Hazard & Risk Analysis (HRA) — ISO/IEC/IEEE 15289 — Report | IEC 61508 Phase 3
Generated 2026-03-27 — UHT Journal / universalhex.org
| Hazard | Severity | Frequency | SIL | Safe State |
|---|---|---|---|---|
| H-001: CO2 enrichment valve failure or sticking causes lethal CO2 accumulation (>40,000ppm) in enclosed growing zone — worker asphyxiation | catastrophic | low | SIL 3 | CO2 injection valves de-energised closed, emergency ventilation at maximum extraction rate, zone entry interlocked with CO2 level below 5000ppm |
| H-002: Nutrient solution leak or irrigation failure causes water accumulation near 400V electrical panels, LED drivers, or pump connections in high-humidity environment — worker electrocution | catastrophic | low | SIL 3 | earth leakage protection trips affected circuit within 30ms, water leak sensors de-energise zone electrical supply, maintenance lockout enforced |
| H-003: pH dosing pump failure causes over-concentrated acid/alkali in nutrient tank (pH <2 or >12); worker skin/eye contact during maintenance or from pressurised line rupture — chemical burns, eye damage | critical | medium | SIL 2 | dosing pumps de-energised, nutrient circulation stopped, tank drain to containment sump, chemical spill alarm activated |
| H-004: HVAC cooling failure combined with high-power LED operation causes zone temperature >45°C; LED driver thermal runaway risk — worker heat stress, crop destruction, potential fire | critical | low | SIL 2 | LED fixtures de-energised, emergency ventilation activated, zone temperature alarm at 35°C with automatic LED power reduction at 38°C |
| H-005: Irrigation valve fails open or tank overflow sensor failure causes uncontrolled water release across multi-storey structure — structural overload on growing racks, electrical shorts on lower floors, slip hazard | critical | medium | SIL 2 | irrigation supply valve closed, zone drain pumps activated, water leak sensors trigger floor-level electrical isolation |
| H-006: Airflow control failure or nutrient recirculation without sterilisation spreads pathogens (Botrytis, Fusarium, Pythium) between zones — multi-zone crop loss, food safety risk | major | medium | SIL 1 | affected zone HVAC dampers closed to isolate airflow, nutrient recirculation stopped for affected zones, UV sterilisation bypass alarm |
| H-007: Remote compromise of network-connected controller modifies environmental setpoints to lethal CO2 levels or destructive conditions — worker safety risk, total crop destruction, business disruption | catastrophic | rare | SIL 2 | hardware safety interlocks on CO2 and temperature operate independently of software controller, network segmentation isolates safety-critical controls from IT network |
| Ref | SIL | Requirement | V&V |
|---|---|---|---|
| IFC-REQ-006 | SIL 3 | The interface between the CO2 Safety Sensor Array and the Safety PLC SHALL use hardwired 4–20mA analog signals (one per sensor channel), with channel-... | Test |
| IFC-REQ-031 | SIL 2 | The interface between the Fixture Thermal Monitoring Array and the Safety Interlock Subsystem SHALL be a normally-closed 24 V DC hardwired signal on t... | Test |
| SUB-REQ-001 | SIL 3 | The CO2 Safety Sensor Array SHALL provide an independent CO2 measurement for each zone, achieving accuracy of ±50 ppm across the 0–10,000 ppm range at... | Test |
| SUB-REQ-002 | SIL 3 | The CO2 Safety Sensor Array SHALL implement 2-out-of-3 (2oo3) voting across three independently powered sensor channels per zone, such that a single s... | Test |
| SUB-REQ-003 | SIL 3 | The Safety PLC SHALL be certified to IEC 61508 SIL 3 using a 2oo2 dual-core architecture with cross-checking, achieving a hardware fault tolerance HFT... | Test |
| SUB-REQ-004 | SIL 3 | The Safety PLC SHALL complete each execution scan within 50 ms, with a hardware watchdog that forces a safe-state transition if scan completion is not... | Test |
| SUB-REQ-005 | SIL 3 | The Voted Logic Engine SHALL evaluate the following trip conditions on every scan and assert the corresponding interlock within the specified response... | Test |
| SUB-REQ-006 | SIL 3 | When any interlock trip condition is asserted, the Safety Interlock Subsystem SHALL transition all affected zone outputs to the safe state within the ... | Demonstration |
| SUB-REQ-007 | SIL 3 | The Hardwired Trip Bus SHALL operate entirely via discrete 24VDC relay circuits independent of any fieldbus (MODBUS, Ethernet, CAN), such that failure... | Inspection |
| SUB-REQ-008 | SIL 1 | The Lockout Tagout Controller SHALL prevent energisation of any zone equipment when a LOTO key for that zone is checked out, and SHALL generate an aud... | Demonstration |
| SUB-REQ-009 | SIL 3 | The Safety PLC SHALL be connected to the process control network via a unidirectional data diode or certified firewall only, such that no inbound netw... | Inspection |
| SUB-REQ-010 | SIL 3 | The Voted Logic Engine SHALL log every interlock state transition — including timestamp (UTC, ±1s accuracy), trigger condition, sensor readings at tim... | Test |
| SUB-REQ-011 | SIL 3 | The Safety Interlock Subsystem SHALL support a periodic proof test sequence at intervals not exceeding 12 months, exercising all CO2 sensor channels, ... | Demonstration |
| SUB-REQ-013 | SIL 0 | The CO2 Injection Controller SHALL accept zone CO2 concentration setpoints in the range 400–2000 ppm at ±1 ppm resolution via Modbus TCP/IP from the S... | Test |
| SUB-REQ-014 | SIL 0 | The CO2 Injection Controller SHALL command all Zone Solenoid Valves to close when any zone CO2 concentration measurement from the Zone NDIR CO2 Sensor... | Test |
| SUB-REQ-016 | SIL 0 | The Zone NDIR CO2 Sensor Array SHALL perform automatic single-point calibration against atmospheric CO2 (nominally 420 ppm) when the grow zone has bee... | Demonstration |
| SUB-REQ-017 | SIL 3 | The Zone Solenoid Valve Array SHALL achieve a de-energised (closed) state within 500 ms of removal of 24VDC supply, with a spring-return mechanism tha... | Test |
| SUB-REQ-018 | SIL 0 | While de-energised, the Zone Solenoid Valve Array SHALL exhibit a seat leakage rate of ≤0.001 cm³/min at 1.5 bar differential pressure, tested per ISO... | Test |
| SUB-REQ-019 | SIL 0 | The CO2 Distribution Manifold SHALL maintain zone injection pressure at 1.5 bar ±0.1 bar via a pressure-reducing valve, with a relief valve set to ope... | Test |
| SUB-REQ-020 | SIL 0 | The CO2 Distribution Manifold wetted surfaces SHALL be constructed from SS316 stainless steel or PTFE, with all joints using face-seal fittings (Swage... | Inspection |
| SUB-REQ-021 | SIL 0 | When a Zone NDIR CO2 Sensor Array fault is detected for a specific zone (output out of range, diagnostic alarm, or communication failure), the CO2 Inj... | Test |
| SUB-REQ-022 | SIL 3 | When the CO2 Enrichment Subsystem receives a safety interlock trip signal via the hardwired de-energise-to-trip relay, all Zone Solenoid Valves SHALL ... | Test |
| SUB-REQ-023 | SIL 0 | The CO2 Injection Controller SHALL operate from a 24VDC ±10% supply at maximum 15W continuous draw, with the supply provided via an uninterruptable po... | Test |
| SUB-REQ-024 | SIL 2 | The EC/pH Sensor Array SHALL measure electrical conductivity in the range 0.1–10.0 mS/cm with accuracy ±0.1 mS/cm and pH in the range 3.0–9.0 with acc... | Test |
| SUB-REQ-025 | SIL 2 | The EC/pH Sensor Array SHALL detect sensor drift or fault conditions — including open-circuit, short-circuit, and out-of-range output — and transmit a... | Test |
| SUB-REQ-026 | SIL 2 | The Dosing Pump Array SHALL deliver each individual pump injection with a stroke volume accuracy of ±1% of commanded volume, with maximum single-strok... | Test |
| SUB-REQ-027 | SIL 2 | The Dosing Pump Array SHALL implement a hardwired cumulative injection counter that monitors total acid and base pump volume delivered within any roll... | Test |
| SUB-REQ-028 | SIL 2 | When the Dosing Pump Array receives a hardwired interlock trip signal from the Safety PLC (IFC-REQ-019 signal path), the Dosing Pump Array SHALL inhib... | Test |
| SUB-REQ-030 | SIL 2 | The Irrigation Controller SHALL detect a stuck-open zone irrigation valve condition within 30 seconds by comparing commanded valve state (closed) agai... | Test |
| SUB-REQ-032 | SIL 2 | The Zone Irrigation Valve Array SHALL use normally-closed solenoid valves that achieve full seat closure within 2 seconds of de-energisation, with EPD... | Test |
| SUB-REQ-037 | SIL 2 | When one EC/pH Sensor Array probe reports a fault in a zone, the Nutrient Management Subsystem SHALL continue closed-loop control of the unaffected me... | Test |
| SUB-REQ-039 | SIL 2 | The Horticultural Lighting Subsystem SHALL maintain zone PPFD within ±5% of the crop recipe PAR setpoint across the 100-600 µmol/m²/s operating range ... | Test |
| SUB-REQ-042 | SIL 2 | When any LED fixture heatsink temperature exceeds 85 degrees C as detected by the Fixture Thermal Monitoring Array hardwired comparator circuit, the H... | Test |
| SUB-REQ-043 | SIL 2 | When any LED fixture heatsink temperature exceeds 75 degrees C, the Lighting Control Unit SHALL reduce LED power in the affected zone by 5% of current... | Test |
| SUB-REQ-045 | SIL 2 | When the emergency shutdown signal is asserted on the Safety Interlock hardwired trip bus, the Horticultural Lighting Subsystem SHALL de-energise all ... | Test |
| SUB-REQ-076 | SIL 2 | The CO2 Enrichment Subsystem SHALL incorporate an independent safety-rated CO2 sensor, certified to IEC 61508 SIL-2, operating on a separate power sup... | Test |
| SYS-REQ-007 | SIL 2 | When pH dosing pump cumulative injection exceeds 5% of tank volume within any 10-minute window without pH reaching the target band, the Vertical Farm ... | Test |
| SYS-REQ-008 | SIL 2 | When a zone HVAC compressor trips, the Vertical Farm Environment Controller SHALL automatically reduce LED power in the affected zone by at least 40% ... | Test |
| SYS-REQ-009 | SIL 2 | When LED fixture surface temperature exceeds 85°C or zone temperature exceeds 38°C, the Vertical Farm Environment Controller SHALL de-energise affecte... | Test |
| SYS-REQ-010 | SIL 2 | The Vertical Farm Environment Controller SHALL detect irrigation valve stuck-open conditions within 30 seconds using flow meter feedback and close the... | Test |
| SYS-REQ-013 | SIL 3 | The Vertical Farm Environment Controller SHALL execute the emergency shutdown sequence (CO2 valve closure, emergency ventilation, non-essential load d... | Test |
| SYS-REQ-014 | SIL 1 | The Vertical Farm Environment Controller SHALL isolate zone airflow (HVAC dampers closed) and nutrient recirculation when pathogen contamination is de... | Test |
| VER-REQ-001 | SIL 3 | Verify IFC-REQ-006: With three CO2 sensor channels connected to the Safety PLC, inject calibrated CO2 concentration levels at 0 ppm, 2500 ppm, 5000 pp... | Test |
| VER-REQ-002 | SIL 3 | Verify IFC-REQ-007: With the Safety PLC in test mode, de-energise each relay coil output in sequence; confirm the corresponding final element moves to... | Test |
| VER-REQ-003 | SIL 3 | Verify SUB-REQ-005 (end-to-end integration): In a commissioned zone with live sensors, inject CO2 test gas at 5100 ppm to safety sensor channels; meas... | Test |
| VER-REQ-004 | SIL 3 | Verify SUB-REQ-001: Expose three CO2 Safety Sensor Array channels to NIST-traceable calibration gas at 0, 1000, 2500, 5000, and 9000 ppm; record each ... | Test |
| VER-REQ-009 | SIL 3 | Verify CO2 Enrichment Subsystem end-to-end (system integration test): with all subsystems connected in a live test environment, command a zone CO2 set... | Test |
| VER-REQ-011 | SIL 2 | Verify IFC-REQ-027: Command zone irrigation valve to open via Irrigation Controller 24VAC output; confirm reed-switch position feedback indicates open... | Test |
| VER-REQ-012 | SIL 2 | Verify SUB-REQ-027 (Dosing Pump Array hardwired watchdog): Command a series of pH-down pump injections totalling 4.5% of tank volume in 8 minutes; con... | Test |
| VER-REQ-013 | SIL 2 | Verify Nutrient Management Subsystem end-to-end (system integration test): with all NMS components connected in a live test environment, set zone reci... | Test |
| VER-REQ-015 | SIL 2 | Verify SUB-REQ-042: In a test rig with a zone LED Driver Module Array energised and the Fixture Thermal Monitoring Array comparator circuit connected,... | Test |
| VER-REQ-017 | SIL 2 | Verify IFC-REQ-031: With the Fixture Thermal Monitoring Array trip bus connected to the Safety Interlock hardwired trip input, simulate open-circuit, ... | Test |
| VER-REQ-019 | SIL 3 | Verify SUB-REQ-017: de-energise zone solenoid valve from fully-open state and measure time to full closure via position feedback; test at 0°C, 20°C, a... | Test |
| VER-REQ-020 | SIL 3 | Verify SUB-REQ-022: simulate safety interlock trip by removing 24VDC trip relay signal; verify all zone valves close within 500 ms via position feedba... | Test |
Goal Structuring Notation per GSN Community Standard v3. Top goal decomposes into hazard mitigation sub-goals, each supported by SIL-allocated requirements and verification evidence.
flowchart TD
G0["<b>G0: Top Goal</b><br/>Vertical Farm Environment Controller is acceptably safe"]
S0{"<b>S0: Strategy</b><br/>Argument by hazard<br/>mitigation per IEC 61508"}
G0 --> S0
G1["<b>G1: H-001</b><br/>CO2 enrichment valve failure or sticking causes lethal CO2 a...<br/>SIL 3"]
S0 --> G1
G2["<b>G2: H-002</b><br/>Nutrient solution leak or irrigation failure causes water ac...<br/>SIL 3"]
S0 --> G2
Sn1_0(["<b>SUB-REQ-042</b>"])
G2 --> Sn1_0
G3["<b>G3: H-003</b><br/>pH dosing pump failure causes over-concentrated acid/alkali ...<br/>SIL 2"]
S0 --> G3
Sn2_0(["<b>SYS-REQ-007</b>"])
G3 --> Sn2_0
G4["<b>G4: H-004</b><br/>HVAC cooling failure combined with high-power LED operation ...<br/>SIL 2"]
S0 --> G4
Sn3_0(["<b>SYS-REQ-008</b>"])
G4 --> Sn3_0
Sn3_1(["<b>SYS-REQ-009</b>"])
G4 --> Sn3_1
G5["<b>G5: H-005</b><br/>Irrigation valve fails open or tank overflow sensor failure ...<br/>SIL 2"]
S0 --> G5
Sn4_0(["<b>SYS-REQ-010</b>"])
G5 --> Sn4_0
G6["<b>G6: H-006</b><br/>Airflow control failure or nutrient recirculation without st...<br/>SIL 1"]
S0 --> G6
Sn5_0(["<b>SYS-REQ-014</b>"])
G6 --> Sn5_0
G7["<b>G7: H-007</b><br/>Remote compromise of network-connected controller modifies e...<br/>SIL 2"]
S0 --> G7 Machine-readable safety case structure. Import into GSN tools (Astah GSN, ASCE, NOR-STA).
# GSN Safety Case — Vertical Farm Environment Controller
# Generated 2026-03-27
# Goal Structuring Notation (GSN) per GSN Community Standard v3
goals:
G0:
text: "Vertical Farm Environment Controller is acceptably safe"
type: top-goal
supported_by: [S0]
strategies:
S0:
text: "Argument by hazard mitigation per IEC 61508"
supported_by: [G1, G2, G3, G4, G5, G6, G7]
G1:
text: "H-001: CO2 enrichment valve failure or sticking causes lethal CO2 accumulation (>40,000ppm) in enclosed growing zone — worker asphyxiation"
sil: 3
safe_state: "CO2 injection valves de-energised closed, emergency ventilation at maximum extraction rate, zone entry interlocked with CO2 level below 5000ppm"
supported_by: []
evidence: []
G2:
text: "H-002: Nutrient solution leak or irrigation failure causes water accumulation near 400V electrical panels, LED drivers, or pump connections in high-humidity environment — worker electrocution"
sil: 3
safe_state: "earth leakage protection trips affected circuit within 30ms, water leak sensors de-energise zone electrical supply, maintenance lockout enforced"
supported_by: [SUB-REQ-042]
evidence: [VER-REQ-015]
G3:
text: "H-003: pH dosing pump failure causes over-concentrated acid/alkali in nutrient tank (pH <2 or >12); worker skin/eye contact during maintenance or from pressurised line rupture — chemical burns, eye damage"
sil: 2
safe_state: "dosing pumps de-energised, nutrient circulation stopped, tank drain to containment sump, chemical spill alarm activated"
supported_by: [SYS-REQ-007]
evidence: []
G4:
text: "H-004: HVAC cooling failure combined with high-power LED operation causes zone temperature >45°C; LED driver thermal runaway risk — worker heat stress, crop destruction, potential fire"
sil: 2
safe_state: "LED fixtures de-energised, emergency ventilation activated, zone temperature alarm at 35°C with automatic LED power reduction at 38°C"
supported_by: [SYS-REQ-008, SYS-REQ-009]
evidence: []
G5:
text: "H-005: Irrigation valve fails open or tank overflow sensor failure causes uncontrolled water release across multi-storey structure — structural overload on growing racks, electrical shorts on lower floors, slip hazard"
sil: 2
safe_state: "irrigation supply valve closed, zone drain pumps activated, water leak sensors trigger floor-level electrical isolation"
supported_by: [SYS-REQ-010]
evidence: []
G6:
text: "H-006: Airflow control failure or nutrient recirculation without sterilisation spreads pathogens (Botrytis, Fusarium, Pythium) between zones — multi-zone crop loss, food safety risk"
sil: 1
safe_state: "affected zone HVAC dampers closed to isolate airflow, nutrient recirculation stopped for affected zones, UV sterilisation bypass alarm"
supported_by: [SYS-REQ-014]
evidence: []
G7:
text: "H-007: Remote compromise of network-connected controller modifies environmental setpoints to lethal CO2 levels or destructive conditions — worker safety risk, total crop destruction, business disruption"
sil: 2
safe_state: "hardware safety interlocks on CO2 and temperature operate independently of software controller, network segmentation isolates safety-critical controls from IT network"
supported_by: []
evidence: []
solutions:
IFC-REQ-006:
text: "The interface between the CO2 Safety Sensor Array and the Safety PLC SHALL use hardwired 4–20mA analog signals (one per "
verification: Test
sil: 3
IFC-REQ-031:
text: "The interface between the Fixture Thermal Monitoring Array and the Safety Interlock Subsystem SHALL be a normally-closed"
verification: Test
sil: 2
SUB-REQ-001:
text: "The CO2 Safety Sensor Array SHALL provide an independent CO2 measurement for each zone, achieving accuracy of ±50 ppm ac"
verification: Test
sil: 3
SUB-REQ-002:
text: "The CO2 Safety Sensor Array SHALL implement 2-out-of-3 (2oo3) voting across three independently powered sensor channels "
verification: Test
sil: 3
SUB-REQ-003:
text: "The Safety PLC SHALL be certified to IEC 61508 SIL 3 using a 2oo2 dual-core architecture with cross-checking, achieving "
verification: Test
sil: 3
SUB-REQ-004:
text: "The Safety PLC SHALL complete each execution scan within 50 ms, with a hardware watchdog that forces a safe-state transi"
verification: Test
sil: 3
SUB-REQ-005:
text: "The Voted Logic Engine SHALL evaluate the following trip conditions on every scan and assert the corresponding interlock"
verification: Test
sil: 3
SUB-REQ-006:
text: "When any interlock trip condition is asserted, the Safety Interlock Subsystem SHALL transition all affected zone outputs"
verification: Demonstration
sil: 3
SUB-REQ-007:
text: "The Hardwired Trip Bus SHALL operate entirely via discrete 24VDC relay circuits independent of any fieldbus (MODBUS, Eth"
verification: Inspection
sil: 3
SUB-REQ-008:
text: "The Lockout Tagout Controller SHALL prevent energisation of any zone equipment when a LOTO key for that zone is checked "
verification: Demonstration
sil: 1
SUB-REQ-009:
text: "The Safety PLC SHALL be connected to the process control network via a unidirectional data diode or certified firewall o"
verification: Inspection
sil: 3
SUB-REQ-010:
text: "The Voted Logic Engine SHALL log every interlock state transition — including timestamp (UTC, ±1s accuracy), trigger con"
verification: Test
sil: 3
SUB-REQ-011:
text: "The Safety Interlock Subsystem SHALL support a periodic proof test sequence at intervals not exceeding 12 months, exerci"
verification: Demonstration
sil: 3
SUB-REQ-013:
text: "The CO2 Injection Controller SHALL accept zone CO2 concentration setpoints in the range 400–2000 ppm at ±1 ppm resolutio"
verification: Test
sil: 0
SUB-REQ-014:
text: "The CO2 Injection Controller SHALL command all Zone Solenoid Valves to close when any zone CO2 concentration measurement"
verification: Test
sil: 0
SUB-REQ-016:
text: "The Zone NDIR CO2 Sensor Array SHALL perform automatic single-point calibration against atmospheric CO2 (nominally 420 p"
verification: Demonstration
sil: 0
SUB-REQ-017:
text: "The Zone Solenoid Valve Array SHALL achieve a de-energised (closed) state within 500 ms of removal of 24VDC supply, with"
verification: Test
sil: 3
SUB-REQ-018:
text: "While de-energised, the Zone Solenoid Valve Array SHALL exhibit a seat leakage rate of ≤0.001 cm³/min at 1.5 bar differe"
verification: Test
sil: 0
SUB-REQ-019:
text: "The CO2 Distribution Manifold SHALL maintain zone injection pressure at 1.5 bar ±0.1 bar via a pressure-reducing valve, "
verification: Test
sil: 0
SUB-REQ-020:
text: "The CO2 Distribution Manifold wetted surfaces SHALL be constructed from SS316 stainless steel or PTFE, with all joints u"
verification: Inspection
sil: 0
SUB-REQ-021:
text: "When a Zone NDIR CO2 Sensor Array fault is detected for a specific zone (output out of range, diagnostic alarm, or commu"
verification: Test
sil: 0
SUB-REQ-022:
text: "When the CO2 Enrichment Subsystem receives a safety interlock trip signal via the hardwired de-energise-to-trip relay, a"
verification: Test
sil: 3
SUB-REQ-023:
text: "The CO2 Injection Controller SHALL operate from a 24VDC ±10% supply at maximum 15W continuous draw, with the supply prov"
verification: Test
sil: 0
SUB-REQ-024:
text: "The EC/pH Sensor Array SHALL measure electrical conductivity in the range 0.1–10.0 mS/cm with accuracy ±0.1 mS/cm and pH"
verification: Test
sil: 2
SUB-REQ-025:
text: "The EC/pH Sensor Array SHALL detect sensor drift or fault conditions — including open-circuit, short-circuit, and out-of"
verification: Test
sil: 2
SUB-REQ-026:
text: "The Dosing Pump Array SHALL deliver each individual pump injection with a stroke volume accuracy of ±1% of commanded vol"
verification: Test
sil: 2
SUB-REQ-027:
text: "The Dosing Pump Array SHALL implement a hardwired cumulative injection counter that monitors total acid and base pump vo"
verification: Test
sil: 2
SUB-REQ-028:
text: "When the Dosing Pump Array receives a hardwired interlock trip signal from the Safety PLC (IFC-REQ-019 signal path), the"
verification: Test
sil: 2
SUB-REQ-030:
text: "The Irrigation Controller SHALL detect a stuck-open zone irrigation valve condition within 30 seconds by comparing comma"
verification: Test
sil: 2
SUB-REQ-032:
text: "The Zone Irrigation Valve Array SHALL use normally-closed solenoid valves that achieve full seat closure within 2 second"
verification: Test
sil: 2
SUB-REQ-037:
text: "When one EC/pH Sensor Array probe reports a fault in a zone, the Nutrient Management Subsystem SHALL continue closed-loo"
verification: Test
sil: 2
SUB-REQ-039:
text: "The Horticultural Lighting Subsystem SHALL maintain zone PPFD within ±5% of the crop recipe PAR setpoint across the 100-"
verification: Test
sil: 2
SUB-REQ-042:
text: "When any LED fixture heatsink temperature exceeds 85 degrees C as detected by the Fixture Thermal Monitoring Array hardw"
verification: Test
sil: 2
SUB-REQ-043:
text: "When any LED fixture heatsink temperature exceeds 75 degrees C, the Lighting Control Unit SHALL reduce LED power in the "
verification: Test
sil: 2
SUB-REQ-045:
text: "When the emergency shutdown signal is asserted on the Safety Interlock hardwired trip bus, the Horticultural Lighting Su"
verification: Test
sil: 2
SUB-REQ-076:
text: "The CO2 Enrichment Subsystem SHALL incorporate an independent safety-rated CO2 sensor, certified to IEC 61508 SIL-2, ope"
verification: Test
sil: 2
SYS-REQ-007:
text: "When pH dosing pump cumulative injection exceeds 5% of tank volume within any 10-minute window without pH reaching the t"
verification: Test
sil: 2
SYS-REQ-008:
text: "When a zone HVAC compressor trips, the Vertical Farm Environment Controller SHALL automatically reduce LED power in the "
verification: Test
sil: 2
SYS-REQ-009:
text: "When LED fixture surface temperature exceeds 85°C or zone temperature exceeds 38°C, the Vertical Farm Environment Contro"
verification: Test
sil: 2
SYS-REQ-010:
text: "The Vertical Farm Environment Controller SHALL detect irrigation valve stuck-open conditions within 30 seconds using flo"
verification: Test
sil: 2
SYS-REQ-013:
text: "The Vertical Farm Environment Controller SHALL execute the emergency shutdown sequence (CO2 valve closure, emergency ven"
verification: Test
sil: 3
SYS-REQ-014:
text: "The Vertical Farm Environment Controller SHALL isolate zone airflow (HVAC dampers closed) and nutrient recirculation whe"
verification: Test
sil: 1
VER-REQ-001:
text: "Verify IFC-REQ-006: With three CO2 sensor channels connected to the Safety PLC, inject calibrated CO2 concentration leve"
verification: Test
sil: 3
VER-REQ-002:
text: "Verify IFC-REQ-007: With the Safety PLC in test mode, de-energise each relay coil output in sequence; confirm the corres"
verification: Test
sil: 3
VER-REQ-003:
text: "Verify SUB-REQ-005 (end-to-end integration): In a commissioned zone with live sensors, inject CO2 test gas at 5100 ppm t"
verification: Test
sil: 3
VER-REQ-004:
text: "Verify SUB-REQ-001: Expose three CO2 Safety Sensor Array channels to NIST-traceable calibration gas at 0, 1000, 2500, 50"
verification: Test
sil: 3
VER-REQ-009:
text: "Verify CO2 Enrichment Subsystem end-to-end (system integration test): with all subsystems connected in a live test envir"
verification: Test
sil: 3
VER-REQ-011:
text: "Verify IFC-REQ-027: Command zone irrigation valve to open via Irrigation Controller 24VAC output; confirm reed-switch po"
verification: Test
sil: 2
VER-REQ-012:
text: "Verify SUB-REQ-027 (Dosing Pump Array hardwired watchdog): Command a series of pH-down pump injections totalling 4.5% of"
verification: Test
sil: 2
VER-REQ-013:
text: "Verify Nutrient Management Subsystem end-to-end (system integration test): with all NMS components connected in a live t"
verification: Test
sil: 2
VER-REQ-015:
text: "Verify SUB-REQ-042: In a test rig with a zone LED Driver Module Array energised and the Fixture Thermal Monitoring Array"
verification: Test
sil: 2
VER-REQ-017:
text: "Verify IFC-REQ-031: With the Fixture Thermal Monitoring Array trip bus connected to the Safety Interlock hardwired trip "
verification: Test
sil: 2
VER-REQ-019:
text: "Verify SUB-REQ-017: de-energise zone solenoid valve from fully-open state and measure time to full closure via position "
verification: Test
sil: 3
VER-REQ-020:
text: "Verify SUB-REQ-022: simulate safety interlock trip by removing 24VDC trip relay signal; verify all zone valves close wit"
verification: Test
sil: 3