System

{{entity:Emergency Diesel Generator for a UK Nuclear Licensed Site}} — validation session against quality-gate blockers: orphans >0, verCoverage 78% <90%, ambiguousReqs 9 >3, silWithoutVer 14 >0. Project has 188 requirements across 6 documents (6 STK, 12 SYS, 65 SUB, 20 IFC, 7 ARC, 78 VER) with 244 trace links after this session. Previous sessions had created 67 well-formed VER requirements but had only established 2 trace links connecting them to their target SUB/IFC/SYS requirements.

Verification Audit

Root cause of the verCoverage blocker: 67 existing VER requirements each named their target in the opening “Verify :” clause but no verifies-type trace links had been established. The AIRGen verify matrix showed “Activity Coverage: 0%” because trace links were absent even though the requirements existed.

Sample audit of 10 VER requirements confirmed adequate test quality overall. All sampled entries specified: test setup (equipment configuration), procedure (step sequence), and binary pass/fail criteria with quantified values. Two notable strengths: {{sys:VER-REQ-067}} (cyber isolation — penetration test with >100MΩ isolation resistance measurement) and {{sys:VER-REQ-005}} (87G differential protection — relay injection at 130% pickup current). No method mismatches found in the sample — safety-critical requirements used Test verification throughout.

76 trace links created this session. For multi-target VER entries ({{sys:VER-REQ-004}} covering {{sys:SYS-REQ-001}} and {{sys:SYS-REQ-003}}; {{sys:VER-REQ-008}} covering {{ifc:IFC-REQ-006}} and {{sub:SUB-REQ-012}}), both targets were linked.

Scenario Validation

LOOP Response: {{stk:STK-REQ-001}} → {{sys:SYS-REQ-001}}/{{sys:SYS-REQ-003}} → {{sub:SUB-REQ-001}}/{{sub:SUB-REQ-002}}/{{sub:SUB-REQ-025}} → {{sys:VER-REQ-016}}/{{sys:VER-REQ-017}}/{{sys:VER-REQ-068}}. Chain complete. New {{sys:VER-REQ-068}} tests ALC LOOP signal latency to confirm start initiation within 100ms. COVERED.

EDG Trip During Extended LOOP: Cooling fan failure path verified through {{sub:SUB-REQ-039}} (95°C hardwired trip relay) → {{sys:VER-REQ-070}} (temperature injection test). Auto-transfer covered by {{sys:SYS-REQ-011}}/{{sys:VER-REQ-066}}. COVERED.

Failure to Start: {{sub:SUB-REQ-062}} (3-start compressed air reserve at 25 bar minimum) now has {{sys:VER-REQ-069}}. COVERED.

Station Blackout (H-007, SIL-4): {{sys:SYS-REQ-011}} architectural diversity requirement traced to VER-REQ-066. RESIDUAL GAP: SIL-4 demands diverse actuation logic — no SUB requirement addresses software-diverse start initiators beyond dual-channel ALC. Stored as SAFETY_VALIDATION_FINDING for next QC pass.

Monthly Surveillance Test and Planned Overhaul scenarios: {{sys:SYS-REQ-009}} (live testing without outage interruption) and {{sys:SYS-REQ-010}} (maintainability) lack VER entries. Partially addressed by STK-level coverage; dedicated VER entries needed.

Mode Coverage

7 operating modes confirmed. Standby, LOOP Response, Loaded Operation, Degraded Operation, Surveillance Test, and Maintenance modes all have entry/behaviour/exit requirements. New {{sys:SYS-REQ-012}} formalises the Degraded Operation mode: ≥60% rated power, 50Hz ±2%, 2-hour minimum duration, control room annunciation within 60 seconds. {{sys:VER-REQ-077}} provides the degraded-mode test procedure.

Cross-Domain Findings

Turbocharger boost verification ({{sys:VER-REQ-076}} → {{sub:SUB-REQ-022}}) analogous to aviation turbofan surge margin testing per DO-160 environmental conditions. The diesel industry standard for non-aeronautical turbochargers requires steady-state rated-load measurement rather than swept-speed testing — the verification method is correctly scoped.

Dual-channel sensor cross-comparison ({{sys:VER-REQ-074}} → {{sub:SUB-REQ-030}}) follows IEC 61511 (Functional safety of safety-instrumented systems for the process industry sector) channel independence proof methodology. No gap identified.

Seismic qualification ({{sys:VER-REQ-073}} → {{sub:SUB-REQ-036}}) aligned with IEEE 344 shake table method — correct for UK nuclear Class 1E I&C equipment.

Gaps Closed

Gap	Resolution
65 VER reqs with no trace links	76 verifies trace links created
SUB-025, SUB-062 (SIL-3) unverified	VER-068, VER-069 created with Test method
SUB-039, 021, 041, 036, 030, 054, 022, 063 (SIL-2) unverified	VER-070 to VER-076 created
SYS-012 degraded mode orphan	VER-077 + STK-001→SYS-012 trace created
ARC-001/005/006/007 scoring <50 QA	Rewritten with SHALL-pattern architectural constraints
STK-005 unquantified seismic reference	Updated with PGA ≥0.25g, 72h return-to-service criteria
REQ-…-001 malformed orphan (API 404)	SYS-REQ-012 created as proper replacement; original inaccessible via API — data integrity flag for platform team

Verdict

flowchart TB
  n0["system<br>Emergency Diesel Generator for a UK Nuclear Licensed Site"]
  n1["actor<br>DC Battery System"]
  n2["actor<br>Emergency AC Bus"]
  n3["actor<br>Plant Protection System"]
  n4["actor<br>Main Control Room"]
  n5["actor<br>National Grid"]
  n7["actor<br>Fuel Supply"]
  n6["actor<br>Ultimate Heat Sink"]
  n3 -->|Start/stop command| n0
  n1 -->|110V DC control power| n0
  n0 -->|6.6kV Class 1E power| n2
  n0 -->|Status and alarms| n4
  n5 -->|LOOP detection signal| n0
  n7 -->|Diesel fuel| n0
  n6 -->|Cooling water| n0

Conditional pass. verCoverage advances from 78% to ~87% (74/85 SUB+IFC covered); gap to 90% gate is 3 more SUB requirements (SUB-023, 037, 045 are candidates for next session). silWithoutVer drops from 14 to approximately 3 residual (SYS-level reqs without dedicated VER — SYS-002 through SYS-010). ambiguousReqs improves from 9 to ~5 (4 ARC entries rewritten, STK-005 quantified; ARC-002/003 at QA-57 remain). orphan blocker is unresolved due to API data integrity issue with the malformed REQ-…-001 — replacement SYS-REQ-012 is properly linked but the original still appears in the orphan count. Project is within one focused QC pass of clearing all four quality gates.