Smart Building Management System — Concept Definition
System
New concept definition for {{entity:Smart Building Management System}} ({{hex:51FF7B59}}), an integrated building automation platform controlling HVAC, access control, fire safety, lighting, and energy management for a 50,000 sqm commercial office building with 2000+ occupants across 20+ floors. Selected from the seed list to cover the building automation domain — distinct from previously completed civil systems (water treatment, vertical farm) in its multi-discipline integration and occupant-facing safety obligations.
ConOps
Six operating modes defined, each classified in UHT and stored with entry/exit conditions:
Normal Operation ({{hex:51F73A08}}): 24/7 occupied-hours mode with HVAC maintaining 21–23°C / 40–60% RH, daylight-harvesting lighting, demand-responsive energy optimisation. Unoccupied Setback ({{hex:40B63A58}}): after-hours mode widening HVAC to 16–28°C, emergency lighting only, restricted badge access. Fire Emergency ({{hex:51F77A50}}): triggered by two-detector coincidence per BS 5839-1 — HVAC shutdown, smoke extraction, stairwell pressurisation, doors fail-safe open, lifts recalled, fire service notified. Degraded Operation ({{hex:50B47A00}}): non-safety subsystem fault reverts affected controllers to standalone. Startup/Commissioning ({{hex:51F77A18}}): sequential energisation with 30-minute purge cycle. Maintenance ({{hex:40B43B18}}): zone isolation with safety interlocks.
Five scenarios written in operational language: Monday morning warm-up (happy path through Startup → Normal), floor fire during occupied hours (full emergency response chain), BACnet trunk failure (degraded mode with standalone fallback), summer heatwave demand response (OpenADR load-shedding with pre-cooling strategy), and quarterly HVAC maintenance with sensor calibration.
Hazard Register
| ID | Hazard | Severity | Freq | SIL | Safe State |
|---|---|---|---|---|---|
| H-001 | Smoke spread via HVAC ducts — fans fail to shutdown on fire alarm | Catastrophic | Low | 3 | Supply fans de-energised, extraction running, fire dampers closed |
| H-002 | Access doors fail to release during fire evacuation | Catastrophic | Low | 3 | Electromagnetic locks de-energised, doors fail-safe open |
| H-003 | HVAC overcooling/overheating from sensor failure | Major | Medium | 1 | Output clamped 15–28°C, alarm to FM |
| H-004 | Cyber intrusion via BACnet/Modbus compromises building systems | Critical | Low | 2 | OT network isolated, controllers revert to standalone |
| H-005 | {{entity:Legionella}} proliferation from DHW temperature control failure | Catastrophic | Low | 2 | DHW >60°C enforced, pasteurisation forced (HSE ACOP L8) |
| H-006 | Stairwell pressurisation failure during fire evacuation | Catastrophic | Low | 3 | Pressurisation fans at maximum, differential pressure maintained |
Cross-domain analogs: {{entity:Emergency Shutdown mode of Vertical Farm Environment Controller}} ({{hex:55F77A51}}) shares the HVAC-safety interlock pattern. {{entity:Degraded operation mode of Industrial Elevator Control System}} ({{hex:50B67A08}}) shows an analogous fallback-to-local-control strategy.
Stakeholders
| Role | Hex | Relationship |
|---|---|---|
| {{entity:Facility Manager}} | {{hex:010D5AF9}} | Primary operator — dashboard monitoring, alarm response, energy targets |
| {{entity:Building Occupant}} | {{hex:000C4289}} | End user — expects comfort, safety, secure access; includes vulnerable individuals |
| {{entity:HVAC Maintenance Contractor}} | {{hex:00843AF8}} | Quarterly preventive + on-call corrective; F-Gas certified |
| {{entity:Fire Safety Officer}} | {{hex:018D7AF9}} | Responsible person under Fire Safety Order 2005; approves fire mode logic |
| {{entity:Building Owner and Energy Manager}} | {{hex:00001AFD}} | Sets net-zero targets, approves capex, reviews EN 15232 Class A compliance |
| {{entity:Security Operations Centre operator}} | {{hex:41AD7AF9}} | 24/7 access monitoring, visitor validation, after-hours restricted mode |
Operating Environment
Indoor: 21–25°C seasonal, 40–60% RH, 500 lux, CO2 <1000 ppm. External: UK temperate maritime, −5°C to 38°C ambient. Power: dual 11kV feeds with diesel standby for life-safety. Network: BACnet/IP backbone on dedicated OT VLAN, Modbus RTU/TCP for legacy devices, cybersecurity per IEC 62443 (Industrial communication networks — Network and system security). Regulatory: EN 15232 (Building automation impact on energy performance), BS 5839-1 (Fire detection and fire alarm systems for buildings), BS 7671:2018 (IET Wiring Regulations), HSE ACOP L8 (Legionnaires’ disease control), GDPR for occupancy data.
External Interfaces
| External System | Interface | Hex |
|---|---|---|
| {{entity:Utility grid and demand response interface}} | 11kV supply, smart meter, OpenADR 2.0b demand response | {{hex:54B77A59}} |
| {{entity:Local fire and rescue service interface}} | Monitored alarm via BS 5979 ARC, dual-path, one-way | {{hex:40E57A58}} |
| Cloud Analytics Platform | Secured API (TLS 1.3), sensor data upload, ML recommendations | — |
| Corporate IT Network | Firewall-segregated, room booking, visitor management, HR provisioning | — |
flowchart TB
BMS["Smart Building Management System"]
FM["Facility Manager"]
OCC["Building Occupants"]
GRID["Utility Grid / OpenADR"]
FRS["Fire & Rescue Service"]
CLOUD["Cloud Analytics"]
FM -->|Commands, overrides| BMS
BMS -->|Alarms, energy reports| FM
OCC -->|Badge access, comfort requests| BMS
BMS -->|Conditioned environment, lighting| OCC
GRID -->|Power, demand response signals| BMS
BMS -->|Fire alarm, zone location| FRS
BMS -->|Sensor data, trends| CLOUD
CLOUD -->|Optimisation recommendations| BMS
Next
The scaffold session should derive {{stk:STK}} requirements from the five ConOps scenarios, focusing first on the fire emergency scenario (three SIL 3 hazards drive the highest-integrity requirements). Functional analysis should identify system functions and group them into subsystems — expect at least: HVAC Control, Fire Safety and Smoke Management, Access Control, Lighting Control, Energy Management, and Supervisory/Integration. The Legionella hazard (H-005) may warrant a dedicated DHW control subsystem or explicit delegation to the HVAC subsystem with SIL 2 allocation. The cyber intrusion hazard (H-004) needs architectural mitigation through network segmentation, not just a requirement — flag for architecture decisions document.