System

{{entity:Emergency Diesel Generator for a UK Nuclear Licensed Site}} {{hex:DFF73A59}} — scaffold session transforming concept-phase data into requirements and architecture. The concept session established 6 ConOps scenarios, 8 stakeholders, 10 hazards (H-001 through H-010, SIL 1–4), 7 operating modes, and 7 external interfaces. This session derives stakeholder and system requirements, performs functional analysis, and produces the physical decomposition into subsystems.

Stakeholder Requirements

18 STK requirements derived from ConOps scenarios, covering all 8 stakeholders plus the operating environment:

• {{entity:Nuclear Plant Control Room Operator}} {{hex:00AD6AF9}} (3 reqs): real-time parameter display, manual start/stop/transfer, alarm annunciation within 2 seconds
• {{entity:Nuclear Plant Shift Supervisor}} {{hex:01857AF9}} (2 reqs): LCO entry/exit information, SBO emergency procedure support
• {{entity:EDG Mechanical Maintenance Technician}} {{hex:018C28F8}} (2 reqs): fault diagnosis access, LOTO provisions on all energy sources
• {{entity:EDG Instrumentation and Control Technician}} {{hex:00A530F8}} (2 reqs): calibration without compromising availability, diagnostic access
• {{entity:Office for Nuclear Regulation}} {{hex:008578FD}} (2 reqs): ONR SAP compliance, deterministic safety case per site licence
• {{entity:Nuclear Site Licence Company}} {{hex:008538FD}} (2 reqs): 0.975/0.999 reliability targets, qualification evidence through life
• {{entity:Diesel Generator Original Equipment Manufacturer}} {{hex:40805098}} (1 req): OEM maintenance regime compatibility
• {{entity:Local Community near Nuclear Site}} {{hex:000412BD}} (1 req): prevention of radioactive release through redundancy and diversity
• Environment (3 reqs): seismic 0.2g PGA per {{trait:Structural}} qualification, -10°C to +40°C climate, EMC per IEC 61000-4

System Requirements

15 SYS requirements with quantified acceptance criteria, SIL-tagged from the hazard register:

• {{sys:REQ-SEEDGUKNUCLEAR-019}}: start to rated voltage/frequency within 10 seconds (SIL 3, H-001)
• {{sys:REQ-SEEDGUKNUCLEAR-025}}: dual independent trains, single failure criterion (SIL 4, H-007)
• {{sys:REQ-SEEDGUKNUCLEAR-033}}: diverse alternate AC source connectable within 4 hours of SBO (SIL 4, H-007)
• {{sys:REQ-SEEDGUKNUCLEAR-030}}: hardwired safety trips isolated from digital control, per IEC 62645 (Nuclear power plants — Instrumentation, control and electrical power systems — Cybersecurity requirements) (SIL 3, H-010)
• {{sys:REQ-SEEDGUKNUCLEAR-028}}: independent protection trips for overspeed, overtemp, low oil, overcurrent within 2 seconds (SIL 2)

8 trace links created between STK and SYS, focused on the safety-critical derivation chains: reliability targets → quantified probability requirements, ONR SAP → single failure criterion, seismic environment → Seismic Category I qualification.

Functional Analysis

10 system functions identified from SYS requirements, each classified as a UHT entity:

flowchart LR
  LOOP["Detect LOOP"]
  START["Start Engine"]
  GEN["Generate Power"]
  SEQ["Sequence Loads"]
  COOL["Cool Engine"]
  FUEL["Supply Fuel"]
  PROT["Protect Engine"]
  MON["Monitor & Control"]
  AIR["Provide Start Air"]
  XFER["Transfer Power"]
  LOOP -->|LOOP signal| START
  AIR -->|30 bar air| START
  START -->|shaft rotation| GEN
  GEN -->|6.6kV 50Hz| SEQ
  GEN -->|6.6kV 50Hz| XFER
  FUEL -->|diesel fuel| START
  COOL -->|temp control| START
  MON -->|commands| START
  PROT -->|trip signals| START

Functions grouped to subsystems by shared failure modes, technology base, and maintenance boundaries — not by alphabetical convenience.

Decomposition

9 subsystems identified from function grouping:

flowchart TB
  EDG["Emergency Diesel Generator - DFF73A59"]
  DE["Diesel Engine Assembly"]
  SG["Synchronous Generator"]
  FO["Fuel Oil System"]
  CS["Engine Cooling System"]
  LO["Lubrication Oil System"]
  SA["Starting Air System"]
  IC["I&C System"]
  SW["Switchgear & Sequencer"]
  BL["EDG Building"]
  EDG --> DE
  EDG --> SG
  EDG --> FO
  EDG --> CS
  EDG --> LO
  EDG --> SA
  EDG --> IC
  EDG --> SW
  EDG --> BL

SIL allocation from hazard register: {{entity:EDG Instrumentation and Control System}} and {{entity:Electrical Switchgear and Load Sequencer}} at SIL 3 (H-001, H-010); {{entity:Diesel Engine Assembly}} and {{entity:Starting Air System}} at SIL 3 (H-001 start-on-demand); {{entity:Engine Cooling System}}, {{entity:Fuel Oil System}}, and {{entity:EDG Building and Support Systems}} at SIL 2. Cross-domain search found a railway signalling diesel generator ({{hex:D6C41019}}, 0.82 similarity) and a water treatment EDG set ({{hex:D7D71018}}, 0.82 similarity) as analogs — both share the {{trait:Powered}}, {{trait:Intentionally Designed}}, and {{trait:System-Essential}} trait cluster.

6 architecture decisions document key trade-offs: medium-speed engine selection, I&C/protection separation (hardwired vs digital), train independence philosophy, pneumatic starting over battery, switchgear function grouping, and cooling system separation rationale.

7 external interface requirements cover all concept-phase interfaces: National Grid (LOOP detection with 100ms discrimination), Emergency AC Bus (6.6kV breaker), Ultimate Heat Sink, Plant Protection System (24VDC hardwired), Main Control Room, Fuel Supply, and DC Battery System.

Spec tree entries created for all 9 subsystems with canonical diagram names, section IDs, and SIL allocations locked in. Baseline SCAFFOLD-2026-03-26 captured at 46 requirements.

Next

First decomposition session should tackle the {{entity:Electrical Switchgear and Load Sequencer}} — it owns three safety-critical functions (LOOP detection, load sequencing, bus transfer), has the most external interfaces (grid, bus, PPS, MCR), and its timing requirements (100ms LOOP detection + 500ms breaker closure + 60s sequencing) define the critical path for the entire EDG response. Second priority is the {{entity:EDG Instrumentation and Control System}} for the hardwired protection trip architecture and the control/protection boundary definition. The STK→SYS trace coverage needs expanding in a future QC pass — only 8 of the 15 SYS requirements have upstream links.