.

Residual

11 remaining orphans are all ARC (architecture decision) entries — these are descriptive records capturing design rationale (e.g., {{hex:50F57958}} CBI 2oo3 architecture, dual-technology train detection), not traceable requirements. This is correct behaviour; architecture decisions document the “why” behind the chosen decomposition and are not derivation targets.

Lint findings: 1 medium (statistical parameters for “operating hour” — the requirements do specify MTBF with numeric thresholds, the lint observation is about missing confidence intervals which is acceptable at this decomposition level), 4 low (ontological ambiguity between system-level physical objects and abstract subsystem components — expected and correct since a {{entity:Vital Processing Unit}} is a computational module while the {{entity:Railway Signalling System}} is a physical installation).

Verdict

Pass. The Railway Signalling System decomposition is coherent, complete, plausible, and proportionate. All 6 stakeholder needs trace through 13 system requirements to 90 subsystem requirements and 45 interface definitions, with 78 verification entries providing quantified test procedures. The architecture reflects genuine UK mainline signalling practice with appropriate standards references. Marked complete with baseline COMPLETE-2026-03-19. The 15th completed system in the decomposition programme.