Concept of Operations (ConOps) — ISO/IEC/IEEE 15289 — Description | IEEE 29148 §6.1
Generated 2026-03-27 — UHT Journal / universalhex.org
Commercial vertical farms face a fundamental control challenge: maintaining precise, zone-specific environmental conditions across multiple growing levels where temperature, humidity, light spectrum, CO2 concentration, and nutrient delivery must be independently controlled per crop recipe, 24/7, with tight tolerances that directly determine yield economics. Without an integrated environment controller, operators rely on disconnected subsystems — standalone HVAC, manual nutrient mixing, fixed lighting schedules — leading to crop losses from environmental drift, energy waste from uncoordinated actuator operation, and inability to scale beyond a single growing room. The Vertical Farm Environment Controller exists to close the loop between environmental sensing, crop growth models, and actuator coordination across an entire multi-storey facility, enabling consistent crop quality at commercial scale while minimising energy consumption and operator workload.
| Stakeholder | Relationship | Hex Code |
|---|---|---|
| Grower Technician | Primary operator — monitors crops, adjusts recipes, responds to alarms, daily inspections. Derived from Daily Growing Cycle and Sensor Drift scenarios. | 008502A8 |
| Facility Manager | Operations oversight — production scheduling, maintenance planning, energy cost decisions, food safety compliance, worker safety accountability. Derived from HVAC Failure and Crop Changeover scenarios. | — |
| Maintenance Technician | Preventive/corrective maintenance — HVAC, LEDs, sensors, pumps, CO2 system. Sensor calibration, actuator testing, lockout/tagout. Derived from Maintenance mode and Sensor Drift scenario. | — |
| Harvest Crew Worker | Manual harvesting and zone cleaning — non-technical, enters controlled zones, safety depends on controller maintaining safe conditions (CO2, temperature). Derived from Crop Changeover and Emergency scenarios. | — |
| Food Safety Auditor | External certification auditor — requires environmental data logs, HACCP records, sanitisation records, tamper-evident audit trails. 1-2 audits/year. Derived from regulatory compliance requirements. | — |
| Energy Utility/Grid Operator | Electricity provider — imposes demand charges, time-of-use tariffs, demand-response requests. Farm is 500kW-2MW load. Controller must manage peak demand coordination. | — |
| Controls System Integrator | Commissions, configures, maintains control system — PID tuning, alarm config, firmware updates, network architecture. Engineering-level access. Lifecycle stakeholder. | — |
| Mode | Description |
|---|---|
| Startup/Initialisation | Power-on or controller restart → sensor self-test and calibration, communication bus establishment, actuators to safe defaults, watchdog arming → operator acknowledges readiness, all sensors valid → transition to Normal Operation |
| Normal Operation | Operator acknowledgement after startup → closed-loop control of temperature, humidity, CO2, lighting, nutrients, irrigation per zone-specific crop recipes; energy optimisation layer active; 1-min data logging → fault detection, operator command, or maintenance window triggers exit |
| Degraded Operation | Sensor/actuator fault detected → affected zones switch to conservative setpoints with wider deadbands, reduced CO2 enrichment; operator alerted with fault codes and crop impact estimate; auto-recovery attempted with backoff → fault cleared and recalibrated, or operator escalates to Maintenance |
| Emergency Shutdown | Safety interlock trigger (CO2 >5000ppm, water leak near electrics, fire alarm) or E-stop → CO2 valves closed, emergency ventilation max, non-essential loads de-energised, emergency dampers open, audible/visual alarms → operator reset with physical key and software ack (two-person rule) after hazard clearance |
| Maintenance | Operator schedules window or escalates from degraded → zone isolated, actuators locked out, adjacent zones hold safe defaults, sensor calibration routines enabled, local HMI override with logging → maintenance complete, sensors recalibrated, actuators tested, operator sign-off → Startup for affected zone |
| Harvest/Crop Changeover | Crop maturity reached → lighting ramp-down, nutrient drain/flush, irrigation sanitisation cycle, temperature adjusted for worker comfort → manual harvest → new crop recipe loaded, zone setpoints reconfigured, actuator verification → germination phase active |
Grower technician arrives 06:00 day shift, 5-floor 8-zone facility. Controller transitions from dark-period (lights off, 18°C, ambient CO2) to photoperiod (lights ramp zone-by-zone over 15min, 24°C, 1200ppm CO2). Technician reviews dashboard — all zones nominal, Zone 3 basil at 82% RH auto-compensated by increased fan speed. Technician adjusts Zone 5 lettuce PAR from 350→400 µmol/m²/s based on growth analytics. Nutrient tanks auto-topped at 14:00 from stock solution. End of photoperiod at 22:00: lights ramp down, temperature reduces, CO2 enrichment stops. Night crew monitors via remote dashboard. Triggers: photoperiod timer, nutrient level sensors, growth recipe stage transitions. Failure modes: sensor drift causing gradual setpoint error, communication loss to zone controller.
Peak summer 14:00, outside 35°C. Zone 4 HVAC compressor trips high-head-pressure. Temperature rising past 26°C. Controller auto-response: reduces Zone 4 LEDs 40%, increases extraction fan, sends SMS/dashboard alarm to facility manager. Adjacent zones see +1°C — controller compensates with 10% more HVAC. Manager decides degraded mode (30°C, reduced photoperiod) until spare compressor arrives next day. Controller logs estimated yield impact: 8% reduction for 24-hour thermal excursion on Zone 4 lettuce crop. Failure modes: second HVAC unit fails (cascading), temperature sensor reads low masking overheating.
02:00, night shift remote monitoring. CO2 bulk tank regulator fails — uncontrolled release into Zone 2. Sensor reads 8000ppm rising. Controller emergency shutdown: CO2 solenoid closes (fail-closed), max ventilation, zone doors locked with warnings, facility alarm. Independent hardwired interlock at 5000ppm as backup. Night operator receives critical alarm, calls emergency coordinator. Full ventilation runs ~45min until CO2 <1000ppm all zones. Two-person reset: physical key + software ack. Post-incident: regulator inspected, CO2 system pressure-tested before re-enabling enrichment. Failure modes: CO2 sensor saturated and reads max-scale (controller must treat as unsafe), solenoid valve fails open (hardwired interlock is independent backup).
Over 2 weeks, Zone 6 pH sensor drifts +0.3 from mineral fouling. Actual pH drops to 5.0 causing iron/manganese toxicity. Technician spots leaf chlorosis during inspection, cross-checks with portable meter. Enters maintenance mode: dosing stopped, lines flushed, probe cleaned and recalibrated, calibration event logged. Solution dumped and remixed. 4-hour maintenance window, then return to normal. Failure modes: drift too slow for rate-of-change alarm, EC sensor also drifting masking the nutrient imbalance. Cross-domain insight: analogous to process analyser drift in water treatment plants where redundant sensors are standard practice.
Zone 1 lettuce day 35 harvest scheduled Tuesday. Monday evening pre-harvest: reduced photoperiod, EC flush, 16°C. Tuesday 06:00: harvest crew enters, controller to worker-comfort mode (22°C, 50% white light, CO2 off). Post-harvest: peracetic acid sanitisation flush (30min contact), rinse, media replacement. New recipe loaded (baby spinach 28-day, 14/10 photoperiod). Zone startup sequence: sensor check, actuator test, germination parameters. Failure modes: sanitisation chemical residue if rinse incomplete — EC/pH sensors verify clean water before new crop; wrong recipe loaded for zone.
| Category | Constraint |
|---|---|
| Physical | Operating temperature 18-28°C in growing zones, control cabinets in technical rooms at 15-35°C. Humidity 60-85% RH in zones (condensation risk on electronics). Zone-mounted sensors require IP65 minimum. Vibration from HVAC compressors up to 0.5g at mounting points. |
| Electromagnetic | LED drivers generate significant EMI at switching frequencies (50-200kHz). Variable-speed drives on HVAC fans and pumps produce conducted and radiated emissions. Controller must comply with EN 61326-1 (industrial EMC) and maintain immunity to ESD, EFT, and surge per IEC 61000-4 series. |
| Power | Three-phase 400V supply for HVAC and pumps, single-phase 230V for control systems. Total facility load 500kW-2MW. UPS required for control system (minimum 30-minute ride-through for graceful shutdown). Generator backup for critical safety systems. |
| Network | Ethernet backbone between zone controllers and central server (1Gbps). Field-level bus for sensors/actuators (Modbus RTU/TCP or BACnet). Cloud connectivity for remote monitoring (encrypted VPN). Cybersecurity per IEC 62443 for industrial control systems. |
| Regulatory | Food safety — HACCP principles, BRCGS/SQF certification for data logging and traceability. Worker safety — OSHA/HSE CO2 limits (5000ppm TWA, 30000ppm STEL), electrical safety per IEC 60204-1. Environmental — waste nutrient discharge regulations, chemical storage for pH adjustment chemicals. |
| Operational tempo | 24/7 continuous operation, 365 days/year. Crop cycles 21-42 days. Maintenance windows scheduled around crop cycles. Peak electrical demand during 16-18hr photoperiod. Harvest changeover every 3-6 weeks per zone on staggered schedule. |
| System | Interface | Hex Code |
|---|---|---|
| Building Management System | BACnet/IP, bidirectional — receives fire alarm status and weather data, provides energy consumption metrics. Owned by building operator. Update rate: event-driven for alarms, 5-minute polling for energy data. | 51F77B58 |
| Crop Planning/ERP Software | REST API (JSON), bidirectional — receives crop recipes and zone scheduling, provides environmental logs and harvest data. Owned by farm operator. Cloud-hosted, requires internet connectivity. | — |
| Energy Management/Smart Grid | OpenADR 2.0 for demand-response signals, Modbus TCP for local metering — receives pricing signals, DR requests, renewable availability; provides load forecasts and curtailment confirmation. Owned by utility/aggregator. | — |
| Cloud Monitoring Platform | MQTT/TLS or HTTPS — pushes 1-minute telemetry (sensors, actuators, alarms); receives anomaly alerts, growth predictions, configuration updates. Owned by controller vendor or farm IT. Requires internet, operates degraded-local if connectivity lost. | — |
| CO2 Bulk Supply System | 4-20mA for tank level and pressure, digital output for zone solenoid valves — monitors tank level for reorder trigger, controls enrichment delivery. Owned by gas supplier. Safety-critical: regulator failure drives H-001 hazard. | — |
flowchart TB n0["system<br>Vertical Farm Environment Controller"] n1["actor<br>Grower Technician"] n2["actor<br>Facility Manager"] n3["actor<br>Maintenance Technician"] n4["external<br>Building Management System"] n5["external<br>Crop Planning / ERP"] n6["external<br>Energy Management / Grid"] n7["external<br>Cloud Monitoring Platform"] n8["external<br>CO2 Bulk Supply System"] n9["actor<br>Harvest Crew"] n1 -->|Recipe adjustments, commands| n0 n0 -->|Dashboard, alarms, analytics| n1 n2 -->|Scheduling, overrides| n0 n0 -->|KPI reports, fault alerts| n2 n3 -->|Calibration, lockout, actuator test| n0 n4 -->|Fire alarm, weather data| n0 n0 -->|Energy consumption| n4 n5 -->|Crop recipes, zone schedule| n0 n0 -->|Environmental logs, harvest data| n5 n6 -->|Pricing, DR requests| n0 n0 -->|Load forecasts| n6 n0 -->|Telemetry, sensor data| n7 n7 -->|Anomaly alerts, predictions| n0 n8 -->|Tank level, pressure| n0 n0 -->|Valve control signals| n8 n9 -->|Zone entry/exit| n0 n0 -->|Zone status, safety conditions| n9
Vertical Farm Environment Controller — Context