Verification Plan (SVP) — ISO/IEC/IEEE 15289 — Plan | IEEE 29148 §6.6
Generated 2026-03-27 — UHT Journal / universalhex.org
| Ref | Requirement | Method | Tags |
|---|---|---|---|
| VER-METHODS-001 | The intact stability calculation (SUB-SSMS-002) SHALL be verified by loading 50 pre-computed test conditions from the vessel's approved stability booklet and comparing system-calculated GM, GZ curve values, and weather criterion ratios against the booklet values, with maximum permissible deviation of 1% for GM and 2% for GZ ordinates. Rationale: Comparing system output against class-approved hydrostatic data for 50 conditions validates both the calculation algorithms and the hydrostatic data tables. The 0.01m GM tolerance matches classification society acceptance criteria for stability instrument type approval. | Test | |
| VER-METHODS-002 | The longitudinal strength computation (SUB-SSMS-003) SHALL be verified by comparing system-calculated shear force and bending moment values at all frame stations against an independent FEA-validated reference model for 20 loading conditions, with maximum deviation of 3% at any station. Rationale: Classification society approval of loading instruments requires demonstration that shear force and bending moment calculations match approved finite element analysis within defined tolerances. The 2 percent tolerance aligns with IACS UR S11 acceptance criteria. | Test | |
| VER-METHODS-003 | The alarm generation system (SUB-SSMS-007) SHALL be verified by injecting simulated stability and strength values at each alarm threshold boundary (80%, 90%, 95% of limits) and measuring alarm latency, correctness of alarm category, and completeness of displayed information, across all monitored parameters. Rationale: Alarm system verification requires controlled injection of values at each threshold boundary to confirm correct alarm state transitions and timing. This is a standard type-approval test procedure for maritime safety systems per IEC 62923. | Test | |
| VER-METHODS-004 | The draught sensor interface (IFC-SSMS-IFC-004) SHALL be verified by connecting a NMEA signal simulator generating known draught values across the 0.5-25m range at 1 Hz, and validating that the system acquires, validates, and resolves readings into mean draught, trim, and heel within the specified accuracy, and detects simulated sensor failure within 5 seconds. Rationale: NMEA signal simulation is the standard method for verifying maritime sensor interfaces without requiring physical sensors. Testing against known draught values validates the entire signal acquisition chain from connector to displayed value. | Test | |
| VER-METHODS-005 | The probabilistic damage stability assessment (SUB-SSMS-004) SHALL be verified by comparing system-calculated attained subdivision index against classification society approved calculations for at least 10 representative loading conditions, with the attained index agreeing within 0.005. Rationale: Classification societies require independent verification of damage stability calculations against approved methods. The 0.005 tolerance on the subdivision index matches DNV GL and Lloyd Register type-approval criteria for stability instruments. | Test | |
| VER-METHODS-006 | The degraded mode operation (SUB-SSMS-009) SHALL be verified by systematically disabling one and then two draught sensors and confirming that the system continues to calculate stability parameters with draught accuracy within plus or minus 5 cm compared to a calibrated reference, and that the degraded state indication appears on all display outputs within 2 seconds of sensor loss. Rationale: Degraded mode testing validates that the system correctly detects sensor loss, adjusts its calculation methodology, and alerts operators. The 5 cm accuracy and 2-second indication thresholds must be verified under controlled conditions before operational approval. | Test | |
| VER-METHODS-007 | The IMO weather criterion evaluation (SUB-SSMS-010) SHALL be verified by loading at least 5 test conditions with known weather criterion results from approved stability booklet calculations and confirming that the system-calculated beam wind heeling lever, roll-back angle, and area ratios agree within 2 percent of the approved values. Rationale: The weather criterion is the most common stability failure mode for container ships due to high windage area. Verification against approved booklet values ensures the system correctly implements the complex multi-step A.749(18) Regulation 3.2 calculation. | Test | |
| VER-METHODS-009 | The stowage planning interface (IFC-SSMS-IFC-001) SHALL be verified by transmitting 100 representative loading sequences from the Stowage Planning Engine test harness and confirming that the SSMS receives, parses, and initiates stability calculation for each sequence within 500 milliseconds, with zero message loss over IEC 61162-450 maritime Ethernet. Rationale: The stowage planning interface is the most frequently exercised data path during cargo operations. Verification must demonstrate both throughput and reliability because a dropped or delayed stability check could allow an unsafe loading move to proceed. | Test | |
| VER-METHODS-010 | Verify IFC-DEFS-006: Inject a synthetic 20,000 TEU manifest from the Container Tracking system to the Stowage Planning Engine. Measure end-to-end transfer time from request to full manifest availability in SPE memory. Pass criteria: transfer completes within 5 seconds with zero container record loss. Repeat with manifests containing malformed records to verify error handling. Rationale: Tests the full data pipeline from Container Tracking to Stowage Planning at maximum vessel capacity (20,000 TEU). Synthetic manifest injection is chosen over live data to ensure reproducible test conditions and cover edge cases (overweight containers, special cargo types) that may not appear in operational data. | Test | verification, stowage-planning-engine, session-280 |
| VER-METHODS-011 | Verify IFC-DEFS-007: Submit 100 representative loading sequences from the SPE to the Stability and Stress Monitoring System and measure round-trip response time for each. Pass criteria: all responses received within 3 seconds, stability parameters (GM, trim, SF, BM) match reference values from the approved stability book within 2 percent tolerance. Rationale: Round-trip latency measurement validates that stability checking does not become a bottleneck in iterative stowage planning. 100 loading sequences provides statistical significance for response time characterisation across different vessel loading conditions (ballast, full, partial). | Test | verification, stowage-planning-engine, session-280 |
| VER-METHODS-012 | Verify IFC-DEFS-008: Generate 200 on-deck stack configurations (varying weights 5-30 tonnes, stack heights 2-6 tiers) and submit to the Lashing Calculator interface. Pass criteria: all responses within 2 seconds per stack, lashing force results match manual calculation from the Cargo Securing Manual within 3 percent. Rationale: 200 stack configurations spanning the full weight and height range exercises the lashing calculation across CSS Code force tables. Boundary conditions (maximum stack weight at maximum tier height) are the most structurally demanding cases and must be explicitly tested. | Test | verification, stowage-planning-engine, session-280 |
| VER-METHODS-013 | Verify IFC-DEFS-009: Submit a manifest containing at least one container from each of the 9 IMDG hazard classes and verify that the Dangerous Goods system returns correct segregation matrices. Intentionally place containers violating segregation distances and confirm the SPE rejects these placements. Pass criteria: zero false negatives (no accepted segregation violations), full manifest validation under 10 seconds. Rationale: All 9 IMDG hazard classes must be represented in the test manifest because segregation rules and stowage categories differ significantly between classes. A test covering only common classes (3, 8, 9) would miss the most restrictive segregation requirements (Class 1, Class 7). | Test | verification, stowage-planning-engine, session-280 |
| VER-METHODS-014 | Verify IFC-DEFS-010: Configure a vessel model with known reefer plug allocation (some slots occupied, some available) and attempt to stow reefer containers. Confirm that the SPE queries plug availability and rejects placement to non-powered or fully-allocated slots. Pass criteria: zero reefer containers placed in unpowered positions across 10 test scenarios with varying plug utilization from 30 to 95 percent. Rationale: Tests the reefer plug availability query with a pre-configured vessel model to verify correct slot-level granularity. The mix of occupied and available slots ensures the interface correctly reports available capacity, preventing reefer over-allocation during planning. | Test | verification, stowage-planning-engine, session-280 |
| VER-METHODS-015 | Verify SUB-REQS-011: Execute the Stowage Optimization Engine against 10 representative load lists ranging from 5,000 to 20,000 TEU on a single compute node matching the target hardware specification. Pass criteria: all 10 plans generated within 120 seconds, zero constraint violations in any output plan, and solution quality (total weighted penalty) within 5 percent of the best known solution from offline computation. Rationale: Tests the stowage optimization engine against the full capacity range (5,000 to 20,000 TEU) to verify the 10-minute solve time constraint holds at scale. A single compute node constraint ensures the performance target is validated without cluster parallelism masking bottlenecks. | Test | verification, stowage-planning-engine, session-280 |
| VER-METHODS-016 | Verify SUB-REQS-016: Create test scenarios with containers from all 9 IMDG hazard classes placed in known violation configurations (insufficient horizontal separation, incorrect deck stowage category) and confirm the optimizer rejects every violation. Include edge cases: Class 1 explosives requiring magazine stowage, Class 7 radioactive with special form certificates, and incompatible classes in adjacent bays. Pass criteria: zero violations accepted across 500 test placements. Rationale: Known violation configurations (insufficient separation, prohibited stowage category, incompatible adjacent classes) test the negative path — the system must correctly reject every violation. This is the safety-critical test; a false negative (missed violation) could result in incompatible DG stowage at sea. | Test | verification, stowage-planning-engine, safety, session-280 |
| VER-METHODS-017 | Verify IFC-DEFS-011: Submit 100 sequential UN number lookup queries spanning all 9 hazard classes and measure response time for each. Pass criteria: 95th percentile response time at or below 10 milliseconds. Verify returned data contains all mandatory fields (class, division, packing group, stowage category, SGG list, EmS references). Rationale: Sequential UN number lookups across all 9 hazard classes validate both response time and classification accuracy for the synchronous query-response interface. 100 queries provides sufficient coverage of the DGL while keeping test execution time manageable. | Test | verification, dg-management, session-281 |
| VER-METHODS-018 | Verify IFC-DEFS-012: Submit batch queries of 25, 50, and 100 UN numbers and measure response time and data completeness. Pass criteria: response within 50 milliseconds for 100 entries, each entry contains primary class, subsidiary risks, and complete SGG membership list matching the IMDG Code reference. Rationale: Batch query testing at 25, 50, and 100 UN numbers validates scalability of the database interface and verifies that batch processing does not introduce data completeness issues (missing fields, truncated results) at higher batch sizes. | Test | verification, dg-management, session-281 |
| VER-METHODS-019 | Verify IFC-DEFS-013: Submit 10 test scenarios with known segregation violations (Class 1.1 adjacent to Class 5.1, Class 3 with Class 4.3 below minimum separation, SGG1 acid with SGG18 alkali) and verify that each returns fail with correct violated pairs and required distances within 500 milliseconds. Rationale: Known segregation violations with specific class combinations (1.1/5.1 incompatibility, 3/4.3 minimum separation) test that the validator correctly applies the IMDG Code Table 7.2.4 rules for the most hazardous pairings. These specific combinations are chosen because they represent the highest-consequence segregation failures. | Test | verification, dg-management, session-281 |
| VER-METHODS-020 | Verify IFC-DEFS-014: Update a DG declaration record, then query the Manifest Generator data source within 60 seconds and confirm the updated record is reflected. Repeat for 5 declarations across different hazard classes. Pass criteria: all updates visible within 60-second window with complete field set. Rationale: Tests data consistency propagation — when a DG declaration is updated, the manifest generator must reflect the change within 60 seconds. This verifies that the validated data pathway from declaration to manifest does not introduce stale data, which could result in an incorrect statutory manifest. | Test | verification, dg-management, session-281 |
| VER-METHODS-021 | Verify IFC-DEFS-015: Load a test manifest of 500 DG containers spanning all 9 hazard classes, trigger constraint set generation, and verify: output delivered within 2 seconds, contains prohibited positions and separation distances for each container, and constraint sets are parseable by the Stowage Optimization Engine constraint interface. Rationale: 500 DG containers across all hazard classes exercises the constraint set generation at realistic vessel loads. Verification of output delivery time ensures constraint generation does not become a bottleneck during stowage planning iterations. | Test | verification, dg-management, session-281 |
| VER-METHODS-022 | Verify IFC-DEFS-016: Simulate 1200 reefer container polling events at 15-minute intervals and measure end-to-end delivery latency from the Reefer Monitoring Unit to the Temperature Alarm Processor. Pass criteria: 100 percent of messages delivered within 5 seconds, no message loss, all required fields (container ID, location, supply air temp, return air temp, setpoint, timestamp) present and correctly formatted. Rationale: Simulating 1200 containers at 15-minute intervals validates the full-scale polling load on the monitoring-to-alarm interface. Latency measurement ensures alarm processing is not delayed by interface congestion at maximum fleet size. | Test | verification, reefer, session-282 |
| VER-METHODS-023 | Verify IFC-DEFS-017: Transmit 10,000 sequential polling records from the Reefer Monitoring Unit to the Reefer Data Logger and verify guaranteed delivery by confirming record count match, sequence integrity (no reordering), and completeness of all data fields. Inject 5 simulated network interruptions during the test to verify retry and recovery. Rationale: 10,000 sequential records tests the guaranteed delivery mechanism of the logging interface under sustained write load. Record loss in the temperature logging chain would invalidate the tamper-evident audit trail required for regulatory compliance. | Test | verification, reefer, session-282 |
| VER-METHODS-024 | Verify IFC-DEFS-018: Trigger 50 power state changes (energise, trip, load-shed) on reefer outlets and measure the time from state change to updated status in the Reefer Monitoring Unit. Pass criteria: all state changes reflected within 10 seconds, container-to-outlet mapping accurate for all affected containers. Rationale: 50 power state change events across energise, trip, and load-shed states validates the bidirectional status exchange. Timing measurement confirms that the monitoring system receives power status updates fast enough to suppress false temperature alarms during planned power transitions. | Test | verification, reefer, session-282 |
| VER-METHODS-025 | Verify IFC-DEFS-019: Submit PTI results for 200 containers (mix of pass, fail, conditional) from the Pre-Trip Inspection Module and verify the Reefer Monitoring Unit initialises monitoring baselines using PTI-confirmed setpoints. Pass criteria: all passed containers initialised with PTI-validated setpoints, failed containers flagged as not-for-monitoring. Rationale: 200 containers with a mix of pass, fail, and conditional PTI results exercises all outcome paths. Conditional results (e.g., minor defects requiring monitoring) are the most complex case and must be correctly reflected in the monitoring unit's container status. | Test | verification, reefer, session-282 |
| VER-METHODS-026 | Verify IFC-DEFS-020: Inject atmosphere readings for 50 CA reefer containers with known O2 and CO2 deviations and verify the Temperature Alarm Processor generates consolidated temperature-plus-atmosphere alarms when both parameters deviate simultaneously. Pass criteria: all consolidated alarms generated within one polling cycle, no missed combined-deviation scenarios. Rationale: 50 CA reefer containers with known O2 and CO2 deviations validates that the alarm processor correctly applies atmosphere-specific thresholds. CA alarm processing is distinct from temperature alarm processing and must be tested independently to confirm correct threshold evaluation. | Test | verification, reefer, session-282 |
| VER-METHODS-027 | Verify IFC-DEFS-021: Simulate 20 power fault events (overload trip, ground fault, phase loss, load-shed) and measure delivery latency to the Temperature Alarm Processor. Pass criteria: all fault events delivered within 2 seconds, affected outlet identification correct, alarm processor correctly reclassifies subsequent temperature rises as power-related. Rationale: 20 power fault events across different fault types (overload, ground fault, phase loss, load-shed) validates that each fault type is correctly classified and delivered to the alarm processor. Fault type identification is critical for correct crew response — a ground fault requires different action than an overload trip. | Test | verification, reefer, session-282 |
| VER-METHODS-028 | Verify IFC-DEFS-022: Transmit a batch of 2,000 VERMAS D.13B messages totalling 500 KB through the EDI Gateway to the VGM Declaration Receiver. Pass criteria: all 2,000 declarations parsed correctly with no data loss, and all mandatory VERMAS segments (BGM, DTM, NAD, WGT) correctly extracted. Rationale: Validates the VERMAS interface at scale to ensure the VGM system can handle peak port call volumes without message loss or parsing failures. | Test | verification, vgm, session-284 |
| VER-METHODS-029 | Verify IFC-DEFS-023: Connect to simulated weighbridge equipment using each supported protocol (Modbus TCP, OPC-UA, RS-232) and acquire 100 weight measurements per protocol. Pass criteria: all measurements received within 500ms of trigger, measurement values match simulator reference within 10 kg resolution, and protocol auto-detection correctly identifies each protocol type. Rationale: Each weighbridge protocol must be independently verified since protocol-specific timing and framing issues only manifest during sustained measurement sequences. | Test | verification, vgm, session-284 |
| VER-METHODS-030 | Verify IFC-DEFS-024: Change VGM compliance status for 50 containers through the full lifecycle (REJECTED to CONDITIONAL to AUTHORIZED) and measure message delivery to the Stowage Planning Engine subscriber. Pass criteria: all status changes delivered within 500ms, no message loss, and status values correctly parsed by the stowage planner. Rationale: VGM status lifecycle transitions are critical for loading authorization decisions. Testing the full lifecycle verifies that status changes propagate correctly to the stowage planner. | Test | verification, vgm, session-284 |
| VER-METHODS-031 | Verify IFC-DEFS-025: Query the Container Weight Database for 1,000 container weights while the database contains 500,000 records. Pass criteria: 95th percentile query response time below 50ms, confidence indicator correctly distinguishes weighbridge-verified from declaration-only weights, and all returned VGM values match the stored values exactly. Rationale: Weight lookup performance under full database load must be verified against the 100ms threshold to ensure stability calculations are not bottlenecked during planning cycles. | Test | verification, vgm, session-284 |
| VER-METHODS-032 | Verify IFC-DEFS-026: Update VGM status for 200 containers in rapid succession and verify that the Container Tracking and Inventory System reflects each update within 1 second. Pass criteria: all 200 status changes propagated within 1 second, inventory records show current VGM status, and container number mapping is correct. Rationale: Rapid VGM status updates during active cargo operations stress the synchronization path between the weight database and the container inventory, exposing race conditions. | Test | verification, vgm, session-284 |
| VER-METHODS-033 | Verify IFC-DEFS-027: Monitor the Cargo Operations Display dashboard while processing a simulated port call with 1,500 containers. Pass criteria: dashboard data refreshes at intervals not exceeding 10 seconds, coverage percentage matches the actual count of VGM-declared containers, and discrepancy counts match the Weight Discrepancy Detector output. Rationale: Dashboard accuracy and refresh rates must be validated under realistic port call loads to ensure the cargo officer has reliable situational awareness during operations. | Demonstration | verification, vgm, session-284 |
| VER-METHODS-034 | Verify SUB-REQS-045: Submit 100 container weight pairs (declared vs measured) with known discrepancies spanning all three severity tiers. Pass criteria: all containers correctly classified by severity (minor, major, critical), no false negatives for discrepancies exceeding the 5%/1,000 kg threshold, and no false positives for weight pairs within tolerance. Rationale: Discrepancy detection thresholds must be verified with known test vectors spanning all severity tiers to confirm correct classification and zero false negatives on weight safety violations. | Test | verification, vgm, session-284 |
| VER-METHODS-035 | Verify SUB-REQS-048: Process 500 containers through the full compliance validation pipeline and verify that each receives a correct authorization status within 2 seconds. Pass criteria: AUTHORIZED only for containers with valid VGM and no discrepancy, REJECTED for containers without VGM or with invalid declarations, HOLD and CONDITIONAL correctly applied based on discrepancy severity, and end-to-end latency below 2 seconds for each determination. Rationale: Full pipeline validation of 500 containers tests the compliance validator's accuracy and performance at realistic scale, covering all four authorization states and edge cases. | Test | verification, vgm, session-284 |
| VER-METHODS-036 | Verify IFC-DEFS-028: Integration test — submit a stowage plan with known container weights and positions to the Lashing and Securing Calculator via the Stowage Planning Engine interface. Verify that lashing compliance response is received within the API timeout and that a plan with an over-SWL condition is rejected. Pass criteria: rejection returned with specific bay and lashing element identification. Rationale: The lashing calculator's dependency on accurate weight and position data from the stowage engine makes this interface safety-critical. Integration testing validates end-to-end data fidelity. | Test | verification, lashing, session-285 |
| VER-METHODS-037 | Verify IFC-DEFS-029: Integration test — inject known GM and roll period values from the Stability system to the Lashing Calculator. Verify that acceleration parameters update within 10 seconds and that lashing force calculations change accordingly. Pass criteria: force output delta matches predicted change for the GM shift within 2% tolerance. Rationale: Stability parameters directly affect lashing force calculations. Verifying that injected GM and roll period values produce correct acceleration factors validates the CSS Code calculation chain. | Test | verification, lashing, stability, session-285 |
| VER-METHODS-038 | Verify IFC-DEFS-030: Integration test — transmit BAPLIE, COPARN, and CODECO messages from a test terminal system to the EDI Gateway and verify they propagate to the Container Tracking system. Pass criteria: all three message types acknowledged within 30 seconds, container records created/updated in the Container Registry matching message content. Rationale: BAPLIE/COPARN/CODECO are the three core message types for vessel-terminal data exchange. Integration testing validates correct parsing, routing, and semantic preservation across the full EDI stack. | Test | verification, container-tracking, terminal-edi, session-285 |
| VER-METHODS-039 | Verify IFC-DEFS-031: Performance test — query the Bay Plan Manager for single-bay slot availability and full-vessel slot availability under load (24,000 containers populated). Pass criteria: single-bay response within 500ms (p99), full-vessel response within 2 seconds (p99), measured over 1000 queries. Rationale: Slot availability queries occur on every optimization iteration. Performance testing at 24,000 TEU scale validates that the Bay Plan Manager meets response time requirements under realistic load. | Test | verification, container-tracking, stowage, performance, session-285 |
| VER-METHODS-040 | Verify IFC-DEFS-032: Integration test — submit a VGM value to the VGM system and verify it propagates to the Container Registry within 5 seconds. Submit a VGM differing from the booking weight by 6% and verify a discrepancy flag is raised. Pass criteria: weight updated in registry within 5s, discrepancy flag generated for >5% deviation, no flag for <=5% deviation. Rationale: VGM-to-registry propagation timing is critical for preventing loading of containers with disputed weight data. Testing with discrepancy flag injection validates the full alert pipeline. | Test | verification, container-tracking, vgm, session-285 |
| VER-METHODS-041 | Verify IFC-DEFS-033: Inject 10,000 mixed-type EDI messages through the parser at maximum rate and measure queue acknowledgment latency. Pass criteria: 99.9th percentile acknowledgment latency below 10ms, zero message drops, all JSON envelopes contain required fields (type, priority, source, timestamp, payload). Rationale: The parser-to-queue interface handles the highest message volume in the system. 10,000 mixed-type messages tests throughput and queue acknowledgment latency under stress conditions. | Test | verification, terminal-interface, session-286 |
| VER-METHODS-042 | Verify IFC-DEFS-034: Simulate VSAT failure by disconnecting the primary link and measure the time from link-down event to queue receiving notification and switching to degraded-mode scheduling. Pass criteria: notification delivered within 2 seconds, queue compression enabled within 5 seconds, no messages attempted on failed link after notification. Rationale: Communication link failover timing directly affects message delivery reliability. Simulating VSAT failure validates the detection-to-notification chain that triggers store-and-forward mode. | Test | verification, terminal-interface, session-286 |
| VER-METHODS-043 | Verify IFC-DEFS-035: Transmit a 10 MB BAPLIE message from a simulated TOS through the connector to the parser and verify complete round-trip. Pass criteria: message delivered intact, metadata fields populated correctly, no truncation or encoding loss, processing completed within 30 seconds. Rationale: Large BAPLIE messages (full vessel plans for 24,000 TEU) test the connector-parser interface at maximum message size, exposing buffer overflow or parsing timeout issues. | Test | verification, terminal-interface, session-286 |
| VER-METHODS-044 | Verify IFC-DEFS-036: Simultaneously inject alarm events from all five subsystem sources and measure end-to-end propagation to the alarm display. Pass criteria: all events received with correct fields, 99th percentile propagation under 500ms, no events lost or duplicated, correct severity ordering in display queue. Rationale: Simultaneous alarms from all five subsystems represent the worst-case alarm flood scenario (e.g., heavy weather). Testing propagation latency validates the alarm aggregation system under peak load. | Test | verification, cargo-display, session-286 |
| VER-METHODS-045 | Verify IFC-DEFS-037: Submit a 50-move restow scenario to the simulation engine against a loaded 20,000 TEU base case. Pass criteria: all three calculation services return results within 8 seconds, results match independent offline calculation within 0.1 percent tolerance, operational load case unchanged after simulation completes. Rationale: A 50-move restow scenario against a loaded 20,000 TEU base case is the most computationally intensive simulation the system must support. This validates both calculation accuracy and response time under realistic planning conditions. | Test | verification, cargo-display, session-286 |
| VER-METHODS-046 | Verify IFC-DEFS-038: Simulate a multi-crane loading operation with 500 container moves including 10 out-of-sequence events and verify the Loading Sequence Display updates correctly. Pass criteria: all moves displayed within 5 seconds, out-of-sequence moves highlighted, planned vs actual counts match at completion. Rationale: Out-of-sequence container moves during multi-crane operations are a common operational scenario. Testing with deliberate sequence violations validates the display's ability to detect and alert on deviations from the planned loading sequence. | Test | verification, cargo-display, session-286 |
| VER-METHODS-047 | Verify IFC-DEFS-039: Connect the system to a ballast control system simulator generating IEC 61162-450 compliant tank sounding data for 20 ballast tanks. Verify that all tank levels, temperatures, and densities are received and correctly reflected in the stability calculation within 5 seconds. Transmit 10 ballast recommendations and verify correct formatting and operator confirmation workflow. Rationale: The ballast interface carries safety-critical data affecting stability calculations. Testing with a 20-tank simulator covers the full range of a typical container vessel ballast system. The 5-second latency threshold ensures tank sounding updates are reflected in the stability calculation before the next crane lift cycle. Verifying the operator confirmation workflow for transmitted ballast recommendations ensures the human-in-the-loop safety control is functioning correctly. | Test | verification, ballast, validation, session-288 |
| VER-METHODS-049 | Verify IFC-DEFS-040: Connect a NMEA 0183 signal simulator generating MWV wind speed and angle sentences and ocean wave data. Verify that wind speed values from 0 to 40 m/s are correctly received and that the Wind Force Estimator uses actual wind data when available, falling back to design values when the weather feed is interrupted for more than 60 seconds. Rationale: Wind force is the dominant environmental load on above-deck container stacks. Testing the full 0-40 m/s range covers Beaufort 0 through hurricane force winds, spanning all operational and survival conditions. The 60-second fallback verification ensures the system reverts to conservative design values promptly when actual wind data is lost, preventing lashing calculations based on stale environmental data that could under-predict forces during rapidly deteriorating weather. | Test | verification, weather, validation, session-288 |
| VER-METHODS-050 | Verify SUB-REQS-078: Trigger a system startup and observe the built-in test sequence completion. Introduce a deliberate single-bit corruption in the hydrostatic data table and verify that the self-test detects the integrity failure and displays a clear alarm within the test interval. Verify that the 24-hour periodic test executes automatically and logs results. Rationale: Self-test integrity is the primary defense against silent data corruption in the stability calculation. Injecting a deliberate single-bit corruption into hydrostatic tables verifies that the checksum algorithm detects the smallest possible data fault. Verifying the 24-hour periodic test ensures the system does not rely solely on startup checks, catching in-service corruption between power cycles. Alarm display verification confirms the operator is informed of integrity failures before the next stability calculation uses potentially corrupted data. | Demonstration | verification, self-test, validation, session-288 |
| Requirement | Verified By | Description |
|---|---|---|
| IFC-DEFS-039 | VER-METHODS-047 | |
| IFC-DEFS-040 | VER-METHODS-049 | |
| IFC-DEFS-038 | VER-METHODS-046 | |
| IFC-DEFS-037 | VER-METHODS-045 | |
| IFC-DEFS-036 | VER-METHODS-044 | |
| IFC-DEFS-035 | VER-METHODS-043 | |
| IFC-DEFS-034 | VER-METHODS-042 | |
| IFC-DEFS-033 | VER-METHODS-041 | |
| IFC-DEFS-032 | VER-METHODS-040 | |
| IFC-DEFS-031 | VER-METHODS-039 | |
| IFC-DEFS-030 | VER-METHODS-038 | |
| IFC-DEFS-029 | VER-METHODS-037 | |
| IFC-DEFS-028 | VER-METHODS-036 | |
| IFC-DEFS-027 | VER-METHODS-033 | |
| IFC-DEFS-026 | VER-METHODS-032 | |
| IFC-DEFS-025 | VER-METHODS-031 | |
| IFC-DEFS-024 | VER-METHODS-030 | |
| IFC-DEFS-023 | VER-METHODS-029 | |
| IFC-DEFS-022 | VER-METHODS-028 | |
| IFC-DEFS-021 | VER-METHODS-027 | |
| IFC-DEFS-020 | VER-METHODS-026 | |
| IFC-DEFS-019 | VER-METHODS-025 | |
| IFC-DEFS-018 | VER-METHODS-024 | |
| IFC-DEFS-017 | VER-METHODS-023 | |
| IFC-DEFS-016 | VER-METHODS-022 | |
| IFC-DEFS-015 | VER-METHODS-021 | |
| IFC-DEFS-014 | VER-METHODS-020 | |
| IFC-DEFS-013 | VER-METHODS-019 | |
| IFC-DEFS-012 | VER-METHODS-018 | |
| IFC-DEFS-011 | VER-METHODS-017 | |
| IFC-DEFS-010 | VER-METHODS-014 | |
| IFC-DEFS-009 | VER-METHODS-013 | |
| IFC-DEFS-008 | VER-METHODS-012 | |
| IFC-DEFS-007 | VER-METHODS-011 | |
| IFC-DEFS-006 | VER-METHODS-010 | |
| IFC-SSMS-IFC-001 | VER-SSMS-VER-009 | |
| IFC-SSMS-IFC-004 | VER-SSMS-VER-004 | |
| SUB-REQS-078 | VER-METHODS-050 | |
| SUB-REQS-048 | VER-METHODS-035 | |
| SUB-REQS-045 | VER-METHODS-034 | |
| SUB-REQS-016 | VER-METHODS-016 | |
| SUB-REQS-011 | VER-METHODS-015 | |
| SUB-SSMS-010 | VER-SSMS-VER-007 | |
| SUB-SSMS-009 | VER-SSMS-VER-006 | |
| SUB-SSMS-004 | VER-SSMS-VER-005 | |
| SUB-SSMS-003 | VER-SSMS-VER-002 | |
| SUB-SSMS-007 | VER-SSMS-VER-003 | |
| SUB-SSMS-002 | VER-SSMS-VER-001 |
| Ref | Document | Requirement |
|---|---|---|
| IFC-DEFS-001 | interface-requirements | The Stability and Stress Monitoring System SHALL receive proposed loading sequences from the Stowage Planning Engine as ... |
| IFC-DEFS-002 | interface-requirements | The Stability and Stress Monitoring System SHALL accept verified gross mass (VGM) data from the VGM Compliance and Weigh... |
| IFC-DEFS-003 | interface-requirements | The Stability and Stress Monitoring System SHALL publish real-time stability status to the Cargo Operations Display and ... |
| IFC-DEFS-004 | interface-requirements | The Stability and Stress Monitoring System SHALL interface with hull-mounted hydrostatic pressure draught sensors via a ... |
| IFC-DEFS-005 | interface-requirements | When a critical stability or strength alarm is generated, the Stability and Stress Monitoring System SHALL transmit the ... |
| SUB-REQS-002 | subsystem-requirements | The Stability and Stress Monitoring System SHALL calculate intact stability parameters including metacentric height (GM)... |
| SUB-REQS-003 | subsystem-requirements | The Stability and Stress Monitoring System SHALL compute hull girder shear force and bending moment at each of the vesse... |
| SUB-REQS-004 | subsystem-requirements | The Stability and Stress Monitoring System SHALL evaluate probabilistic damage stability in accordance with SOLAS Chapte... |
| SUB-REQS-005 | subsystem-requirements | The Stability and Stress Monitoring System SHALL acquire draught readings from at least four hull-mounted pressure senso... |
| SUB-REQS-006 | subsystem-requirements | The Stability and Stress Monitoring System SHALL calculate free surface correction for all slack tanks using actual tank... |
| SUB-REQS-007 | subsystem-requirements | When any stability or strength parameter exceeds its warning threshold, the Stability and Stress Monitoring System SHALL... |
| SUB-REQS-008 | subsystem-requirements | The Stability and Stress Monitoring System SHALL store at least 100 loading conditions including departure, arrival, and... |
| SUB-REQS-009 | subsystem-requirements | When fewer than three of the four draught sensors are operational, the Stability and Stress Monitoring System SHALL main... |
| SUB-REQS-010 | subsystem-requirements | The Stability and Stress Monitoring System SHALL evaluate the IMO weather criterion (Resolution A.749(18) Regulation 3.2... |
| VER-METHODS-001 | verification-plan | The intact stability calculation (SUB-SSMS-002) SHALL be verified by loading 50 pre-computed test conditions from the ve... |
| VER-METHODS-002 | verification-plan | The longitudinal strength computation (SUB-SSMS-003) SHALL be verified by comparing system-calculated shear force and be... |
| VER-METHODS-003 | verification-plan | The alarm generation system (SUB-SSMS-007) SHALL be verified by injecting simulated stability and strength values at eac... |
| VER-METHODS-004 | verification-plan | The draught sensor interface (IFC-SSMS-IFC-004) SHALL be verified by connecting a NMEA signal simulator generating known... |
| VER-METHODS-005 | verification-plan | The probabilistic damage stability assessment (SUB-SSMS-004) SHALL be verified by comparing system-calculated attained s... |
| VER-METHODS-006 | verification-plan | The degraded mode operation (SUB-SSMS-009) SHALL be verified by systematically disabling one and then two draught sensor... |
| VER-METHODS-007 | verification-plan | The IMO weather criterion evaluation (SUB-SSMS-010) SHALL be verified by loading at least 5 test conditions with known w... |
| VER-METHODS-009 | verification-plan | The stowage planning interface (IFC-SSMS-IFC-001) SHALL be verified by transmitting 100 representative loading sequences... |