Verification Plan (SVP) — ISO/IEC/IEEE 15289 — Plan | IEEE 29148 §6.6
Generated 2026-03-27 — UHT Journal / universalhex.org
| Ref | Requirement | Method | Tags |
|---|---|---|---|
| VER-060 | Verify SUB-REQ-032: Install a calibrated Cf-252 neutron source at maximum credible distance from each detector. Confirm detection within 1 ms using high-speed data acquisition. Verify 2oo3 coincidence by masking one channel at a time and confirming alarm with 2 remaining channels. Repeat for all monitored zones. Rationale: Criticality detection is the highest-consequence safety function requiring physical neutron source demonstration before commissioning per ONR guidance. | Test | |
| VER-065 | Verify SUB-REQ-036: Load test masses incrementally to 80 percent of single-contingency limit at each workstation. Confirm automatic process isolation triggers. Verify gamma activity monitor trip with calibrated Cs-137 source. Confirm hardwired relay trip logic independent of PLC by disconnecting PLC and re-testing. Review FMEDA and diagnostic coverage per IEC 61511-1 Clause 11. Rationale: SIL 3 safety function demands proof test and FMEDA evidence that PFDavg meets target per IEC 61511. | Test | |
| VER-066 | Verify SUB-REQ-037: Inject simulated trip signals into each voting channel in 2oo3 combinations. Measure trip time from injection to relay closure using oscilloscope. Confirm within 500 ms. Verify channel power independence by removing UPS feed to each channel sequentially. Rationale: 500 ms trip time and independent UPS paths must be demonstrated under fault conditions per LC28 defence-in-depth. | Test | |
| VER-067 | Verify SUB-REQ-010: Challenge each CAM station with NIST-traceable Pu-239 check source at 0.2 DAC-hours equivalent. Record alarm latency. Run 1000-hour reliability trial to verify false alarm rate does not exceed 1 per 1000 hours per monitor. Rationale: CAM sensitivity at 0.2 DAC-hours is the primary protection against plutonium inhalation; false alarm rate governs operational confidence. | Test | |
| VER-068 | Verify SUB-REQ-038: Simulate mains power failure and confirm automatic UPS takeover to criticality detectors, fire panels, safety interlocks, and radiation monitors. Conduct 30-minute full-load and 4-hour reduced-load battery discharge tests. Measure load and voltage at each critical bus during transition. Rationale: Emergency power continuity must be proven before commissioning; battery autonomy times drive evacuation and diesel start-up windows. | Test | |
| VER-REQ-001 | Verify IFC-REQ-001: Inspect extract ductwork material certificates (316L stainless steel), pressure test ductwork assembly at minus 3 kPa for 30 minutes with less than 0.5 percent pressure decay, and verify fan-downstream-of-filters arrangement by ductwork isometric review. Pass criteria: material certificates confirm 316L, pressure test holds, fan is downstream of both HEPA banks. Rationale: Ductwork integrity and material are most efficiently verified by inspection and pressure test during construction, before radioactive commissioning precludes access. | Inspection | verification, ventilation, session-326 |
| VER-REQ-002 | Verify IFC-REQ-002: Inject step setpoint changes from cascade controller to fan VSD and measure response. Pass criteria: fan speed tracks setpoint within 2 percent, status feedback updates within 500 ms, fault condition correctly reported within 1 second of simulated fault injection. Rationale: Functional integration test during commissioning validates the control loop timing that underpins the 2-second cascade response requirement. | Test | verification, ventilation, session-326 |
| VER-REQ-003 | Verify IFC-REQ-003: Commission extract manifold with all fume cupboards at maximum sash opening and all glove boxes at operating pressure. Measure total manifold flow using traverse pitot measurement at manifold entry. Pass criteria: total flow not less than 12000 m3/h, manifold static pressure not less negative than minus 500 Pa. Rationale: Full-load commissioning test validates manifold sizing under worst-case simultaneous demand from all containment devices. | Test | verification, ventilation, session-326 |
| VER-REQ-004 | Verify IFC-REQ-004: Inspect as-built ductwork drawings and measure straight-run distances upstream and downstream of sampling point. Pass criteria: not less than 8 diameters downstream of last disturbance, not less than 2 diameters upstream of stack exit, isokinetic nozzle aligned with duct axis within 5 degrees. Rationale: Physical measurement of straight-run distances confirms ISO 2889 compliance. This is a construction verification that cannot be repeated after active commissioning. | Inspection | verification, ventilation, session-326 |
| VER-REQ-005 | Verify IFC-REQ-006: With cascade PLC in simulated failure state, activate fire damper closure and smoke extract mode via hardwired safety relays. Pass criteria: fire dampers close within 10 seconds, smoke extract fan starts within 15 seconds, safety relay circuits maintain function with PLC powered off. Perform SIL 2 proof test per IEC 61511. Rationale: Independence of emergency override from PLC must be demonstrated by testing with PLC in failed state. This validates the common-cause failure defence required for SIL 2. | Test | verification, ventilation, safety, session-326 |
| VER-REQ-006 | Verify end-to-end ventilation containment: Release tracer aerosol (DOP at 0.3 micrometre) inside a C4 glove box and measure tracer concentration at (a) C3 zone boundary, (b) C2 zone boundary, (c) stack discharge point, and (d) external building envelope. Pass criteria: C3 concentration less than 0.01 percent of source, C2 less than 0.0001 percent, stack less than 0.00001 percent (two HEPA banks), external envelope below detection limit. Depression cascade maintained throughout test. Rationale: End-to-end tracer test validates the complete containment chain from primary containment device through extract ductwork, both HEPA banks, and stack discharge. This is the definitive active commissioning test confirming that the ventilation system performs its safety function as an integrated whole, not just at component level. | Test | verification, ventilation, integration, session-326 |
| VER-REQ-007 | Verify IFC-REQ-007: Connect each CAM station to HP Central via RS-485 Modbus RTU bus. Confirm polling interval is 5 seconds or less by monitoring bus traffic with protocol analyser. Inject simulated DAC-fraction readings at 0.5, 1.0, and 3.0 DAC and verify correct display on HP Central mimic within 5 seconds. Confirm all data fields (DAC-fraction, alarm state, instrument status, filter accumulation) are transmitted and recorded. Pass criteria: all data fields present, polling interval within spec, end-to-end latency under 5 seconds. Rationale: Integration test verifying the primary data path from distributed CAMs to central display. Tests both routine data and alarm state propagation. | Test | verification, radiation-protection, cam-network, hp-central, session-327 |
| VER-REQ-008 | Verify IFC-REQ-008: For each area gamma monitor, verify 4-20mA analogue output is proportional to log dose rate by injecting known Cs-137 fields at 1, 10, and 100 microSv/h and measuring analogue signal. Simultaneously verify Modbus TCP/IP digital path delivers dose rate, H*(10), cumulative dose, and health status at 10-second intervals. Disable digital path and confirm analogue alarm relay still activates at threshold. Pass criteria: analogue linearity within 5 percent, digital data complete at 10-second intervals, alarm functions on analogue path alone. Rationale: Diversity test confirming both data paths function independently. The analogue path independence test is critical because it is the SIL 1 safety function path. | Test | verification, radiation-protection, gamma-array, hp-central, session-327 |
| VER-REQ-009 | Verify IFC-REQ-009: Perform contamination measurement on each HFC monitor and portal monitor. Capture network traffic and confirm measurement results (pass/fail, alpha Bq/cm2, beta-gamma Bq/cm2, timestamp, monitor ID) arrive at HP Central within 2 seconds of measurement completion. Repeat for alarm condition. Pass criteria: all data fields present, latency under 2 seconds for 95th percentile across 20 measurements per monitor. Rationale: Verifies real-time contamination data path including latency under operational conditions. Statistical approach (95th percentile) accounts for network variability. | Test | verification, radiation-protection, contamination, hp-central, session-327 |
| VER-REQ-010 | Verify IFC-REQ-010: Issue EPDs to 5 test personnel, enter controlled area, and confirm OPC-UA data (dose rate, integrated dose, constraint percentage, personnel ID) appears on HP Central at 60-second intervals. Trigger EPD dose alarm and verify immediate event notification arrives at HP Central within 5 seconds. Pass criteria: routine data at 60-second intervals with no gaps over 1-hour test, alarm notification within 5 seconds. Rationale: End-to-end test of dosimetry-to-central interface under realistic conditions with multiple simultaneous EPDs. Alarm notification timing is critical for RPS situational awareness. | Test | verification, radiation-protection, dosimetry, hp-central, session-327 |
| VER-REQ-011 | Verify IFC-REQ-012: Inject simulated evacuation-level radiation alarm at each CAM and area gamma monitor in turn. Verify hardwired relay contact closure at HP Central within 1 second, and confirm facility evacuation alarm activation within 1 second of relay closure (2 seconds total from radiation alarm). Test with digital network disabled to confirm relay path is independent. Pass criteria: relay closure within 1 second for all monitors, evacuation alarm within 2 seconds total, function maintained with network disabled. Rationale: This is the most safety-critical interface in the RP subsystem. The test must demonstrate deterministic hardwired operation independent of digital infrastructure. Network-disabled test proves the safety function does not rely on software. | Test | verification, radiation-protection, hp-central, facility-safety, session-327 |
| VER-REQ-012 | Verify end-to-end radiation protection chain: Release a known-activity Tc-99m aerosol source (1 MBq) inside a fume cupboard in the Radiochemical Separations Laboratory. Verify the sequence: CAM detects airborne contamination and alarms at investigation level within 30 seconds, HP Central displays the alarm and identifies the zone within 5 seconds, area gamma monitors in adjacent zones show no increase (confirming containment), and personnel EPDs in the zone record no significant dose increase (confirming ventilation effectiveness). Pass criteria: complete detection-to-display chain within 35 seconds, no contamination spread beyond source zone, full data chain recorded in historian. Rationale: End-to-end system integration test exercising the complete detection-alarm-display chain under realistic conditions. Uses Tc-99m (6-hour half-life) for safe aerosol release testing. Tests both the RP subsystem's detection function and its integration with the ventilation containment system. This is the definitive acceptance test for the radiation protection safety function. | Demonstration | verification, radiation-protection, system-integration, session-327 |
| VER-REQ-013 | Verify IFC-REQ-013: Using inactive simulant at maximum flow rate, confirm gravity and pump transfer through 50mm bore pipework to each delay tank. Verify flow totalisation accuracy within ±2% against calibrated reference. Confirm isolation valve operation at each tank inlet. Pass criteria: flow rate sustains 20 L/min, totaliser agrees with reference within ±2%, each valve closes within 10 seconds. Rationale: Integration test at the drain-to-tank boundary using inactive simulant to verify hydraulic performance before active commissioning. | Test | verification, aetds, session-328 |
| VER-REQ-014 | Verify IFC-REQ-014: With tanks filled with traced simulant, execute 5-minute purge cycle then draw triplicate samples from each tank. Analyse samples against known tank concentration. Pass criteria: all samples within ±10% of true concentration, no cross-contamination between tank sample lines (absent tracer in adjacent tank samples). Rationale: Validates sample line purge effectiveness and cross-contamination isolation using different tracers per tank. | Test | verification, aetds, session-328 |
| VER-REQ-015 | Verify IFC-REQ-016: Inject calibration sources at 80%, 100%, and 120% of discharge limits into the in-line alpha and beta-gamma monitors during simulated discharge. Verify alarm generation and fail-safe valve closure within 5 seconds at each threshold. Simulate loss of monitoring signal and loss of power — confirm valve closes within 5 seconds in each case. Pass criteria: all alarm setpoints trigger correctly, valve closure time <5 seconds in all failure modes, proportional sampler collects representative composite. Rationale: SIL 2 proof test validating the complete safety function chain from detection through logic to final element. Tests all three trip conditions (high activity, signal loss, power loss). | Test | verification, aetds, safety, session-328 |
| VER-REQ-016 | Verify IFC-REQ-015: Transfer a spiked simulant batch through the Chemical Treatment Plant at minimum and maximum flow rates. Confirm treated effluent is returned to receiving tank and post-treatment sample shows decontamination factors meet SUB-REQ-025 targets. Pass criteria: transfer completes without leak at both flow rates, DF for alpha surrogate exceeds 100, DF for Cs/Sr surrogates exceeds 10. Rationale: End-to-end treatment loop verification using surrogate radionuclides during inactive commissioning. | Test | verification, aetds, session-328 |
| VER-REQ-017 | Verify IFC-REQ-017: Trigger a batch screening measurement and confirm structured data record appears in LIMS within 30 seconds. Verify OPC UA authentication handshake succeeds and data integrity checksum matches. Corrupt a test message in transit and confirm LIMS rejects it. Pass criteria: latency <30 seconds for 100 consecutive measurements, all corrupted messages rejected. Rationale: Validates both the functional data path and the security/integrity mechanisms of the OPC UA interface. | Test | verification, aetds, session-328 |
| VER-REQ-018 | Verify end-to-end AETDS batch cycle: Introduce spiked simulant into the Active Drain Collection Network, confirm collection in delay tank, execute hold period, draw and analyse sample via Batch Sampling Station, transfer through Chemical Treatment Plant if required, obtain discharge authorisation via LIMS, and discharge through the Discharge Monitoring and Control System with continuous monitoring. Pass criteria: full batch cycle completes within 48 hours, all intermediate data records present in LIMS, discharge activity below limits, proportional sample archived. Rationale: System-level integration test exercising the complete effluent management chain from waste generation to authorised discharge. 48-hour target includes 24-hour hold period plus processing time. | Demonstration | verification, aetds, integration, session-328 |
| VER-REQ-019 | Verify IFC-REQ-018: Inspect a filled 200-litre sludge drum from the Chemical Treatment Plant. Confirm dose rate at contact is below 2 mSv/h using calibrated survey meter. Verify waste characterisation record includes activity inventory, chemical composition, and package weight. Confirm drum is compatible with RWMF receipt criteria. Pass criteria: contact dose rate <2 mSv/h, characterisation record complete, drum passes RWMF acceptance checklist. Rationale: Verification of the waste transfer interface by inspection of the physical package and accompanying documentation. | Inspection | verification, aetds, session-328 |
| VER-REQ-020 | Verify IFC-REQ-019: Simulate criticality trip condition at the Criticality Warning System test input. Measure signal propagation latency from CWS relay output to SIT trip receipt using calibrated timing equipment. Verify latency is less than 10 ms across all three voting channels. Verify galvanic isolation by applying 2.5 kV test voltage between circuits for 60 seconds with no breakdown. Pass criteria: all channels below 10 ms latency, zero isolation failures. Rationale: Integration test at system boundaries to verify hardwired interface timing and isolation. | Test | verification, safety, session-329 |
| VER-REQ-021 | Verify IFC-REQ-020: Activate fire detection in a test zone. Measure time from fire confirmation to damper closure command receipt at the Standby Ventilation system. Verify command transmission within 2 seconds. Verify cable integrity by sustained fire test to BS 8519 at 842 degrees C for 120 minutes with circuit continuity maintained. Pass criteria: command latency below 2 seconds, cable circuit integrity maintained for 120 minutes. Rationale: Integration test verifying fire-to-ventilation interface timing and fire survivability of cabling. | Test | verification, fire, session-329 |
| VER-REQ-022 | Verify IFC-REQ-021: Remove primary UPS feed to the Criticality Warning System. Verify automatic changeover to secondary feed occurs within 1 ms using oscilloscope monitoring of the 24 VDC supply rail. Verify full criticality detection load is sustained on single feed. Repeat test removing secondary feed. Pass criteria: changeover time below 1 ms on both feeds, no detector dropout or counting interruption during transfer. Rationale: Power interface test ensuring zero detection gap during UPS feed changeover. | Test | verification, power, session-329 |
| VER-REQ-023 | Verify IFC-REQ-022: Initiate a simulated fire trip from the Safety Interlock system. Verify isolation commands reach the Depression Cascade Controller. Measure containment depression in non-affected zones during partial isolation and verify minimum 10 Pa is maintained. Pass criteria: trip command received, depression in non-affected zones remains above 10 Pa throughout the isolation transient. Rationale: System integration test verifying partial isolation maintains containment where no fire exists. | Test | verification, ventilation, session-329 |
| VER-REQ-024 | Verify IFC-REQ-023: Inspect all floor drain connections between spill containment areas and the active drain network. Verify no cross-connections to inactive drainage by dye tracing from each drain point. Measure water seal depth at each floor trap. Pass criteria: zero cross-connections found, all trap seals at or above 50 mm depth. Rationale: Physical inspection and dye trace test to verify drainage segregation integrity. | Inspection | verification, containment, session-329 |
| VER-REQ-025 | Verify end-to-end criticality response: inject simulated neutron burst at CWS detector input exceeding 20 mrad threshold. Verify the complete chain: CWS detection within 1 ms, trip signal to SIT within 10 ms, SIT trip initiation within 500 ms, criticality alarm activation via ECAS, ventilation isolation command to standby ventilation system. Total end-to-end time from neutron burst to completed facility response SHALL be less than 2 seconds. Pass criteria: all subsystems activate in sequence within timing budgets, alarm audible at 75 dBA, no subsystem fails to respond. Rationale: System-level integration test exercising the full criticality response chain from sensor to actuator. Tests the interfaces between CWS, SIT, ECAS, and ventilation systems as an integrated safety function. | Test | verification, integration, criticality, session-329 |
| VER-REQ-026 | Verify IFC-REQ-024: Test data transfer from characterization to packaging by performing gamma assay and surface survey on a reference waste item, then confirming the categorisation certificate appears in the packaging system within 5 minutes. Pass criteria: certificate contains correct waste category, activity inventory matching reference values within measurement uncertainty, and approved packaging route. Rationale: Integration test to verify the characterization-to-packaging data flow meets the 5-minute latency and data completeness requirements at the system boundary. | Test | verification, waste-management, characterization, session-330 |
| VER-REQ-027 | Verify IFC-REQ-025: Test drum transfer from packaging to store by sealing a test drum, verifying barcode scan retrieves the correct waste package data record, confirming surface contamination below transport limits, and tracking placement in the designated store position. Pass criteria: barcode correctly linked, contamination verified, placement within 4 hours, and store position matches criticality spacing plan. Rationale: Integration test at the packaging-to-store boundary ensuring positive identification, contamination verification, and criticality-safe placement are all functioning as a chain. | Test | verification, waste-management, packaging, session-330 |
| VER-REQ-028 | Verify IFC-REQ-026: Test cemented wasteform transfer by producing a test batch, holding for the 7-day curing period, confirming early-age strength test results are recorded, and verifying the package is assigned a criticality-compliant store position. Pass criteria: 7-day hold enforced by system interlock, strength test recorded against package ID, store position respects keff spacing. Rationale: Integration test verifying the curing-period hold, strength verification, and criticality-safe placement operate as a controlled sequence. Tests the most safety-significant interface in the waste management chain. | Test | verification, waste-management, liquid-conditioning, session-330 |
| VER-REQ-029 | Verify IFC-REQ-027: Test distillate return by processing a spiked liquid waste batch through evaporation, sampling the distillate at the hold-and-release point, and confirming activity concentrations are below 100 Bq/L alpha and 1000 Bq/L beta/gamma before drain release. Pass criteria: analytical results within limits, flow rate not exceeding 0.5 L/min, hold-and-release interlock prevents release if limits exceeded. Rationale: Verifies the critical environmental protection boundary between waste conditioning and the active drain system. Tests both the decontamination performance and the hold-and-release safety function. | Test | verification, waste-management, liquid-conditioning, effluent, session-330 |
| VER-REQ-030 | Verify IFC-REQ-028: Test bidirectional data exchange by creating a waste characterisation record in LIMS and confirming it appears in the Waste Records system within 60 seconds, then creating a waste package record in the Waste Records system and confirming chain-of-custody data is accessible from LIMS. Pass criteria: both synchronisation directions complete within 60 seconds, mutual TLS handshake verified, data integrity confirmed by checksum. Rationale: Verifies the information system integration that underpins regulatory record-keeping. Both directions must work because LIMS is the analytical authority and the Waste Records system is the waste package authority — each needs access to the other's data. | Test | verification, waste-management, records, lims, session-330 |
| VER-REQ-031 | Verify IFC-REQ-029: Test concentrate transfer by initiating a batch transfer from the Chemical Treatment Plant to the Liquid Waste Conditioning System with the conditioning system in both ready and not-ready states. Pass criteria: transfer proceeds when conditioning system is ready, physical interlock prevents transfer when not ready, analytical certificate accompanies the batch, and batch volume does not exceed 50 L. Rationale: Tests the safety interlock that prevents uncontrolled transfer of radioactive concentrates to an unprepared system. The interlock is a credited safety function in the liquid waste safety case. | Test | verification, waste-management, aetds, liquid-conditioning, session-330 |
| VER-REQ-032 | Verify end-to-end waste lifecycle: Process a solid waste item and a liquid waste batch through the complete RWMF chain from characterization/conditioning through packaging to storage placement, confirming that waste package data records are complete, nuclear material accountancy is reconciled with the site system within 24 hours, and all packages are placed in criticality-compliant store positions with environmental monitoring active. Pass criteria: all intermediate records created automatically, NMA reconciliation confirmed, store environmental parameters within limits, no orphaned packages without complete data records. Rationale: End-to-end integration test exercising both solid and liquid waste streams through the entire RWMF. This test verifies that the individual interface tests (IFC-REQ-024 through IFC-REQ-029) function as a coherent system and that no data is lost across the waste lifecycle chain. | Demonstration | verification, waste-management, integration, session-330 |
| VER-REQ-033 | Verify IFC-REQ-030: Commissioning test of pass-through hatch interlock by simultaneously commanding both doors open and confirming interlock prevents second door from opening. Verify container clearance with a 500 mm diameter by 800 mm height test article. Pass criteria: interlock holds under all attempted sequences; test article passes through without obstruction. Rationale: Integration test to verify physical interface compliance at the C2/C3 containment boundary. | Test | verification, sample-receipt, session-331 |
| VER-REQ-034 | Verify IFC-REQ-031: Demonstrate end-to-end data transfer from screening station measurement completion to Registration System display within 30 seconds using a test source. Verify dual physical routing by processing one contact-handled and one remote-handled sample through their respective routes. Pass criteria: data arrives within 30 seconds; each sample reaches correct preparation area. Rationale: Integration test verifying both the electronic data interface and the physical sample routing paths function as designed. | Demonstration | verification, sample-receipt, session-331 |
| VER-REQ-035 | Verify IFC-REQ-032: Demonstrate message queuing resilience by registering 10 samples with LIMS offline, then restoring LIMS and confirming all 10 records synchronise within 15 minutes of recovery with no data loss. Pass criteria: all 10 records appear in LIMS with correct fields; resync completes within 15 minutes. Rationale: Integration test proving the Registration System can operate independently during LIMS outage and resynchronise without data loss — a key architectural decision. | Demonstration | verification, sample-receipt, session-331 |
| VER-REQ-036 | Verify end-to-end Sample Receipt workflow: process a simulated sample from physical arrival at the Receiving Bay through dose rate screening, contamination check, registration, barcode labelling, preparation (acid digestion with tracer spiking), and storage. Pass criteria: sample arrives at storage with complete chain-of-custody record, all screening results recorded in LIMS, preparation records traceable to original registration, and total workflow time under 4 hours for a contact-handled sample. Rationale: System-level integration test exercising the complete sample receipt chain from physical arrival to prepared aliquot. The 4-hour target is the operational throughput requirement for routine dockyard samples. | Demonstration | verification, sample-receipt, session-331 |
| VER-REQ-037 | Verify IFC-REQ-033: Analyse five transferred aliquots by ICP-OES to confirm HNO3 molarity is within 2-8 M range. Verify volume does not exceed 100 mL. Verify barcode on PTFE vial matches sample record. Pass criteria: all five aliquots within acid range; volumes at or below 100 mL; barcode-to-record match 100 percent. Rationale: Acid matrix compatibility is critical for downstream chromatography performance — feed outside 2-8 M HNO3 causes actinide breakthrough on TEVA resin. | Test | verification, radchem-sep, session-331 |
| VER-REQ-038 | Verify IFC-REQ-034: Weigh ten electrodeposited discs and confirm deposited mass is below 100 micrograms. Measure alpha spectrum on each disc and confirm FWHM resolution is 40 keV or better for the Pu-239/240 peak. Pass criteria: all ten discs below mass limit; all spectra meet resolution threshold. Rationale: Source quality directly determines measurement performance — this test verifies the hand-off point between separations and counting. | Test | verification, radchem-sep, session-331 |
| VER-REQ-039 | Verify IFC-REQ-035: Inspect waste segregation during a simulated multi-sample processing campaign. Verify each waste stream is correctly routed to its designated container with barcode linkage to originating work order. Verify organic solvent containers have flash point and activity labels. Pass criteria: zero cross-contamination between streams; 100 percent barcode traceability. Rationale: Waste segregation failure has regulatory and safety consequences — inspection during operational simulation is the appropriate verification method for procedural compliance. | Inspection | verification, radchem-sep, session-331 |
| VER-REQ-040 | Verify IFC-REQ-036: Inject a precision pulser signal at the preamplifier test input and measure pulse shape at the MCA input with a digital oscilloscope. Verify rise time is less than 100 ns, amplitude is within 0 to 10 V range, and noise floor is less than 2 mV RMS. Pass criterion: all 8 channels meet specification simultaneously with 15 m cable runs installed. Rationale: Integration test confirms cable plant and connector quality after installation. Noise floor measurement validates electromagnetic compatibility in the nuclear facility environment. | Test | verification, gamma-spectrometry, session-333 |
| VER-REQ-041 | Verify IFC-REQ-037: Initiate simultaneous spectrum transfers from all 8 MCA channels to the analysis workstation. Measure transfer completion time for each 16384-channel spectrum. Pass criterion: all transfers complete within 2 seconds, no packet loss on dedicated VLAN, and spectral data integrity verified by checksum comparison. Rationale: Concurrent transfer from all channels represents worst-case network load during high-throughput campaigns. | Test | verification, gamma-spectrometry, session-333 |
| VER-REQ-042 | Verify IFC-REQ-038: Process a multi-nuclide reference sample spectrum through the full analysis chain and verify that the workstation automatically posts all required data fields to LIMS upon analyst approval. Pass criterion: nuclide identity, activity, uncertainty, MDA, and QC status fields all populate correctly in LIMS, with timestamp correlation within 5 seconds of approval action. Rationale: End-to-end demonstration validates the automated result transfer chain that eliminates transcription errors. | Demonstration | verification, gamma-spectrometry, session-333 |
| VER-REQ-043 | Verify end-to-end gamma spectrometry chain: place a NIST-traceable mixed-nuclide reference source (containing Cs-137, Co-60, Am-241, Eu-152 at certified activities) in a standard counting geometry, acquire spectrum for 3600 seconds, and process through automated analysis to LIMS result. Pass criterion: all reported activities within 10 percent of certified values at 95 percent confidence, MDA for Cs-137 is less than or equal to 0.5 Bq/L equivalent, total turnaround from sample placement to LIMS result less than 90 minutes. Rationale: System-level integration test validates that the combined performance of detector, shielding, MCA, and analysis software meets SYS-REQ-001. Exercises the full chain from photon detection to certified result. | Test | verification, gamma-spectrometry, session-333 |
| VER-REQ-044 | Verify IFC-REQ-039: Inspect all 8 vacuum chamber sample trays for correct spring-clip engagement with 25 mm planchets. Verify engraved identification is legible after 10 electrodeposition cycles. Pass criterion: all planchets seat repeatably within 0.5 mm of reference position, identification legible under standard laboratory lighting. Rationale: Positional repeatability determines counting geometry reproducibility. Identification legibility ensures chain-of-custody integrity throughout sample lifetime. | Inspection | verification, alpha-spectrometry, session-333 |
| VER-REQ-045 | Verify IFC-REQ-040: For each of the 8 channels, test vacuum interlock by venting one chamber while remaining chambers are under vacuum. Verify that only the vented chamber MCA channel inhibits acquisition while all other channels continue counting uninterrupted. Pass criterion: acquisition inhibits within 5 seconds of vacuum status changing to bad, resumes within 10 seconds of vacuum restoration. Rationale: Independent vacuum interlock per channel ensures a single chamber service event does not halt all alpha counting operations. | Test | verification, alpha-spectrometry, session-333 |
| VER-REQ-046 | Verify end-to-end alpha spectrometry: process a NIST-traceable mixed-actinide reference solution (Pu-239, Am-241, Cm-244) through electrodeposition, count for 86400 seconds, and analyse with MCA software. Pass criterion: reported activities within 15 percent of certified values at 95 percent confidence, Pu-239/240 MDA of 0.5 mBq or less, tracer recovery between 70 and 110 percent, and Pu-238 peak resolved from Am-241 with valley-to-peak ratio less than 0.3. Rationale: System-level integration test validates the complete alpha analysis chain against SYS-REQ-004. Valley-to-peak ratio confirms adequate source quality and detector resolution for the most demanding peak separation in the analysis. | Test | verification, alpha-spectrometry, session-333 |
| VER-REQ-047 | Verify IFC-REQ-041: Test by processing 10 simulated H-3 distillate and 10 C-14 fraction transfers through the full handover protocol. Verify vial integrity (no leakage after 24h), label readability, documentation completeness, and that receiving QC checks identify any out-of-specification fractions. Pass criteria: 100% documentation compliance, zero vial failures, all barcode scans successful. Rationale: Interface testing at the separations-LSC boundary validates the physical handover process that ensures sample integrity and traceability. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-048 | Verify IFC-REQ-042: Test by loading 50 prepared vials in standard counting cassettes into the sample changer. Verify all barcodes read correctly, vial geometry acceptance rate is 100%, and counting protocol auto-assignment matches LIMS work orders. Pass criteria: zero barcode read failures, zero vial rejection, correct protocol assignment for all 50 vials. Rationale: Sample changer interface testing ensures mechanical compatibility and barcode system reliability under realistic batch sizes. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-049 | Verify IFC-REQ-043: Test by running a full counting batch (20 vials including standards, blanks, and spiked samples) and verifying complete spectral data transfer to the analysis workstation. Verify all specified data fields are present, spectrum channel count matches instrument specification, tSIE values are within expected range for each quench level, and transfer completes within 60 seconds of counting cycle end. Rationale: Data transfer integrity testing ensures the analysis workstation receives complete, uncorrupted spectral data for accurate activity calculation and QA review. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-050 | Verify IFC-REQ-044: Test by processing a validated batch through QA approval and monitoring transfer to LIMS. Verify all required data fields arrive in LIMS within 30 minutes, activity values match workstation values to 6 significant figures, uncertainty values transfer correctly, and authentication/integrity checks pass. Inject deliberate data corruption to verify integrity check rejection. Rationale: LIMS interface testing validates the regulated data path from analysis to system of record, including positive and negative testing of integrity controls. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-051 | Verify end-to-end LSC chain: Test by processing 5 blind H-3 spiked samples and 5 blind C-14 spiked samples through the complete path from separations handover, through sample preparation, counting, data analysis, QA approval, to LIMS result entry. Pass criteria: all 10 results within 10% of the known spike value, all uncertainty budgets correctly calculated, and total turnaround time from vial receipt to LIMS entry not exceeding 48 hours. Rationale: End-to-end integration test exercises the full LSC measurement chain under realistic conditions. The 10% accuracy criterion against known spikes validates measurement traceability. 48-hour turnaround validates operational throughput during dockyard campaigns. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-052 | Verify IFC-REQ-045: Test by processing 20 simulated separated fractions through the autosampler. Verify matrix compatibility (no signal suppression >10%), tube geometry acceptance, label readability, and that autosampler processes all tubes without intervention. Include 3 matrix-mismatched tubes (>5% HNO3) to verify detection of out-of-specification fractions. Rationale: Interface testing validates physical and chemical compatibility between separation chemistry output and ICP-MS sample introduction. | Test | verification, icp-ms, session-334 |
| VER-REQ-053 | Verify IFC-REQ-046: Test by running a full calibration and sample batch (30 samples) and verifying complete data transfer. Confirm all mass channels present, CPS values match instrument display, internal standard ratios calculated correctly, and automatic backup completes within 5 minutes of batch end. Simulate network failure to verify data buffering and retry. Rationale: Data transfer testing validates the measurement data pipeline integrity and resilience for the complete analytical batch workflow. | Test | verification, icp-ms, session-334 |
| VER-REQ-054 | Verify IFC-REQ-047: Test bidirectional communication with each instrument type by sending 50 work orders and receiving 50 result sets per instrument. Verify work order parameters arrive correctly, result values match source to 6 significant figures, checksums validate on all transfers, and message queuing functions correctly during a simulated 30-minute LIMS outage. Pass criteria: zero data loss, zero corruption, queue drains within 10 minutes of LIMS recovery. Rationale: Comprehensive interface testing validates the LIMS integration with all instrument types under normal and degraded conditions. | Test | verification, lims, session-334 |
| VER-REQ-055 | Verify IFC-REQ-048: Integration test of BMS-to-EPDS Modbus TCP interface. Simulate transformer overtemperature condition and verify BMS receives alarm within 1 second and issues load shedding command. Pass criteria: load shedding confirmed on non-essential distribution board within 5 seconds of overtemperature setpoint breach. Rationale: Integration test to verify interface compliance and protection response timing at system boundaries. | Test | verification, lab-utilities, session-335 |
| VER-REQ-056 | Verify IFC-REQ-049: Integration test of BMS-to-Chilled Water BACnet/IP interface. Simulate primary chiller fault and verify automatic duty/standby changeover completes with chilled water flow temperature maintained within 6 plus or minus 1C during transition. Pass criteria: changeover complete within 60 seconds with no laboratory temperature excursion. Rationale: Duty/standby changeover is the primary resilience mechanism for maintaining laboratory temperature stability during chiller plant faults. | Test | verification, lab-utilities, session-335 |
| VER-REQ-057 | Verify IFC-REQ-050: Integration test of gas isolation on fire alarm. Activate zone fire alarm and measure time from alarm signal to confirmed valve closure on flammable gas supply. Pass criteria: all zone isolation valves closed within 5 seconds and closure status reported to fire panel within 3 seconds of closure. Rationale: Fire safety case critical test. Gas isolation timing is a fire safety case claim that must be demonstrated before facility commissioning. | Test | verification, lab-utilities, session-335 |
| VER-REQ-058 | Verify IFC-REQ-054: Integration test of normal-to-emergency power changeover. Simulate normal supply failure and verify generator start, load acceptance, and motorised changeover. Pass criteria: essential loads transferred within 15 seconds of generator reaching rated output, UPS output uninterrupted during transfer. Rationale: Power changeover timing is critical to UPS autonomy margin. Test must confirm the entire chain from detection through generator start to load transfer operates within design envelope. | Test | verification, lab-utilities, session-335 |
| VER-REQ-059 | Verify end-to-end utility failure response: Simulate total normal supply loss and verify the complete chain from UPS bridging through generator start, changeover switch operation, BMS alarm presentation, gas supply isolation (if fire alarm concurrent), and laboratory instrument continuity. Pass criteria: ICP-MS plasma maintained throughout, gamma spectrometry counts uninterrupted, LIMS server remains operational, BMS displays correct facility status within 30 seconds of initial failure. Rationale: System-level integration test exercising the most critical utility failure scenario. Confirms that the utility subsystem components interact correctly under the highest-consequence failure mode to maintain analytical capability. | Test | verification, lab-utilities, session-335 |
| VER-REQ-069 | Verify SUB-REQ-099: Conduct a proof test of all SIL 3 safety functions by injecting simulated trip conditions through the complete chain from sensor input to final element actuation. Confirm each function trips within its specified response time. Record all proof test results and confirm the test interval does not exceed 3 months since the previous proof test. Rationale: Proof testing validation ensures the claimed SIL is maintained throughout the facility operational life. The complete chain test verifies sensor, logic solver, and final element integrity rather than partial testing which could miss degraded components. | Test | verification, safety, validation, session-337 |
| VER-REQ-070 | Verify SUB-REQ-100: Review the safety system design documentation and confirm that each 2oo3 voting group employs at least two different sensing principles or manufacturers. Conduct a common cause failure analysis per IEC 61511 Annex E demonstrating that the beta factor for each voting group does not exceed 0.02 for SIL 3 functions. Rationale: CCF defence adequacy cannot be demonstrated by testing alone. Design review confirms diversity is implemented as specified. The beta factor analysis per IEC 61511 quantifies residual CCF vulnerability and must meet SIL 3 targets to validate the safety case claims. | Analysis | verification, safety, ccf, validation, session-337 |
| VER-REQ-071 | Verify SYS-REQ-011: Conduct penetration testing of the LIMS network segment by an independent assessor. Confirm RBAC enforces least-privilege access for each role. Verify MFA is required for all login sessions. Confirm encryption at rest by examining database storage configuration and in transit by capturing network traffic and verifying TLS 1.2 or later. Confirm network segmentation by attempting lateral movement from office and OT network segments. Rationale: Cybersecurity controls must be validated by independent testing, not self-assessment alone. Penetration testing is required under NIS Regulations assessment framework. The combination of configuration verification and active testing provides confidence that controls are both configured and effective against realistic attack scenarios. | Test | verification, cybersecurity, validation, session-337 |
| Requirement | Verified By | Description |
|---|---|---|
| SUB-REQ-100 | VER-REQ-070 | CCF analysis validates diverse redundancy design of safety trip channels |
| SUB-REQ-099 | VER-REQ-069 | Proof test procedure validates ongoing SIL compliance of safety functions |
| SUB-REQ-038 | VER-068 | Emergency power UPS and battery autonomy test |
| SUB-REQ-010 | VER-067 | CAM alpha sensitivity and reliability test |
| SUB-REQ-037 | VER-066 | 2oo3 voting timing and independence test |
| SUB-REQ-036 | VER-065 | Safety interlock SIL 3 proof test |
| SUB-REQ-032 | VER-060 | Criticality detection proof test |
| SUB-REQ-003 | VER-REQ-006 | End-to-end tracer test validates HEPA and containment chain |
| IFC-REQ-049 | VER-REQ-056 | Integration test for BMS-CHW BACnet/IP interface |
| IFC-REQ-055 | VER-REQ-071 | Lateral movement test during penetration testing verifies unidirectional gateway enforcement |
| IFC-REQ-054 | VER-REQ-058 | Integration test for normal-to-emergency power changeover |
| IFC-REQ-050 | VER-REQ-057 | Integration test for gas isolation on fire alarm |
| IFC-REQ-001 | VER-REQ-001 | Ductwork inspection and pressure test for IFC-REQ-001 |
| IFC-REQ-002 | VER-REQ-002 | Integration test for cascade-fan control loop |
| IFC-REQ-003 | VER-REQ-003 | Manifold commissioning test for IFC-REQ-003 |
| IFC-REQ-004 | VER-REQ-004 | Sampling point inspection for IFC-REQ-004 |
| IFC-REQ-006 | VER-REQ-005 | Emergency override independence test for IFC-REQ-006 |
| IFC-REQ-007 | VER-REQ-007 | Integration test for CAM-to-HP Central Modbus interface |
| IFC-REQ-008 | VER-REQ-008 | Dual-path diversity test for area gamma to HP Central |
| IFC-REQ-009 | VER-REQ-009 | Latency test for contamination monitoring data path |
| IFC-REQ-010 | VER-REQ-010 | OPC-UA dosimetry data and alarm notification test |
| IFC-REQ-012 | VER-REQ-011 | Hardwired evacuation relay independence test |
| IFC-REQ-013 | VER-REQ-013 | Integration test for drain-to-tank flow interface |
| IFC-REQ-014 | VER-REQ-014 | Sample line purge and cross-contamination test |
| IFC-REQ-016 | VER-REQ-015 | SIL 2 proof test for discharge isolation safety function |
| IFC-REQ-015 | VER-REQ-016 | Treatment loop transfer and DF verification |
| IFC-REQ-017 | VER-REQ-017 | OPC UA data transfer latency and integrity test |
| IFC-REQ-018 | VER-REQ-019 | Inspection verification for ILW sludge drum transfer interface |
| IFC-REQ-019 | VER-REQ-020 | Integration test for CWS-SIT hardwired interface |
| IFC-REQ-020 | VER-REQ-021 | Integration test for fire-to-ventilation damper command |
| IFC-REQ-021 | VER-REQ-022 | Power changeover test for CWS dual-redundant UPS |
| IFC-REQ-022 | VER-REQ-023 | Partial isolation containment test |
| IFC-REQ-023 | VER-REQ-024 | Drainage segregation inspection |
| IFC-REQ-024 | VER-REQ-026 | Integration test for characterization-to-packaging data transfer |
| IFC-REQ-025 | VER-REQ-027 | Integration test for packaging-to-store drum transfer |
| IFC-REQ-026 | VER-REQ-028 | Integration test for cemented wasteform transfer to store |
| IFC-REQ-027 | VER-REQ-029 | Test for distillate return activity limits and hold-and-release interlock |
| IFC-REQ-028 | VER-REQ-030 | Bidirectional data exchange test between Waste Records and LIMS |
| IFC-REQ-029 | VER-REQ-031 | Transfer interlock test for CTP to liquid conditioning |
| IFC-REQ-030 | VER-REQ-033 | Airlock interlock and clearance test for receiving-to-screening interface |
| IFC-REQ-031 | VER-REQ-034 | Data transfer timing and dual routing test for screening-to-preparation interface |
| IFC-REQ-032 | VER-REQ-035 | Message queue resilience test for registration-to-LIMS interface |
| IFC-REQ-033 | VER-REQ-037 | Acid matrix compatibility test for digestion-to-separation interface |
| IFC-REQ-034 | VER-REQ-038 | Source quality test for separation-to-counting interface |
| IFC-REQ-035 | VER-REQ-039 | Waste segregation compliance inspection |
| IFC-REQ-036 | VER-REQ-040 | Pulser test for HPGe-MCA signal interface |
| IFC-REQ-037 | VER-REQ-041 | Network transfer test for MCA-Analysis data path |
| IFC-REQ-038 | VER-REQ-042 | End-to-end result transfer demonstration to LIMS |
| IFC-REQ-039 | VER-REQ-044 | Physical inspection of planchet-chamber interface |
| IFC-REQ-040 | VER-REQ-045 | Vacuum interlock independence test per channel |
| IFC-REQ-041 | VER-REQ-047 | Interface test for separations-to-LSC handover |
| IFC-REQ-042 | VER-REQ-048 | Interface test for sample prep to counter loading |
| IFC-REQ-043 | VER-REQ-049 | Data transfer integrity test for counter-to-analysis interface |
| IFC-REQ-044 | VER-REQ-050 | LIMS transfer verification for analysis-to-LIMS interface |
| IFC-REQ-045 | VER-REQ-052 | Interface test for separations-to-ICP-MS sample transfer |
| IFC-REQ-046 | VER-REQ-053 | Data transfer test for ICP-MS instrument to workstation |
| IFC-REQ-047 | VER-REQ-054 | Integration test for LIMS-to-instrument bidirectional interface |
| IFC-REQ-048 | VER-REQ-055 | Integration test for BMS-EPDS Modbus TCP interface |
| SYS-REQ-011 | VER-REQ-071 | Penetration testing and configuration audit verify LIMS cybersecurity controls |
| SYS-REQ-010 | VER-REQ-051 | End-to-end integration test verifies system LSC detection limit |
| SYS-REQ-004 | VER-REQ-046 | End-to-end alpha spectrometry system integration test |
| SYS-REQ-001 | VER-REQ-043 | End-to-end gamma spectrometry system integration test |
| SYS-REQ-005 | VER-REQ-036 | End-to-end verification of sample receipt workflow |
| SYS-REQ-009 | VER-REQ-032 | End-to-end verification of waste lifecycle with fissile tracking |
| SYS-REQ-009 | VER-REQ-025 | End-to-end verification of criticality response chain |
| SYS-REQ-003 | VER-REQ-018 | End-to-end verification of effluent treatment batch cycle |
| SYS-REQ-006 | VER-REQ-012 | End-to-end verification of radiation protection chain |
| Ref | Document | Requirement |
|---|---|---|
| VER-REQ-059 | verification-plan | Verify end-to-end utility failure response: Simulate total normal supply loss and verify the complete chain from UPS bri... |