System Design Description (SyDD) — ISO/IEC/IEEE 15289 — Description | IEEE 29148 §6.5
Generated 2026-03-27 — UHT Journal / universalhex.org
| Entity | Hex Code | Description |
|---|---|---|
| Access control failure trapping occupants during emergency evacuation | 40050211 | Hazard in Smart Building Management System during Fire Emergency mode: If access-controlled doors fail to release to fail-safe open during fire alarm, occupants are trapped behind locked doors in evacuation routes. Consequence: delayed evacuation, crush injuries at bottleneck points, potential fatalities. Root cause: door controller firmware fault, loss of power to electromagnetic locks without fail-safe wiring, or fire alarm integration not tested end-to-end. |
| BACnet trunk failure isolating three floors scenario | 00165200 | Degraded operation scenario: At 10:15, BACnet trunk cable serving floors 15-17 is severed during unrelated construction work. BMS loses communication with 45 VAV controllers, 12 AHU controllers, and 90 lighting circuits on those floors. BMS raises priority-2 alarm to facility manager dashboard and sends SMS. Floors 15-17 HVAC controllers revert to last-known setpoints using local standalone logic. Lighting falls back to fixed schedule. Occupants on those floors experience slightly degraded comfort — temperature may drift ±2°C from setpoint. Fire systems on those floors operate independently (separate fire loop, not BACnet-dependent). Maintenance dispatched, estimates 4-hour repair. Facility manager monitors via portable temperature loggers. |
| Building automation regulatory framework UK | 408438D9 | Regulatory constraints on Smart Building Management System: EN 15232 (Building automation impact on energy performance) Class A target, BS 5839-1 (Fire detection and alarm systems for buildings) Category L1, BS 7671:2018 (IET Wiring Regulations) 18th Edition, Regulatory Reform (Fire Safety) Order 2005, Building Regulations Part L (Conservation of fuel and power), HSE ACOP L8 (Legionnaires' disease control), GDPR for occupancy data, BS EN 50131 (Alarm systems — Intrusion and hold-up systems), Cyber Assessment Framework for OT networks. |
| Building Occupant | 000C4289 | End user of Smart Building Management System environmental services. 2000+ office workers across 20 floors, present 08:00-18:00 weekdays with some after-hours use. Expects 21-23°C, 40-60% RH, adequate lighting (500 lux at desk), and secure access. Interacts via badge readers, room booking panels, and comfort complaint app. Has no direct BMS control. Includes vulnerable individuals (asthma, mobility impairments) who are more sensitive to environmental excursions and slower to evacuate. |
| Building Owner and Energy Manager | 00001AFD | Commercial property owner responsible for whole-life cost and ESG (Environmental, Social, Governance) performance of the building served by Smart Building Management System. Sets energy reduction targets (net-zero by 2030), approves capital expenditure on BMS upgrades, reviews monthly energy reports. Concerned with EN 15232 Class A compliance, EPC (Energy Performance Certificate) rating, and NABERS-like operational energy ratings. Not involved in day-to-day operations but sets strategic direction for sustainability and occupant experience. |
| Commercial office building indoor environment | 44841018 | Operating environment for Smart Building Management System: 50,000 sqm gross floor area across 20+ floors in temperate maritime climate (UK). Indoor design conditions: 21-23°C heating season, 23-25°C cooling season, 40-60% RH, 500 lux office areas, CO2 below 1000 ppm. External conditions: -5°C to 38°C ambient, 30-95% RH, wind to 100 km/h. Building fabric: double-glazed curtain wall, U-value 1.4 W/m²K. Electrical supply: dual 11kV feeds with diesel standby generator for life-safety loads. |
| Degraded Operation mode of Smart Building Management System | 50B47A00 | Fallback state when one or more non-safety-critical subsystems have failed or lost communication. Examples: loss of BACnet trunk to one floor (HVAC reverts to local standalone control at last setpoint), cloud analytics offline (supervisory runs on local server only), occupancy sensors failed (lighting follows fixed schedule instead of adaptive). Facility manager receives alarm and dispatches maintenance. System continues operating with reduced optimisation. Safety-critical subsystems (fire, emergency lighting) must remain fully functional — if they degrade, transition to Emergency mode instead. |
| Facility Manager | 010D5AF9 | Primary human operator of Smart Building Management System. Monitors dashboard 08:00-18:00 weekdays, responds to alarms, approves maintenance requests and demand response strategies, manages energy targets. Responsible for occupant comfort complaints, regulatory compliance reporting, and contractor coordination. Typically holds BIFM (British Institute of Facilities Management) qualification. |
| Fire Emergency mode of Smart Building Management System | 51F77A50 | Triggered by confirmed fire alarm (two-detector coincidence or manual call point activation) per BS 5839-1 (Fire detection and fire alarm systems for buildings). HVAC shuts down supply fans to prevent smoke spread, activates smoke extraction fans in affected zones, pressurises stairwells for evacuation. Access control releases all doors to fail-safe open for egress. Lighting switches to emergency battery-backed circuits. Lifts recalled to ground floor and locked out. Fire panel sends signal to local fire service via monitored connection. Building evacuation announced via PA. Exit condition: fire brigade issues all-clear AND fire panel reset by authorised person. |
| Fire Safety Officer | 018D7AF9 | Responsible person under Regulatory Reform (Fire Safety) Order 2005 for the building served by Smart Building Management System. Ensures fire detection, alarm, evacuation, and suppression systems comply with BS 5839-1 and BS 9999. Reviews BMS fire mode logic, approves changes to smoke management strategy, conducts weekly fire alarm tests, and coordinates annual fire risk assessment. Interfaces with local fire and rescue service. Must approve any BMS software change that affects fire safety functions. |
| Floor fire during occupied hours scenario | 14F77A11 | Emergency scenario: At 14:30 on a Tuesday, smoke detector on floor 12 activates. BMS waits for second detector (coincidence logic per BS 5839-1). 15 seconds later, adjacent detector confirms. Fire panel transitions BMS to Fire Emergency mode. HVAC: floor 12 supply AHU shuts down, smoke extraction fans activate, stairwell pressurisation fans start within 30 seconds. Access control: all doors on floors 10-14 release. Lifts recalled. PA announces evacuation. Fire service called automatically. 2000 occupants evacuate via pressurised stairwells. Fire brigade arrives in 8 minutes. After 45 minutes, brigade issues all-clear. Facility manager resets panel, BMS transitions to Startup for re-occupancy. |
| HVAC Maintenance Contractor | 00843AF8 | Third-party specialist responsible for preventive and corrective maintenance of HVAC plant controlled by Smart Building Management System. Visits quarterly for scheduled maintenance (filter changes, coil cleaning, sensor calibration) and on-call for breakdowns. Requires BMS maintenance-level access to isolate equipment, view trends, and acknowledge alarms. Must hold F-Gas certification for refrigerant handling. Works under permit-to-work system coordinated with facility manager. |
| HVAC overcooling or overheating due to sensor failure | 00040209 | Hazard in Smart Building Management System during Normal Operation: Failed or drifted temperature sensor causes HVAC to drive zone temperature to extreme — overcooling to <10°C or overheating to >35°C. Consequence: occupant discomfort, heat stress for vulnerable individuals, potential hypothermia in server rooms with overcooling, condensation damage to equipment. Root cause: sensor wiring fault, calibration drift, or stuck-at-value failure mode not detected by BMS watchdog. |
| Legionella proliferation due to hot water system control failure | 20052A55 | Hazard in Smart Building Management System during Normal or Degraded Operation: BMS controls domestic hot water (DHW) system. If temperature control fails and water temperature drops below 60°C in storage or below 50°C at outlets, Legionella pneumophila can proliferate. Consequence: Legionnaires' disease outbreak, potentially fatal for immunocompromised occupants. Root cause: DHW setpoint overridden during energy-saving mode, sensor failure, or pasteurisation cycle not executed. Regulatory: HSE ACOP L8 (Legionnaires' disease: The control of legionella bacteria in water systems). |
| Local fire and rescue service interface | 40E57A58 | External system interfacing with Smart Building Management System: monitored fire alarm connection to local fire and rescue service via BS 5979-compliant alarm receiving centre (ARC). Transmits fire alarm confirmation, zone location, and system status. Fire service responds within 8 minutes average. Interface is one-way (alarm to ARC); fire brigade communicates with building via radio and fire panel on arrival. Owned by fire and rescue authority. Availability: 99.99% (dual-path signalling required by BS 5839-1). |
| Maintenance mode of Smart Building Management System | 40B43B18 | Controlled state for planned maintenance activities on individual subsystems. Maintenance technician logs into BMS, selects zone or subsystem, and takes it offline. System bypasses that zone's automation while maintaining control of adjacent zones. Safety interlocks prevent disabling fire systems without fire watch procedure. HVAC maintenance may require isolating AHU, flushing coils, calibrating sensors — system logs all overrides for audit. Access control maintenance may involve firmware updates to door controllers. Entry: authorised maintenance request. Exit: technician returns subsystem to automatic, system confirms all readings nominal. |
| Monday morning office warm-up scenario | 50F63200 | Normal operations scenario: At 05:30, BMS transitions from Unoccupied Setback to Startup mode. HVAC begins pre-occupancy conditioning — AHUs start at 100% fresh air for 30-minute purge, then switch to mixed-air mode and drive zones toward 22°C. Lighting activates floor-by-floor following cleaning crew movement (PIR-detected). At 07:00, first badge-ins trigger lobby and lift access. By 08:00, occupancy reaches 60%; BMS optimises VAV box positions based on CO2 and occupancy sensors. Facility manager reviews overnight alarm log on dashboard. Energy dashboard shows predicted consumption vs target. |
| Normal Operation mode of Smart Building Management System | 51F73A08 | Primary 24/7 operating state during occupied hours (06:00-22:00 weekdays). All subsystems active: HVAC maintaining 21-23°C and 40-60% RH, lighting following daylight harvesting schedules, access control validating credentials at all entry points, fire systems in monitoring state. Facility manager monitors via central dashboard. Energy optimisation algorithms actively load-shifting and demand-responding. Transitions from Startup mode when all zone temperatures within setpoint ±1°C and all field controllers reporting nominal. |
| Quarterly HVAC maintenance and sensor calibration scenario | 40B47A58 | Maintenance scenario: Every quarter, HVAC maintenance contractor performs preventive maintenance on AHUs. Maintenance technician badges in at 06:00 Saturday, logs into BMS with maintenance credentials. Selects AHU-03 (floors 7-9) for service. BMS transitions AHU-03 to Maintenance mode — stops fans, opens isolation dampers for access, displays lockout warning on dashboard. Adjacent AHUs increase output to partially compensate. Technician replaces filters, cleans coils, calibrates temperature and humidity sensors using NIST-traceable reference instruments. After 4 hours, technician returns AHU-03 to automatic. BMS runs self-test sequence, confirms sensor readings within tolerance (±0.5°C, ±3% RH). AHU resumes normal operation. Maintenance log auto-generated for compliance records. |
| Security Operations Centre operator | 41AD7AF9 | 24/7 manned security control room that monitors access control, CCTV, and intruder detection subsystems integrated with Smart Building Management System. Operators validate visitor access, respond to forced-door and tailgating alarms, coordinate with police for security incidents, and manage after-hours restricted access mode. Security system interfaces with BMS for door-held-open alarms and occupancy-based zone activation. Operates under SIA (Security Industry Authority) licensing requirements. |
| Smart Building Management System | 51FF7B59 | Integrated building automation system controlling HVAC (heating, ventilation, air conditioning), access control, fire detection and suppression, lighting, and energy management for a large commercial office building (50,000+ sqm). Operates 24/7, managing indoor environmental quality for 2000+ occupants while minimising energy consumption. Interfaces with utility grid, security operations, fire services, and building maintenance. Subject to EN 15232 (building automation impact on energy performance), BS 7671 wiring regulations, BS 5839 fire detection, and local building codes. Integrates BACnet and Modbus field devices across 20+ floors with central supervisory control and cloud analytics. |
| Smoke spread due to HVAC failure to shutdown on fire alarm | 04050201 | Hazard in Smart Building Management System during Fire Emergency mode: If BMS fails to command HVAC supply fans off and smoke extraction on upon confirmed fire alarm, supply air ducts become pathways for smoke propagation to unaffected floors. Consequence: occupant exposure to toxic smoke in areas believed safe, evacuation routes compromised, potential fatalities. Root cause: communication failure between fire panel and HVAC controller, software fault in emergency mode logic, or relay failure on fan contactors. |
| Stairwell pressurisation failure during fire evacuation | 10050211 | Hazard in Smart Building Management System during Fire Emergency mode: Smoke management system fails to pressurise stairwells during fire event. Consequence: smoke infiltrates evacuation stairwells, occupants on upper floors cannot evacuate safely, potential fatalities from smoke inhalation. Root cause: pressurisation fan failure, damper actuator stuck closed, incorrect pressure differential setpoint, or BMS fails to trigger pressurisation sequence. This is independent of HVAC shutdown — even if supply fans are stopped, stairwell pressurisation must actively engage. |
| Startup and Commissioning mode of Smart Building Management System | 51F77A18 | Initial system bring-up after power restoration, maintenance shutdown, or seasonal recommissioning. Sequential energisation of subsystems: fire safety first (life-safety priority), then access control, then HVAC pre-conditioning, then lighting. Each subsystem performs self-test and reports status to supervisory controller. HVAC runs pre-occupancy purge cycle (30 min) to flush stale air. Commissioning engineer present during initial startup; automated on subsequent warm starts. Exit condition: all subsystems report nominal, zone temperatures within 2°C of setpoint. |
| Summer heatwave peak demand response scenario | 40B47A19 | Degraded/stressed operation scenario: Outdoor temperature reaches 38°C during a multi-day heatwave. Utility grid operator issues demand response signal requesting 20% load reduction for 2 hours (14:00-16:00). BMS receives signal via OpenADR interface. Energy management subsystem calculates response strategy: raise cooling setpoints by 2°C (to 24°C), dim perimeter lighting by 30% (daylight abundant), pre-cool thermal mass between 12:00-14:00, shift non-critical loads (DHW heating, EV charging) to post-16:00. Facility manager approves plan on dashboard. During DR event, some occupants report warmth; BMS prioritises meeting rooms with scheduled events. Grid operator confirms compliance; building earns demand response credit. |
| Unauthorised access through BMS cyber intrusion | 40040009 | Hazard in Smart Building Management System during any mode: Attacker exploits BACnet/IP or Modbus TCP network to gain control of BMS. Consequence: attacker can disable fire alarms, unlock access-controlled doors, manipulate HVAC to create uncomfortable or dangerous conditions, exfiltrate occupancy data for surveillance. Root cause: unsegmented OT/IT network, default credentials on field controllers, unencrypted BACnet traffic, lack of intrusion detection on building automation network. |
| Unoccupied Setback mode of Smart Building Management System | 40B63A58 | After-hours and weekend mode when building occupancy drops below 5%. HVAC setpoints widened to 16-28°C to reduce energy consumption by 40-60%. Lighting reduced to emergency and security circuits only. Access control switches to restricted mode — only pre-authorised cards accepted at main entrance. Fire systems remain fully active (life-safety cannot be degraded). Security patrols trigger temporary zone activation via PIR sensors. Entry condition: occupancy counter below threshold for 30 minutes. Exit condition: first badge-in after 05:30 or manual override by facility manager. |
| Utility grid and demand response interface | 54B77A59 | External system interfacing with Smart Building Management System: national electricity grid via building's 11kV/400V transformer. Smart meter provides real-time consumption data. OpenADR 2.0b interface receives demand response signals from grid operator requesting load shedding during peak periods. BMS responds by adjusting HVAC and lighting loads. Owned by distribution network operator (DNO). Availability: 99.9% (with diesel backup for life-safety). |